Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

An extension to the ICMP analyzer to handle redirects.

Browse source 
The analyzer now raises icmp_redirect() events that come with the
redirection address.

By Julien Sentier.
This commit is contained in:
Robin Sommer 2011-05-13 18:47:50 -07:00
parent 437ac29ca9
commit 1199085b27
6 changed files with 49 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/ICMP.cc
View file

@ -321,6 +321,24 @@ void ICMP_Echo_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len,
ConnectionEvent(f, vl);
}
ICMP_Redir_Analyzer::ICMP_Redir_Analyzer(Connection* c)
: ICMP_Analyzer(AnalyzerTag::ICMP_Redir, c)
{
}
void ICMP_Redir_Analyzer::NextICMP(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data)
{
uint32 addr = ntohl(icmpp->icmp_hun.ih_void);
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(BuildICMPVal());
vl->append(new AddrVal(htonl(addr)));
ConnectionEvent(icmp_redirect, vl);
}
void ICMP_Context_Analyzer::NextICMP(double t, const struct icmp* icmpp,
int len, int caplen, const u_char*& data)