suricata
Data Structures | Macros | Typedefs | Functions | Variables
decode-icmpv4.h File Reference
#include "decode.h"
#include "decode-tcp.h"
#include "decode-sctp.h"
#include "decode-udp.h"
Include dependency graph for decode-icmpv4.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ICMPV4Hdr_
 
struct  ICMPV4ExtHdr_
 
struct  ICMPV4Vars_
 

Macros

#define ICMPV4_HEADER_LEN   8
 
#define ICMPV4_GET_TYPE(p)   (p)->icmpv4h->type
 
#define ICMPV4_GET_CODE(p)   (p)->icmpv4h->code
 
#define CLEAR_ICMPV4_PACKET(p)
 
#define ICMPV4_HEADER_PKT_OFFSET   8
 
#define ICMPV4_GET_TYPE(p)   (p)->icmpv4h->type
 
#define ICMPV4_GET_CODE(p)   (p)->icmpv4h->code
 
#define ICMPV4_GET_RAW_CSUM(p)   SCNtohs((p)->icmpv4h->checksum)
 
#define ICMPV4_GET_CSUM(p)   (p)->icmpv4h->checksum
 
#define ICMPV4_GET_ID(p)   ((p)->icmpv4vars.id)
 
#define ICMPV4_GET_SEQ(p)   ((p)->icmpv4vars.seq)
 
#define ICMPV4_GET_EMB_PROTO(p)   (p)->icmpv4vars.emb_ip4_proto
 
#define ICMPV4_GET_EMB_IPV4(p)   (p)->icmpv4vars.emb_ipv4h
 
#define ICMPV4_GET_EMB_TCP(p)   (p)->icmpv4vars.emb_tcph
 
#define ICMPV4_GET_EMB_UDP(p)   (p)->icmpv4vars.emb_udph
 
#define ICMPV4_GET_EMB_ICMPV4H(p)   (p)->icmpv4vars.emb_icmpv4h
 
#define ICMPV4_DEST_UNREACH_IS_VALID(p)
 
#define ICMPV4_IS_ERROR_MSG(p)
 

Typedefs

typedef struct ICMPV4ExtHdr_ ICMPV4ExtHdr
 
typedef struct ICMPV4Vars_ ICMPV4Vars
 

Functions

struct ICMPV4Hdr_ __attribute__ ((__packed__)) ICMPV4Hdr
 DNP3 link header. More...
 
void DecodeICMPV4RegisterTests (void)
 Registers ICMPV4 unit test. More...
 
int ICMPv4GetCounterpart (uint8_t type)
 

Variables

uint8_t type
 
uint8_t code
 
uint16_t checksum
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode-icmpv4.h.

Macro Definition Documentation

◆ CLEAR_ICMPV4_PACKET

#define CLEAR_ICMPV4_PACKET (   p)
Value:
do { \
(p)->level4_comp_csum = -1; \
PACKET_CLEAR_L4VARS((p)); \
(p)->icmpv4h = NULL; \
} while(0)

Definition at line 207 of file decode-icmpv4.h.

◆ ICMPV4_DEST_UNREACH_IS_VALID

#define ICMPV4_DEST_UNREACH_IS_VALID (   p)
Value:
( \
(!((p)->flags & PKT_IS_INVALID)) && \
((p)->icmpv4h != NULL) && \
(ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH) && \
(ICMPV4_GET_EMB_IPV4((p)) != NULL) && \
((ICMPV4_GET_EMB_TCP((p)) != NULL) || \
(ICMPV4_GET_EMB_UDP((p)) != NULL)))

macro for checking if a ICMP DEST UNREACH packet is valid for use in other parts of the engine, such as the flow engine.

Warning
use only after the decoder has processed the packet

Definition at line 248 of file decode-icmpv4.h.

◆ ICMPV4_GET_CODE [1/2]

#define ICMPV4_GET_CODE (   p)    (p)->icmpv4h->code

marco for icmpv4 code access

macro for icmpv4 "code" access

Definition at line 218 of file decode-icmpv4.h.

◆ ICMPV4_GET_CODE [2/2]

#define ICMPV4_GET_CODE (   p)    (p)->icmpv4h->code

marco for icmpv4 code access

macro for icmpv4 "code" access

Definition at line 218 of file decode-icmpv4.h.

◆ ICMPV4_GET_CSUM

#define ICMPV4_GET_CSUM (   p)    (p)->icmpv4h->checksum

Definition at line 221 of file decode-icmpv4.h.

◆ ICMPV4_GET_EMB_ICMPV4H

#define ICMPV4_GET_EMB_ICMPV4H (   p)    (p)->icmpv4vars.emb_icmpv4h

macro for icmpv4 embedded "icmpv4h" header access

Definition at line 241 of file decode-icmpv4.h.

◆ ICMPV4_GET_EMB_IPV4

#define ICMPV4_GET_EMB_IPV4 (   p)    (p)->icmpv4vars.emb_ipv4h

macro for icmpv4 embedded "ipv4h" header access

Definition at line 235 of file decode-icmpv4.h.

◆ ICMPV4_GET_EMB_PROTO

#define ICMPV4_GET_EMB_PROTO (   p)    (p)->icmpv4vars.emb_ip4_proto

macro for icmpv4 embedded "protocol" access

Definition at line 233 of file decode-icmpv4.h.

