ipv4 decoder: set 'invalid' event on icmpv6

ICMPv6 on IPv4 is invalid, so if we encounter this we set an event
and flag the packet as invalid.

Ticket #1105.

rules/decoder-events.rules

@@ -8,6 +8,7 @@ alert pkthdr any any -> any any (msg:"SURICATA IPv4 invalid option"; decode-even
 alert pkthdr any any -> any any (msg:"SURICATA IPv4 invalid option length"; decode-event:ipv4.opt_invalid_len; sid:2200005; rev:1;)
 alert pkthdr any any -> any any (msg:"SURICATA IPv4 malformed option"; decode-event:ipv4.opt_malformed; sid:2200006; rev:1;)
 #alert pkthdr any any -> any any (msg:"SURICATA IPv4 padding required "; decode-event:ipv4.opt_pad_required; sid:2200007; rev:1;)
+alert pkthdr any any -> any any (msg:"SURICATA IPv4 with ICMPv6 header"; decode-event:ipv4.icmpv6; sid:2200092; rev:1;)
 alert pkthdr any any -> any any (msg:"SURICATA IPv4 option end of list required"; decode-event:ipv4.opt_eol_required; sid:2200008; rev:1;)
 alert pkthdr any any -> any any (msg:"SURICATA IPv4 duplicated IP option"; decode-event:ipv4.opt_duplicate; sid:2200009; rev:1;)
 alert pkthdr any any -> any any (msg:"SURICATA IPv4 unknown IP option"; decode-event:ipv4.opt_unknown; sid:2200010; rev:1;)
@@ -105,5 +106,5 @@ alert pkthdr any any -> any any (msg:"SURICATA IPv4-in-IPv6 invalid protocol"; d
 alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 packet too short"; decode-event:ipv6.ipv6_in_ipv6_too_small; sid:2200084; rev:1;)
 alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; sid:2200085; rev:1;)
 
-# next sid is 2200092
+# next sid is 2200093
 

src/decode-events.h

@@ -42,6 +42,7 @@ enum {
     IPV4_OPT_DUPLICATE,             /**< duplicated ip option */
     IPV4_OPT_UNKNOWN,               /**< unknown ip option */
     IPV4_WRONG_IP_VER,              /**< wrong ip version in ip options */
+    IPV4_WITH_ICMPV6,               /**< IPv4 packet with ICMPv6 header */
 
     /* ICMP EVENTS */
     ICMPV4_PKT_TOO_SMALL,           /**< icmpv4 packet smaller than minimum size */

src/decode-ipv4.c

@@ -594,6 +594,9 @@ int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
                           IPV4_GET_IPLEN(p) -  IPV4_GET_HLEN(p), pq);
             }
             break;
+        case IPPROTO_ICMPV6:
+            ENGINE_SET_INVALID_EVENT(p, IPV4_WITH_ICMPV6);
+            break;
     }
 
     return TM_ECODE_OK;

src/detect-engine-event.h

@@ -55,6 +55,7 @@ struct DetectEngineEvents_ {
     { "ipv4.opt_duplicate", IPV4_OPT_DUPLICATE, },
     { "ipv4.opt_unknown", IPV4_OPT_UNKNOWN, },
     { "ipv4.wrong_ip_version", IPV4_WRONG_IP_VER, },
+    { "ipv4.icmpv6", IPV4_WITH_ICMPV6, },
 
     /* ICMP EVENTS */
     { "icmpv4.pkt_too_small", ICMPV4_PKT_TOO_SMALL, },