Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge https://github.com/gpotter2/zeek.

Browse source 
Changes during merge:
  - Add dedicated test (w/ trace "client_timestamp_enabled.pcapng" from Cloudshark)
  - Change types from signed to unsigned.
  - Add cast for bit-shifting operand.
  - clang-format run
This commit is contained in:
Robin Sommer 2021-09-20 11:20:50 +02:00
commit 31d3fb0f6c
9 changed files with 48 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
View file

@ -331,6 +331,8 @@ static zeek::RecordValPtr build_syn_packet_val(bool is_orig, const zeek::IP_Hdr*
int winscale = -1;
int MSS = 0;
int SACK = 0;
std::optional<uint64_t> TSval;
std::optional<uint64_t> TSecr;
// Parse TCP options.
u_char* options = (u_char*)tcp + sizeof(struct tcphdr);
@ -384,6 +386,20 @@ static zeek::RecordValPtr build_syn_packet_val(bool is_orig, const zeek::IP_Hdr*
winscale = options[2];
break;
case 8: // TCPOPT_TIMESTAMP
if ( opt_len < 10 )
break; // bad length
TSval =
(((((static_cast<uint64_t>(options[2]) << 8) | options[3]) << 8) | options[4])
<< 8) |
options[5];
TSecr =
(((((static_cast<uint64_t>(options[6]) << 8) | options[7]) << 8) | options[8])
<< 8) |
options[9];
break;
default: // just skip over
break;
}
@ -403,6 +419,12 @@ static zeek::RecordValPtr build_syn_packet_val(bool is_orig, const zeek::IP_Hdr*
v->Assign(6, MSS);
v->Assign(7, static_cast<bool>(SACK));
if ( TSval )
v->Assign(8, *TSval);
if ( TSval )
v->Assign(9, *TSecr);
return v;
}