Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-1620: Add event and plugin hook to track packets not processed

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-11-04 14:59:16 -07:00
parent 8fece3d8ea
commit fe932944c4
16 changed files with 194 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
View file

@ -63,6 +63,10 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
if ( ! conn )
return false;
// If we successfuly made a connection for this packet that means it'll eventually
// get logged, which means we can mark this packet as having been processed.
pkt->processed = true;
bool is_orig = (tuple.src_addr == conn->OrigAddr()) && (tuple.src_port == conn->OrigPort());
conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel());