From 5435c7a71cc407aae83c4f785661d767382d7969 Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Tue, 11 Feb 2014 12:27:39 +0100 Subject: [PATCH] Set src and dst port to 0 for non-TCP/UDP packets The source and destination ports are used to find the right bucket in the hash. Currently they are only set when a TCP or UDP packet was detected and otherwise the old (from previous packet) value is used. This is problematic when in the future non-UDP/TCP traffic should be dumped because it will end up in different pcap files. --- pkt2flow.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkt2flow.c b/pkt2flow.c index ebe6707..27e93f3 100644 --- a/pkt2flow.c +++ b/pkt2flow.c @@ -212,19 +212,25 @@ static void process_trace(void) } // Get the src and dst ports of TCP or UDP - if (iph->ip_p == IPPROTO_TCP) { + switch (iph->ip_p) { + case IPPROTO_TCP: if (hdr.caplen < offset + sizeof(struct tcphdr)) continue; tcph = (struct tcphdr *)(pkt + offset); src_port = ntohs(tcph->th_sport); dst_port = ntohs(tcph->th_dport); - } - if (iph->ip_p == IPPROTO_UDP) { + break; + case IPPROTO_UDP: if (hdr.caplen < offset + sizeof(struct udphdr)) continue; udph = (struct udphdr *)(pkt + offset); src_port = ntohs(udph->uh_sport); dst_port = ntohs(udph->uh_dport); + break; + default: + src_port = 0; + dst_port = 0; + break; } // Search for the ip_pair of specific four-tuple