Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add conn.log entries for connections with unhandled IP protocols

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-09-10 15:13:11 +02:00
parent a96515a2e8
commit 35ec9733c0
422 changed files with 97715 additions and 97282 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/Conn.cc
View file

@ -33,7 +33,15 @@ Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id,
resp_addr = id->dst_addr;
orig_port = id->src_port;
resp_port = id->dst_port;
proto = TRANSPORT_UNKNOWN;
switch ( id->proto ) {
case IPPROTO_TCP: proto = TRANSPORT_TCP; break;
case IPPROTO_UDP: proto = TRANSPORT_UDP; break;
case IPPROTO_ICMP:
case IPPROTO_ICMPV6: proto = TRANSPORT_ICMP; break;
default: proto = TRANSPORT_UNKNOWN; break;
}
orig_flow_label = flow;
resp_flow_label = 0;
saw_first_orig_packet = 1;
@ -187,6 +195,7 @@ const RecordValPtr& Connection::GetVal() {
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, make_intrusive<AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
id_val->Assign(4, KeyProto());
auto orig_endp = make_intrusive<RecordVal>(id::endpoint);
orig_endp->Assign(0, 0);