mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
7ef431808d
This has no user-facing changes. It makes the internal handling of rules much easier (no crazy duplicate rules in case our rules are added to several backends). It also fixes several open ends and small bugs in the process.
31 lines
855 B
Text
31 lines
855 B
Text
# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
|
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
|
|
|
|
@load base/frameworks/netcontrol
|
|
|
|
event NetControl::init()
|
|
{
|
|
local netcontrol_debug = NetControl::create_debug(T);
|
|
NetControl::activate(netcontrol_debug, 0);
|
|
}
|
|
|
|
module NetControl;
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
local id = c$id;
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
# second one should be ignored because duplicate
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
|
|
# mean call directly into framework - simulate new connection
|
|
delete current_blocks[id$orig_h];
|
|
check_conn(id$orig_h);
|
|
delete current_blocks[id$orig_h];
|
|
check_conn(id$orig_h);
|
|
delete current_blocks[id$orig_h];
|
|
check_conn(id$orig_h);
|
|
delete current_blocks[id$orig_h];
|
|
check_conn(id$orig_h);
|
|
}
|
|
|