From: Victor Julien Date: Fri, 26 Jul 2013 07:31:06 +0000 (+0200) Subject: icmpv6: fix icmp_id and icmp_seq keywords X-Git-Tag: suricata-2.0beta2~484 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b4111e9e2ce77984dc4e78b953d80ee93cce87c;p=thirdparty%2Fsuricata.git icmpv6: fix icmp_id and icmp_seq keywords Bug #907 --- diff --git a/src/decode-icmpv6.c b/src/decode-icmpv6.c index 7a99ce4156..1a7866b97e 100644 --- a/src/decode-icmpv6.c +++ b/src/decode-icmpv6.c @@ -677,16 +677,16 @@ static int ICMPV6EchoReqTest01(void) if (p->icmpv6h == NULL) { SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6"); - retval = 0; goto end; } SCLogDebug("ID: %u seq: %u", ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p)); if (ICMPV6_GET_TYPE(p) != 128 || ICMPV6_GET_CODE(p) != 0 || - ICMPV6_GET_ID(p) != 9712 || ICMPV6_GET_SEQ(p) != 29987) { - SCLogDebug("ICMPv6 Echo request decode failed"); - retval = 0; + ntohs(ICMPV6_GET_ID(p)) != 9712 || ntohs(ICMPV6_GET_SEQ(p)) != 29987) { + printf("ICMPv6 Echo reply decode failed TYPE %u CODE %u ID %04x(%u) SEQ %04x(%u): ", + ICMPV6_GET_TYPE(p), ICMPV6_GET_CODE(p), ICMPV6_GET_ID(p), ntohs(ICMPV6_GET_ID(p)), + ICMPV6_GET_SEQ(p), ntohs(ICMPV6_GET_SEQ(p))); goto end; } @@ -730,7 +730,6 @@ static int ICMPV6EchoRepTest01(void) if (p->icmpv6h == NULL) { SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6"); - retval = 0; goto end; } @@ -738,9 +737,10 @@ static int ICMPV6EchoRepTest01(void) ICMPV6_GET_CODE(p),ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p)); if (ICMPV6_GET_TYPE(p) != 129 || ICMPV6_GET_CODE(p) != 0 || - ICMPV6_GET_ID(p) != 9712 || ICMPV6_GET_SEQ(p) != 29987) { - SCLogDebug("ICMPv6 Echo reply decode failed"); - retval = 0; + ntohs(ICMPV6_GET_ID(p)) != 9712 || ntohs(ICMPV6_GET_SEQ(p)) != 29987) { + printf("ICMPv6 Echo reply decode failed TYPE %u CODE %u ID %04x(%u) SEQ %04x(%u): ", + ICMPV6_GET_TYPE(p), ICMPV6_GET_CODE(p), ICMPV6_GET_ID(p), ntohs(ICMPV6_GET_ID(p)), + ICMPV6_GET_SEQ(p), ntohs(ICMPV6_GET_SEQ(p))); goto end; } diff --git a/src/decode-icmpv6.h b/src/decode-icmpv6.h index 39880b3f49..a2f84061aa 100644 --- a/src/decode-icmpv6.h +++ b/src/decode-icmpv6.h @@ -78,9 +78,9 @@ /** If message is informational */ /** macro for icmpv6 "id" access */ -#define ICMPV6_GET_ID(p) (ntohs((p)->icmpv6vars.id)) +#define ICMPV6_GET_ID(p) (p)->icmpv6vars.id /** macro for icmpv6 "seq" access */ -#define ICMPV6_GET_SEQ(p) (ntohs((p)->icmpv6vars.seq)) +#define ICMPV6_GET_SEQ(p) (p)->icmpv6vars.seq /** If message is Error */ /** macro for icmpv6 "unused" access */ diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 31f8da65c7..8678f9c200 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -99,10 +99,6 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, return 0; if (PKT_IS_ICMPV4(p)) { - SCLogDebug("ICMPV4_GET_ID(p) %"PRIu16" (network byte order), " - "%"PRIu16" (host byte order)", ICMPV4_GET_ID(p), - ntohs(ICMPV4_GET_ID(p))); - switch (ICMPV4_GET_TYPE(p)){ case ICMP_ECHOREPLY: case ICMP_ECHO: @@ -112,6 +108,10 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, case ICMP_INFO_REPLY: case ICMP_ADDRESS: case ICMP_ADDRESSREPLY: + SCLogDebug("ICMPV4_GET_ID(p) %"PRIu16" (network byte order), " + "%"PRIu16" (host byte order)", ICMPV4_GET_ID(p), + ntohs(ICMPV4_GET_ID(p))); + pid = ICMPV4_GET_ID(p); break; default: @@ -122,6 +122,10 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, switch (ICMPV6_GET_TYPE(p)) { case ICMP6_ECHO_REQUEST: case ICMP6_ECHO_REPLY: + SCLogDebug("ICMPV6_GET_ID(p) %"PRIu16" (network byte order), " + "%"PRIu16" (host byte order)", ICMPV6_GET_ID(p), + ntohs(ICMPV6_GET_ID(p))); + pid = ICMPV6_GET_ID(p); break; default: diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 385318fa16..72778c78a9 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -99,10 +99,6 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p return 0; if (PKT_IS_ICMPV4(p)) { - SCLogDebug("ICMPV4_GET_SEQ(p) %"PRIu16" (network byte order), " - "%"PRIu16" (host byte order)", ICMPV4_GET_SEQ(p), - ntohs(ICMPV4_GET_SEQ(p))); - switch (ICMPV4_GET_TYPE(p)){ case ICMP_ECHOREPLY: case ICMP_ECHO: @@ -112,6 +108,10 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p case ICMP_INFO_REPLY: case ICMP_ADDRESS: case ICMP_ADDRESSREPLY: + SCLogDebug("ICMPV4_GET_SEQ(p) %"PRIu16" (network byte order), " + "%"PRIu16" (host byte order)", ICMPV4_GET_SEQ(p), + ntohs(ICMPV4_GET_SEQ(p))); + seqn = ICMPV4_GET_SEQ(p); break; default: @@ -119,9 +119,14 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p return 0; } } else if (PKT_IS_ICMPV6(p)) { + switch (ICMPV6_GET_TYPE(p)) { case ICMP6_ECHO_REQUEST: case ICMP6_ECHO_REPLY: + SCLogDebug("ICMPV6_GET_SEQ(p) %"PRIu16" (network byte order), " + "%"PRIu16" (host byte order)", ICMPV6_GET_SEQ(p), + ntohs(ICMPV6_GET_SEQ(p))); + seqn = ICMPV6_GET_SEQ(p); break; default: @@ -268,7 +273,7 @@ void DetectIcmpSeqFree (void *ptr) { int DetectIcmpSeqParseTest01 (void) { DetectIcmpSeqData *iseq = NULL; iseq = DetectIcmpSeqParse("300"); - if (iseq != NULL && iseq->seq == htons(300)) { + if (iseq != NULL && htons(iseq->seq) == 300) { DetectIcmpSeqFree(iseq); return 1; } @@ -282,7 +287,7 @@ int DetectIcmpSeqParseTest01 (void) { int DetectIcmpSeqParseTest02 (void) { DetectIcmpSeqData *iseq = NULL; iseq = DetectIcmpSeqParse(" 300 "); - if (iseq != NULL && iseq->seq == htons(300)) { + if (iseq != NULL && htons(iseq->seq) == 300) { DetectIcmpSeqFree(iseq); return 1; }