◆ ICMPV4_GET_EMB_TCP

#define ICMPV4_GET_EMB_TCP (   p)    (p)->icmpv4vars.emb_tcph

macro for icmpv4 embedded "tcph" header access

Definition at line 237 of file decode-icmpv4.h.

◆ ICMPV4_GET_EMB_UDP

#define ICMPV4_GET_EMB_UDP (   p)    (p)->icmpv4vars.emb_udph

macro for icmpv4 embedded "udph" header access

Definition at line 239 of file decode-icmpv4.h.

◆ ICMPV4_GET_ID

#define ICMPV4_GET_ID (   p)    ((p)->icmpv4vars.id)

macro for icmpv4 "id" access

Definition at line 226 of file decode-icmpv4.h.

◆ ICMPV4_GET_RAW_CSUM

#define ICMPV4_GET_RAW_CSUM (   p)    SCNtohs((p)->icmpv4h->checksum)

macro for icmpv4 "csum" access

Definition at line 220 of file decode-icmpv4.h.

◆ ICMPV4_GET_SEQ

#define ICMPV4_GET_SEQ (   p)    ((p)->icmpv4vars.seq)

macro for icmpv4 "seq" access

Definition at line 228 of file decode-icmpv4.h.

◆ ICMPV4_GET_TYPE [1/2]

#define ICMPV4_GET_TYPE (   p)    (p)->icmpv4h->type

marco for icmpv4 type access

macro for icmpv4 "type" access

Definition at line 216 of file decode-icmpv4.h.

◆ ICMPV4_GET_TYPE [2/2]

#define ICMPV4_GET_TYPE (   p)    (p)->icmpv4h->type

marco for icmpv4 type access

macro for icmpv4 "type" access

Definition at line 216 of file decode-icmpv4.h.

◆ ICMPV4_HEADER_LEN

#define ICMPV4_HEADER_LEN   8

Definition at line 33 of file decode-icmpv4.h.

◆ ICMPV4_HEADER_PKT_OFFSET

#define ICMPV4_HEADER_PKT_OFFSET   8

Definition at line 213 of file decode-icmpv4.h.

◆ ICMPV4_IS_ERROR_MSG

#define ICMPV4_IS_ERROR_MSG (   p)
Value:
(ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH || \
ICMPV4_GET_TYPE((p)) == ICMP_SOURCE_QUENCH || \
ICMPV4_GET_TYPE((p)) == ICMP_REDIRECT || \
ICMPV4_GET_TYPE((p)) == ICMP_TIME_EXCEEDED || \
ICMPV4_GET_TYPE((p)) == ICMP_PARAMETERPROB)

marco for checking if a ICMP packet is an error message or an query message.

Todo:
This check is used in the flow engine and needs to be as cheap as possible. Consider setting a bitflag at the decoder stage so we can to a bit check instead of the more expensive check below.

Definition at line 265 of file decode-icmpv4.h.

Typedef Documentation

◆ ICMPV4ExtHdr

typedef struct ICMPV4ExtHdr_ ICMPV4ExtHdr

◆ ICMPV4Vars

typedef struct ICMPV4Vars_ ICMPV4Vars

Function Documentation

◆ DecodeICMPV4RegisterTests()

void DecodeICMPV4RegisterTests ( void  )

Registers ICMPV4 unit test.

Definition at line 799 of file decode-icmpv4.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ ICMPv4GetCounterpart()

int ICMPv4GetCounterpart ( uint8_t  type)
Return values
typecounterpart type or -1

Definition at line 325 of file decode-icmpv4.c.

References CASE_CODE, and type.

Referenced by DecodeICMPV4().

Here is the caller graph for this function:

Variable Documentation

◆ checksum

uint16_t checksum

Definition at line 2 of file decode-icmpv4.h.

◆ code

uint8_t code

Definition at line 1 of file decode-icmpv4.h.

Referenced by DecodeRegisterPerfCounters().

◆ type

uint8_t type

Definition at line 0 of file decode-icmpv4.h.

Referenced by BloomFilterCountingInit(), DecodeNull(), DetectSigmatchListEnumToString(), DetectVarStoreMatch(), DetectVarStoreMatchKeyValue(), ICMPv4GetCounterpart(), ICMPv6GetCounterpart(), Ja3IsDisabled(), OutputRegisterStreamingLogger(), TmThreadAppend(), TmThreadGetNbThreads(), TmThreadSetCPU(), VarNameStoreLookupById(), and VarNameStoreLookupByName().

ICMPV4_GET_EMB_UDP
#define ICMPV4_GET_EMB_UDP(p)
Definition: decode-icmpv4.h:238
ICMPV4_GET_EMB_IPV4
#define ICMPV4_GET_EMB_IPV4(p)
Definition: decode-icmpv4.h:234
ICMPV4_GET_TYPE
#define ICMPV4_GET_TYPE(p)
Definition: decode-icmpv4.h:215
flags
uint8_t flags
Definition: decode-gre.h:0
ICMPV4_GET_EMB_TCP
#define ICMPV4_GET_EMB_TCP(p)
Definition: decode-icmpv4.h:236
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1103