Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add extra guard against non-IP, non-ARP packets being parsed as IPv6.

Browse source 
This would usually manifest in raising truncated_IP weirds, which is
misleading because it wasn't actually an IP packet in the first place.
Now unknown_packet_type weird is raised instead.
This commit is contained in:
Jon Siwek 2012-02-07 11:42:55 -06:00
parent 1f58ac875b
commit 4cb6a279f5
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/Sessions.cc
View file

@ -282,11 +282,16 @@ void NetSessions::NextPacket(double t, const struct pcap_pkthdr* hdr,
else if ( arp_analyzer && arp_analyzer->IsARP(pkt, hdr_size) ) else if ( arp_analyzer && arp_analyzer->IsARP(pkt, hdr_size) )
arp_analyzer->NextPacket(t, hdr, pkt, hdr_size); arp_analyzer->NextPacket(t, hdr, pkt, hdr_size);
else else if ( ip->ip_v == 6 )
{ {
IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size)); IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size));
DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size); DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size);
} }
else
{
Weird("unknown_packet_type", hdr, pkt);
return;
}
} }
if ( dump_this_packet && ! record_all_packets ) if ( dump_this_packet && ! record_all_packets )