Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Session/TCP/UDP: Reserve HIST_UNKNOWN_PKT mask

Browse source 
This is meant to be used for a new 'X' code in the history in scenarios when
packets are knowingly not processed or an unexpected unknown situation
is recognized.

Usually, these situations are currently reported via weirds or analyzer violations,
but being able to include it in the history field allows them to be more visible.

Will be used for exceeding tunnel depths first.
This commit is contained in:
Arne Welzel 2023-11-30 16:58:47 +01:00
parent c8a032ac70
commit ad9446d799
3 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -18,6 +18,7 @@ constexpr uint32_t HIST_ORIG_DATA_PKT = 0x1;
constexpr uint32_t HIST_RESP_DATA_PKT = 0x2;
constexpr uint32_t HIST_ORIG_CORRUPT_PKT = 0x4;
constexpr uint32_t HIST_RESP_CORRUPT_PKT = 0x8;
// constexpr uint32_t HIST_UNKNOWN_PKT = 0x400; (do not use - used in Session.h)
UDPAnalyzer::UDPAnalyzer() : IPBasedAnalyzer("UDP", TRANSPORT_UDP, UDP_PORT_MASK, false) {}