mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 21:48:21 +00:00
f3f593c523
This seems to be an age-old bug. Reported by mchen on discourse [1]. The TCPSessionAdapter decides in AddExtraAnalyzers() whether to enable reassembly or not. When dpd_reassemble_first_packets is F, this boils down to ! GetChildren().empty(). The intention being that if any analyzers have been added to the connection based on known ports, reassembly is to be enabled. However, GetChildren() does not take into account new_children and so ! GetChildren().empty() is always false here and reassembly solely based on dpd_reassemble_first_packets=F (or the tcp_content... options). Ouch. Call AppendNewChildren() before AddExtraAnalyzers() as a fix. Without this, the new test does not produce an http.log and service "http" isn't in conn.log. [1] https://community.zeek.org/t/how-to-activate-an-application-layer-analyzer-when-signature-dpd-reassemble-first-packets-is-off/6763 |
||
|---|---|---|
| .. | ||
| benchmark/broker | ||
| btest | ||
| coverage | ||
| external | ||
| scripts | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Zeek's correct
operation:
btest/
An ever-growing set of small unit tests testing Zeek's
functionality.
external/
A framework for downloading additional test sets that run more
complex Zeek configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.