Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Adding support to de-capsulate tunnels. Checkpoint.

Browse source 
Re-organizing code. Adding UDP tunnel handlers.
Using policy level redef'able consts to tune behavior. UDP port settings
not working yet.
This commit is contained in:
Gregor Maier 2011-08-04 15:25:13 -07:00
parent 9c388a1809
commit 8910cd2dca
6 changed files with 216 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/Sessions.cc
View file

@ -131,10 +131,11 @@ NetSessions::NetSessions()
arp_analyzer = 0;
if ( 1 )
if ( BifConst::Tunnel::decapsulate_ip || BifConst::Tunnel::decapsulate_udp )
tunnel_handler = new TunnelHandler(this);
else
tunnel_handler = 0;
printf("tunnel_handler: %p\n", tunnel_handler);
}
NetSessions::~NetSessions()
@ -473,13 +474,20 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
}
}
TunnelInfo *tunnel_info = tunnel_handler->DecapsulateTunnel(ip_hdr, len, caplen, hdr, pkt);
if (tunnel_info)
len -= ip_hdr_len; // remove IP header
caplen -= ip_hdr_len;
TunnelInfo *tunnel_info = 0;
if ( tunnel_handler )
{
ip4 = tunnel_info->child->IP4_Hdr();
ip_hdr = tunnel_info->child;
len -= tunnel_info->hdr_len;
caplen -= tunnel_info->hdr_len;
tunnel_info = tunnel_handler->DecapsulateTunnel(ip_hdr, len, caplen, hdr, pkt);
if (tunnel_info)
{
ip4 = tunnel_info->child->IP4_Hdr();
ip_hdr = tunnel_info->child;
len -= tunnel_info->hdr_len;
caplen -= tunnel_info->hdr_len;
}
}
int proto = ip_hdr->NextProto();
@ -490,9 +498,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
return;
}
len -= ip_hdr_len; // remove IP header
caplen -= ip_hdr_len;
uint32 min_hdr_len = (proto == IPPROTO_TCP) ? sizeof(struct tcphdr) :
(proto == IPPROTO_UDP ? sizeof(struct udphdr) : ICMP_MINLEN);