mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 10:38:20 +00:00
GH-1184: Add 'source' field to weird log denoting where the weird was reported
This commit is contained in:
Tim Wojtulewicz
parent
eccbbb4476
commit
e27008ef26
72 changed files with 964 additions and 890 deletions
|
|
@ -5,6 +5,8 @@
|
|||
#include "zeek/Dict.h"
|
||||
#include "zeek/DebugLogger.h"
|
||||
#include "zeek/RunState.h"
|
||||
#include "zeek/Sessions.h"
|
||||
#include "zeek/util.h"
|
||||
|
||||
namespace zeek::packet_analysis {
|
||||
|
||||
|
|
@ -70,7 +72,7 @@ AnalyzerPtr Analyzer::Lookup(uint32_t identifier) const
|
|||
}
|
||||
|
||||
bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
|
||||
uint32_t identifier) const
|
||||
uint32_t identifier) const
|
||||
{
|
||||
auto inner_analyzer = Lookup(identifier);
|
||||
if ( ! inner_analyzer )
|
||||
|
|
@ -96,7 +98,8 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet) co
|
|||
|
||||
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s stopped, no default analyzer available.",
|
||||
GetAnalyzerName());
|
||||
packet->Weird("no_suitable_analyzer_found");
|
||||
|
||||
Weird("no_suitable_analyzer_found", packet);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -116,4 +119,9 @@ void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child)
|
|||
dispatcher.Register(identifier, std::move(child));
|
||||
}
|
||||
|
||||
}
|
||||
void Analyzer::Weird(const char* name, Packet* packet, const char* addl) const
|
||||
{
|
||||
sessions->Weird(name, packet, addl, GetAnalyzerName());
|
||||
}
|
||||
|
||||
} // namespace zeek::packet_analysis
|
||||
|
|
|
|||
|
|
@ -148,6 +148,18 @@ protected:
|
|||
*/
|
||||
bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
|
||||
|
||||
/**
|
||||
* Reports a Weird with the analyzer's name included in the addl field.
|
||||
*
|
||||
* @param name The name of the weird.
|
||||
* @param packet An optional pointer to a packet to be used for additional
|
||||
* information in the weird output.
|
||||
* @param addl An optional string containing additional information about
|
||||
* the weird. If this is passed, the analyzer's name will be prepended to
|
||||
* it before output.
|
||||
*/
|
||||
void Weird(const char* name, Packet* packet=nullptr, const char* addl="") const;
|
||||
|
||||
private:
|
||||
Tag tag;
|
||||
Dispatcher dispatcher;
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// Check whether the header is complete.
|
||||
if ( sizeof(struct arp_pkthdr) > len )
|
||||
{
|
||||
packet->Weird("truncated_ARP");
|
||||
Weird("truncated_ARP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
size_t min_length = (ar_tpa(ah) - (char*) data) + ah->ar_pln;
|
||||
if ( min_length > len )
|
||||
{
|
||||
packet->Weird("truncated_ARP");
|
||||
Weird("truncated_ARP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
// to pull bytes out of it.
|
||||
if ( 16 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ethernet_frame");
|
||||
Weird("truncated_ethernet_frame", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -36,7 +36,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
|
||||
if ( cfplen + 14 >= len )
|
||||
{
|
||||
packet->Weird("truncated_link_header_cfp");
|
||||
Weird("truncated_link_header_cfp", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -60,7 +60,7 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
{
|
||||
if ( 16 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ethernet_frame");
|
||||
Weird("truncated_ethernet_frame", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -86,6 +86,6 @@ bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
}
|
||||
|
||||
// Undefined (1500 < EtherType < 1536)
|
||||
packet->Weird("undefined_ether_type");
|
||||
Weird("undefined_ether_type", packet);
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool FDDIAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
|
||||
if ( hdr_size >= len )
|
||||
{
|
||||
packet->Weird("FDDI_analyzer_failed");
|
||||
Weird("FDDI_analyzer_failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,13 +51,13 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ! BifConst::Tunnel::enable_gre )
|
||||
{
|
||||
sessions->Weird("GRE_tunnel", packet);
|
||||
Weird("GRE_tunnel", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( len < gre_header_len() )
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -75,7 +75,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( gre_version != 0 && gre_version != 1 )
|
||||
{
|
||||
sessions->Weird("unknown_gre_version", packet, util::fmt("%d", gre_version));
|
||||
Weird("unknown_gre_version", packet, util::fmt("version=%d", gre_version));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -92,7 +92,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -109,7 +109,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -132,7 +132,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
erspan_len += 8;
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -141,7 +141,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -152,7 +152,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( proto_typ != 0x880b )
|
||||
{
|
||||
// Enhanced GRE payload must be PPP.
