added macros for ICMP defines

src/decode-icmpv4.h

@@ -4,6 +4,124 @@
 #define __DECODE_ICMPV4_H__
 
 #define ICMPV4_HEADER_LEN         4
+#ifndef ICMP_ECHOREPLY
+#define ICMP_ECHOREPLY          0       /* Echo Reply                   */
+#endif
+#ifndef ICMP_DEST_UNREACH
+#define ICMP_DEST_UNREACH       3       /* Destination Unreachable      */
+#endif
+#ifndef ICMP_SOURCE_QUENCH
+#define ICMP_SOURCE_QUENCH      4       /* Source Quench                */
+#endif
+#ifndef ICMP_REDIRECT
+#define ICMP_REDIRECT           5       /* Redirect (change route)      */
+#endif
+#ifndef ICMP_ECHO
+#define ICMP_ECHO               8       /* Echo Request                 */
+#endif
+#ifndef ICMP_TIME_EXCEEDED
+#define ICMP_TIME_EXCEEDED      11      /* Time Exceeded                */
+#endif
+#ifndef ICMP_PARAMETERPROB
+#define ICMP_PARAMETERPROB      12      /* Parameter Problem            */
+#endif
+#ifndef ICMP_TIMESTAMP
+#define ICMP_TIMESTAMP          13      /* Timestamp Request            */
+#endif
+#ifndef ICMP_TIMESTAMPREPLY
+#define ICMP_TIMESTAMPREPLY     14      /* Timestamp Reply              */
+#endif
+#ifndef ICMP_INFO_REQUEST
+#define ICMP_INFO_REQUEST       15      /* Information Request          */
+#endif
+#ifndef ICMP_INFO_REPLY
+#define ICMP_INFO_REPLY         16      /* Information Reply            */
+#endif
+#ifndef ICMP_ADDRESS
+#define ICMP_ADDRESS            17      /* Address Mask Request         */
+#endif
+#ifndef ICMP_ADDRESSREPLY
+#define ICMP_ADDRESSREPLY       18      /* Address Mask Reply           */
+#endif
+#ifndef NR_ICMP_TYPES
+#define NR_ICMP_TYPES           18
+#endif
+
+
+/* Codes for UNREACH. */
+#ifndef ICMP_NET_UNREACH
+#define ICMP_NET_UNREACH        0       /* Network Unreachable          */
+#endif
+#ifndef ICMP_HOST_UNREACH
+#define ICMP_HOST_UNREACH       1       /* Host Unreachable             */
+#endif
+#ifndef ICMP_PROT_UNREACH
+#define ICMP_PROT_UNREACH       2       /* Protocol Unreachable         */
+#endif
+#ifndef ICMP_PORT_UNREACH
+#define ICMP_PORT_UNREACH       3       /* Port Unreachable             */
+#endif
+#ifndef ICMP_FRAG_NEEDED
+#define ICMP_FRAG_NEEDED        4       /* Fragmentation Needed/DF set  */
+#endif
+#ifndef ICMP_SR_FAILED
+#define ICMP_SR_FAILED          5       /* Source Route failed          */
+#endif
+#ifndef ICMP_NET_UNKNOWN
+#define ICMP_NET_UNKNOWN        6
+#endif
+#ifndef ICMP_HOST_UNKNOWN
+#define ICMP_HOST_UNKNOWN       7
+#endif
+#ifndef ICMP_HOST_ISOLATED
+#define ICMP_HOST_ISOLATED      8
+#endif
+#ifndef ICMP_NET_ANO
+#define ICMP_NET_ANO            9
+#endif
+#ifndef ICMP_HOST_ANO
+#define ICMP_HOST_ANO           10
+#endif
+#ifndef ICMP_NET_UNR_TOS
+#define ICMP_NET_UNR_TOS        11
+#endif
+#ifndef ICMP_HOST_UNR_TOS
+#define ICMP_HOST_UNR_TOS       12
+#endif
+#ifndef ICMP_PKT_FILTERED
+#define ICMP_PKT_FILTERED       13      /* Packet filtered */
+#endif
+#ifndef ICMP_PREC_VIOLATION
+#define ICMP_PREC_VIOLATION     14      /* Precedence violation */
+#endif
+#ifndef ICMP_PREC_CUTOFF
+#define ICMP_PREC_CUTOFF        15      /* Precedence cut off */
+#endif
+#ifndef NR_ICMP_UNREACH
+#define NR_ICMP_UNREACH         15      /* instead of hardcoding immediate value */
+#endif
+
+/* Codes for REDIRECT. */
+#ifndef ICMP_REDIR_NET
+#define ICMP_REDIR_NET          0       /* Redirect Net                 */
+#endif
+#ifndef ICMP_REDIR_HOST
+#define ICMP_REDIR_HOST         1       /* Redirect Host                */
+#endif
+#ifndef ICMP_REDIR_NETTOS
+#define ICMP_REDIR_NETTOS       2       /* Redirect Net for TOS         */
+#endif
+#ifndef ICMP_REDIR_HOSTTOS
+#define ICMP_REDIR_HOSTTOS      3       /* Redirect Host for TOS        */
+#endif
+
+/* Codes for TIME_EXCEEDED. */
+#ifndef ICMP_EXC_TTL
+#define ICMP_EXC_TTL            0       /* TTL count exceeded           */
+#endif
+#ifndef ICMP_EXC_FRAGTIME
+#define ICMP_EXC_FRAGTIME       1       /* Fragment Reass time exceeded */
+#endif
 
