aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set packet invalid flag during decoding.

Browse Source 
This patch set a new value in pkt->flag to signal that a packet is
invalid during decoding. The patch has been obtained via a coccinelle
transformation.
pull/671/head
Eric Leblond 13 years ago
parent 3088b6ac34
commit b2c58b8d14
14 changed files with 80 additions and 78 deletions
Show Stats Download Patch File Download Diff File

2
src/decode-ethernet.c
Unescape Escape View File

@ -43,7 +43,7 @@ int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pk
SCPerfCounterIncr(dtv->counter_eth, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_eth, tv->sc_perf_pca);
if (unlikely(len < ETHERNET_HEADER_LEN)) { if (unlikely(len < ETHERNET_HEADER_LEN)) {
ENGINE_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, ETHERNET_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

32
src/decode-gre.c
Unescape Escape View File

@ -51,7 +51,7 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
SCPerfCounterIncr(dtv->counter_gre, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_gre, tv->sc_perf_pca);
if(len < GRE_HDR_LEN) { if(len < GRE_HDR_LEN) {
ENGINE_SET_EVENT(p,GRE_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, GRE_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -76,12 +76,12 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
*/ */
if (GRE_FLAG_ISSET_RECUR(p->greh)) { if (GRE_FLAG_ISSET_RECUR(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION0_RECUR); ENGINE_SET_INVALID_EVENT(p, GRE_VERSION0_RECUR);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GREV1_FLAG_ISSET_FLAGS(p->greh)) { if (GREV1_FLAG_ISSET_FLAGS(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION0_FLAGS); ENGINE_SET_INVALID_EVENT(p, GRE_VERSION0_FLAGS);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -97,7 +97,7 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
header_len += GRE_CHKSUM_LEN + GRE_OFFSET_LEN; header_len += GRE_CHKSUM_LEN + GRE_OFFSET_LEN;
if (header_len > len) { if (header_len > len) {
ENGINE_SET_EVENT(p,GRE_VERSION0_HDR_TOO_BIG); ENGINE_SET_INVALID_EVENT(p, GRE_VERSION0_HDR_TOO_BIG);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -106,7 +106,8 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
while (1) while (1)
{ {
if ((header_len + GRE_SRE_HDR_LEN) > len) { if ((header_len + GRE_SRE_HDR_LEN) > len) {
ENGINE_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR); ENGINE_SET_INVALID_EVENT(p,
GRE_VERSION0_MALFORMED_SRE_HDR);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -119,7 +120,8 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
header_len += gsre->sre_length; header_len += gsre->sre_length;
if (header_len > len) { if (header_len > len) {
ENGINE_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR); ENGINE_SET_INVALID_EVENT(p,
GRE_VERSION0_MALFORMED_SRE_HDR);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
} }
@ -138,37 +140,37 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
*/ */
if (GRE_FLAG_ISSET_CHKSUM(p->greh)) { if (GRE_FLAG_ISSET_CHKSUM(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION1_CHKSUM); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_CHKSUM);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GRE_FLAG_ISSET_ROUTE(p->greh)) { if (GRE_FLAG_ISSET_ROUTE(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION1_ROUTE); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_ROUTE);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GRE_FLAG_ISSET_SSR(p->greh)) { if (GRE_FLAG_ISSET_SSR(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION1_SSR); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_SSR);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GRE_FLAG_ISSET_RECUR(p->greh)) { if (GRE_FLAG_ISSET_RECUR(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION1_RECUR); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_RECUR);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GREV1_FLAG_ISSET_FLAGS(p->greh)) { if (GREV1_FLAG_ISSET_FLAGS(p->greh)) {
ENGINE_SET_EVENT(p,GRE_VERSION1_FLAGS); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_FLAGS);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (GRE_GET_PROTO(p->greh) != GRE_PROTO_PPP) { if (GRE_GET_PROTO(p->greh) != GRE_PROTO_PPP) {
ENGINE_SET_EVENT(p,GRE_VERSION1_WRONG_PROTOCOL); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_WRONG_PROTOCOL);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
if (!(GRE_FLAG_ISSET_KY(p->greh))) { if (!(GRE_FLAG_ISSET_KY(p->greh))) {
ENGINE_SET_EVENT(p,GRE_VERSION1_NO_KEY); ENGINE_SET_INVALID_EVENT(p,GRE_VERSION1_NO_KEY);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -183,13 +185,13 @@ int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
header_len += GREV1_ACK_LEN; header_len += GREV1_ACK_LEN;
if (header_len > len) { if (header_len > len) {
ENGINE_SET_EVENT(p,GRE_VERSION1_HDR_TOO_BIG); ENGINE_SET_INVALID_EVENT(p, GRE_VERSION1_HDR_TOO_BIG);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
break; break;
default: default:
ENGINE_SET_EVENT(p,GRE_WRONG_VERSION); ENGINE_SET_INVALID_EVENT(p, GRE_WRONG_VERSION);
return TM_ECODE_OK; return TM_ECODE_OK;
} }

