Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IP);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IP);
PacketEnqueue(pq,tp);
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, PPP_OVER_GRE);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, PPP_OVER_GRE);
PacketEnqueue(pq,tp);
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IPV6);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IPV6);
PacketEnqueue(pq,tp);
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, VLAN_OVER_GRE);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_GRE);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, VLAN_OVER_GRE);
PacketEnqueue(pq,tp);
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p),
IPV4_GET_IPPROTO(p));
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV4);
/* send that to the Tunnel decoder */
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPV4_GET_IPPROTO(p));
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IP);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IP);
PacketEnqueue(pq,tp);
if (pq != NULL) {
Packet *tp = PacketPseudoPktSetup(p, pkt, plen, IPPROTO_IPV6);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_IPV6);
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp),
GET_PKT_LEN(tp), pq, IPPROTO_IP);
PacketEnqueue(pq,tp);
Packet *tp = PacketPseudoPktSetup(p, start, blen,
IPPROTO_IPV6);
if (tp != NULL) {
+ PKT_SET_SRC(tp, PKT_SRC_DECODER_TEREDO);
/* send that to the Tunnel decoder */
DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp),
pq, IPPROTO_IPV6);
CHECKSUM_VALIDATION_KERNEL,
} ChecksumValidationMode;
+enum {
+ PKT_SRC_WIRE = 1,
+ PKT_SRC_DECODER_GRE,
+ PKT_SRC_DECODER_IPV4,
+ PKT_SRC_DECODER_IPV6,
+ PKT_SRC_DECODER_TEREDO,
+ PKT_SRC_DEFRAG,
+ PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO,
+ PKT_SRC_FFR_V2,
+ PKT_SRC_FFR_SHUTDOWN,
+};
+
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
uint16_t mpm_offsets[CUDA_MAX_PAYLOAD_SIZE + 1];
#endif
+ uint8_t pkt_src;
+
#ifdef PROFILING
PktProfiling profile;
#endif
(p)->root = NULL; \
(p)->livedev = NULL; \
(p)->ReleaseData = NULL; \
+ (p)->pkt_src = 0; \
PACKET_RESET_CHECKSUMS((p)); \
PACKET_PROFILING_RESET((p)); \
} while (0)
/** \brief return 1 if the packet is a pseudo packet */
#define PKT_IS_PSEUDOPKT(p) ((p)->flags & PKT_PSEUDO_STREAM_END)
+#define PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val)
+
#endif /* __DECODE_H__ */
"fragmentation re-assembly, dumping fragments.");
goto remove_tracker;
}
+ PKT_SET_SRC(rp, PKT_SRC_DEFRAG);
rp->recursion_level = p->recursion_level;
int fragmentable_offset = 0;
"fragmentation re-assembly, dumping fragments.");
goto remove_tracker;
}
+ PKT_SET_SRC(rp, PKT_SRC_DEFRAG);
int fragmentable_offset = 0;
int fragmentable_len = 0;
if (p1 == NULL) {
return 1;
}
+ PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
if (server == 1) {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 0);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
+ PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
p3 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p3 == NULL) {
TmqhOutputPacketpool(NULL, p2);
return 1;
}
+ PKT_SET_SRC(p3, PKT_SRC_FFR_V2);
} else {
p2 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p2 == NULL) {
TmqhOutputPacketpool(NULL, p1);
return 1;
}
+ PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
}
} else if (client == 2) {
if (p1 == NULL) {
return 1;
}
+ PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
TmqhOutputPacketpool(NULL, p1);
return 1;
}
+ PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
} else {
p1 = FlowForceReassemblyPseudoPacketGet(0, f, ssn, 1);
if (p1 == NULL) {
return 1;
}
+ PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
if (server == 2) {
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
TmqhOutputPacketpool(NULL, p1);
return 1;
}
+ PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
}
}
if (p1 == NULL) {
return 1;
}
+ PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
p2 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p2 == NULL) {
TmqhOutputPacketpool(NULL, p1);
return 1;
}
+ PKT_SET_SRC(p2, PKT_SRC_FFR_V2);
} else if (server == 2) {
p1 = FlowForceReassemblyPseudoPacketGet(1, f, ssn, 1);
if (p1 == NULL) {
return 1;
}
+ PKT_SET_SRC(p1, PKT_SRC_FFR_V2);
} else {
/* impossible */
BUG_ON(1);
FBLOCK_UNLOCK(fb);
return;
}
+ PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
FBLOCK_UNLOCK(fb);
return;
}
+ PKT_SET_SRC(p, PKT_SRC_FFR_SHUTDOWN);
if (stream_pseudo_pkt_detect_prev_TV != NULL) {
stream_pseudo_pkt_detect_prev_TV->
FBLOCK_UNLOCK(fb);
}
+ PKT_SET_SRC(reassemble_p, PKT_SRC_FFR_SHUTDOWN);
TmqhOutputPacketpool(NULL, reassemble_p);
return;
}
if (p == NULL) {
SCReturnInt(AFP_FAILURE);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
/* get timestamp of packet via ioctl */
if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) {
if (p == NULL) {
SCReturnInt(AFP_FAILURE);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
/* Suricata will treat packet so telling it is busy, this
* status will be reset to 0 (ie TP_STATUS_KERNEL) in the release
ewtn->dagstream, ewtn->dagname);
SCReturnInt(TM_ECODE_FAILED);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
SET_PKT_LEN(p, wlen);
p->datalink = LINKTYPE_ETHERNET;
EngineStop();
SCReturnInt(TM_ECODE_FAILED);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
if (ReadErfRecord(tv, p, data) != TM_ECODE_OK) {
TmqhOutputPacketpool(etv->tv, p);
if (p == NULL) {
SCReturnInt(TM_ECODE_FAILED);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
SCLogDebug("Received Packet Len: %d", pktlen);
if (unlikely(p == NULL)) {
SCReturnInt(TM_ECODE_FAILED);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
p->ts.tv_sec = header->ts.tv_sec;
p->ts.tv_usec = header->ts.tv_usec;
if (p == NULL) {
return -1;
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
p->nfq_v.nfq_index = ntv->nfq_index;
ret = NFQSetupPkt(p, qh, (void *)nfa);
}
PACKET_PROFILING_TMM_START(p, TMM_RECEIVEPCAPFILE);
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
p->ts.tv_sec = h->ts.tv_sec;
p->ts.tv_usec = h->ts.tv_usec;
SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
SCReturn;
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
p->ts.tv_sec = h->ts.tv_sec;
p->ts.tv_usec = h->ts.tv_usec;
SCLogDebug("p->ts.tv_sec %"PRIuMAX"", (uintmax_t)p->ts.tv_sec);
if (p == NULL) {
SCReturnInt(TM_ECODE_FAILED);
}
+ PKT_SET_SRC(p, PKT_SRC_WIRE);
/* Some flavours of PF_RING may fail to set timestamp - see PF-RING-enabled libpcap code*/
hdr.ts.tv_sec = hdr.ts.tv_usec = 0;
SCLogDebug("The packet received from packet allocation is NULL");
SCReturn;
}
+ PKT_SET_SRC(np, PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO);
/* Setup the IP and TCP headers */
StreamTcpPseudoPacketSetupHeader(np,p);
projects / thirdparty / suricata.git / commitdiff
