aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reject: never return error

Browse Source 
Errors by thread modules are not handled.
pull/5110/head
Victor Julien 5 years ago
parent b8d1677b9c
commit 66257f37eb
4 changed files with 28 additions and 50 deletions
Show Stats Download Patch File Download Diff File

7
src/respond-reject-libnet11.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation /* Copyright (C) 2007-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -80,7 +80,6 @@ typedef struct Libnet11Packet_ {
int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir) int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
{ {
Libnet11Packet lpacket; Libnet11Packet lpacket;
libnet_t *c; /* libnet context */ libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE]; char ebuf[LIBNET_ERRBUF_SIZE];
@ -216,7 +215,6 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.id = 0; lpacket.id = 0;
lpacket.flow = 0; lpacket.flow = 0;
lpacket.class = 0; lpacket.class = 0;
lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len); lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len);
if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) { if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
@ -292,7 +290,6 @@ cleanup:
int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir) int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
{ {
Libnet11Packet lpacket; Libnet11Packet lpacket;
libnet_t *c; /* libnet context */ libnet_t *c; /* libnet context */
char ebuf[LIBNET_ERRBUF_SIZE]; char ebuf[LIBNET_ERRBUF_SIZE];
@ -427,8 +424,6 @@ int RejectSendLibnet11L3IPv6ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
lpacket.id = 0; lpacket.id = 0;
lpacket.flow = 0; lpacket.flow = 0;
lpacket.class = 0; lpacket.class = 0;
lpacket.len = IPV6_GET_PLEN(p) + IPV6_HEADER_LEN; lpacket.len = IPV6_GET_PLEN(p) + IPV6_HEADER_LEN;
if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) { if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {

3
src/respond-reject-libnet11.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -30,4 +30,5 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *, Packet *, void *,int);
int RejectSendLibnet11L3IPv6TCP(ThreadVars *, Packet *, void *,int); int RejectSendLibnet11L3IPv6TCP(ThreadVars *, Packet *, void *,int);
int RejectSendLibnet11L3IPv6ICMP(ThreadVars *, Packet *, void *,int); int RejectSendLibnet11L3IPv6ICMP(ThreadVars *, Packet *, void *,int);
#endif /* __RESPOND_REJECT_LIBNET11_H__ */ #endif /* __RESPOND_REJECT_LIBNET11_H__ */

62
src/respond-reject.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free
@ -22,8 +22,6 @@
* *
* RespondReject is a threaded wrapper for sending Rejects * RespondReject is a threaded wrapper for sending Rejects
* *
* \todo RespondRejectFunc returns 1 on error, 0 on ok... why? For now it should
* just return 0 always, error handling is a TODO in the threading model (VJ)
*/ */
#include "suricata-common.h" #include "suricata-common.h"
@ -59,8 +57,6 @@ void TmModuleRespondRejectRegister (void)
static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data) static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
{ {
int ret = 0;
/* ACTION_REJECT defaults to rejecting the SRC */ /* ACTION_REJECT defaults to rejecting the SRC */
if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) && if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) &&
!(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) && !(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) &&
@ -70,44 +66,36 @@ static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p)) {
if (PKT_IS_TCP(p)) { if (PKT_IS_TCP(p)) {
ret = RejectSendIPv4TCP(tv, p, data); (void)RejectSendIPv4TCP(tv, p, data);
} else { } else {
ret = RejectSendIPv4ICMP(tv, p, data); (void)RejectSendIPv4ICMP(tv, p, data);
} }
} else if (PKT_IS_IPV6(p)) { } else if (PKT_IS_IPV6(p)) {
if (PKT_IS_TCP(p)) { if (PKT_IS_TCP(p)) {
ret = RejectSendIPv6TCP(tv, p, data); (void)RejectSendIPv6TCP(tv, p, data);
} else { } else {
ret = RejectSendIPv6ICMP(tv, p, data); (void)RejectSendIPv6ICMP(tv, p, data);
} }
} else {
/* we're only supporting IPv4 and IPv6 */
return TM_ECODE_OK;
} }
if (ret)
return TM_ECODE_FAILED;
else
return TM_ECODE_OK; return TM_ECODE_OK;
} }
int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC); int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r); SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST); int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r); SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret; int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
ret = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) { if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0); SCReturnInt(0);
} else { } else {
SCReturnInt(ret); SCReturnInt(r);
} }
} }
SCReturnInt(0); SCReturnInt(0);
@ -116,20 +104,19 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data) int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC); int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r); SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST); int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r); SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret; int r;
ret = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC); r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) { if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0); SCReturnInt(0);
} else { } else {
SCReturnInt(ret); SCReturnInt(r);
} }
} }
SCReturnInt(0); SCReturnInt(0);
@ -138,20 +125,18 @@ int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data) int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC); int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r); SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST); int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r); SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret; int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
ret = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) { if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0); SCReturnInt(0);
} else { } else {
SCReturnInt(ret); SCReturnInt(r);
} }
} }
SCReturnInt(0); SCReturnInt(0);
@ -160,22 +145,19 @@ int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data) int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
int r = 0;
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC); int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
SCReturnInt(r); SCReturnInt(r);
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST); int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST);
SCReturnInt(r); SCReturnInt(r);
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
int ret; int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
ret = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) { if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
SCReturnInt(0); SCReturnInt(0);
} else { } else {
SCReturnInt(ret); SCReturnInt(r);
} }
} }
SCReturnInt(0); SCReturnInt(0);
} }

2
src/respond-reject.h
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation /* Copyright (C) 2007-2020 Open Information Security Foundation
* *
* You can copy, redistribute or modify this Program under the terms of * You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free * the GNU General Public License version 2 as published by the Free

Write Preview
Loading…
Cancel
Save