Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'olaldiko/master'

Browse source 
* olaldiko/master:
  Add tests for ERSPAN Type I patch
  Add ERSPAN Type I patch
This commit is contained in:
Tim Wojtulewicz 2021-03-17 10:35:59 -07:00
commit f53fb9a22e
7 changed files with 55 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/packet_analysis/protocol/gre/GRE.cc
View file

@ -99,13 +99,24 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
else if ( proto_typ == 0x88be )
{
// ERSPAN type II
if ( len > gre_len + 14 + 8 )
if ( len > gre_len + 14 )
{
erspan_len = 8;
// ERSPAN type I
erspan_len = 0;
eth_len = 14;
gre_link_type = DLT_EN10MB;
proto_typ = ntohs(*((uint16_t*)(data + gre_len + erspan_len + eth_len - 2)));
bool have_sequence_header = ((flags_ver & 0x1000) == 0x1000);
if ( have_sequence_header )
{
// ERSPAN type II
erspan_len += 8;
if ( len < gre_len + eth_len + erspan_len )
{
Weird("truncated_GRE", packet);
return false;
}
}
proto_typ = ntohs(*((uint16_t *) (data + gre_len + erspan_len + eth_len - 2)));
}
else
{