From: Victor Julien Date: Fri, 12 Apr 2024 13:19:45 +0000 (+0200) Subject: decode/ppp: remove ppph check in favor of flag X-Git-Tag: suricata-7.0.6~65 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f0709e0eef081af594b39f5e94f92fdb31e4649;p=thirdparty%2Fsuricata.git decode/ppp: remove ppph check in favor of flag As we now support variable size headers, we can't use the old pointer. Replace with a flag. (cherry picked from commit 6067955afd225e43fa0b54c66c5b0f7f260109ed) --- diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c index 92d0c6ecfd..c1bb9cce47 100644 --- a/src/decode-ipv4.c +++ b/src/decode-ipv4.c @@ -601,7 +601,7 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, } case IPPROTO_IP: /* check PPP VJ uncompressed packets and decode tcp dummy */ - if(p->ppph != NULL && SCNtohs(p->ppph->protocol) == PPP_VJ_UCOMP) { + if (p->flags & PKT_PPP_VJ_UCOMP) { DecodeTCP(tv, dtv, p, pkt + IPV4_GET_HLEN(p), IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p)); } diff --git a/src/decode-ppp.c b/src/decode-ppp.c index 6507bc0a6e..a05c4c3edd 100644 --- a/src/decode-ppp.c +++ b/src/decode-ppp.c @@ -75,6 +75,7 @@ static int DecodePPPCompressedProto(ThreadVars *tv, DecodeThreadVars *dtv, Packe } if (likely(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + data_offset)) == 4)) { + p->flags |= PKT_PPP_VJ_UCOMP; return DecodeIPV4(tv, dtv, p, pkt + data_offset, (uint16_t)(len - data_offset)); } else return TM_ECODE_FAILED; diff --git a/src/decode.h b/src/decode.h index 4516d3709e..ef555b5fa3 100644 --- a/src/decode.h +++ b/src/decode.h @@ -984,7 +984,8 @@ void DecodeUnregisterCounters(void); /** Flag to indicate that packet header or contents should not be inspected */ #define PKT_NOPACKET_INSPECTION BIT_U32(0) -// vacancy +/** Packet has a PPP_VJ_UCOMP header */ +#define PKT_PPP_VJ_UCOMP BIT_U32(1) /** Flag to indicate that packet contents should not be inspected */ #define PKT_NOPAYLOAD_INSPECTION BIT_U32(2)