mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 18:18:19 +00:00
Merge remote-tracking branch 'origin/fastpath'
* origin/fastpath: Improve GeoIP City database support. Broxygen init fixes, addresses BIT-1110. Fix for packet writing to make it use the global snaplength. Fix for traffic with TCP segmentation offloading with IP header len field being set to zero.
This commit is contained in:
Robin Sommer
commit
ca55d14f67
6 changed files with 120 additions and 13 deletions
32
CHANGES
32
CHANGES
|
|
@ -1,4 +1,36 @@
|
|||
|
||||
2.2-91 | 2014-01-13 01:33:28 -0800
|
||||
|
||||
* Improve GeoIP City database support. When trying to open a city
|
||||
database, it now considers both the "REV0" and "REV1" versions of
|
||||
the city database instead of just the former. (Jon Siwek)
|
||||
|
||||
* Broxygen init fixes. Addresses BIT-1110. (Jon Siwek)
|
||||
|
||||
- Don't check mtime of bro binary if BRO_DISABLE_BROXYGEN env var set.
|
||||
|
||||
- Fix failure to locate bro binary if invoking from a relative
|
||||
path and '.' isn't in PATH.
|
||||
|
||||
* Fix for packet writing to make it use the global snap length.
|
||||
(Seth Hall)
|
||||
|
||||
* Fix for traffic with TCP segmentation offloading with IP header
|
||||
len field being set to zero. (Seth Hall)
|
||||
|
||||
* Canonify output of a unit test. (Jon Siwek)
|
||||
|
||||
* A set of documentation updates. (Daniel Thayer)
|
||||
|
||||
- Fix typo in Bro 2.2 NEWS on string indexing.
|
||||
- Fix typo in the Quick Start Guide, and clarified the
|
||||
instructions about modifying crontab.
|
||||
- Add/fix documentation for missing/misnamed event parameters.
|
||||
- Fix typos in BIF documentation of hexstr_to_bytestring.
|
||||
- Update the documentation of types and attributes.
|
||||
- Documented the new substring extraction functionality.
|
||||
- Clarified the description of "&priority" and "void".
|
||||
|
||||
2.2-75 | 2013-12-18 08:36:50 -0800
|
||||
|
||||
* Fixing segfault with mismatching set &default in record fields.
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
2.2-75
|
||||
2.2-91
|
||||
|
|
|
|||
|
|
@ -661,7 +661,7 @@ PktDumper::PktDumper(const char* arg_filename, bool arg_append)
|
|||
if ( linktype < 0 )
|
||||
linktype = DLT_EN10MB;
|
||||
|
||||
pd = pcap_open_dead(linktype, 8192);
|
||||
pd = pcap_open_dead(linktype, snaplen);
|
||||
if ( ! pd )
|
||||
{
|
||||
Error("error for pcap_open_dead");
|
||||
|
|
|
|||
|
|
@ -384,6 +384,15 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
|
|||
const struct ip* ip4 = ip_hdr->IP4_Hdr();
|
||||
|
||||
uint32 len = ip_hdr->TotalLen();
|
||||
if ( len == 0 )
|
||||
{
|
||||
// TCP segmentation offloading can zero out the ip_len field.
|
||||
Weird("ip_hdr_len_zero", hdr, pkt, encapsulation);
|
||||
|
||||
// Cope with the zero'd out ip_len field by using the caplen.
|
||||
len = hdr->caplen - hdr_size;
|
||||
}
|
||||
|
||||
if ( hdr->len < len + hdr_size )
|
||||
{
|
||||
Weird("truncated_IP", hdr, pkt, encapsulation);
|
||||
|
|
|
|||
80
src/bro.bif
80
src/bro.bif
|
|
@ -3443,9 +3443,59 @@ static GeoIP* open_geoip_db(GeoIPDBTypes type)
|
|||
if ( GeoIP_db_avail(type) )
|
||||
geoip = GeoIP_open_type(type, GEOIP_MEMORY_CACHE);
|
||||
|
||||
return geoip;
|
||||
}
|
||||
|
||||
static GeoIP* open_geoip_city_db()
|
||||
{
|
||||
GeoIP* geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
|
||||
|
||||
if ( ! geoip )
|
||||
reporter->Info("Failed to open GeoIP database: %s",
|
||||
GeoIPDBFileName[type]);
|
||||
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV1);
|
||||
|
||||
if ( ! geoip )
|
||||
{
|
||||
string rev0_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV0];
|
||||
string rev1_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV1];
|
||||
string db_path = rev0_path;
|
||||
|
||||
// Maybe in the future the revisions won't share a common default path.
