]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #1817 in SNORT/snort3 from ~MIALTIZE/snort3:checksum_offsets to...
authorMichael Altizer (mialtize) <mialtize@cisco.com>
Fri, 25 Oct 2019 02:11:24 +0000 (22:11 -0400)
committerMichael Altizer (mialtize) <mialtize@cisco.com>
Fri, 25 Oct 2019 02:11:24 +0000 (22:11 -0400)
Squashed commit of the following:

commit 344219c01b7e1e8fe5912018441d29fd8aaf6b44
Author: Michael Altizer <mialtize@cisco.com>
Date:   Thu Oct 24 12:50:23 2019 -0400

    codecs: Relax requirement for DAQ packet decode data offsets when bypassing checksums

    Only perform the offset sanity checking during checksum bypass
    evaluation if the offset has been explicitly set in the packet decode
    data.  Otherwise, assume that the relevant checksum validation applies
    to the current instance of the protocol.

src/codecs/ip/cd_icmp4.cc
src/codecs/ip/cd_icmp6.cc
src/codecs/ip/cd_ipv4.cc
src/codecs/ip/cd_tcp.cc
src/codecs/ip/cd_udp.cc

index f5eeeeb9589f2120a22e3a114495829ba86c2bd4..40b160b65fd673c4fab5e342205269b5a3ff33d7 100644 (file)
@@ -133,10 +133,13 @@ inline bool Icmp4Codec::valid_checksum_from_daq(const RawData& raw)
         (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
     if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4)
         return false;
-    // Sanity check to make sure we're talking about the same thing
-    const uint8_t* data = daq_msg_get_data(raw.daq_msg);
-    if (raw.data - data != pdd->l4_offset)
-        return false;
+    // Sanity check to make sure we're talking about the same thing if offset is available
+    if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+    {
+        const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+        if (raw.data - data != pdd->l4_offset)
+            return false;
+    }
     stats.cksum_bypassed++;
     return true;
 }
index 2b47a0f28e08bdbb40f3bb4e132598a7a099152e..bd681ee50c9161e22c8c0871aa8a05a1a2e277f1 100644 (file)
@@ -122,10 +122,13 @@ inline bool Icmp6Codec::valid_checksum_from_daq(const RawData& raw)
         (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
     if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4)
         return false;
-    // Sanity check to make sure we're talking about the same thing
-    const uint8_t* data = daq_msg_get_data(raw.daq_msg);
-    if (raw.data - data != pdd->l4_offset)
-        return false;
+    // Sanity check to make sure we're talking about the same thing if offset is available
+    if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+    {
+        const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+        if (raw.data - data != pdd->l4_offset)
+            return false;
+    }
     stats.cksum_bypassed++;
     return true;
 }
index a916fa7c43d68a08e38be9465fbef58b4f0c3f41..772011c3f60fd9c639397d325465adf81bc76a0d 100644 (file)
@@ -135,10 +135,13 @@ inline bool Ipv4Codec::valid_checksum_from_daq(const RawData& raw)
         (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
     if (!pdd || !pdd->flags.bits.l3_checksum || !pdd->flags.bits.ipv4 || !pdd->flags.bits.l3)
         return false;
-    // Sanity check to make sure we're talking about the same thing
-    const uint8_t* data = daq_msg_get_data(raw.daq_msg);
-    if (raw.data - data != pdd->l3_offset)
-        return false;
+    // Sanity check to make sure we're talking about the same thing if offset is available
+    if (pdd->l3_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+    {
+        const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+        if (raw.data - data != pdd->l3_offset)
+            return false;
+    }
     stats.cksum_bypassed++;
     return true;
 }
index 9e200f7afa808e21b8cac4e3e9ae377775772d04..9db2b947714f3aa61fe3f793d91ea6e51f42ba79 100644 (file)
@@ -156,10 +156,13 @@ inline bool TcpCodec::valid_checksum_from_daq(const RawData& raw)
         (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
     if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.tcp || !pdd->flags.bits.l4)
         return false;
-    // Sanity check to make sure we're talking about the same thing
-    const uint8_t* data = daq_msg_get_data(raw.daq_msg);
-    if (raw.data - data != pdd->l4_offset)
-        return false;
+    // Sanity check to make sure we're talking about the same thing if offset is available
+    if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+    {
+        const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+        if (raw.data - data != pdd->l4_offset)
+            return false;
+    }
     stats.cksum_bypassed++;
     return true;
 }
index 5748db4dbce4d740144fa8108086020ed574f42f..9af2959e217b84fa78b78c9f2be231b48b5b174c 100644 (file)
@@ -166,10 +166,13 @@ inline bool UdpCodec::valid_checksum_from_daq(const RawData& raw)
         (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA);
     if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.udp || !pdd->flags.bits.l4)
         return false;
-    // Sanity check to make sure we're talking about the same thing
-    const uint8_t* data = daq_msg_get_data(raw.daq_msg);
-    if (raw.data - data != pdd->l4_offset)
-        return false;
+    // Sanity check to make sure we're talking about the same thing if offset is available
+    if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID)
+    {
+        const uint8_t* data = daq_msg_get_data(raw.daq_msg);
+        if (raw.data - data != pdd->l4_offset)
+            return false;
+    }
     stats.cksum_bypassed++;
     return true;
 }