packet: gre over ip link type

author fooinha <fooinha@gmail.com>

Fri, 1 Jun 2018 11:45:10 +0000 (12:45 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 19 Jun 2018 10:56:57 +0000 (12:56 +0200)
author fooinha <fooinha@gmail.com>
Fri, 1 Jun 2018 11:45:10 +0000 (12:45 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 19 Jun 2018 10:56:57 +0000 (12:56 +0200)
diff --git a/src/decode.h b/src/decode.h

index 3fc8adfb83473efde21139131909a654caf02cfc..abe92f87bb43cae670f37d3b0479fc1e257aa7a2 100644 (file)
--- a/src/decode.h
+++ b/src/decode.h
@@ -1068,17 +1068,18 @@ void DecodeGlobalConfig(void);
  
  /** libpcap shows us the way to linktype codes
   * \todo we need more & maybe put them in a separate file? */
-#define LINKTYPE_NULL       DLT_NULL
-#define LINKTYPE_ETHERNET   DLT_EN10MB
-#define LINKTYPE_LINUX_SLL  113
-#define LINKTYPE_PPP        9
-#define LINKTYPE_RAW        DLT_RAW
+#define LINKTYPE_NULL        DLT_NULL
+#define LINKTYPE_ETHERNET    DLT_EN10MB
+#define LINKTYPE_LINUX_SLL   113
+#define LINKTYPE_PPP         9
+#define LINKTYPE_RAW         DLT_RAW
  /* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't.
   * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */
-#define LINKTYPE_RAW2       101
-#define LINKTYPE_IPV4       228
-#define PPP_OVER_GRE        11
-#define VLAN_OVER_GRE       13
+#define LINKTYPE_RAW2        101
+#define LINKTYPE_IPV4        228
+#define LINKTYPE_GRE_OVER_IP 778
+#define PPP_OVER_GRE         11
+#define VLAN_OVER_GRE        13
  
  /*Packet Flags*/
  #define PKT_NOPACKET_INSPECTION         (1)         /**< Flag to indicate that packet header or contents should not be inspected*/
diff --git a/src/source-af-packet.c b/src/source-af-packet.c

index 489d6955f437ae5b2e882991da2ace3439098797..c9f56049d1430f1a75c175f0c970f512b0c74fac 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -2729,6 +2729,7 @@ TmEcode DecodeAFP(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
              DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
              break;
          case LINKTYPE_RAW:
+        case LINKTYPE_GRE_OVER_IP:
              DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
              break;
          case LINKTYPE_NULL:
diff --git a/src/source-pcap-file-helper.c b/src/source-pcap-file-helper.c

index 3e621ae7e5a8a44b836f07c5dfbf9cf285e0a441..a8c8f677887288d80be2c583f25e892fa50fb425 100644 (file)
--- a/src/source-pcap-file-helper.c
+++ b/src/source-pcap-file-helper.c
@@ -212,6 +212,7 @@ TmEcode ValidateLinkType(int datalink, Decoder *decoder)
          case LINKTYPE_IPV4:
          case LINKTYPE_RAW:
          case LINKTYPE_RAW2:
+        case LINKTYPE_GRE_OVER_IP:
              *decoder = DecodeRaw;
              break;
          case LINKTYPE_NULL:
diff --git a/src/source-pcap.c b/src/source-pcap.c

index ba8498887977a0ede78ed40ea0883f4bfeaafb89..3e488f73cfb737ad5f68639b272fd4f6c292052f 100644 (file)
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -563,6 +563,7 @@ TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
              DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
              break;
          case LINKTYPE_RAW:
+        case LINKTYPE_GRE_OVER_IP:
              DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
              break;
          case LINKTYPE_NULL:
author	fooinha <fooinha@gmail.com>
	Fri, 1 Jun 2018 11:45:10 +0000 (12:45 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 19 Jun 2018 10:56:57 +0000 (12:56 +0200)
src/decode.h		patch \| blob \| blame \| history
src/source-af-packet.c		patch \| blob \| blame \| history
src/source-pcap-file-helper.c		patch \| blob \| blame \| history
src/source-pcap.c		patch \| blob \| blame \| history