Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Store packet's ip header as unique_ptr

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-10-12 21:09:41 -07:00
parent 2000f89b12
commit ecd970ffde
13 changed files with 86 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/packet_analysis/protocol/gre/GRE.cc
View file

@ -48,11 +48,9 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
return false;
}
IP_Hdr* ip_hdr = packet->ip_hdr;
if ( ! BifConst::Tunnel::enable_gre )
{
sessions->Weird("GRE_tunnel", ip_hdr, packet->encap);
sessions->Weird("GRE_tunnel", packet->ip_hdr.get(), packet->encap);
return false;
}
@ -70,7 +68,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( gre_version != 0 && gre_version != 1 )
{
sessions->Weird("unknown_gre_version", ip_hdr, packet->encap,
sessions->Weird("unknown_gre_version", packet->ip_hdr.get(), packet->encap,
util::fmt("%d", gre_version));
return false;
}
@ -88,7 +86,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", ip_hdr, packet->encap);
sessions->Weird("truncated_GRE", packet->ip_hdr.get(), packet->encap);
return false;
}
}
@ -105,7 +103,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", ip_hdr, packet->encap);
sessions->Weird("truncated_GRE", packet->ip_hdr.get(), packet->encap);
return false;
}
}
@ -128,7 +126,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
erspan_len += 8;
else
{
sessions->Weird("truncated_GRE", ip_hdr, packet->encap);
sessions->Weird("truncated_GRE", packet->ip_hdr.get(), packet->encap);
return false;
}
}
@ -137,7 +135,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
}
else
{
sessions->Weird("truncated_GRE", ip_hdr, packet->encap);
sessions->Weird("truncated_GRE", packet->ip_hdr.get(), packet->encap);
return false;
}
}
@ -148,7 +146,7 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( proto_typ != 0x880b )
{
// Enhanced GRE payload must be PPP.
sessions->Weird("egre_protocol_type", ip_hdr, packet->encap,
sessions->Weird("egre_protocol_type", packet->ip_hdr.get(), packet->encap,
util::fmt("%d", proto_typ));
return false;
}
@ -159,20 +157,20 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
// RFC 2784 deprecates the variable length routing field
// specified by RFC 1701. It could be parsed here, but easiest
// to just skip for now.
sessions->Weird("gre_routing", ip_hdr, packet->encap);
sessions->Weird("gre_routing", packet->ip_hdr.get(), packet->encap);
return false;
}
if ( flags_ver & 0x0078 )
{
// Expect last 4 bits of flags are reserved, undefined.
sessions->Weird("unknown_gre_flags", ip_hdr, packet->encap);
sessions->Weird("unknown_gre_flags", packet->ip_hdr.get(), packet->encap);
return false;
}
if ( len < gre_len + ppp_len + eth_len + erspan_len )
{
sessions->Weird("truncated_GRE", ip_hdr, packet->encap);
sessions->Weird("truncated_GRE", packet->ip_hdr.get(), packet->encap);
return false;
}
@ -182,7 +180,8 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
if ( ppp_proto != 0x0021 && ppp_proto != 0x0057 )
{
sessions->Weird("non_ip_packet_in_encap", ip_hdr, packet->encap);
sessions->Weird("non_ip_packet_in_encap", packet->ip_hdr.get(),
packet->encap);
return false;
}