Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Call AnalyzerConfirmation earlier in VXLAN/Geneve analysis

Browse source
This commit is contained in:
Tim Wojtulewicz 2023-02-13 16:43:36 -07:00
parent 16f6cafd9a
commit 02b3202453
2 changed files with 16 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/packet_analysis/protocol/geneve/Geneve.cc
View file

@ -70,6 +70,9 @@ bool GeneveAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
len -= hdr_size; len -= hdr_size;
data += hdr_size; data += hdr_size;
// We've successfully parsed everything, so we might as well confirm this.
AnalyzerConfirmation(packet->session);
int encap_index = 0; int encap_index = 0;
auto inner_packet = packet_analysis::IPTunnel::build_inner_packet( auto inner_packet = packet_analysis::IPTunnel::build_inner_packet(
packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::GENEVE, packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::GENEVE,
@ -81,21 +84,13 @@ bool GeneveAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
if ( len > hdr_size ) if ( len > hdr_size )
fwd_ret_val = ForwardPacket(len, data, inner_packet.get(), next_header); fwd_ret_val = ForwardPacket(len, data, inner_packet.get(), next_header);
if ( fwd_ret_val ) if ( fwd_ret_val && geneve_packet )
{
AnalyzerConfirmation(packet->session);
if ( geneve_packet && packet->session )
{ {
EncapsulatingConn* ec = inner_packet->encap->At(encap_index); EncapsulatingConn* ec = inner_packet->encap->At(encap_index);
if ( ec && ec->ip_hdr ) if ( ec && ec->ip_hdr )
inner_packet->session->EnqueueEvent(geneve_packet, nullptr, inner_packet->session->EnqueueEvent(geneve_packet, nullptr, packet->session->GetVal(),
packet->session->GetVal(),
ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni)); ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni));
} }
}
else
AnalyzerViolation("Geneve invalid inner packet", packet->session);
return fwd_ret_val; return fwd_ret_val;
} }

13
src/packet_analysis/protocol/vxlan/VXLAN.cc
View file

@ -47,6 +47,9 @@ bool VXLAN_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
len -= hdr_size; len -= hdr_size;
data += hdr_size; data += hdr_size;
// We've successfully parsed everything, so we might as well confirm this.
AnalyzerConfirmation(packet->session);
int encap_index = 0; int encap_index = 0;
auto inner_packet = packet_analysis::IPTunnel::build_inner_packet( auto inner_packet = packet_analysis::IPTunnel::build_inner_packet(
packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::VXLAN, packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::VXLAN,
@ -56,19 +59,13 @@ bool VXLAN_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
if ( len > hdr_size ) if ( len > hdr_size )
fwd_ret_val = ForwardPacket(len, data, inner_packet.get()); fwd_ret_val = ForwardPacket(len, data, inner_packet.get());
if ( fwd_ret_val ) if ( fwd_ret_val && vxlan_packet )
{
AnalyzerConfirmation(packet->session);
if ( vxlan_packet && packet->session )
{ {
EncapsulatingConn* ec = inner_packet->encap->At(encap_index); EncapsulatingConn* ec = inner_packet->encap->At(encap_index);
if ( ec && ec->ip_hdr ) if ( ec && ec->ip_hdr )
inner_packet->session->EnqueueEvent(vxlan_packet, nullptr, inner_packet->session->EnqueueEvent(vxlan_packet, nullptr, packet->session->GetVal(),
packet->session->GetVal(),
ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni)); ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni));
} }
}
return fwd_ret_val; return fwd_ret_val;
} }