detect/ipopts: Handle multiple ip options

Issue: 6864 Multiple IP options were not handled properly as the value being OR'd into the packet's ip option variable were enum values instead of bit values.
2 years ago · d7026b7b11
parent ee942391f7
commit d7026b7b11
2 changed files with 13 additions and 19 deletions
--- a/src/decode-ipv4.h
+++ b/src/decode-ipv4.h
@ -154,20 +154,18 @@ typedef struct IPV4Hdr_
        memset(&p->ip4vars, 0x00, sizeof(p->ip4vars));                                             \
    } while (0)

-enum IPV4OptionFlags {
-    IPV4_OPT_FLAG_EOL = 0,
-    IPV4_OPT_FLAG_NOP,
-    IPV4_OPT_FLAG_RR,
-    IPV4_OPT_FLAG_TS,
-    IPV4_OPT_FLAG_QS,
-    IPV4_OPT_FLAG_LSRR,
-    IPV4_OPT_FLAG_SSRR,
-    IPV4_OPT_FLAG_SID,
-    IPV4_OPT_FLAG_SEC,
-    IPV4_OPT_FLAG_CIPSO,
-    IPV4_OPT_FLAG_RTRALT,
-    IPV4_OPT_FLAG_ESEC,
-};
+#define IPV4_OPT_FLAG_EOL    BIT_U16(1)
+#define IPV4_OPT_FLAG_NOP    BIT_U16(2)
+#define IPV4_OPT_FLAG_RR     BIT_U16(3)
+#define IPV4_OPT_FLAG_TS     BIT_U16(4)
+#define IPV4_OPT_FLAG_QS     BIT_U16(5)
+#define IPV4_OPT_FLAG_LSRR   BIT_U16(6)
+#define IPV4_OPT_FLAG_SSRR   BIT_U16(7)
+#define IPV4_OPT_FLAG_SID    BIT_U16(8)
+#define IPV4_OPT_FLAG_SEC    BIT_U16(9)
+#define IPV4_OPT_FLAG_CIPSO  BIT_U16(10)
+#define IPV4_OPT_FLAG_RTRALT BIT_U16(11)
+#define IPV4_OPT_FLAG_ESEC   BIT_U16(12)

 /* helper structure with parsed ipv4 info */
 typedef struct IPV4Vars_ {
--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@ -162,11 +162,7 @@ static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
    if (!de || !PKT_IS_IPV4(p) || PKT_IS_PSEUDOPKT(p))
        return 0;

-    if (p->ip4vars.opts_set & de->ipopt) {
-        return 1;
-    }
-
-    return 0;
+    return (p->ip4vars.opts_set & de->ipopt) == de->ipopt;
 }

 /**