mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
1fed0ed58d
This changes the PPPoE parser so that it doesn't forward extra bytes that might be appended after the payload. Instead, it raises a weird if the payload size doesn't match the size indicated by the header. This is in line with what other protocol parsers (like UDP) are doing. Two tests needed to be updated - with this change, the traffic in pppoe-over-qinq.pcap is now valid TLS. A new trace was introduced for the confirmation-violation-info test. Addresses GH-4602
11 lines
754 B
Text
11 lines
754 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path conn
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
|
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.1 20394 2.2.2.2 443 tcp ssl 273.626833 11352 4984 SF F F 0 ShADdtaTTtFf 44 25283 42 13001 - 6
|
|
#close XXXX-XX-XX-XX-XX-XX
|