From 976e8db1559f30d4733fa346515bc03247a20825 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Tue, 5 Jun 2012 10:17:41 -0500
Subject: [PATCH] Add independent options to toggle the different decapsulation
 methods

---
 scripts/base/init-bare.bro | 11 ++++++++++-
 src/AYIYA.h                |  4 ++--
 src/Sessions.cc            |  7 +++++++
 src/Teredo.h               |  4 ++--
 src/const.bif              |  3 +++
 5 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 920f4a47c2..70905824f3 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2650,8 +2650,17 @@ const ignore_keep_alive_rexmit = F &redef;
 module Tunnel;
 export {
 	## The maximum depth of a tunnel to decapsulate until giving up.
-	## Setting this to zero will disable tunnel decapsulation.
+	## Setting this to zero will disable all types of tunnel decapsulation.
 	const max_depth: count = 2 &redef;
+
+	## Toggle whether to do IPv{4,6}-in-IPv{4,6} decapsulation.
+	const enable_ip = T &redef;
+
+	## Toggle whether to do IPv{4,6}-in-AYIYA decapsulation.
+	const enable_ayiya = T &redef;
+
+	## Toggle whether to do IPv6-in-Teredo decapsulation.
+	const enable_teredo = T &redef;
 } # end export
 module GLOBAL;
 
diff --git a/src/AYIYA.h b/src/AYIYA.h
index 2122cafee6..79b41553c7 100644
--- a/src/AYIYA.h
+++ b/src/AYIYA.h
@@ -16,8 +16,8 @@ public:
 		{ return new AYIYA_Analyzer(conn); }
 
 	static bool Available()
-		// TODO: specific option to turn off AYIYA analysis
-		{ return BifConst::Tunnel::max_depth > 0; }
+		{ return BifConst::Tunnel::enable_ayiya &&
+		         BifConst::Tunnel::max_depth > 0; }
 
 protected:
 	friend class AnalyzerTimer;
diff --git a/src/Sessions.cc b/src/Sessions.cc
index d873b269fe..9738f380d7 100644
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@@ -523,6 +523,13 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	case IPPROTO_IPV4:
 	case IPPROTO_IPV6:
 		{
+		if ( ! BifConst::Tunnel::enable_ip )
+			{
+			reporter->Weird(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), "IP_tunnel");
+			Remove(f);
+			return;
+			}
+
 		if ( encapsulation &&
 		     encapsulation->Depth() >= BifConst::Tunnel::max_depth )
 			{
diff --git a/src/Teredo.h b/src/Teredo.h
index d5422cdef4..554e97f29a 100644
--- a/src/Teredo.h
+++ b/src/Teredo.h
@@ -21,8 +21,8 @@ public:
 		{ return new Teredo_Analyzer(conn); }
 
 	static bool Available()
-		//TODO: specific option to turn off Teredo analysis?
-		{ return BifConst::Tunnel::max_depth > 0; }
+		{ return BifConst::Tunnel::enable_teredo &&
+		         BifConst::Tunnel::max_depth > 0; }
 
 	/**
 	 * Emits a weird only if the analyzer has previously been able to
diff --git a/src/const.bif b/src/const.bif
index 553e8b6d58..3e8fe4b53b 100644
--- a/src/const.bif
+++ b/src/const.bif
@@ -12,5 +12,8 @@ const NFS3::return_data_max: count;
 const NFS3::return_data_first_only: bool;
 
 const Tunnel::max_depth: count;
+const Tunnel::enable_ip: bool;
+const Tunnel::enable_ayiya: bool;
+const Tunnel::enable_teredo: bool;
 
 const Threading::heartbeat_interval: interval;