From: Victor Julien <victor@inliniac.net>
Date: Fri, 30 Mar 2012 09:26:02 +0000 (+0200)
Subject: ipv6: fix detection engine using the originals IPv6 header's nxt hdr value instead... 
X-Git-Tag: suricata-1.3beta1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92e7a7d2546ddd65ec528d1ae081b2e0779ffd3a;p=thirdparty%2Fsuricata.git

ipv6: fix detection engine using the originals IPv6 header's nxt hdr value instead of the upper layer one.
---

diff --git a/src/decode-ipv6.h b/src/decode-ipv6.h
index 98de032cfe..6f7502220d 100644
--- a/src/decode-ipv6.h
+++ b/src/decode-ipv6.h
@@ -71,6 +71,7 @@ typedef struct IPV6Hdr_
 
 #define IPV6_SET_L4PROTO(p,proto)       (p)->ip6vars.l4proto = proto
 
+
 /* ONLY call these functions after making sure that:
  * 1. p->ip6h is set
  * 2. p->ip6h is valid (len is correct)
@@ -91,6 +92,10 @@ typedef struct IPV6Hdr_
 #define IPV6_GET_L4PROTO(p) \
     ((p)->ip6vars.l4proto)
 
+/** \brief get the highest proto/next header field we know */
+#define IPV6_GET_UPPER_PROTO(p)         (p)->ip6eh.ip6_exthdrs_cnt ? \
+    (p)->ip6eh.ip6_exthdrs[(p)->ip6eh.ip6_exthdrs_cnt - 1].next : IPV6_GET_NH((p))
+
 /* helper structure with parsed ipv6 info */
 typedef struct IPV6Vars_
 {
diff --git a/src/decode.h b/src/decode.h
index 83b0a61074..e4228f04f9 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -222,7 +222,7 @@ typedef uint16_t Port;
 
 /* Retrieve proto regardless of IP version */
 #define IP_GET_IPPROTO(p) \
-    (PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_NH((p)) : 0))
+    (PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_UPPER_PROTO((p)) : 0))
 
 /* structure to store the sids/gids/etc the detection engine
  * found in this packet */