mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 00:28:21 +00:00
995368e68c
This changes many weird names to move non-static content from the weird name into the "addl" field to help ensure the total number of weird names is reasonably bounded. Note the net_weird and flow_weird events do not have an "addl" parameter, so information may no longer be available in those cases -- to make it available again we'd need to either (1) define new events that contain such a parameter, or (2) change net_weird/flow_weird event signature (which is a breaking change for user-code at the moment). Also, the generic handling of binpac exceptions for analyzers which to not otherwise catch and handle them has been changed from a Weird to a ProtocolViolation. Finally, a new "file_weird" event has been added for reporting weirdness found during file analysis.
11 lines
320 B
Text
11 lines
320 B
Text
#
|
|
# @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT
|
|
# @TEST-EXEC: btest-diff modbus.log
|
|
# @TEST-EXEC: btest-diff modbus_register_change.log
|
|
# @TEST-EXEC: btest-diff known_modbus.log
|
|
#
|
|
|
|
@load protocols/modbus/known-masters-slaves.bro
|
|
@load protocols/modbus/track-memmap.bro
|
|
|
|
redef DPD::ignore_violations_after = 1;
|