diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index 28e91f061c..558d376c9a 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -286,11 +286,11 @@ static int Unified2ForgeFakeIPv4Header(FakeIPv4Hdr *fakehdr, Packet *p, int pkt_ fakehdr->ip4h.ip_verhl = p->ip4h->ip_verhl; fakehdr->ip4h.ip_proto = p->ip4h->ip_proto; if (! invert) { - fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr; - fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr; + fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr; + fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr; } else { - fakehdr->ip4h.ip_dst.s_addr = p->ip4h->ip_src.s_addr; - fakehdr->ip4h.ip_src.s_addr = p->ip4h->ip_dst.s_addr; + fakehdr->ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_src.s_addr; + fakehdr->ip4h.s_ip_src.s_addr = p->ip4h->s_ip_dst.s_addr; } fakehdr->ip4h.ip_len = htons((uint16_t)pkt_len); @@ -317,10 +317,10 @@ static int Unified2ForgeFakeIPv6Header(FakeIPv6Hdr *fakehdr, Packet *p, int pkt_ fakehdr->ip6h.s_ip6_nxt = IPPROTO_TCP; fakehdr->ip6h.s_ip6_plen = htons(sizeof(TCPHdr)); if (!invert) { - memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_src, 32); + memcpy(fakehdr->ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32); } else { - memcpy(fakehdr->ip6h.ip6_src, p->ip6h->ip6_dst, 16); - memcpy(fakehdr->ip6h.ip6_dst, p->ip6h->ip6_src, 16); + memcpy(fakehdr->ip6h.s_ip6_src, p->ip6h->s_ip6_dst, 16); + memcpy(fakehdr->ip6h.s_ip6_dst, p->ip6h->s_ip6_src, 16); } if (! invert) { fakehdr->tcph.th_sport = p->tcph->th_sport; @@ -387,8 +387,8 @@ static int Unified2StreamTypeAlertIPv4 (Unified2AlertThread *aun, fakehdr.ip4h.ip_verhl = p->ip4h->ip_verhl; fakehdr.ip4h.ip_proto = p->ip4h->ip_proto; - fakehdr.ip4h.ip_src.s_addr = p->ip4h->ip_src.s_addr; - fakehdr.ip4h.ip_dst.s_addr = p->ip4h->ip_dst.s_addr; + fakehdr.ip4h.s_ip_src.s_addr = p->ip4h->s_ip_src.s_addr; + fakehdr.ip4h.s_ip_dst.s_addr = p->ip4h->s_ip_dst.s_addr; fakehdr.ip4h.ip_len = htons((uint16_t)pkt_len); fakehdr.tcph.th_sport = p->tcph->th_sport; @@ -487,12 +487,13 @@ static int Unified2StreamTypeAlertIPv6 (Unified2AlertThread *aun, fakehdr.ethh.eth_type = htons(ETHERNET_TYPE_IPV6); if (p->ethh != NULL) { - memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 12); + memcpy(&fakehdr.ethh.eth_src, p->ethh->eth_src, 6); + memcpy(&fakehdr.ethh.eth_dst, p->ethh->eth_dst, 6); } fakehdr.ip6h.s_ip6_vfc = p->ip6h->s_ip6_vfc; fakehdr.ip6h.s_ip6_nxt = IPPROTO_TCP; fakehdr.ip6h.s_ip6_plen = htons(sizeof(TCPHdr) + stream_msg->data.data_len); - memcpy(&fakehdr.ip6h.ip6_src, p->ip6h->ip6_src, 32); + memcpy(&fakehdr.ip6h.s_ip6_addrs, p->ip6h->s_ip6_addrs, 32); fakehdr.tcph.th_sport = p->tcph->th_sport; fakehdr.tcph.th_dport = p->tcph->th_dport; fakehdr.tcph.th_offx2 = 0x50; /* just the TCP header, no options */ @@ -573,12 +574,12 @@ static int Unified2PrintStreamSegmentCallback(Packet *p, void *data, uint8_t *bu if (PKT_IS_IPV6(p)) { FakeIPv6Hdr *fakehdr = (FakeIPv6Hdr *)aun->iphdr; fakehdr->tcph.th_sum = TCPV6CalculateChecksum( - (uint16_t *)&(fakehdr->ip6h.ip6_src), + fakehdr->ip6h.s_ip6_addrs, (uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr)); } else { FakeIPv4Hdr *fakehdr = (FakeIPv4Hdr *)aun->iphdr; fakehdr->tcph.th_sum = TCPCalculateChecksum( - (uint16_t *)&(fakehdr->ip4h.ip_src), + fakehdr->ip4h.s_ip_addrs, (uint16_t *)&fakehdr->tcph, buflen + sizeof(TCPHdr)); fakehdr->ip4h.ip_csum = IPV4CalculateChecksum( (uint16_t *)&fakehdr->ip4h, @@ -905,8 +906,8 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq SCMutexLock(&aun->file_ctx->fp_mutex); if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) { if (Unified2AlertRotateFile(t,aun) < 0) { - SCMutexUnlock(&aun->file_ctx->fp_mutex); aun->file_ctx->alerts += i; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return -1; } } @@ -919,15 +920,17 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, phdr->event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0); if (ret != 1) { SCLogError(SC_ERR_FWRITE, "Error: fwrite failed: %s", strerror(errno)); - SCMutexUnlock(&aun->file_ctx->fp_mutex); aun->file_ctx->alerts += i; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return -1; } fflush(aun->file_ctx->fp); SCMutexUnlock(&aun->file_ctx->fp_mutex); } - aun->file_ctx->alerts += p->alerts.cnt; + SCMutexLock(&aun->file_ctx->fp_mutex); + aun->file_ctx->alerts += p->alerts.cnt; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return 0; } @@ -972,8 +975,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p gphdr.event_id = 0; gphdr.event_second = htonl(p->ts.tv_sec); gphdr.event_microsecond = htonl(p->ts.tv_usec); - gphdr.src_ip = p->ip4h->ip_src.s_addr; - gphdr.dst_ip = p->ip4h->ip_dst.s_addr; + gphdr.src_ip = p->ip4h->s_ip_src.s_addr; + gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr; gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h); @@ -1039,8 +1042,8 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p if ((aun->file_ctx->size_current +(sizeof(hdr) + sizeof(*phdr))) > aun->file_ctx->size_limit) { if (Unified2AlertRotateFile(tv,aun) < 0) { - SCMutexUnlock(&aun->file_ctx->fp_mutex); aun->file_ctx->alerts += i; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return -1; } } @@ -1056,15 +1059,17 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p ret = Unified2PacketTypeAlert(aun, p, pa->alert_msg, event_id, pa->flags & PACKET_ALERT_FLAG_STATE_MATCH ? 1 : 0); if (ret != 1) { SCLogError(SC_ERR_FWRITE, "Error: PacketTypeAlert writing failed"); - SCMutexUnlock(&aun->file_ctx->fp_mutex); aun->file_ctx->alerts += i; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return -1; } fflush(aun->file_ctx->fp); SCMutexUnlock(&aun->file_ctx->fp_mutex); } - aun->file_ctx->alerts += p->alerts.cnt; + SCMutexLock(&aun->file_ctx->fp_mutex); + aun->file_ctx->alerts += p->alerts.cnt; + SCMutexUnlock(&aun->file_ctx->fp_mutex); return 0; } diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index 5fa0231844..54a81d2c99 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -2413,7 +2413,7 @@ int HTPParserTest01(void) { table_iterator_reset(tx->request_headers); table_iterator_next(tx->request_headers, (void **) & h); - if (htp_state->connp == NULL || strcmp(bstr_tocstr(h->value), "Victor/1.0") + if (strcmp(bstr_tocstr(h->value), "Victor/1.0") || tx->request_method_number != M_POST || tx->request_protocol_number != HTTP_1_0) { @@ -2537,7 +2537,7 @@ int HTPParserTest03(void) { table_iterator_reset(tx->request_headers); table_iterator_next(tx->request_headers, (void **) & h); - if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || + if (tx->request_method_number != M_UNKNOWN || h != NULL || tx->request_protocol_number != HTTP_1_0) { printf("expected method M_UNKNOWN and got %s: , expected protocol " @@ -2594,7 +2594,7 @@ int HTPParserTest04(void) { table_iterator_reset(tx->request_headers); table_iterator_next(tx->request_headers, (void **) & h); - if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || + if (tx->request_method_number != M_UNKNOWN || h != NULL || tx->request_protocol_number != PROTOCOL_UNKNOWN) { printf("expected method M_UNKNOWN and got %s: , expected protocol " @@ -2701,7 +2701,7 @@ int HTPParserTest05(void) { table_iterator_reset(tx->request_headers); table_iterator_next(tx->request_headers, (void **) & h); - if (http_state->connp == NULL || tx->request_method_number != M_POST || + if (tx->request_method_number != M_POST || h == NULL || tx->request_protocol_number != HTTP_1_0) { printf("expected method M_POST and got %s: , expected protocol " @@ -2815,7 +2815,7 @@ int HTPParserTest06(void) { table_iterator_reset(tx->request_headers); table_iterator_next(tx->request_headers, (void **) & h); - if (http_state->connp == NULL || tx->request_method_number != M_GET || + if (tx->request_method_number != M_GET || h == NULL || tx->request_protocol_number != HTTP_1_1) { printf("expected method M_GET and got %s: , expected protocol " diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index c8540073c3..6488ff6b3b 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -1485,7 +1485,7 @@ static AppLayerProbingParserElement * AppLayerDuplicateAppLayerProbingParserElement(AppLayerProbingParserElement *pe) { AppLayerProbingParserElement *new_pe = SCMalloc(sizeof(AppLayerProbingParserElement)); - if (pe == NULL) { + if (new_pe == NULL) { return NULL; } diff --git a/src/conf.c b/src/conf.c index 68223b1a74..10fb9fe99d 100644 --- a/src/conf.c +++ b/src/conf.c @@ -671,7 +671,7 @@ ConfNode *ConfNodeLookupKeyValue(ConfNode *base, const char *key, const char *va ConfNode *child; TAILQ_FOREACH(child, &base->head, next) { - if (!strncmp(child->val, key, sizeof(child->val))) { + if (!strncmp(child->val, key, strlen(child->val))) { ConfNode *subchild; TAILQ_FOREACH(subchild, &child->head, next) { if ((!strcmp(subchild->name, key)) && (!strcmp(subchild->val, value))) { @@ -844,7 +844,7 @@ ConfTestGetInt(void) return 0; if (ConfGetInt(name, &val) != 1) return 0; - return 1; + if (val != 0) return 0; diff --git a/src/decode-icmpv4.c b/src/decode-icmpv4.c index 725b567ab9..c281b3c5a4 100644 --- a/src/decode-icmpv4.c +++ b/src/decode-icmpv4.c @@ -187,7 +187,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); } else { /* parse IP header plus 64 bytes */ - if (len >= ICMPV4_HEADER_PKT_OFFSET) { + if (len > ICMPV4_HEADER_PKT_OFFSET) { DecodePartialIPV4( p, (uint8_t *)(pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); /* ICMP ICMP_DEST_UNREACH influence TCP/UDP flows */ @@ -215,7 +215,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); } else { // parse IP header plus 64 bytes - if (len >= ICMPV4_HEADER_PKT_OFFSET) + if (len > ICMPV4_HEADER_PKT_OFFSET) DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); } break; @@ -233,7 +233,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); } else { // parse IP header plus 64 bytes - if (len >= ICMPV4_HEADER_PKT_OFFSET) + if (len > ICMPV4_HEADER_PKT_OFFSET) DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); } break; @@ -243,7 +243,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE); } else { // parse IP header plus 64 bytes - if (len >= ICMPV4_HEADER_PKT_OFFSET) + if (len > ICMPV4_HEADER_PKT_OFFSET) DecodePartialIPV4( p, (uint8_t*) (pkt + ICMPV4_HEADER_PKT_OFFSET), len - ICMPV4_HEADER_PKT_OFFSET ); } break; @@ -341,8 +341,8 @@ static int DecodeICMPV4test01(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -392,8 +392,8 @@ static int DecodeICMPV4test02(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -441,8 +441,8 @@ static int DecodeICMPV4test03(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -521,8 +521,8 @@ static int DecodeICMPV4test04(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -591,8 +591,8 @@ static int DecodeICMPV4test05(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -696,8 +696,8 @@ static int ICMPV4InvalidType07(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); @@ -740,8 +740,8 @@ static int DecodeICMPV4test08(void) { p->src.addr_data32[0] = UTHSetIPv4Address("4.3.2.1");; p->dst.addr_data32[0] = UTHSetIPv4Address("1.2.3.4");; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); diff --git a/src/decode-icmpv6.c b/src/decode-icmpv6.c index 918b912326..20926350a0 100644 --- a/src/decode-icmpv6.c +++ b/src/decode-icmpv6.c @@ -76,15 +76,15 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len ) p->icmpv6vars.emb_ipv6h = icmp6_ip6h; /** Get the IP6 address */ - p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->ip6_src[0]; - p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->ip6_src[1]; - p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->ip6_src[2]; - p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->ip6_src[3]; - - p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->ip6_dst[0]; - p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->ip6_dst[1]; - p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->ip6_dst[2]; - p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->ip6_dst[3]; + p->icmpv6vars.emb_ip6_src[0] = icmp6_ip6h->s_ip6_src[0]; + p->icmpv6vars.emb_ip6_src[1] = icmp6_ip6h->s_ip6_src[1]; + p->icmpv6vars.emb_ip6_src[2] = icmp6_ip6h->s_ip6_src[2]; + p->icmpv6vars.emb_ip6_src[3] = icmp6_ip6h->s_ip6_src[3]; + + p->icmpv6vars.emb_ip6_dst[0] = icmp6_ip6h->s_ip6_dst[0]; + p->icmpv6vars.emb_ip6_dst[1] = icmp6_ip6h->s_ip6_dst[1]; + p->icmpv6vars.emb_ip6_dst[2] = icmp6_ip6h->s_ip6_dst[2]; + p->icmpv6vars.emb_ip6_dst[3] = icmp6_ip6h->s_ip6_dst[3]; /** Get protocol and ports inside the embedded ipv6 packet and set the pointers */ p->icmpv6vars.emb_ip6_proto_next = icmp6_ip6h->s_ip6_nxt; diff --git a/src/decode-ipv4.h b/src/decode-ipv4.h index ef3a5c8443..82a122e122 100644 --- a/src/decode-ipv4.h +++ b/src/decode-ipv4.h @@ -77,10 +77,20 @@ typedef struct IPV4Hdr_ uint8_t ip_ttl; /**< time to live */ uint8_t ip_proto; /**< protocol (tcp, udp, etc) */ uint16_t ip_csum; /**< checksum */ - struct in_addr ip_src;/**< source address */ - struct in_addr ip_dst;/**< destination address */ + union { + struct { + struct in_addr ip_src;/**< source address */ + struct in_addr ip_dst;/**< destination address */ + } ip4_un1; + uint16_t ip_addrs[4]; + } ip4_hdrun1; } IPV4Hdr; + +#define s_ip_src ip4_hdrun1.ip4_un1.ip_src +#define s_ip_dst ip4_hdrun1.ip4_un1.ip_dst +#define s_ip_addrs ip4_hdrun1.ip_addrs + #define IPV4_GET_RAW_VER(ip4h) (((ip4h)->ip_verhl & 0xf0) >> 4) #define IPV4_GET_RAW_HLEN(ip4h) ((ip4h)->ip_verhl & 0x0f) #define IPV4_GET_RAW_IPTOS(ip4h) ((ip4h)->ip_tos) @@ -89,13 +99,13 @@ typedef struct IPV4Hdr_ #define IPV4_GET_RAW_IPOFFSET(ip4h) ((ip4h)->ip_off) #define IPV4_GET_RAW_IPTTL(ip4h) ((ip4h)->ip_ttl) #define IPV4_GET_RAW_IPPROTO(ip4h) ((ip4h)->ip_proto) -#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->ip_src) -#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->ip_dst) +#define IPV4_GET_RAW_IPSRC(ip4h) ((ip4h)->s_ip_src) +#define IPV4_GET_RAW_IPDST(ip4h) ((ip4h)->s_ip_dst) /** return the raw (directly from the header) src ip as uint32_t */ -#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->ip_src.s_addr) +#define IPV4_GET_RAW_IPSRC_U32(ip4h) (uint32_t)((ip4h)->s_ip_src.s_addr) /** return the raw (directly from the header) dst ip as uint32_t */ -#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->ip_dst.s_addr) +#define IPV4_GET_RAW_IPDST_U32(ip4h) (uint32_t)((ip4h)->s_ip_dst.s_addr) /* we need to change them as well as get them */ #define IPV4_SET_RAW_VER(ip4h, value) ((ip4h)->ip_verhl = (((ip4h)->ip_verhl & 0x0f) | (value << 4))) diff --git a/src/decode-ipv6.h b/src/decode-ipv6.h index 38f647463f..98de032cfe 100644 --- a/src/decode-ipv6.h +++ b/src/decode-ipv6.h @@ -40,27 +40,36 @@ typedef struct IPV6Hdr_ uint8_t ip6_un2_vfc; /* 4 bits version, top 4 bits class */ } ip6_hdrun; - uint32_t ip6_src[4]; - uint32_t ip6_dst[4]; + union { + struct { + uint32_t ip6_src[4]; + uint32_t ip6_dst[4]; + } ip6_un2; + uint16_t ip6_addrs[16]; + } ip6_hdrun2; } IPV6Hdr; -#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc -#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow -#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen -#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt -#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim +#define s_ip6_src ip6_hdrun2.ip6_un2.ip6_src +#define s_ip6_dst ip6_hdrun2.ip6_un2.ip6_dst +#define s_ip6_addrs ip6_hdrun2.ip6_addrs + +#define s_ip6_vfc ip6_hdrun.ip6_un2_vfc +#define s_ip6_flow ip6_hdrun.ip6_un1.ip6_un1_flow +#define s_ip6_plen ip6_hdrun.ip6_un1.ip6_un1_plen +#define s_ip6_nxt ip6_hdrun.ip6_un1.ip6_un1_nxt +#define s_ip6_hlim ip6_hdrun.ip6_un1.ip6_un1_hlim -#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4) -#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20) -#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF) -#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt) -#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen)) -#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim) +#define IPV6_GET_RAW_VER(ip6h) (((ip6h)->s_ip6_vfc & 0xf0) >> 4) +#define IPV6_GET_RAW_CLASS(ip6h) ((ntohl((ip6h)->s_ip6_flow) & 0x0FF00000) >> 20) +#define IPV6_GET_RAW_FLOW(ip6h) (ntohl((ip6h)->s_ip6_flow) & 0x000FFFFF) +#define IPV6_GET_RAW_NH(ip6h) ((ip6h)->s_ip6_nxt) +#define