-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2013 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#ifndef __DECODE_EVENTS_H__
#define __DECODE_EVENTS_H__
-/***** packet decoder events *****/
-
+/* packet decoder events */
enum {
/* IPV4 EVENTS */
IPV4_PKT_TOO_SMALL = 1, /**< ipv4 pkt smaller than minimum header size */
IPV4_OPT_DUPLICATE, /**< duplicated ip option */
IPV4_OPT_UNKNOWN, /**< unknown ip option */
IPV4_WRONG_IP_VER, /**< wrong ip version in ip options */
+ IPV4_WITH_ICMPV6, /**< IPv4 packet with ICMPv6 header */
/* ICMP EVENTS */
ICMPV4_PKT_TOO_SMALL, /**< icmpv4 packet smaller than minimum size */
ICMPV6_PKT_TOO_SMALL, /**< icmpv6 smaller than minimum size */
ICMPV6_IPV6_UNKNOWN_VER, /**< unknown version in icmpv6 packet */
ICMPV6_IPV6_TRUNC_PKT, /**< truncated icmpv6 packet */
+ ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, /**< invalid MLD that doesn't have HL 1 */
+ ICMPV6_UNASSIGNED_TYPE, /**< unsassigned ICMPv6 type */
+ ICMPV6_EXPERIMENTATION_TYPE, /**< uprivate experimentation ICMPv6 type */
/* IPV6 EVENTS */
IPV6_PKT_TOO_SMALL, /**< ipv6 packet smaller than minimum size */
IPV6_DSTOPTS_UNKNOWN_OPT, /**< unknown DST opt */
IPV6_DSTOPTS_ONLY_PADDING, /**< all options in DST opts are padding */
+ IPV6_EXTHDR_RH_TYPE_0, /**< RH 0 is deprecated as per rfc5095 */
+ IPV6_EXTHDR_ZERO_LEN_PADN, /**< padN w/o data (0 len) */
+ IPV6_FH_NON_ZERO_RES_FIELD, /**< reserved field not zero */
+ IPV6_DATA_AFTER_NONE_HEADER, /**< data after 'none' (59) header */
+
+ IPV6_UNKNOWN_NEXT_HEADER, /**< unknown/unsupported next header */
IPV6_WITH_ICMPV4, /**< IPv6 packet with ICMPv4 header */
/* TCP EVENTS */
/* RAW EVENTS */
IPRAW_INVALID_IPV, /**< invalid ip version in ip raw */
+ /* LINKTYPE NULL EVENTS */
+ LTNULL_PKT_TOO_SMALL, /**< pkt too small for lt:null */
+ LTNULL_UNSUPPORTED_TYPE, /**< pkt has a type that the decoder doesn't support */
+
/* STREAM EVENTS */
STREAM_3WHS_ACK_IN_WRONG_DIR,
STREAM_3WHS_ASYNC_WRONG_SEQ,
STREAM_PKT_BROKEN_ACK,
STREAM_RST_INVALID_ACK,
STREAM_PKT_RETRANSMISSION,
+ STREAM_PKT_BAD_WINDOW_UPDATE,
STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ,
STREAM_REASSEMBLY_NO_SEGMENT,
IPV6_IN_IPV6_PKT_TOO_SMALL,
IPV6_IN_IPV6_WRONG_IP_VER,
+ /* MPLS decode events. */
+ MPLS_HEADER_TOO_SMALL,
+ MPLS_BAD_LABEL_ROUTER_ALERT,
+ MPLS_BAD_LABEL_IMPLICIT_NULL,
+ MPLS_BAD_LABEL_RESERVED,
+ MPLS_UNKNOWN_PAYLOAD_TYPE,
+
+ /* ERSPAN events */
+ ERSPAN_HEADER_TOO_SMALL,
+ ERSPAN_UNSUPPORTED_VERSION,
+ ERSPAN_TOO_MANY_VLAN_LAYERS,
+
/* should always be last! */
DECODE_EVENT_MAX,
};
-#define DECODER_EVENTS_BUFFER_STEPS 5
-
-/**
- * \brief Data structure to store app layer decoder events.
