Actions
Feature #746
closedDecoding API modification
Effort:
Difficulty:
Label:
Description
I propose to change the type of Decode* function (and other decoding functions as well). It could then return an error if the decoding is not correct (let's say SC_ERR).
Then we could do in DecodeTeredo and other functions:
if (IP_GET_RAW_VER(start) == 6) {
IPV6Hdr *thdr = (IPV6Hdr *)start;
if (len == IPV6_HEADER_LEN +
IPV6_GET_RAW_PLEN(thdr) + (start - pkt)) {
if (pq != NULL) {
int blen = len - (start - pkt);
/* spawn off tunnel packet */
Packet *tp = PacketPseudoPktSetup(p, start, blen,
IPPROTO_IPV6);
if (tp != NULL) {
PKT_SET_SRC(tp, PKT_SRC_DECODER_TEREDO);
/* send that to the Tunnel decoder */
ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp),
pq, IPPROTO_IPV6);
if (ret != SC_ERR) {
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca);
return 1;
} else {
RETURN PACKET TO POOL
return 0;
}
}
}
}
This would allow to detect incorrect IPv6 packets which will trigger a failure of DecodeIPv6 and hence of DecodeTunnel. This way we will detect invalid packet in the most accurate way.
Actions