From: Victor Julien Date: Mon, 25 Mar 2024 08:57:06 +0000 (+0100) Subject: decode/ipv4: prep for turning ip4h/ip6h into union X-Git-Tag: suricata-8.0.0-beta1~1403 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d5c381c3b96462611f481b6913525bb2186d244;p=thirdparty%2Fsuricata.git decode/ipv4: prep for turning ip4h/ip6h into union Store IPv4 decoder vars in a new Packet::l3 section in the packet. Use inline functions instead of the often multi-layer macro's for various IPv4 header getters. Ticket: #6938. --- diff --git a/src/alert-syslog.c b/src/alert-syslog.c index 7b89150766..856e5843d0 100644 --- a/src/alert-syslog.c +++ b/src/alert-syslog.c @@ -204,7 +204,8 @@ static TmEcode AlertSyslogIPv4(ThreadVars *tv, const Packet *p, void *data) char proto[16] = ""; const char *protoptr; - const uint8_t ipproto = IPV4_GET_IPPROTO(p); + const IPV4Hdr *ipv4h = PacketGetIPv4(p); + const uint8_t ipproto = IPV4_GET_RAW_IPPROTO(ipv4h); if (SCProtoNameValid(ipproto)) { protoptr = known_proto[ipproto]; } else { diff --git a/src/decode-icmpv4.c b/src/decode-icmpv4.c index 06209c743b..4b8f89ca5f 100644 --- a/src/decode-icmpv4.c +++ b/src/decode-icmpv4.c @@ -143,7 +143,7 @@ static int DecodePartialIPV4(Packet* p, uint8_t* partial_packet, uint16_t len) char s[16], d[16]; PrintInet(AF_INET, &(p->icmpv4vars.emb_ip4_src), s, sizeof(s)); PrintInet(AF_INET, &(p->icmpv4vars.emb_ip4_dst), d, sizeof(d)); - SCLogDebug("ICMPv4 embedding IPV4 %s->%s - PROTO: %" PRIu32 " ID: %" PRIu32 "", s,d, + SCLogDebug("ICMPv4 embedding IPV4 %s->%s - PROTO: %" PRIu32 " ID: %" PRIu32 "", s, d, IPV4_GET_RAW_IPPROTO(icmp4_ip4h), IPV4_GET_RAW_IPID(icmp4_ip4h)); #endif @@ -410,7 +410,7 @@ static int DecodeICMPV4test01(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -460,7 +460,7 @@ static int DecodeICMPV4test02(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -508,7 +508,7 @@ static int DecodeICMPV4test03(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -587,7 +587,7 @@ static int DecodeICMPV4test04(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -656,7 +656,7 @@ static int DecodeICMPV4test05(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -762,7 +762,7 @@ static int ICMPV4InvalidType07(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); @@ -805,7 +805,7 @@ static int DecodeICMPV4test08(void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c index 753eb8ecaf..807561e3aa 100644 --- a/src/decode-ipv4.c +++ b/src/decode-ipv4.c @@ -318,14 +318,14 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op while (plen) { - p->ip4vars.opt_cnt++; + p->l3.vars.ip4.opt_cnt++; /* single byte options */ if (*pkt == IPV4_OPT_EOL) { /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */ SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d", *pkt, (len - plen), (len - 1)); - p->ip4vars.opts_set |= IPV4_OPT_FLAG_EOL; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_EOL; break; } else if (*pkt == IPV4_OPT_NOP) { SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d", @@ -333,9 +333,9 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op pkt++; plen--; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_NOP; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_NOP; - /* multibyte options */ + /* multibyte options */ } else { if (unlikely(plen < 2)) { /** \todo What if padding is non-zero (possible covert channel or data leakage)? */ @@ -370,7 +370,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateTimestamp(p, &opt) == 0) { opts->o_ts = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_TS; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_TS; } break; case IPV4_OPT_RR: @@ -379,7 +379,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateRoute(p, &opt) == 0) { opts->o_rr = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_RR; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_RR; } break; case IPV4_OPT_QS: @@ -388,7 +388,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateGeneric(p, &opt) == 0) { opts->o_qs = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_QS; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_QS; } break; case IPV4_OPT_SEC: @@ -397,7 +397,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateGeneric(p, &opt) == 0) { opts->o_sec = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_SEC; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_SEC; } break; case IPV4_OPT_LSRR: @@ -406,7 +406,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateRoute(p, &opt) == 0) { opts->o_lsrr = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_LSRR; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_LSRR; } break; case IPV4_OPT_ESEC: @@ -415,7 +415,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateGeneric(p, &opt) == 0) { opts->o_esec = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_ESEC; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_ESEC; } break; case IPV4_OPT_CIPSO: @@ -424,7 +424,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateCIPSO(p, &opt) == 0) { opts->o_cipso = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_CIPSO; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_CIPSO; } break; case IPV4_OPT_SID: @@ -433,7 +433,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateGeneric(p, &opt) == 0) { opts->o_sid = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_SID; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_SID; } break; case IPV4_OPT_SSRR: @@ -442,7 +442,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateRoute(p, &opt) == 0) { opts->o_ssrr = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_SSRR; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_SSRR; } break; case IPV4_OPT_RTRALT: @@ -451,7 +451,7 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op /* Warn - we can keep going */ } else if (IPV4OptValidateGeneric(p, &opt) == 0) { opts->o_rtralt = opt; - p->ip4vars.opts_set |= IPV4_OPT_FLAG_RTRALT; + p->l3.vars.ip4.opts_set |= IPV4_OPT_FLAG_RTRALT; } break; default: @@ -470,51 +470,51 @@ static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Op return 0; } -static int DecodeIPV4Packet(Packet *p, const uint8_t *pkt, uint16_t len) +static const IPV4Hdr *DecodeIPV4Packet(Packet *p, const uint8_t *pkt, uint16_t len) { if (unlikely(len < IPV4_HEADER_LEN)) { ENGINE_SET_INVALID_EVENT(p, IPV4_PKT_TOO_SMALL); - return -1; + return NULL; } if (unlikely(IP_GET_RAW_VER(pkt) != 4)) { SCLogDebug("wrong ip version %d",IP_GET_RAW_VER(pkt)); ENGINE_SET_INVALID_EVENT(p, IPV4_WRONG_IP_VER); - return -1; + return NULL; } - p->ip4h = (IPV4Hdr *)pkt; + const IPV4Hdr *ip4h = PacketSetIPV4(p, pkt); - if (unlikely(IPV4_GET_HLEN(p) < IPV4_HEADER_LEN)) { + if (unlikely(IPV4_GET_RAW_HLEN(ip4h) < IPV4_HEADER_LEN)) { ENGINE_SET_INVALID_EVENT(p, IPV4_HLEN_TOO_SMALL); - return -1; + return NULL; } - if (unlikely(IPV4_GET_IPLEN(p) < IPV4_GET_HLEN(p))) { + if (unlikely(IPV4_GET_RAW_IPLEN(ip4h) < IPV4_GET_RAW_HLEN(ip4h))) { ENGINE_SET_INVALID_EVENT(p, IPV4_IPLEN_SMALLER_THAN_HLEN); - return -1; + return NULL; } - if (unlikely(len < IPV4_GET_IPLEN(p))) { + if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) { ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT); - return -1; + return NULL; } /* set the address struct */ - SET_IPV4_SRC_ADDR(p,&p->src); - SET_IPV4_DST_ADDR(p,&p->dst); + SET_IPV4_SRC_ADDR(ip4h, &p->src); + SET_IPV4_DST_ADDR(ip4h, &p->dst); /* save the options len */ - uint8_t ip_opt_len = IPV4_GET_HLEN(p) - IPV4_HEADER_LEN; + uint8_t ip_opt_len = IPV4_GET_RAW_HLEN(ip4h) - IPV4_HEADER_LEN; if (ip_opt_len > 0) { IPV4Options opts; memset(&opts, 0x00, sizeof(opts)); if (DecodeIPV4Options(p, pkt + IPV4_HEADER_LEN, ip_opt_len, &opts) < 0) { - return -1; + return NULL; } } - return 0; + return ip4h; } int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, @@ -528,15 +528,16 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, return TM_ECODE_FAILED; } /* do the actual decoding */ - if (unlikely(DecodeIPV4Packet (p, pkt, len) < 0)) { + const IPV4Hdr *ip4h = DecodeIPV4Packet(p, pkt, len); + if (unlikely(ip4h == NULL)) { SCLogDebug("decoding IPv4 packet failed"); - CLEAR_IPV4_PACKET((p)); + PacketClearL3(p); return TM_ECODE_FAILED; } - p->proto = IPV4_GET_IPPROTO(p); + p->proto = IPV4_GET_RAW_IPPROTO(ip4h); /* If a fragment, pass off for re-assembly. */ - if (unlikely(IPV4_GET_IPOFFSET(p) > 0 || IPV4_GET_MF(p) == 1)) { + if (unlikely(IPV4_GET_RAW_FRAGOFFSET(ip4h) > 0 || IPV4_GET_RAW_FLAG_MF(ip4h))) { Packet *rp = Defrag(tv, dtv, p); if (rp != NULL) { PacketEnqueueNoLock(&tv->decode_pq, rp); @@ -553,17 +554,19 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, char