Merge branch 'topic/tunnels' of ssh://git.bro-ids.org/bro into topic/tunnels

scripts/base/init-bare.bro

@@ -2629,10 +2629,8 @@ const ignore_keep_alive_rexmit = F &redef;
 
 module Tunnel;
 export {
-	## Whether to decapsulate IP tunnels (IPinIP, 6in4, 6to4)
-	const decapsulate_ip = T &redef;
-	
 	## The maximum depth of a tunnel to decapsulate until giving up.
+	## Setting this to zero will disable tunnel decapsulation.
 	const max_depth: count = 2 &redef;
 } # end export
 module GLOBAL;

src/AYIYA.h

@@ -16,7 +16,7 @@ public:
 		{ return new AYIYA_Analyzer(conn); }
 
 	static bool Available()
-		{ return BifConst::Tunnel::decapsulate_ip; }
+		{ return BifConst::Tunnel::max_depth > 0; }
 
 protected:
 	friend class AnalyzerTimer;

src/Sessions.cc

@@ -522,17 +522,9 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		break;
 		}
 
-	case IPPROTO_IP:
 	case IPPROTO_IPV4:
 	case IPPROTO_IPV6:
 		{
-		if ( ! BifConst::Tunnel::decapsulate_ip )
-			{
-			reporter->Weird(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), "ip_tunnel");
-			Remove(f);
-			return;
-			}
-
 		if ( encapsulation.Depth() >= BifConst::Tunnel::max_depth )
 			{
 			reporter->Weird(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), "tunnel_depth");
@@ -674,7 +666,6 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32 len, uint32 caplen,
 	case IPPROTO_UDP:
 		min_hdr_len = sizeof(struct udphdr);
 		break;
-	case IPPROTO_IP:
 	case IPPROTO_IPV4:
 		min_hdr_len = sizeof(struct ip);
 		break;

src/const.bif

@@ -11,5 +11,4 @@ const NFS3::return_data: bool;
 const NFS3::return_data_max: count;
 const NFS3::return_data_first_only: bool;
 
-const Tunnel::decapsulate_ip: bool;
 const Tunnel::max_depth: count;