Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

iosource/Packet: Allow ToRawPktHdrVal() for reassembled packets

Browse source 
Closes #4845
This commit is contained in:
Arne Welzel 2025-09-26 14:06:22 +02:00
parent d2cda5a68c
commit c6f65cb3a2
4 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/Baseline/bifs.get_current_packet_header_fragmented_syn/output Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[l2=[encap=LINK_ETHERNET, len=74, cap_len=50, src=98:ee:cb:bd:07:fe, dst=1e:0b:8b:14:f6:f9, vlan=<uninitialized>, inner_vlan=<uninitialized>, eth_type=2048, proto=L3_IPV4], ip=[hl=20, tos=0, len=60, id=1, DF=F, MF=T, offset=0, ttl=64, p=6, sum=36538, src=192.168.1.100, dst=10.0.0.5], ip6=<uninitialized>, tcp=[sport=12345/tcp, dport=80/tcp, seq=1000, ack=0, hl=40, dl=0, reserved=0, flags=2, win=8192], udp=<uninitialized>, icmp=<uninitialized>]

BIN
testing/btest/Traces/ipv4/fragmented-syn.pcap Normal file
View file

Binary file not shown.

10
testing/btest/bifs/get_current_packet_header_fragmented_syn.zeek Normal file
View file

@ -0,0 +1,10 @@
# @TEST-DOC: Regression test for #4845, get_current_packet_header() for a fragmented SYN packet
#
# @TEST-EXEC: zeek -b -C -r $TRACES/ipv4/fragmented-syn.pcap %INPUT >output
# @TEST-EXEC: btest-diff output
event connection_SYN_packet(c: connection, pkt: SYN_packet)
{
local hdr: raw_pkt_hdr = get_current_packet_header();
print fmt("%s", hdr);
}