alert pkthdr any any -> any any (msg:"SURICATA IPv6 duplicate ESP extension header"; decode-event:ipv6.exthdr_dupl_eh; sid:2200020; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6 invalid option lenght in header"; decode-event:ipv6.exthdr_invalid_optlen; sid:2200021; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA IPv6 wrong IP version"; decode-event:ipv6.wrong_ip_version; sid:2200022; rev:1;)
+# RFC 4302 states the reserved field should be 0.
+alert pkthdr any any -> any any (msg:"SURICATA IPv6 AH reserved field not 0"; decode-event:ipv6.exthdr_ah_res_not_null; sid:2200081; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 packet too small"; decode-event:icmpv4.pkt_too_small; sid:2200023; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 unknown type"; decode-event:icmpv4.unknown_type; sid:2200024; rev:1;)
alert pkthdr any any -> any any (msg:"SURICATA ICMPv4 unknown code"; decode-event:icmpv4.unknown_code; sid:2200025; rev:1;)
alert udp any any -> any any (msg:"SURICATA UDPv6 invalid checksum"; udpv6-csum:invalid; sid:2200078; rev:1;)
alert icmp any any -> any any (msg:"SURICATA ICMPv6 invalid checksum"; icmpv6-csum:invalid; sid:2200079; rev:1;)
-# next sid is 2200081
+# next sid is 2200082
IPV6_EXTHDR_INVALID_OPTLEN, /**< the opt len in an hop or dst hdr is invalid. */
IPV6_WRONG_IP_VER, /**< wrong version in ipv6 */
+ IPV6_EXTHDR_AH_RES_NOT_NULL, /**< AH hdr reserved fields not null (rfc 4302) */
/* TCP EVENTS */
TCP_PKT_TOO_SMALL, /**< tcp packet smaller than minimum size */
IPV6_SET_L4PROTO(p,nh);
/* we need the header as a minimum */
hdrextlen = sizeof(IPV6AuthHdr);
- /* the payload len field is the number of extra 4 byte fields */
- hdrextlen += (*(pkt+1)) * 4;
+ /* the payload len field is the number of extra 4 byte fields,
+ * IPV6AuthHdr already contains the first */
+ if (*(pkt+1) > 0)
+ hdrextlen += ((*(pkt+1) - 1) * 4);
SCLogDebug("hdrextlen %"PRIu8, hdrextlen);
SCReturn;
}
- if(p->IPV6_EH_CNT<IPV6_MAX_OPT)
+ IPV6AuthHdr *ahhdr = (IPV6AuthHdr *)pkt;
+ if (ahhdr->ip6ah_reserved != 0x0000) {
+ ENGINE_SET_EVENT(p, IPV6_EXTHDR_AH_RES_NOT_NULL);
+ }
+
+ if(p->IPV6_EH_CNT < IPV6_MAX_OPT)
{
p->IPV6_EXTHDRS[p->IPV6_EH_CNT].type = nh;
p->IPV6_EXTHDRS[p->IPV6_EH_CNT].next = *pkt;
{ "ipv6.exthdr_dupl_eh", IPV6_EXTHDR_DUPL_EH, },
{ "ipv6.exthdr_invalid_optlen", IPV6_EXTHDR_INVALID_OPTLEN, },
{ "ipv6.wrong_ip_version", IPV6_WRONG_IP_VER, },
+ { "ipv6.exthdr_ah_res_not_null", IPV6_EXTHDR_AH_RES_NOT_NULL, },
{ "icmpv4.pkt_too_small", ICMPV4_PKT_TOO_SMALL, },
{ "icmpv4.unknown_type", ICMPV4_UNKNOWN_TYPE, },
{ "icmpv4.unknown_code", ICMPV4_UNKNOWN_CODE, },
projects / thirdparty / suricata.git / commitdiff
