From 2d1ccb76b1a5b50505d63eba85d8aa623d633267 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 1 May 2024 07:16:13 +0200 Subject: [PATCH] detect: remove pseudo checks from packet keywords Keep as debug validation check. --- src/detect-dsize.c | 4 +--- src/detect-fragbits.c | 6 ++++-- src/detect-fragoffset.c | 6 ++---- src/detect-geoip.c | 3 +-- src/detect-icmp-seq.c | 7 +++---- src/detect-icmpv6-mtu.c | 6 +++++- src/detect-icode.c | 7 ++----- src/detect-id.c | 7 +++++-- src/detect-ipopts.c | 4 +++- src/detect-itype.c | 7 ++----- src/detect-stream_size.c | 4 +++- src/detect-tcp-ack.c | 6 ++++-- src/detect-tcp-flags.c | 6 ++++-- src/detect-tcp-seq.c | 6 ++++-- src/detect-tcp-window.c | 3 ++- src/detect-tcpmss.c | 6 ++++-- src/detect-template2.c | 8 ++------ src/detect-tos.c | 3 ++- src/detect-ttl.c | 7 ++----- 19 files changed, 55 insertions(+), 51 deletions(-) diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 5a35488b16..e518a59696 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -92,9 +92,7 @@ static int DetectDsizeMatch (DetectEngineThreadCtx *det_ctx, Packet *p, SCEnter(); int ret = 0; - if (PKT_IS_PSEUDOPKT(p)) { - SCReturnInt(0); - } + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const DetectU16Data *dd = (const DetectU16Data *)ctx; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 1d00496259..1799eff05c 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -142,7 +142,8 @@ FragBitsMatch(const uint8_t pbits, const uint8_t modifier, static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { - if (!ctx || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!ctx || !PacketIsIPv4(p)) return 0; uint8_t fragbits = 0; @@ -320,9 +321,10 @@ static void DetectFragBitsFree(DetectEngineCtx *de_ctx, void *de_ptr) static void PrefilterPacketFragBitsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const PrefilterPacketHeaderCtx *ctx = pectx; - if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) + if (!PacketIsIPv4(p)) return; uint8_t fragbits = 0; diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 218fd31b68..93def9400c 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -111,8 +111,7 @@ static int DetectFragOffsetMatch (DetectEngineThreadCtx *det_ctx, uint16_t frag = 0; const DetectFragOffsetData *fragoff = (const DetectFragOffsetData *)ctx; - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); if (PacketIsIPv4(p)) { const IPV4Hdr *ip4h = PacketGetIPv4(p); @@ -264,8 +263,7 @@ void DetectFragOffsetFree (DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketFragOffsetMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (PKT_IS_PSEUDOPKT(p)) - return; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint16_t frag; diff --git a/src/detect-geoip.c b/src/detect-geoip.c index 92fb2072a2..0cb0672381 100644 --- a/src/detect-geoip.c +++ b/src/detect-geoip.c @@ -250,8 +250,7 @@ static int DetectGeoipMatch(DetectEngineThreadCtx *det_ctx, const DetectGeoipData *geoipdata = (const DetectGeoipData *)ctx; int matches = 0; - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); if (PacketIsIPv4(p)) { if (geoipdata->flags & ( GEOIP_MATCH_SRC_FLAG | GEOIP_MATCH_BOTH_FLAG )) diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index ad8206a2f6..acedba4b28 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -76,9 +76,6 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq) { uint16_t seqn; - if (PKT_IS_PSEUDOPKT(p)) - return false; - if (PacketIsICMPv4(p)) { switch (p->icmp_s.type) { case ICMP_ECHOREPLY: @@ -136,6 +133,7 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq) static int DetectIcmpSeqMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint16_t seqn; if (!GetIcmpSeq(p, &seqn)) @@ -277,8 +275,9 @@ void DetectIcmpSeqFree (DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketIcmpSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - const PrefilterPacketHeaderCtx *ctx = pectx; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + const PrefilterPacketHeaderCtx *ctx = pectx; uint16_t seqn; if (!GetIcmpSeq(p, &seqn)) diff --git a/src/detect-icmpv6-mtu.c b/src/detect-icmpv6-mtu.c index 8f5e21f156..59b40fee48 100644 --- a/src/detect-icmpv6-mtu.c +++ b/src/detect-icmpv6-mtu.c @@ -63,7 +63,7 @@ void DetectICMPv6mtuRegister(void) // returns 0 on no mtu, and 1 if mtu static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu) { - if (!(PacketIsICMPv6(p)) || PKT_IS_PSEUDOPKT(p)) + if (!