6
src/decode-icmpv4.c
Unescape Escape View File

@ -52,7 +52,7 @@ void DecodePartialIPV4( Packet* p, uint8_t* partial_packet, uint16_t len )
/** Check the sizes, the header must fit at least */ /** Check the sizes, the header must fit at least */
if (len < IPV4_HEADER_LEN) { if (len < IPV4_HEADER_LEN) {
SCLogDebug("DecodePartialIPV4: ICMPV4_IPV4_TRUNC_PKT"); SCLogDebug("DecodePartialIPV4: ICMPV4_IPV4_TRUNC_PKT");
ENGINE_SET_EVENT(p, ICMPV4_IPV4_TRUNC_PKT); ENGINE_SET_INVALID_EVENT(p, ICMPV4_IPV4_TRUNC_PKT);
return; return;
} }
@ -63,7 +63,7 @@ void DecodePartialIPV4( Packet* p, uint8_t* partial_packet, uint16_t len )
/** Check the embedded version */ /** Check the embedded version */
SCLogDebug("DecodePartialIPV4: ICMPv4 contains Unknown IPV4 version " SCLogDebug("DecodePartialIPV4: ICMPv4 contains Unknown IPV4 version "
"ICMPV4_IPV4_UNKNOWN_VER"); "ICMPV4_IPV4_UNKNOWN_VER");
ENGINE_SET_EVENT(p, ICMPV4_IPV4_UNKNOWN_VER); ENGINE_SET_INVALID_EVENT(p, ICMPV4_IPV4_UNKNOWN_VER);
return; return;
} }
@ -156,7 +156,7 @@ int DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
SCPerfCounterIncr(dtv->counter_icmpv4, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_icmpv4, tv->sc_perf_pca);
if (len < ICMPV4_HEADER_LEN) { if (len < ICMPV4_HEADER_LEN) {
ENGINE_SET_EVENT(p,ICMPV4_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, ICMPV4_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

6
src/decode-icmpv6.c
Unescape Escape View File

@ -61,7 +61,7 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
/** Check the sizes, the header must fit at least */ /** Check the sizes, the header must fit at least */
if (len < IPV6_HEADER_LEN) { if (len < IPV6_HEADER_LEN) {
SCLogDebug("ICMPV6_IPV6_TRUNC_PKT"); SCLogDebug("ICMPV6_IPV6_TRUNC_PKT");
ENGINE_SET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT); ENGINE_SET_INVALID_EVENT(p, ICMPV6_IPV6_TRUNC_PKT);
return; return;
} }
@ -72,7 +72,7 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
{ {
SCLogDebug("ICMPv6 contains Unknown IPV6 version " SCLogDebug("ICMPv6 contains Unknown IPV6 version "
"ICMPV6_IPV6_UNKNOWN_VER"); "ICMPV6_IPV6_UNKNOWN_VER");
ENGINE_SET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER); ENGINE_SET_INVALID_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER);
return; return;
} }
@ -172,7 +172,7 @@ int DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
if (len < ICMPV6_HEADER_LEN) { if (len < ICMPV6_HEADER_LEN) {
SCLogDebug("ICMPV6_PKT_TOO_SMALL"); SCLogDebug("ICMPV6_PKT_TOO_SMALL");
ENGINE_SET_EVENT(p, ICMPV6_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, ICMPV6_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

54
src/decode-ipv4.c
Unescape Escape View File

@ -59,33 +59,33 @@ static int IPV4OptValidateGeneric(Packet *p, const IPV4Opt *o) {
/* See: RFC 4782 */ /* See: RFC 4782 */
case IPV4_OPT_QS: case IPV4_OPT_QS:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < IPV4_OPT_QS_MIN) { if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < IPV4_OPT_QS_MIN) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
break; break;
/* See: RFC 1108 */ /* See: RFC 1108 */
case IPV4_OPT_SEC: case IPV4_OPT_SEC:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SEC_LEN) { if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SEC_LEN) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
break; break;
case IPV4_OPT_SID: case IPV4_OPT_SID:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SID_LEN) { if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SID_LEN) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
break; break;
/* See: RFC 2113 */ /* See: RFC 2113 */
case IPV4_OPT_RTRALT: case IPV4_OPT_RTRALT:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_RTRALT_LEN) { if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_RTRALT_LEN) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
break; break;
default: default:
/* Should never get here unless there is a coding error */ /* Should never get here unless there is a coding error */
ENGINE_SET_EVENT(p,IPV4_OPT_UNKNOWN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_UNKNOWN);
return -1; return -1;
} }
@ -103,13 +103,13 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
/* Check length */ /* Check length */
if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) { if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (unlikely(o->data == NULL)) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
ptr = *o->data; ptr = *o->data;
@ -119,7 +119,7 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
* past option length. * past option length.
*/ */
if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) { if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -140,20 +140,20 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
/* Check length */ /* Check length */
if (unlikely(o->len < IPV4_OPT_TS_MIN)) { if (unlikely(o->len < IPV4_OPT_TS_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (unlikely(o->data == NULL)) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
ptr = *o->data; ptr = *o->data;
/* We need the flag to determine what is in the option payload */ /* We need the flag to determine what is in the option payload */
if (unlikely(ptr < 5)) { if (unlikely(ptr < 5)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
flag = *(o->data + 3) & 0x00ff; flag = *(o->data + 3) & 0x00ff;
@ -166,7 +166,7 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
* and cannot extend past option length. * and cannot extend past option length.
*/ */
if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) { if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -187,13 +187,13 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Check length */ /* Check length */
if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) { if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
/* Data is required */ /* Data is required */
if (unlikely(o->data == NULL)) { if (unlikely(o->data == NULL)) {
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
// doi = *o->data; // doi = *o->data;
@ -222,7 +222,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag header must fit within option length */ /* Tag header must fit within option length */
if (unlikely(len < 2)) { if (unlikely(len < 2)) {
//printf("CIPSO tag header too large %" PRIu16 " < 2\n", len); //printf("CIPSO tag header too large %" PRIu16 " < 2\n", len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -233,7 +233,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag length must fit within the option length */ /* Tag length must fit within the option length */
if (unlikely(tlen > len)) { if (unlikely(tlen > len)) {
//printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len); //printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -246,7 +246,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag is at least 4 and at most the remainder of option len */ /* Tag is at least 4 and at most the remainder of option len */
if (unlikely((tlen < 4) || (tlen > len))) { if (unlikely((tlen < 4) || (tlen > len))) {
//printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len); //printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -255,7 +255,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
*/ */
if (unlikely((ttype != 7) && (*tag != 0))) { if (unlikely((ttype != 7) && (*tag != 0))) {
//printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen); //printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
return -1; return -1;
} }
@ -267,11 +267,11 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
case 0: case 0:
/* Tag type 0 is reserved and thus invalid */ /* Tag type 0 is reserved and thus invalid */
/** \todo Wireshark marks this a padding, but spec says reserved. */ /** \todo Wireshark marks this a padding, but spec says reserved. */
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p,IPV4_OPT_MALFORMED);
return -1; return -1;
default: default:
//printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype); //printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_MALFORMED);
/** \todo May not want to return error here on unknown tag type (at least not for 3|4) */ /** \todo May not want to return error here on unknown tag type (at least not for 3|4) */
return -1; return -1;
} }
@ -333,7 +333,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
/* Option length is too big for packet */ /* Option length is too big for packet */
if (unlikely(*(pkt+1) > plen)) { if (unlikely(*(pkt+1) > plen)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
@ -353,7 +353,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
* Also check for invalid lengths 0 and 1. */ * Also check for invalid lengths 0 and 1. */
if (unlikely(p->IPV4_OPTS[p->IPV4_OPTS_CNT].len > plen || if (unlikely(p->IPV4_OPTS[p->IPV4_OPTS_CNT].len > plen ||
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < 2)) { p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < 2)) {
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, IPV4_OPT_INVALID_LEN);
return -1; return -1;
} }
@ -473,30 +473,30 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeIPV4Packet(Packet *p, uint8_t *pkt, uint16_t len) static int DecodeIPV4Packet(Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (unlikely(len < IPV4_HEADER_LEN)) { if (unlikely(len < IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, IPV4_PKT_TOO_SMALL);
return -1; return -1;
} }
if (unlikely(IP_GET_RAW_VER(pkt) != 4)) { if (unlikely(IP_GET_RAW_VER(pkt) != 4)) {
SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt)); SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt));
ENGINE_SET_EVENT(p,IPV4_WRONG_IP_VER); ENGINE_SET_INVALID_EVENT(p, IPV4_WRONG_IP_VER);
return -1; return -1;
} }
p->ip4h = (IPV4Hdr *)pkt; p->ip4h = (IPV4Hdr *)pkt;
if (unlikely(IPV4_GET_HLEN(p) < IPV4_HEADER_LEN)) { if (unlikely(IPV4_GET_HLEN(p) < IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,IPV4_HLEN_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, IPV4_HLEN_TOO_SMALL);
return -1; return -1;
} }
if (unlikely(IPV4_GET_IPLEN(p) < IPV4_GET_HLEN(p))) { if (unlikely(IPV4_GET_IPLEN(p) < IPV4_GET_HLEN(p))) {
ENGINE_SET_EVENT(p,IPV4_IPLEN_SMALLER_THAN_HLEN); ENGINE_SET_INVALID_EVENT(p, IPV4_IPLEN_SMALLER_THAN_HLEN);
return -1; return -1;
} }
if (unlikely(len < IPV4_GET_IPLEN(p))) { if (unlikely(len < IPV4_GET_IPLEN(p))) {
ENGINE_SET_EVENT(p,IPV4_TRUNC_PKT); ENGINE_SET_INVALID_EVENT(p, IPV4_TRUNC_PKT);
return -1; return -1;
} }