|
||||
if ( rev0_path != rev1_path )
|
||||
db_path = rev0_path + " or " + rev1_path;
|
||||
|
||||
reporter->Info("Failed to open GeoIP City database: %s",
|
||||
db_path.c_str());
|
||||
}
|
||||
|
||||
return geoip;
|
||||
}
|
||||
|
||||
static GeoIP* open_geoip_city_db_v6()
|
||||
{
|
||||
GeoIP* geoip = 0;
|
||||
|
||||
// Both city edition revisions for IPv6 show up in libGeoIP 1.4.7.
|
||||
#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
|
||||
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
|
||||
|
||||
if ( ! geoip )
|
||||
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV1_V6);
|
||||
|
||||
if ( ! geoip )
|
||||
{
|
||||
string rev0_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV0_V6];
|
||||
string rev1_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV1_V6];
|
||||
string db_path = rev0_path;
|
||||
|
||||
// Maybe in the future the revisions won't share a common default path.
|
||||
if ( rev0_path != rev1_path )
|
||||
db_path = rev0_path + " or " + rev1_path;
|
||||
|
||||
reporter->Info("Failed to open GeoIP Cityv6 database: %s",
|
||||
db_path.c_str());
|
||||
}
|
||||
#endif
|
||||
|
||||
return geoip;
|
||||
}
|
||||
|
||||
|
|
@ -3476,31 +3526,41 @@ function lookup_location%(a: addr%) : geo_location
|
|||
if ( ! geoip_initialized )
|
||||
{
|
||||
geoip_initialized = true;
|
||||
geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
|
||||
geoip = open_geoip_city_db();
|
||||
|
||||
if ( ! geoip )
|
||||
{
|
||||
geoip = open_geoip_db(GEOIP_COUNTRY_EDITION);
|
||||
string db_path = GeoIPDBFileName[GEOIP_COUNTRY_EDITION];
|
||||
|
||||
if ( ! geoip )
|
||||
builtin_error("Can't initialize GeoIP City/Country database");
|
||||
builtin_error(fmt("Failed fall back to GeoIP Country "
|
||||
"database: %s",
|
||||
GeoIPDBFileName[GEOIP_COUNTRY_EDITION]));
|
||||
else
|
||||
reporter->Info("Fell back to GeoIP Country database");
|
||||
}
|
||||
else
|
||||
have_city_db = true;
|
||||
|
||||
#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
|
||||
geoip_v6 = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
|
||||
geoip_v6 = open_geoip_city_db_v6();
|
||||
|
||||
if ( geoip_v6 )
|
||||
have_cityv6_db = true;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
||||
if ( ! geoip_v6 )
|
||||
{
|
||||
geoip_v6 = open_geoip_db(GEOIP_COUNTRY_EDITION_V6);
|
||||
|
||||
if ( ! geoip_v6 )
|
||||
reporter->Info("Failed to open GeoIPv6 Country database: %s",
|
||||
GeoIPDBFileName[GEOIP_COUNTRY_EDITION_V6]);
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( ! geoip_v6 )
|
||||
builtin_error("Can't initialize GeoIPv6 City/Country database");
|
||||
builtin_error("Can't open GeoIPv6 City/Country database");
|
||||
}
|
||||
|
||||
#ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
|
||||
|
|
@ -3592,8 +3652,10 @@ function lookup_asn%(a: addr%) : count
|
|||
{
|
||||
geoip_asn_initialized = true;
|
||||
geoip_asn = open_geoip_db(GEOIP_ASNUM_EDITION);
|
||||
|
||||
if ( ! geoip_asn )
|
||||
builtin_error("Can't initialize GeoIP ASNUM database");
|
||||
builtin_error(fmt("Can't open GeoIP ASNUM database: %s",
|
||||
GeoIPDBFileName[GEOIP_ASNUM_EDITION]));
|
||||
}
|
||||
|
||||
if ( geoip_asn )
|
||||
|
|
|
|||
|
|
@ -35,8 +35,12 @@ Manager::Manager(const string& arg_config, const string& bro_command)
|
|||
if ( getenv("BRO_DISABLE_BROXYGEN") )
|
||||
disabled = true;
|
||||
|
||||
const char* path = getenv("PATH");
|
||||
string path_to_bro = path ? find_file(bro_command, path): "";
|
||||
if ( disabled )
|
||||
return;
|
||||
|
||||
const char* env_path = getenv("PATH");
|
||||
string path = env_path ? string(env_path) + ":." : ".";
|
||||
string path_to_bro = find_file(bro_command, path);
|
||||
struct stat s;
|
||||
|
||||
if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue