From: Shanmugam S (shanms) Date: Tue, 1 Jun 2021 03:28:50 +0000 (+0000) Subject: Merge pull request #2903 in SNORT/snort3 from ~APOORAJ/snort3:gtp_prime_check to... X-Git-Tag: 3.1.6.0~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b3047e65d904bfc72fe118970646fa6482034d8;p=thirdparty%2Fsnort3.git Merge pull request #2903 in SNORT/snort3 from ~APOORAJ/snort3:gtp_prime_check to master Squashed commit of the following: commit 2e3375e0e41661091889f1aa9aa204bebd572ee2 Author: Apoorv Raj Date: Mon May 24 05:56:05 2021 -0700 gtp : check protocol type according to gtp version --- diff --git a/src/service_inspectors/gtp/gtp_parser.cc b/src/service_inspectors/gtp/gtp_parser.cc index 2502736a5..9a610a490 100644 --- a/src/service_inspectors/gtp/gtp_parser.cc +++ b/src/service_inspectors/gtp/gtp_parser.cc @@ -117,6 +117,22 @@ static void printInfoElements(GTP_IEData* info_elements, GTPMsg* msg) } #endif +static bool checkPrime(uint8_t version, uint8_t flags, int msg_type) +{ + // check hdr_flag bit 5 for protocol type + if (version < 2 && !(flags & 0x10)) + return true; + + // prime only supports 1-7, 240, 241 msg_type + // FIXIT-L for msg_type 1-3 method to identify prime as gtp also + // supports these types + if (version == 2 && ((msg_type >= 4 && msg_type <= 7) + || msg_type == 240 || msg_type == 241)) + return true; + + return false; +} + static int gtp_processInfoElements( const GTPConfig& config, GTPMsg* msg, const uint8_t* buff, uint16_t len) { @@ -424,8 +440,8 @@ int gtp_parse(const GTPConfig& config, GTPMsg* msg, const uint8_t* buff, uint16_ if (msg->version > MAX_GTP_VERSION_CODE) return false; - /*Check whether this is GTP or GTP', Exit if GTP'*/ - if (!(hdr->flag & 0x10)) + /*Check whether this is GTP or GTP' based on version, flag and msg_type. Exit if GTP'*/ + if (checkPrime(msg->version, hdr->flag, msg->msg_type)) return false; const GTP_MsgType* msgType = &config.msgv[msg->version][msg->msg_type];