Merge pull request #2541 in SNORT/snort3 from ~PUNEETKU/snort3:vrf_same_ip to master

author Cynthia Leonard (cyleonar) <cyleonar@cisco.com>

Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)

committer Cynthia Leonard (cyleonar) <cyleonar@cisco.com>

Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)
author Cynthia Leonard (cyleonar) <cyleonar@cisco.com>
Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)
committer Cynthia Leonard (cyleonar) <cyleonar@cisco.com>
Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)
diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc

index 3d63e9ac4627302ccf3cecac2e4d0f07e8a985a8..cc40195cd160c419019e09ae1cc0458fcee9eafd 100644 (file)
--- a/src/codecs/ip/cd_ipv4.cc
+++ b/src/codecs/ip/cd_ipv4.cc
@@ -124,7 +124,7 @@ public:
  
  private:
      bool valid_checksum_from_daq(const RawData&);
-    void IP4AddrTests(const ip::IP4Hdr*, const CodecData&, DecodeData&);
+    void IP4AddrTests(const ip::IP4Hdr*, const RawData&, const CodecData&, DecodeData&);
      void IPMiscTests(const ip::IP4Hdr* const ip4h, const CodecData& codec, uint16_t len);
      void DecodeIPOptions(const uint8_t* start, uint8_t& o_len, CodecData& data);
  };
@@ -255,7 +255,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
      /*
       * IP Header tests: Land attack, and Loop back test
       */
-    IP4AddrTests(iph, codec, snort);
+    IP4AddrTests(iph, raw, codec, snort);
  
      if (snort::get_network_policy()->ip_checksums() && !valid_checksum_from_daq(raw))
      {
@@ -358,14 +358,23 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
  }
  
  void Ipv4Codec::IP4AddrTests(
-    const ip::IP4Hdr* iph, const CodecData& codec, DecodeData& snort)
+    const ip::IP4Hdr* iph, const RawData& raw, const CodecData& codec,
+    DecodeData& snort)
  {
      uint8_t msb_src, msb_dst;
  
      // check all 32 bits ...
      if ( iph->ip_src == iph->ip_dst )
      {
-        codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
+        const DAQ_PktHdr_t* pkth = daq_msg_get_pkthdr(raw.daq_msg);
+
+        if ( pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS )
+        {
+            if ( pkth->ingress_group == pkth->egress_group )
+                codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
+        }
+        else
+            codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
      }
  
      // check all 32 bits ...
diff --git a/src/codecs/ip/cd_ipv6.cc b/src/codecs/ip/cd_ipv6.cc

index 90950b0f6dbb32964a6a16d5f17fc9d63e1dd8ae..6989aa2756f62ada2b0f8801edb685213c72bbe3 100644 (file)
--- a/src/codecs/ip/cd_ipv6.cc
+++ b/src/codecs/ip/cd_ipv6.cc
@@ -103,7 +103,7 @@ private:
      void IPV6CheckIsatap(const ip::IP6Hdr* const,
          const DecodeData&,
          const CodecData&);
-    void IPV6MiscTests(const DecodeData&, const CodecData&);
+    void IPV6MiscTests(const RawData&, const DecodeData&, const CodecData&);
      void CheckIPV6Multicast(const ip::IP6Hdr* const, const CodecData&);
      bool CheckTeredoPrefix(const ip::IP6Hdr* const hdr);
  };
@@ -213,7 +213,7 @@ bool Ipv6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
          snort.ip_api.update(real_src, real_dst);
      }
  
-    IPV6MiscTests(snort, codec);
+    IPV6MiscTests(raw, snort, codec);
      CheckIPV6Multicast(ip6h, codec);
  
      if (ip6h->is_valid_next_header() == false)
@@ -251,7 +251,8 @@ void Ipv6Codec::IPV6CheckIsatap(const ip::IP6Hdr* const ip6h,
      }
  }
  
-void Ipv6Codec::IPV6MiscTests(const DecodeData& snort, const CodecData& codec)
+void Ipv6Codec::IPV6MiscTests(const RawData& raw, const DecodeData& snort,
+    const CodecData& codec)
  {
      const SfIp* ip_src = snort.ip_api.get_src();
      const SfIp* ip_dst = snort.ip_api.get_dst();
@@ -263,7 +264,15 @@ void Ipv6Codec::IPV6MiscTests(const DecodeData& snort, const CodecData& codec)
       */
      if (ip_src->fast_eq6(*ip_dst))
      {
-        codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
+        const DAQ_PktHdr_t* pkth = daq_msg_get_pkthdr(raw.daq_msg);
+
+        if (pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS)
+        {
+            if (pkth->ingress_group == pkth->egress_group)
+                codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
+        }
+        else
+            codec_event(codec, DECODE_BAD_TRAFFIC_SAME_SRCDST);
      }
  
      if (ip_src->is_loopback() || ip_dst->is_loopback())
author	Cynthia Leonard (cyleonar) <cyleonar@cisco.com>
	Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)
committer	Cynthia Leonard (cyleonar) <cyleonar@cisco.com>
	Thu, 15 Oct 2020 09:40:12 +0000 (09:40 +0000)
src/codecs/ip/cd_ipv4.cc		patch \| blob \| blame \| history
src/codecs/ip/cd_ipv6.cc		patch \| blob \| blame \| history