-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#ifndef __DECODE_EVENTS_H__
#define __DECODE_EVENTS_H__
+/* packet decoder events */
enum {
/* IPV4 EVENTS */
IPV4_PKT_TOO_SMALL = 1, /**< ipv4 pkt smaller than minimum header size */
IPV4_OPT_DUPLICATE, /**< duplicated ip option */
IPV4_OPT_UNKNOWN, /**< unknown ip option */
IPV4_WRONG_IP_VER, /**< wrong ip version in ip options */
+ IPV4_WITH_ICMPV6, /**< IPv4 packet with ICMPv6 header */
/* ICMP EVENTS */
ICMPV4_PKT_TOO_SMALL, /**< icmpv4 packet smaller than minimum size */
ICMPV6_PKT_TOO_SMALL, /**< icmpv6 smaller than minimum size */
ICMPV6_IPV6_UNKNOWN_VER, /**< unknown version in icmpv6 packet */
ICMPV6_IPV6_TRUNC_PKT, /**< truncated icmpv6 packet */
+ ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, /**< invalid MLD that doesn't have HL 1 */
+ ICMPV6_UNASSIGNED_TYPE, /**< unsassigned ICMPv6 type */
+ ICMPV6_EXPERIMENTATION_TYPE, /**< uprivate experimentation ICMPv6 type */
/* IPV6 EVENTS */
IPV6_PKT_TOO_SMALL, /**< ipv6 packet smaller than minimum size */
IPV6_WRONG_IP_VER, /**< wrong version in ipv6 */
IPV6_EXTHDR_AH_RES_NOT_NULL, /**< AH hdr reserved fields not null (rfc 4302) */
+ IPV6_HOPOPTS_UNKNOWN_OPT, /**< unknown HOP opt */
+ IPV6_HOPOPTS_ONLY_PADDING, /**< all options in HOP opts are padding */
+ IPV6_DSTOPTS_UNKNOWN_OPT, /**< unknown DST opt */
+ IPV6_DSTOPTS_ONLY_PADDING, /**< all options in DST opts are padding */
+
+ IPV6_EXTHDR_RH_TYPE_0, /**< RH 0 is deprecated as per rfc5095 */
+ IPV6_EXTHDR_ZERO_LEN_PADN, /**< padN w/o data (0 len) */
+ IPV6_FH_NON_ZERO_RES_FIELD, /**< reserved field not zero */
+ IPV6_DATA_AFTER_NONE_HEADER, /**< data after 'none' (59) header */
+
+ IPV6_UNKNOWN_NEXT_HEADER, /**< unknown/unsupported next header */
+ IPV6_WITH_ICMPV4, /**< IPv6 packet with ICMPv4 header */
+
/* TCP EVENTS */
TCP_PKT_TOO_SMALL, /**< tcp packet smaller than minimum size */
TCP_HLEN_TOO_SMALL, /**< tcp header smaller than minimum size */
/* VLAN EVENTS */
VLAN_HEADER_TOO_SMALL, /**< vlan header smaller than minimum size */
VLAN_UNKNOWN_TYPE, /**< vlan unknown type */
+ VLAN_HEADER_TOO_MANY_LAYERS,
/* RAW EVENTS */
IPRAW_INVALID_IPV, /**< invalid ip version in ip raw */
+ /* LINKTYPE NULL EVENTS */
+ LTNULL_PKT_TOO_SMALL, /**< pkt too small for lt:null */
+ LTNULL_UNSUPPORTED_TYPE, /**< pkt has a type that the decoder doesn't support */
+
+ /* STREAM EVENTS */
STREAM_3WHS_ACK_IN_WRONG_DIR,
STREAM_3WHS_ASYNC_WRONG_SEQ,
STREAM_3WHS_RIGHT_SEQ_WRONG_ACK_EVASION,
STREAM_3WHS_SYNACK_RESEND_WITH_DIFF_SEQ,
STREAM_3WHS_SYNACK_TOSERVER_ON_SYN_RECV,
STREAM_3WHS_SYNACK_WITH_WRONG_ACK,
+ STREAM_3WHS_SYNACK_FLOOD,
STREAM_3WHS_SYN_RESEND_DIFF_SEQ_ON_SYN_RECV,
STREAM_3WHS_SYN_TOCLIENT_ON_SYN_RECV,
STREAM_3WHS_WRONG_SEQ_WRONG_ACK,
STREAM_4WHS_INVALID_ACK,
STREAM_CLOSEWAIT_ACK_OUT_OF_WINDOW,
STREAM_CLOSEWAIT_FIN_OUT_OF_WINDOW,
+ STREAM_CLOSEWAIT_PKT_BEFORE_LAST_ACK,
STREAM_CLOSEWAIT_INVALID_ACK,
STREAM_CLOSING_ACK_WRONG_SEQ,
STREAM_CLOSING_INVALID_ACK,
STREAM_RST_BUT_NO_SESSION,
STREAM_TIMEWAIT_ACK_WRONG_SEQ,
STREAM_TIMEWAIT_INVALID_ACK,
+ STREAM_SHUTDOWN_SYN_RESEND,
STREAM_PKT_INVALID_TIMESTAMP,
STREAM_PKT_INVALID_ACK,
+ STREAM_PKT_BROKEN_ACK,
STREAM_RST_INVALID_ACK,
+ STREAM_PKT_RETRANSMISSION,
+ STREAM_PKT_BAD_WINDOW_UPDATE,
STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ,
STREAM_REASSEMBLY_NO_SEGMENT,
STREAM_REASSEMBLY_SEQ_GAP,
+ STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA,
+
/* SCTP EVENTS */
- SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */
+ SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */
/* Fragmentation reasembly events. */
IPV4_FRAG_PKT_TOO_LARGE,
- IPV4_FRAG_OVERLAP,
IPV6_FRAG_PKT_TOO_LARGE,
+ IPV4_FRAG_OVERLAP,
IPV6_FRAG_OVERLAP,
+ IPV4_FRAG_TOO_LARGE,
+ IPV6_FRAG_TOO_LARGE,
+ /* Fragment ignored due to internal error */
+ IPV4_FRAG_IGNORED,
+ IPV6_FRAG_IGNORED,
+
+ /* IPv4 in IPv6 events */
+ IPV4_IN_IPV6_PKT_TOO_SMALL,
+ IPV4_IN_IPV6_WRONG_IP_VER,
+ /* IPv6 in IPv6 events */
+ IPV6_IN_IPV6_PKT_TOO_SMALL,
+ IPV6_IN_IPV6_WRONG_IP_VER,
+
+ /* MPLS decode events. */
+ MPLS_HEADER_TOO_SMALL,
+ MPLS_BAD_LABEL_ROUTER_ALERT,
+ MPLS_BAD_LABEL_IMPLICIT_NULL,
+ MPLS_BAD_LABEL_RESERVED,
+ MPLS_UNKNOWN_PAYLOAD_TYPE,
+
+ /* ERSPAN events */
+ ERSPAN_HEADER_TOO_SMALL,
+ ERSPAN_UNSUPPORTED_VERSION,
+ ERSPAN_TOO_MANY_VLAN_LAYERS,
/* should always be last! */
DECODE_EVENT_MAX,
};
-#define DECODER_EVENTS_BUFFER_STEPS 5
-
-/**
- * \brief Data structure to store app layer decoder events.
- */
-typedef struct AppLayerDecoderEvents_ {
- /* array of events */
- uint8_t *events;
- /* number of events in the above buffer */
- uint8_t cnt;
- /* current event buffer size */
- uint8_t events_buffer_size;
-} AppLayerDecoderEvents;
-
-/**
- * \brief Store decoder event module
- */
-typedef struct AppLayerDecoderEventsModule_ {
- /* the alproto module for which we are storing the event table */
- uint16_t alproto;
- /* the event table map */
- SCEnumCharMap *table;
-
- struct AppLayerDecoderEventsModule_ *next;
-} AppLayerDecoderEventsModule;
-
-#if 0
-
-#define AppLayerDecoderEventsSetEvent(module_id, devents_head, event) \
- do { \
- DecoderEvents devents = *devents_head; \
- while (devents != NULL && devents->module_id != module_id) { \
- devents = devents->next; \
- } \
- if (devents == NULL) { \
- DecoderEvents new_devents = SCMalloc(sizeof(DecoderEvents));\
- if (new_devents == NULL) \
- return; \
- memset(new_devents, 0, sizeof(DecoderEvents)); \
- devents_head = new_devents; \
- } \
- if ((devents)->cnt == events_buffer_size) { \
- devents->events = SCRealloc(devents->events, \
- (devents->cnt + \
- DECODER_EVENTS_BUFFER_STEPS) * \
- sizeof(uint8_t)); \
- if (devents->events == NULL) { \
- devents->events_buffer_size = 0; \
- devents->cnt = 0; \
- break; \
- } \
- devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \
- } \
- devents->events[devents->cnt++] = event; \
- } while (0)
-
-static inline int AppLayerDecoderEventsIsEventSet(int module_id,
- DecoderEvents *devents,
- uint8_t event)
-{
- while (devents != NULL && devents->module_id != module_id) {
- devents = devents->next;
- }
-
- if (devents == NULL)
- return 0;
-
- int i;
- int cnt = devents->cnt;
- for (i = 0; i < cnt; i++) {
- if (devents->events[i] == event)
- return 1;
- }
-
- return 0;
-}
-
-#define DecoderEventsFreeEvents(devents) \
- do { \
- while ((devents) != NULL) { \
- if ((devents)->events != NULL) \
- SCFree((devents)->events); \
- (devents) = (devents)->next; \
- } \
- } while (0)
-
-
-#endif /* #if 0 */
-
-/**
- * \brief Set an app layer decoder event.
- *
- * \param devents_head Pointer to a DecoderEvents pointer head. If
- * the head points to a DecoderEvents instance, a
- * new instance would be created and the pointer head would
- * would be updated with this new instance
- * \param event The event to be stored.
- */
-#define AppLayerDecoderEventsSetEvent(f, event) \
- do { \
- AppLayerParserStateStore *parser_state_store = \
- (AppLayerParserStateStore *)(f)->alparser; \
- AppLayerDecoderEvents *devents = \
- parser_state_store->decoder_events; \
- if (devents == NULL) { \
- AppLayerDecoderEvents *new_devents = \
- SCMalloc(sizeof(AppLayerDecoderEvents)); \
- if (new_devents == NULL) \
- break; \
- memset(new_devents, 0, sizeof(AppLayerDecoderEvents)); \
- parser_state_store->decoder_events = new_devents; \
- devents = new_devents; \
- } \
- if (devents->cnt == devents->events_buffer_size) { \
- devents->events = SCRealloc(devents->events, \
- (devents->cnt + \
- DECODER_EVENTS_BUFFER_STEPS) * \
- sizeof(uint8_t)); \
- if (devents->events == NULL) { \
- devents->events_buffer_size = 0; \
- devents->cnt = 0; \
- break; \
- } \
- devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \
- } \
- devents->events[devents->cnt++] = (event); \
- SCLogDebug("setting app-layer-event %u", (event)); \
- } while (0)
-
-static inline int AppLayerDecoderEventsIsEventSet(AppLayerDecoderEvents *devents,
- uint8_t event)
-{
- if (devents == NULL)
- return 0;
-
- int i;
- int cnt = devents->cnt;
- for (i = 0; i < cnt; i++) {
- if (devents->events[i] == event)
- return 1;
- }
-
- return 0;
-}
-
-#define AppLayerDecoderEventsFreeEvents(devents) \
- do { \
- if ((devents) != NULL) { \
- if ((devents)->events != NULL) \
- SCFree((devents)->events); \
- } \
- SCFree((devents)); \
- } while (0)
-
-void AppLayerDecoderEventsModuleRegister(uint16_t, SCEnumCharMap *);
-uint16_t AppLayerDecoderEventsModuleGetAlproto(const char *);
-int AppLayerDecoderEventsModuleGetEventId(uint16_t, const char *);
-void AppLayerDecodeEventsModuleDeRegister(void);
-
-/***** Unittest helper functions *****/
-void AppLayerDecoderEventsModuleCreateBackup(void);
-void AppLayerDecoderEventsModuleRestoreBackup(void);
-
#endif /* __DECODE_EVENTS_H__ */