|
||||
sessions->Weird("egre_protocol_type", packet, util::fmt("%d", proto_typ));
|
||||
Weird("egre_protocol_type", packet, util::fmt("proto=%d", proto_typ));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -162,20 +162,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// RFC 2784 deprecates the variable length routing field
|
||||
// specified by RFC 1701. It could be parsed here, but easiest
|
||||
// to just skip for now.
|
||||
sessions->Weird("gre_routing", packet);
|
||||
Weird("gre_routing", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( flags_ver & 0x0078 )
|
||||
{
|
||||
// Expect last 4 bits of flags are reserved, undefined.
|
||||
sessions->Weird("unknown_gre_flags", packet);
|
||||
Weird("unknown_gre_flags", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( len < gre_len + ppp_len + eth_len + erspan_len )
|
||||
{
|
||||
sessions->Weird("truncated_GRE", packet);
|
||||
Weird("truncated_GRE", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -185,7 +185,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
|
||||
{
|
||||
sessions->Weird("non_ip_packet_in_encap", packet);
|
||||
Weird("non_ip_packet_in_encap", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -82,7 +82,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
|
|||
len_80211 += 8;
|
||||
if ( len_80211 >= len )
|
||||
{
|
||||
packet->Weird("truncated_802_11_header");
|
||||
Weird("truncated_802_11_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
|||
{
|
||||
if ( 3 >= len )
|
||||
{
|
||||
packet->Weird("truncated_radiotap_header");
|
||||
Weird("truncated_radiotap_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ bool IEEE802_11_RadioAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Pa
|
|||
|
||||
if ( rtheader_len >= len )
|
||||
{
|
||||
packet->Weird("truncated_radiotap_header");
|
||||
Weird("truncated_radiotap_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
// check ipv4 here. We'll check ipv6 later once we determine we have an ipv6 header.
|
||||
if ( len < sizeof(struct ip) )
|
||||
{
|
||||
sessions->Weird("truncated_IP", packet);
|
||||
Weird("truncated_IP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -56,7 +56,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( len < sizeof(struct ip6_hdr) )
|
||||
{
|
||||
sessions->Weird("truncated_IP", packet);
|
||||
Weird("truncated_IP", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
}
|
||||
else
|
||||
{
|
||||
sessions->Weird("unknown_ip_version", packet);
|
||||
Weird("unknown_ip_version", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -76,7 +76,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( total_len == 0 )
|
||||
{
|
||||
// TCP segmentation offloading can zero out the ip_len field.
|
||||
sessions->Weird("ip_hdr_len_zero", packet);
|
||||
Weird("ip_hdr_len_zero", packet);
|
||||
|
||||
// Cope with the zero'd out ip_len field by using the caplen.
|
||||
total_len = packet->cap_len - hdr_size;
|
||||
|
|
@ -84,7 +84,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( packet->len < total_len + hdr_size )
|
||||
{
|
||||
sessions->Weird("truncated_IPv6", packet);
|
||||
Weird("truncated_IPv6", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -93,13 +93,13 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
uint16_t ip_hdr_len = packet->ip_hdr->HdrLen();
|
||||
if ( ip_hdr_len > total_len )
|
||||
{
|
||||
sessions->Weird("invalid_IP_header_size", packet);
|
||||
Weird("invalid_IP_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ip_hdr_len > len )
|
||||
{
|
||||
sessions->Weird("internally_truncated_header", packet);
|
||||
Weird("internally_truncated_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -107,7 +107,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( ip_hdr_len < sizeof(struct ip) )
|
||||
{
|
||||
sessions->Weird("IPv4_min_header_size", packet);
|
||||
Weird("IPv4_min_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -115,7 +115,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
{
|
||||
if ( ip_hdr_len < sizeof(struct ip6_hdr) )
|
||||
{
|
||||
sessions->Weird("IPv6_min_header_size", packet);
|
||||
Weird("IPv6_min_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -129,7 +129,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
! zeek::id::find_val<TableVal>("ignore_checksums_nets")->Contains(packet->ip_hdr->IPHeaderSrcAddr()) &&
|
||||
detail::in_cksum(reinterpret_cast<const uint8_t*>(ip4), ip_hdr_len) != 0xffff )
|
||||
{
|
||||
sessions->Weird("bad_IP_checksum", packet);
|
||||
Weird("bad_IP_checksum", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -144,7 +144,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( len < total_len )
|
||||
{
|
||||
sessions->Weird("incompletely_captured_fragment", packet);
|
||||
Weird("incompletely_captured_fragment", packet);
|
||||
|
||||
// Don't try to reassemble, that's doomed.
