-/* Copyright (C) 2015 Open Information Security Foundation
+/* Copyright (C) 2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
*
* \author Victor Julien <victor@inliniac.net>
*
- * Decodes ERSPAN
+ * Decodes ERSPAN Types I and II
*/
#include "suricata-common.h"
#include "util-debug.h"
/**
- * \brief Function to decode ERSPAN packets
+ * \brief Functions to decode ERSPAN Type I and II packets
*/
-int DecodeERSPAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
+/**
+ * \brief ERSPAN Type I
+ */
+int DecodeERSPANTypeI(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
+ const uint8_t *pkt, uint32_t len, PacketQueue *pq)
+{
+ StatsIncr(tv, dtv->counter_erspan);
+
+ return DecodeEthernet(tv, dtv, p, pkt, len, pq);
+}
+
+/**
+ * \brief ERSPAN Type II
+ */
+int DecodeERSPANTypeII(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
{
StatsIncr(tv, dtv->counter_erspan);
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
case ETHERNET_TYPE_ERSPAN:
{
if (pq != NULL) {
+ // Determine if it's Type I or Type II based on the flags in the GRE header.
+ // Type I: 0|0|0|0|0|00000|000000000|00000
+ // Type II: 0|0|0|1|0|00000|000000000|00000
+ // Seq
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
- len - header_len, DECODE_TUNNEL_ERSPAN, pq);
+ len - header_len,
+ GRE_FLAG_ISSET_SQ(p->greh) == 0 ?
+ DECODE_TUNNEL_ERSPANI :
+ DECODE_TUNNEL_ERSPANII,
+ pq);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
PacketEnqueue(pq,tp);
return DecodeVLAN(tv, dtv, p, pkt, len, pq);
case DECODE_TUNNEL_ETHERNET:
return DecodeEthernet(tv, dtv, p, pkt, len, pq);
- case DECODE_TUNNEL_ERSPAN:
- return DecodeERSPAN(tv, dtv, p, pkt, len, pq);
+ case DECODE_TUNNEL_ERSPANII:
+ return DecodeERSPANTypeII(tv, dtv, p, pkt, len, pq);
+ case DECODE_TUNNEL_ERSPANI:
+ return DecodeERSPANTypeI(tv, dtv, p, pkt, len, pq);
default:
SCLogDebug("FIXME: DecodeTunnel: protocol %" PRIu32 " not supported.", proto);
break;
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
enum DecodeTunnelProto {
DECODE_TUNNEL_ETHERNET,
- DECODE_TUNNEL_ERSPAN,
+ DECODE_TUNNEL_ERSPANII,
+ DECODE_TUNNEL_ERSPANI,
DECODE_TUNNEL_VLAN,
DECODE_TUNNEL_IPV4,
DECODE_TUNNEL_IPV6,
int DecodeVXLAN(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
int DecodeMPLS(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
int DecodeERSPAN(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
+int DecodeERSPANTypeII(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
+int DecodeERSPANTypeI(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
int DecodeTEMPLATE(ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *);
#ifdef UNITTESTS
projects / thirdparty / suricata.git / commitdiff
