Merge branch 'fix_ipsec' of ssh://github.com/keithjjones/spicy-analyzers

* 'fix_ipsec' of ssh://github.com/keithjjones/spicy-analyzers: Remove analyzer_id from scripts for ipsec.
zeek · May 17, 2021 · 28258e2 · 28258e2
2 parents 41cfb71 + 23c8fe3
commit 28258e2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 15 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,8 @@
+
+0.2.11 | 2021-05-17 09:39:00 +0200
+
+  * Remove `analyzer_id` from scripts for IPSec. (Keith Jones)
+
 0.2.10-4 | 2021-05-05 11:49:06 +0200
 
   * Add Aruba Networks vendor ID info. (Keith Jones, Corelight)

diff --git a/analyzer/protocol/ipsec/main.zeek b/analyzer/protocol/ipsec/main.zeek
@@ -58,10 +58,6 @@ export {
 		## Cipher hash of this IPSec transaction info:
 		## vendor_ids, notify_messages, transforms, ke_dh_groups, and proposals
 		hash: string &log &optional;
-		# The analyzer ID used for the analyzer instance attached
-		# to each connection.  It is not used for logging since it's a
-		# meaningless arbitrary number.
-		analyzer_id: count &optional;
 	};
 
 	# Event that can be handled to access the IPSec record as it is sent on
@@ -669,17 +665,6 @@ function set_session(c: connection)
 		}
 	}
 
-event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5
-	{
-	if ( atype == Analyzer::ANALYZER_SPICY_IPSEC_IKE_UDP ||
-		 atype == Analyzer::ANALYZER_SPICY_IPSEC_TCP ||
-		 atype == Analyzer::ANALYZER_SPICY_IPSEC_UDP )
-		{
-		set_session(c);
-		c$ipsec$analyzer_id = aid;
-		}
-	}
-
 event ipsec::ike_message(c: connection, is_orig: bool, msg: ipsec::IKEMsg)
 	{
 	set_session(c);