aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup

Browse Source 
This patch replaces PacketPseudoPktSetup by a better named
PacketTunnelPktSetup function which is also in charge of doing
the decoding of the tunneled packet.
This allow to clean the code. But it also fixes an issue.
Previously, if the DecodeTunnel function was failling (cause of
an invalid packet mainly), the result was that the original packet
to be considered as a tunnel packet (and not inspected by payload
detection).
pull/666/head
Eric Leblond 12 years ago
parent d4b7ecfbe3
commit c611b258a5
6 changed files with 44 additions and 88 deletions
Show Stats Download Patch File Download Diff File

46
src/decode-gre.c
Unescape Escape View File

@ -39,8 +39,6 @@
#include "util-unittest.h"
#include "util-debug.h"
#include "tmqh-packetpool.h"
/**
* \brief Function to decode GRE packets
*/
@ -200,16 +198,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
case ETHERNET_TYPE_IP:
{
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IP);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
len - header_len, IPPROTO_IP, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IP) == TM_ECODE_OK) {
PacketEnqueue(pq,tp);
} else {
TmqhOutputPacketpool(tv, tp);
}
PacketEnqueue(pq,tp);
}
}
break;
@ -218,16 +211,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
case GRE_PROTO_PPP:
{
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, PPP_OVER_GRE);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
len - header_len, PPP_OVER_GRE, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, PPP_OVER_GRE) == TM_ECODE_OK) {
PacketEnqueue(pq,tp);
} else {
TmqhOutputPacketpool(tv, tp);
}
PacketEnqueue(pq,tp);
}
}
break;
@ -236,16 +224,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
case ETHERNET_TYPE_IPV6:
{
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IPV6);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
len - header_len, IPPROTO_IPV6, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IPV6) == TM_ECODE_OK) {
PacketEnqueue(pq,tp);
} else {
TmqhOutputPacketpool(tv, tp);
}
PacketEnqueue(pq,tp);
}
}
break;
@ -254,16 +237,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
case ETHERNET_TYPE_VLAN:
{
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, VLAN_OVER_GRE);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
len - header_len, VLAN_OVER_GRE, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, VLAN_OVER_GRE) == TM_ECODE_OK) {
PacketEnqueue(pq,tp);
} else {
TmqhOutputPacketpool(tv, tp);
}
PacketEnqueue(pq,tp);
}
}
break;

15
src/decode-ipv4.c
Unescape Escape View File

@ -587,21 +587,12 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
{
if (pq != NULL) {
/* spawn off tunnel packet */
Packet *tp = PacketPseudoPktSetup(p, pkt + IPV4_GET_HLEN(p),
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p),
IPV4_GET_IPPROTO(p));
IPV4_GET_IPPROTO(p), pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV4);
/* send that to the Tunnel decoder */
ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPV4_GET_IPPROTO(p));
if (unlikely(ret != TM_ECODE_OK)) {
TmqhOutputPacketpool(tv, tp);
} else {
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
}
PacketEnqueue(pq,tp);
}
}
break;

29
src/decode-ipv6.c
Unescape Escape View File

@ -62,20 +62,12 @@ static void DecodeIPv4inIPv6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
}
if (IP_GET_RAW_VER(pkt) == 4) {
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IP);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt, plen, IPPROTO_IP, pq);
if (tp != NULL) {
int ret;
PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6);
ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IP);
if (unlikely(ret != TM_ECODE_OK)) {
TmqhOutputPacketpool(tv, tp);
} else {
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_ipv4inipv6, tv->sc_perf_pca);
}
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_ipv4inipv6, tv->sc_perf_pca);
return;
}
}
@ -98,16 +90,11 @@ static int DecodeIP6inIP6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
}
if (IP_GET_RAW_VER(pkt) == 6) {
if (unlikely(pq != NULL)) {
Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IPV6);
if (unlikely(tp != NULL)) {
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt, plen, IPPROTO_IPV6, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6);
if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IPV6) == TM_ECODE_OK) {
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_ipv6inipv6, tv->sc_perf_pca);
} else {
TmqhOutputPacketpool(tv, tp);
}
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_ipv6inipv6, tv->sc_perf_pca);
}
}
} else {

23
src/decode-teredo.c
Unescape Escape View File

@ -37,8 +37,6 @@
#include "decode-ipv6.h"
#include "util-debug.h"
#include "tmqh-packetpool.h"
#define TEREDO_ORIG_INDICATION_LENGTH 8
/**
@ -50,7 +48,6 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
{
uint8_t *start = pkt;
int ret;
/* Is this packet to short to contain an IPv6 packet ? */
if (len < IPV6_HEADER_LEN)
@ -93,22 +90,14 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
if (pq != NULL) {
int blen = len - (start - pkt);
/* spawn off tunnel packet */
Packet *tp = PacketPseudoPktSetup(p, start, blen,
IPPROTO_IPV6);
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, start, blen,
IPPROTO_IPV6, pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_TEREDO);
/* send that to the Tunnel decoder */
ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp),
pq, IPPROTO_IPV6);
if (unlikely(ret != TM_ECODE_OK)) {
TmqhOutputPacketpool(tv, tp);
return TM_ECODE_FAILED;
} else {
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca);
return TM_ECODE_OK;
}
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca);
return TM_ECODE_OK;
}
}
}

16
src/decode.c
Unescape Escape View File

@ -216,8 +216,11 @@ inline int PacketCopyData(Packet *p, uint8_t *pktdata, int pktlen)
*
* \retval p the pseudo packet or NULL if out of memory
*/
Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto)
Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent,
uint8_t *pkt, uint16_t len, uint8_t proto, PacketQueue *pq)
{
int ret;
SCEnter();
/* get us a packet */
@ -239,10 +242,17 @@ Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
p->ts.tv_usec = parent->ts.tv_usec;
p->datalink = DLT_RAW;
/* set tunnel flags */
/* tell new packet it's part of a tunnel */
SET_TUNNEL_PKT(p);
ret = DecodeTunnel(tv, dtv, p, GET_PKT_DATA(p),
GET_PKT_LEN(p), pq, proto);
if (unlikely(ret != TM_ECODE_OK)) {
TmqhOutputPacketpool(tv, p);
SCReturnPtr(NULL, "Packet");
}
/* tell parent packet it's part of a tunnel */
SET_TUNNEL_PKT(parent);

3
src/decode.h
Unescape Escape View File

@ -812,7 +812,8 @@ typedef struct DecodeThreadVars_
void DecodeRegisterPerfCounters(DecodeThreadVars *, ThreadVars *);
Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto);
Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent,
uint8_t *pkt, uint16_t len, uint8_t proto, PacketQueue *pq);
Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto);
Packet *PacketGetFromQueueOrAlloc(void);
Packet *PacketGetFromAlloc(void);

Write Preview
Loading…
Cancel
Save