(PacketIsICMPv6(p))) return 0; const ICMPV6Hdr *icmpv6h = PacketGetICMPv6(p); if (ICMPV6_GET_CODE(icmpv6h) != 0) @@ -89,6 +89,8 @@ static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu) static int DetectICMPv6mtuMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + uint32_t picmpv6mtu; if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) { return 0; @@ -140,6 +142,8 @@ void DetectICMPv6mtuFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketIcmpv6mtuMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + uint32_t picmpv6mtu; if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) { return; diff --git a/src/detect-icode.c b/src/detect-icode.c index ab56553cc0..2acfcda528 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -87,8 +87,7 @@ void DetectICodeRegister (void) static int DetectICodeMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t picode; if (PacketIsICMPv4(p)) { @@ -152,9 +151,7 @@ void DetectICodeFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketICodeMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (PKT_IS_PSEUDOPKT(p)) { - SCReturn; - } + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t picode; if (PacketIsICMPv4(p)) { diff --git a/src/detect-id.c b/src/detect-id.c index 8cea0d4e95..27703b4dbc 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -93,12 +93,13 @@ void DetectIdRegister (void) static int DetectIdMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const DetectIdData *id_d = (const DetectIdData *)ctx; /** * To match a ipv4 packet with a "id" rule */ - if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) { + if (!PacketIsIPv4(p)) { return 0; } @@ -224,9 +225,11 @@ void DetectIdFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketIdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + const PrefilterPacketHeaderCtx *ctx = pectx; - if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) { + if (!PacketIsIPv4(p)) { return; } diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index 80d0ba195d..5e807d3933 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -158,9 +158,11 @@ const char *IpOptsFlagToString(uint16_t flag) static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + const DetectIpOptsData *de = (const DetectIpOptsData *)ctx; - if (!de || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) + if (!de || !PacketIsIPv4(p)) return 0; return (p->l3.vars.ip4.opts_set & de->ipopt) == de->ipopt; diff --git a/src/detect-itype.c b/src/detect-itype.c index 237d0548e6..5b432c6f57 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -84,8 +84,7 @@ void DetectITypeRegister (void) static int DetectITypeMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t pitype; if (PacketIsICMPv4(p)) { @@ -168,9 +167,7 @@ void DetectITypeFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketITypeMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (PKT_IS_PSEUDOPKT(p)) { - SCReturn; - } + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t pitype; if (PacketIsICMPv4(p)) { diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index f04a0c43f8..79ee4b5fb4 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -118,6 +118,7 @@ static int DetectStreamSizeMatchAux(const DetectStreamSizeData *sd, const TcpSes static int DetectStreamSizeMatch( DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const DetectStreamSizeData *sd = (const DetectStreamSizeData *)ctx; @@ -170,7 +171,8 @@ void DetectStreamSizeFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketStreamsizeMatch( DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!(PacketIsTCP(p))) return; if (p->flow == NULL || p->flow->protoctx == NULL) diff --git a/src/detect-tcp-ack.c b/src/detect-tcp-ack.c index 55a13b2816..84a13f7f8e 100644 --- a/src/detect-tcp-ack.c +++ b/src/detect-tcp-ack.c @@ -85,10 +85,11 @@ void DetectAckRegister(void) static int DetectAckMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const DetectAckData *data = (const DetectAckData *)ctx; /* This is only needed on TCP packets */ - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) { + if (!