From 8af40407bb1e8e881cc37689424edb4435183110 Mon Sep 17 00:00:00 2001 From: "Michael Altizer (mialtize)" Date: Thu, 24 Oct 2019 22:11:24 -0400 Subject: [PATCH] Merge pull request #1817 in SNORT/snort3 from ~MIALTIZE/snort3:checksum_offsets to master Squashed commit of the following: commit 344219c01b7e1e8fe5912018441d29fd8aaf6b44 Author: Michael Altizer Date: Thu Oct 24 12:50:23 2019 -0400 codecs: Relax requirement for DAQ packet decode data offsets when bypassing checksums Only perform the offset sanity checking during checksum bypass evaluation if the offset has been explicitly set in the packet decode data. Otherwise, assume that the relevant checksum validation applies to the current instance of the protocol. --- src/codecs/ip/cd_icmp4.cc | 11 +++++++---- src/codecs/ip/cd_icmp6.cc | 11 +++++++---- src/codecs/ip/cd_ipv4.cc | 11 +++++++---- src/codecs/ip/cd_tcp.cc | 11 +++++++---- src/codecs/ip/cd_udp.cc | 11 +++++++---- 5 files changed, 35 insertions(+), 20 deletions(-) diff --git a/src/codecs/ip/cd_icmp4.cc b/src/codecs/ip/cd_icmp4.cc index f5eeeeb95..40b160b65 100644 --- a/src/codecs/ip/cd_icmp4.cc +++ b/src/codecs/ip/cd_icmp4.cc @@ -133,10 +133,13 @@ inline bool Icmp4Codec::valid_checksum_from_daq(const RawData& raw) (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4) return false; - // Sanity check to make sure we're talking about the same thing - const uint8_t* data = daq_msg_get_data(raw.daq_msg); - if (raw.data - data != pdd->l4_offset) - return false; + // Sanity check to make sure we're talking about the same thing if offset is available + if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID) + { + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + } stats.cksum_bypassed++; return true; } diff --git a/src/codecs/ip/cd_icmp6.cc b/src/codecs/ip/cd_icmp6.cc index 2b47a0f28..bd681ee50 100644 --- a/src/codecs/ip/cd_icmp6.cc +++ b/src/codecs/ip/cd_icmp6.cc @@ -122,10 +122,13 @@ inline bool Icmp6Codec::valid_checksum_from_daq(const RawData& raw) (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4) return false; - // Sanity check to make sure we're talking about the same thing - const uint8_t* data = daq_msg_get_data(raw.daq_msg); - if (raw.data - data != pdd->l4_offset) - return false; + // Sanity check to make sure we're talking about the same thing if offset is available + if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID) + { + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + } stats.cksum_bypassed++; return true; } diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index a916fa7c4..772011c3f 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -135,10 +135,13 @@ inline bool Ipv4Codec::valid_checksum_from_daq(const RawData& raw) (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); if (!pdd || !pdd->flags.bits.l3_checksum || !pdd->flags.bits.ipv4 || !pdd->flags.bits.l3) return false; - // Sanity check to make sure we're talking about the same thing - const uint8_t* data = daq_msg_get_data(raw.daq_msg); - if (raw.data - data != pdd->l3_offset) - return false; + // Sanity check to make sure we're talking about the same thing if offset is available + if (pdd->l3_offset != DAQ_PKT_DECODE_OFFSET_INVALID) + { + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l3_offset) + return false; + } stats.cksum_bypassed++; return true; } diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index 9e200f7af..9db2b9477 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -156,10 +156,13 @@ inline bool TcpCodec::valid_checksum_from_daq(const RawData& raw) (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.tcp || !pdd->flags.bits.l4) return false; - // Sanity check to make sure we're talking about the same thing - const uint8_t* data = daq_msg_get_data(raw.daq_msg); - if (raw.data - data != pdd->l4_offset) - return false; + // Sanity check to make sure we're talking about the same thing if offset is available + if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID) + { + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + } stats.cksum_bypassed++; return true; } diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 5748db4db..9af2959e2 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -166,10 +166,13 @@ inline bool UdpCodec::valid_checksum_from_daq(const RawData& raw) (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.udp || !pdd->flags.bits.l4) return false; - // Sanity check to make sure we're talking about the same thing - const uint8_t* data = daq_msg_get_data(raw.daq_msg); - if (raw.data - data != pdd->l4_offset) - return false; + // Sanity check to make sure we're talking about the same thing if offset is available + if (pdd->l4_offset != DAQ_PKT_DECODE_OFFSET_INVALID) + { + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + } stats.cksum_bypassed++; return true; } -- 2.47.3