ipv4: shrink per packet ipopts storage

9 years ago · be5a5df1f7
parent 8dc63f625f
commit be5a5df1f7
3 changed files with 305 additions and 543 deletions
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
--- a/src/decode-ipv4.h
+++ b/src/decode-ipv4.h
@ -151,18 +151,7 @@ typedef struct IPV4Hdr_
 #define CLEAR_IPV4_PACKET(p) do { \
    (p)->ip4h = NULL; \
    (p)->level3_comp_csum = -1; \
-    (p)->ip4vars.ip_src_u32 = 0; \
+    memset(&p->ip4vars, 0x00, sizeof(p->ip4vars)); \
    (p)->ip4vars.ip_dst_u32 = 0; \
    (p)->ip4vars.ip_opt_cnt = 0; \
    (p)->ip4vars.o_rr = NULL; \
    (p)->ip4vars.o_qs = NULL; \
    (p)->ip4vars.o_ts = NULL; \
    (p)->ip4vars.o_sec = NULL; \
    (p)->ip4vars.o_lsrr = NULL; \
    (p)->ip4vars.o_cipso = NULL; \
    (p)->ip4vars.o_sid = NULL; \
    (p)->ip4vars.o_ssrr = NULL; \
    (p)->ip4vars.o_rtralt = NULL; \
 } while (0)
 /* helper structure with parsed ipv4 info */
@ -172,19 +161,19 @@ typedef struct IPV4Vars_
    uint32_t ip_src_u32;   /* source IP */
    uint32_t ip_dst_u32;   /* dest IP */
-    IPV4Opt ip_opts[IPV4_OPTMAX];
+    uint16_t opt_cnt;
-    uint8_t ip_opt_cnt;
+    _Bool rr;
-
+    _Bool lsrr;
-    /* These are here for direct access and dup tracking */
+    _Bool eol;
-    IPV4Opt *o_rr;
+    _Bool nop;
-    IPV4Opt *o_qs;
+    _Bool ts;
-    IPV4Opt *o_ts;
+    _Bool sec;
-    IPV4Opt *o_sec;
+    _Bool sid;
-    IPV4Opt *o_lsrr;
+    _Bool qs;
-    IPV4Opt *o_cipso;
+    _Bool cipso;
-    IPV4Opt *o_sid;
+    _Bool rtralt;
-    IPV4Opt *o_ssrr;
+    _Bool ssrr;
-    IPV4Opt *o_rtralt;
+
 } IPV4Vars;
--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@ -82,31 +82,44 @@ void DetectIpOptsRegister (void)
 */
 int DetectIpOptsMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
 {
    int ret = 0;
    int ipopt = 0;
    const DetectIpOptsData *de = (const DetectIpOptsData *)ctx;
    if (!de || !PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p))
-        return ret;
+        return 0;
    /* IPV4_OPT_ANY matches on any options */
-
+    if (p->ip4vars.opt_cnt && (de->ipopt == IPV4_OPT_ANY)) {
    if (p->IPV4_OPTS_CNT && (de->ipopt == IPV4_OPT_ANY)) {
        return 1;
    }
-    /* Loop through instead of using o_xxx direct access fields so that
+    switch (de->ipopt) {
-     * future options do not require any modification here.
+        case IPV4_OPT_RR:
-     */
+            return (p->ip4vars.rr);
-
+            break;
-    while(ipopt < p->IPV4_OPTS_CNT) {
+        case IPV4_OPT_LSRR:
-        if (p->IPV4_OPTS[ipopt].type == de->ipopt) {
+            return (p->ip4vars.lsrr);
-            return 1;
+            break;
-        }
+        case IPV4_OPT_EOL:
-        ipopt++;
+            return (p->ip4vars.eol);
            break;
        case IPV4_OPT_NOP:
            return (p->ip4vars.nop);
            break;
        case IPV4_OPT_TS:
            return (p->ip4vars.ts);
            break;
        case IPV4_OPT_SEC:
            return (p->ip4vars.sec);
            break;
        case IPV4_OPT_SSRR:
            return (p->ip4vars.ssrr);
            break;
        case IPV4_OPT_SID:
            return (p->ip4vars.sid);
            break;
    }
-    return ret;
+    return 0;
 }
 /**
@ -268,9 +281,7 @@ int IpOptsTestParse03 (void)
    memset(&ip4h, 0, sizeof(IPV4Hdr));
    p->ip4h = &ip4h;
-    p->IPV4_OPTS[0].type = IPV4_OPT_RR;
+    p->ip4vars.rr = TRUE;
    p->IPV4_OPTS_CNT++;
    de = DetectIpOptsParse("rr");
@ -320,9 +331,7 @@ int IpOptsTestParse04 (void)
    memset(&ip4h, 0, sizeof(IPV4Hdr));
    p->ip4h = &ip4h;
-    p->IPV4_OPTS[0].type = IPV4_OPT_RR;
+    p->ip4vars.rr = TRUE;
    p->IPV4_OPTS_CNT++;
    de = DetectIpOptsParse("lsrr");