mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
54 lines
1.3 KiB
Text
54 lines
1.3 KiB
Text
# $Id: checkpoint.bro 6724 2009-06-07 09:23:03Z vern $
|
|
#
|
|
# Checkpoints Bro's persistent state at regular intervals and scans
|
|
# the state directory for external updates.
|
|
|
|
const state_rescan_interval = 15 secs &redef;
|
|
const state_checkpoint_interval = 15 min &redef;
|
|
|
|
# Services for which the internal connection state is stored.
|
|
const persistent_services = {
|
|
21/tcp, # ftp
|
|
22/tcp, # ssh
|
|
23/tcp, # telnet
|
|
513/tcp, # rlogin
|
|
} &redef;
|
|
|
|
# The first timer fires immediately. This flags lets us ignore it.
|
|
global state_ignore_first = T;
|
|
|
|
event state_checkpoint()
|
|
{
|
|
if ( state_ignore_first )
|
|
state_ignore_first = F;
|
|
|
|
else if ( ! bro_is_terminating() )
|
|
checkpoint_state();
|
|
|
|
if ( state_checkpoint_interval > 0 secs )
|
|
schedule state_checkpoint_interval { state_checkpoint() };
|
|
}
|
|
|
|
event state_rescan()
|
|
{
|
|
rescan_state();
|
|
|
|
if ( state_rescan_interval > 0 secs )
|
|
schedule state_rescan_interval { state_rescan() };
|
|
}
|
|
|
|
event bro_init()
|
|
{
|
|
if ( state_checkpoint_interval > 0 secs )
|
|
schedule state_checkpoint_interval { state_checkpoint() };
|
|
|
|
if ( state_rescan_interval > 0 secs )
|
|
schedule state_rescan_interval { state_rescan() };
|
|
}
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
# Buggy?
|
|
# if ( c$id$resp_p in persistent_services )
|
|
# make_connection_persistent(c);
|
|
}
|