GH-887: improve GRE/ERSPAN parsing of non-IPv4/IPv6 inner payload

This changes the decapsulation logic for GRE/ERSPAN payloads to re-use existing Layer 2 parsing logic that already handles things like 802.1Q tags correctly before going on to process the inner IPv4/IPv6 payload.
2025-10-15 04:58:21 +00:00 · 2020-03-27 15:22:00 -07:00 · 2020-03-27 15:22:00 -07:00 · b7dee712d5
commit b7dee712d5
parent 42dc2906af
5 changed files with 113 additions and 39 deletions
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -100,7 +100,7 @@ public:
 	 * Wrapper that recurses on DoNextPacket for encapsulated IP packets.
 	 *
 	 * @param t Network time.
-	 * @param hdr If the outer pcap header is available, this pointer can be set
+	 * @param pkt If the outer pcap header is available, this pointer can be set
 	 *        so that the fake pcap header passed to DoNextPacket will use
 	 *        the same timeval.  The caplen and len fields of the fake pcap
 	 *        header are always set to the TotalLength() of \a inner.
@ -114,6 +114,27 @@ public:
 	                      const IP_Hdr* inner, const EncapsulationStack* prev,
 	                      const EncapsulatingConn& ec);

+	/**
+	 * Recurses on DoNextPacket for encapsulated Ethernet/IP packets.
+	 *
+	 * @param t  Network time.
+	 * @param pkt  If the outer pcap header is available, this pointer can be
+	 *        set so that the fake pcap header passed to DoNextPacket will use
+	 *        the same timeval.
+	 * @param caplen  number of captured bytes remaining
+	 * @param len  number of bytes remaining as claimed by outer framing
+	 * @param data  the remaining packet data
+	 * @param link_type  layer 2 link type used for initializing inner packet
+	 * @param prev  Any previous encapsulation stack of the caller, not
+	 *        including the most-recently found depth of encapsulation.
+	 * @param ec The most-recently found depth of encapsulation.
+	 */
+	void DoNextInnerPacket(double t, const Packet* pkt,
+                           uint32_t caplen, uint32_t len,
+                           const u_char* data, int link_type,
+                           const EncapsulationStack* prev,
+                           const EncapsulatingConn& ec);
+
 	/**
 	 * Returns a wrapper IP_Hdr object if \a pkt appears to be a valid IPv4
 	 * or IPv6 header based on whether it's long enough to contain such a header,