mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
d5fd29edcd
While we support initializing records via coercion from an expression
list, e.g.,
local x: X = [$x1=1, $x2=2];
this can sometimes obscure the code to readers, e.g., when assigning to
value declared and typed elsewhere. The language runtime has a similar
overhead since instead of just constructing a known type it needs to
check at runtime that the coercion from the expression list is valid;
this can be slower than just writing the readible code in the first
place, see #4559.
With this patch we use explicit construction, e.g.,
local x = X($x1=1, $x2=2);
29 lines
1 KiB
Text
29 lines
1 KiB
Text
##! Extracts SSH client and server information from SSH
|
|
##! connections and forwards it to the software framework.
|
|
|
|
@load base/frameworks/software
|
|
|
|
module SSH;
|
|
|
|
export {
|
|
redef enum Software::Type += {
|
|
## Identifier for SSH clients in the software framework.
|
|
SERVER,
|
|
## Identifier for SSH servers in the software framework.
|
|
CLIENT,
|
|
};
|
|
}
|
|
|
|
event ssh_client_version(c: connection, version: string) &priority=4
|
|
{
|
|
# Get rid of the protocol information when passing to the software framework.
|
|
local cleaned_version = sub(version, /^SSH[0-9\.\-]+/, "");
|
|
Software::found(c$id, Software::Info($unparsed_version=cleaned_version, $host=c$id$orig_h, $software_type=CLIENT));
|
|
}
|
|
|
|
event ssh_server_version(c: connection, version: string) &priority=4
|
|
{
|
|
# Get rid of the protocol information when passing to the software framework.
|
|
local cleaned_version = sub(version, /SSH[0-9\.\-]{2,}/, "");
|
|
Software::found(c$id, Software::Info($unparsed_version=cleaned_version, $host=c$id$resp_h, $host_p=c$id$resp_p, $software_type=SERVER));
|
|
}
|