Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/frameworks
History
Arne Welzel 6517ed94f2 smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 
This patch does two things:

1) For SMB close requests, tear down any associated DCE-RPC
   analyzer if one exists.

2) Protect from fid_to_analyzer_map growing unbounded by introducing a
   new SMB::max_dce_rpc_analyzers limit and forcefully wipe the
   analyzers if exceeded. Propagate this to script land as event
   smb_discarded_dce_rpc_analyzers() for additional cleanup.

This is mostly to fix how the binpac SMB analyzer tracks individual
DCE-RPC analyzers per open fid. Connections that re-open the same or
different pipe may currently allocate unbounded number of analyzers.

Closes #3145.
2023-06-30 15:14:32 +02:00
..
analyzer Fix a docstring typo 2023-01-10 18:49:19 -08:00
broker broker/store: Extend SQLiteOptions around data safety and performance 2023-01-30 10:25:37 +01:00
cluster Remove deprecations tagged for v6.1 2023-06-14 10:07:22 -07:00
config Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
control annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
files files: Warn once for missing get_file_handle() 2023-05-19 09:37:51 -07:00
input More bro-to-zeek renaming in scripts and other files 2019-05-16 02:36:41 -05:00
intel Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
logging Remove LogAscii::logdir (6.1 deprecation) 2023-06-14 10:07:22 -07:00
netcontrol all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
notice smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
openflow Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-filter Merge remote-tracking branch 'origin/topic/awelzel/blank-identifer' 2022-10-25 12:36:23 +02:00
reporter Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
signatures Remove script functions marked as unused (6.1 deprecations) 2023-06-14 10:07:22 -07:00
software Remove script functions marked as unused (6.1 deprecations) 2023-06-14 10:07:22 -07:00
spicy Move spicy/misc scripts to policy and clarify purpose. 2023-05-16 10:21:21 +02:00
sumstats Remove script functions marked as unused (6.1 deprecations) 2023-06-14 10:07:22 -07:00
supervisor Remove Supervisor::NodeConfig (6.1 deprecation) 2023-06-14 10:07:22 -07:00
telemetry telemetry: Disable metrics centralization by default 2023-06-21 20:13:55 +02:00
tunnels Add GTPv1 packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00