Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
15293 commits 388 branches 197 tags 276 MiB
Commit graph

19 commits

Author SHA1 Message Date
Tim Wojtulewicz
cd7ebdb2ed A handful of int-to-bool conversions 2023-07-07 09:17:05 -07:00
Tim Wojtulewicz
56f9110eca Add some additional checks for caplen in ICMP analyzer 2022-09-19 12:41:27 -07:00
Tim Wojtulewicz
1b5741d905 GH-2183: Rework Packet checksummed variable naming 2022-06-27 11:07:31 -07:00
Johanna Amann
94ee837398 Fix for the recent patch that allows segment offloaded packets. 
We recently added support for segment offloaded packets. It turns out
that this can lead to problems in UDP/ICMP based parsers since I missed
correctly also updating the payloadlength there, and using the capture
length instead when segment offloading is enabled.

Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41391
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41394
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41395
(Link to details becomes public 30 days after patch release)
 2021-11-30 11:55:30 -07:00
Tim Wojtulewicz
f93c5a6942 Store some additional information in the packet during processing 
- Session related to the packet
- is_orig information if a UDP header was found
 2021-11-23 19:36:49 -07:00
Tim Wojtulewicz
ed798c6aba Change Packet::ip_hdr to be a shared_ptr so it can be copied into EncapsulatingConn 2021-11-23 19:36:49 -07:00
Tim Wojtulewicz
9af6b2f48d clang-format: Set penalty for breaking after assignment operator 2021-09-27 10:49:48 -07:00
Tim Wojtulewicz
4423574d26 clang-format: Set IndentCaseBlocks to false 2021-09-27 10:49:48 -07:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Johanna Amann
8192ad581d Do not lookup ignore_checksums_nets for every packet 
This could lead to a noticeable (single-percent) performance
improvement.

Most of the functionality for this is in the packet analyzers that now
cache ignore_chesksums_nets.

Based on a patch by Arne Welzel (Corelight).
 2021-08-06 10:32:53 +01:00
Tim Wojtulewicz
5433f2936e Split session adapter code into separate files from the analyzers 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
1eed8b7f67 Move ICMP counterpart methods outside of ICMPAnalyzer class 
These were previously global methods in the old analyzer, and moving them
to be private members of ICMPAnalyzer broke the usage of them by at least
one external plugin.
 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
08fb5d76ee Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
b22ce6848f Rename IPBasedTransportAnalyzer to SessionAdapter 
This also also combines the old TransportLayerAnalyzer class into
SessionAdapter, and removes the old class. This requires naming changes
in a few places but no functionality changes.
 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
c56fb3e8e4 Move building session analyzer tree out of analyzer::Manager 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
7dc803f7bb Rework the packet flow through the IP-based analyzers 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
d8adfaef65 Add new ICMP packet analyzer, remove old one 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00