mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
0af57d12b2
This is to avoid missing large sessions where a single side exceeds the DPD buffer size. It comes with the trade-off that now the analyzer can be triggered by anybody controlling one of the endpoints (instead of both). Test suite changes are minor, and nothing in "external". Closes #343.
13 lines
465 B
Text
13 lines
465 B
Text
# @TEST-EXEC: zeek -C -b -r $TRACES/http/http_large_req_8001.pcap %INPUT >output
|
|
# @TEST-EXEC: btest-diff output
|
|
#
|
|
# @TEST-DOC: Tests our DPD signatures with a session where one side exceeds the DPD buffer size.
|
|
|
|
@load base/protocols/conn
|
|
@load base/protocols/http
|
|
@load base/frameworks/dpd
|
|
|
|
event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
|
|
{
|
|
print "http_request", version, method, original_URI;
|
|
}
|