mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
3a320fc6b6
There's a logic error in the packet analyzer's AnalyzerConfirmation() method that causes analyzer_confirmation() events to be raised for every packet rather than stopping after the first confirmation which appears to have been the intention. This affects, for example, VXLAN and Geneve tunnels. The optional arg_tag parameter was used for short-circuit'ing, but the return value of GetAnalyzerTag() used for setting the session state causing the disconnect. In scenarios where Zeek receives purely tunneled monitoring traffic, this may result in a non-negligible performance impact. Somewhat related, ensure the session state is set to violated before short-circuiting if no analyzer_violations are installed. Suggesting this as a 5.0.3 candidate.
11 lines
1,012 B
Text
11 lines
1,012 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path http
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
|
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
|
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.11.201 40354 54.86.237.188 80 1 GET eu.httpbin.org /image/svg - 1.1 curl/7.76.1 - 0 8984 200 OK - - (empty) - - - - - - FTKnz016WapPYpNaxl - text/plain
|
|
#close XXXX-XX-XX-XX-XX-XX
|