suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	aa6b24f814	decode: clean up tunnel decode logic Don't use mix of existing and custom types to indicate the next layer.	10 years ago
Victor Julien	1c0b4ee0ae	counters: s/SCPerfCounterIncr/StatsIncr/g	10 years ago
Victor Julien	e9b067c1eb	counters: make increment call take threadvars This hides the implementation from the caller.	10 years ago
Victor Julien	9a8bff7d96	counters: threadvars s/sc_perf_pca/perf_private_ctx/g	10 years ago
Eric Leblond	c611b258a5	decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup This patch replaces PacketPseudoPktSetup by a better named PacketTunnelPktSetup function which is also in charge of doing the decoding of the tunneled packet. This allow to clean the code. But it also fixes an issue. Previously, if the DecodeTunnel function was failling (cause of an invalid packet mainly), the result was that the original packet to be considered as a tunnel packet (and not inspected by payload detection).	12 years ago
Eric Leblond	d4b7ecfbe3	decode: update API to return error In some cases, the decoding is not possible and some really invalid packet can be created. This is in particular the case of tunnel. In that case, it is more interesting to forget about the tunneled packet and only consider the original packet. DecodeTunnel function is maked as warn_unused_result because it is meaningful for the decoder to know if the underlying data were not correct. And in this case, only focus detection on the content.	12 years ago
Eric Leblond	2732faf05c	teredo: update protocol decoding. This patch fixes an error in pointer arythmetic and add some comments to increase maintanability of the code. It also simplify the decoding code as a careful RFC reading indicate that if we discard packet containing an authentication field, it is only possible to have a single origin indication field.	13 years ago
Anoop Saldanha	b33986c887	Add a packet src for every packet generated inside suricata.	13 years ago
Eric Leblond	5ffe7e21c3	decode: use pointer inside packet area as param DecodeTeredo, DecodeIPv6InIPv6 and DecodeIPv4inIPv6 were calling DecodeTunnel with packet being a pseudo packet and data being data from initial packet: DecodeTunnel(tv, dtv, tp, start, blen, pq, IPPROTO_IPV6); In decoding functions, arithmetic was done on pkt to set some values? It was resulting in field of packet pointing outside of the scope of packet data. This patch switch to what has been done in DecodeGre(), I mean: DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq, IPPROTO_IP); Data buffer is then relative to the packet and the arithmetic is correct.	13 years ago
Eric Leblond	f9046d8284	Add teredo counter.	13 years ago
Eric Leblond	6480cd1b9c	Teredo tunnel supports This patch should fix #480 by adding the support of Teredo tunnel. The IPv6 content of the tunnel will be parsed in a similar way as what is done the GRE tunnel. Signatures will then be matched on the IPv6 content.	13 years ago

11 Commits (3da79610afda76f9f32aad13c1bae202f9d803f6)