Merge pull request #2624 in SNORT/snort3 from ~MMATIRKO/snort3:cdp to master

author Masud Hasan (mashasan) <mashasan@cisco.com>

Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)

committer Masud Hasan (mashasan) <mashasan@cisco.com>

Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)
author Masud Hasan (mashasan) <mashasan@cisco.com>
Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)
committer Masud Hasan (mashasan) <mashasan@cisco.com>
Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)
diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc

index c63ddeb350e071403adb1c741dacb64569f1edd2..3ba5302372da6989dc1603da1acfa66a6973d910 100644 (file)
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -47,6 +47,7 @@
  using namespace snort;
  using namespace snort::bpdu;
  using namespace snort::cdp;
+using namespace snort::icmp;
  using namespace std;
  
  #define RNA_NAT_COUNT_THRESHOLD 10
@@ -505,8 +506,8 @@ void RnaPnd::discover_network_ethernet(const Packet* p)
                  break;
  
              case SNAP_ID:
-                retval = discover_host_types_cdp(p, (const uint8_t*)llc + sizeof(RNA_LLC),
-                    p->dsize - sizeof(RNA_LLC));
+                retval = discover_network_cdp(p, (const uint8_t*)llc + sizeof(RNA_LLC),
+                    p->dsize - sizeof(RNA_LLC), rt);
                  break;
  
              default:
@@ -690,7 +691,8 @@ void RnaPnd::discover_host_types_ttl(RnaTracker& ht, const Packet *p, uint8_t pk
      ht->set_ip_ttl(pkt_ttl);
  }
  
-int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16_t rlen)
+int RnaPnd::discover_network_cdp(const Packet* p, const uint8_t* data, uint16_t rlen,
+    RnaTracker& rt)
  {
      if ( !is_cdp(layer::get_eth_layer(p)->ether_dst) or rlen < sizeof(RNA_CDP) )
          return 1;
@@ -698,6 +700,8 @@ int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16
      if ( ntohs(((const RNA_CDP *)data)->pid) != CDP_HDLC_PROTOCOL_TYPE )
          return 1;
  
+    generate_new_host_mac(p, rt, true);
+
      data += sizeof(RNA_CDP);
      const uint8_t* end = data + rlen - sizeof(RNA_CDP);
      std::vector<uint32_t> ip_address;
@@ -797,17 +801,6 @@ int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16
      return 0;
  }
  
-#define ICMPv6_NS_MIN_LEN 24
-#define ICMPv6_NA_MIN_LEN 24
-#define ICMPv6_RS_MIN_LEN 24
-#define ICMPv6_RA_MIN_LEN 16
-
-#define ICMPV6_OPION_SOURCE_LINKLAYER_ADDRESS 1
-#define ICMPV6_OPION_TARGET_LINKLAYER_ADDRESS 2
-#define ICMPV6_OPION_PREFIX_INFO              3
-#define ICMPV6_OPION_REDIRECT_HEADER          4
-#define ICMPV6_OPION_MTU                      5
-
  int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint32_t last_seen,
      const struct in6_addr* src_ip, const uint8_t* src_mac)
  {
@@ -835,7 +828,7 @@ int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint
  
                  opt_type = *data;
                  opt_len = *(data + 1);
-                if ( opt_type == ICMPV6_OPION_TARGET_LINKLAYER_ADDRESS )
+                if ( opt_type == ICMPV6_OPTION_TARGET_LINKLAYER_ADDRESS )
                      neighbor_src_mac = data + 2;
  
                  data += opt_len * 8;
@@ -857,7 +850,7 @@ int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint
  
                  opt_type = *data;
                  opt_len = *(data + 1);
-                if ( opt_type == ICMPV6_OPION_SOURCE_LINKLAYER_ADDRESS )
+                if ( opt_type == ICMPV6_OPTION_SOURCE_LINKLAYER_ADDRESS )
                      neighbor_src_mac = data + 2;
  
                  data += opt_len * 8;
diff --git a/src/network_inspectors/rna/rna_pnd.h b/src/network_inspectors/rna/rna_pnd.h

index 6c70b0a6f14d4e03cebea539e04ffb95a8f4d380..c85d5b2271b211bdbaa124bbc61bf981885e7876 100644 (file)
--- a/src/network_inspectors/rna/rna_pnd.h
+++ b/src/network_inspectors/rna/rna_pnd.h
@@ -166,7 +166,8 @@ private:
      void discover_network_ethernet(const snort::Packet*);
      int discover_network_arp(const snort::Packet*, RnaTracker*);
      int discover_network_bpdu(const snort::Packet*, const uint8_t* data, RnaTracker);
-    int discover_host_types_cdp(const snort::Packet*, const uint8_t* data, uint16_t rlen);
+    int discover_network_cdp(const snort::Packet*, const uint8_t* data, uint16_t rlen,
+        RnaTracker&);
  
      int discover_switch(const snort::Packet*, RnaTracker);
  
diff --git a/src/protocols/icmp6.h b/src/protocols/icmp6.h

index c50df3a07204e038d4ef6e34503d07a2788b60b0..ca80a1ed98e5f5a383779a60a5d7070cc60a97e6 100644 (file)
--- a/src/protocols/icmp6.h
+++ b/src/protocols/icmp6.h
@@ -29,6 +29,17 @@ namespace icmp
  constexpr uint16_t ICMP6_HEADER_MIN_LEN = 4;
  constexpr uint16_t ICMP6_HEADER_NORMAL_LEN = 8;
  
+#define ICMPv6_NS_MIN_LEN 24
+#define ICMPv6_NA_MIN_LEN 24
+#define ICMPv6_RS_MIN_LEN 24
+#define ICMPv6_RA_MIN_LEN 16
+
+#define ICMPV6_OPTION_SOURCE_LINKLAYER_ADDRESS 1
+#define ICMPV6_OPTION_TARGET_LINKLAYER_ADDRESS 2
+#define ICMPV6_OPTION_PREFIX_INFO              3
+#define ICMPV6_OPTION_REDIRECT_HEADER          4
+#define ICMPV6_OPTION_MTU                      5
+
  //enum class Icmp6Types : std::uint8_t
  enum Icmp6Types : std::uint8_t
  {
author	Masud Hasan (mashasan) <mashasan@cisco.com>
	Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)
committer	Masud Hasan (mashasan) <mashasan@cisco.com>
	Thu, 19 Nov 2020 21:11:29 +0000 (21:11 +0000)
src/network_inspectors/rna/rna_pnd.cc		patch \| blob \| blame \| history
src/network_inspectors/rna/rna_pnd.h		patch \| blob \| blame \| history
src/protocols/icmp6.h		patch \| blob \| blame \| history