mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
83d5243cf6
Now that Conn::set_conn is guaranteed to be called at the beginning and at the end of the connection, we can skip re-setting the elements that we know will not have changed. This prevents repeated lookups, e.g. to check that addresses are in the local networks. During `connection_state_remove`, only the duration, number of packets, service, and history fields are updated. local_orig and local_resp are updated when the connection is flipped. A test was added for that purpose. It uses the already existing http.zeek-image-post-1080-8000-x.pcap, which was slightly rewritten for this, so that one side of the connection has IP addresses different from 127.0.0.1. The existing history-flip test also was updated to have one side being in a local-net, to check that the flipping of local_orig and local_resp works correctly at the beginning of a connection.
6 lines
303 B
Text
6 lines
303 B
Text
# @TEST-DOC: This check that local origin/responders are correctly flipped when the flip occurs later in the connection.
|
|
# @TEST-EXEC: zeek -b -C -r $TRACES/http/zeek-image-post-1080-8000-x.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff conn.log
|
|
|
|
@load base/protocols/http
|
|
@load policy/protocols/conn/mac-logging
|