icmpv4: improve dest unreachable logic

When a ICMPv4 destination unreachable packet contains an embedded packet
this packet is parsed. When it's found to be invalid, the whole ICMP
packet is tagged as invalid.

In some cases the unreachable packet would still be used.

This patch fixes this by checking the packet is invalid flag as well
in the ICMPV4_DEST_UNREACH_IS_VALID macro.

diff --git a/src/decode-icmpv4.h b/src/decode-icmpv4.h
index f8cb97f4f0ab4c313ad29ea5bb2e49a0f1c68bdb..02184dfd340179080e337795da3512962ceff930 100644 (file)
--- a/src/decode-icmpv4.h
+++ b/src/decode-icmpv4.h
@@ -259,7 +259,9 @@ typedef struct ICMPV4Vars_
  *
  *  \warning use only _after_ the decoder has processed the packet
  */
-#define ICMPV4_DEST_UNREACH_IS_VALID(p) (((p)->icmpv4h != NULL) && \
+#define ICMPV4_DEST_UNREACH_IS_VALID(p) ( \
+    (!((p)->flags & PKT_IS_INVALID)) && \
+    ((p)->icmpv4h != NULL) && \
     (ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH) && \
     (ICMPV4_GET_EMB_IPV4((p)) != NULL) && \
     ((ICMPV4_GET_EMB_TCP((p)) != NULL) || \