From: Victor Julien Date: Mon, 16 May 2016 10:15:42 +0000 (+0200) Subject: ipv4: store ipopts as flags, not bools X-Git-Tag: suricata-3.1RC1~139 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c37906cf9e2f79431a1a1babadc438e79aeed75;p=thirdparty%2Fsuricata.git ipv4: store ipopts as flags, not bools --- diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c index 3dd47f6224..a41c35bfd7 100644 --- a/src/decode-ipv4.c +++ b/src/decode-ipv4.c @@ -331,7 +331,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */ SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "", *pkt, (len - plen), (len - 1)); - p->ip4vars.eol = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_EOL; break; } else if (*pkt == IPV4_OPT_NOP) { SCLogDebug("IPV4OPT %" PRIu16 " len 1 @ %" PRIu16 "/%" PRIu16 "", @@ -339,7 +339,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options pkt++; plen--; - p->ip4vars.nop = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_NOP; /* multibyte options */ } else { @@ -379,7 +379,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_ts = opt; - p->ip4vars.ts = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_TS; break; case IPV4_OPT_RR: if (opts->o_rr.type != 0) { @@ -390,7 +390,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_rr = opt; - p->ip4vars.rr = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_RR; break; case IPV4_OPT_QS: if (opts->o_qs.type != 0) { @@ -401,7 +401,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_qs = opt; - p->ip4vars.qs = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_QS; break; case IPV4_OPT_SEC: if (opts->o_sec.type != 0) { @@ -412,7 +412,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_sec = opt; - p->ip4vars.sec = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_SEC; break; case IPV4_OPT_LSRR: if (opts->o_lsrr.type != 0) { @@ -423,7 +423,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_lsrr = opt; - p->ip4vars.lsrr = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_LSRR; break; case IPV4_OPT_CIPSO: if (opts->o_cipso.type != 0) { @@ -434,7 +434,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_cipso = opt; - p->ip4vars.cipso = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_CIPSO; break; case IPV4_OPT_SID: if (opts->o_sid.type != 0) { @@ -445,7 +445,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_sid = opt; - p->ip4vars.sid = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_SID; break; case IPV4_OPT_SSRR: if (opts->o_ssrr.type != 0) { @@ -456,7 +456,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_ssrr = opt; - p->ip4vars.ssrr = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_SSRR; break; case IPV4_OPT_RTRALT: if (opts->o_rtralt.type != 0) { @@ -467,7 +467,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len, IPV4Options return -1; } opts->o_rtralt = opt; - p->ip4vars.rtralt = TRUE; + p->ip4vars.opts_set |= IPV4_OPT_FLAG_RTRALT; break; default: SCLogDebug("IPV4OPT (%" PRIu8 ") len %" PRIu8, diff --git a/src/decode-ipv4.h b/src/decode-ipv4.h index 7c2a74fb3c..27e13c4a98 100644 --- a/src/decode-ipv4.h +++ b/src/decode-ipv4.h @@ -154,6 +154,20 @@ typedef struct IPV4Hdr_ memset(&p->ip4vars, 0x00, sizeof(p->ip4vars)); \ } while (0) +enum IPV4OptionFlags { + IPV4_OPT_FLAG_EOL = 0, + IPV4_OPT_FLAG_NOP, + IPV4_OPT_FLAG_RR, + IPV4_OPT_FLAG_TS, + IPV4_OPT_FLAG_QS, + IPV4_OPT_FLAG_LSRR, + IPV4_OPT_FLAG_SSRR, + IPV4_OPT_FLAG_SID, + IPV4_OPT_FLAG_SEC, + IPV4_OPT_FLAG_CIPSO, + IPV4_OPT_FLAG_RTRALT, +}; + /* helper structure with parsed ipv4 info */ typedef struct IPV4Vars_ { @@ -162,18 +176,7 @@ typedef struct IPV4Vars_ uint32_t ip_dst_u32; /* dest IP */ uint16_t opt_cnt; - _Bool rr; - _Bool lsrr; - _Bool eol; - _Bool nop; - _Bool ts; - _Bool sec; - _Bool sid; - _Bool qs; - _Bool cipso; - _Bool rtralt; - _Bool ssrr; - + uint16_t opts_set; } IPV4Vars; diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index bf95744124..6fce99f5b2 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -94,28 +94,28 @@ int DetectIpOptsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, switch (de->ipopt) { case IPV4_OPT_RR: - return (p->ip4vars.rr); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_RR); break; case IPV4_OPT_LSRR: - return (p->ip4vars.lsrr); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_LSRR); break; case IPV4_OPT_EOL: - return (p->ip4vars.eol); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_EOL); break; case IPV4_OPT_NOP: - return (p->ip4vars.nop); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_NOP); break; case IPV4_OPT_TS: - return (p->ip4vars.ts); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_TS); break; case IPV4_OPT_SEC: - return (p->ip4vars.sec); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_SEC); break; case IPV4_OPT_SSRR: - return (p->ip4vars.ssrr); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_SSRR); break; case IPV4_OPT_SID: - return (p->ip4vars.sid); + return (p->ip4vars.opts_set & IPV4_OPT_FLAG_SID); break; } @@ -281,7 +281,7 @@ int IpOptsTestParse03 (void) memset(&ip4h, 0, sizeof(IPV4Hdr)); p->ip4h = &ip4h; - p->ip4vars.rr = TRUE; + p->ip4vars.opts_set = IPV4_OPT_FLAG_RR; de = DetectIpOptsParse("rr"); @@ -331,7 +331,7 @@ int IpOptsTestParse04 (void) memset(&ip4h, 0, sizeof(IPV4Hdr)); p->ip4h = &ip4h; - p->ip4vars.rr = TRUE; + p->ip4vars.opts_set = IPV4_OPT_FLAG_RR; de = DetectIpOptsParse("lsrr");