Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add an option to ignore packets sourced from particular subnets.

Browse source 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
This commit is contained in:
Seth Hall 2020-10-14 16:51:30 -04:00
parent e4df60c51d
commit 552a24e07c
12 changed files with 63 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/packet_analysis/protocol/ip/IP.cc
View file

@ -129,6 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
return false;
if ( ! packet->l2_checksummed && ! detail::ignore_checksums && ip4 &&
! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
{
sessions->Weird("bad_IP_checksum", packet);