Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Support for MPLS over VLAN.

Browse source 
Patch by Chris Kanich.

BIT-1017 #merged
This commit is contained in:
Robin Sommer 2014-02-14 12:06:24 -08:00
parent 4524406899
commit ba81aa4387
6 changed files with 34 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.2-174 | 2014-02-14 12:07:04 -0800
* Support for MPLS over VLAN. (Chris Kanich)
2.2-173 | 2014-02-14 10:50:15 -0800 2.2-173 | 2014-02-14 10:50:15 -0800
* Fix misidentification of SOCKS traffic that in particiular seemed * Fix misidentification of SOCKS traffic that in particiular seemed

2
VERSION
View file

@ -1 +1 @@
2.2-173 2.2-174

22
src/PktSrc.cc
View file

@ -229,12 +229,21 @@ void PktSrc::Process()
{ {
// MPLS carried over the ethernet frame. // MPLS carried over the ethernet frame.
case 0x8847: case 0x8847:
// Remove the data link layer and denote a
// header size of zero before the IP header.
have_mpls = true; have_mpls = true;
data += get_link_header_size(datalink);
pkt_hdr_size = 0;
break; break;
// VLAN carried over the ethernet frame. // VLAN carried over the ethernet frame.
case 0x8100: case 0x8100:
data += get_link_header_size(datalink); data += get_link_header_size(datalink);
// Check for MPLS in VLAN.
if ( ((data[2] << 8) + data[3]) == 0x8847 )
have_mpls = true;
data += 4; // Skip the vlan header data += 4; // Skip the vlan header
pkt_hdr_size = 0; pkt_hdr_size = 0;
@ -274,8 +283,13 @@ void PktSrc::Process()
protocol = (data[2] << 8) + data[3]; protocol = (data[2] << 8) + data[3];
if ( protocol == 0x0281 ) if ( protocol == 0x0281 )
// MPLS Unicast {
// MPLS Unicast. Remove the data link layer and
// denote a header size of zero before the IP header.
have_mpls = true; have_mpls = true;
data += get_link_header_size(datalink);
pkt_hdr_size = 0;
}
else if ( protocol != 0x0021 && protocol != 0x0057 ) else if ( protocol != 0x0021 && protocol != 0x0057 )
{ {
@ -290,12 +304,6 @@ void PktSrc::Process()
if ( have_mpls ) if ( have_mpls )
{ {
// Remove the data link layer
data += get_link_header_size(datalink);
// Denote a header size of zero before the IP header
pkt_hdr_size = 0;
// Skip the MPLS label stack. // Skip the MPLS label stack.
bool end_of_stack = false; bool end_of_stack = false;

12
testing/btest/Baseline/core.mpls-in-vlan/conn.log Normal file
View file

@ -0,0 +1,12 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2014-02-14-20-04-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - 0 D 1 257 0 0 (empty)
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - 0 d 0 0 1 1500 (empty)
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - 0 D 1 710 0 0 (empty)
#close 2014-02-14-20-04-20

BIN
testing/btest/Traces/mpls-in-vlan.trace Normal file
View file

Binary file not shown.

2
testing/btest/core/mpls-in-vlan.bro Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -C -r $TRACES/mpls-in-vlan.trace
# @TEST-EXEC: btest-diff conn.log