Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
15147 commits 386 branches 195 tags 257 MiB
Commit graph

17 commits

Author SHA1 Message Date
Johanna Amann
483f7a0322 Merge remote-tracking branch 'origin/topic/johanna/tcp-padding' 
* origin/topic/johanna/tcp-padding:
  Do not forward padding to downstream TCP packet analyzer

(cherry picked from commit 81ce83590d)
 2023-08-08 13:36:16 -07:00
Arne Welzel
6941e44aba packet_analysis/TCP: Do not use untrusted len for DeliverPacket() 
We should not be passing the untrusted TCP header length into
DeliverPacket(). Also, DeliverPacket() cap len parameter should
be the capture length of the packet, not remaining data.
 2023-05-24 16:41:52 +02:00
Jan Grashoefer
fb2042ca76 Consider cap len when forwarding into packet analysis. 
When forwarding into packet analysis from TCP or UDP, the protocol's
length fields were trusted. This might be dangerous in case of truncated
packets.
 2023-03-30 15:47:01 +02:00
Tim Wojtulewicz
1b5741d905 GH-2183: Rework Packet checksummed variable naming 2022-06-27 11:07:31 -07:00
Tim Wojtulewicz
f93c5a6942 Store some additional information in the packet during processing 
- Session related to the packet
- is_orig information if a UDP header was found
 2021-11-23 19:36:49 -07:00
Tim Wojtulewicz
ed798c6aba Change Packet::ip_hdr to be a shared_ptr so it can be copied into EncapsulatingConn 2021-11-23 19:36:49 -07:00
Johanna Amann
e14b695497 Accept packets that use tcp segment offloading. 
When checksum offloading is enabled, we now forward packets that
have 0 header lengths set - and assume that they have TSO enabled.

If checksum offloading is not enabled, we drop the packets.

Addresses GH-1829
 2021-10-28 17:12:54 +02:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Johanna Amann
8192ad581d Do not lookup ignore_checksums_nets for every packet 
This could lead to a noticeable (single-percent) performance
improvement.

Most of the functionality for this is in the packet analyzers that now
cache ignore_chesksums_nets.

Based on a patch by Arne Welzel (Corelight).
 2021-08-06 10:32:53 +01:00
Tim Wojtulewicz
b6ab22e9fb Move adapter-specific code back into the adapter 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
08fb5d76ee Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
d6c74373c7 Move packet parsing code out of adapter into analyzer 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
f6e31107e1 Move old TCP analyzer into analyzer adapter in packet analysis tree 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
c56fb3e8e4 Move building session analyzer tree out of analyzer::Manager 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
7dc803f7bb Rework the packet flow through the IP-based analyzers 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00