|
||||
// Discard all except the first fragment (which
|
||||
|
|
@ -174,7 +174,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ip_hdr_len > total_len )
|
||||
{
|
||||
sessions->Weird("invalid_IP_header_size", packet);
|
||||
Weird("invalid_IP_header_size", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -203,7 +203,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
|
||||
if ( ! ignore_checksums && mobility_header_checksum(packet->ip_hdr) != 0xffff )
|
||||
{
|
||||
sessions->Weird("bad_MH_checksum", packet);
|
||||
Weird("bad_MH_checksum", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -211,7 +211,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
event_mgr.Enqueue(mobile_ipv6_message, packet->ip_hdr->ToPktHdrVal());
|
||||
|
||||
if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
|
||||
sessions->Weird("mobility_piggyback", packet);
|
||||
Weird("mobility_piggyback", packet);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -249,7 +249,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
|
|||
if ( ! ( packet->encap &&
|
||||
packet->encap->LastType() == BifEnum::Tunnel::TEREDO ) )
|
||||
{
|
||||
sessions->Weird("ipv6_no_next", packet);
|
||||
Weird("ipv6_no_next", packet);
|
||||
return_val = false;
|
||||
}
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -29,14 +29,14 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
|
||||
if ( ! BifConst::Tunnel::enable_ip )
|
||||
{
|
||||
sessions->Weird("IP_tunnel", packet);
|
||||
Weird("IP_tunnel", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( packet->encap &&
|
||||
packet->encap->Depth() >= BifConst::Tunnel::max_depth )
|
||||
{
|
||||
sessions->Weird("exceeded_tunnel_max_depth", packet);
|
||||
Weird("exceeded_tunnel_max_depth", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -52,11 +52,11 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
// Check for a valid inner packet first.
|
||||
int result = sessions->ParseIPPacket(len, data, proto, inner);
|
||||
if ( result == -2 )
|
||||
sessions->Weird("invalid_inner_IP_version", packet);
|
||||
Weird("invalid_inner_IP_version", packet);
|
||||
else if ( result < 0 )
|
||||
sessions->Weird("truncated_inner_IP", packet);
|
||||
Weird("truncated_inner_IP", packet);
|
||||
else if ( result > 0 )
|
||||
sessions->Weird("inner_IP_payload_length_mismatch", packet);
|
||||
Weird("inner_IP_payload_length_mismatch", packet);
|
||||
|
||||
if ( result != 0 )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ bool LinuxSLLAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
|
|||
auto len_sll_hdr = sizeof(SLLHeader);
|
||||
if ( len_sll_hdr >= len )
|
||||
{
|
||||
packet->Weird("truncated_Linux_SLL_header");
|
||||
Weird("truncated_Linux_SLL_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ bool MPLSAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_nflog_header");
|
||||
Weird("truncated_nflog_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
|
||||
if ( version != 0 )
|
||||
{
|
||||
packet->Weird("unknown_nflog_version");
|
||||
Weird("unknown_nflog_version", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("nflog_no_pcap_payload");
|
||||
Weird("nflog_no_pcap_payload", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ bool NFLogAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
|
||||
if ( tlv_len < 4 )
|
||||
{
|
||||
packet->Weird("nflog_bad_tlv_len");
|
||||
Weird("nflog_bad_tlv_len", packet);
|
||||
return false;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool NullAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("null_analyzer_failed");
|
||||
Weird("null_analyzer_failed", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool PPPSerialAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* p
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_ppp_serial_header");
|
||||
Weird("truncated_ppp_serial_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool PPPoEAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
|
|||
{
|
||||
if ( 8 >= len )
|
||||
{
|
||||
packet->Weird("truncated_pppoe_header");
|
||||
Weird("truncated_pppoe_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ bool VLANAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
|
|||
{
|
||||
if ( 4 >= len )
|
||||
{
|
||||
packet->Weird("truncated_VLAN_header");
|
||||
Weird("truncated_VLAN_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
|
||||
if ( data + cfplen + 14 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header_cfp");
|
||||
Weird("truncated_link_header_cfp", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -55,7 +55,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 4 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -73,7 +73,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 8 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -87,7 +87,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("non_ip_packet_in_pppoe_encapsulation");
|
||||
Weird("non_ip_packet_in_pppoe_encapsulation", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -111,7 +111,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("non_ip_packet_in_ethernet");
|
||||
Weird("non_ip_packet_in_ethernet", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -125,7 +125,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
{
|
||||
if ( data + 4 >= end_of_data )
|
||||
{
|
||||
packet->Weird("truncated_link_header");
|
||||
Weird("truncated_link_header", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -136,7 +136,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
// We assume that what remains is IP
|
||||
if ( data + sizeof(struct ip) >= end_of_data )
|
||||
{
|
||||
packet->Weird("no_ip_in_mpls_payload");
|
||||
Weird("no_ip_in_mpls_payload", packet);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -149,7 +149,7 @@ bool WrapperAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
|
|||
else
|
||||
{
|
||||
// Neither IPv4 nor IPv6.
|
||||
packet->Weird("no_ip_in_mpls_payload");
|
||||
Weird("no_ip_in_mpls_payload", packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue