From: Jason Ish <jason.ish@emulex.com>
Date: Tue, 15 Jul 2014 19:48:34 +0000 (-0600)
Subject: Basic MPLS decoder.
X-Git-Tag: suricata-2.1beta2~74
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7642489874a801f31b9bcbc6d9eca9c41171242f;p=thirdparty%2Fsuricata.git

Basic MPLS decoder.
---

diff --git a/src/Makefile.am b/src/Makefile.am
index 1bc2d8d9ea..8213892f18 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -55,6 +55,7 @@ decode-tcp.c decode-tcp.h \
 decode-teredo.c decode-teredo.h \
 decode-udp.c decode-udp.h \
 decode-vlan.c decode-vlan.h \
+decode-mpls.c decode-mpls.h \
 defrag-config.c defrag-config.h \
 defrag.c defrag.h \
 defrag-hash.c defrag-hash.h \
diff --git a/src/decode-ethernet.c b/src/decode-ethernet.c
index 6f34f947c9..e5a920d169 100644
--- a/src/decode-ethernet.c
+++ b/src/decode-ethernet.c
@@ -80,6 +80,11 @@ int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
             DecodeVLAN(tv, dtv, p, pkt + ETHERNET_HEADER_LEN,
                                  len - ETHERNET_HEADER_LEN, pq);
             break;
+        case ETHERNET_TYPE_MPLS_UNICAST:
+        case ETHERNET_TYPE_MPLS_MULTICAST:
+            DecodeMPLS(tv, dtv, p, pkt + ETHERNET_HEADER_LEN,
+                       len - ETHERNET_HEADER_LEN, pq);
+            break;
         default:
             SCLogDebug("p %p pkt %p ether type %04x not supported", p,
                        pkt, ntohs(p->ethh->eth_type));
diff --git a/src/decode-mpls.c b/src/decode-mpls.c
new file mode 100644
index 0000000000..f8f6993d7c
--- /dev/null
+++ b/src/decode-mpls.c
@@ -0,0 +1,63 @@
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Jason Ish <jason.ish@emulex.com>
+ *
+ * MPLS decoder.
+ */
+
+#include "suricata-common.h"
+#include "decode.h"
+
+#define MPLS_HEADER_LEN    4
+#define MPLS_BOTTOM(shim)  ((ntohl(shim) >> 8) & 0x1)
+#define MPLS_PROTO_IPV4    4
+#define MPLS_PROTO_IPV6    6
+
+int DecodeMPLS(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
+    uint16_t len, PacketQueue *pq)
+{
+    if (len < MPLS_HEADER_LEN) {
+        return TM_ECODE_FAILED;
+    }
+
+    uint32_t shim;
+    do {
+        shim = *(uint32_t *)pkt;
+        pkt += MPLS_HEADER_LEN;
+        len -= MPLS_HEADER_LEN;
+    } while (MPLS_BOTTOM(shim) == 0);
+
+    /* Best guess at inner packet. */
+    uint8_t ip_ver = pkt[0] >> 4;
+
+    switch (ip_ver) {
+    case MPLS_PROTO_IPV4:
+        return DecodeIPV4(tv, dtv, p, pkt, len, pq);
+        break;
+    case MPLS_PROTO_IPV6:
+        return DecodeIPV6(tv, dtv, p, pkt, len, pq);
+        break;
+    default:
+        break;
+    }
+
+    return TM_ECODE_FAILED;
+}
diff --git a/src/decode-mpls.h b/src/decode-mpls.h
new file mode 100644
index 0000000000..0f2ad323c2
--- /dev/null
+++ b/src/decode-mpls.h
@@ -0,0 +1,32 @@
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Jason Ish <jason.ish@emulex.com>
+ *
+ * MPLS decoder.
+ */
+
+#ifndef __DECODE_MPLS_H__
+#define __DECODE_MPLS_H__
+
+#define ETHERNET_TYPE_MPLS_UNICAST   0x8847
+#define ETHERNET_TYPE_MPLS_MULTICAST 0x8848
+
+#endif /* !__DECODE_MPLS_H__ */
diff --git a/src/decode.h b/src/decode.h
index 47535ab967..ce2f42d314 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -79,6 +79,7 @@ enum PktSrcEnum {
 #include "decode-sctp.h"
 #include "decode-raw.h"
 #include "decode-vlan.h"
+#include "decode-mpls.h"
 
 #include "detect-reference.h"
 
@@ -855,6 +856,7 @@ int DecodeUDP(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, P
 int DecodeSCTP(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
 int DecodeGRE(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
 int DecodeVLAN(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
+int DecodeMPLS(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
 
 void AddressDebugPrint(Address *);