From 40b1452905c0eed4d96300ce1aaf87a08166e396 Mon Sep 17 00:00:00 2001
From: Tim Wojtulewicz <tim@corelight.com>
Date: Thu, 18 Aug 2022 10:01:49 -0700
Subject: [PATCH] Remove reporter warning for bad IP protocols

It turns out that this can be *very* spammy on networks where we're receiving
lots of these packets, and can fill up the reporter log very quickly. Weirds are
already reported in all of these cases anyways, so it doesn't make sense to log
a reporter warning too.
---
 src/packet_analysis/protocol/ip/IP.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/packet_analysis/protocol/ip/IP.cc b/src/packet_analysis/protocol/ip/IP.cc
index 067746dfa6a..75e83c80484 100644
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@@ -310,8 +310,7 @@ int zeek::packet_analysis::IP::ParsePacket(int caplen, const u_char* const pkt,
 
 	else
 		{
-		zeek::reporter->InternalWarning("Bad IP protocol version in IP::ParsePacket");
-		return -1;
+		return -2;
 		}
 
 	if ( (uint32_t)caplen != inner->TotalLen() )