Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-1184: Add 'source' field to weird log denoting where the weird was reported

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-11-05 13:18:54 -07:00
parent eccbbb4476
commit e27008ef26
72 changed files with 964 additions and 890 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/packet_analysis/protocol/gre/GRE.cc
View file

@ -51,13 +51,13 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( ! BifConst::Tunnel::enable_gre )
{
sessions->Weird("GRE_tunnel", packet);
Weird("GRE_tunnel", packet);
return false;
}
if ( len < gre_header_len() )
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
@ -75,7 +75,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( gre_version != 0 && gre_version != 1 )
{
sessions->Weird("unknown_gre_version", packet, util::fmt("%d", gre_version));
Weird("unknown_gre_version", packet, util::fmt("version=%d", gre_version));
return false;
}
@ -92,7 +92,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
}
@ -109,7 +109,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
}
@ -132,7 +132,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
erspan_len += 8;
else
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
}
@ -141,7 +141,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
}
@ -152,7 +152,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( proto_typ != 0x880b )
{
// Enhanced GRE payload must be PPP.
sessions->Weird("egre_protocol_type", packet, util::fmt("%d", proto_typ));
Weird("egre_protocol_type", packet, util::fmt("proto=%d", proto_typ));
return false;
}
}
@ -162,20 +162,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
// RFC 2784 deprecates the variable length routing field
// specified by RFC 1701. It could be parsed here, but easiest
// to just skip for now.
sessions->Weird("gre_routing", packet);
Weird("gre_routing", packet);
return false;
}
if ( flags_ver & 0x0078 )
{
// Expect last 4 bits of flags are reserved, undefined.
sessions->Weird("unknown_gre_flags", packet);
Weird("unknown_gre_flags", packet);
return false;
}
if ( len < gre_len + ppp_len + eth_len + erspan_len )
{
sessions->Weird("truncated_GRE", packet);
Weird("truncated_GRE", packet);
return false;
}
@ -185,7 +185,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
{
sessions->Weird("non_ip_packet_in_encap", packet);
Weird("non_ip_packet_in_encap", packet);
return false;
}