// set the api now since this layer has been verified as valid
snort.ip_api.set(iph);
+ // update to real IP when needed
+ if ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_ADDRESSES) and codec.ip_layer_cnt == 1)
+ {
+ SfIp real_src;
+ SfIp real_dst;
+ real_src.set(&raw.pkth->real_sIP,
+ ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_SIP_V6) ? AF_INET6 : AF_INET));
+ real_dst.set(&raw.pkth->real_dIP,
+ ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_DIP_V6) ? AF_INET6 : AF_INET));
+ snort.ip_api.update(real_src, real_dst);
+ }
/*
* IP Header tests: Land attack, and Loop back test
IPV6CheckIsatap(ip6h, snort, codec); // check for isatap before overwriting the ip_api.
snort.ip_api.set(ip6h);
+ // update to real IP when needed
+ if ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_ADDRESSES) and codec.ip_layer_cnt == 1)
+ {
+ SfIp real_src;
+ SfIp real_dst;
+ real_src.set(&raw.pkth->real_sIP,
+ ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_SIP_V6) ? AF_INET6 : AF_INET));
+ real_dst.set(&raw.pkth->real_dIP,
+ ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_DIP_V6) ? AF_INET6 : AF_INET));
+ snort.ip_api.update(real_src, real_dst);
+ }
IPV6MiscTests(snort, codec);
CheckIPV6Multicast(ip6h, codec);
codec.lyr_len = tcph_len - codec.invalid_bytes; // set in DecodeTCPOptions()
codec.proto_bits |= PROTO_BIT__TCP;
snort.tcph = tcph;
- snort.sp = tcph->src_port();
- snort.dp = tcph->dst_port();
+ if ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_ADDRESSES) and (codec.ip_layer_cnt == 1))
+ {
+ snort.sp = ntohs(raw.pkth->n_real_sPort);
+ snort.dp = ntohs(raw.pkth->n_real_dPort);
+ }
+ else
+ {
+ snort.sp = tcph->src_port();
+ snort.dp = tcph->dst_port();
+ }
snort.set_pkt_type(PktType::TCP);
TCPMiscTests(tcph, snort, codec);
return false;
}
}
- const uint16_t src_port = udph->src_port();
- const uint16_t dst_port = udph->dst_port();
+ uint16_t src_port;
+ uint16_t dst_port;
+
+ if ((raw.pkth->flags & DAQ_PKT_FLAG_REAL_ADDRESSES) and (codec.ip_layer_cnt == 1))
+ {
+ src_port = ntohs(raw.pkth->n_real_sPort);
+ dst_port = ntohs(raw.pkth->n_real_dPort);
+ }
+ else
+ {
+ src_port = udph->src_port();
+ dst_port = udph->dst_port();
+ }
/* fill in the printout data structs */
snort.udph = udph;
return false;
}
+void IpApi::update(const SfIp& sip, const SfIp& dip)
+{
+ src.set(sip);
+ dst.set(dip);
+}
+
uint16_t IpApi::tos() const
{
switch ( type )
void set(const IP6Hdr* h6);
void set(const SfIp& src, const SfIp& dst);
bool set(const uint8_t* raw_ip_data);
+ void update(const SfIp& sip, const SfIp& dip);
void reset();
// return the 16 bits associated with this IP layers frag_offset/flags
pkth->flags = phdr->flags & (~DAQ_PKT_FLAG_HW_TCP_CS_GOOD);
pkth->address_space_id = phdr->address_space_id;
pkth->opaque = opaque;
+ if (pkth->flags & DAQ_PKT_FLAG_REAL_ADDRESSES)
+ {
+ pkth->n_real_sPort = phdr->n_real_sPort;
+ pkth->n_real_dPort = phdr->n_real_dPort;
+ pkth->real_sIP = phdr->real_sIP;
+ pkth->real_dIP = phdr->real_dIP;
+ }
}
//-------------------------------------------------------------------------
}
daq_flags = p->pkth->flags;
address_space_id = p->pkth->address_space_id;
+ if (daq_flags & DAQ_PKT_FLAG_REAL_ADDRESSES)
+ {
+ memcpy(real_src_ip.u6_addr8, &p->pkth->real_sIP, sizeof(ip::snort_in6_addr));
+ memcpy(real_dst_ip.u6_addr8, &p->pkth->real_dIP, sizeof(ip::snort_in6_addr));
+ real_src_port = p->pkth->n_real_sPort;
+ real_dst_port = p->pkth->n_real_dPort;
+ }
}
void TcpStreamSession::GetPacketHeaderFoo(DAQ_PktHdr_t* pkth, uint32_t dir)
pkth->opaque = 0;
pkth->flags = daq_flags;
pkth->address_space_id = address_space_id;
+ if (daq_flags & DAQ_PKT_FLAG_REAL_ADDRESSES)
+ {
+ memcpy(&pkth->real_sIP, real_src_ip.u6_addr8, sizeof(ip::snort_in6_addr));
+ memcpy(&pkth->real_dIP, real_dst_ip.u6_addr8, sizeof(ip::snort_in6_addr));
+ pkth->n_real_sPort = real_src_port;
+ pkth->n_real_dPort = real_dst_port;
+ }
}
void TcpStreamSession::SwapPacketHeaderFoo()
#include "detection/detection_engine.h"
#include "flow/session.h"
+#include "protocols/ipv6.h"
#include "stream/libtcp/tcp_stream_tracker.h"
#include "stream/tcp/tcp_stream_config.h"
TcpStreamConfig* config = nullptr;
TcpEventLogger tel;
+private:
+ ip::snort_in6_addr real_src_ip;
+ ip::snort_in6_addr real_dst_ip;
+ uint16_t real_src_port;
+ uint16_t real_dst_port;
+
protected:
virtual void set_os_policy() = 0;
projects / thirdparty / snort3.git / commitdiff
