From: Victor Julien <victor@inliniac.net>
Date: Fri, 29 Jun 2012 12:38:19 +0000 (+0200)
Subject: icmpv6: for ICMPv6 info messages set payload ptr and length to right after 4 byte... 
X-Git-Tag: suricata-1.3rc1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6471cdb9cc49eaf900a59971369d22bdc5499f7;p=thirdparty%2Fsuricata.git

icmpv6: for ICMPv6 info messages set payload ptr and length to right after 4 byte hdr.
---

diff --git a/src/decode-icmpv6.c b/src/decode-icmpv6.c
index 20926350a0..01023a05fa 100644
--- a/src/decode-icmpv6.c
+++ b/src/decode-icmpv6.c
@@ -163,6 +163,7 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
 void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                   uint8_t *pkt, uint16_t len, PacketQueue *pq)
 {
+    int error_msg = 0;
     SCPerfCounterIncr(dtv->counter_icmpv6, tv->sc_perf_pca);
 
     if (len < ICMPV6_HEADER_LEN) {
@@ -192,6 +193,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                                   len - ICMPV6_HEADER_LEN );
             }
 
+            error_msg = 1;
             break;
         case ICMP6_PACKET_TOO_BIG:
             SCLogDebug("ICMP6_PACKET_TOO_BIG");
@@ -204,6 +206,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                                   len - ICMPV6_HEADER_LEN );
             }
 
+            error_msg = 1;
             break;
         case ICMP6_TIME_EXCEEDED:
             SCLogDebug("ICMP6_TIME_EXCEEDED");
@@ -215,6 +218,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                                   len - ICMPV6_HEADER_LEN );
             }
 
+            error_msg = 1;
             break;
         case ICMP6_PARAM_PROB:
             SCLogDebug("ICMP6_PARAM_PROB");
@@ -227,6 +231,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                                   len - ICMPV6_HEADER_LEN );
             }
 
+            error_msg = 1;
             break;
         case ICMP6_ECHO_REQUEST:
             SCLogDebug("ICMP6_ECHO_REQUEST id: %u seq: %u",
@@ -258,12 +263,24 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
             ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_TYPE);
     }
 
+    /* for a info message the header is just 4 bytes */
+    if (!error_msg) {
+        if (p->payload_len >= 4) {
+            p->payload_len -= 4;
+            p->payload = pkt + 4;
+        } else {
+            p->payload_len = 0;
+            p->payload = NULL;
+        }
+    }
 
+#ifdef DEBUG
     if (ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE))
         SCLogDebug("Unknown Code, ICMPV6_UNKNOWN_CODE");
 
     if (ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_TYPE))
         SCLogDebug("Unknown Type, ICMPV6_UNKNOWN_TYPE");
+#endif
 
     /* Flow is an integral part of us */
     FlowHandlePacket(tv, p);
diff --git a/src/decode-icmpv6.h b/src/decode-icmpv6.h
index b0c47a8338..39880b3f49 100644
--- a/src/decode-icmpv6.h
+++ b/src/decode-icmpv6.h
@@ -47,7 +47,6 @@
 #define MLD_LISTENER_REPORT         131
 #define MLD_LISTENER_REDUCTION      132
 
-
 /** Destination Unreachable Message (type=1) Code: */
 
 #define ICMP6_DST_UNREACH_NOROUTE       0 /* no route to destination */