- */
-typedef struct AppLayerDecoderEvents_ {
- /* array of events */
- uint8_t *events;
- /* number of events in the above buffer */
- uint8_t cnt;
- /* current event buffer size */
- uint8_t events_buffer_size;
-} AppLayerDecoderEvents;
-
-/**
- * \brief Set an app layer decoder event.
- *
- * \param sevents Pointer to a DecoderEvents pointer head. If
- * the head points to a DecoderEvents instance, a
- * new instance would be created and the pointer head would
- * would be updated with this new instance
- * \param event The event to be stored.
- */
-#define AppLayerDecoderEventsSetEventRaw(sevents, event) \
- do { \
- AppLayerDecoderEvents *devents = (sevents); \
- if (devents == NULL) { \
- AppLayerDecoderEvents *new_devents = \
- SCMalloc(sizeof(AppLayerDecoderEvents)); \
- if (new_devents == NULL) \
- break; \
- memset(new_devents, 0, sizeof(AppLayerDecoderEvents)); \
- (sevents) = devents = new_devents; \
- } \
- if (devents->cnt == devents->events_buffer_size) { \
- devents->events = SCRealloc(devents->events, \
- (devents->cnt + \
- DECODER_EVENTS_BUFFER_STEPS) * \
- sizeof(uint8_t)); \
- if (devents->events == NULL) { \
- devents->events_buffer_size = 0; \
- devents->cnt = 0; \
- (sevents) = NULL; \
- break; \
- } \
- devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \
- } \
- devents->events[devents->cnt++] = (event); \
- } while (0)
-
-/**
- * \brief Set an app layer decoder event.
- *
- * \param devents_head Pointer to a DecoderEvents pointer head. If
- * the head points to a DecoderEvents instance, a
- * new instance would be created and the pointer head would
- * would be updated with this new instance
- * \param event The event to be stored.
- */
-#define AppLayerDecoderEventsSetEvent(f, event) \
- do { \
- AppLayerParserStateStore *parser_state_store = \
- (AppLayerParserStateStore *)(f)->alparser; \
- AppLayerDecoderEvents *devents = \
- parser_state_store->decoder_events; \
- if (devents == NULL) { \
- AppLayerDecoderEvents *new_devents = \
- SCMalloc(sizeof(AppLayerDecoderEvents)); \
- if (new_devents == NULL) \
- break; \
- memset(new_devents, 0, sizeof(AppLayerDecoderEvents)); \
- parser_state_store->decoder_events = new_devents; \
- devents = new_devents; \
- } \
- if (devents->cnt == devents->events_buffer_size) { \
- devents->events = SCRealloc(devents->events, \
- (devents->cnt + \
- DECODER_EVENTS_BUFFER_STEPS) * \
- sizeof(uint8_t)); \
- if (devents->events == NULL) { \
- devents->events_buffer_size = 0; \
- devents->cnt = 0; \
- break; \
- } \
- devents->events_buffer_size += DECODER_EVENTS_BUFFER_STEPS; \
- } \
- devents->events[devents->cnt++] = (event); \
- SCLogDebug("setting app-layer-event %u", (event)); \
- } while (0)
-
-static inline int AppLayerDecoderEventsIsEventSet(AppLayerDecoderEvents *devents,
- uint8_t event)
-{
- if (devents == NULL)
- return 0;
-
- int i;
- int cnt = devents->cnt;
- for (i = 0; i < cnt; i++) {
- if (devents->events[i] == event)
- return 1;
- }
-
- return 0;
-}
-
-#define AppLayerDecoderEventsResetEvents(devents) \
- do { \
- if ((devents) != NULL) { \
- (devents)->cnt = 0; \
- } \
- } while (0)
-
-#define AppLayerDecoderEventsFreeEvents(devents) \
- do { \
- if ((devents) != NULL) { \
- if ((devents)->events != NULL) \
- SCFree((devents)->events); \
- } \
- SCFree((devents)); \
- } while (0)
-
#endif /* __DECODE_EVENTS_H__ */
projects / people / ms / suricata.git / blobdiff