support for pseudo packet creation from reassembled stream segments

src/stream-tcp-private.h

@@ -61,6 +61,8 @@ typedef struct TcpStream_ {
     TcpSegment *seg_list_tail;  /**< Last segment in the reassembled stream seg list*/
     uint32_t reassembly_depth;  /**< The depth value of a stream until when, we
                                      will reassemble the stream */
+    uint32_t pseudo_ra_base_seq;    /**< Base sequence until when we have
+                                         reassembled the psuedo packet */
 } TcpStream;
 
 /* from /usr/include/netinet/tcp.h */
@@ -152,6 +154,7 @@ enum
         (stream)->ra_raw_base_seq = (seq); \
         (stream)->ra_app_base_seq = (seq); \
         (stream)->tmp_ra_app_base_seq = (seq); \
+        (stream)->pseudo_ra_base_seq = (seq); \
     } while(0); \
 }
 

src/stream-tcp-reassemble.h

@@ -30,6 +30,29 @@
 #include "app-layer-detect-proto.h"
 #include "stream-tcp-private.h"
 
+#define PSUEDO_PKT_SET_IPV4HDR(nipv4h,ipv4h) do { \
+        (nipv4h)->ip_src = IPV4_GET_RAW_IPDST(ipv4h); \
+        (nipv4h)->ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \
+    } while (0)
+
+#define PSUEDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \
+        (nipv6h)->ip6_src[0] = (ipv6h)->ip6_dst[0]; \
+        (nipv6h)->ip6_src[1] = (ipv6h)->ip6_dst[1]; \
+        (nipv6h)->ip6_src[2] = (ipv6h)->ip6_dst[2]; \
+        (nipv6h)->ip6_src[3] = (ipv6h)->ip6_dst[3]; \
+        (nipv6h)->ip6_dst[0] = (ipv6h)->ip6_src[0]; \
+        (nipv6h)->ip6_dst[1] = (ipv6h)->ip6_src[1]; \
+        (nipv6h)->ip6_dst[2] = (ipv6h)->ip6_src[2]; \
+        (nipv6h)->ip6_dst[3] = (ipv6h)->ip6_src[3]; \
+    } while (0)
+
+#define PSUEDO_PKT_SET_TCPHDR(ntcph,tcph) do { \
+        COPY_PORT((tcph)->th_dport, (ntcph)->th_sport); \
+        COPY_PORT((tcph)->th_sport, (ntcph)->th_dport); \
+        (ntcph)->th_seq = (tcph)->th_ack; \
+        (ntcph)->th_ack = (tcph)->th_seq; \
+    } while (0)
+
 /** Supported OS list and default OS policy is BSD */
 enum
 {
@@ -60,7 +83,7 @@ typedef struct TcpReassemblyThreadCtx_ {
 
 #define OS_POLICY_DEFAULT   OS_POLICY_BSD
 
-int StreamTcpReassembleHandleSegment(ThreadVars *, TcpReassemblyThreadCtx *, TcpSession *, TcpStream *, Packet *);
+int StreamTcpReassembleHandleSegment(ThreadVars *, TcpReassemblyThreadCtx *, TcpSession *, TcpStream *, Packet *, PacketQueue *);
 int StreamTcpReassembleInit(char);
 void StreamTcpReassembleFree(char);
 void StreamTcpReassembleRegisterTests(void);

src/util-unittest-helper.c

@@ -24,6 +24,8 @@
  * when constructing unittests
  */
 
+#include <netinet/in.h>
+
 #include "suricata-common.h"
 
 #include "decode.h"
@@ -73,12 +75,23 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
     p->payload_len = payload_len;
     p->proto = ipproto;
 
+    p->ip6h = SCMalloc(sizeof(IPV6Hdr));
+    if (p->ip6h == NULL)
+        return NULL;
+    memset(p->ip6h, 0, sizeof(IPV6Hdr));
+    p->ip6h->s_ip6_nxt = ipproto;
+    p->ip6h->s_ip6_plen = htons(payload_len + sizeof(TCPHdr));
+
     inet_pton(AF_INET6, src, &in);
     p->src.addr_data32[0] = in[0];
     p->src.addr_data32[1] = in[1];
     p->src.addr_data32[2] = in[2];
     p->src.addr_data32[3] = in[3];
     p->sp = sport;
+    p->ip6h->ip6_src[0] = in[0];
+    p->ip6h->ip6_src[1] = in[1];
+    p->ip6h->ip6_src[2] = in[2];
+    p->ip6h->ip6_src[3] = in[3];
 
     inet_pton(AF_INET6, dst, &in);
     p->dst.addr_data32[0] = in[0];
@@ -86,19 +99,17 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
     p->dst.addr_data32[2] = in[2];
     p->dst.addr_data32[3] = in[3];
     p->dp = dport;
-
+    p->ip6h->ip6_dst[0] = in[0];
-    p->ip6h = SCMalloc(sizeof(IPV6Hdr));
+    p->ip6h->ip6_dst[1] = in[1];
-    if (p->ip6h == NULL)
+    p->ip6h->ip6_dst[2] = in[2];
-        return NULL;
+    p->ip6h->ip6_dst[3] = in[3];
-    memset(p->ip6h, 0, sizeof(IPV6Hdr));
-    p->ip6h->s_ip6_nxt = ipproto;
 
     p->tcph = SCMalloc(sizeof(TCPHdr));
     if (p->tcph == NULL)
         return NULL;
     memset(p->tcph, 0, sizeof(TCPHdr));
-    p->tcph->th_sport = sport;
+    p->tcph->th_sport = htons(sport);
-    p->tcph->th_dport = dport;
+    p->tcph->th_dport = htons(dport);
 
     SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
     return p;
@@ -155,6 +166,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
     p->ip4h->ip_src.s_addr = p->src.addr_data32[0];
     p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0];
     p->ip4h->ip_proto = ipproto;
+    p->ip4h->ip_verhl = sizeof(IPV4Hdr);
     p->proto = ipproto;
 
     switch (ipproto) {
@@ -172,8 +184,8 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
             if (p->tcph == NULL)
                 return NULL;
             memset(p->tcph, 0, sizeof(TCPHdr));
-            p->tcph->th_sport = sport;
+            p->tcph->th_sport = htons(sport);
-            p->tcph->th_dport = dport;
+            p->tcph->th_dport = htons(dport);
             SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len);
             break;
         case IPPROTO_ICMP:
@@ -773,9 +785,9 @@ int CheckUTHTestPacket(Packet *p, uint16_t ipproto) {
         case IPPROTO_TCP:
             if (p->tcph == NULL)
                 return 0;
-            if (p->tcph->th_sport != sport)
+            if (ntohs(p->tcph->th_sport) != sport)
                 return 0;
-            if (p->tcph->th_dport != dport)
+            if (ntohs(p->tcph->th_dport) != dport)
                 return 0;
         break;
     }

src/util-unittest-helper.h

@@ -48,7 +48,8 @@ int UTHMatchPacketsWithResults(DetectEngineCtx *, Packet **, int, uint32_t *, ui
 int UTHGenericTest(Packet **, int, char **, uint32_t *, uint32_t *, int);
 
 uint32_t UTHBuildPacketOfFlows(uint32_t, uint32_t, uint8_t);
-
+Packet *UTHBuildPacketIPV6Real(uint8_t *, uint16_t , uint16_t , char *, char *,
+                           uint16_t , uint16_t );
 void UTHRegisterTests(void);
 
 #endif /* __UTIL_UNITTEST_HELPER__ */