Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 03:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix AYIYA analyzer from modifying parent connection's encapsulation.

Browse source
This commit is contained in:
Jon Siwek 2012-04-24 11:40:05 -05:00
parent a4af694610
commit 85bb5deb92
2 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Conn.h
View file

@ -246,7 +246,8 @@ public:
void SetUID(uint64 arg_uid) { uid = arg_uid; }
Encapsulation* GetEncapsulation() { return &encapsulation; }
const Encapsulation& GetEncapsulation() const
{ return encapsulation; }
protected:

11
src/ayiya-analyzer.pac
View file

@ -13,7 +13,7 @@ flow AYIYA_Flow
%{
Connection *c = connection()->bro_analyzer()->Conn();
if ( c->GetEncapsulation()->Depth() >= BifConst::Tunnel::max_depth )
if ( c->GetEncapsulation().Depth() >= BifConst::Tunnel::max_depth )
{
reporter->Weird(c->OrigAddr(), c->RespAddr(), "tunnel_depth");
// TODO: this should stop this analyzer instance
@ -42,10 +42,13 @@ flow AYIYA_Flow
// Not sure what to do with this timestamp.
//fake_hdr.ts = network_time();
EncapsulatingConn ec(c->OrigAddr(), c->RespAddr(), BifEnum::Tunnel::AYIYA);
c->GetEncapsulation()->Add(ec);
Encapsulation encap(c->GetEncapsulation());
EncapsulatingConn ec(c->OrigAddr(), c->RespAddr(),
c->OrigPort(), c->RespPort(),
BifEnum::Tunnel::AYIYA);
encap.Add(ec);
sessions->DoNextPacket(network_time(), &fake_hdr, inner_ip, ${pdu.packet}.data(), 0, *c->GetEncapsulation());
sessions->DoNextPacket(network_time(), &fake_hdr, inner_ip, ${pdu.packet}.data(), 0, encap);
delete inner_ip;
return true;