IPV6_GET_RAW_PLEN(ip6h) (ntohs((ip6h)->s_ip6_plen)) +#define IPV6_GET_RAW_HLIM(ip6h) ((ip6h)->s_ip6_hlim) -#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4))) -#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value)) +#define IPV6_SET_RAW_VER(ip6h, value) ((ip6h)->s_ip6_vfc = (((ip6h)->s_ip6_vfc & 0x0f) | (value << 4))) +#define IPV6_SET_RAW_NH(ip6h, value) ((ip6h)->s_ip6_nxt = (value)) -#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto +#define IPV6_SET_L4PROTO(p,proto) (p)->ip6vars.l4proto = proto /* ONLY call these functions after making sure that: * 1. p->ip6h is set diff --git a/src/decode.h b/src/decode.h index 237575bb33..ed27a6f806 100644 --- a/src/decode.h +++ b/src/decode.h @@ -100,7 +100,7 @@ typedef struct Address_ { * prevent using memset. */ #define SET_IPV4_SRC_ADDR(p, a) do { \ (a)->family = AF_INET; \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \ + (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \ (a)->addr_data32[1] = 0; \ (a)->addr_data32[2] = 0; \ (a)->addr_data32[3] = 0; \ @@ -108,7 +108,7 @@ typedef struct Address_ { #define SET_IPV4_DST_ADDR(p, a) do { \ (a)->family = AF_INET; \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \ + (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \ (a)->addr_data32[1] = 0; \ (a)->addr_data32[2] = 0; \ (a)->addr_data32[3] = 0; \ @@ -125,20 +125,20 @@ typedef struct Address_ { /* Set the IPv6 addressesinto the Addrs of the Packet. * Make sure p->ip6h is initialized and validated. */ -#define SET_IPV6_SRC_ADDR(p, a) do { \ - (a)->family = AF_INET6; \ - (a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \ - (a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \ - (a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \ - (a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \ +#define SET_IPV6_SRC_ADDR(p, a) do { \ + (a)->family = AF_INET6; \ + (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \ + (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \ + (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \ + (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \ } while (0) -#define SET_IPV6_DST_ADDR(p, a) do { \ - (a)->family = AF_INET6; \ - (a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \ - (a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \ - (a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \ - (a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \ +#define SET_IPV6_DST_ADDR(p, a) do { \ + (a)->family = AF_INET6; \ + (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \ + (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \ + (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \ + (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \ } while (0) /* Set the TCP ports into the Ports of the Packet. diff --git a/src/defrag.c b/src/defrag.c index 4c69da81c4..b78027bf24 100644 --- a/src/defrag.c +++ b/src/defrag.c @@ -614,7 +614,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker, remove_tracker: /* Remove the frag tracker. */ SCMutexLock(&dc->frag_table_lock); - HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker)); + HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE); SCMutexUnlock(&dc->frag_table_lock); DefragTrackerReset(tracker); SCMutexLock(&dc->tracker_pool_lock); @@ -725,7 +725,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker, remove_tracker: /* Remove the frag tracker. */ SCMutexLock(&dc->frag_table_lock); - HashListTableRemove(dc->frag_table, tracker, sizeof(*tracker)); + HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE); SCMutexUnlock(&dc->frag_table_lock); DefragTrackerReset(tracker); SCMutexLock(&dc->tracker_pool_lock); @@ -1026,7 +1026,7 @@ DefragTimeoutTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc, if (tracker->timeout < (unsigned int)p->ts.tv_sec) { /* Tracker has timeout out. */ - HashListTableRemove(dc->frag_table, tracker, sizeof(tracker)); + HashListTableRemove(dc->frag_table, tracker, HASHLIST_NO_SIZE); DefragTrackerReset(tracker); PoolReturn(dc->tracker_pool, tracker); if (tv != NULL && dtv != NULL) { @@ -1144,7 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc, tracker->dst_addr = lookup_key->dst_addr; tracker->policy = DefragGetOsPolicy(p); - if (HashListTableAdd(dc->frag_table, tracker, sizeof(*tracker)) != 0) { + if (HashListTableAdd(dc->frag_table, tracker, HASHLIST_NO_SIZE) != 0) { /* Failed to add new tracker. */ SCLogError(SC_ERR_MEM_ALLOC, "Defrag: Failed to add new tracker to hash table."); @@ -1290,8 +1290,8 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content, ip4h.ip_ttl = ttl; ip4h.ip_proto = IPPROTO_ICMP; - ip4h.ip_src.s_addr = 0x01010101; /* 1.1.1.1 */ - ip4h.ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */ + ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */ + ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */ /* copy content_len crap, we need full length */ PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h) + content_len); @@ -1354,14 +1354,14 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content, ip6h.s_ip6_hlim = 2; /* Source and dest address - very bogus addresses. */ - ip6h.ip6_src[0] = 0x01010101; - ip6h.ip6_src[1] = 0x01010101; - ip6h.ip6_src[2] = 0x01010101; - ip6h.ip6_src[3] = 0x01010101; - ip6h.ip6_dst[0] = 0x02020202; - ip6h.ip6_dst[1] = 0x02020202; - ip6h.ip6_dst[2] = 0x02020202; - ip6h.ip6_dst[3] = 0x02020202; + ip6h.s_ip6_src[0] = 0x01010101; + ip6h.s_ip6_src[1] = 0x01010101; + ip6h.s_ip6_src[2] = 0x01010101; + ip6h.s_ip6_src[3] = 0x01010101; + ip6h.s_ip6_dst[0] = 0x02020202; + ip6h.s_ip6_dst[1] = 0x02020202; + ip6h.s_ip6_dst[2] = 0x02020202; + ip6h.s_ip6_dst[3] = 0x02020202; /* copy content_len crap, we need full length */ PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len); diff --git a/src/detect-content.c b/src/detect-content.c index 19bf0d062c..3a38d3c1ba 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -64,68 +64,48 @@ uint32_t DetectContentMaxId(DetectEngineCtx *de_ctx) { return MpmPatternIdStoreGetMaxId(de_ctx->mpm_pattern_id_store); } -int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags) +int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags) { char *str = NULL; - char *temp = NULL; uint16_t len; uint16_t pos = 0; uint16_t slen = 0; - if ((temp = SCStrdup(contentstr)) == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory. Exiting..."); - exit(EXIT_FAILURE); - } - - if (strlen(temp) == 0) { - SCFree(temp); + slen = strlen(contentstr); + if (slen == 0) { return -1; } /* skip the first spaces */ - slen = strlen(temp); - while (pos < slen && isspace(temp[pos])) { + while (pos < slen && isspace(contentstr[pos])) pos++; - }; - if (temp[pos] == '!') { - SCFree(temp); - if ((temp = SCStrdup(contentstr + pos + 1)) == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting..."); - exit(EXIT_FAILURE); - } - - pos = 0; + if (contentstr[pos] == '!') { *flags = DETECT_CONTENT_NEGATED; + pos++; } else *flags = 0; - if (temp[pos] == '\"' && strlen(temp + pos) == 1) + if (contentstr[pos] == '\"' && ((slen - pos) <= 1)) goto error; - if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') { - if ((str = SCStrdup(temp + pos + 1)) == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting..."); - exit(EXIT_FAILURE); - } - - str[strlen(temp) - pos - 2] = '\0'; - } else { - SCLogError(SC_ERR_INVALID_SIGNATURE, "content keywords's argument " + if (!