mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
83d5243cf6
Now that Conn::set_conn is guaranteed to be called at the beginning and at the end of the connection, we can skip re-setting the elements that we know will not have changed. This prevents repeated lookups, e.g. to check that addresses are in the local networks. During `connection_state_remove`, only the duration, number of packets, service, and history fields are updated. local_orig and local_resp are updated when the connection is flipped. A test was added for that purpose. It uses the already existing http.zeek-image-post-1080-8000-x.pcap, which was slightly rewritten for this, so that one side of the connection has IP addresses different from 127.0.0.1. The existing history-flip test also was updated to have one side being in a local-net, to check that the flipping of local_orig and local_resp works correctly at the beginning of a connection.
8 lines
322 B
Text
8 lines
322 B
Text
# @TEST-DOC: Check that connection flip appears in history. Also check that local-orig is flipped correctly.
|
|
# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/missing-syn.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff conn.log
|
|
|
|
@load base/protocols/http
|
|
@load policy/protocols/conn/mac-logging
|
|
|
|
redef Site::local_nets = { 125.190.109.0/24 };
|