suricata
decode-icmpv6.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef SURICATA_DECODE_ICMPV6_H
25 #define SURICATA_DECODE_ICMPV6_H
26 
27 #include "decode-tcp.h"
28 #include "decode-udp.h"
29 #include "decode-ipv6.h"
30 
31 #define ICMPV6_HEADER_LEN 8
32 #define ICMPV6_HEADER_PKT_OFFSET 8
33 
34 /** ICMPV6 Message Types: */
35 /** Error Messages: (type <128) */
36 #define ICMP6_DST_UNREACH 1
37 #define ICMP6_PACKET_TOO_BIG 2
38 #define ICMP6_TIME_EXCEEDED 3
39 #define ICMP6_PARAM_PROB 4
40 
41 /** Informational Messages (type>=128) */
42 #define ICMP6_ECHO_REQUEST 128
43 #define ICMP6_ECHO_REPLY 129
44 
45 #define MLD_LISTENER_QUERY 130
46 #define MLD_LISTENER_REPORT 131
47 #define MLD_LISTENER_REDUCTION 132
48 
49 #define ND_ROUTER_SOLICIT 133
50 #define ND_ROUTER_ADVERT 134
51 #define ND_NEIGHBOR_SOLICIT 135
52 #define ND_NEIGHBOR_ADVERT 136
53 #define ND_REDIRECT 137
54 
55 #define ICMP6_RR 138
56 #define ICMP6_NI_QUERY 139
57 #define ICMP6_NI_REPLY 140
58 #define ND_INVERSE_SOLICIT 141
59 #define ND_INVERSE_ADVERT 142
60 #define MLD_V2_LIST_REPORT 143
61 #define HOME_AGENT_AD_REQUEST 144
62 #define HOME_AGENT_AD_REPLY 145
63 #define MOBILE_PREFIX_SOLICIT 146
64 #define MOBILE_PREFIX_ADVERT 147
65 #define CERT_PATH_SOLICIT 148
66 #define CERT_PATH_ADVERT 149
67 #define ICMP6_MOBILE_EXPERIMENTAL 150
68 #define MC_ROUTER_ADVERT 151
69 #define MC_ROUTER_SOLICIT 152
70 #define MC_ROUTER_TERMINATE 153
71 #define FMIPV6_MSG 154
72 #define RPL_CONTROL_MSG 155
73 #define LOCATOR_UDATE_MSG 156
74 #define DUPL_ADDR_REQUEST 157
75 #define DUPL_ADDR_CONFIRM 158
76 #define MPL_CONTROL_MSG 159
77 
78 /** Destination Unreachable Message (type=1) Code: */
79 
80 #define ICMP6_DST_UNREACH_NOROUTE 0 /* no route to destination */
81 #define ICMP6_DST_UNREACH_ADMIN 1 /* communication with destination */
82  /* administratively prohibited */
83 #define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */
84 #define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */
85 #define ICMP6_DST_UNREACH_NOPORT 4 /* bad port */
86 #define ICMP6_DST_UNREACH_FAILEDPOLICY 5 /* Source address failed ingress/egress policy */
87 #define ICMP6_DST_UNREACH_REJECTROUTE 6 /* Reject route to destination */
88 
89 
90 /** Time Exceeded Message (type=3) Code: */
91 #define ICMP6_TIME_EXCEED_TRANSIT 0 /* Hop Limit == 0 in transit */
92 #define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* Reassembly time out */
93 
94 /** Parameter Problem Message (type=4) Code: */
95 #define ICMP6_PARAMPROB_HEADER 0 /* erroneous header field */
96 #define ICMP6_PARAMPROB_NEXTHEADER 1 /* unrecognized Next Header */
97 #define ICMP6_PARAMPROB_OPTION 2 /* unrecognized IPv6 option */
98 
99 
100 /** macro for icmpv6 "type" access */
101 #define ICMPV6_GET_TYPE(icmp6h) (icmp6h)->type
102 /** macro for icmpv6 "code" access */
103 #define ICMPV6_GET_CODE(icmp6h) (icmp6h)->code
104 
105 /** If message is informational */
106 /** macro for icmpv6 "id" access */
107 #define ICMPV6_GET_ID(p) (p)->l4.vars.icmpv6.id
108 /** macro for icmpv6 "seq" access */
109 #define ICMPV6_GET_SEQ(p) (p)->l4.vars.icmpv6.seq
110 
111 /** If message is Error */
112 /** macro for icmpv6 "mtu" accessibility */
113 // ICMPv6 has MTU only for type too big
114 #define ICMPV6_HAS_MTU(icmp6h) ((icmp6h)->type == ICMP6_PACKET_TOO_BIG)
115 /** macro for icmpv6 "mtu" access */