s[16], d[16]; PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), s, sizeof(s)); PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), d, sizeof(d)); - SCLogDebug("IPV4 %s->%s PROTO: %" PRIu32 " OFFSET: %" PRIu32 " RF: %" PRIu32 " DF: %" PRIu32 " MF: %" PRIu32 " ID: %" PRIu32 "", s,d, - IPV4_GET_IPPROTO(p), IPV4_GET_IPOFFSET(p), IPV4_GET_RF(p), - IPV4_GET_DF(p), IPV4_GET_MF(p), IPV4_GET_IPID(p)); + SCLogDebug("IPV4 %s->%s PROTO: %" PRIu32 " OFFSET: %" PRIu32 " RF: %" PRIu8 " DF: %" PRIu8 + " MF: %" PRIu8 " ID: %" PRIu32 "", + s, d, IPV4_GET_RAW_IPPROTO(ip4h), IPV4_GET_RAW_IPOFFSET(ip4h), + IPV4_GET_RAW_FLAG_RF(ip4h), IPV4_GET_RAW_FLAG_DF(ip4h), IPV4_GET_RAW_FLAG_MF(ip4h), + IPV4_GET_RAW_IPID(ip4h)); } #endif /* DEBUG */ - const uint8_t *data = pkt + IPV4_GET_HLEN(p); - const uint16_t data_len = IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p); + const uint8_t *data = pkt + IPV4_GET_RAW_HLEN(ip4h); + const uint16_t data_len = IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h); /* check what next decoder to invoke */ - switch (IPV4_GET_IPPROTO(p)) { + switch (p->proto) { case IPPROTO_TCP: DecodeTCP(tv, dtv, p, data, data_len); break; @@ -1331,7 +1334,7 @@ static int DecodeIPV4DefragTest01(void) result = 0; goto end; } - if (tp->ip4h == NULL || tp->tcph == NULL) { + if (tp->l3.hdrs.ip4h == NULL || tp->tcph == NULL) { printf("pseudo packet's ip header and tcp header shouldn't be NULL, " "but it is\n"); result = 0; @@ -1462,7 +1465,7 @@ static int DecodeIPV4DefragTest02(void) tp->recursion_level, p->recursion_level); goto end; } - if (tp->ip4h == NULL || tp->tcph == NULL) { + if (tp->l3.hdrs.ip4h == NULL || tp->tcph == NULL) { printf("pseudo packet's ip header and tcp header shouldn't be NULL, " "but it is\n"); goto end; @@ -1615,7 +1618,7 @@ static int DecodeIPV4DefragTest03(void) result = 0; goto end; } - if (tp->ip4h == NULL || tp->tcph == NULL) { + if (tp->l3.hdrs.ip4h == NULL || tp->tcph == NULL) { printf("pseudo packet's ip header and tcp header shouldn't be NULL, " "but it is\n"); result = 0; diff --git a/src/decode-ipv4.h b/src/decode-ipv4.h index 93fb40d050..25507f0aaf 100644 --- a/src/decode-ipv4.h +++ b/src/decode-ipv4.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2022 Open Information Security Foundation +/* Copyright (C) 2007-2024 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -93,11 +93,12 @@ typedef struct IPV4Hdr_ #define s_ip_addrs ip4_hdrun1.ip_addrs #define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4) -#define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f) +#define IPV4_GET_RAW_HLEN(ip4h) (uint8_t)(((ip4h)->ip_verhl & (uint8_t)0x0f) << (uint8_t)2) #define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos) -#define IPV4_GET_RAW_IPLEN(ip4h) ((ip4h)->ip_len) -#define IPV4_GET_RAW_IPID(ip4h) ((ip4h)->ip_id) -#define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off) +#define IPV4_GET_RAW_IPLEN(ip4h) (SCNtohs((ip4h)->ip_len)) +#define IPV4_GET_RAW_IPID(ip4h) (SCNtohs((ip4h)->ip_id)) +#define IPV4_GET_RAW_IPOFFSET(ip4h) SCNtohs((ip4h)->ip_off) +#define IPV4_GET_RAW_FRAGOFFSET(ip4h) (IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x1fff) #define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl) #define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto) #define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->s_ip_src) @@ -108,51 +109,9 @@ typedef struct IPV4Hdr_ /** return the raw (directly from the header) dst ip as uint32_t */ #define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->s_ip_dst.s_addr) -/* we need to change them as well as get them */ -#define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4))) -#define IPV4_SET_RAW_HLEN(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0xf0) | (value & 0x0f))) -#define IPV4_SET_RAW_IPTOS(ip4h, value) ((ip4h)->ip_tos = value) -#define IPV4_SET_RAW_IPLEN(ip4h, value) ((ip4h)->ip_len = value) -#define IPV4_SET_RAW_IPPROTO(ip4h, value) ((ip4h)->ip_proto = value) - -/* ONLY call these functions after making sure that: - * 1. p->ip4h is set - * 2. p->ip4h is valid (len is correct) - */ -#define IPV4_GET_VER(p) \ - IPV4_GET_RAW_VER((p)->ip4h) -#define IPV4_GET_HLEN(p) ((uint8_t)(IPV4_GET_RAW_HLEN((p)->ip4h) << 2)) -#define IPV4_GET_IPTOS(p) \ - IPV4_GET_RAW_IPTOS((p)->ip4h) -#define IPV4_GET_IPLEN(p) \ - (SCNtohs(IPV4_GET_RAW_IPLEN((p)->ip4h))) -#define IPV4_GET_IPID(p) \ - (SCNtohs(IPV4_GET_RAW_IPID((p)->ip4h))) -/* _IPV4_GET_IPOFFSET: get the content of the offset header field in host order */ -#define _IPV4_GET_IPOFFSET(p) \ - (SCNtohs(IPV4_GET_RAW_IPOFFSET((p)->ip4h))) -/* IPV4_GET_IPOFFSET: get the final offset */ -#define IPV4_GET_IPOFFSET(p) \ - (_IPV4_GET_IPOFFSET(p) & 0x1fff) -/* IPV4_GET_RF: get the RF flag. Use _IPV4_GET_IPOFFSET to save a SCNtohs call. */ -#define IPV4_GET_RF(p) \ - (uint8_t)((_IPV4_GET_IPOFFSET((p)) & 0x8000) >> 15) -/* IPV4_GET_DF: get the DF flag. Use _IPV4_GET_IPOFFSET to save a SCNtohs call. */ -#define IPV4_GET_DF(p) \ - (uint8_t)((_IPV4_GET_IPOFFSET((p)) & 0x4000) >> 14) -/* IPV4_GET_MF: get the MF flag. Use _IPV4_GET_IPOFFSET to save a SCNtohs call. */ -#define IPV4_GET_MF(p) \ - (uint8_t)((_IPV4_GET_IPOFFSET((p)) & 0x2000) >> 13) -#define IPV4_GET_IPTTL(p) \ - IPV4_GET_RAW_IPTTL(p->ip4h) -#define IPV4_GET_IPPROTO(p) \ - IPV4_GET_RAW_IPPROTO((p)->ip4h) - -#define CLEAR_IPV4_PACKET(p) \ - do { \ - (p)->ip4h = NULL; \ - memset(&p->ip4vars, 0x00, sizeof(p->ip4vars)); \ - } while (0) +#define IPV4_GET_RAW_FLAG_MF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x2000) != 0) +#define IPV4_GET_RAW_FLAG_DF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x4000) != 0) +#define IPV4_GET_RAW_FLAG_RF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x8000) != 0) #define IPV4_OPT_FLAG_EOL BIT_U16(1) #define IPV4_OPT_FLAG_NOP BIT_U16(2) diff --git a/src/decode-tcp.c b/src/decode-tcp.c index 49bb882d58..4935b446c2 100644 --- a/src/decode-tcp.c +++ b/src/decode-tcp.c @@ -394,8 +394,7 @@ static int TCPGetWscaleTest01(void) p->src.family = AF_INET; p->dst.family = AF_INET; - p->ip4h = &ip4h; - + UTHSetIPV4Hdr(p, &ip4h); FlowInitConfig(FLOW_QUIET); DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp)); @@ -441,7 +440,7 @@ static int TCPGetWscaleTest02(void) p->src.family = AF_INET; p->dst.family = AF_INET; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); FlowInitConfig(FLOW_QUIET); DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp)); @@ -486,7 +485,7 @@ static int TCPGetWscaleTest03(void) p->src.family = AF_INET; p->dst.family = AF_INET; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); FlowInitConfig(FLOW_QUIET); DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp)); @@ -535,7 +534,7 @@ static int TCPGetSackTest01(void) p->src.family = AF_INET; p->dst.family = AF_INET; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); FlowInitConfig(FLOW_QUIET); DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp)); diff --git a/src/decode.h b/src/decode.h index 66a2db2a11..0662471832 100644 --- a/src/decode.h +++ b/src/decode.h @@ -99,6 +99,7 @@ enum PktSrcEnum { #include "decode-vlan.h" #include "decode-mpls.h" +#include "util-validate.h" /* forward declarations */ struct DetectionEngineThreadCtx_; @@ -141,20 +142,22 @@ typedef struct Address_ { * * We set the rest of the struct to 0 so we can * prevent using memset. */ -#define SET_IPV4_SRC_ADDR(p, a) do { \ - (a)->family = AF_INET; \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \ - (a)->addr_data32[1] = 0; \ - (a)->addr_data32[2] = 0; \ - (a)->addr_data32[3] = 0; \ +#define SET_IPV4_SRC_ADDR(ip4h, a) \ + do { \ + (a)->family = AF_INET; \ + (a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_src.s_addr; \ + (a)->addr_data32[1] = 0; \ + (a)->addr_data32[2] = 0; \ + (a)->addr_data32[3] = 0; \ } while (0) -#define SET_IPV4_DST_ADDR(p, a) do { \ - (a)->family = AF_INET; \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \ - (a)->addr_data32[1] = 0; \ - (a)->addr_data32[2] = 0; \ - (a)->addr_data32[3] = 0; \ +#define SET_IPV4_DST_ADDR(ip4h, a) \ + do { \ + (a)->family = AF_INET; \ + (a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_dst.s_addr; \ + (a)->addr_data32[1] = 0; \ + (a)->addr_data32[2] = 0; \ + (a)->addr_data32[3] = 0; \ } while (0) /* Set the IPv6 addresses into the Addrs of the Packet. @@ -243,7 +246,6 @@ typedef uint16_t Port; *We determine the ip version. */ #define IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4)) -#define PKT_IS_IPV4(p) (((p)->ip4h != NULL)) #define PKT_IS_IPV6(p) (((p)->ip6h != NULL)) #define PKT_IS_TCP(p) (((p)->tcph != NULL)) #define PKT_IS_UDP(p) (((p)->udph != NULL)) @@ -252,8 +254,6 @@ typedef uint16_t Port; #define PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER)) #define PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT)) -#define IPH_IS_VALID(p) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p))) - /* structure to store the sids/gids/etc the detection engine * found in this packet */ typedef struct PacketAlert_ { @@ -412,6 +412,24 @@ enum PacketTunnelType { /* forward declaration since Packet struct definition requires this */ struct PacketQueue_; +enum PacketL3Types { + PACKET_L3_UNKNOWN = 0, + PACKET_L3_IPV4, +}; + +struct PacketL3 { + enum PacketL3Types type; + /* Checksum for IP packets. */ + int32_t comp_csum; + union Hdrs { + IPV4Hdr *ip4h; + } hdrs; + /* IPv4 and IPv6 are mutually exclusive */ + union { + IPV4Vars ip4; + } vars; +}; + /* sizes of the members: * src: 17 bytes * dst: 17 bytes @@ -532,23 +550,16 @@ typedef struct Packet_ /* header pointers */ EthernetHdr *ethh; - /* Checksum for IP packets. */ - int32_t level3_comp_csum; /* Check sum for TCP, UDP or ICMP packets */ int32_t level4_comp_csum; - IPV4Hdr *ip4h; - + struct PacketL3 l3; IPV6Hdr *ip6h; - - /* IPv4 and IPv6 are mutually exclusive */ - union { - IPV4Vars ip4vars; - struct { - IPV6Vars ip6vars; - IPV6ExtHdrs ip6eh; - }; + struct { + IPV6Vars ip6vars; + IPV6ExtHdrs ip6eh; }; + /* Can only be one of TCP, UDP, ICMP at any given time */ union { TCPVars tcpvars; @@ -658,6 +669,8 @@ typedef struct Packet_ uint8_t pkt_data[]; } Packet; +static inline bool PacketIsIPv4(const Packet *p); + /** highest mtu of the interfaces we monitor */ #define DEFAULT_MTU 1500 #define MINIMUM_MTU 68 /**< ipv4 minimum: rfc791 */ @@ -668,24 +681,52 @@ typedef struct Packet_ extern uint32_t default_packet_size; #define SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) +static inline bool PacketIsIPv4(const Packet *p) +{ + return p->l3.type == PACKET_L3_IPV4; +} + +static inline const IPV4Hdr *PacketGetIPv4(const Packet *p) +{ + DEBUG_VALIDATE_BUG_ON(!PacketIsIPv4(p)); + return p->l3.hdrs.ip4h; +} + +static inline IPV4Hdr *PacketSetIPV4(Packet *p, const uint8_t *buf) +{ + DEBUG_VALIDATE_BUG_ON(p->l3.type != PACKET_L3_UNKNOWN); + p->l3.type = PACKET_L3_IPV4; + p->l3.hdrs.ip4h = (IPV4Hdr *)buf; + return p->l3.hdrs.ip4h; +} + /* Retrieve proto regardless of IP version */ static inline uint8_t PacketGetIPProto(const Packet *p) { if (p->proto != 0) { return p->proto; } - if (PKT_IS_IPV4(p)) { - return IPV4_GET_IPPROTO(p); + if (PacketIsIPv4(p)) { + const IPV4Hdr *hdr = PacketGetIPv4(p); + return IPV4_GET_RAW_IPPROTO(hdr); } else if (PKT_IS_IPV6(p)) { return IPV6_GET_L4PROTO(p); - } else { - return 0; } + return 0; } -static inline bool PacketIsIPv4(const Packet *p) +static inline uint8_t PacketGetIPv4IPProto(const Packet *p) +{ + if (PacketGetIPv4(p)) { + const IPV4Hdr *hdr = PacketGetIPv4(p); + return IPV4_GET_RAW_IPPROTO(hdr); + } + return 0; +} + +static inline void PacketClearL3(Packet *p) { - return PKT_IS_IPV4(p); + memset(&p->l3, 0, sizeof(p->l3)); } static inline bool PacketIsIPv6(const Packet *p) @@ -793,9 +834,9 @@ void CaptureStatsSetup(ThreadVars *tv); /** * \brief reset these to -1(indicates that the packet is fresh from the queue) */ -#define PACKET_RESET_CHECKSUMS(p) do { \ - (p)->level3_comp_csum = -1; \ - (p)->level4_comp_csum = -1; \ +#define PACKET_RESET_CHECKSUMS(p) \ + do { \ + (p)->level4_comp_csum = -1; \ } while (0) /* if p uses extended data, free them */ diff --git a/src/defrag-hash.c b/src/defrag-hash.c index a1355007fa..54e86b9e08 100644 --- a/src/defrag-hash.c +++ b/src/defrag-hash.c @@ -24,6 +24,7 @@ #include "util-byte.h" #include "util-misc.h" #include "util-hash-lookup3.h" +#include "util-validate.h" /** defrag tracker hash table */ DefragTrackerHashRow *defragtracker_hash; @@ -128,9 +129,11 @@ static void DefragTrackerInit(DefragTracker *dt, Packet *p) COPY_ADDRESS(&p->dst, &dt->dst_addr); if (PacketIsIPv4(p)) { - dt->id = (int32_t)IPV4_GET_IPID(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + dt->id = (int32_t)IPV4_GET_RAW_IPID(ip4h); dt->af = AF_INET; } else { + DEBUG_VALIDATE_BUG_ON(!PacketIsIPv6(p)); dt->id = (int32_t)IPV6_EXTHDR_GET_FH_ID(p); dt->af = AF_INET6; } @@ -390,7 +393,8 @@ static inline uint32_t DefragHashGetKey(Packet *p) { uint32_t key; - if (p->ip4h != NULL) { + if (PacketIsIPv4(p)) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); DefragHashKey4 dhk = { .pad[0] = 0 }; if (p->src.addr_data32[0] > p->dst.addr_data32[0]) { dhk.src = p->src.addr_data32[0]; @@ -399,13 +403,13 @@ static inline uint32_t DefragHashGetKey(Packet *p) dhk.src = p->dst.addr_data32[0]; dhk.dst = p->src.addr_data32[0]; } - dhk.id = (uint32_t)IPV4_GET_IPID(p); + dhk.id = (uint32_t)IPV4_GET_RAW_IPID(ip4h); memcpy(&dhk.vlan_id[0], &p->vlan_id[0], sizeof(dhk.vlan_id)); uint32_t hash = hashword(dhk.u32, sizeof(dhk.u32) / sizeof(uint32_t), defrag_config.hash_rand); key = hash % defrag_config.hash_size; - } else if (p->ip6h != NULL) { + } else if (PacketIsIPv6(p)) { DefragHashKey6 dhk = { .pad[0] = 0 }; if (DefragHashRawAddressIPv6GtU32(p->src.addr_data32, p->dst.addr_data32)) { dhk.src[0] = p->src.addr_data32[0]; @@ -451,7 +455,8 @@ static inline int DefragTrackerCompare(DefragTracker *t, Packet *p) { uint32_t id; if (PacketIsIPv4(p)) { - id = (uint32_t)IPV4_GET_IPID(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + id = (uint32_t)IPV4_GET_RAW_IPID(ip4h); } else { id = IPV6_EXTHDR_GET_FH_ID(p); } diff --git a/src/defrag.c b/src/defrag.c index 762c16d2a9..d52dd87802 100644 --- a/src/defrag.c +++ b/src/defrag.c @@ -261,9 +261,11 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p) } } + const IPV4Hdr *oip4h = PacketGetIPv4(p); + /* Allocate a Packet for the reassembled packet. On failure we * SCFree all the resources held by this tracker. */ - rp = PacketDefragPktSetup(p, NULL, 0, IPV4_GET_IPPROTO(p)); + rp = PacketDefragPktSetup(p, NULL, 0, IPV4_GET_RAW_IPPROTO(oip4h)); if (rp == NULL) { goto error_remove_tracker; } @@ -345,13 +347,12 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p) SCLogDebug("ip_hdr_offset %u, hlen %" PRIu16 ", fragmentable_len %" PRIu16, ip_hdr_offset, hlen, fragmentable_len); - rp->ip4h = (IPV4Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset); - uint16_t old = rp->ip4h->ip_len + rp->ip4h->ip_off; + IPV4Hdr *ip4h = (IPV4Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset); + uint16_t old = ip4h->ip_len + ip4h->ip_off; DEBUG_VALIDATE_BUG_ON(hlen > UINT16_MAX - fragmentable_len); - rp->ip4h->ip_len = htons(fragmentable_len + hlen); - rp->ip4h->ip_off = 0; - rp->ip4h->ip_csum = FixChecksum(rp->ip4h->ip_csum, - old, rp->ip4h->ip_len + rp->ip4h->ip_off); + ip4h->ip_len = htons(fragmentable_len + hlen); + ip4h->ip_off = 0; + ip4h->ip_csum = FixChecksum(ip4h->ip_csum, old, ip4h->ip_len + ip4h->ip_off); SET_PKT_LEN(rp, ip_hdr_offset + hlen + fragmentable_len); tracker->remove = 1; @@ -587,13 +588,14 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker, #endif if (tracker->af == AF_INET) { - more_frags = IPV4_GET_MF(p); - frag_offset = (uint16_t)(IPV4_GET_IPOFFSET(p) << 3); - hlen = IPV4_GET_HLEN(p); - data_offset = (uint16_t)((uint8_t *)p->ip4h + hlen - GET_PKT_DATA(p)); - data_len = IPV4_GET_IPLEN(p) - hlen; + const IPV4Hdr *ip4h = PacketGetIPv4(p); + more_frags = IPV4_GET_RAW_FLAG_MF(ip4h); + frag_offset = (uint16_t)((uint16_t)IPV4_GET_RAW_FRAGOFFSET(ip4h) << (uint16_t)3); + hlen = IPV4_GET_RAW_HLEN(ip4h); + data_offset = (uint16_t)((uint8_t *)ip4h + hlen - GET_PKT_DATA(p)); + data_len = IPV4_GET_RAW_IPLEN(ip4h) - hlen; frag_end = frag_offset + data_len; - ip_hdr_offset = (uint16_t)((uint8_t *)p->ip4h - GET_PKT_DATA(p)); + ip_hdr_offset = (uint16_t)((uint8_t *)ip4h - GET_PKT_DATA(p)); /* Ignore fragment if the end of packet extends past the * maximum size of a packet. */ @@ -920,7 +922,10 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker, r = Defrag4Reassemble(tv, tracker, p); if (r != NULL && tv != NULL && dtv != NULL) { StatsIncr(tv, dtv->counter_defrag_ipv4_reassembled); - if (DecodeIPV4(tv, dtv, r, (void *)r->ip4h, IPV4_GET_IPLEN(r)) != TM_ECODE_OK) { + const uint32_t len = GET_PKT_LEN(r) - (uint32_t)tracker->ip_hdr_offset; + DEBUG_VALIDATE_BUG_ON(len > UINT16_MAX); + if (DecodeIPV4(tv, dtv, r, GET_PKT_DATA(r) + tracker->ip_hdr_offset, + (uint16_t)len) != TM_ECODE_OK) { r->root = NULL; TmqhOutputPacketpool(tv, r); r = NULL; @@ -1053,9 +1058,10 @@ Defrag(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) int af; if (PacketIsIPv4(p)) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); af = AF_INET; - more_frags = IPV4_GET_MF(p); - frag_offset = IPV4_GET_IPOFFSET(p); + more_frags = IPV4_GET_RAW_FLAG_MF(ip4h); + frag_offset = IPV4_GET_RAW_FRAGOFFSET(ip4h); } else if (PacketIsIPv6(p)) { af = AF_INET6; frag_offset = IPV6_EXTHDR_GET_FH_OFFSET(p); @@ -1166,9 +1172,9 @@ static Packet *BuildIpv4TestPacket( /* copy content_len crap, we need full length */ PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h)); - p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); - SET_IPV4_SRC_ADDR(p, &p->src); - SET_IPV4_DST_ADDR(p, &p->dst); + IPV4Hdr *ip4p = PacketSetIPV4(p, GET_PKT_DATA(p)); + SET_IPV4_SRC_ADDR(ip4p, &p->src); + SET_IPV4_DST_ADDR(ip4p, &p->dst); pcontent = SCCalloc(1, content_len); if (unlikely(pcontent == NULL)) @@ -1178,31 +1184,19 @@ static Packet *BuildIpv4TestPacket( SET_PKT_LEN(p, hlen + content_len); SCFree(pcontent); - p->ip4h->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0); + ip4p->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0); /* Self test. */ - if (IPV4_GET_VER(p) != 4) - goto error; - if (IPV4_GET_HLEN(p) != hlen) - goto error; - if (IPV4_GET_IPLEN(p) != hlen + content_len) - goto error; - if (IPV4_GET_IPID(p) != id) - goto error; - if (IPV4_GET_IPOFFSET(p) != off) - goto error; - if (IPV4_GET_MF(p) != mf) - goto error; - if (IPV4_GET_IPTTL(p) != ttl) - goto error; - if (IPV4_GET_IPPROTO(p) != proto) - goto error; + FAIL_IF(IPV4_GET_RAW_VER(ip4p) != 4); + FAIL_IF(IPV4_GET_RAW_HLEN(ip4p) != hlen); + FAIL_IF(IPV4_GET_RAW_IPLEN(ip4p) != hlen + content_len); + FAIL_IF(IPV4_GET_RAW_IPID(ip4p) != id); + FAIL_IF(IPV4_GET_RAW_FRAGOFFSET(ip4p) != off); + FAIL_IF(IPV4_GET_RAW_FLAG_MF(ip4p) != mf); + FAIL_IF(IPV4_GET_RAW_IPTTL(ip4p) != ttl); + FAIL_IF(IPV4_GET_RAW_IPPROTO(ip4p) != proto); return p; -error: - if (p != NULL) - SCFree(p); - return NULL; } /** @@ -1241,24 +1235,24 @@ static int BuildIpv4TestPacketWithContent(Packet **packet, uint8_t proto, uint16 /* copy content_len crap, we need full length */ PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h)); - p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); - SET_IPV4_SRC_ADDR(p, &p->src); - SET_IPV4_DST_ADDR(p, &p->dst); + IPV4Hdr *ip4p = PacketSetIPV4(p, GET_PKT_DATA(p)); + SET_IPV4_SRC_ADDR(ip4p, &p->src); + SET_IPV4_DST_ADDR(ip4p, &p->dst); PacketCopyDataOffset(p, hlen, content, content_len); SET_PKT_LEN(p, hlen + content_len); - p->ip4h->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0); + ip4p->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0); /* Self test. */ - FAIL_IF(IPV4_GET_VER(p) != 4); - FAIL_IF(IPV4_GET_HLEN(p) != hlen); - FAIL_IF(IPV4_GET_IPLEN(p) != hlen + content_len); - FAIL_IF(IPV4_GET_IPID(p) != id); - FAIL_IF(IPV4_GET_IPOFFSET(p) != off); - FAIL_IF(IPV4_GET_MF(p) != mf); - FAIL_IF(IPV4_GET_IPTTL(p) != ttl); - FAIL_IF(IPV4_GET_IPPROTO(p) != proto); + FAIL_IF(IPV4_GET_RAW_VER(ip4p) != 4); + FAIL_IF(IPV4_GET_RAW_HLEN(ip4p) != hlen); + FAIL_IF(IPV4_GET_RAW_IPLEN(ip4p) != hlen + content_len); + FAIL_IF(IPV4_GET_RAW_IPID(ip4p) != id); + FAIL_IF(IPV4_GET_RAW_FRAGOFFSET(ip4p) != off); + FAIL_IF(IPV4_GET_RAW_FLAG_MF(ip4p) != mf); + FAIL_IF(IPV4_GET_RAW_IPTTL(ip4p) != ttl); + FAIL_IF(IPV4_GET_RAW_IPPROTO(ip4p) != proto); *packet = p; PASS; @@ -1429,8 +1423,8 @@ static int DefragInOrderSimpleTest(void) reassembled = Defrag(&tv, &dtv, p3); FAIL_IF_NULL(reassembled); - FAIL_IF(IPV4_GET_HLEN(reassembled) != 20); - FAIL_IF(IPV4_GET_IPLEN(reassembled) != 39); + FAIL_IF(IPV4_GET_RAW_HLEN(PacketGetIPv4(reassembled)) != 20); + FAIL_IF(IPV4_GET_RAW_IPLEN(PacketGetIPv4(reassembled)) != 39); /* 20 bytes in we should find 8 bytes of A. */ for (int i = 20; i < 20 + 8; i++) { @@ -1483,8 +1477,8 @@ static int DefragReverseSimpleTest(void) reassembled = Defrag(&tv, &dtv, p1); FAIL_IF_NULL(reassembled); - FAIL_IF(IPV4_GET_HLEN(reassembled) != 20); - FAIL_IF(IPV4_GET_IPLEN(reassembled) != 39); + FAIL_IF(IPV4_GET_RAW_HLEN(PacketGetIPv4(reassembled)) != 20); + FAIL_IF(IPV4_GET_RAW_IPLEN(PacketGetIPv4(reassembled)) != 39); /* 20 bytes in we should find 8 bytes of A. */ for (int i = 20; i < 20 + 8; i++) { @@ -1716,8 +1710,8 @@ static int DefragDoSturgesNovakTest(int policy, uint8_t *expected, size_t expect Packet *reassembled = Defrag(&tv, &dtv, packets[16]); FAIL_IF_NULL(reassembled); - FAIL_IF(IPV4_GET_HLEN(reassembled) != 20); - FAIL_IF(IPV4_GET_IPLEN(reassembled) != 20 + 192); + FAIL_IF(IPV4_GET_RAW_HLEN(PacketGetIPv4(reassembled)) != 20); + FAIL_IF(IPV4_GET_RAW_IPLEN(PacketGetIPv4(reassembled)) != 20 + 192); FAIL_IF(expected_len != 192); if (memcmp(expected, GET_PKT_DATA(reassembled) + 20, expected_len) != 0) { @@ -2610,7 +2604,7 @@ static int DefragMfIpv4Test(void) /* Expected IP length is 20 + 8 + 8 = 36 as only 2 of the * fragments should be in the re-assembled packet. */ - FAIL_IF(IPV4_GET_IPLEN(p) != 36); + FAIL_IF(IPV4_GET_RAW_IPLEN(PacketGetIPv4(p)) != 36); /* Verify the payload of the IPv4 packet. */ uint8_t expected_payload[] = "AAAAAAAABBBBBBBB"; diff --git a/src/detect-csum.c b/src/detect-csum.c index 142a5c7f64..dd56e74a78 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -239,21 +239,21 @@ static int DetectIPV4CsumMatch(DetectEngineThreadCtx *det_ctx, { const DetectCsumData *cd = (const DetectCsumData *)ctx; - if (p->ip4h == NULL || PKT_IS_PSEUDOPKT(p)) + if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) return 0; if (p->flags & PKT_IGNORE_CHECKSUM) { return cd->valid; } - if (p->level3_comp_csum == -1) - p->level3_comp_csum = IPV4Checksum((uint16_t *)p->ip4h, - IPV4_GET_HLEN(p), - p->ip4h->ip_csum); + if (p->l3.comp_csum == -1) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + p->l3.comp_csum = IPV4Checksum((uint16_t *)ip4h, IPV4_GET_RAW_HLEN(ip4h), ip4h->ip_csum); + } - if (p->level3_comp_csum == 0 && cd->valid == 1) + if (p->l3.comp_csum == 0 && cd->valid == 1) return 1; - else if (p->level3_comp_csum != 0 && cd->valid == 0) + else if (p->l3.comp_csum != 0 && cd->valid == 0) return 1; else return 0; @@ -327,20 +327,18 @@ static int DetectTCPV4CsumMatch(DetectEngineThreadCtx *det_ctx, { const DetectCsumData *cd = (const DetectCsumData *)ctx; - if (p->ip4h == NULL || p->tcph == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p)) + if (!PacketIsIPv4(p) || p->tcph == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p)) return 0; if (p->flags & PKT_IGNORE_CHECKSUM) { return cd->valid; } - if (p->level4_comp_csum == -1) - p->level4_comp_csum = TCPChecksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->tcph, - (p->payload_len + - TCP_GET_HLEN(p)), - p->tcph->th_sum); - + if (p->level4_comp_csum == -1) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + p->level4_comp_csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, + (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); + } if (p->level4_comp_csum == 0 && cd->valid == 1) return 1; else if (p->level4_comp_csum != 0 && cd->valid == 0) @@ -507,20 +505,19 @@ static int DetectUDPV4CsumMatch(DetectEngineThreadCtx *det_ctx, { const DetectCsumData *cd = (const DetectCsumData *)ctx; - if (p->ip4h == NULL || p->udph == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p) || p->udph->uh_sum == 0) + if (!PacketIsIPv4(p) || p->udph == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p) || + p->udph->uh_sum == 0) return 0; if (p->flags & PKT_IGNORE_CHECKSUM) { return cd->valid; } - if (p->level4_comp_csum == -1) - p->level4_comp_csum = UDPV4Checksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->udph, - (p->payload_len + - UDP_HEADER_LEN), - p->udph->uh_sum); - + if (p->level4_comp_csum == -1) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + p->level4_comp_csum = UDPV4Checksum(ip4h->s_ip_addrs, (uint16_t *)p->udph, + (p->payload_len + UDP_HEADER_LEN), p->udph->uh_sum); + } if (p->level4_comp_csum == 0 && cd->valid == 1) return 1; else if (p->level4_comp_csum != 0 && cd->valid == 0) @@ -687,18 +684,18 @@ static int DetectICMPV4CsumMatch(DetectEngineThreadCtx *det_ctx, { const DetectCsumData *cd = (const DetectCsumData *)ctx; - if (p->ip4h == NULL || p->icmpv4h == NULL || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p)) + if (!PacketIsIPv4(p) || p->icmpv4h == NULL || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p)) return 0; if (p->flags & PKT_IGNORE_CHECKSUM) { return cd->valid; } - if (p->level4_comp_csum == -1) - p->level4_comp_csum = ICMPV4CalculateChecksum((uint16_t *)p->icmpv4h, - SCNtohs(IPV4_GET_RAW_IPLEN(p->ip4h)) - - IPV4_GET_RAW_HLEN(p->ip4h) * 4); - + if (p->level4_comp_csum == -1) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + p->level4_comp_csum = ICMPV4CalculateChecksum( + (uint16_t *)p->icmpv4h, IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h)); + } if (p->level4_comp_csum == p->icmpv4h->checksum && cd->valid == 1) return 1; else if (p->level4_comp_csum != p->icmpv4h->checksum && cd->valid == 0) diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 26635d2e01..ec82bd0446 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -147,11 +147,12 @@ static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx, uint8_t fragbits = 0; const DetectFragBitsData *de = (const DetectFragBitsData *)ctx; - if(IPV4_GET_MF(p)) + const IPV4Hdr *ip4h = PacketGetIPv4(p); + if (IPV4_GET_RAW_FLAG_MF(ip4h)) fragbits |= FRAGBITS_HAVE_MF; - if(IPV4_GET_DF(p)) + if (IPV4_GET_RAW_FLAG_DF(ip4h)) fragbits |= FRAGBITS_HAVE_DF; - if(IPV4_GET_RF(p)) + if (IPV4_GET_RAW_FLAG_RF(ip4h)) fragbits |= FRAGBITS_HAVE_RF; return FragBitsMatch(fragbits, de->modifier, de->fragbits); @@ -325,11 +326,12 @@ PrefilterPacketFragBitsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const vo return; uint8_t fragbits = 0; - if (IPV4_GET_MF(p)) + const IPV4Hdr *ip4h = PacketGetIPv4(p); + if (IPV4_GET_RAW_FLAG_MF(ip4h)) fragbits |= FRAGBITS_HAVE_MF; - if (IPV4_GET_DF(p)) + if (IPV4_GET_RAW_FLAG_DF(ip4h)) fragbits |= FRAGBITS_HAVE_DF; - if (IPV4_GET_RF(p)) + if (IPV4_GET_RAW_FLAG_RF(ip4h)) fragbits |= FRAGBITS_HAVE_RF; if (FragBitsMatch(fragbits, ctx->v1.u8[0], ctx->v1.u8[1])) diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 2151c3c8b1..218fd31b68 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -115,7 +115,8 @@ static int DetectFragOffsetMatch (DetectEngineThreadCtx *det_ctx, return 0; if (PacketIsIPv4(p)) { - frag = IPV4_GET_IPOFFSET(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + frag = IPV4_GET_RAW_FRAGOFFSET(ip4h); } else if (PacketIsIPv6(p)) { if (IPV6_EXTHDR_ISSET_FH(p)) { frag = IPV6_EXTHDR_GET_FH_OFFSET(p); @@ -269,7 +270,8 @@ PrefilterPacketFragOffsetMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const uint16_t frag; if (PacketIsIPv4(p)) { - frag = IPV4_GET_IPOFFSET(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + frag = IPV4_GET_RAW_FRAGOFFSET(ip4h); } else if (PacketIsIPv6(p)) { if (IPV6_EXTHDR_ISSET_FH(p)) { frag = IPV6_EXTHDR_GET_FH_OFFSET(p); @@ -407,7 +409,7 @@ static int DetectFragOffsetMatchTest01 (void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.ip_off = 0x2222; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 301b2e7683..8c75dae60d 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -490,7 +490,7 @@ static int DetectIcmpIdMatchTest02 (void) ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4)); diff --git a/src/detect-id.c b/src/detect-id.c index 75634b0569..8cea0d4e95 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -102,7 +102,8 @@ static int DetectIdMatch (DetectEngineThreadCtx *det_ctx, Packet *p, return 0; } - if (id_d->id == IPV4_GET_IPID(p)) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + if (id_d->id == IPV4_GET_RAW_IPID(ip4h)) { SCLogDebug("IPV4 Proto and matched with ip_id: %u.\n", id_d->id); return 1; @@ -232,8 +233,8 @@ PrefilterPacketIdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pe if (!PrefilterPacketHeaderExtraMatch(ctx, p)) return; - if (IPV4_GET_IPID(p) == ctx->v1.u16[0]) - { + const IPV4Hdr *ip4h = PacketGetIPv4(p); + if (ctx->v1.u16[0] == IPV4_GET_RAW_IPID(ip4h)) { SCLogDebug("packet matches IP id %u", ctx->v1.u16[0]); PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt); } @@ -356,13 +357,13 @@ static int DetectIdTestMatch01(void) FAIL_IF_NULL(p[2]); /* TCP IP id = 1234 */ - p[0]->ip4h->ip_id = htons(1234); + p[0]->l3.hdrs.ip4h->ip_id = htons(1234); /* UDP IP id = 5678 */ - p[1]->ip4h->ip_id = htons(5678); + p[1]->l3.hdrs.ip4h->ip_id = htons(5678); /* UDP IP id = 91011 */ - p[2]->ip4h->ip_id = htons(5101); + p[2]->l3.hdrs.ip4h->ip_id = htons(5101); const char *sigs[3]; sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; id:1234; sid:1;)"; diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index 0c69b7e539..80d0ba195d 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -31,6 +31,7 @@ #include "detect-ipopts.h" #include "util-unittest.h" +#include "util-unittest-helper.h" static int DetectIpOptsMatch (DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *); @@ -162,7 +163,7 @@ static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p, if (!de || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) return 0; - return (p->ip4vars.opts_set & de->ipopt) == de->ipopt; + return (p->l3.vars.ip4.opts_set & de->ipopt) == de->ipopt; } /** @@ -292,8 +293,8 @@ static int IpOptsTestParse03 (void) memset(&tv, 0, sizeof(ThreadVars)); memset(&ip4h, 0, sizeof(IPV4Hdr)); - p->ip4h = &ip4h; - p->ip4vars.opts_set = IPV4_OPT_FLAG_RR; + UTHSetIPV4Hdr(p, &ip4h); + p->l3.vars.ip4.opts_set = IPV4_OPT_FLAG_RR; DetectIpOptsData *de = DetectIpOptsParse("rr"); FAIL_IF_NULL(de); @@ -326,8 +327,8 @@ static int IpOptsTestParse04 (void) memset(&tv, 0, sizeof(ThreadVars)); memset(&ip4h, 0, sizeof(IPV4Hdr)); - p->ip4h = &ip4h; - p->ip4vars.opts_set = IPV4_OPT_FLAG_RR; + UTHSetIPV4Hdr(p, &ip4h); + p->l3.vars.ip4.opts_set = IPV4_OPT_FLAG_RR; DetectIpOptsData *de = DetectIpOptsParse("lsrr"); FAIL_IF_NULL(de); diff --git a/src/detect-ipv4hdr.c b/src/detect-ipv4hdr.c index 76334410e3..52dfa71f50 100644 --- a/src/detect-ipv4hdr.c +++ b/src/detect-ipv4hdr.c @@ -100,22 +100,21 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id); if (buffer->inspect == NULL) { - if (p->ip4h == NULL) { + if (!PacketIsIPv4(p)) { // DETECT_PROTO_IPV4 does not prefilter return NULL; } - uint32_t hlen = IPV4_GET_HLEN(p); - if (((uint8_t *)p->ip4h + (ptrdiff_t)hlen) > - ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p))) - { - SCLogDebug("data out of range: %p > %p", - ((uint8_t *)p->ip4h + (ptrdiff_t)hlen), + const IPV4Hdr *ip4h = PacketGetIPv4(p); + uint32_t hlen = IPV4_GET_RAW_HLEN(ip4h); + if (((uint8_t *)ip4h + (ptrdiff_t)hlen) > + ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p))) { + SCLogDebug("data out of range: %p > %p", ((uint8_t *)ip4h + (ptrdiff_t)hlen), ((uint8_t *)GET_PKT_DATA(p) + (ptrdiff_t)GET_PKT_LEN(p))); return NULL; } const uint32_t data_len = hlen; - const uint8_t *data = (const uint8_t *)p->ip4h; + const uint8_t *data = (const uint8_t *)ip4h; InspectionBufferSetup(det_ctx, list_id, buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); diff --git a/src/detect-l3proto.c b/src/detect-l3proto.c index 6e08cf978b..c00636d3c0 100644 --- a/src/detect-l3proto.c +++ b/src/detect-l3proto.c @@ -131,7 +131,7 @@ static int DetectL3protoTestSig1(void) p->src.family = AF_INET; p->dst.family = AF_INET; p->proto = IPPROTO_TCP; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index 196439aa31..5466480212 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -26,6 +26,7 @@ #include "suricata-common.h" #include "stream-tcp.h" #include "util-unittest.h" +#include "util-unittest-helper.h" #include "detect.h" #include "detect-parse.h" @@ -391,7 +392,7 @@ static int DetectStreamSizeParseTest04 (void) ssn.client = client; f.protoctx = &ssn; p->flow = &f; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); sm.ctx = (SigMatchCtx*)sd; if (!DetectStreamSizeMatch(&dtx, p, &s, sm.ctx)) diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 5809a5dce9..a3bccdef8b 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -37,6 +37,7 @@ #include "detect-tcp-flags.h" #include "util-unittest.h" +#include "util-unittest-helper.h" #include "util-debug.h" @@ -669,7 +670,7 @@ static int FlagsTestParse03 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ACK|TH_PUSH|TH_SYN|TH_RST; @@ -723,7 +724,7 @@ static int FlagsTestParse04 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN; @@ -778,7 +779,7 @@ static int FlagsTestParse05 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ACK|TH_PUSH|TH_SYN|TH_RST; @@ -833,7 +834,7 @@ static int FlagsTestParse06 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ACK|TH_PUSH|TH_SYN|TH_RST; @@ -887,7 +888,7 @@ static int FlagsTestParse07 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN|TH_RST; @@ -942,7 +943,7 @@ static int FlagsTestParse08 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN|TH_RST; @@ -996,7 +997,7 @@ static int FlagsTestParse09 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN|TH_RST; @@ -1050,7 +1051,7 @@ static int FlagsTestParse10 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN|TH_RST; @@ -1104,7 +1105,7 @@ static int FlagsTestParse11 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN|TH_RST|TH_URG; @@ -1159,7 +1160,7 @@ static int FlagsTestParse12 (void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_SYN; @@ -1245,7 +1246,7 @@ static int FlagsTestParse15(void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ECN | TH_CWR | TH_SYN | TH_RST; @@ -1297,7 +1298,7 @@ static int FlagsTestParse16(void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ECN | TH_SYN | TH_RST; @@ -1352,7 +1353,7 @@ static int FlagsTestParse17(void) memset(&ipv4h, 0, sizeof(IPV4Hdr)); memset(&tcph, 0, sizeof(TCPHdr)); - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); p->tcph = &tcph; p->tcph->th_flags = TH_ECN | TH_SYN | TH_RST; diff --git a/src/detect-template2.c b/src/detect-template2.c index 411a2a1ae9..bc622084e5 100644 --- a/src/detect-template2.c +++ b/src/detect-template2.c @@ -84,7 +84,8 @@ static int DetectTemplate2Match (DetectEngineThreadCtx *det_ctx, Packet *p, /* TODO replace this */ uint8_t ptemplate2; if (PacketIsIPv4(p)) { - ptemplate2 = IPV4_GET_IPTTL(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h); } else if (PacketIsIPv6(p)) { ptemplate2 = IPV6_GET_HLIM(p); } else { @@ -144,7 +145,8 @@ PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const v uint8_t ptemplate2; /* TODO update */ if (PacketIsIPv4(p)) { - ptemplate2 = IPV4_GET_IPTTL(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + ptemplate2 = IPV4_GET_RAW_IPTTL(ip4h); } else if (PacketIsIPv6(p)) { ptemplate2 = IPV6_GET_HLIM(p); } else { diff --git a/src/detect-tos.c b/src/detect-tos.c index c268e7946c..aa5cc2090f 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -100,8 +100,9 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p, return 0; } - if (tosd->tos == IPV4_GET_IPTOS(p)) { - SCLogDebug("tos match found for %d\n", tosd->tos); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + if (tosd->tos == IPV4_GET_RAW_IPTOS(ip4h)) { + SCLogDebug("tos match found for %d", tosd->tos); result = 1; } @@ -328,7 +329,7 @@ static int DetectTosTest12(void) if (p == NULL) goto end; - IPV4_SET_RAW_IPTOS(p->ip4h, 10); + p->l3.hdrs.ip4h->ip_tos = 10; const char *sigs[4]; sigs[0]= "alert ip any any -> any any (msg:\"Testing id 1\"; tos: 10 ; sid:1;)"; diff --git a/src/detect-ttl.c b/src/detect-ttl.c index 763f655330..9a59eff2b3 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -88,7 +88,8 @@ static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p, uint8_t pttl; if (PacketIsIPv4(p)) { - pttl = IPV4_GET_IPTTL(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + pttl = IPV4_GET_RAW_IPTTL(ip4h); } else if (PacketIsIPv6(p)) { pttl = IPV6_GET_HLIM(p); } else { @@ -146,7 +147,8 @@ PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p uint8_t pttl; if (PacketIsIPv4(p)) { - pttl = IPV4_GET_IPTTL(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + pttl = IPV4_GET_RAW_IPTTL(ip4h); } else if (PacketIsIPv6(p)) { pttl = IPV6_GET_HLIM(p); } else { diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 63aec2f0e6..bc2327e935 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -132,22 +132,22 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup( } } /* set the ip header */ - p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); + IPV4Hdr *ip4h = PacketSetIPV4(p, GET_PKT_DATA(p)); /* version 4 and length 20 bytes for the tcp header */ - p->ip4h->ip_verhl = 0x45; - p->ip4h->ip_tos = 0; - p->ip4h->ip_len = htons(40); - p->ip4h->ip_id = 0; - p->ip4h->ip_off = 0; - p->ip4h->ip_ttl = 64; - p->ip4h->ip_proto = IPPROTO_TCP; + ip4h->ip_verhl = 0x45; + ip4h->ip_tos = 0; + ip4h->ip_len = htons(40); + ip4h->ip_id = 0; + ip4h->ip_off = 0; + ip4h->ip_ttl = 64; + ip4h->ip_proto = IPPROTO_TCP; //p->ip4h->ip_csum = if (direction == 0) { - p->ip4h->s_ip_src.s_addr = f->src.addr_data32[0]; - p->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0]; + ip4h->s_ip_src.s_addr = f->src.addr_data32[0]; + ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0]; } else { - p->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0]; - p->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0]; + ip4h->s_ip_src.s_addr = f->dst.addr_data32[0]; + ip4h->s_ip_dst.s_addr = f->src.addr_data32[0]; } /* set the tcp header */ @@ -233,12 +233,11 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup( } if (FLOW_IS_IPV4(f)) { - p->tcph->th_sum = TCPChecksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->tcph, 20, 0); + IPV4Hdr *ip4h = p->l3.hdrs.ip4h; + p->tcph->th_sum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, 20, 0); /* calc ipv4 csum as we may log it and barnyard might reject * a wrong checksum */ - p->ip4h->ip_csum = IPV4Checksum((uint16_t *)p->ip4h, - IPV4_GET_RAW_HLEN(p->ip4h), 0); + ip4h->ip_csum = IPV4Checksum((uint16_t *)ip4h, IPV4_GET_RAW_HLEN(ip4h), 0); } else if (FLOW_IS_IPV6(f)) { p->tcph->th_sum = TCPChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, 20, 0); diff --git a/src/flow-util.c b/src/flow-util.c index 32df988170..879a9282e6 100644 --- a/src/flow-util.c +++ b/src/flow-util.c @@ -154,9 +154,10 @@ void FlowInit(Flow *f, const Packet *p) f->livedev = p->livedev; if (PacketIsIPv4(p)) { - FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, &f->src); - FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, &f->dst); - f->min_ttl_toserver = f->max_ttl_toserver = IPV4_GET_IPTTL((p)); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(ip4h, &f->src); + FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(ip4h, &f->dst); + f->min_ttl_toserver = f->max_ttl_toserver = IPV4_GET_RAW_IPTTL(ip4h); f->flags |= FLOW_IPV4; } else if (PacketIsIPv6(p)) { FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, &f->src); diff --git a/src/flow.c b/src/flow.c index ae61506b11..18c419f5ab 100644 --- a/src/flow.c +++ b/src/flow.c @@ -438,7 +438,8 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars FlowUpdateEthernet(tv, dtv, f, p->ethh, true); /* update flow's ttl fields if needed */ if (PacketIsIPv4(p)) { - FlowUpdateTtlTS(f, p, IPV4_GET_IPTTL(p)); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + FlowUpdateTtlTS(f, p, IPV4_GET_RAW_IPTTL(ip4h)); } else if (PacketIsIPv6(p)) { FlowUpdateTtlTS(f, p, IPV6_GET_HLIM(p)); } @@ -460,7 +461,8 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p, ThreadVars *tv, DecodeThreadVars FlowUpdateEthernet(tv, dtv, f, p->ethh, false); /* update flow's ttl fields if needed */ if (PacketIsIPv4(p)) { - FlowUpdateTtlTC(f, p, IPV4_GET_IPTTL(p)); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + FlowUpdateTtlTC(f, p, IPV4_GET_RAW_IPTTL(ip4h)); } else if (PacketIsIPv6(p)) { FlowUpdateTtlTC(f, p, IPV6_GET_HLIM(p)); } diff --git a/src/flow.h b/src/flow.h index 952dd34e89..6a75019b4b 100644 --- a/src/flow.h +++ b/src/flow.h @@ -189,18 +189,20 @@ typedef struct AppLayerParserState_ AppLayerParserState; * * We set the rest of the struct to 0 so we can * prevent using memset. */ -#define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \ - (a)->addr_data32[1] = 0; \ - (a)->addr_data32[2] = 0; \ - (a)->addr_data32[3] = 0; \ +#define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(ip4h, a) \ + do { \ + (a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_src.s_addr; \ + (a)->addr_data32[1] = 0; \ + (a)->addr_data32[2] = 0; \ + (a)->addr_data32[3] = 0; \ } while (0) -#define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \ - (a)->addr_data32[1] = 0; \ - (a)->addr_data32[2] = 0; \ - (a)->addr_data32[3] = 0; \ +#define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(ip4h, a) \ + do { \ + (a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_dst.s_addr; \ + (a)->addr_data32[1] = 0; \ + (a)->addr_data32[2] = 0; \ + (a)->addr_data32[3] = 0; \ } while (0) /* Set the IPv6 addressesinto the Addrs of the Packet. diff --git a/src/output-eve-stream.c b/src/output-eve-stream.c index e6cae76911..8af30ba038 100644 --- a/src/output-eve-stream.c +++ b/src/output-eve-stream.c @@ -322,10 +322,11 @@ static int EveStreamLogger(ThreadVars *tv, void *thread_data, const Packet *p) jb_open_object(js, "packet"); if (PacketIsIPv4(p)) { - jb_set_uint(js, "len", IPV4_GET_IPLEN(p)); - jb_set_uint(js, "tos", IPV4_GET_IPTOS(p)); - jb_set_uint(js, "ttl", IPV4_GET_IPTTL(p)); - jb_set_uint(js, "ipid", IPV4_GET_IPID(p)); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + jb_set_uint(js, "len", IPV4_GET_RAW_IPLEN(ip4h)); + jb_set_uint(js, "tos", IPV4_GET_RAW_IPTOS(ip4h)); + jb_set_uint(js, "ttl", IPV4_GET_RAW_IPTTL(ip4h)); + jb_set_uint(js, "ipid", IPV4_GET_RAW_IPID(ip4h)); } else if (PacketIsIPv6(p)) { jb_set_uint(js, "len", IPV6_GET_PLEN(p)); jb_set_uint(js, "tc", IPV6_GET_CLASS(p)); diff --git a/src/output-json-drop.c b/src/output-json-drop.c index 42c6dd05e7..f337d4e38a 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -108,11 +108,12 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) uint16_t proto = 0; if (PacketIsIPv4(p)) { - jb_set_uint(js, "len", IPV4_GET_IPLEN(p)); - jb_set_uint(js, "tos", IPV4_GET_IPTOS(p)); - jb_set_uint(js, "ttl", IPV4_GET_IPTTL(p)); - jb_set_uint(js, "ipid", IPV4_GET_IPID(p)); - proto = IPV4_GET_IPPROTO(p); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + jb_set_uint(js, "len", IPV4_GET_RAW_IPLEN(ip4h)); + jb_set_uint(js, "tos", IPV4_GET_RAW_IPTOS(ip4h)); + jb_set_uint(js, "ttl", IPV4_GET_RAW_IPTTL(ip4h)); + jb_set_uint(js, "ipid", IPV4_GET_RAW_IPID(ip4h)); + proto = IPV4_GET_RAW_IPPROTO(ip4h); } else if (PacketIsIPv6(p)) { jb_set_uint(js, "len", IPV6_GET_PLEN(p)); jb_set_uint(js, "tc", IPV6_GET_CLASS(p)); diff --git a/src/packet.c b/src/packet.c index a4ba2ba87f..57fb6be22f 100644 --- a/src/packet.c +++ b/src/packet.c @@ -64,6 +64,7 @@ void PacketInit(Packet *p) SCSpinInit(&p->persistent.tunnel_lock, 0); p->alerts.alerts = PacketAlertCreate(); PACKET_RESET_CHECKSUMS(p); + p->l3.comp_csum = -1; p->livedev = NULL; } @@ -114,12 +115,8 @@ void PacketReinit(Packet *p) p->pktvar = NULL; } p->ethh = NULL; - if (p->ip4h != NULL) { - CLEAR_IPV4_PACKET(p); - } - if (p->ip6h != NULL) { - CLEAR_IPV6_PACKET(p); - } + PacketClearL3(p); + p->l3.comp_csum = -1; if (p->tcph != NULL) { CLEAR_TCP_PACKET(p); } diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c index 634fa3b8b5..1a64a398ee 100644 --- a/src/respond-reject-libnet11.c +++ b/src/respond-reject-libnet11.c @@ -339,6 +339,7 @@ cleanup: int RejectSendLibnet11IPv4ICMP(ThreadVars *tv, Packet *p, void *data, enum RejectDirection dir) { + const IPV4Hdr *ip4h = PacketGetIPv4(p); Libnet11Packet lpacket; int result; @@ -347,7 +348,7 @@ int RejectSendLibnet11IPv4ICMP(ThreadVars *tv, Packet *p, void *data, enum Rejec lpacket.id = 0; lpacket.flow = 0; lpacket.class = 0; - const uint16_t iplen = IPV4_GET_IPLEN(p); + const uint16_t iplen = IPV4_GET_RAW_IPLEN(ip4h); if (g_reject_dev_mtu >= ETHERNET_HEADER_LEN + LIBNET_IPV4_H + 8) { lpacket.len = MIN(g_reject_dev_mtu - ETHERNET_HEADER_LEN, (LIBNET_IPV4_H + iplen)); } else { @@ -375,14 +376,13 @@ int RejectSendLibnet11IPv4ICMP(ThreadVars *tv, Packet *p, void *data, enum Rejec lpacket.ttl = 64; /* build the package */ - if ((libnet_build_icmpv4_unreach( - ICMP_DEST_UNREACH, /* type */ - ICMP_HOST_ANO, /* code */ - 0, /* checksum */ - (uint8_t *)p->ip4h, /* payload */ - lpacket.dsize, /* payload length */ - c, /* libnet context */ - 0)) < 0) /* libnet ptag */ + if ((libnet_build_icmpv4_unreach(ICMP_DEST_UNREACH, /* type */ + ICMP_HOST_ANO, /* code */ + 0, /* checksum */ + (uint8_t *)ip4h, /* payload */ + lpacket.dsize, /* payload length */ + c, /* libnet context */ + 0)) < 0) /* libnet ptag */ { SCLogError("libnet_build_icmpv4_unreach %s", libnet_geterror(c)); goto cleanup; diff --git a/src/source-dpdk.c b/src/source-dpdk.c index d6720fa831..d4965c0e1c 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -494,7 +494,7 @@ static inline Packet *PacketInitFromMbuf(DPDKThreadVars *ptv, struct rte_mbuf *m if ((ol_flags & RTE_MBUF_F_RX_IP_CKSUM_MASK) == RTE_MBUF_F_RX_IP_CKSUM_BAD) { SCLogDebug("HW detected BAD IP checksum"); // chsum recalc will not be triggered but rule keyword check will be - p->level3_comp_csum = 0; + p->l3.comp_csum = 0; } if ((ol_flags & RTE_MBUF_F_RX_L4_CKSUM_MASK) == RTE_MBUF_F_RX_L4_CKSUM_BAD) { SCLogDebug("HW detected BAD L4 chsum"); diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 5152660660..36ce466e35 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5680,11 +5680,9 @@ static inline int StreamTcpValidateChecksum(Packet *p) if (p->level4_comp_csum == -1) { if (PacketIsIPv4(p)) { - p->level4_comp_csum = TCPChecksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->tcph, - (p->payload_len + - TCP_GET_HLEN(p)), - p->tcph->th_sum); + const IPV4Hdr *ip4h = PacketGetIPv4(p); + p->level4_comp_csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, + (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); } else if (PacketIsIPv6(p)) { p->level4_comp_csum = TCPV6Checksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, @@ -6730,21 +6728,21 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv, } } /* set the ip header */ - np->ip4h = (IPV4Hdr *)GET_PKT_DATA(np); + IPV4Hdr *ip4h = PacketSetIPV4(np, GET_PKT_DATA(np)); /* version 4 and length 20 bytes for the tcp header */ - np->ip4h->ip_verhl = 0x45; - np->ip4h->ip_tos = 0; - np->ip4h->ip_len = htons(40); - np->ip4h->ip_id = 0; - np->ip4h->ip_off = 0; - np->ip4h->ip_ttl = 64; - np->ip4h->ip_proto = IPPROTO_TCP; + ip4h->ip_verhl = 0x45; + ip4h->ip_tos = 0; + ip4h->ip_len = htons(40); + ip4h->ip_id = 0; + ip4h->ip_off = 0; + ip4h->ip_ttl = 64; + ip4h->ip_proto = IPPROTO_TCP; if (dir == 0) { - np->ip4h->s_ip_src.s_addr = f->src.addr_data32[0]; - np->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0]; + ip4h->s_ip_src.s_addr = f->src.addr_data32[0]; + ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0]; } else { - np->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0]; - np->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0]; + ip4h->s_ip_src.s_addr = f->dst.addr_data32[0]; + ip4h->s_ip_dst.s_addr = f->src.addr_data32[0]; } /* set the tcp header */ diff --git a/src/tests/detect-ttl.c b/src/tests/detect-ttl.c index 74949313c4..730c8b87fd 100644 --- a/src/tests/detect-ttl.c +++ b/src/tests/detect-ttl.c @@ -172,7 +172,7 @@ static int DetectTtlTestSig1(void) p->dst.family = AF_INET; p->proto = IPPROTO_TCP; ip4h.ip_ttl = 15; - p->ip4h = &ip4h; + UTHSetIPV4Hdr(p, &ip4h); DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); diff --git a/src/tests/detect.c b/src/tests/detect.c index 08bf999753..3705ba9b64 100644 --- a/src/tests/detect.c +++ b/src/tests/detect.c @@ -1511,16 +1511,14 @@ static int SigTest24IPV4Keyword(void) PACKET_RESET_CHECKSUMS(p1); PACKET_RESET_CHECKSUMS(p2); - p1->ip4h = (IPV4Hdr *)valid_raw_ipv4; - + PacketSetIPV4(p1, valid_raw_ipv4); p1->src.family = AF_INET; p1->dst.family = AF_INET; p1->payload = buf; p1->payload_len = buflen; p1->proto = IPPROTO_TCP; - p2->ip4h = (IPV4Hdr *)invalid_raw_ipv4; - + PacketSetIPV4(p2, invalid_raw_ipv4); p2->src.family = AF_INET; p2->dst.family = AF_INET; p2->payload = buf; @@ -1613,16 +1611,14 @@ static int SigTest25NegativeIPV4Keyword(void) PACKET_RESET_CHECKSUMS(p1); PACKET_RESET_CHECKSUMS(p2); - p1->ip4h = (IPV4Hdr *)valid_raw_ipv4; - + PacketSetIPV4(p1, valid_raw_ipv4); p1->src.family = AF_INET; p1->dst.family = AF_INET; p1->payload = buf; p1->payload_len = buflen; p1->proto = IPPROTO_TCP; - p2->ip4h = (IPV4Hdr *)invalid_raw_ipv4; - + PacketSetIPV4(p2, invalid_raw_ipv4); p2->src.family = AF_INET; p2->dst.family = AF_INET; p2->payload = buf; @@ -1723,7 +1719,7 @@ static int SigTest26TCPV4Keyword(void) PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -1732,7 +1728,7 @@ static int SigTest26TCPV4Keyword(void) p1->proto = IPPROTO_TCP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -1821,7 +1817,7 @@ static int SigTest26TCPV4AndNegativeIPV4Keyword(void) PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -1830,7 +1826,7 @@ static int SigTest26TCPV4AndNegativeIPV4Keyword(void) p1->proto = IPPROTO_TCP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -1945,7 +1941,7 @@ static int SigTest26TCPV4AndIPV4Keyword(void) PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -1954,7 +1950,7 @@ static int SigTest26TCPV4AndIPV4Keyword(void) p1->proto = IPPROTO_TCP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -2056,7 +2052,7 @@ static int SigTest27NegativeTCPV4Keyword(void) PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -2065,7 +2061,7 @@ static int SigTest27NegativeTCPV4Keyword(void) p1->proto = IPPROTO_TCP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -2420,7 +2416,7 @@ static int SigTest30UDPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p1, raw_ipv4); p1->udph = (UDPHdr *)valid_raw_udp; p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -2429,7 +2425,7 @@ static int SigTest30UDPV4Keyword(void) p1->proto = IPPROTO_UDP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p2, raw_ipv4); p2->udph = (UDPHdr *)invalid_raw_udp; p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -2526,7 +2522,7 @@ static int SigTest31NegativeUDPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p1, raw_ipv4); p1->udph = (UDPHdr *)valid_raw_udp; p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -2535,7 +2531,7 @@ static int SigTest31NegativeUDPV4Keyword(void) p1->proto = IPPROTO_UDP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p2, raw_ipv4); p2->udph = (UDPHdr *)invalid_raw_udp; p2->src.family = AF_INET; p2->dst.family = AF_INET; @@ -2852,9 +2848,9 @@ static int SigTest34ICMPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)(valid_raw_ipv4); - p1->ip4h->ip_verhl = 69; - p1->icmpv4h = (ICMPV4Hdr *) (valid_raw_ipv4 + IPV4_GET_RAW_HLEN(p1->ip4h) * 4); + IPV4Hdr *ip4h = PacketSetIPV4(p1, valid_raw_ipv4); + ip4h->ip_verhl = 69; + p1->icmpv4h = (ICMPV4Hdr *)(valid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); p1->src.family = AF_INET; p1->dst.family = AF_INET; p1->payload = buf; @@ -2862,9 +2858,9 @@ static int SigTest34ICMPV4Keyword(void) p1->proto = IPPROTO_ICMP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)(invalid_raw_ipv4); - p2->ip4h->ip_verhl = 69; - p2->icmpv4h = (ICMPV4Hdr *) (invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(p2->ip4h) * 4); + ip4h = PacketSetIPV4(p2, invalid_raw_ipv4); + ip4h->ip_verhl = 69; + p2->icmpv4h = (ICMPV4Hdr *)(invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); p2->src.family = AF_INET; p2->dst.family = AF_INET; p2->payload = buf; @@ -2970,9 +2966,9 @@ static int SigTest35NegativeICMPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); PACKET_RESET_CHECKSUMS(p1); - p1->ip4h = (IPV4Hdr *)(valid_raw_ipv4); - p1->ip4h->ip_verhl = 69; - p1->icmpv4h = (ICMPV4Hdr *) (valid_raw_ipv4 + IPV4_GET_RAW_HLEN(p1->ip4h) * 4); + IPV4Hdr *ip4h = PacketSetIPV4(p1, valid_raw_ipv4); + ip4h->ip_verhl = 69; + p1->icmpv4h = (ICMPV4Hdr *)(valid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); p1->src.family = AF_INET; p1->dst.family = AF_INET; p1->payload = buf; @@ -2980,9 +2976,9 @@ static int SigTest35NegativeICMPV4Keyword(void) p1->proto = IPPROTO_ICMP; PACKET_RESET_CHECKSUMS(p2); - p2->ip4h = (IPV4Hdr *)(invalid_raw_ipv4); - p2->ip4h->ip_verhl = 69; - p2->icmpv4h = (ICMPV4Hdr *) (invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(p2->ip4h) * 4); + ip4h = PacketSetIPV4(p2, invalid_raw_ipv4); + ip4h->ip_verhl = 69; + p2->icmpv4h = (ICMPV4Hdr *)(invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); p2->src.family = AF_INET; p2->dst.family = AF_INET; p2->payload = buf; @@ -3107,7 +3103,7 @@ static int SigTest38(void) PACKET_RESET_CHECKSUMS(p1); p1->ethh = (EthernetHdr *)raw_eth; - p1->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p1, raw_ipv4); p1->tcph = (TCPHdr *)raw_tcp; p1->src.family = AF_INET; p1->dst.family = AF_INET; @@ -3223,7 +3219,7 @@ static int SigTest39(void) PACKET_RESET_CHECKSUMS(p1); p1->ethh = (EthernetHdr *)raw_eth; - p1->ip4h = (IPV4Hdr *)raw_ipv4; + PacketSetIPV4(p1, raw_ipv4); p1->tcph = (TCPHdr *)raw_tcp; p1->src.family = AF_INET; p1->dst.family = AF_INET; diff --git a/src/tests/stream-tcp.c b/src/tests/stream-tcp.c index 32ccb73f92..3dd1a6ea64 100644 --- a/src/tests/stream-tcp.c +++ b/src/tests/stream-tcp.c @@ -25,6 +25,7 @@ #include "../util-streaming-buffer.h" #include "../util-print.h" #include "../util-unittest.h" +#include "../util-unittest-helper.h" #define SET_ISN(stream, setseq) \ (stream)->isn = (setseq); \ @@ -1138,7 +1139,7 @@ static int StreamTcpTest14(void) p->tcph = &tcph; p->dst.family = AF_INET; p->dst.address.address_un_data32[0] = addr.s_addr; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); StreamTcpCreateTestPacket(payload, 0x41, 3, sizeof(payload)); /*AAA*/ p->payload = payload; @@ -1528,7 +1529,7 @@ static int StreamTcpTest15(void) p->tcph = &tcph; p->dst.family = AF_INET; p->dst.address.address_un_data32[0] = addr.s_addr; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); StreamTcpCreateTestPacket(payload, 0x41, 3, sizeof(payload)); /*AAA*/ p->payload = payload; @@ -1690,7 +1691,7 @@ static int StreamTcpTest16(void) p->tcph = &tcph; p->dst.family = AF_INET; p->dst.address.address_un_data32[0] = addr.s_addr; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); StreamTcpCreateTestPacket(payload, 0x41, 3, sizeof(payload)); /*AAA*/ p->payload = payload; @@ -1853,7 +1854,7 @@ static int StreamTcpTest17(void) p->tcph = &tcph; p->dst.family = AF_INET; p->dst.address.address_un_data32[0] = addr.s_addr; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); StreamTcpCreateTestPacket(payload, 0x41, 3, sizeof(payload)); /*AAA*/ p->payload = payload; @@ -1992,7 +1993,7 @@ static int StreamTcpTest18(void) SCHInfoAddHostOSInfo(os_policy_name, ip_addr, -1); p->dst.family = AF_INET; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); addr.s_addr = inet_addr("192.168.1.1"); p->dst.address.address_un_data32[0] = addr.s_addr; StreamTcpSetOSPolicy(&stream, p); @@ -2039,7 +2040,7 @@ static int StreamTcpTest19(void) SCHInfoAddHostOSInfo(os_policy_name, ip_addr, -1); p->dst.family = AF_INET; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); addr.s_addr = inet_addr("192.168.0.30"); p->dst.address.address_un_data32[0] = addr.s_addr; StreamTcpSetOSPolicy(&stream, p); @@ -2089,7 +2090,7 @@ static int StreamTcpTest20(void) SCHInfoAddHostOSInfo(os_policy_name, ip_addr, -1); p->dst.family = AF_INET; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); addr.s_addr = inet_addr("192.168.0.1"); p->dst.address.address_un_data32[0] = addr.s_addr; StreamTcpSetOSPolicy(&stream, p); @@ -2139,7 +2140,7 @@ static int StreamTcpTest21(void) SCHInfoAddHostOSInfo(os_policy_name, ip_addr, -1); p->dst.family = AF_INET; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); addr.s_addr = inet_addr("192.168.1.30"); p->dst.address.address_un_data32[0] = addr.s_addr; StreamTcpSetOSPolicy(&stream, p); @@ -2189,7 +2190,7 @@ static int StreamTcpTest22(void) SCHInfoAddHostOSInfo(os_policy_name, ip_addr, -1); p->dst.family = AF_INET; - p->ip4h = &ipv4h; + UTHSetIPV4Hdr(p, &ipv4h); addr.s_addr = inet_addr("123.231.2.1"); p->dst.address.address_un_data32[0] = addr.s_addr; StreamTcpSetOSPolicy(&stream, p); diff --git a/src/util-checksum.c b/src/util-checksum.c index 98c2b439de..1b75cd5e6a 100644 --- a/src/util-checksum.c +++ b/src/util-checksum.c @@ -29,20 +29,20 @@ int ReCalculateChecksum(Packet *p) { if (PacketIsIPv4(p)) { + IPV4Hdr *ip4h = p->l3.hdrs.ip4h; if (PKT_IS_TCP(p)) { /* TCP */ p->tcph->th_sum = 0; - p->tcph->th_sum = TCPChecksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), 0); + p->tcph->th_sum = TCPChecksum( + ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), 0); } else if (PKT_IS_UDP(p)) { p->udph->uh_sum = 0; - p->udph->uh_sum = UDPV4Checksum(p->ip4h->s_ip_addrs, - (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), 0); + p->udph->uh_sum = UDPV4Checksum( + ip4h->s_ip_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), 0); } /* IPV4 */ - p->ip4h->ip_csum = 0; - p->ip4h->ip_csum = IPV4Checksum((uint16_t *)p->ip4h, - IPV4_GET_RAW_HLEN(p->ip4h), 0); + ip4h->ip_csum = 0; + ip4h->ip_csum = IPV4Checksum((uint16_t *)ip4h, IPV4_GET_RAW_HLEN(ip4h), 0); } else if (PacketIsIPv6(p)) { /* just TCP for IPV6 */ if (PKT_IS_TCP(p)) { diff --git a/src/util-unittest-helper.c b/src/util-unittest-helper.c index ea8de3ee7f..83a9c7c297 100644 --- a/src/util-unittest-helper.c +++ b/src/util-unittest-helper.c @@ -123,6 +123,10 @@ int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size) #endif #ifdef UNITTESTS +void UTHSetIPV4Hdr(Packet *p, IPV4Hdr *ip4h) +{ + PacketSetIPV4(p, (uint8_t *)ip4h); +} /** * \brief return the uint32_t for a ipv4 address string @@ -271,14 +275,14 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, if (ipproto == IPPROTO_TCP || ipproto == IPPROTO_UDP || ipproto == IPPROTO_SCTP) p->dp = dport; - p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); - if (p->ip4h == NULL) + IPV4Hdr *ip4h = PacketSetIPV4(p, GET_PKT_DATA(p)); + if (ip4h == NULL) goto error; - p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0]; - p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0]; - p->ip4h->ip_proto = ipproto; - p->ip4h->ip_verhl = sizeof(IPV4Hdr); + ip4h->s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h->ip_proto = ipproto; + ip4h->ip_verhl = sizeof(IPV4Hdr); p->proto = ipproto; int hdr_offset = sizeof(IPV4Hdr); diff --git a/src/util-unittest-helper.h b/src/util-unittest-helper.h index f27dc5f1a2..d4791752fb 100644 --- a/src/util-unittest-helper.h +++ b/src/util-unittest-helper.h @@ -36,6 +36,8 @@ Flow *TestHelperBuildFlow(int family, const char *src, const char *dst, Port sp, int TestHelperBufferToFile(const char *name, const uint8_t *data, size_t size); #endif #ifdef UNITTESTS +void UTHSetIPV4Hdr(Packet *p, IPV4Hdr *ip4h); + uint32_t UTHSetIPv4Address(const char *); Packet *UTHBuildPacketReal(uint8_t *, uint16_t, uint8_t ipproto, const char *, const char *, uint16_t, uint16_t);