Squashed commit of the following:
commit
680fd0e03fb815f05bcc3862d7486dcb7c88a9a8
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Nov 2 16:19:05 2018 -0400
protocols: add vlan_idx field to Packet struct and handle multiple vlan type ids. Thanks to ymansour for reporting this issue.
protocols: change int8 to unit8 for vlan_idx type.
const vlan::VlanTagHdr* get_vlan_layer(const Packet* const p)
{
- uint8_t num_layers = p->num_layers;
- const Layer* lyr = p->layers;
-
- return reinterpret_cast<const vlan::VlanTagHdr*>(
- find_inner_layer(lyr, num_layers, ProtocolId::ETHERTYPE_8021Q));
+ if ( p->proto_bits & PROTO_BIT__VLAN )
+ {
+ assert( p->vlan_idx < p->num_layers );
+ const Layer* lyr = p->layers + p->vlan_idx;
+ return reinterpret_cast<const vlan::VlanTagHdr*>(lyr->start);
+ }
+ return nullptr;
}
const eth::EtherHdr* get_eth_layer(const Packet* const p)
{ return reinterpret_cast<const icmp::ICMPHdr*>(api.ip_data()); }
} // namespace layer
} // namespace snort
-
uint32_t user_ips_policy_id;
uint32_t user_network_policy_id;
+ uint8_t vlan_idx;
+
// IP_MAXPACKET is the minimum allowable max_dsize
// there is no requirement that all data fit into an IP datagram
// but we do require that an IP datagram fit into Packet space
}
}
#endif
-
}
codec_data.codec_flags &= ~CODEC_ETHER_NEXT;
}
-
+
/*
* We only want the layer immediately following SAVE_LAYER to have the
* UNSURE_ENCAP flag set. So, if this is a SAVE_LAYER, zero out the
if ( p->num_layers == CodecManager::max_layers )
DetectionEngine::queue_event(GID_DECODE, DECODE_TOO_MANY_LAYERS);
else
+ {
push_layer(p, prev_prot_id, raw.data, codec_data.lyr_len);
+ // Cache the index of the vlan layer for quick access.
+ if ( codec_data.proto_bits == PROTO_BIT__VLAN )
+ p->vlan_idx = p->num_layers-1;
+ }
+
// internal statistics and record keeping
s_stats[mapped_prot + stat_offset]++; // add correct decode for previous layer
mapped_prot = CodecManager::s_proto_map[to_utype(codec_data.next_prot_id)];
}
}
}
-
projects / thirdparty / snort3.git / commitdiff
