Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add an option to ignore packets sourced from particular subnets.

Browse source 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
This commit is contained in:
Seth Hall 2020-10-14 16:51:30 -04:00
parent e4df60c51d
commit 552a24e07c
12 changed files with 63 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/base/init-bare.zeek
View file

@ -995,6 +995,13 @@ const UDP_ACTIVE = 1; ##< Endpoint has sent something.
## variable.
const ignore_checksums = F &redef;
## Checksums are ignored for all packets with a src address within this set of
## addresses. Useful for cases where a host might be seeing packets collected
## from local hosts before checksums were applied by hardware. This frequently
## manifests when sniffing a local management interface on a host and Zeek sees
## packets before the hardware has had a chance to apply the checksums.
option ignore_checksums_nets: set[subnet] = set();
## If true, instantiate connection state when a partial connection
## (one missing its initial establishment negotiation) is seen.
const partial_connection_ok = T &redef;