mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
9ae9b2aa4d
This adds a new parameter of type "icmp6_nd_options" to the ICMPv6 neighbor discovery events (icmp_redirect, icmp_router_solicitation, icmp_router_advertisement, icmp_neighbor_solicitation, icmp_neighbor_advertisement) which includes data extracted from all neighbor discovery options (RFC 4861) that are present in the ICMPv6 message.
35 lines
1.5 KiB
Text
35 lines
1.5 KiB
Text
# These tests all check that ICMP6 events get raised with correct arguments.
|
|
|
|
# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-redirect-hdr-opt.pcap %INPUT >>output 2>&1
|
|
# @TEST-EXEC: bro -b -r $TRACES/icmp/icmp6-nd-options.pcap %INPUT >>output 2>&1
|
|
|
|
# @TEST-EXEC: btest-diff output
|
|
|
|
event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options)
|
|
{
|
|
print "icmp_router_advertisement options";
|
|
for ( o in options )
|
|
{
|
|
print fmt(" %s", options[o]);
|
|
if ( options[o]$otype == 1 && options[o]?$link_address )
|
|
print fmt(" MAC: %s",
|
|
string_to_ascii_hex(options[o]$link_address));
|
|
}
|
|
}
|
|
|
|
event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options)
|
|
{
|
|
print "icmp_neighbor_advertisement options";
|
|
for ( o in options )
|
|
{
|
|
print fmt(" %s", options[o]);
|
|
if ( options[o]$otype == 2 && options[o]?$link_address ) print fmt(" MAC: %s", string_to_ascii_hex(options[o]$link_address));
|
|
}
|
|
}
|
|
|
|
event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options)
|
|
{
|
|
print "icmp_redirect options";
|
|
for ( o in options )
|
|
print fmt(" %s", options[o]);
|
|
}
|