From: Victor Julien Date: Fri, 7 Jul 2017 14:32:50 +0000 (+0200) Subject: decode: add config option to disable teredo X-Git-Tag: suricata-4.0.0-rc2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2827%2Fhead;p=thirdparty%2Fsuricata.git decode: add config option to disable teredo Ticket #744. --- diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 4aea0d27f7..e69859c0f7 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -2235,6 +2235,23 @@ unlimited. # Stream reassembly size for modbus, default is 0 stream-depth: 0 +Decoder +------- + +Teredo +~~~~~~ + +The Teredo decoder can be disabled. It is enabled by default. + +:: + + decoder: + # Teredo decoder is known to not be completely accurate + # it will sometimes detect non-teredo as teredo. + teredo: + enabled: true + + Advanced Options ---------------- diff --git a/src/decode-teredo.c b/src/decode-teredo.c index 531946c89b..6739c24b59 100644 --- a/src/decode-teredo.c +++ b/src/decode-teredo.c @@ -37,9 +37,24 @@ #include "decode-ipv6.h" #include "decode-teredo.h" #include "util-debug.h" +#include "conf.h" #define TEREDO_ORIG_INDICATION_LENGTH 8 +static bool g_teredo_enabled = true; + +void DecodeTeredoConfig(void) +{ + int enabled = 0; + if (ConfGetBool("decoder.teredo.enabled", &enabled) == 1) { + if (enabled) { + g_teredo_enabled = true; + } else { + g_teredo_enabled = false; + } + } +} + /** * \brief Function to decode Teredo packets * @@ -47,6 +62,8 @@ */ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq) { + if (!g_teredo_enabled) + return TM_ECODE_FAILED; uint8_t *start = pkt; diff --git a/src/decode-teredo.h b/src/decode-teredo.h index 142d13c207..a5a31c79e2 100644 --- a/src/decode-teredo.h +++ b/src/decode-teredo.h @@ -15,5 +15,11 @@ * 02110-1301, USA. */ +#ifndef __DECODE_TEREDO_H__ +#define __DECODE_TEREDO_H__ + int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq); +void DecodeTeredoConfig(void); + +#endif diff --git a/src/decode.c b/src/decode.c index 3c128edacd..85d0ca9915 100644 --- a/src/decode.c +++ b/src/decode.c @@ -51,6 +51,7 @@ #include "suricata.h" #include "conf.h" #include "decode.h" +#include "decode-teredo.h" #include "util-debug.h" #include "util-mem.h" #include "app-layer-detect-proto.h" @@ -608,6 +609,11 @@ void CaptureStatsSetup(ThreadVars *tv, CaptureStats *s) s->counter_ips_replaced = StatsRegisterCounter("ips.replaced", tv); } +void DecodeGlobalConfig(void) +{ + DecodeTeredoConfig(); +} + /** * @} */ diff --git a/src/decode.h b/src/decode.h index 0a4e5cb7ca..64a416ce3d 100644 --- a/src/decode.h +++ b/src/decode.h @@ -959,6 +959,7 @@ typedef int (*DecoderFunc)(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, int DecoderParseDataFromFile(char *filename, DecoderFunc Decoder); int DecoderParseDataFromFileSerie(char *fileprefix, DecoderFunc Decoder); #endif +void DecodeGlobalConfig(void); /** \brief Set the No payload inspection Flag for the packet. * diff --git a/src/suricata.c b/src/suricata.c index 9a2bc53fdb..25a62c56f0 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2726,6 +2726,8 @@ static int PostConfLoadedSetup(SCInstance *suri) CoredumpLoadConfig(); + DecodeGlobalConfig(); + PreRunInit(suri->run_mode); SCReturnInt(TM_ECODE_OK); diff --git a/suricata.yaml.in b/suricata.yaml.in index 590ad3b9e2..6645edd9b2 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1261,6 +1261,14 @@ host: # prealloc: 1000 # memcap: 32mb +# Decoder settings + +decoder: + # Teredo decoder is known to not be completely accurate + # it will sometimes detect non-teredo as teredo. + teredo: + enabled: true + ## ## Performance tuning and profiling