ipv4: shrink per packet ipopts storage

9 years ago · be5a5df1f7
parent 8dc63f625f
commit be5a5df1f7
3 changed files with 305 additions and 543 deletions
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
--- a/src/decode-ipv4.h
+++ b/src/decode-ipv4.h
@ -151,18 +151,7 @@ typedef struct IPV4Hdr_
 #define CLEAR_IPV4_PACKET(p) do { \
    (p)->ip4h = NULL; \
    (p)->level3_comp_csum = -1; \
-    (p)->ip4vars.ip_src_u32 = 0; \
-    (p)->ip4vars.ip_dst_u32 = 0; \
-    (p)->ip4vars.ip_opt_cnt = 0; \
-    (p)->ip4vars.o_rr = NULL; \
-    (p)->ip4vars.o_qs = NULL; \
-    (p)->ip4vars.o_ts = NULL; \
-    (p)->ip4vars.o_sec = NULL; \
-    (p)->ip4vars.o_lsrr = NULL; \
-    (p)->ip4vars.o_cipso = NULL; \
-    (p)->ip4vars.o_sid = NULL; \
-    (p)->ip4vars.o_ssrr = NULL; \
-    (p)->ip4vars.o_rtralt = NULL; \
+    memset(&p->ip4vars, 0x00, sizeof(p->ip4vars)); \
 } while (0)

 /* helper structure with parsed ipv4 info */
@ -172,19 +161,19 @@ typedef struct IPV4Vars_
    uint32_t ip_src_u32;   /* source IP */
    uint32_t ip_dst_u32;   /* dest IP */

-    IPV4Opt ip_opts[IPV4_OPTMAX];
-    uint8_t ip_opt_cnt;
-
-    /* These are here for direct access and dup tracking */
-    IPV4Opt *o_rr;
-    IPV4Opt *o_qs;
-    IPV4Opt *o_ts;
-    IPV4Opt *o_sec;
-    IPV4Opt *o_lsrr;
-    IPV4Opt *o_cipso;
-    IPV4Opt *o_sid;
-    IPV4Opt *o_ssrr;
-    IPV4Opt *o_rtralt;
+    uint16_t opt_cnt;
+    _Bool rr;
+    _Bool lsrr;
+    _Bool eol;
+    _Bool nop;
+    _Bool ts;
+    _Bool sec;
+    _Bool sid;
+    _Bool qs;
+    _Bool cipso;
+    _Bool rtralt;
+    _Bool ssrr;
+
 } IPV4Vars;


--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@ -82,31 +82,44 @@ void DetectIpOptsRegister (void)
 */
 int DetectIpOptsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
 {
-    int ret = 0;
-    int ipopt = 0;
    const DetectIpOptsData *de = (const DetectIpOptsData *)ctx;

    if (!de || !PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p))
-        return ret;
+        return 0;

    /* IPV4_OPT_ANY matches on any options */
-
-    if (p->IPV4_OPTS_CNT && (de->ipopt == IPV4_OPT_ANY)) {
+    if (p->ip4vars.opt_cnt && (de->ipopt == IPV4_OPT_ANY)) {
        return 1;
    }

-    /* Loop through instead of using o_xxx direct access fields so that
-     * future options do not require any modification here.
-     */
-
-    while(ipopt < p->IPV4_OPTS_CNT) {
-        if (p->IPV4_OPTS[ipopt].type == de->ipopt) {
-            return 1;
-        }
-        ipopt++;
+    switch (de->ipopt) {
+        case IPV4_OPT_RR:
+            return (p->ip4vars.rr);
+            break;
+        case IPV4_OPT_LSRR:
+            return (p->ip4vars.lsrr);
+            break;
+        case IPV4_OPT_EOL:
+            return (p->ip4vars.eol);
+            break;
+        case IPV4_OPT_NOP:
+            return (p->ip4vars.nop);
+            break;
+        case IPV4_OPT_TS:
+            return (p->ip4vars.ts);
+            break;
+        case IPV4_OPT_SEC:
+            return (p->ip4vars.sec);
+            break;
+        case IPV4_OPT_SSRR:
+            return (p->ip4vars.ssrr);
+            break;
+        case IPV4_OPT_SID:
+            return (p->ip4vars.sid);
+            break;
    }

-    return ret;
+    return 0;
 }

 /**
@ -268,9 +281,7 @@ int IpOptsTestParse03 (void)
    memset(&ip4h, 0, sizeof(IPV4Hdr));

    p->ip4h = &ip4h;
-    p->IPV4_OPTS[0].type = IPV4_OPT_RR;
-
-    p->IPV4_OPTS_CNT++;
+    p->ip4vars.rr = TRUE;

    de = DetectIpOptsParse("rr");

@ -320,9 +331,7 @@ int IpOptsTestParse04 (void)
    memset(&ip4h, 0, sizeof(IPV4Hdr));

    p->ip4h = &ip4h;
-    p->IPV4_OPTS[0].type = IPV4_OPT_RR;
-
-    p->IPV4_OPTS_CNT++;
+    p->ip4vars.rr = TRUE;

    de = DetectIpOptsParse("lsrr");