zeek/scripts/base/frameworks/dpd at 0968322c5f59243b2b807683207720e1ef85cc60 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

History

Benjamin Bannier 396fb89504 Remove use of fallible `get_conn_transport_proto` in `analyzer_violation`. When setting up the DPD info we previously would get the `transport_proto` for the connection with `get_conn_transport_proto`. This function takes a `conn_id` and would fail fatally if the connection for the given ID was unknown. It seems it was possible to run into such scenarios when the `analyzer_violation` event was processed after the connection had been cleaned up. We now get the `transport_proto` directly from the ports in the `connection` passed into `analyzer_violation` via `get_port_transport_proto` which cannot fail.		2022-07-19 12:20:45 +02:00
..
__load__.zeek	Rename all scripts to have ".zeek" file extension	2019-04-11 21:12:40 -05:00
main.zeek	Remove use of fallible `get_conn_transport_proto` in `analyzer_violation`.	2022-07-19 12:20:45 +02:00
README	Add README files for most Bro frameworks	2013-10-11 00:19:37 -05:00

The DPD (dynamic protocol detection) activates port-independent protocol
detection and selectively disables analyzers if protocol violations occur.