 /* ICMPv4 header structure */
 typedef struct _ICMPV4Hdr

src/decode-icmpv6.h

@@ -4,6 +4,65 @@
 #define __DECODE_ICMPV6_H__
 
 #define ICMPV6_HEADER_LEN       8
+#ifndef ICMP6_DST_UNREACH
+#define ICMP6_DST_UNREACH             1
+#endif
+#ifndef ICMP6_PACKET_TOO_BIG
+#define ICMP6_PACKET_TOO_BIG          2
+#endif
+#ifndef ICMP6_TIME_EXCEEDED
+#define ICMP6_TIME_EXCEEDED           3
+#endif
+#ifndef ICMP6_PARAM_PROB
+#define ICMP6_PARAM_PROB              4
+#endif
+#ifndef ICMP6_ECHO_REQUEST
+#define ICMP6_ECHO_REQUEST          128
+#endif
+#ifndef ICMP6_ECHO_REPLY
+#define ICMP6_ECHO_REPLY            129
+#endif
+#ifndef MLD_LISTENER_QUERY
+#define MLD_LISTENER_QUERY          130
+#endif
+#ifndef MLD_LISTENER_REPORT
+#define MLD_LISTENER_REPORT         131
+#endif
+#ifndef MLD_LISTENER_REDUCTION
+#define MLD_LISTENER_REDUCTION      132
+#endif
+
+#ifndef ICMP6_DST_UNREACH_NOROUTE
+#define ICMP6_DST_UNREACH_NOROUTE     0 /* no route to destination */
+#endif
+#ifndef ICMP6_DST_UNREACH_ADMIN
+#define ICMP6_DST_UNREACH_ADMIN       1 /* communication with destination */
+#endif                                  /* administratively prohibited */
+#ifndef ICMP6_DST_UNREACH_BEYONDSCOPE
+#define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */
+#endif
+#ifndef ICMP6_DST_UNREACH_ADDR
+#define ICMP6_DST_UNREACH_ADDR        3 /* address unreachable */
+#endif
+#ifndef ICMP6_DST_UNREACH_NOPORT
+#define ICMP6_DST_UNREACH_NOPORT      4 /* bad port */
+#endif
+#ifndef ICMP6_TIME_EXCEED_TRANSIT
+#define ICMP6_TIME_EXCEED_TRANSIT     0 /* Hop Limit == 0 in transit */
+#endif
+#ifndef ICMP6_TIME_EXCEED_REASSEMBLY
+#define ICMP6_TIME_EXCEED_REASSEMBLY  1 /* Reassembly time out */
+#endif
+#ifndef ICMP6_PARAMPROB_HEADER
+#define ICMP6_PARAMPROB_HEADER        0 /* erroneous header field */
+#endif
+#ifndef ICMP6_PARAMPROB_NEXTHEADER
+#define ICMP6_PARAMPROB_NEXTHEADER    1 /* unrecognized Next Header */
+#endif
+#ifndef ICMP6_PARAMPROB_OPTION
+#define ICMP6_PARAMPROB_OPTION        2 /* unrecognized IPv6 option */
+#endif
+
 
 typedef struct _ICMPV6Hdr
 {

src/respond-reject-libnet11.c

@@ -9,6 +9,10 @@
  */
 
 /*TODO calculate TTL base on average from stream tracking*/
+/*TODO come up with a way for users to specify icmp unreachable type
+ * Possibly default to port unreachable for UDP traffic this seems
+ * to be the default in flexresp and iptables
+ */
 
 #include <pthread.h>
 #include <sys/signal.h>
@@ -152,7 +156,7 @@ cleanup:
 }
 
 int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) {
-    printf("going to send a ICMP host unreachable\n");
+    //printf("going to send a ICMP host unreachable\n");
     Libnet11Packet lpacket;
 
     libnet_t *c; /* libnet context */
@@ -190,13 +194,13 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
 
     /* build the package */
     if ((t = libnet_build_icmpv4_unreach (
-                               3,                       /* type */
-                               10,                      /* code */
-                               0,                       /* checksum */
-                               p->ip4h,                 /* payload */
-                               lpacket.len,             /* payload length */
-                               c,                       /* libnet context */
-                               0)) < 0)                 /* libnet ptag */
+    		                   ICMP_DEST_UNREACH,        /* type */
+    		                   ICMP_HOST_ANO,            /* code */
+                               0,                        /* checksum */
+                               p->ip4h,                  /* payload */
+                               lpacket.len,              /* payload length */
+                               c,                        /* libnet context */
+                               0)) < 0)                  /* libnet ptag */
     {
         printf("RejectSendLibnet11L3IPv4ICMP libnet_build_icmpv4_unreach %s\n", libnet_geterror(c));
         goto cleanup;