From: Victor Julien Date: Fri, 5 Apr 2024 11:28:31 +0000 (+0200) Subject: decode: start l4 packet area; convert csum handling X-Git-Tag: suricata-8.0.0-beta1~1384 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=329fb2affa7e8b89e80859ccebdedf2a76ca96ca;p=thirdparty%2Fsuricata.git decode: start l4 packet area; convert csum handling --- diff --git a/src/decode.h b/src/decode.h index 637cb28d40..4fec994dc4 100644 --- a/src/decode.h +++ b/src/decode.h @@ -437,6 +437,11 @@ struct PacketL3 { } vars; }; +struct PacketL4 { + bool csum_set; + uint16_t csum; +}; + /* sizes of the members: * src: 17 bytes * dst: 17 bytes @@ -557,10 +562,8 @@ typedef struct Packet_ /* header pointers */ EthernetHdr *ethh; - /* Check sum for TCP, UDP or ICMP packets */ - int32_t level4_comp_csum; - struct PacketL3 l3; + struct PacketL4 l4; /* Can only be one of TCP, UDP, ICMP at any given time */ union { @@ -751,6 +754,11 @@ static inline void PacketClearL3(Packet *p) memset(&p->l3, 0, sizeof(p->l3)); } +static inline void PacketClearL4(Packet *p) +{ + memset(&p->l4, 0, sizeof(p->l4)); +} + /** \brief Structure to hold thread specific data for all decode modules */ typedef struct DecodeThreadVars_ { @@ -848,14 +856,6 @@ void CaptureStatsSetup(ThreadVars *tv); memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars)); \ } while (0) -/** - * \brief reset these to -1(indicates that the packet is fresh from the queue) - */ -#define PACKET_RESET_CHECKSUMS(p) \ - do { \ - (p)->level4_comp_csum = -1; \ - } while (0) - /* if p uses extended data, free them */ #define PACKET_FREE_EXTDATA(p) do { \ if ((p)->ext_pkt) { \ diff --git a/src/detect-csum.c b/src/detect-csum.c index 43c4826e6d..095ad28831 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -335,14 +335,15 @@ static int DetectTCPV4CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV4Hdr *ip4h = PacketGetIPv4(p); - p->level4_comp_csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, + p->l4.csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); + p->l4.csum_set = true; } - if (p->level4_comp_csum == 0 && cd->valid == 1) + if (p->l4.csum == 0 && cd->valid == 1) return 1; - else if (p->level4_comp_csum != 0 && cd->valid == 0) + else if (p->l4.csum != 0 && cd->valid == 0) return 1; else return 0; @@ -423,15 +424,16 @@ static int DetectTCPV6CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV6Hdr *ip6h = PacketGetIPv6(p); - p->level4_comp_csum = TCPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->tcph, + p->l4.csum = TCPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); + p->l4.csum_set = true; } - if (p->level4_comp_csum == 0 && cd->valid == 1) + if (p->l4.csum == 0 && cd->valid == 1) return 1; - else if (p->level4_comp_csum != 0 && cd->valid == 0) + else if (p->l4.csum != 0 && cd->valid == 0) return 1; else return 0; @@ -513,14 +515,15 @@ static int DetectUDPV4CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV4Hdr *ip4h = PacketGetIPv4(p); - p->level4_comp_csum = UDPV4Checksum(ip4h->s_ip_addrs, (uint16_t *)p->udph, + p->l4.csum = UDPV4Checksum(ip4h->s_ip_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), p->udph->uh_sum); + p->l4.csum_set = true; } - if (p->level4_comp_csum == 0 && cd->valid == 1) + if (p->l4.csum == 0 && cd->valid == 1) return 1; - else if (p->level4_comp_csum != 0 && cd->valid == 0) + else if (p->l4.csum != 0 && cd->valid == 0) return 1; else return 0; @@ -601,14 +604,15 @@ static int DetectUDPV6CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV6Hdr *ip6h = PacketGetIPv6(p); - p->level4_comp_csum = UDPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->udph, + p->l4.csum = UDPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), p->udph->uh_sum); + p->l4.csum_set = true; } - if (p->level4_comp_csum == 0 && cd->valid == 1) + if (p->l4.csum == 0 && cd->valid == 1) return 1; - else if (p->level4_comp_csum != 0 && cd->valid == 0) + else if (p->l4.csum != 0 && cd->valid == 0) return 1; else return 0; @@ -689,14 +693,15 @@ static int DetectICMPV4CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV4Hdr *ip4h = PacketGetIPv4(p); - p->level4_comp_csum = ICMPV4CalculateChecksum( + p->l4.csum = ICMPV4CalculateChecksum( (uint16_t *)p->icmpv4h, IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h)); + p->l4.csum_set = true; } - if (p->level4_comp_csum == p->icmpv4h->checksum && cd->valid == 1) + if (p->l4.csum == p->icmpv4h->checksum && cd->valid == 1) return 1; - else if (p->level4_comp_csum != p->icmpv4h->checksum && cd->valid == 0) + else if (p->l4.csum != p->icmpv4h->checksum && cd->valid == 0) return 1; else return 0; @@ -780,17 +785,17 @@ static int DetectICMPV6CsumMatch(DetectEngineThreadCtx *det_ctx, return cd->valid; } - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { const IPV6Hdr *ip6h = PacketGetIPv6(p); uint16_t len = IPV6_GET_RAW_PLEN(ip6h) - (uint16_t)((uint8_t *)p->icmpv6h - (uint8_t *)ip6h - IPV6_HEADER_LEN); - p->level4_comp_csum = - ICMPV6CalculateChecksum(ip6h->s_ip6_addrs, (uint16_t *)p->icmpv6h, len); + p->l4.csum = ICMPV6CalculateChecksum(ip6h->s_ip6_addrs, (uint16_t *)p->icmpv6h, len); + p->l4.csum_set = true; } - if (p->level4_comp_csum == p->icmpv6h->csum && cd->valid == 1) + if (p->l4.csum == p->icmpv6h->csum && cd->valid == 1) return 1; - else if (p->level4_comp_csum != p->icmpv6h->csum && cd->valid == 0) + else if (p->l4.csum != p->icmpv6h->csum && cd->valid == 0) return 1; else return 0; diff --git a/src/packet.c b/src/packet.c index 9a9652404c..9bdbe2677d 100644 --- a/src/packet.c +++ b/src/packet.c @@ -63,7 +63,6 @@ void PacketInit(Packet *p) { SCSpinInit(&p->persistent.tunnel_lock, 0); p->alerts.alerts = PacketAlertCreate(); - PACKET_RESET_CHECKSUMS(p); p->livedev = NULL; } @@ -115,6 +114,7 @@ void PacketReinit(Packet *p) } p->ethh = NULL; PacketClearL3(p); + PacketClearL4(p); if (p->tcph != NULL) { CLEAR_TCP_PACKET(p); } @@ -155,7 +155,6 @@ void PacketReinit(Packet *p) p->tunnel_verdicted = false; p->root = NULL; p->livedev = NULL; - PACKET_RESET_CHECKSUMS(p); PACKET_PROFILING_RESET(p); p->tenant_id = 0; p->nb_decoded_layers = 0; diff --git a/src/source-dpdk.c b/src/source-dpdk.c index df3fc71de4..a6fa875fb2 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -499,7 +499,8 @@ static inline Packet *PacketInitFromMbuf(DPDKThreadVars *ptv, struct rte_mbuf *m } if ((ol_flags & RTE_MBUF_F_RX_L4_CKSUM_MASK) == RTE_MBUF_F_RX_L4_CKSUM_BAD) { SCLogDebug("HW detected BAD L4 chsum"); - p->level4_comp_csum = 0; + p->l4.csum_set = true; + p->l4.csum = 0; } } } diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 142c6ebe54..57ab8bda52 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -5679,19 +5679,21 @@ static inline int StreamTcpValidateChecksum(Packet *p) if (p->flags & PKT_IGNORE_CHECKSUM) return ret; - if (p->level4_comp_csum == -1) { + if (!p->l4.csum_set) { if (PacketIsIPv4(p)) { const IPV4Hdr *ip4h = PacketGetIPv4(p); - p->level4_comp_csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, + p->l4.csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); + p->l4.csum_set = true; } else if (PacketIsIPv6(p)) { const IPV6Hdr *ip6h = PacketGetIPv6(p); - p->level4_comp_csum = TCPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->tcph, + p->l4.csum = TCPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), p->tcph->th_sum); + p->l4.csum_set = true; } } - if (p->level4_comp_csum != 0) { + if (p->l4.csum != 0) { ret = 0; if (p->livedev) { (void) SC_ATOMIC_ADD(p->livedev->invalid_checksums, 1); diff --git a/src/tests/detect.c b/src/tests/detect.c index 4116e40cdd..4efd32194c 100644 --- a/src/tests/detect.c +++ b/src/tests/detect.c @@ -1508,8 +1508,6 @@ static int SigTest24IPV4Keyword(void) uint16_t buflen = strlen((char *)buf); memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p1, valid_raw_ipv4); p1->src.family = AF_INET; @@ -1608,8 +1606,6 @@ static int SigTest25NegativeIPV4Keyword(void) uint16_t buflen = strlen((char *)buf); memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p1, valid_raw_ipv4); p1->src.family = AF_INET; @@ -1718,7 +1714,6 @@ static int SigTest26TCPV4Keyword(void) PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; @@ -1727,7 +1722,6 @@ static int SigTest26TCPV4Keyword(void) p1->payload_len = 20; p1->proto = IPPROTO_TCP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; @@ -1816,7 +1810,6 @@ static int SigTest26TCPV4AndNegativeIPV4Keyword(void) PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; @@ -1825,7 +1818,6 @@ static int SigTest26TCPV4AndNegativeIPV4Keyword(void) p1->payload_len = 20; p1->proto = IPPROTO_TCP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; @@ -1940,7 +1932,6 @@ static int SigTest26TCPV4AndIPV4Keyword(void) PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; @@ -1949,7 +1940,6 @@ static int SigTest26TCPV4AndIPV4Keyword(void) p1->payload_len = 0; p1->proto = IPPROTO_TCP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; @@ -2051,7 +2041,6 @@ static int SigTest27NegativeTCPV4Keyword(void) PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, GET_PKT_DATA(p1)); p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; @@ -2060,7 +2049,6 @@ static int SigTest27NegativeTCPV4Keyword(void) p1->payload_len = 20; p1->proto = IPPROTO_TCP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, GET_PKT_DATA(p2)); p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; @@ -2169,7 +2157,6 @@ static int SigTest28TCPV6Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV6(p1, valid_raw_ipv6 + 14); p1->tcph = (TCPHdr *) (valid_raw_ipv6 + 54); p1->src.family = AF_INET; @@ -2182,7 +2169,6 @@ static int SigTest28TCPV6Keyword(void) BUG_ON(1); } - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV6(p2, invalid_raw_ipv6 + 14); p2->tcph = (TCPHdr *) (invalid_raw_ipv6 + 54); p2->src.family = AF_INET; @@ -2295,7 +2281,6 @@ static int SigTest29NegativeTCPV6Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV6(p1, valid_raw_ipv6 + 14); p1->tcph = (TCPHdr *) (valid_raw_ipv6 + 54); p1->src.family = AF_INET; @@ -2308,7 +2293,6 @@ static int SigTest29NegativeTCPV6Keyword(void) BUG_ON(1); } - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV6(p2, invalid_raw_ipv6 + 14); p2->tcph = (TCPHdr *) (invalid_raw_ipv6 + 54); p2->src.family = AF_INET; @@ -2415,7 +2399,6 @@ static int SigTest30UDPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, raw_ipv4); p1->udph = (UDPHdr *)valid_raw_udp; p1->src.family = AF_INET; @@ -2424,7 +2407,6 @@ static int SigTest30UDPV4Keyword(void) p1->payload_len = sizeof(valid_raw_udp) - UDP_HEADER_LEN; p1->proto = IPPROTO_UDP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, raw_ipv4); p2->udph = (UDPHdr *)invalid_raw_udp; p2->src.family = AF_INET; @@ -2521,7 +2503,6 @@ static int SigTest31NegativeUDPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV4(p1, raw_ipv4); p1->udph = (UDPHdr *)valid_raw_udp; p1->src.family = AF_INET; @@ -2530,7 +2511,6 @@ static int SigTest31NegativeUDPV4Keyword(void) p1->payload_len = sizeof(valid_raw_udp) - UDP_HEADER_LEN; p1->proto = IPPROTO_UDP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV4(p2, raw_ipv4); p2->udph = (UDPHdr *)invalid_raw_udp; p2->src.family = AF_INET; @@ -2632,7 +2612,6 @@ static int SigTest32UDPV6Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV6(p1, valid_raw_ipv6 + 14); p1->udph = (UDPHdr *) (valid_raw_ipv6 + 54); p1->src.family = AF_INET; @@ -2641,7 +2620,6 @@ static int SigTest32UDPV6Keyword(void) p1->payload_len = IPV6_GET_RAW_PLEN(PacketGetIPv6(p1)) - UDP_HEADER_LEN; p1->proto = IPPROTO_UDP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV6(p2, invalid_raw_ipv6 + 14); p2->udph = (UDPHdr *) (invalid_raw_ipv6 + 54); p2->src.family = AF_INET; @@ -2731,7 +2709,6 @@ static int SigTest33NegativeUDPV6Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); PacketSetIPV6(p1, valid_raw_ipv6 + 14); p1->udph = (UDPHdr *) (valid_raw_ipv6 + 54); p1->src.family = AF_INET; @@ -2740,7 +2717,6 @@ static int SigTest33NegativeUDPV6Keyword(void) p1->payload_len = IPV6_GET_RAW_PLEN(PacketGetIPv6(p1)) - UDP_HEADER_LEN; p1->proto = IPPROTO_UDP; - PACKET_RESET_CHECKSUMS(p2); PacketSetIPV6(p2, invalid_raw_ipv6 + 14); p2->udph = (UDPHdr *) (invalid_raw_ipv6 + 54); p2->src.family = AF_INET; @@ -2847,7 +2823,6 @@ static int SigTest34ICMPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); IPV4Hdr *ip4h = PacketSetIPV4(p1, valid_raw_ipv4); ip4h->ip_verhl = 69; p1->icmpv4h = (ICMPV4Hdr *)(valid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); @@ -2857,7 +2832,6 @@ static int SigTest34ICMPV4Keyword(void) p1->payload_len = buflen; p1->proto = IPPROTO_ICMP; - PACKET_RESET_CHECKSUMS(p2); ip4h = PacketSetIPV4(p2, invalid_raw_ipv4); ip4h->ip_verhl = 69; p2->icmpv4h = (ICMPV4Hdr *)(invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); @@ -2965,7 +2939,6 @@ static int SigTest35NegativeICMPV4Keyword(void) memset(&th_v, 0, sizeof(ThreadVars)); - PACKET_RESET_CHECKSUMS(p1); IPV4Hdr *ip4h = PacketSetIPV4(p1, valid_raw_ipv4); ip4h->ip_verhl = 69; p1->icmpv4h = (ICMPV4Hdr *)(valid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); @@ -2975,7 +2948,6 @@ static int SigTest35NegativeICMPV4Keyword(void) p1->payload_len = buflen; p1->proto = IPPROTO_ICMP; - PACKET_RESET_CHECKSUMS(p2); ip4h = PacketSetIPV4(p2, invalid_raw_ipv4); ip4h->ip_verhl = 69; p2->icmpv4h = (ICMPV4Hdr *)(invalid_raw_ipv4 + IPV4_GET_RAW_HLEN(ip4h)); @@ -3101,7 +3073,6 @@ static int SigTest38(void) } SET_PKT_LEN(p1, ethlen + ipv4len + tcplen + buflen); - PACKET_RESET_CHECKSUMS(p1); p1->ethh = (EthernetHdr *)raw_eth; PacketSetIPV4(p1, raw_ipv4); p1->tcph = (TCPHdr *)raw_tcp; @@ -3217,7 +3188,6 @@ static int SigTest39(void) FAIL_IF(PacketCopyDataOffset(p1, ethlen + ipv4len + tcplen, buf, buflen) == -1); SET_PKT_LEN(p1, ethlen + ipv4len + tcplen + buflen); - PACKET_RESET_CHECKSUMS(p1); p1->ethh = (EthernetHdr *)raw_eth; PacketSetIPV4(p1, raw_ipv4); p1->tcph = (TCPHdr *)raw_tcp;