If one of the ppp peers sends a packet with an acknowledge flag,
the ppp payload will be empty and DecodePPP will return TM_ECODE_FAILED.
To handle this case, the packet_length field in the GRE extended header (https://tools.ietf.org/html/rfc2637#section-4.1) is used.
DecodeGRE no longer tries to parse PPP payload if packet_length is zero.
uint32_t header_len = GRE_HDR_LEN;
GRESreHdr *gsre = NULL;
+ GREPPtPHd *gre_pptp_h = NULL;
StatsIncr(tv, dtv->counter_gre);
}
header_len += GRE_KEY_LEN;
+ /* key is set and proto == PPP */
+ gre_pptp_h = (GREPPtPHd *)pkt;
/* Adjust header length based on content */
case GRE_PROTO_PPP:
{
+ if (gre_pptp_h && !gre_pptp_h->payload_length)
+ return TM_ECODE_OK;
+
Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
len - header_len, DECODE_TUNNEL_PPP);
if (tp != NULL) {
} __attribute__((__packed__)) GREHdr;
+/* Enhanced GRE header - https://tools.ietf.org/html/rfc2637#section-4.1 */
+typedef struct GREPPtPHdr_ {
+ GREHdr greh; /** base GRE packet header */
+ uint16_t payload_length; /** PPP payload length */
+ uint16_t call_id; /** PPP peer id */
+} __attribute__((__packed__)) GREPPtPHd;
+
/* Generic Routing Encapsulation Source Route Entries (SREs).
* The header is followed by a variable amount of Routing Information.
*/
projects / thirdparty / suricata.git / commitdiff
