mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
3a320fc6b6
There's a logic error in the packet analyzer's AnalyzerConfirmation() method that causes analyzer_confirmation() events to be raised for every packet rather than stopping after the first confirmation which appears to have been the intention. This affects, for example, VXLAN and Geneve tunnels. The optional arg_tag parameter was used for short-circuit'ing, but the return value of GetAnalyzerTag() used for setting the session state causing the disconnect. In scenarios where Zeek receives purely tunneled monitoring traffic, this may result in a non-negligible performance impact. Somewhat related, ensure the session state is set to violated before short-circuiting if no analyzer_violations are installed. Suggesting this as a 5.0.3 candidate. |
||
|---|---|---|
| .. | ||
| benchmark/broker | ||
| btest | ||
| coverage | ||
| external | ||
| scripts | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Zeek's correct
operation:
btest/
An ever-growing set of small unit tests testing Zeek's
functionality.
external/
A framework for downloading additional test sets that run more
complex Zeek configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.