ipv4: update checksum function to be like tcp/udp

Update the IPv4 checksum function to be like the
changed TCP/UDP checksum functions for consistency.

diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index e7f28b3228ea84e4b37e9f9fcd742cfadde2b8c4..ac1fa7e2911672171678270aeace5f827280b336 100644 (file)
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -640,8 +640,8 @@ static int Unified2PrintStreamSegmentCallback(const Packet *p, void *data, const
 
         fakehdr->tcph.th_sum = TCPChecksum(fakehdr->ip4h.s_ip_addrs,
                 (uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr), 0);
-        fakehdr->ip4h.ip_csum = IPV4CalculateChecksum((uint16_t *)&fakehdr->ip4h,
-                IPV4_GET_RAW_HLEN(&fakehdr->ip4h));
+        fakehdr->ip4h.ip_csum = IPV4Checksum((uint16_t *)&fakehdr->ip4h,
+            IPV4_GET_RAW_HLEN(&fakehdr->ip4h), 0);
     }
 
     /* write out */

diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c
index c21d224600457e954a203432803ea53f0861fc07..3b5ee64942141e2d49419edf10b306d82dcb9857 100644 (file)
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
@@ -1199,7 +1199,8 @@ static int IPV4CalculateValidChecksumtest01(void)
 
     csum = *( ((uint16_t *)raw_ipv4) + 5);
 
-    return (csum == IPV4CalculateChecksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4)));
+    FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) != 0);
+    PASS;
 }
 
 static int IPV4CalculateInvalidChecksumtest02(void)
@@ -1213,7 +1214,8 @@ static int IPV4CalculateInvalidChecksumtest02(void)
 
     csum = *( ((uint16_t *)raw_ipv4) + 5);
 
-    return (csum != IPV4CalculateChecksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4)));
+    FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) == 0);
+    PASS;
 }
 
 /**

diff --git a/src/decode-ipv4.h b/src/decode-ipv4.h
index 77af6762bc20148dd322db8f21eb57c3f2fb8cb7..c8f268d054e56fbfd096dd5ec0a572b9b8f5af05 100644 (file)
--- a/src/decode-ipv4.h
+++ b/src/decode-ipv4.h
@@ -181,21 +181,24 @@ typedef struct IPV4Vars_
 void DecodeIPV4RegisterTests(void);
 
 /** ----- Inline functions ----- */
-static inline uint16_t IPV4CalculateChecksum(uint16_t *, uint16_t);
+static inline uint16_t IPV4Checksum(uint16_t *, uint16_t, uint16_t);
+
 /**
- * \brief Calculates the checksum for the IP packet
+ * \brief Calculateor validate the checksum for the IP packet
  *
  * \param pkt  Pointer to the start of the IP packet
  * \param hlen Length of the IP header
+ * \param init The current checksum if validating, 0 if generating.
  *
- * \retval csum Checksum for the IP packet
+ * \retval csum For validation 0 will be returned for success, for calculation
+ *    this will be the checksum.
  */
-static inline uint16_t IPV4CalculateChecksum(uint16_t *pkt, uint16_t hlen)
+static inline uint16_t IPV4Checksum(uint16_t *pkt, uint16_t hlen, uint16_t init)
 {
-    uint32_t csum = pkt[0];
+    uint32_t csum = init;
 
-    csum += pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[6] + pkt[7] + pkt[8] +
-        pkt[9];
+    csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[6] + pkt[7] +
+        pkt[8] + pkt[9];
 
     hlen -= 20;
     pkt += 10;

diff --git a/src/defrag.c b/src/defrag.c
index 5433ce78607c5e694686de0fd2d93edec264b1bd..5245f43d654734ed4e3c10b7902400349b0f9115 100644 (file)
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -1042,7 +1042,7 @@ BuildTestPacket(uint8_t proto, uint16_t id, uint16_t off, int mf,
     SET_PKT_LEN(p, hlen + content_len);
     SCFree(pcontent);
 
-    p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)GET_PKT_DATA(p), hlen);
+    p->ip4h->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0);
 
     /* Self test. */
     if (IPV4_GET_VER(p) != 4)

diff --git a/src/detect-csum.c b/src/detect-csum.c
index bef86066cf58bf1e45caacd3e0447c5b0cffe2e4..7f9c307a79c4cdf4afe5cb67049665900ff96e3c 100644 (file)
--- a/src/detect-csum.c
+++ b/src/detect-csum.c
@@ -242,12 +242,13 @@ static int DetectIPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
     }
 
     if (p->level3_comp_csum == -1)
-        p->level3_comp_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
-                                                    IPV4_GET_HLEN(p));
+        p->level3_comp_csum = IPV4Checksum((uint16_t *)p->ip4h,
+                                           IPV4_GET_HLEN(p),
+                                           p->ip4h->ip_csum);
 
-    if (p->level3_comp_csum == p->ip4h->ip_csum && cd->valid == 1)
+    if (p->level3_comp_csum == 0 && cd->valid == 1)
         return 1;
-    else if (p->level3_comp_csum != p->ip4h->ip_csum && cd->valid == 0)
+    else if (p->level3_comp_csum != 0 && cd->valid == 0)
         return 1;
     else
         return 0;

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index cf0dd622e5a3f1cd695a79db7be27d0a4a8a57b6..eb1400022f894dd3abd8a5e95df8913d699544a8 100644 (file)
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -243,8 +243,8 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
                                                (uint16_t *)p->tcph, 20, 0);
         /* calc ipv4 csum as we may log it and barnyard might reject
          * a wrong checksum */
-        p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
-                IPV4_GET_RAW_HLEN(p->ip4h));
+        p->ip4h->ip_csum = IPV4Checksum((uint16_t *)p->ip4h,
+                IPV4_GET_RAW_HLEN(p->ip4h), 0);
     } else if (FLOW_IS_IPV6(f)) {
         p->tcph->th_sum = TCPChecksum(p->ip6h->s_ip6_addrs,
                                               (uint16_t *)p->tcph, 20, 0);

diff --git a/src/util-checksum.c b/src/util-checksum.c
index 98dc6590ec88e5ca276eba3da08daf8fa7aa7816..245f3b6908ca4983b2cac012449b1e037f9e5ceb 100644 (file)
--- a/src/util-checksum.c
+++ b/src/util-checksum.c
@@ -42,8 +42,8 @@ int ReCalculateChecksum(Packet *p)
         }
         /* IPV4 */
         p->ip4h->ip_csum = 0;
-        p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
-                IPV4_GET_RAW_HLEN(p->ip4h));
+        p->ip4h->ip_csum = IPV4Checksum((uint16_t *)p->ip4h,
+                IPV4_GET_RAW_HLEN(p->ip4h), 0);
     } else if (PKT_IS_IPV6(p)) {
         /* just TCP for IPV6 */
         if (PKT_IS_TCP(p)) {