From: Michael Altizer (mialtize) Date: Mon, 22 Jun 2020 22:55:12 +0000 (+0000) Subject: Merge pull request #2246 in SNORT/snort3 from ~ZHIJLIU/snort3:nested_tunnel to master X-Git-Tag: 3.0.2-1~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=520ac42fe6ddc969b61fa8daa824c22bcf8a7adb;p=thirdparty%2Fsnort3.git Merge pull request #2246 in SNORT/snort3 from ~ZHIJLIU/snort3:nested_tunnel to master Squashed commit of the following: commit 497806c24b5e398140cf61dcff13901fd3443ffb Author: Louis Zhijun Liu Date: Sun Jun 7 21:12:17 2020 -0700 codecs: add tunnel bypass logic based on DAQ payload_offset --- diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index e70caf140..16d2a96b0 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -23,6 +23,7 @@ #include "packet_manager.h" +#include #include #include "codecs/codec_module.h" @@ -113,6 +114,18 @@ void PacketManager::pop_teredo(Packet* p, RawData& raw) raw.len += lyr_len; } +static inline bool payload_offset_from_daq_mismatch(const uint8_t* pkt, const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if ( !pdd || (pdd->payload_offset == DAQ_PKT_DECODE_OFFSET_INVALID) ) + return false; + // compare payload offset from DAQ with decoded data offset + if ( raw.data - pkt != pdd->payload_offset ) + return true; + return false; +} + //------------------------------------------------------------------------- // Initialization and setup //------------------------------------------------------------------------- @@ -307,6 +320,9 @@ void PacketManager::decode( } } + if ( payload_offset_from_daq_mismatch(pkt, raw) ) + p->active->set_tunnel_bypass(); + // set any final Packet fields p->data = raw.data; p->dsize = (uint16_t)raw.len;