Révision efa26483
Ajouté par Renato Botelho il y a presque 10 ans
etc/inc/filter_log.inc | ||
---|---|---|
174 | 174 |
$flent['urg'] = $rule_data[$field++]; |
175 | 175 |
$flent['options'] = explode(";",$rule_data[$field++]); |
176 | 176 |
} |
177 |
} else if ($flent['protoid'] == '1') { // ICMP |
|
178 |
$flent['src'] = $flent['srcip']; |
|
179 |
$flent['dst'] = $flent['dstip']; |
|
180 |
|
|
181 |
$flent['icmp_type'] = $rule_data[$field++]; |
|
182 |
|
|
183 |
switch ($flent['icmp_type']) { |
|
184 |
case "request": |
|
185 |
case "reply": |
|
186 |
$flent['icmp_id'] = $rule_data[$field++]; |
|
187 |
$flent['icmp_seq'] = $rule_data[$field++]; |
|
188 |
break; |
|
189 |
case "unreachproto": |
|
190 |
$flent['icmp_dstip'] = $rule_data[$field++]; |
|
191 |
$flent['icmp_protoid'] = $rule_data[$field++]; |
|
192 |
break; |
|
193 |
case "unreachport": |
|
194 |
$flent['icmp_dstip'] = $rule_data[$field++]; |
|
195 |
$flent['icmp_protoid'] = $rule_data[$field++]; |
|
196 |
$flent['icmp_port'] = $rule_data[$field++]; |
|
197 |
break; |
|
198 |
case "unreach": |
|
199 |
case "timexceed": |
|
200 |
case "paramprob": |
|
201 |
case "redirect": |
|
202 |
case "maskreply": |
|
203 |
$flent['icmp_descr'] = $rule_data[$field++]; |
|
204 |
break; |
|
205 |
case "needfrag": |
|
206 |
$flent['icmp_dstip'] = $rule_data[$field++]; |
|
207 |
$flent['icmp_mtu'] = $rule_data[$field++]; |
|
208 |
break; |
|
209 |
case "tstamp": |
|
210 |
$flent['icmp_id'] = $rule_data[$field++]; |
|
211 |
$flent['icmp_seq'] = $rule_data[$field++]; |
|
212 |
break; |
|
213 |
case "tstampreply": |
|
214 |
$flent['icmp_id'] = $rule_data[$field++]; |
|
215 |
$flent['icmp_seq'] = $rule_data[$field++]; |
|
216 |
$flent['icmp_otime'] = $rule_data[$field++]; |
|
217 |
$flent['icmp_rtime'] = $rule_data[$field++]; |
|
218 |
$flent['icmp_ttime'] = $rule_data[$field++]; |
|
219 |
break; |
|
220 |
default : |
|
221 |
$flent['icmp_descr'] = $rule_data[$field++]; |
|
222 |
break; |
|
223 |
} |
|
224 |
|
|
177 | 225 |
} else if ($flent['protoid'] == '112') { // CARP |
178 | 226 |
$flent['type'] = $rule_data[$field++]; |
179 | 227 |
$flent['ttl'] = $rule_data[$field++]; |
Formats disponibles : Unified diff
Add ICMP to filter parser, it should fix #3663