D4
/
analyzer-d4-pibs
mirror of https://github.com/D4-project/analyzer-d4-pibs
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [pibs] added option to bypass synseen logic

master
Gerard Wagener 2020-02-19 17:18:06 +01:00
parent 347d6e4d71
commit 38036c3f47
1 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/synseen.c
View File

@ -145,6 +145,7 @@ void synseen_process_frame(pibs_t *pibs, wtap *wth, uint8_t* eth,
uint32_t ip;
struct pcap_pkthdr pchdr;
memcpy(&ip, &ipv4->ip_src, 4);
if (!pibs->bypass) {
// Record only source ips where syn flag is set
// TODO check other connection establishment alternatives
if (tcp->th_flags == 2 ){
@ -175,6 +176,7 @@ void synseen_process_frame(pibs_t *pibs, wtap *wth, uint8_t* eth,
pchdr.len = wth->rec.rec_header.packet_header.len;
pcap_dump((u_char*)pibs->dumper, &pchdr, eth);
}
}
if (pibs->synseen_callback) {
synseen_callback = pibs->synseen_callback;
synseen_callback(pibs, wth, eth, ipv4, tcp);