(contentstr[pos] == '\"' && contentstr[slen - 1] == '\"')) { + SCLogError(SC_ERR_INVALID_SIGNATURE, "%s keyword arguments " "should be always enclosed in double quotes. Invalid " "content keyword passed in this rule - \"%s\"", - contentstr); + keyword, contentstr); goto error; } - if ((str = SCStrdup(temp + pos + 1)) == NULL) { - SCLogError(SC_ERR_MEM_ALLOC, "error allocating memory. exiting..."); - exit(EXIT_FAILURE); - } - str[strlen(temp) - pos - 2] = '\0'; + if ((str = SCStrdup(contentstr + pos + 1)) == NULL) + goto error; + str[strlen(str) - 1] = '\0'; - SCFree(temp); - temp = NULL; + len = strlen(str); + if (len == 0) + goto error; + + SCLogDebug("\"%s\", len %" PRIu32 "", str, len); len = strlen(str); if (len == 0) @@ -201,20 +181,10 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f if (bin_count % 2 != 0) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in " - "content - %s. Invalidating signature", str); + "%s - %s. Invalidating signature", keyword, contentstr); goto error; } -#if 0//def DEBUG - if (SCLogDebugEnabled()) { - for (i = 0; i < x; i++) { - if (isprint(str[i])) SCLogDebug("%c", str[i]); - else SCLogDebug("\\x%02u", str[i]); - } - SCLogDebug(""); - } -#endif - if (converted) { len = x; } @@ -225,8 +195,8 @@ int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *f return 0; error: - SCFree(str); - SCFree(temp); + if (str != NULL) + SCFree(str); return -1; } /** @@ -241,30 +211,23 @@ DetectContentData *DetectContentParse (char *contentstr) int flags; int ret; - ret = DetectContentDataParse(contentstr, &str, &len, &flags); - + ret = DetectContentDataParse("content", contentstr, &str, &len, &flags); if (ret == -1) { return NULL; } - cd = SCMalloc(sizeof(DetectContentData)); + cd = SCMalloc(sizeof(DetectContentData) + len); if (cd == NULL) { SCFree(str); exit(EXIT_FAILURE); } - memset(cd, 0, sizeof(DetectContentData)); + memset(cd, 0, sizeof(DetectContentData) + len); if (flags == DETECT_CONTENT_NEGATED) cd->flags |= DETECT_CONTENT_NEGATED; - cd->content = SCMalloc(len); - if (cd->content == NULL) { - SCFree(str); - SCFree(cd); - exit(EXIT_FAILURE); - } - + cd->content = (uint8_t *)cd + sizeof(DetectContentData); memcpy(cd->content, str, len); cd->content_len = len; @@ -449,9 +412,6 @@ void DetectContentFree(void *ptr) { if (cd == NULL) SCReturn; - if (cd->content != NULL) - SCFree(cd->content); - BoyerMooreCtxDeInit(cd->bm_ctx); SCFree(cd); diff --git a/src/detect-content.h b/src/detect-content.h index 0e5f3b581d..aa1734c390 100644 --- a/src/detect-content.h +++ b/src/detect-content.h @@ -99,7 +99,7 @@ typedef struct DetectContentData_ { void DetectContentRegister (void); uint32_t DetectContentMaxId(DetectEngineCtx *); DetectContentData *DetectContentParse (char *contentstr); -int DetectContentDataParse(char *contentstr, char** pstr, uint16_t *plen, int *flags); +int DetectContentDataParse(char *keyword, char *contentstr, char** pstr, uint16_t *plen, int *flags); DetectContentData *DetectContentParseEncloseQuotes(char *); void DetectContentPrint(DetectContentData *); diff --git a/src/detect-csum.c b/src/detect-csum.c index c462c76ff2..a0d0db8b14 100644 --- a/src/detect-csum.c +++ b/src/detect-csum.c @@ -332,7 +332,7 @@ int DetectTCPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, } if (p->tcpvars.comp_csum == -1) - p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); @@ -427,7 +427,7 @@ int DetectTCPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, } if (p->tcpvars.comp_csum == -1) - p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); @@ -522,7 +522,7 @@ int DetectUDPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, } if (p->udpvars.comp_csum == -1) - p->udpvars.comp_csum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->udpvars.comp_csum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN) ); @@ -618,7 +618,7 @@ int DetectUDPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, } if (p->udpvars.comp_csum == -1) - p->udpvars.comp_csum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->udpvars.comp_csum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN) ); @@ -809,7 +809,7 @@ int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, } if (p->icmpv6vars.comp_csum == -1) - p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->icmpv6vars.comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->icmpv6h, IPV6_GET_PLEN(p)); diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 828c054393..3784e0a5a3 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -155,33 +155,31 @@ DetectDsizeData *DetectDsizeParse (char *rawstr) mode = (char *)str_ptr; SCLogDebug("mode \"%s\"", mode); - if (ret >= 3) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr); + if (res < 0) { + SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); + goto error; + } + value1 = (char *)str_ptr; + SCLogDebug("value1 \"%s\"", value1); + + if (ret > 3) { + res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); goto error; } - value1 = (char *)str_ptr; - SCLogDebug("value1 \"%s\"", value1); + range = (char *)str_ptr; + SCLogDebug("range \"%s\"", range); - if (ret >= 4) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 3, &str_ptr); + if (ret > 4) { + res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); goto error; } - range = (char *)str_ptr; - SCLogDebug("range \"%s\"", range); - - if (ret >= 5) { - res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 4, &str_ptr); - if (res < 0) { - SCLogError(SC_ERR_PCRE_GET_SUBSTRING,"pcre_get_substring failed"); - goto error; - } - value2 = (char *)str_ptr; - SCLogDebug("value2 \"%s\"", value2); - } + value2 = (char *)str_ptr; + SCLogDebug("value2 \"%s\"", value2); } } @@ -235,12 +233,11 @@ DetectDsizeData *DetectDsizeParse (char *rawstr) SCLogDebug("dsize parsed succesfully dsize: %"PRIu16" dsize2: %"PRIu16"",dd->dsize,dd->dsize2); - if (value1) - SCFree(value1); + SCFree(value1); + SCFree(mode); + if (value2) SCFree(value2); - if (mode) - SCFree(mode); if (range) SCFree(range); return dd; diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index 90310ef507..e8d6c0cc67 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -914,10 +914,8 @@ static void SigGroupHeadFreeSigArraysHash2(DetectEngineCtx *de_ctx, sgh->init->sig_size = 0; } - if (sgh->init != NULL) { - SigGroupHeadInitDataFree(sgh->init); - sgh->init = NULL; - } + SigGroupHeadInitDataFree(sgh->init); + sgh->init = NULL; } return; diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c index ee12475995..5e21962dfa 100644 --- a/src/detect-engine-sigorder.c +++ b/src/detect-engine-sigorder.c @@ -855,13 +855,17 @@ static inline SCSigSignatureWrapper *SCSigAllocSignatureWrapper(Signature *sig) sw->sig = sig; - if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) + if ( (sw->user = SCMalloc(SC_RADIX_USER_DATA_MAX * sizeof(int *))) == NULL) { + SCFree(sw); return NULL; + } memset(sw->user, 0, SC_RADIX_USER_DATA_MAX * sizeof(int *)); for (i = 0; i < SC_RADIX_USER_DATA_MAX; i++) { - if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) + if ( (sw->user[i] = SCMalloc(sizeof(int))) == NULL) { + SCFree(sw); return NULL; + } memset(sw->user[i], 0, sizeof(int)); } diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 275258b925..d8dd13d74f 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -1155,10 +1155,12 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete } end: - if (flags & STREAM_TOCLIENT) - f->de_state->flags &= ~DE_STATE_FILE_TC_NEW; - else - f->de_state->flags &= ~DE_STATE_FILE_TS_NEW; + if (f->de_state != NULL) { + if (flags & STREAM_TOCLIENT) + f->de_state->flags &= ~DE_STATE_FILE_TC_NEW; + else + f->de_state->flags &= ~DE_STATE_FILE_TS_NEW; + } SCMutexUnlock(&f->de_state_m); SCReturnInt(0); diff --git a/src/detect-engine-tag.c b/src/detect-engine-tag.c index 16ad978fe7..51146112ab 100644 --- a/src/detect-engine-tag.c +++ b/src/detect-engine-tag.c @@ -281,15 +281,15 @@ int TagHashAddTag(DetectTagHostCtx *tag_ctx, DetectTagDataEntry *tde, Packet *p) SCFree(new); } else { new->header_entry = new_tde; - } - /* increment num_tags before adding to prevent a minor race, - * on setting and checking the first tag */ - SC_ATOMIC_ADD(num_tags, 1); - if (!(TagHashAdd(tag_ctx, new, p))) { - SC_ATOMIC_SUB(num_tags, 1); - SCFree(new_tde); - SCFree(new); + /* increment num_tags before adding to prevent a minor race, + * on setting and checking the first tag */ + SC_ATOMIC_ADD(num_tags, 1); + if (!