From: Eric Leblond Date: Thu, 28 Nov 2013 14:23:21 +0000 (+0100) Subject: decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup X-Git-Tag: suricata-2.0beta2~113 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c611b258a50cb2bbca4abf346d5eccc671e3a3b0;p=thirdparty%2Fsuricata.git decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup This patch replaces PacketPseudoPktSetup by a better named PacketTunnelPktSetup function which is also in charge of doing the decoding of the tunneled packet. This allow to clean the code. But it also fixes an issue. Previously, if the DecodeTunnel function was failling (cause of an invalid packet mainly), the result was that the original packet to be considered as a tunnel packet (and not inspected by payload detection). --- diff --git a/src/decode-gre.c b/src/decode-gre.c index 78b1349d7c..27df7f4a97 100644 --- a/src/decode-gre.c +++ b/src/decode-gre.c @@ -39,8 +39,6 @@ #include "util-unittest.h" #include "util-debug.h" -#include "tmqh-packetpool.h" - /** * \brief Function to decode GRE packets */ @@ -200,16 +198,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui case ETHERNET_TYPE_IP: { if (pq != NULL) { - Packet *tp = PacketPseudoPktSetup(p, pkt + header_len, - len - header_len, IPPROTO_IP); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len, + len - header_len, IPPROTO_IP, pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE); - if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, IPPROTO_IP) == TM_ECODE_OK) { - PacketEnqueue(pq,tp); - } else { - TmqhOutputPacketpool(tv, tp); - } + PacketEnqueue(pq,tp); } } break; @@ -218,16 +211,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui case GRE_PROTO_PPP: { if (pq != NULL) { - Packet *tp = PacketPseudoPktSetup(p, pkt + header_len, - len - header_len, PPP_OVER_GRE); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len, + len - header_len, PPP_OVER_GRE, pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE); - if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, PPP_OVER_GRE) == TM_ECODE_OK) { - PacketEnqueue(pq,tp); - } else { - TmqhOutputPacketpool(tv, tp); - } + PacketEnqueue(pq,tp); } } break; @@ -236,16 +224,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui case ETHERNET_TYPE_IPV6: { if (pq != NULL) { - Packet *tp = PacketPseudoPktSetup(p, pkt + header_len, - len - header_len, IPPROTO_IPV6); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len, + len - header_len, IPPROTO_IPV6, pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE); - if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, IPPROTO_IPV6) == TM_ECODE_OK) { - PacketEnqueue(pq,tp); - } else { - TmqhOutputPacketpool(tv, tp); - } + PacketEnqueue(pq,tp); } } break; @@ -254,16 +237,11 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui case ETHERNET_TYPE_VLAN: { if (pq != NULL) { - Packet *tp = PacketPseudoPktSetup(p, pkt + header_len, - len - header_len, VLAN_OVER_GRE); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len, + len - header_len, VLAN_OVER_GRE, pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE); - if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, VLAN_OVER_GRE) == TM_ECODE_OK) { - PacketEnqueue(pq,tp); - } else { - TmqhOutputPacketpool(tv, tp); - } + PacketEnqueue(pq,tp); } } break; diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c index 00b85c76b0..268286472a 100644 --- a/src/decode-ipv4.c +++ b/src/decode-ipv4.c @@ -587,21 +587,12 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u { if (pq != NULL) { /* spawn off tunnel packet */ - Packet *tp = PacketPseudoPktSetup(p, pkt + IPV4_GET_HLEN(p), + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + IPV4_GET_HLEN(p), IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), - IPV4_GET_IPPROTO(p)); + IPV4_GET_IPPROTO(p), pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV4); - /* send that to the Tunnel decoder */ - ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, IPV4_GET_IPPROTO(p)); - - if (unlikely(ret != TM_ECODE_OK)) { - TmqhOutputPacketpool(tv, tp); - } else { - /* add the tp to the packet queue. */ - PacketEnqueue(pq,tp); - } + PacketEnqueue(pq,tp); } } break; diff --git a/src/decode-ipv6.c b/src/decode-ipv6.c index 4882e66d8c..013926b6aa 100644 --- a/src/decode-ipv6.c +++ b/src/decode-ipv6.c @@ -62,20 +62,12 @@ static void DecodeIPv4inIPv6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u } if (IP_GET_RAW_VER(pkt) == 4) { if (pq != NULL) { - Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IP); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt, plen, IPPROTO_IP, pq); if (tp != NULL) { - int ret; - PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6); - ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, IPPROTO_IP); - if (unlikely(ret != TM_ECODE_OK)) { - TmqhOutputPacketpool(tv, tp); - } else { - /* add the tp to the packet queue. */ - PacketEnqueue(pq,tp); - SCPerfCounterIncr(dtv->counter_ipv4inipv6, tv->sc_perf_pca); - } + /* add the tp to the packet queue. */ + PacketEnqueue(pq,tp); + SCPerfCounterIncr(dtv->counter_ipv4inipv6, tv->sc_perf_pca); return; } } @@ -98,16 +90,11 @@ static int DecodeIP6inIP6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint } if (IP_GET_RAW_VER(pkt) == 6) { if (unlikely(pq != NULL)) { - Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IPV6); - if (unlikely(tp != NULL)) { + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt, plen, IPPROTO_IPV6, pq); + if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6); - if (DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), - GET_PKT_LEN(tp), pq, IPPROTO_IPV6) == TM_ECODE_OK) { - PacketEnqueue(pq,tp); - SCPerfCounterIncr(dtv->counter_ipv6inipv6, tv->sc_perf_pca); - } else { - TmqhOutputPacketpool(tv, tp); - } + PacketEnqueue(pq,tp); + SCPerfCounterIncr(dtv->counter_ipv6inipv6, tv->sc_perf_pca); } } } else { diff --git a/src/decode-teredo.c b/src/decode-teredo.c index 4341140ab1..bea132e3b6 100644 --- a/src/decode-teredo.c +++ b/src/decode-teredo.c @@ -37,8 +37,6 @@ #include "decode-ipv6.h" #include "util-debug.h" -#include "tmqh-packetpool.h" - #define TEREDO_ORIG_INDICATION_LENGTH 8 /** @@ -50,7 +48,6 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, { uint8_t *start = pkt; - int ret; /* Is this packet to short to contain an IPv6 packet ? */ if (len < IPV6_HEADER_LEN) @@ -93,22 +90,14 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, if (pq != NULL) { int blen = len - (start - pkt); /* spawn off tunnel packet */ - Packet *tp = PacketPseudoPktSetup(p, start, blen, - IPPROTO_IPV6); + Packet *tp = PacketTunnelPktSetup(tv, dtv, p, start, blen, + IPPROTO_IPV6, pq); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_TEREDO); - /* send that to the Tunnel decoder */ - ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), - pq, IPPROTO_IPV6); - if (unlikely(ret != TM_ECODE_OK)) { - TmqhOutputPacketpool(tv, tp); - return TM_ECODE_FAILED; - } else { - /* add the tp to the packet queue. */ - PacketEnqueue(pq,tp); - SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca); - return TM_ECODE_OK; - } + /* add the tp to the packet queue. */ + PacketEnqueue(pq,tp); + SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca); + return TM_ECODE_OK; } } } diff --git a/src/decode.c b/src/decode.c index db2171e61d..3928ed944e 100644 --- a/src/decode.c +++ b/src/decode.c @@ -216,8 +216,11 @@ inline int PacketCopyData(Packet *p, uint8_t *pktdata, int pktlen) * * \retval p the pseudo packet or NULL if out of memory */ -Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto) +Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, + uint8_t *pkt, uint16_t len, uint8_t proto, PacketQueue *pq) { + int ret; + SCEnter(); /* get us a packet */ @@ -239,10 +242,17 @@ Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t p->ts.tv_usec = parent->ts.tv_usec; p->datalink = DLT_RAW; - /* set tunnel flags */ - /* tell new packet it's part of a tunnel */ SET_TUNNEL_PKT(p); + + ret = DecodeTunnel(tv, dtv, p, GET_PKT_DATA(p), + GET_PKT_LEN(p), pq, proto); + + if (unlikely(ret != TM_ECODE_OK)) { + TmqhOutputPacketpool(tv, p); + SCReturnPtr(NULL, "Packet"); + } + /* tell parent packet it's part of a tunnel */ SET_TUNNEL_PKT(parent); diff --git a/src/decode.h b/src/decode.h index 216d406436..444b579bc8 100644 --- a/src/decode.h +++ b/src/decode.h @@ -812,7 +812,8 @@ typedef struct DecodeThreadVars_ void DecodeRegisterPerfCounters(DecodeThreadVars *, ThreadVars *); -Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto); +Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, + uint8_t *pkt, uint16_t len, uint8_t proto, PacketQueue *pq); Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto); Packet *PacketGetFromQueueOrAlloc(void); Packet *PacketGetFromAlloc(void);