teredo: update protocol decoding.

This patch fixes an error in pointer arythmetic and add some comments to increase maintanability of the code. It also simplify the decoding code as a careful RFC reading indicate that if we discard packet containing an authentication field, it is only possible to have a single origin indication field.
13 years ago · 2732faf05c
parent 8d7b9703af
commit 2732faf05c
1 changed files with 11 additions and 6 deletions
--- a/src/decode-teredo.c
+++ b/src/decode-teredo.c
@ -27,7 +27,9 @@
 *
 * \author Eric Leblond <eric@regit.org>
 *
- * Decode Teredo Tunneling protocol
+ * Decode Teredo Tunneling protocol.
+ *
+ * This implementation is based upon RFC 4380: http://www.ietf.org/rfc/rfc4380.txt
 */

 #include "suricata-common.h"
@ -35,6 +37,8 @@
 #include "decode-ipv6.h"
 #include "util-debug.h"

+#define TEREDO_ORIG_INDICATION_LENGTH    8
+
 /**
 * \brief Function to decode Teredo packets
 *
@ -50,14 +54,15 @@ int DecodeTeredo(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
        return 0;

    /* Teredo encapsulate IPv6 in UDP and can add some custom message
-     * part before the IPv6 packet. Here we iter on the messages to get
-     * on the IPv6 packet. */
-    while (start[0] == 0x0) {
+     * part before the IPv6 packet. In our case, we just want to get
+     * over an ORIGIN indication. So we just make one offset if needed. */
+    if (start[0] == 0x0) {
        switch (start[1]) {
            /* origin indication: compatible with tunnel */
            case 0x0:
-                if (len >= 8 + (pkt - start) + IPV6_HEADER_LEN)
-                    start += 8;
+                /* offset is coherent with len and presence of an IPv6 header */
+                if (len >= TEREDO_ORIG_INDICATION_LENGTH + IPV6_HEADER_LEN)
+                    start += TEREDO_ORIG_INDICATION_LENGTH;
                else
                    return 0;
                break;