Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add an option to ignore packets sourced from particular subnets.

Browse source 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
This commit is contained in:
Seth Hall 2020-10-14 16:51:30 -04:00
parent e4df60c51d
commit 552a24e07c
12 changed files with 63 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/tcp/TCP.h
View file

@ -94,8 +94,8 @@ protected:
// Returns true if the checksum is valid, false if not (and in which
// case also updates the status history of the endpoint).
bool ValidateChecksum(const struct tcphdr* tp, TCP_Endpoint* endpoint,
int len, int caplen, bool ipv4);
bool ValidateChecksum(const IP_Hdr* ip, const struct tcphdr* tp, TCP_Endpoint* endpoint,
int len, int caplen);
void SetPartialStatus(TCP_Flags flags, bool is_orig);