|
|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
/* Copyright (C) 2007-2010 Open Information Security Foundation
|
|
|
|
|
/* Copyright (C) 2007-2012 Open Information Security Foundation
|
|
|
|
|
*
|
|
|
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
|
|
|
* the GNU General Public License version 2 as published by the Free
|
|
|
|
|
@ -125,7 +125,7 @@ Packet *PacketGetFromQueueOrAlloc(void)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Setup a pseudo packet (tunnel or reassembled frags)
|
|
|
|
|
* \brief Setup a pseudo packet (tunnel)
|
|
|
|
|
*
|
|
|
|
|
* \param parent parent packet for this pseudo pkt
|
|
|
|
|
* \param pkt raw packet data
|
|
|
|
|
@ -173,6 +173,58 @@ Packet *PacketPseudoPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t
|
|
|
|
|
SCReturnPtr(p, "Packet");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Setup a pseudo packet (reassembled frags)
|
|
|
|
|
*
|
|
|
|
|
* Difference with PacketPseudoPktSetup is that this func doesn't increment
|
|
|
|
|
* the recursion level. It needs to be on the same level as the frags because
|
|
|
|
|
* we run the flow engine against this and we need to get the same flow.
|
|
|
|
|
*
|
|
|
|
|
* \param parent parent packet for this pseudo pkt
|
|
|
|
|
* \param pkt raw packet data
|
|
|
|
|
* \param len packet data length
|
|
|
|
|
* \param proto protocol of the tunneled packet
|
|
|
|
|
*
|
|
|
|
|
* \retval p the pseudo packet or NULL if out of memory
|
|
|
|
|
*/
|
|
|
|
|
Packet *PacketDefragPktSetup(Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto) {
|
|
|
|
|
SCEnter();
|
|
|
|
|
|
|
|
|
|
/* get us a packet */
|
|
|
|
|
Packet *p = PacketGetFromQueueOrAlloc();
|
|
|
|
|
if (p == NULL) {
|
|
|
|
|
SCReturnPtr(NULL, "Packet");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* set the root ptr to the lowest layer */
|
|
|
|
|
if (parent->root != NULL)
|
|
|
|
|
p->root = parent->root;
|
|
|
|
|
else
|
|
|
|
|
p->root = parent;
|
|
|
|
|
|
|
|
|
|
/* copy packet and set lenght, proto */
|
|
|
|
|
PacketCopyData(p, pkt, len);
|
|
|
|
|
p->recursion_level = parent->recursion_level; /* NOT incremented */
|
|
|
|
|
p->ts.tv_sec = parent->ts.tv_sec;
|
|
|
|
|
p->ts.tv_usec = parent->ts.tv_usec;
|
|
|
|
|
|
|
|
|
|
/* set tunnel flags */
|
|
|
|
|
|
|
|
|
|
/* tell new packet it's part of a tunnel */
|
|
|
|
|
SET_TUNNEL_PKT(p);
|
|
|
|
|
/* tell parent packet it's part of a tunnel */
|
|
|
|
|
SET_TUNNEL_PKT(parent);
|
|
|
|
|
|
|
|
|
|
/* increment tunnel packet refcnt in the root packet */
|
|
|
|
|
TUNNEL_INCR_PKT_TPR(p);
|
|
|
|
|
|
|
|
|
|
/* disable payload (not packet) inspection on the parent, as the payload
|
|
|
|
|
* is the packet we will now run through the system separately. We do
|
|
|
|
|
* check it against the ip/port/other header checks though */
|
|
|
|
|
DecodeSetNoPayloadInspectionFlag(parent);
|
|
|
|
|
SCReturnPtr(p, "Packet");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
|
|
|
|
|
{
|
|
|
|
|
/* register counters */
|
|
|
|
|
|
Victor Julien
14 years ago