Squashed commit of the following:
commit
344219c01b7e1e8fe5912018441d29fd8aaf6b44
Author: Michael Altizer <mialtize@cisco.com>
Date: Thu Oct 24 12:50:23 2019 -0400
codecs: Relax requirement for DAQ packet decode data offsets when bypassing checksums
Only perform the offset sanity checking during checksum bypass
evaluation if the offset has been explicitly set in the packet decode
data. Otherwise, assume that the relevant checksum validation applies
to the current instance of the protocol.
(const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4)
return false;
- // Sanity check to make sure we're talking about the same thing
- const uint8_t* data = daq_msg_get_data(raw.daq_msg);
- if (raw.data - data != pdd->l4_offset)
- return false;
+ // Sanity check to make sure we're talking about the same thing if offset is available
+ if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+ {
+ const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+ if (raw.data - data != pdd->l4_offset)
+ return false;
+ }
stats.cksum_bypassed++;
return true;
}
(const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4)
return false;
- // Sanity check to make sure we're talking about the same thing
- const uint8_t* data = daq_msg_get_data(raw.daq_msg);
- if (raw.data - data != pdd->l4_offset)
- return false;
+ // Sanity check to make sure we're talking about the same thing if offset is available
+ if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+ {
+ const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+ if (raw.data - data != pdd->l4_offset)
+ return false;
+ }
stats.cksum_bypassed++;
return true;
}
(const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
if (!pdd || !pdd->flags.bits.l3_checksum || !pdd->flags.bits.ipv4 || !pdd->flags.bits.l3)
return false;
- // Sanity check to make sure we're talking about the same thing
- const uint8_t* data = daq_msg_get_data(raw.daq_msg);
- if (raw.data - data != pdd->l3_offset)
- return false;
+ // Sanity check to make sure we're talking about the same thing if offset is available
+ if (pdd->l3_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+ {
+ const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+ if (raw.data - data != pdd->l3_offset)
+ return false;
+ }
stats.cksum_bypassed++;
return true;
}
(const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.tcp || !pdd->flags.bits.l4)
return false;
- // Sanity check to make sure we're talking about the same thing
- const uint8_t* data = daq_msg_get_data(raw.daq_msg);
- if (raw.data - data != pdd->l4_offset)
- return false;
+ // Sanity check to make sure we're talking about the same thing if offset is available
+ if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+ {
+ const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+ if (raw.data - data != pdd->l4_offset)
+ return false;
+ }
stats.cksum_bypassed++;
return true;
}
(const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.udp || !pdd->flags.bits.l4)
return false;
- // Sanity check to make sure we're talking about the same thing
- const uint8_t* data = daq_msg_get_data(raw.daq_msg);
- if (raw.data - data != pdd->l4_offset)
- return false;
+ // Sanity check to make sure we're talking about the same thing if offset is available
+ if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+ {
+ const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+ if (raw.data - data != pdd->l4_offset)
+ return false;
+ }
stats.cksum_bypassed++;
return true;
}
projects / thirdparty / snort3.git / commitdiff
