From 54f8d56f48d7c7b8f489a595fdc07859adc06c0e Mon Sep 17 00:00:00 2001 From: Anoop Saldanha Date: Fri, 9 Sep 2011 12:27:11 +0530 Subject: [PATCH] Packet inspection keywords modified to not inspect pseudo packet --- src/detect-csum.c | 2 +- src/detect-flags.c | 2 +- src/detect-fragbits.c | 2 +- src/detect-fragoffset.c | 3 +++ src/detect-icmp-id.c | 3 +++ src/detect-icmp-seq.c | 3 +++ src/detect-icode.c | 3 +++ src/detect-itype.c | 3 +++ 8 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/detect-csum.c b/src/detect-csum.c index 45f1e5c12d..8a108ee44d 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -230,7 +230,7 @@ int DetectIPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, { DetectCsumData *cd = (DetectCsumData *)m->ctx; - if (p->ip4h == NULL) + if (p->ip4h == NULL || PKT_IS_PSEUDOPKT(p)) return 0; if (p->ip4vars.comp_csum == -1) diff --git a/src/detect-flags.c b/src/detect-flags.c index 11a200409b..f4a9b4f1b6 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -114,7 +114,7 @@ static int DetectFlagsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Pack uint8_t flags = 0; DetectFlagsData *de = (DetectFlagsData *)m->ctx; - if(!(PKT_IS_TCP(p))) { + if (!(PKT_IS_TCP(p)) || PKT_IS_PSEUDOPKT(p)) { SCReturnInt(0); } diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index c2ea0d96f7..79ce758a1c 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -117,7 +117,7 @@ static int DetectFragBitsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, P uint16_t fragbits = 0; DetectFragBitsData *de = (DetectFragBitsData *)m->ctx; - if(!de || !PKT_IS_IPV4(p) || !p) + if (!de || !PKT_IS_IPV4(p) || !p || PKT_IS_PSEUDOPKT(p)) return ret; if(IPV4_GET_MF(p)) diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 513330c20b..f2b4b2fd03 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -95,6 +95,9 @@ int DetectFragOffsetMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet uint16_t frag = 0; DetectFragOffsetData *fragoff = (DetectFragOffsetData *)m->ctx; + if (PKT_IS_PSEUDOPKT(p)) + return 0; + if (PKT_IS_IPV4(p)) { frag = IPV4_GET_IPOFFSET(p); } else if (PKT_IS_IPV6(p)) { diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index c93ff8568c..733f636782 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -93,6 +93,9 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, uint16_t pid; DetectIcmpIdData *iid = (DetectIcmpIdData *)m->ctx; + if (PKT_IS_PSEUDOPKT(p)) + return 0; + if (PKT_IS_ICMPV4(p)) { SCLogDebug("ICMPV4_GET_ID(p) %"PRIu16" (network byte order), " "%"PRIu16" (host byte order)", ICMPV4_GET_ID(p), diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index 9b6a9b0d00..fa38c73437 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -93,6 +93,9 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p uint16_t seqn; DetectIcmpSeqData *iseq = (DetectIcmpSeqData *)m->ctx; + if (PKT_IS_PSEUDOPKT(p)) + return 0; + if (PKT_IS_ICMPV4(p)) { SCLogDebug("ICMPV4_GET_SEQ(p) %"PRIu16" (network byte order), " "%"PRIu16" (host byte order)", ICMPV4_GET_SEQ(p), diff --git a/src/detect-icode.c b/src/detect-icode.c index 693ce6eee0..e4c68ca1e2 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -100,6 +100,9 @@ int DetectICodeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, uint8_t picode; DetectICodeData *icd = (DetectICodeData *)m->ctx; + if (PKT_IS_PSEUDOPKT(p)) + return 0; + if (PKT_IS_ICMPV4(p)) { picode = ICMPV4_GET_CODE(p); } else if (PKT_IS_ICMPV6(p)) { diff --git a/src/detect-itype.c b/src/detect-itype.c index 2c8fa3a481..abb8219a87 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -100,6 +100,9 @@ int DetectITypeMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, uint8_t pitype; DetectITypeData *itd = (DetectITypeData *)m->ctx; + if (PKT_IS_PSEUDOPKT(p)) + return 0; + if (PKT_IS_ICMPV4(p)) { pitype = ICMPV4_GET_TYPE(p); } else if (PKT_IS_ICMPV6(p)) {