Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add an option to ignore packets sourced from particular subnets.

Browse source 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
This commit is contained in:
Seth Hall 2020-10-14 16:51:30 -04:00
parent e4df60c51d
commit 552a24e07c
12 changed files with 63 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
testing/btest/Baseline/core.checksums_ignore_nets/conn-failed.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2020-10-14-20-49-58
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1602707363.476578 CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - - - - OTH - - 0 C 0 0 0 0 -
1602707363.504737 ClEkJM2Vm5giqnMf4h 35.221.46.9 80 192.168.1.28 53246 tcp - 0.063810 432 0 SH - - 0 HcADF 4 604 0 0 -
#close 2020-10-14-20-49-58

10
testing/btest/Baseline/core.checksums_ignore_nets/conn-worked.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2020-10-14-20-49-58
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1602707363.476578 CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF - - 0 ShADadFf 6 338 4 604 -
#close 2020-10-14-20-49-58

BIN
testing/btest/Traces/chksums/localhost-bad-chksum.pcap Normal file
View file

Binary file not shown.

7
testing/btest/core/checksums_ignore_nets.test Normal file
View file

@ -0,0 +1,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/chksums/localhost-bad-chksum.pcap "ignore_checksums_nets += {192.168.0.0/16}" %INPUT && mv conn.log conn-worked.log
# @TEST-EXEC: zeek -b -r $TRACES/chksums/localhost-bad-chksum.pcap %INPUT && mv conn.log conn-failed.log
# @TEST-EXEC: btest-diff conn-worked.log
# @TEST-EXEC: btest-diff conn-failed.log
@load base/protocols/conn