From ba81aa438766d34e59752ae6c3dccf52a9f1353c Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 14 Feb 2014 12:06:24 -0800
Subject: [PATCH] Support for MPLS over VLAN.

Patch by Chris Kanich.

BIT-1017 #merged
---
 CHANGES                                       |   4 ++++
 VERSION                                       |   2 +-
 src/PktSrc.cc                                 |  22 ++++++++++++------
 .../btest/Baseline/core.mpls-in-vlan/conn.log |  12 ++++++++++
 testing/btest/Traces/mpls-in-vlan.trace       | Bin 0 -> 2605 bytes
 testing/btest/core/mpls-in-vlan.bro           |   2 ++
 6 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100644 testing/btest/Baseline/core.mpls-in-vlan/conn.log
 create mode 100644 testing/btest/Traces/mpls-in-vlan.trace
 create mode 100644 testing/btest/core/mpls-in-vlan.bro

diff --git a/CHANGES b/CHANGES
index f00e43a271..ba9102aeeb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.2-174 | 2014-02-14 12:07:04 -0800
+
+  * Support for MPLS over VLAN. (Chris Kanich)
+
 2.2-173 | 2014-02-14 10:50:15 -0800
 
   * Fix misidentification of SOCKS traffic that in particiular seemed
diff --git a/VERSION b/VERSION
index 60dee2b058..5b847786b5 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2-173
+2.2-174
diff --git a/src/PktSrc.cc b/src/PktSrc.cc
index 941c4acd83..179630cdbd 100644
--- a/src/PktSrc.cc
+++ b/src/PktSrc.cc
@@ -229,12 +229,21 @@ void PktSrc::Process()
 			{
 			// MPLS carried over the ethernet frame.
 			case 0x8847:
+				// Remove the data link layer and denote a
+				// header size of zero before the IP header.
 				have_mpls = true;
+				data += get_link_header_size(datalink);
+				pkt_hdr_size = 0;
 				break;
 
 			// VLAN carried over the ethernet frame.
 			case 0x8100:
 				data += get_link_header_size(datalink);
+
+				// Check for MPLS in VLAN.
+				if ( ((data[2] << 8) + data[3]) == 0x8847 )
+					have_mpls = true;
+
 				data += 4; // Skip the vlan header
 				pkt_hdr_size = 0;
 
@@ -274,8 +283,13 @@ void PktSrc::Process()
 		protocol = (data[2] << 8) + data[3];
 
 		if ( protocol == 0x0281 )
-			// MPLS Unicast
+			{
+			// MPLS Unicast. Remove the data link layer and
+			// denote a header size of zero before the IP header.
 			have_mpls = true;
+			data += get_link_header_size(datalink);
+			pkt_hdr_size = 0;
+			}
 
 		else if ( protocol != 0x0021 && protocol != 0x0057 )
 			{
@@ -290,12 +304,6 @@ void PktSrc::Process()
 
 	if ( have_mpls )
 		{
-		// Remove the data link layer
-		data += get_link_header_size(datalink);
-
-		// Denote a header size of zero before the IP header
-		pkt_hdr_size = 0;
-
 		// Skip the MPLS label stack.
 		bool end_of_stack = false;
 
