aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a9b506c34'
${ noResults }
suricata/src/decode-ppp.c

242 lines
6.0 KiB
C
Raw Normal View History Unescape Escape

PPP Support
16 years ago
/* Copyright (c) 2009 Open Infosec Foundation
* Written by Breno Silva Pinto <breno.silva@gmail.com> */
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
#include "eidps.h"
PPP Support
16 years ago
#include "decode.h"
#include "decode-ppp.h"
#include "decode-events.h"
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
#include "flow.h"
PPP Support
16 years ago
#include "util-unittest.h"
void DecodePPP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len, PacketQueue *pq)
{
Implements counters for the decode module
16 years ago
PerfCounterIncr(COUNTER_DECODER_PPP, t->pca);
PPP Support
16 years ago
if(len < PPP_HEADER_LEN) {
DECODER_SET_EVENT(p,PPP_PKT_TOO_SMALL);
return;
}
p->ppph = (PPPHdr *)pkt;
if(p->ppph == NULL)
return;
#ifdef DEBUG
printf("DecodePPP: p %p pkt %p PPP protocol %04x Len: %d\n", p, pkt, ntohs(p->ppph->protocol), len);
#endif
switch (ntohs(p->ppph->protocol))
{
case PPP_VJ_COMP:
case PPP_IPX:
case PPP_OSI:
case PPP_NS:
case PPP_DECNET:
case PPP_APPLE:
case PPP_BRPDU:
case PPP_STII:
case PPP_VINES:
case PPP_HELLO:
case PPP_LUXCOM:
case PPP_SNS:
case PPP_MPLS_UCAST:
case PPP_MPLS_MCAST:
case PPP_IPCP:
case PPP_OSICP:
case PPP_NSCP:
case PPP_DECNETCP:
case PPP_APPLECP:
case PPP_IPXCP:
case PPP_STIICP:
case PPP_VINESCP:
case PPP_IPV6CP:
case PPP_MPLSCP:
case PPP_LCP:
case PPP_PAP:
case PPP_LQM:
case PPP_CHAP:
break;
case PPP_VJ_UCOMP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
return;
}
if(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + PPP_HEADER_LEN)) == 4) {
DecodeIPV4(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq );
}
break;
case PPP_IP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
return;
}
DecodeIPV4(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq );
break;
/* PPP IPv6 was not tested */
case PPP_IPV6:
if(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
return;
}
DecodeIPV6(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN);
break;
default:
#ifdef DEBUG
printf("Unknown PPP protocol: %x\n",ntohs(p->ppph->protocol));
#endif
DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
return;
}
return;
}
Small layout fixes to the ppp code.
16 years ago
/* TESTS BELOW */
PPP Support
16 years ago
/* DecodePPPtest01
* Decode malformed ip layer PPP packet
* Expected test value: 1
*/
static int DecodePPPtest01 (void) {
Small layout fixes to the ppp code.
16 years ago
u_int8_t raw_ppp[] = { 0xff, 0x03, 0x00, 0x21, 0x45, 0xc0, 0x00 };
PPP Support
16 years ago
Packet p;
ThreadVars tv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL);
/* Function my returns here with expected value */
if(DECODER_ISSET_EVENT(&p,PPPIPV4_PKT_TOO_SMALL)) {
return 1;
}
return 0;
}
/* DecodePPPtest02
* Decode malformed ppp layer packet
* Expected test value: 1
*/
static int DecodePPPtest02 (void) {
Small layout fixes to the ppp code.
16 years ago
u_int8_t raw_ppp[] = { 0xff, 0x03, 0x00, 0xff, 0x45, 0xc0, 0x00, 0x2c, 0x4d,
0xed, 0x00, 0x00, 0xff, 0x06, 0xd5, 0x17, 0xbf, 0x01,
0x0d, 0x01, 0xbf, 0x01, 0x0d, 0x03, 0xea, 0x37, 0x00,
0x17, 0x6d, 0x0b, 0xba, 0xc3, 0x00, 0x00, 0x00, 0x00,
0x60, 0x02, 0x10, 0x20, 0xdd, 0xe1, 0x00, 0x00 };
PPP Support
16 years ago
Packet p;
ThreadVars tv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL);
/* Function must returns here */
if(DECODER_ISSET_EVENT(&p,PPP_WRONG_TYPE)) {
return 1;
}
return 0;
}
/* DecodePPPtest03
* Decode right PPP packet
* Expected test value: 1
*/
static int DecodePPPtest03 (void) {
Small layout fixes to the ppp code.
16 years ago
u_int8_t raw_ppp[] = { 0xff, 0x03, 0x00, 0x21, 0x45, 0xc0, 0x00, 0x2c, 0x4d,
0xed, 0x00, 0x00, 0xff, 0x06, 0xd5, 0x17, 0xbf, 0x01,
0x0d, 0x01, 0xbf, 0x01, 0x0d, 0x03, 0xea, 0x37, 0x00,
0x17, 0x6d, 0x0b, 0xba, 0xc3, 0x00, 0x00, 0x00, 0x00,
0x60, 0x02, 0x10, 0x20, 0xdd, 0xe1, 0x00, 0x00 };
PPP Support
16 years ago
Packet p;
ThreadVars tv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
FlowInitConfig(FLOW_QUIET);
PPP Support
16 years ago
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL);
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
FlowShutdown();
PPP Support
16 years ago
if(p.ppph == NULL) {
return 0;
}
if(DECODER_ISSET_EVENT(&p,PPP_PKT_TOO_SMALL)) {
return 0;
}
if(DECODER_ISSET_EVENT(&p,PPPIPV4_PKT_TOO_SMALL)) {
return 0;
}
if(DECODER_ISSET_EVENT(&p,PPP_WRONG_TYPE)) {
return 0;
}
/* Function must return here */
return 1;
}
/* DecodePPPtest04
* Check if ppp header is null
* Expected test value: 1
*/
static int DecodePPPtest04 (void) {
Small layout fixes to the ppp code.
16 years ago
u_int8_t raw_ppp[] = { 0xff, 0x03, 0x00, 0x21, 0x45, 0xc0, 0x00, 0x2c, 0x4d,
0xed, 0x00, 0x00, 0xff, 0x06, 0xd5, 0x17, 0xbf, 0x01,
0x0d, 0x01, 0xbf, 0x01, 0x0d, 0x03, 0xea, 0x37, 0x00,
0x17, 0x6d, 0x0b, 0xba, 0xc3, 0x00, 0x00, 0x00, 0x00,
0x60, 0x02, 0x10, 0x20, 0xdd, 0xe1, 0x00, 0x00 };
PPP Support
16 years ago
Packet p;
ThreadVars tv;
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
FlowInitConfig(FLOW_QUIET);
PPP Support
16 years ago
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL);
Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error.
16 years ago
FlowShutdown();
PPP Support
16 years ago
if(p.ppph == NULL) {
return 0;
}
/* Function must returns here */
return 1;
}
Small layout fixes to the ppp code.
16 years ago
PPP Support
16 years ago
void DecodePPPRegisterTests(void) {
UtRegisterTest("DecodePPPtest01", DecodePPPtest01, 1);
UtRegisterTest("DecodePPPtest02", DecodePPPtest02, 1);
UtRegisterTest("DecodePPPtest03", DecodePPPtest03, 1);
UtRegisterTest("DecodePPPtest04", DecodePPPtest04, 1);
}