Squashed commit of the following:
commit
84eae81aa133c86913677f6a3e79bd3778912dee
Author: alewis <albert.l.lewis@gmail.com>
Date: Thu Jul 28 16:27:47 2016 -0400
updated ips_options endian problem with icmp_id and icmp_seq rule keywords
commit
e735c60e6161c58b62765b9f7141198fefefa0a4
Author: alewis <albert.l.lewis@gmail.com>
Date: Thu Jul 28 15:49:28 2016 -0400
fixed an ntohs (endian) issue with icmp_seq and icmp_id field matching
commit
46eca1d12a0142e68877c8e4c94b024f6b8795ae
Author: alewis <albert.l.lewis@gmail.com>
Date: Thu Jul 28 12:35:09 2016 -0400
endian fix for ips_options icmp_id field
if ( (p->ptrs.icmph->type == ICMP_ECHO ||
p->ptrs.icmph->type == ICMP_ECHOREPLY) ||
- ((uint16_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REQUEST ||
- (uint16_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REPLY) )
+ ((uint8_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REQUEST ||
+ (uint8_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REPLY) )
{
- if ( config.eval(p->ptrs.icmph->s_icmp_id) )
+ uint16_t icmp_id = ntohs(p->ptrs.icmph->s_icmp_id);
+ if ( config.eval( icmp_id ) )
return DETECTION_OPTION_MATCH;
}
-
return DETECTION_OPTION_NO_MATCH;
}
if ( (p->ptrs.icmph->type == ICMP_ECHO ||
p->ptrs.icmph->type == ICMP_ECHOREPLY) ||
- ((uint16_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REQUEST ||
- (uint16_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REPLY) )
+ ((uint8_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REQUEST ||
+ (uint8_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REPLY) )
{
- if ( config.eval(p->ptrs.icmph->s_icmp_seq) )
+ uint16_t icmp_seq = ntohs(p->ptrs.icmph->s_icmp_seq);
+ if ( config.eval( icmp_seq ) )
{
return DETECTION_OPTION_MATCH;
}
}
-
return DETECTION_OPTION_NO_MATCH;
}
projects / thirdparty / snort3.git / commitdiff
