mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
eab80c8834
This adds a slight patch to the HTTP analyzer, which recognizez when a connection is upgraded to a different protocol (using a 101 reply with a few specific headers being set). In this case, the analyzer stops further processing of the connection (which will result in DPD errors) and raises a new event: event http_connection_upgrade(c: connection, protocol: string); Protocol contains the name of the protocol that is being upgraded to, as specified in one of the header values.
13 lines
426 B
Text
13 lines
426 B
Text
# This tests that the HTTP analyzer does not generate a dpd error as a
|
|
# result of seeing an upgraded connection.
|
|
#
|
|
# @TEST-EXEC: bro -r $TRACES/http/websocket.pcap %INPUT
|
|
# @TEST-EXEC: test ! -f dpd.log
|
|
# @TEST-EXEC: test ! -f weird.log
|
|
# @TEST-EXEC: btest-diff http.log
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
|
|
event http_connection_upgrade(c: connection, protocol: string)
|
|
{
|
|
print fmt("Connection upgraded to %s", protocol);
|
|
}
|