diff --git a/src/decode-icmpv4.h b/src/decode-icmpv4.h index dcfd76ed62..0f77645ffa 100644 --- a/src/decode-icmpv4.h +++ b/src/decode-icmpv4.h @@ -4,6 +4,124 @@ #define __DECODE_ICMPV4_H__ #define ICMPV4_HEADER_LEN 4 +#ifndef ICMP_ECHOREPLY +#define ICMP_ECHOREPLY 0 /* Echo Reply */ +#endif +#ifndef ICMP_DEST_UNREACH +#define ICMP_DEST_UNREACH 3 /* Destination Unreachable */ +#endif +#ifndef ICMP_SOURCE_QUENCH +#define ICMP_SOURCE_QUENCH 4 /* Source Quench */ +#endif +#ifndef ICMP_REDIRECT +#define ICMP_REDIRECT 5 /* Redirect (change route) */ +#endif +#ifndef ICMP_ECHO +#define ICMP_ECHO 8 /* Echo Request */ +#endif +#ifndef ICMP_TIME_EXCEEDED +#define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */ +#endif +#ifndef ICMP_PARAMETERPROB +#define ICMP_PARAMETERPROB 12 /* Parameter Problem */ +#endif +#ifndef ICMP_TIMESTAMP +#define ICMP_TIMESTAMP 13 /* Timestamp Request */ +#endif +#ifndef ICMP_TIMESTAMPREPLY +#define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */ +#endif +#ifndef ICMP_INFO_REQUEST +#define ICMP_INFO_REQUEST 15 /* Information Request */ +#endif +#ifndef ICMP_INFO_REPLY +#define ICMP_INFO_REPLY 16 /* Information Reply */ +#endif +#ifndef ICMP_ADDRESS +#define ICMP_ADDRESS 17 /* Address Mask Request */ +#endif +#ifndef ICMP_ADDRESSREPLY +#define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */ +#endif +#ifndef NR_ICMP_TYPES +#define NR_ICMP_TYPES 18 +#endif + + +/* Codes for UNREACH. */ +#ifndef ICMP_NET_UNREACH +#define ICMP_NET_UNREACH 0 /* Network Unreachable */ +#endif +#ifndef ICMP_HOST_UNREACH +#define ICMP_HOST_UNREACH 1 /* Host Unreachable */ +#endif +#ifndef ICMP_PROT_UNREACH +#define ICMP_PROT_UNREACH 2 /* Protocol Unreachable */ +#endif +#ifndef ICMP_PORT_UNREACH +#define ICMP_PORT_UNREACH 3 /* Port Unreachable */ +#endif +#ifndef ICMP_FRAG_NEEDED +#define ICMP_FRAG_NEEDED 4 /* Fragmentation Needed/DF set */ +#endif +#ifndef ICMP_SR_FAILED +#define ICMP_SR_FAILED 5 /* Source Route failed */ +#endif +#ifndef ICMP_NET_UNKNOWN +#define ICMP_NET_UNKNOWN 6 +#endif +#ifndef ICMP_HOST_UNKNOWN +#define ICMP_HOST_UNKNOWN 7 +#endif +#ifndef ICMP_HOST_ISOLATED +#define ICMP_HOST_ISOLATED 8 +#endif +#ifndef ICMP_NET_ANO +#define ICMP_NET_ANO 9 +#endif +#ifndef ICMP_HOST_ANO +#define ICMP_HOST_ANO 10 +#endif +#ifndef ICMP_NET_UNR_TOS +#define ICMP_NET_UNR_TOS 11 +#endif +#ifndef ICMP_HOST_UNR_TOS +#define ICMP_HOST_UNR_TOS 12 +#endif +#ifndef ICMP_PKT_FILTERED +#define ICMP_PKT_FILTERED 13 /* Packet filtered */ +#endif +#ifndef ICMP_PREC_VIOLATION +#define ICMP_PREC_VIOLATION 14 /* Precedence violation */ +#endif +#ifndef ICMP_PREC_CUTOFF +#define ICMP_PREC_CUTOFF 15 /* Precedence cut off */ +#endif +#ifndef NR_ICMP_UNREACH +#define NR_ICMP_UNREACH 15 /* instead of hardcoding immediate value */ +#endif + +/* Codes for REDIRECT. */ +#ifndef ICMP_REDIR_NET +#define ICMP_REDIR_NET 0 /* Redirect Net */ +#endif +#ifndef ICMP_REDIR_HOST +#define ICMP_REDIR_HOST 1 /* Redirect Host */ +#endif +#ifndef ICMP_REDIR_NETTOS +#define ICMP_REDIR_NETTOS 2 /* Redirect Net for TOS */ +#endif +#ifndef ICMP_REDIR_HOSTTOS +#define ICMP_REDIR_HOSTTOS 3 /* Redirect Host for TOS */ +#endif + +/* Codes for TIME_EXCEEDED. */ +#ifndef ICMP_EXC_TTL +#define ICMP_EXC_TTL 0 /* TTL count exceeded */ +#endif +#ifndef ICMP_EXC_FRAGTIME +#define ICMP_EXC_FRAGTIME 1 /* Fragment Reass time exceeded */ +#endif /* ICMPv4 header structure */ typedef struct _ICMPV4Hdr diff --git a/src/decode-icmpv6.h b/src/decode-icmpv6.h index 1fb592b211..befc787ac5 100644 --- a/src/decode-icmpv6.h +++ b/src/decode-icmpv6.h @@ -4,6 +4,65 @@ #define __DECODE_ICMPV6_H__ #define ICMPV6_HEADER_LEN 8 +#ifndef ICMP6_DST_UNREACH +#define ICMP6_DST_UNREACH 1 +#endif +#ifndef ICMP6_PACKET_TOO_BIG +#define ICMP6_PACKET_TOO_BIG 2 +#endif +#ifndef ICMP6_TIME_EXCEEDED +#define ICMP6_TIME_EXCEEDED 3 +#endif +#ifndef ICMP6_PARAM_PROB +#define ICMP6_PARAM_PROB 4 +#endif +#ifndef ICMP6_ECHO_REQUEST +#define ICMP6_ECHO_REQUEST 128 +#endif +#ifndef ICMP6_ECHO_REPLY +#define ICMP6_ECHO_REPLY 129 +#endif +#ifndef MLD_LISTENER_QUERY +#define MLD_LISTENER_QUERY 130 +#endif +#ifndef MLD_LISTENER_REPORT +#define MLD_LISTENER_REPORT 131 +#endif +#ifndef MLD_LISTENER_REDUCTION +#define MLD_LISTENER_REDUCTION 132 +#endif + +#ifndef ICMP6_DST_UNREACH_NOROUTE +#define ICMP6_DST_UNREACH_NOROUTE 0 /* no route to destination */ +#endif +#ifndef ICMP6_DST_UNREACH_ADMIN +#define ICMP6_DST_UNREACH_ADMIN 1 /* communication with destination */ +#endif /* administratively prohibited */ +#ifndef ICMP6_DST_UNREACH_BEYONDSCOPE +#define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */ +#endif +#ifndef ICMP6_DST_UNREACH_ADDR +#define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */ +#endif +#ifndef ICMP6_DST_UNREACH_NOPORT +#define ICMP6_DST_UNREACH_NOPORT 4 /* bad port */ +#endif +#ifndef ICMP6_TIME_EXCEED_TRANSIT +#define ICMP6_TIME_EXCEED_TRANSIT 0 /* Hop Limit == 0 in transit */ +#endif +#ifndef ICMP6_TIME_EXCEED_REASSEMBLY +#define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* Reassembly time out */ +#endif +#ifndef ICMP6_PARAMPROB_HEADER +#define ICMP6_PARAMPROB_HEADER 0 /* erroneous header field */ +#endif +#ifndef ICMP6_PARAMPROB_NEXTHEADER +#define ICMP6_PARAMPROB_NEXTHEADER 1 /* unrecognized Next Header */ +#endif +#ifndef ICMP6_PARAMPROB_OPTION +#define ICMP6_PARAMPROB_OPTION 2 /* unrecognized IPv6 option */ +#endif + typedef struct _ICMPV6Hdr { diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c index 7f9d780726..6af4d66425 100644 --- a/src/respond-reject-libnet11.c +++ b/src/respond-reject-libnet11.c @@ -9,6 +9,10 @@ */ /*TODO calculate TTL base on average from stream tracking*/ +/*TODO come up with a way for users to specify icmp unreachable type + * Possibly default to port unreachable for UDP traffic this seems + * to be the default in flexresp and iptables + */ #include #include @@ -152,7 +156,7 @@ cleanup: } int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) { - printf("going to send a ICMP host unreachable\n"); + //printf("going to send a ICMP host unreachable\n"); Libnet11Packet lpacket; libnet_t *c; /* libnet context */ @@ -190,13 +194,13 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir) /* build the package */ if ((t = libnet_build_icmpv4_unreach ( - 3, /* type */ - 10, /* code */ - 0, /* checksum */ - p->ip4h, /* payload */ - lpacket.len, /* payload length */ - c, /* libnet context */ - 0)) < 0) /* libnet ptag */ + ICMP_DEST_UNREACH, /* type */ + ICMP_HOST_ANO, /* code */ + 0, /* checksum */ + p->ip4h, /* payload */ + lpacket.len, /* payload length */ + c, /* libnet context */ + 0)) < 0) /* libnet ptag */ { printf("RejectSendLibnet11L3IPv4ICMP libnet_build_icmpv4_unreach %s\n", libnet_geterror(c)); goto cleanup;