Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixes for IPv6 truncation and ICMP/ICMP6 analysis.

Browse source 
- Add more guards against trying to analyze captured packets with a
  truncated IPv6 static header or extension header chain.

- Add back in the ICMP payload tracking for ICMP "connections".

- Fix 'icmp_context' record construction.  Some field assignments
  were mismatched for ICMP and ICMP6.  Source and destination
  addresses were set incorrectly for context packets that don't
  contain a full IP header.  Some fields for ICMP6 weren't filled out.

- Changed ICMP Time Exceeded packets to raise the 'icmp_time_exceeded'
  event instead of 'icmp_error_message'.

- Add unit tests for truncation and the main types of ICMP/ICMP6
  that have specific events.

- Documentation clarifications.
This commit is contained in:
Jon Siwek 2012-04-11 16:27:31 -05:00
parent 27ba3118c1
commit 51bad73e1e
39 changed files with 422 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/core/truncation.test Normal file
View file

@ -0,0 +1,6 @@
# Truncated IP packet's should not be analyzed, and generate truncated_IP weird
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
# @TEST-EXEC: btest-diff output