(TagHashAdd(tag_ctx, new, p))) { + SC_ATOMIC_SUB(num_tags, 1); + SCFree(new_tde); + SCFree(new); + } } } else { SCLogDebug("Failed to allocate a new session"); diff --git a/src/detect-filestore.c b/src/detect-filestore.c index 08e51d8458..3bf361e770 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -257,7 +257,7 @@ int DetectFilestoreMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *f SCEnter(); - if (det_ctx->filestore_cnt > DETECT_FILESTORE_MAX) { + if (det_ctx->filestore_cnt >= DETECT_FILESTORE_MAX) { SCReturnInt(1); } diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 5e12be9e05..785bed841b 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -323,8 +323,8 @@ int DetectFragOffsetMatchTest01 (void) { p->src.addr_data32[0] = 0x01020304; p->dst.addr_data32[0] = 0x04030201; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; ip4h.ip_off = 0x2222; p->ip4h = &ip4h; diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 0d07927f1e..4ff1792d61 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -426,8 +426,8 @@ int DetectIcmpIdMatchTest02 (void) { p->src.addr_data32[0] = 0x01020304; p->dst.addr_data32[0] = 0x04030201; - ip4h.ip_src.s_addr = p->src.addr_data32[0]; - ip4h.ip_dst.s_addr = p->dst.addr_data32[0]; + ip4h.s_ip_src.s_addr = p->src.addr_data32[0]; + ip4h.s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h = &ip4h; DecodeICMPV4(&th_v, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL); diff --git a/src/detect-parse.c b/src/detect-parse.c index 8a42ff75f3..f905965419 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -1940,8 +1940,10 @@ int SigParseTest06 (void) { } end: - if (sig != NULL) SigFree(sig); - if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); + if (sig != NULL) + SigFree(sig); + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); return result; } diff --git a/src/detect-replace.c b/src/detect-replace.c index 03d78a4fd8..efb38c9635 100644 --- a/src/detect-replace.c +++ b/src/detect-replace.c @@ -75,8 +75,8 @@ int DetectReplaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *replacestr) int flags; SigMatch *pm = NULL; DetectContentData *ud = NULL; - int ret = DetectContentDataParse(replacestr, &str, &len, &flags); + int ret = DetectContentDataParse("replace", replacestr, &str, &len, &flags); if (ret == -1) goto error; diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index a1a943b513..a0bb6bd6d3 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -119,6 +119,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, { SCEnter(); + int ret = 0; + uint16_t ver = 0; + uint8_t sig_ver = TLS_UNKNOWN; + DetectSslVersionData *ssl = (DetectSslVersionData *)m->ctx; SSLState *app_state = (SSLState *)state; if (app_state == NULL) { @@ -128,9 +132,6 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, SCMutexLock(&f->m); - int ret = 0; - uint16_t ver = 0; - uint8_t sig_ver = -1; if (flags & STREAM_TOCLIENT) { SCLogDebug("server (toclient) version is 0x%02X", app_state->server_version); @@ -140,7 +141,10 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, app_state->client_version); ver = app_state->client_version; } - switch(ver) { + + SCMutexUnlock(&f->m); + + switch (ver) { case SSL_VERSION_2: if (ver == ssl->data[SSLv2].ver) ret = 1; @@ -168,7 +172,8 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, break; } - SCMutexUnlock(&f->m); + if (sig_ver == TLS_UNKNOWN) + SCReturnInt(0); SCReturnInt(ret ^ ((ssl->data[sig_ver].flags & DETECT_SSL_VERSION_NEGATED) ? 1 : 0)); } diff --git a/src/detect-ssl-version.h b/src/detect-ssl-version.h index 67084f311a..b9a0f86194 100644 --- a/src/detect-ssl-version.h +++ b/src/detect-ssl-version.h @@ -27,19 +27,24 @@ #define DETECT_SSL_VERSION_NEGATED 0x01 -#define SSLv2 0 -#define SSLv3 1 -#define TLS10 2 -#define TLS11 3 -#define TLS12 4 +enum { + SSLv2 = 0, + SSLv3 = 1, + TLS10 = 2, + TLS11 = 3, + TLS12 = 4, + + TLS_SIZE = 5, + TLS_UNKNOWN = 6, +}; typedef struct SSLVersionData_ { uint16_t ver; /** ssl version to match */ uint8_t flags; -}SSLVersionData; +} SSLVersionData; typedef struct DetectSslVersionData_ { - SSLVersionData data[5]; + SSLVersionData data[TLS_SIZE]; } DetectSslVersionData; /* prototypes */ diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c index 159c591285..be7f39528b 100644 --- a/src/detect-stream_size.c +++ b/src/detect-stream_size.c @@ -272,12 +272,9 @@ DetectStreamSizeData *DetectStreamSizeParse (char *streamstr) { goto error; } - if (mode != NULL) - SCFree(mode); - if (arg != NULL) - SCFree(arg); - if (value != NULL) - SCFree(value); + SCFree(mode); + SCFree(arg); + SCFree(value); return sd; error: diff --git a/src/detect-threshold.c b/src/detect-threshold.c index e326259aa9..d1c181ca39 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -582,7 +582,7 @@ static int DetectThresholdTestSig3(void) { ste = SCMalloc(sizeof(DetectThresholdEntry)); if (ste == NULL) goto end; - memset(ste, 0x00, sizeof(ste)); + memset(ste, 0x00, sizeof(*ste)); if (PKT_IS_IPV4(p)) ste->ipv = 4; diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index e42aafccd1..48cfa1cf36 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -101,12 +101,9 @@ void DetectUricontentFree(void *ptr) { if (cd == NULL) SCReturn; - if (cd->content != NULL) - SCFree(cd->content); - BoyerMooreCtxDeInit(cd->bm_ctx); - SCFree(cd); + SCReturn; } @@ -159,183 +156,43 @@ void DetectUricontentPrint(DetectContentData *cd) * the rule set. * \param contentstr Pointer to the string which has been defined in the rule */ -DetectContentData *DoDetectUricontentSetup (char * contentstr) +DetectContentData *DoDetectUricontentSetup (char *contentstr) { DetectContentData *cd = NULL; - char *temp = NULL; char *str = NULL; - uint16_t len = 0; - uint16_t pos = 0; - uint16_t slen = 0; + uint16_t len; + int flags; + int ret; - if ((temp = SCStrdup(contentstr)) == NULL) - goto error; - - if (strlen(temp) == 0) { - SCFree(temp); + ret = DetectContentDataParse("uricontent", contentstr, &str, &len, &flags); + if (ret == -1) { return NULL; } - cd = SCMalloc(sizeof(DetectContentData)); - if (cd == NULL) - goto error; - memset(cd,0,sizeof(DetectContentData)); - - /* skip the first spaces */ - slen = strlen(temp); - while (pos < slen && isspace(temp[pos])) { - pos++; - }; - - if (temp[pos] == '!') { - cd->flags |= DETECT_CONTENT_NEGATED; - pos++; - } - - if (temp[pos] == '\"' && strlen(temp + pos) == 1) - goto error; - - if (temp[pos] == '\"' && temp[pos + strlen(temp + pos) - 1] == '\"') { - if ((str = SCStrdup(temp + pos + 1)) == NULL) - goto error; - str[strlen(temp) - pos - 2] = '\0'; - } else { - SCLogError(SC_ERR_INVALID_SIGNATURE, "uricontent keywords's argument " - "should be always enclosed in double quotes. Invalid " - "content keyword passed in this rule - \"%s\"", - contentstr); - goto error; - } - str[strlen(temp) - pos - 2] = '\0'; - - SCFree(temp); - temp = NULL; - - len = strlen(str); - if (len == 0) - goto error; - - SCLogDebug("\"%s\", len %" PRIu32 "", str, len); - char converted = 0; - - { - uint8_t escape = 0; - uint16_t i, x; - uint8_t bin = 0, binstr[3] = "", binpos = 0; - uint16_t bin_count = 0; - - for (i = 0, x = 0; i < len; i++) { - SCLogDebug("str[%02u]: %c", i, str[i]); - if (str[i] == '|') { - bin_count++; - if (bin) { - bin = 0; - } else { - bin = 1; - } - } else if(!escape && str[i] == '\\') { - escape = 1; - } else { - if (bin) { - if (isdigit(str[i]) || - str[i] == 'A' || str[i] == 'a' || - str[i] == 'B' || str[i] == 'b' || - str[i] == 'C' || str[i] == 'c' || - str[i] == 'D' || str[i] == 'd' || - str[i] == 'E' || str[i] == 'e' || - str[i] == 'F' || str[i] == 'f') { - SCLogDebug("part of binary: %c", str[i]); - - binstr[binpos] = (char)str[i]; - binpos++; - - if (binpos == 2) { - uint8_t c = strtol((char *)binstr, (char **) NULL, - 16) & 0xFF; - binpos = 0; - str[x] = c; - x++; - converted = 1; - } - } else if (str[i] == ' ') { - SCLogDebug("space as part of binary string"); - } - } else if (escape) { - if (str[i] == ':' || - str[i] == ';' || - str[i] == '\\' || - str[i] == '\"') - { - str[x] = str[i]; - x++; - } else { - //SCLogDebug("Can't escape %c", str[i]); - goto error; - } - escape = 0; - converted = 1; - } else { - str[x] = str[i]; - x++; - } - } - } - - if (bin_count % 2 != 0) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in " - "content - %s. Invalidating signature", str); - goto error; - } - -#ifdef DEBUG - if (SCLogDebugEnabled()) { - char *prstr = SCMalloc(3 * x); - char onechar[3]; - memset(prstr, 0, 3 * x); - if (prstr != NULL) { - for (i = 0; i < x; i++) { - if (isprint(str[i])) - snprintf(onechar, 3, "%c", str[i]); - else - snprintf(onechar, 3, "\\x%02u", str[i]); - strlcat(prstr, onechar, 3 * x); - } - SCLogDebug("\"%s\"", prstr); - SCFree(prstr); - } - } -#endif - - if (converted) - len = x; + cd = SCMalloc(sizeof(DetectContentData) + len); + if (cd == NULL) { + SCFree(str); + exit(EXIT_FAILURE); } - SCLogDebug("len %" PRIu32 "", len); + memset(cd, 0, sizeof(DetectContentData) + len); - cd->content = SCMalloc(len); - if (cd->content == NULL) { - SCFree(cd); - SCFree(str); - return NULL;; - } + if (flags == DETECT_CONTENT_NEGATED) + cd->flags |= DETECT_CONTENT_NEGATED; + cd->content = (uint8_t *)cd + sizeof(DetectContentData); memcpy(cd->content, str, len); cd->content_len = len; + + /* Prepare Boyer Moore context for searching faster */ + cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len); cd->depth = 0; cd->offset = 0; cd->within = 0; cd->distance = 0; - /* Prepare Boyer Moore context for searching faster */ - cd->bm_ctx = BoyerMooreCtxInit(cd->content, cd->content_len); - SCFree(str); return cd; - -error: - SCFree(str); - if (cd) SCFree(cd); - return NULL; } /** @@ -356,8 +213,9 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents DetectContentData *cd = NULL; SigMatch *sm = NULL; - if (s->alproto == ALPROTO_DCERPC) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "uri content specified in a dcerpc sig"); + if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { + SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting" + " keywords."); goto error; } @@ -379,12 +237,6 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents /* Flagged the signature as to inspect the app layer data */ s->flags |= SIG_FLAG_APPLAYER; - if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { - SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting" - " keywords."); - goto error; - } - s->alproto = ALPROTO_HTTP; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH); @@ -392,8 +244,10 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents SCReturnInt(0); error: - if (cd) SCFree(cd); - if (sm != NULL) SCFree(sm); + if (cd != NULL) + SCFree(cd); + if (sm != NULL) + SCFree(sm); SCReturnInt(-1); } @@ -532,7 +386,7 @@ static int HTTPUriTest01(void) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); - if (htp_state->connp == NULL || tx->request_method_number != M_GET || + if (tx->request_method_number != M_GET || tx->request_protocol_number != HTTP_1_1) { printf("expected method GET and got %s: , expected protocol " @@ -599,7 +453,7 @@ static int HTTPUriTest02(void) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); - if (htp_state->connp == NULL || tx->request_method_number != M_GET || + if (tx->request_method_number != M_GET || tx->request_protocol_number != HTTP_1_1) { printf("expected method GET and got %s: , expected protocol " @@ -668,7 +522,7 @@ static int HTTPUriTest03(void) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); - if (htp_state->connp == NULL || tx->request_method_number != M_UNKNOWN || + if (tx->request_method_number != M_UNKNOWN || tx->request_protocol_number != HTTP_1_1) { printf("expected method GET and got %s: , expected protocol " @@ -739,7 +593,7 @@ static int HTTPUriTest04(void) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0); - if (htp_state->connp == NULL || tx->request_method_number != M_GET || + if (tx->request_method_number != M_GET || tx->request_protocol_number != HTTP_1_1) { printf("expected method GET and got %s: , expected protocol " @@ -1061,9 +915,13 @@ end: */ static int DetectUriSigTest04(void) { int result = 0; - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); Signature *s = NULL; + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) { + goto end; + } + s = SigInit(de_ctx,"alert tcp any any -> any any (msg:" "\" Test uricontent\"; " "uricontent:\"foo\"; sid:1;)"); @@ -1247,8 +1105,8 @@ static int DetectUriSigTest04(void) { result = 1; end: - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (de_ctx != NULL) SigGroupCleanup(de_ctx); + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); return result; } @@ -1363,7 +1221,8 @@ end: if (de_ctx != NULL) SigGroupCleanup(de_ctx); if (de_ctx != NULL) SigCleanSignatures(de_ctx); if (det_ctx != NULL) DetectEngineThreadCtxDeinit(&th_v, det_ctx); - if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); @@ -2096,6 +1955,35 @@ int DetectUriContentParseTest23(void) return result; } +/** + * \test Parsing test + */ +int DetectUriContentParseTest24(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 1; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert tcp any any -> any any " + "(msg:\"test\"; uricontent:\"\"; sid:1;)"); + if (de_ctx->sig_list != NULL) { + result = 0; + goto end; + } + + end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + int DetectUricontentSigTest08(void) { DetectEngineCtx *de_ctx = NULL; @@ -2345,6 +2233,8 @@ void HttpUriRegisterTests(void) { UtRegisterTest("DetectUriContentParseTest21", DetectUriContentParseTest21, 1); UtRegisterTest("DetectUriContentParseTest22", DetectUriContentParseTest22, 1); UtRegisterTest("DetectUriContentParseTest23", DetectUriContentParseTest23, 1); + UtRegisterTest("DetectUriContentParseTest24", DetectUriContentParseTest24, 1); + UtRegisterTest("DetectUricontentSigTest08", DetectUricontentSigTest08, 1); UtRegisterTest("DetectUricontentSigTest09", DetectUricontentSigTest09, 1); UtRegisterTest("DetectUricontentSigTest10", DetectUricontentSigTest10, 1); diff --git a/src/flow-timeout.c b/src/flow-timeout.c index ec2ea3065a..9da2e85bfc 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -128,11 +128,11 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, p->ip4h->ip_proto = IPPROTO_TCP; //p->ip4h->ip_csum = if (direction == 0) { - p->ip4h->ip_src.s_addr = f->src.addr_data32[0]; - p->ip4h->ip_dst.s_addr = f->dst.addr_data32[0]; + p->ip4h->s_ip_src.s_addr = f->src.addr_data32[0]; + p->ip4h->s_ip_dst.s_addr = f->dst.addr_data32[0]; } else { - p->ip4h->ip_src.s_addr = f->dst.addr_data32[0]; - p->ip4h->ip_dst.s_addr = f->src.addr_data32[0]; + p->ip4h->s_ip_src.s_addr = f->dst.addr_data32[0]; + p->ip4h->s_ip_dst.s_addr = f->src.addr_data32[0]; } /* set the tcp header */ @@ -160,23 +160,23 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, p->ip6h->s_ip6_plen = htons(20); p->ip6h->s_ip6_hlim = 64; if (direction == 0) { - p->ip6h->ip6_src[0] = f->src.addr_data32[0]; - p->ip6h->ip6_src[1] = f->src.addr_data32[1]; - p->ip6h->ip6_src[2] = f->src.addr_data32[2]; - p->ip6h->ip6_src[3] = f->src.addr_data32[3]; - p->ip6h->ip6_dst[0] = f->dst.addr_data32[0]; - p->ip6h->ip6_dst[1] = f->dst.addr_data32[1]; - p->ip6h->ip6_dst[2] = f->dst.addr_data32[2]; - p->ip6h->ip6_dst[3] = f->dst.addr_data32[3]; + p->ip6h->s_ip6_src[0] = f->src.addr_data32[0]; + p->ip6h->s_ip6_src[1] = f->src.addr_data32[1]; + p->ip6h->s_ip6_src[2] = f->src.addr_data32[2]; + p->ip6h->s_ip6_src[3] = f->src.addr_data32[3]; + p->ip6h->s_ip6_dst[0] = f->dst.addr_data32[0]; + p->ip6h->s_ip6_dst[1] = f->dst.addr_data32[1]; + p->ip6h->s_ip6_dst[2] = f->dst.addr_data32[2]; + p->ip6h->s_ip6_dst[3] = f->dst.addr_data32[3]; } else { - p->ip6h->ip6_src[0] = f->dst.addr_data32[0]; - p->ip6h->ip6_src[1] = f->dst.addr_data32[1]; - p->ip6h->ip6_src[2] = f->dst.addr_data32[2]; - p->ip6h->ip6_src[3] = f->dst.addr_data32[3]; - p->ip6h->ip6_dst[0] = f->src.addr_data32[0]; - p->ip6h->ip6_dst[1] = f->src.addr_data32[1]; - p->ip6h->ip6_dst[2] = f->src.addr_data32[2]; - p->ip6h->ip6_dst[3] = f->src.addr_data32[3]; + p->ip6h->s_ip6_src[0] = f->dst.addr_data32[0]; + p->ip6h->s_ip6_src[1] = f->dst.addr_data32[1]; + p->ip6h->s_ip6_src[2] = f->dst.addr_data32[2]; + p->ip6h->s_ip6_src[3] = f->dst.addr_data32[3]; + p->ip6h->s_ip6_dst[0] = f->src.addr_data32[0]; + p->ip6h->s_ip6_dst[1] = f->src.addr_data32[1]; + p->ip6h->s_ip6_dst[2] = f->src.addr_data32[2]; + p->ip6h->s_ip6_dst[3] = f->src.addr_data32[3]; } /* set the tcp header */ @@ -218,10 +218,10 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, } if (FLOW_IS_IPV4(f)) { - p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->tcph, 