Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
14986 commits 385 branches 195 tags 258 MiB
Commit graph

3 commits

Author SHA1 Message Date
Arne Welzel
38e226bf75 http: Prevent script errors when http$current_entity is not set 
The current_entity tracking in HTTP assumes that client/server never
send HTTP entities at the same time. The attached pcap (generated
artificially) violates this and triggers:

    1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity)

For the http-no-crlf test, include weird.log as baseline. Now that weird is
@load'ed from http, it is actually created and seems to make sense
to btest-diff it, too.
 2022-09-26 10:18:24 +02:00
Arne Welzel
654fd9c7da Remove @load base/frameworks/dpd from tests 
Now that it's loaded in bare mode, no need to load it explicitly.

The main thing that tests were relying on seems to be tracking of
c$service for conn.log baselines. Very few were actually checking
for dpd.log
 2022-08-31 17:00:55 +02:00
jerome Grandvalet
8cabecec40 Fix HTTP evasion 
- Happen when there is no CRLF at the end of HTTP
    - Fix by adding CRLF when packet is complete (in relation to content-length in header)
 2021-07-23 09:28:29 +02:00