From f47f601f093b0345d6752954b4d4100674d7cf2a Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 6 Dec 2011 16:31:16 +0100 Subject: [PATCH] Fix unified2 setting the wrong eth_type. --- src/alert-unified2-alert.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index ed0735b518..136cf34116 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2011 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -19,6 +19,7 @@ * \file * * \author Breno Silva + * \author Eric Leblond * * Logs alerts in a format compatible to Snort's unified2 format, so it should * be readable by Barnyard2. @@ -689,7 +690,7 @@ int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, void *stream, len, aun->datalen - aun->offset); return -1; } - ethhdr.eth_type = htons(ETHERNET_TYPE_IPV6); + ethhdr.eth_type = htons(ETHERNET_TYPE_IP); memcpy(aun->data + aun->offset, ðhdr, 14); aun->offset += ethh_offset; @@ -701,7 +702,7 @@ int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, void *stream, aun->iphdr = (void *)(aun->data + aun->offset); aun->offset += hdr_length; aun->length += hdr_length; - } else { + } else { /* Implied IPv6 */ FakeIPv6Hdr fakehdr; uint32_t hdr_length = sizeof(FakeIPv6Hdr); @@ -716,7 +717,7 @@ int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, void *stream, len, aun->datalen - aun->offset); return -1; } - ethhdr.eth_type = htons(ETHERNET_TYPE_IP); + ethhdr.eth_type = htons(ETHERNET_TYPE_IPV6); memcpy(aun->data + aun->offset, ðhdr, 14); aun->offset += ethh_offset;