From 8977f4966598325613a85270dea4d866517f930c Mon Sep 17 00:00:00 2001
From: Tim Wojtulewicz <tim@corelight.com>
Date: Tue, 23 Jan 2024 11:22:41 -0700
Subject: [PATCH] Remove setting non-existent session history for IPTunnel

---
 src/packet_analysis/protocol/iptunnel/IPTunnel.cc    |  1 -
 .../core.tunnels.gre-in-gre-min-depth/weird.log      | 12 ++++++++++++
 testing/btest/core/tunnels/gre-in-gre-min-depth.test |  3 +++
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 testing/btest/Baseline/core.tunnels.gre-in-gre-min-depth/weird.log
 create mode 100644 testing/btest/core/tunnels/gre-in-gre-min-depth.test

diff --git a/src/packet_analysis/protocol/iptunnel/IPTunnel.cc b/src/packet_analysis/protocol/iptunnel/IPTunnel.cc
index c1ac082c75..e7ac1b3cc1 100644
--- a/src/packet_analysis/protocol/iptunnel/IPTunnel.cc
+++ b/src/packet_analysis/protocol/iptunnel/IPTunnel.cc
@@ -23,7 +23,6 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
     }
 
     if ( packet->encap && packet->encap->Depth() >= BifConst::Tunnel::max_depth ) {
-        packet->session->CheckHistory(zeek::session::detail::HIST_UNKNOWN_PKT, 'X');
         Weird("exceeded_tunnel_max_depth", packet);
         return false;
     }
diff --git a/testing/btest/Baseline/core.tunnels.gre-in-gre-min-depth/weird.log b/testing/btest/Baseline/core.tunnels.gre-in-gre-min-depth/weird.log
new file mode 100644
index 0000000000..8bdd80aff2
--- /dev/null
+++ b/testing/btest/Baseline/core.tunnels.gre-in-gre-min-depth/weird.log
@@ -0,0 +1,12 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	10.10.11.2	0	10.10.13.2	0	exceeded_tunnel_max_depth_in_tunnel	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	10.10.13.2	0	10.10.11.2	0	exceeded_tunnel_max_depth_in_tunnel	-	F	zeek	IPTUNNEL
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/core/tunnels/gre-in-gre-min-depth.test b/testing/btest/core/tunnels/gre-in-gre-min-depth.test
new file mode 100644
index 0000000000..9ffd1e0661
--- /dev/null
+++ b/testing/btest/core/tunnels/gre-in-gre-min-depth.test
@@ -0,0 +1,3 @@
+# @TEST-DOC: Tests that an IP-in-IP tunnel with max-depth set to 1 doesn't crash
+# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gre-within-gre.pcap Tunnel::max_depth=1
+# @TEST-EXEC: btest-diff weird.log
\ No newline at end of file