Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Address wire/capture length feedback

Browse source
This commit is contained in:
Arne Welzel 2023-05-25 09:12:38 +02:00
parent 6941e44aba
commit c4d159d1ff
2 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/packet_analysis/protocol/iptunnel/IPTunnel.cc
View file

@ -182,7 +182,11 @@ std::unique_ptr<Packet> build_inner_packet(Packet* outer_pkt, int* encap_index,
assert(outer_pkt->len >= outer_pkt->cap_len - inner_cap_len); assert(outer_pkt->len >= outer_pkt->cap_len - inner_cap_len);
// Compute the wire length of the inner packet based on the wire length of // Compute the wire length of the inner packet based on the wire length of
// the outer and the difference in cap len's. // the outer and the difference in capture lengths. This ensures that for
// truncated packets the wire length of the inner packet stays intact. Wire
// length may be greater than data available for truncated packets. However,
// analyzers do validate lengths found in headers with the wire length
// of the packet and keeping it consistent avoids violations.
uint32_t consumed_len = outer_pkt->cap_len - inner_cap_len; uint32_t consumed_len = outer_pkt->cap_len - inner_cap_len;
uint32_t inner_wire_len = outer_pkt->len - consumed_len; uint32_t inner_wire_len = outer_pkt->len - consumed_len;

6
src/packet_analysis/protocol/iptunnel/IPTunnel.h
View file

@ -83,13 +83,17 @@ protected:
* builds a new packet object containing the encapsulated/tunneled packet, as well * builds a new packet object containing the encapsulated/tunneled packet, as well
* as adding to the associated encapsulation stack for the tunnel. * as adding to the associated encapsulation stack for the tunnel.
* *
* The wire length (pkt->len) of the inner packet is computed based on the wire length
* of the outer packet and the differences in capture lengths.
*
* @param outer_pkt The packet containing the encapsulation. This packet should contain * @param outer_pkt The packet containing the encapsulation. This packet should contain
* @param encap_index A return value for the current index into the encapsulation stack. * @param encap_index A return value for the current index into the encapsulation stack.
* This is returned to allow analyzers to know what point in the stack they were operating * This is returned to allow analyzers to know what point in the stack they were operating
* on as the packet analysis chain unwinds as it returns. * on as the packet analysis chain unwinds as it returns.
* @param encap_stack Tracks the encapsulations as the new encapsulations are discovered * @param encap_stack Tracks the encapsulations as the new encapsulations are discovered
* in the inner packets. * in the inner packets.
* @param len The byte length of the packet data containing in the inner packet. * @param inner_cap_len The byte length of the packet data contained in the inner packet.
* Also used as capture length for the inner packet.
* @param data A pointer to the first byte of the inner packet. * @param data A pointer to the first byte of the inner packet.
* @param link_type The link type (DLT_*) for the outer packet. If not known, DLT_RAW can * @param link_type The link type (DLT_*) for the outer packet. If not known, DLT_RAW can
* be passed for this value. * be passed for this value.