decode/ipv4: fix ts opt flags decoding

author Victor Julien <victor@inliniac.net>

Wed, 18 Sep 2019 11:26:23 +0000 (13:26 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 23 Sep 2019 13:42:13 +0000 (15:42 +0200)
author Victor Julien <victor@inliniac.net>
Wed, 18 Sep 2019 11:26:23 +0000 (13:26 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 23 Sep 2019 13:42:13 +0000 (15:42 +0200)
diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c

index 8a0bee951cca2091eae1743cfd4224d150e7dc15..0832b9de5672e1ff16d9180cf49802ab31f5a3e5 100644 (file)
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
@@ -159,7 +159,7 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o)
          ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
          return -1;
      }
-    flag = *(o->data + 3) & 0x00ff;
+    flag = *(o->data + 1) & 0x0f;
  
      /* A flag of 1|3 means we have both the ip+ts in each record */
      rec_size = ((flag == 1) || (flag == 3)) ? 8 : 4;
author	Victor Julien <victor@inliniac.net>
	Wed, 18 Sep 2019 11:26:23 +0000 (13:26 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 23 Sep 2019 13:42:13 +0000 (15:42 +0200)