8
src/decode-ipv6.c
Unescape Escape View File

@ -55,7 +55,7 @@ static void DecodeIPv4inIPv6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
{ {
if (unlikely(plen < IPV4_HEADER_LEN)) { if (unlikely(plen < IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p, IPV4_IN_IPV6_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, IPV4_IN_IPV6_PKT_TOO_SMALL);
return; return;
} }
if (IP_GET_RAW_VER(pkt) == 4) { if (IP_GET_RAW_VER(pkt) == 4) {
@ -83,7 +83,7 @@ static int DecodeIP6inIP6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
{ {
if (unlikely(plen < IPV6_HEADER_LEN)) { if (unlikely(plen < IPV6_HEADER_LEN)) {
ENGINE_SET_EVENT(p, IPV6_IN_IPV6_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, IPV6_IN_IPV6_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
if (IP_GET_RAW_VER(pkt) == 6) { if (IP_GET_RAW_VER(pkt) == 6) {
@ -506,7 +506,7 @@ static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
if (unlikely(IP_GET_RAW_VER(pkt) != 6)) { if (unlikely(IP_GET_RAW_VER(pkt) != 6)) {
SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt)); SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt));
ENGINE_SET_EVENT(p,IPV6_WRONG_IP_VER); ENGINE_SET_INVALID_EVENT(p, IPV6_WRONG_IP_VER);
return -1; return -1;
} }
@ -514,7 +514,7 @@ static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
if (unlikely(len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p)))) if (unlikely(len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p))))
{ {
ENGINE_SET_EVENT(p,IPV6_TRUNC_PKT); ENGINE_SET_INVALID_EVENT(p, IPV6_TRUNC_PKT);
return -1; return -1;
} }

