From: Victor Julien <victor@inliniac.net>
Date: Fri, 25 May 2012 08:21:39 +0000 (+0200)
Subject: Make sure all fake packets have datalink type DLT_RAW. Make sure stream end packets... 
X-Git-Tag: suricata-1.3beta2~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48da3bb48bb8a93eb45e5593ccc8f3b8abd17189;p=thirdparty%2Fsuricata.git

Make sure all fake packets have datalink type DLT_RAW. Make sure stream end packets set pkt size.
---

diff --git a/src/decode.c b/src/decode.c
index 342dd4b7bb..4bdd287587 100644
--- a/src/decode.c
+++ b/src/decode.c
@@ -214,6 +214,7 @@ Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
     p->recursion_level = parent->recursion_level + 1;
     p->ts.tv_sec = parent->ts.tv_sec;
     p->ts.tv_usec = parent->ts.tv_usec;
+    p->datalink = DLT_RAW;
 
     /* set tunnel flags */
 
@@ -266,6 +267,7 @@ Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
     p->recursion_level = parent->recursion_level; /* NOT incremented */
     p->ts.tv_sec = parent->ts.tv_sec;
     p->ts.tv_usec = parent->ts.tv_usec;
+    p->datalink = DLT_RAW;
 
     /* set tunnel flags */
 
diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index 669d52228a..170eebb50b 100644
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -88,6 +88,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
                                                            TcpSession *ssn,
                                                            int dummy)
 {
+    p->datalink = DLT_RAW;
     p->proto = IPPROTO_TCP;
     p->flow = f;
     FlowIncrUsecnt(f);
@@ -138,6 +139,8 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
         /* set the tcp header */
         p->tcph = (TCPHdr *)((uint8_t *)GET_PKT_DATA(p) + 20);
 
+        SET_PKT_LEN(p, 40); /* ipv4 hdr + tcp hdr */
+
     } else if (FLOW_IS_IPV6(f)) {
         if (direction == 0) {
             FLOW_COPY_IPV6_ADDR_TO_PACKET(&f->src, &p->src);
@@ -181,6 +184,8 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
 
         /* set the tcp header */
         p->tcph = (TCPHdr *)((uint8_t *)GET_PKT_DATA(p) + 40);
+
+        SET_PKT_LEN(p, 60); /* ipv6 hdr + tcp hdr */
     }
 
     p->tcph->th_offx2 = 0x50;
@@ -220,6 +225,10 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
     if (FLOW_IS_IPV4(f)) {
         p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs,
                                                (uint16_t *)p->tcph, 20);
+        /* calc ipv4 csum as we may log it and barnyard might reject
+         * a wrong checksum */
+        p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
+                IPV4_GET_RAW_HLEN(p->ip4h));
     } else if (FLOW_IS_IPV6(f)) {
         p->tcph->th_sum = TCPCalculateChecksum(p->ip6h->s_ip6_addrs,
                                                (uint16_t *)p->tcph, 20);