aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reject: never return error

Browse Source 
Errors by thread modules are not handled.
pull/5110/head
Victor Julien 5 years ago
parent b8d1677b9c
commit 66257f37eb
4 changed files with 28 additions and 50 deletions
Show Stats Download Patch File Download Diff File

9
src/respond-reject-libnet11.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -80,7 +80,6 @@ typedef struct Libnet11Packet_ {
int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
{
Libnet11Packet lpacket;
libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE];
@ -103,7 +102,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
}
if (p->tcph == NULL)
return 1;
return 1;
/* save payload len */
lpacket.dsize = p->payload_len;
@ -216,7 +215,6 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.id = 0;
lpacket.flow = 0;
lpacket.class = 0;
lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len);
if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
@ -292,7 +290,6 @@ cleanup:
int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
{
Libnet11Packet lpacket;
libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE];
@ -427,8 +424,6 @@ int RejectSendLibnet11L3IPv6ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.id = 0;
lpacket.flow = 0;
lpacket.class = 0;
lpacket.len = IPV6_GET_PLEN(p) + IPV6_HEADER_LEN;
if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {

3
src/respond-reject-libnet11.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -30,4 +30,5 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *, Packet *, void *,int);
int RejectSendLibnet11L3IPv6TCP(ThreadVars *, Packet *, void *,int);
int RejectSendLibnet11L3IPv6ICMP(ThreadVars *, Packet *, void *,int);
#endif /* __RESPOND_REJECT_LIBNET11_H__ */

64
src/respond-reject.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -22,8 +22,6 @@
*
* RespondReject is a threaded wrapper for sending Rejects
*
* \todo RespondRejectFunc returns 1 on error, 0 on ok... why? For now it should
* just return 0 always, error handling is a TODO in the threading model (VJ)
*/
#include "suricata-common.h"
@ -59,8 +57,6 @@ void TmModuleRespondRejectRegister (void)
static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
{
int ret = 0;
/* ACTION_REJECT defaults to rejecting the SRC */
if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) &&
!(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) &&
@ -70,44 +66,36 @@ static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
if (PKT_IS_IPV4(p)) {
if (PKT_IS_TCP(p)) {
ret = RejectSendIPv4TCP(tv, p, data);
(void)RejectSendIPv4TCP(tv, p, data);
} else {
ret = RejectSendIPv4ICMP(tv, p, data);
(void)RejectSendIPv4ICMP(tv, p, data);
}
} else if (PKT_IS_IPV6(p)) {
if (PKT_IS_TCP(p)) {
ret = RejectSendIPv6TCP(tv, p, data);
(void)RejectSendIPv6TCP(tv, p, data);
} else {
ret = RejectSendIPv6ICMP(tv, p, data);
(void)RejectSendIPv6ICMP(tv, p, data);
}
} else {
/* we're only supporting IPv4 and IPv6 */
return TM_ECODE_OK;
}
if (ret)
return TM_ECODE_FAILED;
else
return TM_ECODE_OK;
return TM_ECODE_OK;
}
int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret;
ret = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0);
} else {
SCReturnInt(ret);
SCReturnInt(r);
}
}
SCReturnInt(0);
@ -116,20 +104,19 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret;
ret = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
int r;
r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0);
} else {
SCReturnInt(ret);
SCReturnInt(r);
}
}
SCReturnInt(0);
@ -138,20 +125,18 @@ int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST);
int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret;
ret = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0);
} else {
SCReturnInt(ret);
SCReturnInt(r);
}
}
SCReturnInt(0);
@ -160,22 +145,19 @@ int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST);
int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret;
ret = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0);
} else {
SCReturnInt(ret);
SCReturnInt(r);
}
}
SCReturnInt(0);
}

2
src/respond-reject.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free

Write Preview
Loading…
Cancel
Save