mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
31b548babc
A user reported being confused about the fuid association of subsequent FTP commands when a data transfer has completed. It seems reasonable to unset fuid upon logging a FTP command which had a fuid. The current behavior results in the PORT or PASV commands after a RETR or STOR to have the fuid of the prior file transfer. Similarly, any CWD or DEL commands following a file transfer will unnecessarily be logged with the fuid of the prior file transfer. This tickles the baselines for the private testing PCAP a lot, primarily because there data connections in that pcap are never established properly. E.g, the fuids FzDzid1Dxm9srVKHXf and FEfYX73q5C6GEQZXX9 have been re-used for multiple commands. This may look like we're losing information, but the fuids vanishing in the normal btests belong to a LIST command that isn't logged by default into ftp.log. If it was, the fuid would be attached to it. |
||
|---|---|---|
| .. | ||
| base | ||
| policy | ||
| site | ||
| spicy | ||
| zeekygen | ||
| CMakeLists.txt | ||
| test-all-policy.zeek | ||