(PacketIsTCP(p))) { return 0; } @@ -151,12 +152,13 @@ static void DetectAckFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketAckMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); const PrefilterPacketHeaderCtx *ctx = pectx; if (!PrefilterPacketHeaderExtraMatch(ctx, p)) return; - if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) && + if (p->proto == IPPROTO_TCP && PacketIsTCP(p) && (TCP_GET_RAW_ACK(PacketGetTCP(p)) == ctx->v1.u32[0])) { SCLogDebug("packet matches TCP ack %u", ctx->v1.u32[0]); PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt); diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 267193fc75..57488e3860 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -151,7 +151,8 @@ static int DetectFlagsMatch (DetectEngineThreadCtx *det_ctx, Packet *p, { SCEnter(); - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!(PacketIsTCP(p))) { SCReturnInt(0); } @@ -553,7 +554,8 @@ int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s) static void PrefilterPacketFlagsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!(PacketIsTCP(p))) { SCReturn; } diff --git a/src/detect-tcp-seq.c b/src/detect-tcp-seq.c index f26501db32..91d6799c10 100644 --- a/src/detect-tcp-seq.c +++ b/src/detect-tcp-seq.c @@ -83,8 +83,9 @@ static int DetectSeqMatch(DetectEngineThreadCtx *det_ctx, { const DetectSeqData *data = (const DetectSeqData *)ctx; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); /* This is only needed on TCP packets */ - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) { + if (!(PacketIsTCP(p))) { return 0; } @@ -148,10 +149,11 @@ PrefilterPacketSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p { const PrefilterPacketHeaderCtx *ctx = pectx; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); if (!PrefilterPacketHeaderExtraMatch(ctx, p)) return; - if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) && + if (p->proto == IPPROTO_TCP && PacketIsTCP(p) && (TCP_GET_RAW_SEQ(PacketGetTCP(p)) == ctx->v1.u32[0])) { SCLogDebug("packet matches TCP seq %u", ctx->v1.u32[0]); PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt); diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index 38f2b5c680..6adfe487be 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -87,7 +87,8 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p, { const DetectWindowData *wd = (const DetectWindowData *)ctx; - if (!(PacketIsTCP(p)) || wd == NULL || PKT_IS_PSEUDOPKT(p)) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!(PacketIsTCP(p)) || wd == NULL) { return 0; } diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c index 5c7acdb2ff..0ecdd8910f 100644 --- a/src/detect-tcpmss.c +++ b/src/detect-tcpmss.c @@ -74,8 +74,9 @@ void DetectTcpmssRegister(void) static int DetectTcpmssMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) + if (!(PacketIsTCP(p))) return 0; if (!(TCP_HAS_MSS(p))) @@ -128,7 +129,8 @@ void DetectTcpmssFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketTcpmssMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!(PacketIsTCP(p))) return; if (!(TCP_HAS_MSS(p))) diff --git a/src/detect-template2.c b/src/detect-template2.c index c38e9fe33f..45efa7e6a6 100644 --- a/src/detect-template2.c +++ b/src/detect-template2.c @@ -75,9 +75,7 @@ void DetectTemplate2Register(void) static int DetectTemplate2Match (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { - - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); /* TODO replace this */ uint8_t ptemplate2; @@ -137,9 +135,7 @@ void DetectTemplate2Free(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (PKT_IS_PSEUDOPKT(p)) { - SCReturn; - } + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t ptemplate2; /* TODO update */ diff --git a/src/detect-tos.c b/src/detect-tos.c index d4d2d2fe65..dc43a0e34f 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -96,7 +96,8 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const DetectTosData *tosd = (const DetectTosData *)ctx; int result = 0; - if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) { + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); + if (!PacketIsIPv4(p)) { return 0; } diff --git a/src/detect-ttl.c b/src/detect-ttl.c index edc5b1b225..efb86816d9 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -81,8 +81,7 @@ void DetectTtlRegister(void) static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx) { - if (PKT_IS_PSEUDOPKT(p)) - return 0; + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t pttl; if (PacketIsIPv4(p)) { @@ -140,9 +139,7 @@ void DetectTtlFree(DetectEngineCtx *de_ctx, void *ptr) static void PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx) { - if (PKT_IS_PSEUDOPKT(p)) { - SCReturn; - } + DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p)); uint8_t pttl; if (PacketIsIPv4(p)) {