]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 23850be)
decode/erspan: ERSPAN TypeI configurable 4797/head
authorJeff Lucovsky <jeff@lucovsky.org>
Tue, 3 Mar 2020 13:50:37 +0000 (08:50 -0500)
committerShivani Bhardwaj <shivanib134@gmail.com>
Thu, 9 Apr 2020 15:47:23 +0000 (21:17 +0530)
For the backport, ERSPAN TypeI decode is

1. Disabled by default
2. Configurable: `decoder.erspan_typeI.enabled`

(cherry picked from commit ae6beedd13df60b129de702eabc0a7364fd973d5)
(cherry picked from commit 33b56b31b50a96e5022ca86ba1b7185efb832355)

src/decode-erspan.c patch | blob | blame | history
src/decode-erspan.h patch | blob | blame | history
src/decode.c patch | blob | blame | history
suricata.yaml.in patch | blob | blame | history

diff --git a/src/decode-erspan.c b/src/decode-erspan.c
index fb7cb69dadbd8fcccab6b1473714dc6c9e456877..1f5a88d94bb8a98fbcb9ad75a9ce209d586c04dd 100644 (file)
--- a/src/decode-erspan.c
+++ b/src/decode-erspan.c
@@ -43,12 +43,26 @@
  * \brief Functions to decode ERSPAN Type I and II packets
  */
 
+bool g_erspan_typeI_enabled = false;
+
+void DecodeERSPANConfig(void)
+{
+    int enabled = 0;
+    if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) {
+        g_erspan_typeI_enabled = (enabled == 1);
+    }
+    SCLogDebug("ERSPAN Type I decode support %s", g_erspan_typeI_enabled ? "enabled" : "disabled");
+}
+
 /**
  * \brief ERSPAN Type I
  */
 int DecodeERSPANTypeI(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                       uint8_t *pkt, uint32_t len, PacketQueue *pq)
 {
+    if (unlikely(!g_erspan_typeI_enabled))
+        return TM_ECODE_FAILED;
+
     StatsIncr(tv, dtv->counter_erspan);
 
     return DecodeEthernet(tv, dtv, p, pkt, len, pq);
diff --git a/src/decode-erspan.h b/src/decode-erspan.h
index 2f81d1e4a384f8a7ca3c3d5338e2568b25809315..5b4af04ea89ae8e5f32cbddaf36e501dd98b1e72 100644 (file)
--- a/src/decode-erspan.h
+++ b/src/decode-erspan.h
@@ -34,4 +34,5 @@ typedef struct ErspanHdr_ {
     uint32_t padding;
 } __attribute__((__packed__)) ErspanHdr;
 
+void DecodeERSPANConfig(void);
 #endif /* __DECODE_ERSPAN_H__ */
diff --git a/src/decode.c b/src/decode.c
index f897c962412b01f6edc1ff7771b7c227eb4656d7..da19c2d79b2253997566f7f9906c864fc877a2d0 100644 (file)
--- a/src/decode.c
+++ b/src/decode.c
@@ -698,6 +698,7 @@ void DecodeGlobalConfig(void)
 {
     DecodeTeredoConfig();
     DecodeVXLANConfig();
+    DecodeERSPANConfig();
 }
 
 /**
diff --git a/suricata.yaml.in b/suricata.yaml.in
index e4d8d05fa6df6fab61425973cfbc7a01afb40880..2a2aec00cdd6afff6755c33dec310340bbf61dc8 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1408,6 +1408,10 @@ decoder:
   vxlan:
     enabled: false
     ports: $VXLAN_PORTS # syntax: '8472, 4789'
+  # ERSPAN Type I decode support
+  erspan:
+    typeI:
+      enabled: false
 
 
 ##
Mirror of https://github.com/OISF/suricata.git