Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts
History
Arne Welzel 6517ed94f2 smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 
This patch does two things:

1) For SMB close requests, tear down any associated DCE-RPC
   analyzer if one exists.

2) Protect from fid_to_analyzer_map growing unbounded by introducing a
   new SMB::max_dce_rpc_analyzers limit and forcefully wipe the
   analyzers if exceeded. Propagate this to script land as event
   smb_discarded_dce_rpc_analyzers() for additional cleanup.

This is mostly to fix how the binpac SMB analyzer tracks individual
DCE-RPC analyzers per open fid. Connections that re-open the same or
different pipe may currently allocate unbounded number of analyzers.

Closes #3145.
2023-06-30 15:14:32 +02:00
..
base smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
policy telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00
site telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00
spicy Simplify code generated for Spicy analyzer port ranges. 2023-05-29 12:20:44 +02:00
zeekygen Remove full scripts marked as 6.1 deprecations 2023-06-14 10:07:22 -07:00
CMakeLists.txt Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
test-all-policy.zeek telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00