diff --git a/testing/btest/Baseline/core.mpls-in-vlan/conn.log b/testing/btest/Baseline/core.mpls-in-vlan/conn.log
new file mode 100644
index 0000000000..e8ee793b75
--- /dev/null
+++ b/testing/btest/Baseline/core.mpls-in-vlan/conn.log
@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2014-02-14-20-04-20
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
+1371685686.536606	CXWv6p3arKYeMETxOg	65.65.65.65	19244	65.65.65.65	80	tcp	-	-	-	-	OTH	-	0	D	1	257	0	0	(empty)
+1371686961.156859	CjhGID4nQcgTWjvg4c	65.65.65.65	32828	65.65.65.65	80	tcp	-	-	-	-	OTH	-	0	d	0	0	1	1500	(empty)
+1371686961.479321	CCvvfg3TEfuqmmG4bh	65.65.65.65	61193	65.65.65.65	80	tcp	-	-	-	-	OTH	-	0	D	1	710	0	0	(empty)
+#close	2014-02-14-20-04-20
diff --git a/testing/btest/Traces/mpls-in-vlan.trace b/testing/btest/Traces/mpls-in-vlan.trace
new file mode 100644
index 0000000000000000000000000000000000000000..634f3fce1469f61f436ed1b79c5b1c42f8c29289
GIT binary patch
literal 2605
zcmc&$O>7%Q6rKc{rYlxd;*t}LWDX_rdhM86Wl5!&#EGR8$t5We327Pcj@LuRGt2Bc
zPFf)h5>ig|g2V+ODpi~~fdq$~T7E9v5Jyy1LeN{0IKY)RyIv=@TnSf2j5IrXGjHC!
z@0<7L?a$wSd1Dqmj<R+xhtLcNmDSsqpDxa$r$Eph&Hq}hR@3i$=!tjdQ4P(^xG%4u
z<+=XXu#~jTJZilE`CIgF^WMk(1@znZ3arh{8|bU^OCSE&o872wV>?s+w<E4^Z#V2x
zp=27PTO2$pXOd~uWfYICn#QUWf_gEN!oi!AhE|ocJ!%?PBC4!vK*ji$%-)32G)$vZ
zzkT`0pGAM3LP;N`2%*D`$L`<A*U+h7UI<rEajvnJ8A6Tz^1>T8KmDxu-Sz%iRH=NB
z(qv!%;^>*P;@M1ZiqSOAG>NwxDA^Uh#X2OQj*x=BIJ)3TE|rs8UtiY?1F2N2ER`?7
z#5<;ui)ARt-X$h>@ikCsaY=v|#e#OMx4^Q4mx|%O7Lr+~bUu|r8L@<2(u^eU#`<iq
zND6{d-)&PKCKhA5A6u~^B5Fz1aj-{178A~{CcdUF;mpHC*{7aVB)zx{Q%HQDiNL|&
z%CKjC9W&wJuHxtHn07)=Vj9^}dBlynO<#5x5q3gUWNYUNp$MMCLRyN3l*E|RR*V6z
z2HK_?zf-EDNPQN8xdW%krMH`+%(W@;sd`P3Fr*3(M0}D?;<V)+tX<PIY7$Q1f=i={
zv-G}zG<(q+Z>w8dxVpAhTf;By;Ogd9y}C25lE{lT++v6M5biO=^w6W@DV%E(NCo94
z_vd=4qIOIB2RGhx+RXQ<(9k<X1x#2?8OO5Yl%G!+(18N>d`{iA>`*r*O-=!<9^8bu
zLPz>tPSb__1Z92PApXkbGMqG}&30K^Xi5ddW!~Wu1Ovn#^Kou9X<!#a8wG*WfYl3G
zxD8W4Pqu&%D}sQ8NC%4p8^ef$-M9#o=_MXVa#!EHN1{R8Pr&>@g1Q{%@q`U9uTc)%
z*Tg!dH20=t3k-4gz%w}0r(^(^G(N1qS!Qz<0U_}Lr&fFr0xek<PMv6J#1W-r&+YPw
zDF-=*f!!$qrf-YRAZw7UgU4X9olpZF(M|(9BO!~ZG*ZCE#HUzSfStx^baxgdeY66Y
z8;2X{$-B#FuC!c3vp>B4*9y8g_f0-C^~V|1_~h2_d+zDNPyGe&@YY9zVtMn;JN2Vi
z7apouX2$==@kG5&>u|4Ep!)<~U|NtW7%jxRx)8(b|FDJlQR9T0_B<Lw$y>A+P2&~X
zqKc}qe~CwZ=znZ4!(`QjC)27KTxDV2r!8F+^O5hhhdP&t2)g?30aIaJ*~&u|c>7|p
Ja6$j^`~zPp1hfDE

literal 0
HcmV?d00001

diff --git a/testing/btest/core/mpls-in-vlan.bro b/testing/btest/core/mpls-in-vlan.bro
new file mode 100644
index 0000000000..f57c1862ce
--- /dev/null
+++ b/testing/btest/core/mpls-in-vlan.bro
@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -C -r $TRACES/mpls-in-vlan.trace
+# @TEST-EXEC: btest-diff conn.log