From f67aa5deaab6c2496520754c92a529402f42b645 Mon Sep 17 00:00:00 2001
From: fooinha <fooinha@gmail.com>
Date: Fri, 1 Jun 2018 12:45:10 +0100
Subject: [PATCH] packet: gre over ip link type

---
 src/decode.h                  | 19 ++++++++++---------
 src/source-af-packet.c        |  1 +
 src/source-pcap-file-helper.c |  1 +
 src/source-pcap.c             |  1 +
 4 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/decode.h b/src/decode.h
index 3fc8adfb83..abe92f87bb 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -1068,17 +1068,18 @@ void DecodeGlobalConfig(void);
 
 /** libpcap shows us the way to linktype codes
  * \todo we need more & maybe put them in a separate file? */
-#define LINKTYPE_NULL       DLT_NULL
-#define LINKTYPE_ETHERNET   DLT_EN10MB
-#define LINKTYPE_LINUX_SLL  113
-#define LINKTYPE_PPP        9
-#define LINKTYPE_RAW        DLT_RAW
+#define LINKTYPE_NULL        DLT_NULL
+#define LINKTYPE_ETHERNET    DLT_EN10MB
+#define LINKTYPE_LINUX_SLL   113
+#define LINKTYPE_PPP         9
+#define LINKTYPE_RAW         DLT_RAW
 /* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't.
  * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */
-#define LINKTYPE_RAW2       101
-#define LINKTYPE_IPV4       228
-#define PPP_OVER_GRE        11
-#define VLAN_OVER_GRE       13
+#define LINKTYPE_RAW2        101
+#define LINKTYPE_IPV4        228
+#define LINKTYPE_GRE_OVER_IP 778
+#define PPP_OVER_GRE         11
+#define VLAN_OVER_GRE        13
 
 /*Packet Flags*/
 #define PKT_NOPACKET_INSPECTION         (1)         /**< Flag to indicate that packet header or contents should not be inspected*/
diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 489d6955f4..c9f56049d1 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2729,6 +2729,7 @@ TmEcode DecodeAFP(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
             DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_RAW:
+        case LINKTYPE_GRE_OVER_IP:
             DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_NULL:
diff --git a/src/source-pcap-file-helper.c b/src/source-pcap-file-helper.c
index 3e621ae7e5..a8c8f67788 100644
--- a/src/source-pcap-file-helper.c
+++ b/src/source-pcap-file-helper.c
@@ -212,6 +212,7 @@ TmEcode ValidateLinkType(int datalink, Decoder *decoder)
         case LINKTYPE_IPV4:
         case LINKTYPE_RAW:
         case LINKTYPE_RAW2:
+        case LINKTYPE_GRE_OVER_IP:
             *decoder = DecodeRaw;
             break;
         case LINKTYPE_NULL:
diff --git a/src/source-pcap.c b/src/source-pcap.c
index ba84988879..3e488f73cf 100644
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -563,6 +563,7 @@ TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
             DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_RAW:
+        case LINKTYPE_GRE_OVER_IP:
             DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_NULL: