suricata
decode-chdlc.c
Go to the documentation of this file.
1 /* Copyright (C) 2020-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  *
30  * Decode Cisco HDLC
31  */
32 
33 #include "suricata-common.h"
34 #include "decode.h"
35 #include "decode-chdlc.h"
36 #include "decode-events.h"
37 
38 #include "util-validate.h"
39 #include "util-unittest.h"
40 #include "util-debug.h"
41 
42 int DecodeCHDLC(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
43  const uint8_t *pkt, uint32_t len)
44 {
45  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
46 
47  StatsIncr(tv, dtv->counter_chdlc);
48 
49  if (unlikely(len < CHDLC_HEADER_LEN)) {
50  ENGINE_SET_INVALID_EVENT(p, CHDLC_PKT_TOO_SMALL);
51  return TM_ECODE_FAILED;
52  }
53 
54  if (unlikely(len > CHDLC_HEADER_LEN + USHRT_MAX)) {
55  return TM_ECODE_FAILED;
56  }
57  if (!PacketIncreaseCheckLayers(p)) {
58  return TM_ECODE_FAILED;
59  }
60 
61  CHDLCHdr *hdr = (CHDLCHdr *)pkt;
62 
63  SCLogDebug("p %p pkt %p ether type %04x", p, pkt, SCNtohs(hdr->protocol));
64 
65  DecodeNetworkLayer(tv, dtv, SCNtohs(hdr->protocol), p,
66  pkt + CHDLC_HEADER_LEN, len - CHDLC_HEADER_LEN);
67 
68  return TM_ECODE_OK;
69 }
70 
71 #ifdef UNITTESTS
72 static int DecodeCHDLCTest01 (void)
73 {
74  uint8_t raw[] = { 0x0f,0x00,0x08,0x00, // HDLC
75  0x45,0x00,0x00,0x30,0x15,0x5a,0x40,0x00,0x80,0x06,
76  0x6c,0xd0,0xc0,0xa8,0x02,0x07,0x41,0x37,0x74,0xb7,
77  0x13,0x4a,0x00,0x50,0x9c,0x34,0x09,0x6c,0x00,0x00,
78  0x00,0x00,0x70,0x02,0x40,0x00,0x11,0x47,0x00,0x00,
79  0x02,0x04,0x05,0xb4,0x01,0x01,0x04,0x02 };
80 
81  Packet *p = PacketGetFromAlloc();
82  FAIL_IF_NULL(p);
83  ThreadVars tv;
84  DecodeThreadVars dtv;
85 
86  memset(&dtv, 0, sizeof(DecodeThreadVars));
87  memset(&tv, 0, sizeof(ThreadVars));
88 
89  DecodeCHDLC(&tv, &dtv, p, raw, sizeof(raw));
90 
91  FAIL_IF_NOT(PacketIsIPv4(p));
92  FAIL_IF_NOT(PacketIsTCP(p));
93  FAIL_IF_NOT(p->dp == 80);
94 
95  SCFree(p);
96  PASS;
97 }
98 #endif /* UNITTESTS */
99 
100 
101 /**
102  * \brief Registers Ethernet unit tests
103  * \todo More Ethernet tests
104  */
105 void DecodeCHDLCRegisterTests(void)
106 {
107 #ifdef UNITTESTS
108  UtRegisterTest("DecodeCHDLCTest01", DecodeCHDLCTest01);
109 #endif /* UNITTESTS */
110 }
111 /**
112  * @}
113  */
len
uint8_t len
Definition: app-layer-dnp3.h:2
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
CHDLC_PKT_TOO_SMALL
@ CHDLC_PKT_TOO_SMALL
Definition: decode-events.h:210
DecodeCHDLC
int DecodeCHDLC(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-chdlc.c:42
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
util-unittest.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
decode.h
util-debug.h
DecodeCHDLCRegisterTests
void DecodeCHDLCRegisterTests(void)
Registers Ethernet unit tests.
Definition: decode-chdlc.c:105
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
CHDLCHdr_::protocol
uint16_t protocol
Definition: decode-chdlc.h:32
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
Packet_
Definition: decode.h:473
decode-events.h
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
DecodeThreadVars_::counter_chdlc
uint16_t counter_chdlc
Definition: decode.h:944
CHDLC_HEADER_LEN
#define CHDLC_HEADER_LEN
Definition: decode-chdlc.h:27
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:414
suricata-common.h
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
util-validate.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:232
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:929
CHDLCHdr_
Definition: decode-chdlc.h:29
decode-chdlc.h
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1154
Packet_::dp
Port dp
Definition: decode.h:488
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102