capture: add support for IP-IP tunnel

src/capture.c

@@ -485,6 +485,7 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
         }
     }
 
+    while (*size >= sizeof(struct ip)) {
         // Get IP header
         ip4 = (struct ip *) (packet + link_hl);
 
@@ -536,6 +537,17 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
         // Remove IP Header length from payload
         *size = *caplen - link_hl - ip_hl;
 
+        if (ip_proto == IPPROTO_IPIP) {
+            // The payload is an incapsulated IP packet (IP-IP tunnel)
+            // so we simply skip the "outer" IP header and repeat.
+            // NOTE: this will break IP reassembly if the "outer"
+            // packet is fragmented.
+            link_hl += ip_hl;
+        } else {
+            break;
+        }
+    }
+
     // If no fragmentation
     if (ip_frag == 0) {
         // Just create a new packet with given network data

tests/Makefile.am

@@ -2,6 +2,7 @@ AUTOMAKE_OPTIONS=subdir-objects
 
 check_PROGRAMS=test-001 test-002 test-003 test-004 test-005
 check_PROGRAMS+=test-006 test-007 test-008 test-009 test-010
+check_PROGRAMS+=test-011
 
 test_001_SOURCES=test_001.c
 test_002_SOURCES=test_002.c
@@ -13,5 +14,6 @@ test_007_SOURCES=test_007.c ../src/vector.c ../src/util.c
 test_008_SOURCES=test_008.c
 test_009_SOURCES=test_009.c
 test_010_SOURCES=test_010.c ../src/hash.c
+test_011_SOURCES=test_011.c
 
 TESTS = $(check_PROGRAMS)

tests/README

@@ -10,6 +10,7 @@ doesn't crash. This checks are ultra-super-basic.
 - test_005 : Column selection testing
 - test_006 : Message diff testing
 - test_007: Test vector container structures
+- test_011: Test mix of normal packets with IPIP tunneled packets
 
 Sample capture files has been taken from wireshark Wiki:
 - https://wiki.wireshark.org/SampleCaptures

tests/test_008.c

@@ -20,7 +20,7 @@
  **
  ****************************************************************************/
 /**
- * @file test_001.c
+ * @file test_008.c
  * @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
  *
  * Test for sorting columns based on standard attributes

tests/test_009.c

@@ -20,7 +20,7 @@
  **
  ****************************************************************************/
 /**
- * @file test_001.c
+ * @file test_009.c
  * @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
  *
  * Test for adding a new attribute column and sorting using it.

tests/test_011.c

@@ -0,0 +1,43 @@
+/**************************************************************************
+ **
+ ** sngrep - SIP Messages flow viewer
+ **
+ ** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
+ ** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
+ **
+ ** This program is free software: you can redistribute it and/or modify
+ ** it under the terms of the GNU General Public License as published by
+ ** the Free Software Foundation, either version 3 of the License, or
+ ** (at your option) any later version.
+ **
+ ** This program is distributed in the hope that it will be useful,
+ ** but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ ** GNU General Public License for more details.
+ **
+ ** You should have received a copy of the GNU General Public License
+ ** along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ **
+ ****************************************************************************/
+/**
+ * @file test_011.c
+ * @author Evgeny Khramtsov <evgeny.khramtsov@nordigy.ru>
+ *
+ * IP-IP tunnel test from ipip.pcap
+ */
+
+const char keys[] =
+        {
+          /* Enter Call Flow */
+          10,
+          /* Leave Call Flow */
+          27,
+          /* Exit */
+          27,
+          10,
+          0
+        };
+
+#define TEST_PCAP_INPUT "ipip.pcap"
+
+#include "test_input.c"