Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix a couple of problems with signature matching.

Browse source 
- IPv4 CIDR specifications didn't work with dst-ip/src-ip.

    - The "payload-size" condition was unreliable with UDP traffic.
This commit is contained in:
Robin Sommer 2016-10-19 13:48:17 -07:00
parent bd0a374c87
commit 5cf2320fbc
9 changed files with 63 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/RuleMatcher.cc
View file

@ -144,7 +144,7 @@ bool RuleHdrTest::operator==(const RuleHdrTest& h)
void RuleHdrTest::PrintDebug()
{
static const char* str_comp[] = { "<=", ">=", "<", ">", "==", "!=" };
static const char* str_prot[] = { "", "ip", "icmp", "tcp", "udp" };
static const char* str_prot[] = { "", "ip", "ipv6", "icmp", "icmpv6", "tcp", "udp", "next", "ipsrc", "ipdst" };
fprintf(stderr, " RuleHdrTest %s[%d:%d] %s",
str_prot[prot], offset, size, str_comp[comp]);
@ -1095,10 +1095,10 @@ void RuleMatcher::ExecRule(Rule* rule, RuleEndpointState* state, bool eos)
void RuleMatcher::ClearEndpointState(RuleEndpointState* state)
{
state->payload_size = -1;
ExecPureRules(state, 1);
state->payload_size = -1;
loop_over_list(state->matchers, j)
state->matchers[j]->state->Clear();
}