conn_key/fivetuple: Handle one-way ICMP conns in DoConnKeyFromVal()

When a conn_id represents a ICMP "connection", we need to determine the is_one_way flag for InitTuple() in order to skip any flipping of address and ports for one-way ICMP connections. Fixes #4645
2025-10-02 06:38:20 +00:00 · 2025-07-23 20:32:22 +02:00 · 2025-07-23 20:32:22 +02:00 · 785bb2ee13
commit 785bb2ee13
parent 4399f171ae
3 changed files with 23 additions and 2 deletions
--- a/testing/btest/Baseline/bifs.icmp_connection_exists/.stderr
+++ b/testing/btest/Baseline/bifs.icmp_connection_exists/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/bifs/icmp_connection_exists.zeek
+++ b/testing/btest/bifs/icmp_connection_exists.zeek
@ -0,0 +1,12 @@
+# @TEST-DOC: Test connection_exists() within new_connection() for ICMP traces. Regression test for #4645.
+#
+# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-ip.pcap %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-no-context.pcap %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT
+
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+
+event new_connection(c: connection)
+	{
+	assert connection_exists(c$id), fmt("%s does not exist (pcap %s)", c$id, split_string(packet_source()$path, /\//)[-1]);
+	}
				`@ -0,0 +1 @@`
				`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`