Add Teredo analysis option to reduce false positive decapsulation.

The Tunnel::yielding_teredo_decapsulation (on by default) makes it so the Teredo analyzer doesn't attempt to decapsulate payloads when there's already a sibling analyzer that thinks it's parsing the right protocol. Sometimes, UDP payloads just happen to look like they are validly Teredo-encapsulated and doing further analysis on the decapsulated packet can quickly turn into a weird; this change helps reduce such weirds.
2025-10-09 18:18:19 +00:00 · 2012-06-07 12:12:57 -05:00 · 2012-06-07 12:12:57 -05:00 · 6f346c8406
commit 6f346c8406
parent 9ddb70b109
7 changed files with 92 additions and 2 deletions
--- a/src/Analyzer.h
+++ b/src/Analyzer.h
@ -343,6 +343,10 @@ private:
 	for ( analyzer_list::iterator var = the_kids.begin(); \
 	      var != the_kids.end(); var++ )

+#define LOOP_OVER_GIVEN_CONST_CHILDREN(var, the_kids) \
+	for ( analyzer_list::const_iterator var = the_kids.begin(); \
+	      var != the_kids.end(); var++ )
+
 class SupportAnalyzer : public Analyzer {
 public:
 	SupportAnalyzer(AnalyzerTag::Tag tag, Connection* conn, bool arg_orig)