mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 01:58:20 +00:00
Fixes for various btest issues
- Fix handling of truncated ethernet headers, fix core.truncation test output - Update commit hashes for external private test repo
This commit is contained in:
Tim Wojtulewicz
parent
1c3ded7dd5
commit
08ceea8de1
3 changed files with 25 additions and 17 deletions
|
|
@ -17,7 +17,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
// Assume we're pointing at IP. Just figure out which version.
|
||||
if ( pdata + sizeof(struct ip) >= packet->GetEndOfData() )
|
||||
{
|
||||
packet->Weird("default_ll_analyser_failed");
|
||||
packet->Weird("packet_analyzer_truncated_header");
|
||||
return { AnalyzerResult::Failed, 0 };
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,14 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
|
|||
auto& pdata = packet->cur_pos;
|
||||
auto end_of_data = packet->GetEndOfData();
|
||||
|
||||
// Make sure that we actually got an entire ethernet header before trying
|
||||
// to pull bytes out of it.
|
||||
if ( pdata + 16 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_ethernet_frame");
|
||||
return { AnalyzerResult::Failed, 0 };
|
||||
}
|
||||
|
||||
// Skip past Cisco FabricPath to encapsulated ethernet frame.
|
||||
if ( pdata[12] == 0x89 && pdata[13] == 0x03 )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,78 +3,78 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-19
|
||||
#open 2020-07-14-01-19-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334160095.895421 - - - - - truncated_IP - F zeek
|
||||
#close 2020-07-02-14-29-19
|
||||
#close 2020-07-14-01-19-19
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-20
|
||||
#open 2020-07-14-01-19-20
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334156241.519125 - - - - - truncated_IP - F zeek
|
||||
#close 2020-07-02-14-29-20
|
||||
#close 2020-07-14-01-19-20
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-20
|
||||
#open 2020-07-14-01-19-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334094648.590126 - - - - - truncated_IP - F zeek
|
||||
#close 2020-07-02-14-29-20
|
||||
#close 2020-07-14-01-19-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-21
|
||||
#open 2020-07-14-01-19-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1338328954.078361 - - - - - internally_truncated_header - F zeek
|
||||
#close 2020-07-02-14-29-21
|
||||
#close 2020-07-14-01-19-23
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-21
|
||||
#open 2020-07-14-01-19-24
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
0.000000 - - - - - truncated_ethernet_frame - F zeek
|
||||
#close 2020-07-02-14-29-21
|
||||
#close 2020-07-14-01-19-24
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-21
|
||||
#open 2020-07-14-01-19-25
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 invalid_IP_header_size - F zeek
|
||||
#close 2020-07-02-14-29-21
|
||||
#close 2020-07-14-01-19-25
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-21
|
||||
#open 2020-07-14-01-19-26
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1508360735.834163 - 163.253.48.183 0 192.150.187.43 0 internally_truncated_header - F zeek
|
||||
#close 2020-07-02-14-29-22
|
||||
#close 2020-07-14-01-19-26
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open 2020-07-02-14-29-22
|
||||
#open 2020-07-14-01-19-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1500557630.000000 - 0.255.0.255 0 15.254.2.1 0 invalid_IP_header_size_in_tunnel - F zeek
|
||||
#close 2020-07-02-14-29-22
|
||||
#close 2020-07-14-01-19-27
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue