From: Victor Julien Date: Sat, 30 Mar 2024 06:42:05 +0000 (+0100) Subject: decode/esp: move esph into L4 packet data X-Git-Tag: suricata-8.0.0-beta1~1376 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30ae13f2c3df32cb5645de6f66d4811d48f5728c;p=thirdparty%2Fsuricata.git decode/esp: move esph into L4 packet data To reduce Packet size. Ticket: #6938. --- diff --git a/src/decode-esp.c b/src/decode-esp.c index 1dd5b739b0..5e891d4662 100644 --- a/src/decode-esp.c +++ b/src/decode-esp.c @@ -42,7 +42,7 @@ static int DecodeESPPacket(ThreadVars *tv, Packet *p, const uint8_t *pkt, uint16 return -1; } - p->esph = (ESPHdr *)pkt; + (void)PacketSetESP(p, pkt); p->payload = (uint8_t *)pkt + sizeof(ESPHdr); p->payload_len = len - sizeof(ESPHdr); @@ -71,11 +71,12 @@ int DecodeESP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *p return TM_ECODE_FAILED; } if (unlikely(DecodeESPPacket(tv, p, pkt, len) < 0)) { - CLEAR_ESP_PACKET(p); + PacketClearL4(p); return TM_ECODE_FAILED; } - SCLogDebug("ESP spi: %" PRIu32 " sequence: %" PRIu32, ESP_GET_SPI(p), ESP_GET_SEQUENCE(p)); + SCLogDebug("ESP spi: %" PRIu32 " sequence: %" PRIu32, ESP_GET_SPI(PacketGetESP(p)), + ESP_GET_SEQUENCE(PacketGetESP(p))); FlowSetupPacket(p); @@ -105,8 +106,8 @@ static int DecodeESPTest01(void) FAIL_IF(p->proto != IPPROTO_ESP); FAIL_IF(p->payload_len != sizeof(raw_esp) - ESP_HEADER_LEN); - FAIL_IF(ESP_GET_SPI(p) != 0x7b); - FAIL_IF(ESP_GET_SEQUENCE(p) != 0x08); + FAIL_IF(ESP_GET_SPI(PacketGetESP(p)) != 0x7b); + FAIL_IF(ESP_GET_SEQUENCE(PacketGetESP(p)) != 0x08); SCFree(p); @@ -133,8 +134,8 @@ static int DecodeESPTest02(void) FAIL_IF(p->proto != IPPROTO_ESP); FAIL_IF(p->payload_len != sizeof(raw_esp) - ESP_HEADER_LEN); FAIL_IF(memcmp(p->payload, raw_esp + ESP_HEADER_LEN, p->payload_len) != 0); - FAIL_IF(ESP_GET_SPI(p) != 0x7b); - FAIL_IF(ESP_GET_SEQUENCE(p) != 0x08); + FAIL_IF(ESP_GET_SPI(PacketGetESP(p)) != 0x7b); + FAIL_IF(ESP_GET_SEQUENCE(PacketGetESP(p)) != 0x08); SCFree(p); diff --git a/src/decode-esp.h b/src/decode-esp.h index 2ac1ab0645..daebc881e2 100644 --- a/src/decode-esp.h +++ b/src/decode-esp.h @@ -25,14 +25,10 @@ /** \brief size of the ESP header */ #define ESP_HEADER_LEN 8 -#define ESP_GET_RAW_SPI(esph) SCNtohl((esph)->spi) -#define ESP_GET_RAW_SEQUENCE(esph) SCNtohl((esph)->sequence) - /** \brief Get the spi field off a packet */ -#define ESP_GET_SPI(p) ESP_GET_RAW_SPI(p->esph) - +#define ESP_GET_SPI(esph) SCNtohl((esph)->spi) /** \brief Get the sequence field off a packet */ -#define ESP_GET_SEQUENCE(p) ESP_GET_RAW_SEQUENCE(p->esph) +#define ESP_GET_SEQUENCE(esph) SCNtohl((esph)->sequence) /** \brief ESP Header */ typedef struct ESPHdr_ { @@ -40,12 +36,6 @@ typedef struct ESPHdr_ { uint32_t sequence; /** < ESP sequence number */ } __attribute__((__packed__)) ESPHdr; -#define CLEAR_ESP_PACKET(p) \ - { \ - (p)->esph = NULL; \ - } \ - while (0) - void DecodeESPRegisterTests(void); #endif /* SURICATA_DECODE_ESP_H */ diff --git a/src/decode.h b/src/decode.h index b8e26c1e8c..d0601f2b35 100644 --- a/src/decode.h +++ b/src/decode.h @@ -430,6 +430,7 @@ enum PacketL4Types { PACKET_L4_UNKNOWN = 0, PACKET_L4_SCTP, PACKET_L4_GRE, + PACKET_L4_ESP, }; struct PacketL4 { @@ -439,6 +440,7 @@ struct PacketL4 { union L4Hdrs { SCTPHdr *sctph; GREHdr *greh; + ESPHdr *esph; } hdrs; }; @@ -577,7 +579,6 @@ typedef struct Packet_ TCPHdr *tcph; UDPHdr *udph; - ESPHdr *esph; ICMPV4Hdr *icmpv4h; ICMPV6Hdr *icmpv6h; PPPOESessionHdr *pppoesh; @@ -815,6 +816,25 @@ static inline bool PacketIsGRE(const Packet *p) return p->l4.type == PACKET_L4_GRE; } +static inline ESPHdr *PacketSetESP(Packet *p, const uint8_t *buf) +{ + DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_UNKNOWN); + p->l4.type = PACKET_L4_ESP; + p->l4.hdrs.esph = (ESPHdr *)buf; + return p->l4.hdrs.esph; +} + +static inline const ESPHdr *PacketGetESP(const Packet *p) +{ + DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_ESP); + return p->l4.hdrs.esph; +} + +static inline bool PacketIsESP(const Packet *p) +{ + return p->l4.type == PACKET_L4_ESP; +} + /** \brief Structure to hold thread specific data for all decode modules */ typedef struct DecodeThreadVars_ { diff --git a/src/flow-hash.c b/src/flow-hash.c index 4827706589..0235513d97 100644 --- a/src/flow-hash.c +++ b/src/flow-hash.c @@ -514,7 +514,8 @@ static inline int FlowCompareESP(Flow *f, const Packet *p) return CmpAddrs(f_src, p_src) && CmpAddrs(f_dst, p_dst) && f->proto == p->proto && f->recursion_level == p->recursion_level && CmpVlanIds(f->vlan_id, p->vlan_id) && - f->esp.spi == ESP_GET_SPI(p) && (f->livedev == p->livedev || g_livedev_mask == 0); + f->esp.spi == ESP_GET_SPI(PacketGetESP(p)) && + (f->livedev == p->livedev || g_livedev_mask == 0); } void FlowSetupPacket(Packet *p) @@ -527,7 +528,7 @@ static inline int FlowCompare(Flow *f, const Packet *p) { if (p->proto == IPPROTO_ICMP) { return FlowCompareICMPv4(f, p); - } else if (p->proto == IPPROTO_ESP) { + } else if (PacketIsESP(p)) { return FlowCompareESP(f, p); } else { return CmpFlowPacket(f, p); diff --git a/src/flow-util.c b/src/flow-util.c index 53fc1058dc..10159a2598 100644 --- a/src/flow-util.c +++ b/src/flow-util.c @@ -187,8 +187,8 @@ void FlowInit(Flow *f, const Packet *p) } else if (PacketIsSCTP(p)) { f->sp = p->sp; f->dp = p->dp; - } else if (p->esph != NULL) { - f->esp.spi = ESP_GET_SPI(p); + } else if (PacketIsESP(p)) { + f->esp.spi = ESP_GET_SPI(PacketGetESP(p)); } else { /* nothing to do for this IP proto. */ SCLogDebug("no special setup for IP proto %u", p->proto); diff --git a/src/packet.c b/src/packet.c index 0210e23204..8ad8586695 100644 --- a/src/packet.c +++ b/src/packet.c @@ -121,9 +121,6 @@ void PacketReinit(Packet *p) if (p->udph != NULL) { CLEAR_UDP_PACKET(p); } - if (p->esph != NULL) { - CLEAR_ESP_PACKET(p); - } if (p->icmpv4h != NULL) { CLEAR_ICMPV4_PACKET(p); }