Checkpointing the merge. Not done yet.

Merge remote-tracking branch 'origin/topic/tunnels' into topic/robin/tunnels-merge * origin/topic/tunnels: (41 commits) Extend weird names that occur in core packet processing during decapsulation. Add Teredo analysis option to reduce false positive decapsulation. Just some cleanup/documentation of new tunnel-handling code. Memory leak fixes Add a config.h definition for IPPROTO_IPV4. Add AYIYA tunnel decapsulation unit test. Add Teredo-specific events. Refactor some of the NetSessions routines that recurse on IP packets. Add independent options to toggle the different decapsulation methods Add more sanity checks before recursing on encapsulated IP packets. Suppress Teredo weirds unless decapsulation was successful once before. Tunnel support performance optimization. Add Teredo tunnel decapsulation. Fix for IP tunnel UID persistence. Fix AYIYA analyzer tag. Add summary documentation to tunnels/main.bro. Make tunnels always identifiable by UID, tunnel.log now gets populated. Some improvements to the AYIYA analyzer. Remove Tunnel::decapsulate_ip option. Remove invalid IP-in-IP encapsulated protocol value. ...
2025-10-05 16:18:19 +00:00 · 2012-06-11 17:24:18 -07:00 · 2012-06-11 17:24:18 -07:00 · 1acb9fd91d
commit 1acb9fd91d
parent d1512ef462 9d2a21c490
81 changed files with 2535 additions and 166 deletions
--- a/src/TunnelEncapsulation.cc
+++ b/src/TunnelEncapsulation.cc
@ -0,0 +1,55 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "TunnelEncapsulation.h"
+#include "util.h"
+#include "Conn.h"
+
+EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
+		: src_addr(c->OrigAddr()), dst_addr(c->RespAddr()),
+		  src_port(c->OrigPort()), dst_port(c->RespPort()),
+		  proto(c->ConnTransport()), type(t), uid(c->GetUID())
+	{
+	if ( ! uid )
+		{
+		uid = calculate_unique_id();
+		c->SetUID(uid);
+		}
+	}
+
+RecordVal* EncapsulatingConn::GetRecordVal() const
+	{
+	RecordVal *rv = new RecordVal(BifType::Record::Tunnel::EncapsulatingConn);
+
+	RecordVal* id_val = new RecordVal(conn_id);
+	id_val->Assign(0, new AddrVal(src_addr));
+	id_val->Assign(1, new PortVal(ntohs(src_port), proto));
+	id_val->Assign(2, new AddrVal(dst_addr));
+	id_val->Assign(3, new PortVal(ntohs(dst_port), proto));
+	rv->Assign(0, id_val);
+	rv->Assign(1, new EnumVal(type, BifType::Enum::Tunnel::Type));
+
+	char tmp[20];
+	rv->Assign(2, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
+
+	return rv;
+	}
+
+bool operator==(const Encapsulation& e1, const Encapsulation& e2)
+	{
+	if ( ! e1.conns )
+		return e2.conns;
+
+	if ( ! e2.conns )
+		return false;
+
+	if ( e1.conns->size() != e2.conns->size() )
+		return false;
+
+	for ( size_t i = 0; i < e1.conns->size(); ++i )
+		{
+		if ( (*e1.conns)[i] != (*e2.conns)[i] )
+			return false;
+		}
+
+	return true;
+	}