detect-csum: incomplete checksum is a valid checksum

This patch modify checksum match to not alert on packet with incomplete checksum. They will be checksummed later and thus can be considered as valid one.
14 years ago · 8d635ddfc2
parent 67f791e891
commit 8d635ddfc2
1 changed files with 28 additions and 0 deletions
--- a/src/detect-csum.c
+++ b/src/detect-csum.c
@ -233,6 +233,10 @@ int DetectIPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip4h == NULL || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->ip4vars.comp_csum == -1)
        p->ip4vars.comp_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
                                                  IPV4_GET_RAW_HLEN(p->ip4h));
@ -323,6 +327,10 @@ int DetectTCPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip4h == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->tcpvars.comp_csum == -1)
        p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
                                                 (uint16_t *)p->tcph,
@ -414,6 +422,10 @@ int DetectTCPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip6h == NULL || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->tcpvars.comp_csum == -1)
        p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
                                                   (uint16_t *)p->tcph,
@ -505,6 +517,10 @@ int DetectUDPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip4h == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->udpvars.comp_csum == -1)
        p->udpvars.comp_csum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
                                                   (uint16_t *)p->udph,
@ -597,6 +613,10 @@ int DetectUDPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip6h == NULL || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->udpvars.comp_csum == -1)
        p->udpvars.comp_csum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
                                                   (uint16_t *)p->udph,
@ -689,6 +709,10 @@ int DetectICMPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip4h == NULL || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->icmpv4vars.comp_csum == -1)
        p->icmpv4vars.comp_csum = ICMPV4CalculateChecksum((uint16_t *)p->icmpv4h,
                                                       ntohs(IPV4_GET_RAW_IPLEN(p->ip4h)) -
@ -780,6 +804,10 @@ int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
    if (p->ip6h == NULL || p->proto != IPPROTO_ICMPV6 || PKT_IS_PSEUDOPKT(p))
        return 0;

+    if (p->flags & PKT_IGNORE_CHECKSUM) {
+        return cd->valid;
+    }
+
    if (p->icmpv6vars.comp_csum == -1)
        p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
                                                       (uint16_t *)p->icmpv6h,