Fix tcp_option event

It was not being raised in all the cases it should have been due to an incorrect/unnecessary truncation check.
2025-10-07 17:18:20 +00:00 · 2019-10-03 17:55:07 -07:00 · 2019-10-03 17:55:07 -07:00 · 222e3ad3ea
commit 222e3ad3ea
parent 8ba19cd7d1
4 changed files with 24 additions and 2 deletions
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -1186,8 +1186,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		GeneratePacketEvent(rel_seq, rel_ack, data, len, caplen, is_orig,
 		                    flags);
-	if ( tcp_option && tcp_hdr_len > sizeof(*tp) &&
+	if ( tcp_option && tcp_hdr_len > sizeof(*tp) )
 	     tcp_hdr_len <= uint32_t(caplen) )
 		ParseTCPOptions(tp, TCPOptionEvent, this, is_orig, 0);
 	if ( DEBUG_tcp_data_sent )
--- a/testing/btest/Baseline/core.tcp.options/out
+++ b/testing/btest/Baseline/core.tcp.options/out
@ -0,0 +1,16 @@
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 2, 4
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 4, 2
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 8, 10
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 3, 3
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], F, 2, 4
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], F, 4, 2
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], F, 8, 10
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], F, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], F, 3, 3
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 8, 10
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 1, 1
 [orig_h=192.168.1.102, orig_p=36861/tcp, resp_h=193.1.193.64, resp_p=80/tcp], T, 8, 10
--- a/testing/btest/Traces/tcp/options.pcap
+++ b/testing/btest/Traces/tcp/options.pcap
--- a/testing/btest/core/tcp/options.zeek
+++ b/testing/btest/core/tcp/options.zeek
@ -0,0 +1,7 @@
 # @TEST-EXEC: zeek -b -r $TRACES/tcp/options.pcap %INPUT > out
 # @TEST-EXEC: btest-diff out
 event tcp_option(c: connection, is_orig: bool, opt: count, optlen: count)
 	{
 	print c$id, is_orig, opt, optlen;
 	}