Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remvoing old tunnel code (encap_hdr_size and udp_tunnels).

Browse source
This commit is contained in:
Gregor Maier 2011-08-07 13:55:46 -07:00
parent 32f37c9f6d
commit cd592203a0
2 changed files with 0 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/bro.init
View file

@ -515,12 +515,6 @@ const packet_sort_window = 0 usecs &redef;
# state accrual. # state accrual.
const frag_timeout = 0.0 sec &redef; const frag_timeout = 0.0 sec &redef;
# If positive, indicates the encapsulation header size that should
# be skipped over for each captured packet ....
const encap_hdr_size = 0 &redef;
# ... or just for the following UDP port.
const tunnel_port = 0/udp &redef;
# Whether to use the ConnSize analyzer to count the number of # Whether to use the ConnSize analyzer to count the number of
# packets and IP-level bytes transfered by each endpoint. If # packets and IP-level bytes transfered by each endpoint. If
# true, these values are returned in the connection's endpoint # true, these values are returned in the connection's endpoint

56
src/Sessions.cc
View file

@ -177,62 +177,6 @@ void NetSessions::DispatchPacket(double t, const struct pcap_pkthdr* hdr,
ip_data = pkt + hdr_size + (ip_hdr->ip_hl << 2); ip_data = pkt + hdr_size + (ip_hdr->ip_hl << 2);
} }
if ( encap_hdr_size > 0 && ip_data )
{
// We're doing tunnel encapsulation. Check whether there's
// a particular associated port.
//
// Should we discourage the use of encap_hdr_size for UDP
// tunnneling? It is probably better handled by enabling
// BifConst::parse_udp_tunnels instead of specifying a fixed
// encap_hdr_size.
if ( udp_tunnel_port > 0 )
{
ASSERT(ip_hdr);
if ( ip_hdr->ip_p == IPPROTO_UDP )
{
const struct udphdr* udp_hdr =
reinterpret_cast<const struct udphdr*>
(ip_data);
if ( ntohs(udp_hdr->uh_dport) == udp_tunnel_port )
{
// A match.
hdr_size += encap_hdr_size;
}
}
}
else
// Blanket encapsulation
hdr_size += encap_hdr_size;
}
// Check IP packets encapsulated through UDP tunnels.
// Specifying a udp_tunnel_port is optional but recommended (to avoid
// the cost of checking every UDP packet).
else if ( BifConst::parse_udp_tunnels && ip_data && ip_hdr->ip_p == IPPROTO_UDP )
{
const struct udphdr* udp_hdr =
reinterpret_cast<const struct udphdr*>(ip_data);
if ( udp_tunnel_port == 0 || // 0 matches any port
udp_tunnel_port == ntohs(udp_hdr->uh_dport) )
{
const u_char* udp_data =
ip_data + sizeof(struct udphdr);
const struct ip* ip_encap =
reinterpret_cast<const struct ip*>(udp_data);
const int ip_encap_len =
ntohs(udp_hdr->uh_ulen) - sizeof(struct udphdr);
const int ip_encap_caplen =
hdr->caplen - (udp_data - pkt);
if ( looks_like_IPv4_packet(ip_encap_len, ip_encap) )
hdr_size = udp_data - pkt;
}
}
if ( src_ps->FilterType() == TYPE_FILTER_NORMAL ) if ( src_ps->FilterType() == TYPE_FILTER_NORMAL )
NextPacket(t, hdr, pkt, hdr_size, pkt_elem); NextPacket(t, hdr, pkt, hdr_size, pkt_elem);
else else