New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eve: revert ethernet addresses when needed #9715
Conversation
EVE logging has a direction parameter that can cause the logging of an application layer to be done in a direction that is not linked to the packet. As a result the source IP addres could be assigned the MAC address of the destination IP and reverse. This patch addresses this by propagating the direction to the ethernet logging function and using it there to define the correct mapping. Issue OISF#6405
Information: QA ran without warnings. Pipeline 16356 |
case LOG_DIR_FLOW_TOSERVER: | ||
if | ||
PKT_IS_TOCLIENT(p) | ||
{ | ||
src = p->ethh->eth_dst; | ||
dst = p->ethh->eth_src; | ||
} | ||
else { | ||
src = p->ethh->eth_src; | ||
dst = p->ethh->eth_dst; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Weird formatting, but it passes the check. When I run the formatting scripts it reformats it back to something more normal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know what happened here. I used regular formatting and it was changed to that by clang.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is CI so red ?
Replaced by #10498 right ? |
Update of #9651
EVE logging has a direction parameter that can cause the logging of an application layer to be done in a direction that is not linked to the packet. As a result the source IP addres could be assigned the MAC address of the destination IP and reverse.
This patch addresses this by propagating the direction to the ethernet logging function and using it there to define the correct mapping.
Issue #6405
Make sure these boxes are signed before submitting your Pull Request -- thank you.
https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6405
Describe changes:
SV_BRANCH=OISF/suricata-verify#1449