10
src/decode-ppp.c
Unescape Escape View File

@ -45,7 +45,7 @@ int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
SCPerfCounterIncr(dtv->counter_ppp, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_ppp, tv->sc_perf_pca);
if (unlikely(len < PPP_HEADER_LEN)) { if (unlikely(len < PPP_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPP_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -60,7 +60,7 @@ int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
{ {
case PPP_VJ_UCOMP: case PPP_VJ_UCOMP:
if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) { if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p,PPPVJU_PKT_TOO_SMALL);
p->ppph = NULL; p->ppph = NULL;
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -73,7 +73,7 @@ int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
case PPP_IP: case PPP_IP:
if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) { if (unlikely(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
p->ppph = NULL; p->ppph = NULL;
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -83,7 +83,7 @@ int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
/* PPP IPv6 was not tested */ /* PPP IPv6 was not tested */
case PPP_IPV6: case PPP_IPV6:
if (unlikely(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN))) { if (unlikely(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN))) {
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
p->ppph = NULL; p->ppph = NULL;
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -123,7 +123,7 @@ int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
default: default:
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol)); SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
ENGINE_SET_EVENT(p,PPP_WRONG_TYPE); ENGINE_SET_INVALID_EVENT(p, PPP_WRONG_TYPE);
return TM_ECODE_OK; return TM_ECODE_OK;
} }

16
src/decode-pppoe.c
Unescape Escape View File

@ -52,7 +52,7 @@ int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8
SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca);
if (len < PPPOE_DISCOVERY_HEADER_MIN_LEN) { if (len < PPPOE_DISCOVERY_HEADER_MIN_LEN) {
ENGINE_SET_EVENT(p, PPPOE_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPPOE_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -75,7 +75,7 @@ int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8
break; break;
default: default:
SCLogDebug("unknown PPPOE code: 0x%0"PRIX8"", p->pppoedh->pppoe_code); SCLogDebug("unknown PPPOE code: 0x%0"PRIX8"", p->pppoedh->pppoe_code);
ENGINE_SET_EVENT(p,PPPOE_WRONG_CODE); ENGINE_SET_INVALID_EVENT(p, PPPOE_WRONG_CODE);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -92,7 +92,7 @@ int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8
if (pppoe_length > packet_length) { if (pppoe_length > packet_length) {
SCLogDebug("malformed PPPOE tags"); SCLogDebug("malformed PPPOE tags");
ENGINE_SET_EVENT(p,PPPOE_MALFORMED_TAGS); ENGINE_SET_INVALID_EVENT(p, PPPOE_MALFORMED_TAGS);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -131,7 +131,7 @@ int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca);
if (len < PPPOE_SESSION_HEADER_LEN) { if (len < PPPOE_SESSION_HEADER_LEN) {
ENGINE_SET_EVENT(p, PPPOE_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPPOE_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
@ -183,7 +183,7 @@ int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
case PPP_VJ_UCOMP: case PPP_VJ_UCOMP:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) { if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPPVJU_PKT_TOO_SMALL);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -194,7 +194,7 @@ int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
case PPP_IP: case PPP_IP:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) { if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPPIPV4_PKT_TOO_SMALL);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -204,7 +204,7 @@ int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
/* PPP IPv6 was not tested */ /* PPP IPv6 was not tested */
case PPP_IPV6: case PPP_IPV6:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV6_HEADER_LEN)) { if(len < (PPPOE_SESSION_HEADER_LEN + IPV6_HEADER_LEN)) {
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, PPPIPV6_PKT_TOO_SMALL);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
@ -213,7 +213,7 @@ int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t
default: default:
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol)); SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
ENGINE_SET_EVENT(p,PPP_WRONG_TYPE); ENGINE_SET_INVALID_EVENT(p, PPP_WRONG_TYPE);
return TM_ECODE_OK; return TM_ECODE_OK;
} }
} }

2
src/decode-raw.c
Unescape Escape View File

@ -49,7 +49,7 @@ int DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
/* If it is ipv4 or ipv6 it should at least be the size of ipv4 */ /* If it is ipv4 or ipv6 it should at least be the size of ipv4 */
if (unlikely(len < IPV4_HEADER_LEN)) { if (unlikely(len < IPV4_HEADER_LEN)) {
ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, IPV4_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

2
src/decode-sctp.c
Unescape Escape View File

@ -42,7 +42,7 @@
static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len) static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (unlikely(len < SCTP_HEADER_LEN)) { if (unlikely(len < SCTP_HEADER_LEN)) {
ENGINE_SET_EVENT(p, SCTP_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, SCTP_PKT_TOO_SMALL);
return -1; return -1;
} }

