From: Victor Julien Date: Fri, 29 Mar 2024 18:42:22 +0000 (+0100) Subject: decode/sctp: move sctph into L4 packet data X-Git-Tag: suricata-8.0.0-beta1~1378 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=20b8c79259795169669e20c61acf189a0bacf1e7;p=thirdparty%2Fsuricata.git decode/sctp: move sctph into L4 packet data Reduces Packet size. Ticket: #6938. --- diff --git a/src/decode-sctp.c b/src/decode-sctp.c index 9a6c4e8ead..381e935f3d 100644 --- a/src/decode-sctp.c +++ b/src/decode-sctp.c @@ -50,16 +50,12 @@ static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, const uint8_t *pkt, uint1 return -1; } - p->sctph = (SCTPHdr *)pkt; - - SET_SCTP_SRC_PORT(p,&p->sp); - SET_SCTP_DST_PORT(p,&p->dp); - + SCTPHdr *sctph = PacketSetSCTP(p, pkt); + p->sp = SCNtohs(sctph->sh_sport); + p->dp = SCNtohs(sctph->sh_dport); p->payload = (uint8_t *)pkt + sizeof(SCTPHdr); p->payload_len = len - sizeof(SCTPHdr); - p->proto = IPPROTO_SCTP; - return 0; } @@ -69,14 +65,11 @@ int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, StatsIncr(tv, dtv->counter_sctp); if (unlikely(DecodeSCTPPacket(tv, p,pkt,len) < 0)) { - CLEAR_SCTP_PACKET(p); + PacketClearL4(p); return TM_ECODE_FAILED; } -#ifdef DEBUG - SCLogDebug("SCTP sp: %" PRIu32 " -> dp: %" PRIu32, - SCTP_GET_SRC_PORT(p), SCTP_GET_DST_PORT(p)); -#endif + SCLogDebug("SCTP sp: %u -> dp: %u", p->sp, p->dp); FlowSetupPacket(p); diff --git a/src/decode-sctp.h b/src/decode-sctp.h index 6ec20cca33..f83a4434ef 100644 --- a/src/decode-sctp.h +++ b/src/decode-sctp.h @@ -27,13 +27,6 @@ /** size of the packet header without any chunk headers */ #define SCTP_HEADER_LEN 12 -/* XXX RAW* needs to be really 'raw', so no SCNtohs there */ -#define SCTP_GET_RAW_SRC_PORT(sctph) SCNtohs((sctph)->sh_sport) -#define SCTP_GET_RAW_DST_PORT(sctph) SCNtohs((sctph)->sh_dport) - -#define SCTP_GET_SRC_PORT(p) SCTP_GET_RAW_SRC_PORT(p->sctph) -#define SCTP_GET_DST_PORT(p) SCTP_GET_RAW_DST_PORT(p->sctph) - typedef struct SCTPHdr_ { uint16_t sh_sport; /* source port */ @@ -42,10 +35,6 @@ typedef struct SCTPHdr_ uint32_t sh_sum; /* checksum, computed via crc32 */ } __attribute__((__packed__)) SCTPHdr; -#define CLEAR_SCTP_PACKET(p) { \ - (p)->sctph = NULL; \ -} while (0) - void DecodeSCTPRegisterTests(void); #endif /* SURICATA_DECODE_SCTP_H */ diff --git a/src/decode.h b/src/decode.h index f547de9575..039e5978f4 100644 --- a/src/decode.h +++ b/src/decode.h @@ -198,17 +198,6 @@ typedef struct Address_ { SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \ } while (0) -/* Set the SCTP ports into the Ports of the Packet. - * Make sure p->sctph is initialized and validated. */ -#define SET_SCTP_SRC_PORT(pkt, prt) do { \ - SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \ - } while (0) - -#define SET_SCTP_DST_PORT(pkt, prt) do { \ - SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \ - } while (0) - - #define GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0]) #define GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0]) #define GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32) @@ -437,9 +426,18 @@ struct PacketL3 { } vars; }; +enum PacketL4Types { + PACKET_L4_UNKNOWN = 0, + PACKET_L4_SCTP, +}; + struct PacketL4 { + enum PacketL4Types type; bool csum_set; uint16_t csum; + union L4Hdrs { + SCTPHdr *sctph; + } hdrs; }; /* sizes of the members: @@ -577,7 +575,6 @@ typedef struct Packet_ TCPHdr *tcph; UDPHdr *udph; - SCTPHdr *sctph; ESPHdr *esph; ICMPV4Hdr *icmpv4h; ICMPV6Hdr *icmpv6h; @@ -779,6 +776,25 @@ static inline bool PacketIsICMPv6(const Packet *p) return PKT_IS_ICMPV6(p); } +static inline SCTPHdr *PacketSetSCTP(Packet *p, const uint8_t *buf) +{ + DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_UNKNOWN); + p->l4.type = PACKET_L4_SCTP; + p->l4.hdrs.sctph = (SCTPHdr *)buf; + return p->l4.hdrs.sctph; +} + +static inline const SCTPHdr *PacketGetSCTP(const Packet *p) +{ + DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_SCTP); + return p->l4.hdrs.sctph; +} + +static inline bool PacketIsSCTP(const Packet *p) +{ + return p->l4.type == PACKET_L4_SCTP; +} + /** \brief Structure to hold thread specific data for all decode modules */ typedef struct DecodeThreadVars_ { diff --git a/src/flow-util.c b/src/flow-util.c index 3cce866b3e..53fc1058dc 100644 --- a/src/flow-util.c +++ b/src/flow-util.c @@ -184,9 +184,9 @@ void FlowInit(Flow *f, const Packet *p) f->icmp_s.type = p->icmp_s.type; f->icmp_s.code = p->icmp_s.code; FlowSetICMPv6CounterPart(f); - } else if (p->sctph != NULL) { /* XXX MACRO */ - SET_SCTP_SRC_PORT(p,&f->sp); - SET_SCTP_DST_PORT(p,&f->dp); + } else if (PacketIsSCTP(p)) { + f->sp = p->sp; + f->dp = p->dp; } else if (p->esph != NULL) { f->esp.spi = ESP_GET_SPI(p); } else { diff --git a/src/packet.c b/src/packet.c index 9bdbe2677d..11e3837393 100644 --- a/src/packet.c +++ b/src/packet.c @@ -121,9 +121,6 @@ void PacketReinit(Packet *p) if (p->udph != NULL) { CLEAR_UDP_PACKET(p); } - if (p->sctph != NULL) { - CLEAR_SCTP_PACKET(p); - } if (p->esph != NULL) { CLEAR_ESP_PACKET(p); } diff --git a/src/util-validate.h b/src/util-validate.h index 7d543404f1..2c94190e05 100644 --- a/src/util-validate.h +++ b/src/util-validate.h @@ -79,7 +79,7 @@ } else if ((p)->proto == IPPROTO_ICMP) { \ BUG_ON((p)->icmpv4h == NULL); \ } else if ((p)->proto == IPPROTO_SCTP) { \ - BUG_ON((p)->sctph == NULL); \ + BUG_ON(PacketGetSCTP((p)) == NULL); \ } else if ((p)->proto == IPPROTO_ICMPV6) { \ BUG_ON((p)->icmpv6h == NULL); \ } \