]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 237964a)
decode/erspan: ERSPAN TypeI configurable
authorJeff Lucovsky <jeff@lucovsky.org>
Tue, 3 Mar 2020 13:50:37 +0000 (08:50 -0500)
committerJeff Lucovsky <jeff@lucovsky.org>
Sun, 22 Mar 2020 16:04:14 +0000 (12:04 -0400)
For the backport, ERSPAN TypeI decode is

1. Disabled by default
2. Configurable: `decoder.erspan_typeI.enabled`

(cherry picked from commit ae6beedd13df60b129de702eabc0a7364fd973d5)

src/decode-erspan.c patch | blob | blame | history
src/decode-erspan.h patch | blob | blame | history
src/decode.c patch | blob | blame | history
suricata.yaml.in patch | blob | blame | history

diff --git a/src/decode-erspan.c b/src/decode-erspan.c
index bd710e90b54419f62d02f40185204c866abf2926..dd2515bb0099dd572120dae894cd0f2b3988c827 100644 (file)
--- a/src/decode-erspan.c
+++ b/src/decode-erspan.c
@@ -43,12 +43,26 @@
  * \brief Functions to decode ERSPAN Type I and II packets
  */
 
+bool g_erspan_typeI_enabled = false;
+
+void DecodeERSPANConfig(void)
+{
+    int enabled = 0;
+    if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) {
+        g_erspan_typeI_enabled = (enabled == 1);
+    }
+    SCLogDebug("ERSPAN Type I decode support %s", g_erspan_typeI_enabled ? "enabled" : "disabled");
+}
+
 /**
  * \brief ERSPAN Type I
  */
 int DecodeERSPANTypeI(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                       const uint8_t *pkt, uint32_t len, PacketQueue *pq)
 {
+    if (unlikely(!g_erspan_typeI_enabled))
+        return TM_ECODE_FAILED;
+
     StatsIncr(tv, dtv->counter_erspan);
 
     return DecodeEthernet(tv, dtv, p, pkt, len, pq);
diff --git a/src/decode-erspan.h b/src/decode-erspan.h
index 2f81d1e4a384f8a7ca3c3d5338e2568b25809315..5b4af04ea89ae8e5f32cbddaf36e501dd98b1e72 100644 (file)
--- a/src/decode-erspan.h
+++ b/src/decode-erspan.h
@@ -34,4 +34,5 @@ typedef struct ErspanHdr_ {
     uint32_t padding;
 } __attribute__((__packed__)) ErspanHdr;
 
+void DecodeERSPANConfig(void);
 #endif /* __DECODE_ERSPAN_H__ */
diff --git a/src/decode.c b/src/decode.c
index 7774a057ad8a2cfa3ef00901ffd0e1d557514b78..67c5a49aa3efbd01a013e096a5fd5b4e3b8bad6d 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -732,6 +732,7 @@ void DecodeGlobalConfig(void)
 {
     DecodeTeredoConfig();
     DecodeVXLANConfig();
+    DecodeERSPANConfig();
 }
 
 /**
diff --git a/suricata.yaml.in b/suricata.yaml.in
index aacad7411d7908f66689dcc10e36b24b2ad5229f..96b9b0b0d3282b355e6b8dc5aeb6629e5a41c709 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1338,6 +1338,10 @@ decoder:
   vxlan:
     enabled: true
     ports: $VXLAN_PORTS # syntax: '8472, 4789'
+  # ERSPAN Type I decode support
+  erspan:
+    typeI:
+      enabled: false
 
 
 ##
Mirror of https://github.com/OISF/suricata.git