From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Thu, 19 Nov 2020 21:11:29 +0000 (+0000)
Subject: Merge pull request #2624 in SNORT/snort3 from ~MMATIRKO/snort3:cdp to master
X-Git-Tag: 3.0.3-6~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0cec005f921b056dd8a6e59faae778a254e71257;p=thirdparty%2Fsnort3.git

Merge pull request #2624 in SNORT/snort3 from ~MMATIRKO/snort3:cdp to master

Squashed commit of the following:

commit 2f63f2b745c53ad2a62bb3563d3c05248662bc54
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Wed Nov 18 12:54:25 2020 -0500

    rna: generate new host event for CDP traffic
---

diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc
index c63ddeb35..3ba530237 100644
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -47,6 +47,7 @@
 using namespace snort;
 using namespace snort::bpdu;
 using namespace snort::cdp;
+using namespace snort::icmp;
 using namespace std;
 
 #define RNA_NAT_COUNT_THRESHOLD 10
@@ -505,8 +506,8 @@ void RnaPnd::discover_network_ethernet(const Packet* p)
                 break;
 
             case SNAP_ID:
-                retval = discover_host_types_cdp(p, (const uint8_t*)llc + sizeof(RNA_LLC),
-                    p->dsize - sizeof(RNA_LLC));
+                retval = discover_network_cdp(p, (const uint8_t*)llc + sizeof(RNA_LLC),
+                    p->dsize - sizeof(RNA_LLC), rt);
                 break;
 
             default:
@@ -690,7 +691,8 @@ void RnaPnd::discover_host_types_ttl(RnaTracker& ht, const Packet *p, uint8_t pk
     ht->set_ip_ttl(pkt_ttl);
 }
 
-int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16_t rlen)
+int RnaPnd::discover_network_cdp(const Packet* p, const uint8_t* data, uint16_t rlen,
+    RnaTracker& rt)
 {
     if ( !is_cdp(layer::get_eth_layer(p)->ether_dst) or rlen < sizeof(RNA_CDP) )
         return 1;
@@ -698,6 +700,8 @@ int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16
     if ( ntohs(((const RNA_CDP *)data)->pid) != CDP_HDLC_PROTOCOL_TYPE )
         return 1;
 
+    generate_new_host_mac(p, rt, true);
+
     data += sizeof(RNA_CDP);
     const uint8_t* end = data + rlen - sizeof(RNA_CDP);
     std::vector<uint32_t> ip_address;
@@ -797,17 +801,6 @@ int RnaPnd::discover_host_types_cdp(const Packet* p, const uint8_t* data, uint16
     return 0;
 }
 
-#define ICMPv6_NS_MIN_LEN 24
-#define ICMPv6_NA_MIN_LEN 24
-#define ICMPv6_RS_MIN_LEN 24
-#define ICMPv6_RA_MIN_LEN 16
-
-#define ICMPV6_OPION_SOURCE_LINKLAYER_ADDRESS 1
-#define ICMPV6_OPION_TARGET_LINKLAYER_ADDRESS 2
-#define ICMPV6_OPION_PREFIX_INFO              3
-#define ICMPV6_OPION_REDIRECT_HEADER          4
-#define ICMPV6_OPION_MTU                      5
-
 int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint32_t last_seen,
     const struct in6_addr* src_ip, const uint8_t* src_mac)
 {
@@ -835,7 +828,7 @@ int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint
 
                 opt_type = *data;
                 opt_len = *(data + 1);
-                if ( opt_type == ICMPV6_OPION_TARGET_LINKLAYER_ADDRESS )
+                if ( opt_type == ICMPV6_OPTION_TARGET_LINKLAYER_ADDRESS )
                     neighbor_src_mac = data + 2;
 
                 data += opt_len * 8;
@@ -857,7 +850,7 @@ int RnaPnd::discover_host_types_icmpv6_ndp(RnaTracker& ht, const Packet* p, uint
 
                 opt_type = *data;
                 opt_len = *(data + 1);
-                if ( opt_type == ICMPV6_OPION_SOURCE_LINKLAYER_ADDRESS )
+                if ( opt_type == ICMPV6_OPTION_SOURCE_LINKLAYER_ADDRESS )
                     neighbor_src_mac = data + 2;
 
                 data += opt_len * 8;
diff --git a/src/network_inspectors/rna/rna_pnd.h b/src/network_inspectors/rna/rna_pnd.h
index 6c70b0a6f..c85d5b227 100644
--- a/src/network_inspectors/rna/rna_pnd.h
+++ b/src/network_inspectors/rna/rna_pnd.h
@@ -166,7 +166,8 @@ private:
     void discover_network_ethernet(const snort::Packet*);
     int discover_network_arp(const snort::Packet*, RnaTracker*);
     int discover_network_bpdu(const snort::Packet*, const uint8_t* data, RnaTracker);
-    int discover_host_types_cdp(const snort::Packet*, const uint8_t* data, uint16_t rlen);
+    int discover_network_cdp(const snort::Packet*, const uint8_t* data, uint16_t rlen,
+        RnaTracker&);
 
     int discover_switch(const snort::Packet*, RnaTracker);
 
diff --git a/src/protocols/icmp6.h b/src/protocols/icmp6.h
index c50df3a07..ca80a1ed9 100644
--- a/src/protocols/icmp6.h
+++ b/src/protocols/icmp6.h
@@ -29,6 +29,17 @@ namespace icmp
 constexpr uint16_t ICMP6_HEADER_MIN_LEN = 4;
 constexpr uint16_t ICMP6_HEADER_NORMAL_LEN = 8;
 
+#define ICMPv6_NS_MIN_LEN 24
+#define ICMPv6_NA_MIN_LEN 24
+#define ICMPv6_RS_MIN_LEN 24
+#define ICMPv6_RA_MIN_LEN 16
+
+#define ICMPV6_OPTION_SOURCE_LINKLAYER_ADDRESS 1
+#define ICMPV6_OPTION_TARGET_LINKLAYER_ADDRESS 2
+#define ICMPV6_OPTION_PREFIX_INFO              3
+#define ICMPV6_OPTION_REDIRECT_HEADER          4
+#define ICMPV6_OPTION_MTU                      5
+
 //enum class Icmp6Types : std::uint8_t
 enum Icmp6Types : std::uint8_t
 {