Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add ERSPAN Type I patch

Browse source 
Co-authored-by: Markel Elorza Alvarez <melorzaalvarez@gmail.com>
Co-authored-by: Ivan Arrizabalaga Cupido <ivanarrcup@gmail.com>
This commit is contained in:
Gorka Olalde Mendia 2021-03-17 11:43:53 +01:00
parent c9c0fea8d0
commit fcc866567c
1 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/packet_analysis/protocol/gre/GRE.cc
View file

@ -99,13 +99,24 @@ bool GREAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
else if ( proto_typ == 0x88be )
{
// ERSPAN type II
if ( len > gre_len + 14 + 8 )
if ( len > gre_len + 14 )
{
erspan_len = 8;
// ERSPAN type I
erspan_len = 0;
eth_len = 14;
gre_link_type = DLT_EN10MB;
proto_typ = ntohs(*((uint16_t*)(data + gre_len + erspan_len + eth_len - 2)));
bool have_sequence_header = ( flags_ver & 0x1000 );
if( have_sequence_header )
{
// ERSPAN type II
erspan_len += 8;
if ( len < gre_len + eth_len + erspan_len )
{
Weird("truncated_GRE", packet);
return false;
}
}
proto_typ = ntohs(*((uint16_t *) (data + gre_len + erspan_len + eth_len - 2)));
}
else
{