2
src/decode-sll.c
Unescape Escape View File

@ -41,7 +41,7 @@ int DecodeSll(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, ui
SCPerfCounterIncr(dtv->counter_sll, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_sll, tv->sc_perf_pca);
if (unlikely(len < SLL_HEADER_LEN)) { if (unlikely(len < SLL_HEADER_LEN)) {
ENGINE_SET_EVENT(p,SLL_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, SLL_PKT_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

8
src/decode-tcp.c
Unescape Escape View File

@ -64,7 +64,7 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
* so here the len of the specific option must be bad. * so here the len of the specific option must be bad.
* Also check for invalid lengths 0 and 1. */ * Also check for invalid lengths 0 and 1. */
if (unlikely(*(pkt+1) > plen || *(pkt+1) < 2)) { if (unlikely(*(pkt+1) > plen || *(pkt+1) < 2)) {
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN); ENGINE_SET_INVALID_EVENT(p, TCP_OPT_INVALID_LEN);
return -1; return -1;
} }
@ -151,7 +151,7 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len) static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (unlikely(len < TCP_HEADER_LEN)) { if (unlikely(len < TCP_HEADER_LEN)) {
ENGINE_SET_EVENT(p, TCP_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, TCP_PKT_TOO_SMALL);
return -1; return -1;
} }
@ -159,13 +159,13 @@ static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len
uint8_t hlen = TCP_GET_HLEN(p); uint8_t hlen = TCP_GET_HLEN(p);
if (unlikely(len < hlen)) { if (unlikely(len < hlen)) {
ENGINE_SET_EVENT(p, TCP_HLEN_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, TCP_HLEN_TOO_SMALL);
return -1; return -1;
} }
uint8_t tcp_opt_len = hlen - TCP_HEADER_LEN; uint8_t tcp_opt_len = hlen - TCP_HEADER_LEN;
if (unlikely(tcp_opt_len > TCP_OPTLENMAX)) { if (unlikely(tcp_opt_len > TCP_OPTLENMAX)) {
ENGINE_SET_EVENT(p, TCP_INVALID_OPTLEN); ENGINE_SET_INVALID_EVENT(p, TCP_INVALID_OPTLEN);
return -1; return -1;
} }

6
src/decode-udp.c
Unescape Escape View File

@ -43,19 +43,19 @@
static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len) static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
{ {
if (unlikely(len < UDP_HEADER_LEN)) { if (unlikely(len < UDP_HEADER_LEN)) {
ENGINE_SET_EVENT(p, UDP_HLEN_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, UDP_HLEN_TOO_SMALL);
return -1; return -1;
} }
p->udph = (UDPHdr *)pkt; p->udph = (UDPHdr *)pkt;
if (unlikely(len < UDP_GET_LEN(p))) { if (unlikely(len < UDP_GET_LEN(p))) {
ENGINE_SET_EVENT(p, UDP_PKT_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, UDP_PKT_TOO_SMALL);
return -1; return -1;
} }
if (unlikely(len != UDP_GET_LEN(p))) { if (unlikely(len != UDP_GET_LEN(p))) {
ENGINE_SET_EVENT(p, UDP_HLEN_INVALID); ENGINE_SET_INVALID_EVENT(p, UDP_HLEN_INVALID);
return -1; return -1;
} }

4
src/decode-vlan.c
Unescape Escape View File

@ -63,7 +63,7 @@ int DecodeVLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCPerfCounterIncr(dtv->counter_vlan, tv->sc_perf_pca); SCPerfCounterIncr(dtv->counter_vlan, tv->sc_perf_pca);
if(len < VLAN_HEADER_LEN) { if(len < VLAN_HEADER_LEN) {
ENGINE_SET_EVENT(p,VLAN_HEADER_TOO_SMALL); ENGINE_SET_INVALID_EVENT(p, VLAN_HEADER_TOO_SMALL);
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
if (p->vlan_idx >= 2) { if (p->vlan_idx >= 2) {
@ -115,7 +115,7 @@ int DecodeVLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
break; break;
default: default:
SCLogDebug("unknown VLAN type: %" PRIx32 "", proto); SCLogDebug("unknown VLAN type: %" PRIx32 "", proto);
ENGINE_SET_EVENT(p,VLAN_UNKNOWN_TYPE); ENGINE_SET_INVALID_EVENT(p, VLAN_UNKNOWN_TYPE);
return TM_ECODE_OK; return TM_ECODE_OK;
} }

Write Preview
Loading…
Cancel
Save