From: Eric Leblond <eric@regit.org>
Date: Fri, 7 Feb 2014 10:13:38 +0000 (+0100)
Subject: af-packet: no VLAN id from msg header for old kernel
X-Git-Tag: suricata-2.0rc1~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F833%2Fhead;p=thirdparty%2Fsuricata.git

af-packet: no VLAN id from msg header for old kernel

This patch uses the new function SCKernelVersionIsAtLeast to know
that we've got a old kernel that do not strip the VLAN header from
the message before sending it to userspace.
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 5f31b42987..2f3ba822a7 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -51,6 +51,7 @@
 #include "util-optimize.h"
 #include "util-checksum.h"
 #include "util-ioctl.h"
+#include "util-host-info.h"
 #include "tmqh-packetpool.h"
 #include "source-af-packet.h"
 #include "runmodes.h"
@@ -1615,6 +1616,13 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) {
         ptv->vlan_disabled = 1;
     }
 
+    /* If kernel is older than 3.0, VLAN is not stripped so we don't
+     * get the info from packet extended header but we will use a standard
+     * parsing of packet data (See Linux commit bcc6d47903612c3861201cc3a866fb604f26b8b2) */
+    if (! SCKernelVersionIsAtLeast(3, 0)) {
+        ptv->vlan_disabled = 1;
+    }
+
     SCReturnInt(TM_ECODE_OK);
 }