/src/suricata/src/decode-erspan.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 2020-2021 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \ingroup decode |
20 | | * |
21 | | * @{ |
22 | | */ |
23 | | |
24 | | |
25 | | /** |
26 | | * \file |
27 | | * |
28 | | * \author Victor Julien <victor@inliniac.net> |
29 | | * |
30 | | * Decodes ERSPAN Types I and II |
31 | | */ |
32 | | |
33 | | #include "suricata-common.h" |
34 | | #include "suricata.h" |
35 | | #include "decode.h" |
36 | | #include "decode-events.h" |
37 | | #include "decode-erspan.h" |
38 | | |
39 | | #include "util-validate.h" |
40 | | #include "util-unittest.h" |
41 | | #include "util-debug.h" |
42 | | |
43 | | /** |
44 | | * \brief Functions to decode ERSPAN Type I and II packets |
45 | | */ |
46 | | |
47 | | /* |
48 | | * \brief ERSPAN Type I was configurable in 5.0.x but is no longer configurable. |
49 | | * |
50 | | * Issue a warning if a configuration setting is found. |
51 | | */ |
52 | | void DecodeERSPANConfig(void) |
53 | 26 | { |
54 | 26 | int enabled = 0; |
55 | 26 | if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) { |
56 | 0 | SCLogWarning(SC_WARN_ERSPAN_CONFIG, |
57 | 0 | "ERSPAN Type I is no longer configurable and it is always" |
58 | 0 | " enabled; ignoring configuration setting."); |
59 | 0 | } |
60 | 26 | } |
61 | | |
62 | | /** |
63 | | * \brief ERSPAN Type I |
64 | | */ |
65 | | int DecodeERSPANTypeI(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, |
66 | | const uint8_t *pkt, uint32_t len) |
67 | 1.99k | { |
68 | 1.99k | StatsIncr(tv, dtv->counter_erspan); |
69 | | |
70 | 1.99k | return DecodeEthernet(tv, dtv, p, pkt, len); |
71 | 1.99k | } |
72 | | |
73 | | /** |
74 | | * \brief ERSPAN Type II |
75 | | */ |
76 | | int DecodeERSPAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len) |
77 | 5.41k | { |
78 | 5.41k | DEBUG_VALIDATE_BUG_ON(pkt == NULL); |
79 | | |
80 | 0 | StatsIncr(tv, dtv->counter_erspan); |
81 | | |
82 | 5.41k | if (len < sizeof(ErspanHdr)) { |
83 | 406 | ENGINE_SET_EVENT(p,ERSPAN_HEADER_TOO_SMALL); |
84 | 406 | return TM_ECODE_FAILED; |
85 | 406 | } |
86 | 5.00k | if (!PacketIncreaseCheckLayers(p)) { |
87 | 0 | return TM_ECODE_FAILED; |
88 | 0 | } |
89 | | |
90 | 5.00k | const ErspanHdr *ehdr = (const ErspanHdr *)pkt; |
91 | 5.00k | uint16_t version = SCNtohs(ehdr->ver_vlan) >> 12; |
92 | 5.00k | uint16_t vlan_id = SCNtohs(ehdr->ver_vlan) & 0x0fff; |
93 | | |
94 | 5.00k | SCLogDebug("ERSPAN: version %u vlan %u", version, vlan_id); |
95 | | |
96 | | /* only v1 is tested at this time */ |
97 | 5.00k | if (version != 1) { |
98 | 569 | ENGINE_SET_EVENT(p,ERSPAN_UNSUPPORTED_VERSION); |
99 | 569 | return TM_ECODE_FAILED; |
100 | 569 | } |
101 | | |
102 | 4.43k | if (vlan_id > 0) { |
103 | 4.34k | if (p->vlan_idx >= 2) { |
104 | 0 | ENGINE_SET_EVENT(p,ERSPAN_TOO_MANY_VLAN_LAYERS); |
105 | 0 | return TM_ECODE_FAILED; |
106 | 0 | } |
107 | 4.34k | p->vlan_id[p->vlan_idx] = vlan_id; |
108 | 4.34k | p->vlan_idx++; |
109 | 4.34k | } |
110 | | |
111 | 4.43k | return DecodeEthernet(tv, dtv, p, pkt + sizeof(ErspanHdr), len - sizeof(ErspanHdr)); |
112 | 4.43k | } |
113 | | |
114 | | /** |
115 | | * @} |
116 | | */ |