void *handle;
int skip;
int trace;
+ uint32_t caps_cfg;
DAQ_PktHdr_t retry_hdr;
uint8_t* retry_data;
unsigned packets_before_retry;
context->skip = 0;
context->trace = 0;
context->packets_before_retry = 0;
-
+ context->caps_cfg = 0;
for ( entry = cfg->values; entry; entry = entry->next)
{
if ( !strcmp(entry->key, "skip") )
{
context->packets_before_retry = atoi(entry->value);
}
+ else if ( !strcmp(entry->key, "caps") )
+ {
+ // DAQ capabilities in hex, e.g. caps=0x00004000
+ context->caps_cfg = strtol(entry->value, NULL, 0);
+ }
}
}
DAQRegTestContext* context = (DAQRegTestContext*)handle;
uint32_t caps = context->module->get_capabilities(context->handle);
caps |= DAQ_CAPA_RETRY;
+ caps |= context->caps_cfg;
return caps;
}
if ( snort.ip_api.is_ip6() )
{
- /* If Teredo or GRE seen, this is not an 4in6 tunnel */
+ /* If the previous layer was not IP-in-IP, this is not a 4-in-6 tunnel */
if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) )
}
else if (snort.ip_api.is_ip4())
{
- /* If Teredo or GRE seen, this is not an 4in4 tunnel */
+ /* If the previous layer was not IP-in-IP, this is not a 4-in-4 tunnel */
if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4))
if ( snort.ip_api.is_ip4() )
{
- /* If Teredo or GRE seen, this is not an 4in6 tunnel */
+ /* If the previous layer was not IP-in-IP, this is not a 6-in-4 tunnel */
if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_6IN4) )
}
else if (snort.ip_api.is_ip6())
{
- /* If Teredo or GRE seen, this is not an 6in6 tunnel */
+ /* If the previous layer was not IP-in-IP, this is not a 6-in-6 tunnel */
if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_6IN6))
else if (ip_ver == 0x60)
codec.next_prot_id = ProtocolId::IPV6;
}
+ codec.codec_flags |= CODEC_NON_IP_TUNNEL;
return true;
}
#include "managers/module_manager.h"
#include "managers/mpse_manager.h"
#include "memory/memory_config.h"
+#include "packet_io/sfdaq.h"
#include "packet_io/sfdaq_config.h"
#include "parser/parser.h"
#include "parser/vars.h"
rule_state_list = nullptr;
}
+bool SnortConfig::tunnel_bypass_enabled(uint8_t proto)
+{
+ return (!((snort_conf->tunnel_mask & proto) or SFDAQ::get_tunnel_bypass(proto)));
+}
\ No newline at end of file
static int get_default_rule_state()
{ return snort_conf->default_rule_state; }
- static bool tunnel_bypass_enabled(uint8_t proto)
- { return !(snort_conf->tunnel_mask & proto); }
+ SO_PUBLIC static bool tunnel_bypass_enabled(uint8_t proto);
// checksum stuff
static bool checksum_drop(uint16_t codec_cksum_err_flag)
return local_instance && local_instance->can_retry();
}
+bool SFDAQ::get_tunnel_bypass(uint8_t proto)
+{
+ return local_instance && local_instance->get_tunnel_bypass(proto);
+}
+
int SFDAQ::inject(const DAQ_PktHdr_t* hdr, int rev, const uint8_t* buf, uint32_t len)
{
return local_instance->inject(hdr, rev, buf, len);
else
daq_dlt = daq_get_datalink_type(daq_mod, daq_hand);
+ get_tunnel_capabilities();
+
return (err == DAQ_SUCCESS);
}
+void SFDAQInstance::get_tunnel_capabilities()
+{
+ daq_tunnel_mask = 0;
+ if (daq_mod && daq_hand)
+ {
+ uint32_t caps = daq_get_capabilities(daq_mod, daq_hand);
+
+ if (caps & DAQ_CAPA_DECODE_GTP)
+ {
+ daq_tunnel_mask |= TUNNEL_GTP;
+ }
+ if (caps & DAQ_CAPA_DECODE_TEREDO)
+ {
+ daq_tunnel_mask |= TUNNEL_TEREDO;
+ }
+ if (caps & DAQ_CAPA_DECODE_GRE)
+ {
+ daq_tunnel_mask |= TUNNEL_GRE;
+ }
+ if (caps & DAQ_CAPA_DECODE_4IN4)
+ {
+ daq_tunnel_mask |= TUNNEL_4IN4;
+ }
+ if (caps & DAQ_CAPA_DECODE_6IN4)
+ {
+ daq_tunnel_mask |= TUNNEL_6IN4;
+ }
+ if (caps & DAQ_CAPA_DECODE_4IN6)
+ {
+ daq_tunnel_mask |= TUNNEL_4IN6;
+ }
+ if (caps & DAQ_CAPA_DECODE_6IN6)
+ {
+ daq_tunnel_mask |= TUNNEL_6IN6;
+ }
+ if (caps & DAQ_CAPA_DECODE_MPLS)
+ {
+ daq_tunnel_mask |= TUNNEL_MPLS;
+ }
+ }
+}
+
+bool SFDAQInstance::get_tunnel_bypass(uint8_t proto)
+{
+ return (daq_tunnel_mask & proto ? true : false);
+}
+
bool SFDAQInstance::was_started()
{
DAQ_State s;
int add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort,
const SfIp* srvIP, uint16_t srvPort, IpProtocol, unsigned timeout_ms,
unsigned /* flags */);
+ bool get_tunnel_bypass(uint8_t proto);
private:
+ void get_tunnel_capabilities();
bool set_filter(const char*);
std::string interface_spec;
DAQ_Meta_Func_t daq_meta_callback;
int daq_dlt;
int s_error;
DAQ_Stats_t daq_stats;
+ uint8_t daq_tunnel_mask;
};
class SFDAQ
static bool can_inject_raw();
static bool can_replace();
static bool can_retry();
+ SO_PUBLIC static bool get_tunnel_bypass(uint8_t proto);
// FIXIT-M X Temporary thread-local instance helpers to be removed when no longer needed
static void set_local_instance(SFDAQInstance*);
projects / thirdparty / snort3.git / commitdiff
