From: Vladimir Ivchenko <v.ivchenko@ideco.ru>
Date: Thu, 10 Dec 2020 15:05:15 +0000 (+0500)
Subject: GRE: Handling pptp without payload
X-Git-Tag: suricata-7.0.0-beta1~1448
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e89e563eb4ccc47d14422c76bad62397572f2370;p=thirdparty%2Fsuricata.git

GRE: Handling pptp without payload

If one of the ppp peers sends a packet with an acknowledge flag,
the ppp payload will be empty and DecodePPP will return TM_ECODE_FAILED.
To handle this case, the packet_length field in the GRE extended header (https://tools.ietf.org/html/rfc2637#section-4.1) is used.
DecodeGRE no longer tries to parse PPP payload if packet_length is zero.
---

diff --git a/src/decode-gre.c b/src/decode-gre.c
index 02307ec535..6919f0544d 100644
--- a/src/decode-gre.c
+++ b/src/decode-gre.c
@@ -50,6 +50,7 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *p
 
     uint32_t header_len = GRE_HDR_LEN;
     GRESreHdr *gsre = NULL;
+    GREPPtPHd *gre_pptp_h = NULL;
 
     StatsIncr(tv, dtv->counter_gre);
 
@@ -179,6 +180,8 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *p
             }
 
             header_len += GRE_KEY_LEN;
+            /* key is set and proto == PPP */
+            gre_pptp_h = (GREPPtPHd *)pkt;
 
             /* Adjust header length based on content */
 
@@ -214,6 +217,9 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *p
 
         case GRE_PROTO_PPP:
         {
+            if (gre_pptp_h && !gre_pptp_h->payload_length)
+                return TM_ECODE_OK;
+
             Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + header_len,
                     len - header_len, DECODE_TUNNEL_PPP);
             if (tp != NULL) {
diff --git a/src/decode-gre.h b/src/decode-gre.h
index 3596059d55..8cec9207f5 100644
--- a/src/decode-gre.h
+++ b/src/decode-gre.h
@@ -41,6 +41,13 @@ typedef struct GREHdr_
 
 } __attribute__((__packed__)) GREHdr;
 
+/* Enhanced GRE header - https://tools.ietf.org/html/rfc2637#section-4.1 */
+typedef struct GREPPtPHdr_ {
+    GREHdr greh;             /** base GRE packet header */
+    uint16_t payload_length; /** PPP payload length */
+    uint16_t call_id;        /** PPP peer id */
+} __attribute__((__packed__)) GREPPtPHd;
+
 /* Generic Routing Encapsulation Source Route Entries (SREs).
  * The header is followed by a variable amount of Routing Information.
  */