Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Default tunnel_type in iosource::Packet to NONE

Browse source
This commit is contained in:
Tim Wojtulewicz 2023-04-14 09:17:01 -07:00 committed by Tim Wojtulewicz
parent e856e953b8
commit 1e6cc76c83
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/packet_analysis/protocol/ip/IP.cc
View file

@ -2,6 +2,8 @@
#include "zeek/packet_analysis/protocol/ip/IP.h"
#include <netinet/in.h>
#include "zeek/Discard.h"
#include "zeek/Event.h"
#include "zeek/Frag.h"
@ -269,6 +271,11 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
return false;
}
// If the next protocol is a tunneled type, set the tunnel_type field in the packet to IP
// so that it gets handled correctly.
if ( proto == IPPROTO_IPV4 || proto == IPPROTO_IPV6 )
packet->tunnel_type = BifEnum::Tunnel::IP;
switch ( proto )
{
case IPPROTO_NONE: