Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix issue with broken libpcaps that return repeat packets

Browse source 
This is apparently a problem with the Myricom version of libpcap, where
instead of returning a null or a zero if no packets are available, it
returns the previous packet. This causes Zeek to improperly parse the
packet and crash. We thought we had fixed this previously with a check
for a null packet but that fix was not enough.
This commit is contained in:
Tim Wojtulewicz 2021-09-27 12:11:19 -07:00
parent f1c81e3ab9
commit b6444dce0c
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/iosource/pcap/Source.cc
View file

@ -247,6 +247,14 @@ bool PcapSource::ExtractNextPacket(Packet* pkt)
++stats.received; ++stats.received;
stats.bytes_received += header->len; stats.bytes_received += header->len;
// Some versions of libpcap (myricom) are somewhat broken and will return a duplicate
// packet if there are no more packets available. Namely, it returns the exact same
// packet structure (including the header) out of the library without reinitializing
// any of the values. If we set the header lengths to zero here, we can keep from
// processing it a second time.
header->len = 0;
header->caplen = 0;
return true; return true;
} }