Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Reset packet cap_len before returning from IP::AnalyzePacket

Browse source
This commit is contained in:
Tim Wojtulewicz 2022-08-18 12:48:30 -07:00
parent 2d7bfb4ca7
commit 719e0a0f4f
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/packet_analysis/protocol/ip/IP.cc
View file

@ -155,6 +155,10 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
detail::FragReassembler* f = nullptr;
// Store this off so that it can be reset back to the original value before returning from
// this method.
size_t orig_cap_len = packet->cap_len;
if ( packet->ip_hdr->IsFragment() )
{
packet->dump_packet = true; // always record fragments
@ -187,13 +191,14 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
len = total_len = packet->ip_hdr->TotalLen();
ip_hdr_len = packet->ip_hdr->HdrLen();
packet->cap_len = total_len + hdr_size;
if ( ip_hdr_len > total_len )
{
Weird("invalid_IP_header_size", packet);
return false;
}
packet->cap_len = total_len + hdr_size;
}
}
@ -208,6 +213,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
event_mgr.Enqueue(esp_packet, packet->ip_hdr->ToPktHdrVal());
// Can't do more since upper-layer payloads are going to be encrypted.
packet->cap_len = orig_cap_len;
return true;
}
@ -221,6 +227,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
mobility_header_checksum(packet->ip_hdr.get()) != 0xffff )
{
Weird("bad_MH_checksum", packet);
packet->cap_len = orig_cap_len;
return false;
}
@ -230,6 +237,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
Weird("mobility_piggyback", packet);
packet->cap_len = orig_cap_len;
return true;
}
@ -253,6 +261,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( total_len < packet->ip_hdr->HdrLen() )
{
Weird("bogus_IP_header_lengths", packet);
packet->cap_len = orig_cap_len;
return false;
}
@ -280,6 +289,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( f )
f->DeleteTimer();
packet->cap_len = orig_cap_len;
return return_val;
}