From: Jeff Lucovsky Date: Tue, 16 Apr 2024 12:34:42 +0000 (-0400) Subject: detect/ipopts: Handle multiple ip options X-Git-Tag: suricata-8.0.0-beta1~1458 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7026b7b11e117cbaa99d2a56be3738a84c08d5c;p=thirdparty%2Fsuricata.git detect/ipopts: Handle multiple ip options Issue: 6864 Multiple IP options were not handled properly as the value being OR'd into the packet's ip option variable were enum values instead of bit values. --- diff --git a/src/decode-ipv4.h b/src/decode-ipv4.h index b0fd1256f1..93fb40d050 100644 --- a/src/decode-ipv4.h +++ b/src/decode-ipv4.h @@ -154,20 +154,18 @@ typedef struct IPV4Hdr_ memset(&p->ip4vars, 0x00, sizeof(p->ip4vars)); \ } while (0) -enum IPV4OptionFlags { - IPV4_OPT_FLAG_EOL = 0, - IPV4_OPT_FLAG_NOP, - IPV4_OPT_FLAG_RR, - IPV4_OPT_FLAG_TS, - IPV4_OPT_FLAG_QS, - IPV4_OPT_FLAG_LSRR, - IPV4_OPT_FLAG_SSRR, - IPV4_OPT_FLAG_SID, - IPV4_OPT_FLAG_SEC, - IPV4_OPT_FLAG_CIPSO, - IPV4_OPT_FLAG_RTRALT, - IPV4_OPT_FLAG_ESEC, -}; +#define IPV4_OPT_FLAG_EOL BIT_U16(1) +#define IPV4_OPT_FLAG_NOP BIT_U16(2) +#define IPV4_OPT_FLAG_RR BIT_U16(3) +#define IPV4_OPT_FLAG_TS BIT_U16(4) +#define IPV4_OPT_FLAG_QS BIT_U16(5) +#define IPV4_OPT_FLAG_LSRR BIT_U16(6) +#define IPV4_OPT_FLAG_SSRR BIT_U16(7) +#define IPV4_OPT_FLAG_SID BIT_U16(8) +#define IPV4_OPT_FLAG_SEC BIT_U16(9) +#define IPV4_OPT_FLAG_CIPSO BIT_U16(10) +#define IPV4_OPT_FLAG_RTRALT BIT_U16(11) +#define IPV4_OPT_FLAG_ESEC BIT_U16(12) /* helper structure with parsed ipv4 info */ typedef struct IPV4Vars_ { diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index fe77b40689..9af6660fe5 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -162,11 +162,7 @@ static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p, if (!de || !PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p)) return 0; - if (p->ip4vars.opts_set & de->ipopt) { - return 1; - } - - return 0; + return (p->ip4vars.opts_set & de->ipopt) == de->ipopt; } /**