From 2732faf05c4abe8983d39b7ed2ac9debd4d3c436 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Thu, 14 Feb 2013 11:11:55 +0100 Subject: [PATCH] teredo: update protocol decoding. This patch fixes an error in pointer arythmetic and add some comments to increase maintanability of the code. It also simplify the decoding code as a careful RFC reading indicate that if we discard packet containing an authentication field, it is only possible to have a single origin indication field. --- src/decode-teredo.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/decode-teredo.c b/src/decode-teredo.c index 87265349f6..fa7177cfbf 100644 --- a/src/decode-teredo.c +++ b/src/decode-teredo.c @@ -27,7 +27,9 @@ * * \author Eric Leblond * - * Decode Teredo Tunneling protocol + * Decode Teredo Tunneling protocol. + * + * This implementation is based upon RFC 4380: http://www.ietf.org/rfc/rfc4380.txt */ #include "suricata-common.h" @@ -35,6 +37,8 @@ #include "decode-ipv6.h" #include "util-debug.h" +#define TEREDO_ORIG_INDICATION_LENGTH 8 + /** * \brief Function to decode Teredo packets * @@ -50,14 +54,15 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, return 0; /* Teredo encapsulate IPv6 in UDP and can add some custom message - * part before the IPv6 packet. Here we iter on the messages to get - * on the IPv6 packet. */ - while (start[0] == 0x0) { + * part before the IPv6 packet. In our case, we just want to get + * over an ORIGIN indication. So we just make one offset if needed. */ + if (start[0] == 0x0) { switch (start[1]) { /* origin indication: compatible with tunnel */ case 0x0: - if (len >= 8 + (pkt - start) + IPV6_HEADER_LEN) - start += 8; + /* offset is coherent with len and presence of an IPv6 header */ + if (len >= TEREDO_ORIG_INDICATION_LENGTH + IPV6_HEADER_LEN) + start += TEREDO_ORIG_INDICATION_LENGTH; else return 0; break; -- 2.47.3