20); } else if (FLOW_IS_IPV6(f)) { - p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->tcph->th_sum = TCPCalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, 20); } diff --git a/src/flow.h b/src/flow.h index c63c35d96c..1dd42f79ff 100644 --- a/src/flow.h +++ b/src/flow.h @@ -124,14 +124,14 @@ * We set the rest of the struct to 0 so we can * prevent using memset. */ #define FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_src.s_addr; \ + (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \ (a)->addr_data32[1] = 0; \ (a)->addr_data32[2] = 0; \ (a)->addr_data32[3] = 0; \ } while (0) #define FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (uint32_t)(p)->ip4h->ip_dst.s_addr; \ + (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \ (a)->addr_data32[1] = 0; \ (a)->addr_data32[2] = 0; \ (a)->addr_data32[3] = 0; \ @@ -148,17 +148,17 @@ /* Set the IPv6 addressesinto the Addrs of the Packet. * Make sure p->ip6h is initialized and validated. */ #define FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (p)->ip6h->ip6_src[0]; \ - (a)->addr_data32[1] = (p)->ip6h->ip6_src[1]; \ - (a)->addr_data32[2] = (p)->ip6h->ip6_src[2]; \ - (a)->addr_data32[3] = (p)->ip6h->ip6_src[3]; \ + (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \ + (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \ + (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \ + (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \ } while (0) #define FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, a) do { \ - (a)->addr_data32[0] = (p)->ip6h->ip6_dst[0]; \ - (a)->addr_data32[1] = (p)->ip6h->ip6_dst[1]; \ - (a)->addr_data32[2] = (p)->ip6h->ip6_dst[2]; \ - (a)->addr_data32[3] = (p)->ip6h->ip6_dst[3]; \ + (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \ + (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \ + (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \ + (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \ } while (0) /* pkt flow flags */ diff --git a/src/log-file.c b/src/log-file.c index 4dd757ecc1..b02eaa9165 100644 --- a/src/log-file.c +++ b/src/log-file.c @@ -54,6 +54,7 @@ #include "util-logopenfile.h" #include "app-layer-htp.h" +#include "util-memcmp.h" #define MODULE_NAME "LogFileLog" @@ -124,7 +125,8 @@ static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) { table_iterator_reset(headers); while (table_iterator_next(headers, (void **)&h) != NULL) { - if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) { + if (bstr_len(h->name) >= 4 && + SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; @@ -147,7 +149,8 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) { table_iterator_reset(headers); while (table_iterator_next(headers, (void **)&h) != NULL) { - if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) { + if (bstr_len(h->name) >= 7 && + SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; diff --git a/src/log-filestore.c b/src/log-filestore.c index c9abc7b029..2e40e49360 100644 --- a/src/log-filestore.c +++ b/src/log-filestore.c @@ -52,6 +52,7 @@ #include "util-logopenfile.h" #include "app-layer-htp.h" +#include "util-memcmp.h" #define MODULE_NAME "LogFilestoreLog" @@ -127,7 +128,8 @@ static void LogFilestoreMetaGetHost(FILE *fp, Packet *p, File *ff) { table_iterator_reset(headers); while (table_iterator_next(headers, (void **)&h) != NULL) { - if (strcasecmp("Host", bstr_tocstr(h->name)) == 0) { + if (bstr_len(h->name) >= 4 && + SCMemcmpLowercase((uint8_t *)"host", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; @@ -150,7 +152,8 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) { table_iterator_reset(headers); while (table_iterator_next(headers, (void **)&h) != NULL) { - if (strcasecmp("Referer", bstr_tocstr(h->name)) == 0) { + if (bstr_len(h->name) >= 7 && + SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; @@ -600,7 +603,7 @@ static void LogFilestoreLogDeInitCtx(OutputCtx *output_ctx) LogFileFreeCtx(logfile_ctx); free(output_ctx); - if (g_waldo != NULL) { + if (strlen(g_waldo) > 0) { LogFilestoreLogStoreWaldo(g_waldo); } } diff --git a/src/source-pcap.c b/src/source-pcap.c index 0459905ecd..b5b2ed27a5 100644 --- a/src/source-pcap.c +++ b/src/source-pcap.c @@ -414,7 +414,6 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) { SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); - ptv->pcap_state = PCAP_STATE_DOWN; } else { ptv->pcap_state = PCAP_STATE_UP; } diff --git a/src/stream-tcp-sack.c b/src/stream-tcp-sack.c index 7a69869afe..caa628fd67 100644 --- a/src/stream-tcp-sack.c +++ b/src/stream-tcp-sack.c @@ -133,11 +133,6 @@ static int StreamTcpSackInsertRange(TcpStream *stream, uint32_t le, uint32_t re) rec->re = re; goto end; } - - le = rec->re; - //int r = StreamTcpSackInsertRange(stream, rec->re+1, re); - //SCReturnInt(r); - continue; } SCLogDebug("new range fully overlapped"); diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 4d1a3bc466..2062a972b5 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -3837,12 +3837,12 @@ static inline int StreamTcpValidateChecksum(Packet *p) if (p->tcpvars.comp_csum == -1) { if (PKT_IS_IPV4(p)) { - p->tcpvars.comp_csum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->tcpvars.comp_csum = TCPCalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); } else if (PKT_IS_IPV6(p)) { - p->tcpvars.comp_csum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->tcpvars.comp_csum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); @@ -4567,19 +4567,19 @@ void StreamTcpSetSessionNoReassemblyFlag (TcpSession *ssn, char direction) IPV4_SET_RAW_IPLEN(nipv4h, IPV4_GET_RAW_IPLEN(ipv4h)); \ IPV4_SET_RAW_IPTOS(nipv4h, IPV4_GET_RAW_IPTOS(ipv4h)); \ IPV4_SET_RAW_IPPROTO(nipv4h, IPV4_GET_RAW_IPPROTO(ipv4h)); \ - (nipv4h)->ip_src = IPV4_GET_RAW_IPDST(ipv4h); \ - (nipv4h)->ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \ + (nipv4h)->s_ip_src = IPV4_GET_RAW_IPDST(ipv4h); \ + (nipv4h)->s_ip_dst = IPV4_GET_RAW_IPSRC(ipv4h); \ } while (0) #define PSEUDO_PKT_SET_IPV6HDR(nipv6h,ipv6h) do { \ - (nipv6h)->ip6_src[0] = (ipv6h)->ip6_dst[0]; \ - (nipv6h)->ip6_src[1] = (ipv6h)->ip6_dst[1]; \ - (nipv6h)->ip6_src[2] = (ipv6h)->ip6_dst[2]; \ - (nipv6h)->ip6_src[3] = (ipv6h)->ip6_dst[3]; \ - (nipv6h)->ip6_dst[0] = (ipv6h)->ip6_src[0]; \ - (nipv6h)->ip6_dst[1] = (ipv6h)->ip6_src[1]; \ - (nipv6h)->ip6_dst[2] = (ipv6h)->ip6_src[2]; \ - (nipv6h)->ip6_dst[3] = (ipv6h)->ip6_src[3]; \ + (nipv6h)->s_ip6_src[0] = (ipv6h)->s_ip6_dst[0]; \ + (nipv6h)->s_ip6_src[1] = (ipv6h)->s_ip6_dst[1]; \ + (nipv6h)->s_ip6_src[2] = (ipv6h)->s_ip6_dst[2]; \ + (nipv6h)->s_ip6_src[3] = (ipv6h)->s_ip6_dst[3]; \ + (nipv6h)->s_ip6_dst[0] = (ipv6h)->s_ip6_src[0]; \ + (nipv6h)->s_ip6_dst[1] = (ipv6h)->s_ip6_src[1]; \ + (nipv6h)->s_ip6_dst[2] = (ipv6h)->s_ip6_src[2]; \ + (nipv6h)->s_ip6_dst[3] = (ipv6h)->s_ip6_src[3]; \ IPV6_SET_RAW_NH(nipv6h, IPV6_GET_RAW_NH(ipv6h)); \ } while (0) diff --git a/src/suricata.c b/src/suricata.c index 79eed27642..c814388394 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -260,6 +260,7 @@ SignalHandlerSetup(int sig, void (*handler)()) signal(sig, handler); #else struct sigaction action; + memset(&action, 0x00, sizeof(struct sigaction)); action.sa_handler = handler; sigemptyset(&(action.sa_mask)); @@ -360,28 +361,27 @@ static void SetBpfStringFromFile(char *filename) { SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename); exit(EXIT_FAILURE); } - bpf_len=st.st_size + 1; + bpf_len = st.st_size + 1; - bpf_filter = SCMalloc(bpf_len*sizeof(char)); - if(bpf_filter == NULL) { + fp = fopen(filename,"r"); + if (fp == NULL) { + SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename); + exit(EXIT_FAILURE); + } + + bpf_filter = SCMalloc(bpf_len * sizeof(char)); + if (bpf_filter == NULL) { SCLogError(SC_ERR_MEM_ALLOC, - "Failed to allocate buffer for bpf filter in file %s", filename); + "Failed to allocate buffer for bpf filter in file %s", filename); exit(EXIT_FAILURE); } memset(bpf_filter, 0x00, bpf_len); - fp = fopen(filename,"r"); - if(fp == NULL) { - SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename); - SCFree(bpf_filter); - exit(EXIT_FAILURE); - }else { - nm = fread(bpf_filter, bpf_len - 1, 1, fp); - if((ferror(fp) != 0)||( nm != 1)) { - *bpf_filter='\0'; - } - fclose(fp); + nm = fread(bpf_filter, bpf_len - 1, 1, fp); + if((ferror(fp) != 0)||( nm != 1)) { + *bpf_filter='\0'; } + fclose(fp); if(strlen(bpf_filter) > 0) { /*replace comments with space*/ diff --git a/src/tm-threads.c b/src/tm-threads.c index de769f948d..75cf12d05f 100644 --- a/src/tm-threads.c +++ b/src/tm-threads.c @@ -1050,7 +1050,7 @@ TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type) int TmThreadGetNbThreads(uint8_t type) { - if (type > MAX_CPU_SET) { + if (type >= MAX_CPU_SET) { SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid cpu type family"); return 0; } diff --git a/src/util-checksum.c b/src/util-checksum.c index 9315afd967..c448eea11b 100644 --- a/src/util-checksum.c +++ b/src/util-checksum.c @@ -33,11 +33,11 @@ int ReCalculateChecksum(Packet *p) if (PKT_IS_TCP(p)) { /* TCP */ p->tcph->th_sum = 0; - p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->tcph->th_sum = TCPCalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); } else if (PKT_IS_UDP(p)) { p->udph->uh_sum = 0; - p->udph->uh_sum = UDPV4CalculateChecksum((uint16_t *)&(p->ip4h->ip_src), + p->udph->uh_sum = UDPV4CalculateChecksum(p->ip4h->s_ip_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN)); } /* IPV4 */ @@ -48,11 +48,11 @@ int ReCalculateChecksum(Packet *p) /* just TCP for IPV6 */ if (PKT_IS_TCP(p)) { p->tcph->th_sum = 0; - p->tcph->th_sum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->tcph->th_sum = TCPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p))); } else if (PKT_IS_UDP(p)) { p->udph->uh_sum = 0; - p->udph->uh_sum = UDPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src), + p->udph->uh_sum = UDPV6CalculateChecksum(p->ip6h->s_ip6_addrs, (uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN)); } } diff --git a/src/util-device.c b/src/util-device.c index 3718f0352a..6d880edbfe 100644 --- a/src/util-device.c +++ b/src/util-device.c @@ -136,7 +136,7 @@ int LiveBuildDeviceList(char * runmode) return 0; TAILQ_FOREACH(child, &base->head, next) { - if (!strncmp(child->val, "interface", sizeof(child->val))) { + if (!strcmp(child->val, "interface")) { ConfNode *subchild; TAILQ_FOREACH(subchild, &child->head, next) { if ((!strcmp(subchild->name, "interface"))) { diff --git a/src/util-hash.h b/src/util-hash.h index 543268f488..f161118874 100644 --- a/src/util-hash.h +++ b/src/util-hash.h @@ -43,6 +43,8 @@ typedef struct HashTable_ { void (*Free)(void *); } HashTable; +#define HASH_NO_SIZE 0 + /* prototypes */ HashTable* HashTableInit(uint32_t, uint32_t (*Hash)(struct HashTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *)); void HashTableFree(HashTable *); diff --git a/src/util-hashlist.h b/src/util-hashlist.h index bca74c9871..f75fee3605 100644 --- a/src/util-hashlist.h +++ b/src/util-hashlist.h @@ -44,6 +44,8 @@ typedef struct HashListTable_ { void (*Free)(void *); } HashListTable; +#define HASHLIST_NO_SIZE 0 + /* prototypes */ HashListTable* HashListTableInit(uint32_t, uint32_t (*Hash)(struct HashListTable_ *, void *, uint16_t), char (*Compare)(void *, uint16_t, void *, uint16_t), void (*Free)(void *)); void HashListTableFree(HashListTable *); diff --git a/src/util-magic.c b/src/util-magic.c index ab32f81a65..dfdaa5b59b 100644 --- a/src/util-magic.c +++ b/src/util-magic.c @@ -112,10 +112,13 @@ char *MagicLookup(uint8_t *buf, uint32_t buflen) { } void MagicDeinit(void) { + SCMutexLock(&g_magic_lock); if (g_magic_ctx != NULL) { magic_close(g_magic_ctx); g_magic_ctx = NULL; } + SCMutexUnlock(&g_magic_lock); + SCMutexDestroy(&g_magic_lock); } #ifdef UNITTESTS diff --git a/src/util-mem.h b/src/util-mem.h index 33d664875b..ac9c1ba2aa 100644 --- a/src/util-mem.h +++ b/src/util-mem.h @@ -157,8 +157,9 @@ SC_ATOMIC_EXTERN(unsigned int, engine_stage); ptrmem = malloc((a)); \ if (ptrmem == NULL) { \ if (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT) {\ + uintmax_t size = (uintmax_t)(a); \ SCLogError(SC_ERR_MEM_ALLOC, "SCMalloc failed: %s, while trying " \ - "to allocate %"PRIuMAX" bytes", strerror(errno), (uintmax_t)(a)); \ + "to allocate %"PRIuMAX" bytes", strerror(errno), size); \ SCLogError(SC_ERR_FATAL, "Out of memory. The engine cannot be initialized. Exiting..."); \ exit(EXIT_FAILURE); \ } \ diff --git a/src/util-print.c b/src/util-print.c index fbda45e1f7..4c9e416225 100644 --- a/src/util-print.c +++ b/src/util-print.c @@ -68,7 +68,7 @@ void PrintRawLineHexBuf(char *retbuf, uint32_t retbuflen, uint8_t *buf, uint32_t for (u = 0; u < buflen; u++) { written += (uint32_t)snprintf(temp, sizeof(temp), "%02X ", buf[u]); if (written < retbuflen) { - strlcat(retbuf, temp, sizeof(retbuf)); + strlcat(retbuf, temp, retbuflen); } } } diff --git a/src/util-runmodes.c b/src/util-runmodes.c index 5608652efe..c5fbc2e33e 100644 --- a/src/util-runmodes.c +++ b/src/util-runmodes.c @@ -904,10 +904,6 @@ int RunModeSetIPSAuto(DetectEngineCtx *de_ctx, for (int i = 0; i < nqueue; i++) { memset(tname, 0, sizeof(tname)); snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i); - if (tname == NULL) { - printf("ERROR: Unable to build thread name\n"); - exit(EXIT_FAILURE); - } char *thread_name = SCStrdup(tname); ThreadVars *tv_verdict = @@ -1097,10 +1093,6 @@ int RunModeSetIPSAutoFp(DetectEngineCtx *de_ctx, for (int i = 0; i < nqueue; i++) { memset(tname, 0, sizeof(tname)); snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i); - if (tname == NULL) { - printf("ERROR: Unable to build thread name\n"); - exit(EXIT_FAILURE); - } char *thread_name = SCStrdup(tname); ThreadVars *tv_verdict = @@ -1179,10 +1171,6 @@ int RunModeSetIPSWorker(DetectEngineCtx *de_ctx, } memset(tname, 0, sizeof(tname)); snprintf(tname, sizeof(tname), "Worker-Q%s", cur_queue); - if (tname == NULL) { - printf("ERROR: Unable to build thread name\n"); - exit(EXIT_FAILURE); - } char *thread_name = SCStrdup(tname); tv = TmThreadCreatePacketHandler(thread_name, diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index f72863924b..8cda18ced1 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -1543,8 +1543,8 @@ int SCThresholdConfTest09(void) SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); if (alerts > 0) { - goto end; result = 0; + goto end; } SigMatchSignatures(&th_v, de_ctx, det_ctx, p); @@ -1636,8 +1636,8 @@ int SCThresholdConfTest10(void) SigMatchSignatures(&th_v, de_ctx, det_ctx, p2); alerts += PacketAlertCheck(p2, 10); if (alerts > 0) { - goto end; result = 0; + goto end; } SigMatchSignatures(&th_v, de_ctx, det_ctx, p); diff --git a/src/util-unittest-helper.c b/src/util-unittest-helper.c index 728912f4f9..d685383d6e 100644 --- a/src/util-unittest-helper.c +++ b/src/util-unittest-helper.c @@ -103,10 +103,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, p->src.addr_data32[2] = in[2]; p->src.addr_data32[3] = in[3]; p->sp = sport; - p->ip6h->ip6_src[0] = in[0]; - p->ip6h->ip6_src[1] = in[1]; - p->ip6h->ip6_src[2] = in[2]; - p->ip6h->ip6_src[3] = in[3]; + p->ip6h->s_ip6_src[0] = in[0]; + p->ip6h->s_ip6_src[1] = in[1]; + p->ip6h->s_ip6_src[2] = in[2]; + p->ip6h->s_ip6_src[3] = in[3]; if (inet_pton(AF_INET6, dst, &in) <= 0) goto error; @@ -115,10 +115,10 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len, p->dst.addr_data32[2] = in[2]; p->dst.addr_data32[3] = in[3]; p->dp = dport; - p->ip6h->ip6_dst[0] = in[0]; - p->ip6h->ip6_dst[1] = in[1]; - p->ip6h->ip6_dst[2] = in[2]; - p->ip6h->ip6_dst[3] = in[3]; + p->ip6h->s_ip6_dst[0] = in[0]; + p->ip6h->s_ip6_dst[1] = in[1]; + p->ip6h->s_ip6_dst[2] = in[2]; + p->ip6h->s_ip6_dst[3] = in[3]; p->tcph = SCMalloc(sizeof(TCPHdr)); if (p->tcph == NULL) @@ -192,8 +192,8 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len, if (p->ip4h == NULL) goto error; - p->ip4h->ip_src.s_addr = p->src.addr_data32[0]; - p->ip4h->ip_dst.s_addr = p->dst.addr_data32[0]; + p->ip4h->s_ip_src.s_addr = p->src.addr_data32[0]; + p->ip4h->s_ip_dst.s_addr = p->dst.addr_data32[0]; p->ip4h->ip_proto = ipproto; p->ip4h->ip_verhl = sizeof(IPV4Hdr); p->proto = ipproto;