ipv6: fix detection engine using the originals IPv6 header's nxt hdr value instead...

diff --git a/src/decode-ipv6.h b/src/decode-ipv6.h
index 98de032cfe51968a9dda214ef381cb3db4a00cf7..6f7502220dd07482819ebf2e9559740098a4013a 100644 (file)
--- a/src/decode-ipv6.h
+++ b/src/decode-ipv6.h
@@ -71,6 +71,7 @@ typedef struct IPV6Hdr_
 
 #define IPV6_SET_L4PROTO(p,proto)       (p)->ip6vars.l4proto = proto
 
+
 /* ONLY call these functions after making sure that:
  * 1. p->ip6h is set
  * 2. p->ip6h is valid (len is correct)
@@ -91,6 +92,10 @@ typedef struct IPV6Hdr_
 #define IPV6_GET_L4PROTO(p) \
     ((p)->ip6vars.l4proto)
 
+/** \brief get the highest proto/next header field we know */
+#define IPV6_GET_UPPER_PROTO(p)         (p)->ip6eh.ip6_exthdrs_cnt ? \
+    (p)->ip6eh.ip6_exthdrs[(p)->ip6eh.ip6_exthdrs_cnt - 1].next : IPV6_GET_NH((p))
+
 /* helper structure with parsed ipv6 info */
 typedef struct IPV6Vars_
 {

diff --git a/src/decode.h b/src/decode.h
index 83b0a61074a9c40ba208821636100200c8484686..e4228f04f9acdc0834bd9aa31673312879eef704 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -222,7 +222,7 @@ typedef uint16_t Port;
 
 /* Retrieve proto regardless of IP version */
 #define IP_GET_IPPROTO(p) \
-    (PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_NH((p)) : 0))
+    (PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_UPPER_PROTO((p)) : 0))
 
 /* structure to store the sids/gids/etc the detection engine
  * found in this packet */