116 #define ICMPV6_GET_MTU(icmp6h) SCNtohl((icmp6h)->icmpv6b.icmpv6e.mtu)
117 
118 /** macro for icmpv6 embedded "protocol" access */
119 #define ICMPV6_GET_EMB_PROTO(p) (p)->l4.vars.icmpv6.emb_ip6_proto_next
120 
121 typedef struct ICMPV6Info_
122 {
123  uint16_t id;
124  uint16_t seq;
126 
127 /** ICMPv6 header structure */
128 typedef struct ICMPV6Hdr_
129 {
130  uint8_t type;
131  uint8_t code;
132  uint16_t csum;
133 
134  union {
135  ICMPV6Info icmpv6i; /** Informational message */
136  union
137  {
138  uint32_t unused; /** for types 1 and 3, should be zero */
139  uint32_t error_ptr; /** for type 4, pointer to the octet that originate the error */
140  uint32_t mtu; /** for type 2, the Maximum Transmission Unit of the next-hop link */
141  } icmpv6e; /** Error Message */
144 
145 /** Data available from the decoded packet */
146 typedef struct ICMPV6Vars_ {
147  /* checksum of the icmpv6 packet */
148  uint16_t id;
149  uint16_t seq;
150  uint32_t mtu;
151 
153 
155  /** TCP/UDP ports */
156  uint16_t emb_sport;
157  uint16_t emb_dport;
158 
159  /** offset of the embedded packet header */
160  uint16_t emb_ip6h_offset;
162 
163 void DecodeICMPV6RegisterTests(void);
164 
165 int ICMPv6GetCounterpart(uint8_t type);
166 
167 /** -------- Inline functions --------- */
168 
169 /**
170  * \brief Calculates the checksum for the ICMPV6 packet
171  *
172  * \param shdr Pointer to source address field from the IPV6 packet. Used as a
173  * part of the psuedoheader for computing the checksum
174  * \param pkt Pointer to the start of the ICMPV6 packet
175  * \param tlen Total length of the ICMPV6 packet(header + payload)
176  *
177  * \retval csum Checksum for the ICMPV6 packet
178  */
179 static inline uint16_t ICMPV6CalculateChecksum(
180  const uint16_t *shdr, const uint16_t *pkt, uint16_t tlen)
181 {
182  uint16_t pad = 0;
183  uint32_t csum = shdr[0];
184 
185  csum += shdr[1] + shdr[2] + shdr[3] + shdr[4] + shdr[5] + shdr[6] +
186  shdr[7] + shdr[8] + shdr[9] + shdr[10] + shdr[11] + shdr[12] +
187  shdr[13] + shdr[14] + shdr[15] + htons(58 + tlen);
188 
189  csum += pkt[0];
190 
191  tlen -= 4;
192  pkt += 2;
193 
194  while (tlen >= 64) {
195  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
196  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
197  pkt[14] + pkt[15] + pkt[16] + pkt[17] + pkt[18] + pkt[19] +
198  pkt[20] + pkt[21] + pkt[22] + pkt[23] + pkt[24] + pkt[25] +
199  pkt[26] + pkt[27] + pkt[28] + pkt[29] + pkt[30] + pkt[31];
200  tlen -= 64;
201  pkt += 32;
202  }
203 
204  while (tlen >= 32) {
205  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
206  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
207  pkt[14] + pkt[15];
208  tlen -= 32;
209  pkt += 16;
210  }
211 
212  while(tlen >= 8) {
213  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3];
214  tlen -= 8;
215  pkt += 4;
216  }
217 
218  while(tlen >= 4) {
219  csum += pkt[0] + pkt[1];
220  tlen -= 4;
221  pkt += 2;
222  }
223 
224  while (tlen > 1) {
225  csum += pkt[0];
226  tlen -= 2;
227  pkt += 1;
228  }
229 
230  if (tlen == 1) {
231  *(uint8_t *)(&pad) = (*(uint8_t *)pkt);
232  csum += pad;
233  }
234 
235  csum = (csum >> 16) + (csum & 0x0000FFFF);
236  csum += (csum >> 16);
237 
238  return (uint16_t) ~csum;
239 }
240 
241 #endif /* SURICATA_DECODE_ICMPV6_H */
decode-tcp.h
ICMPV6Hdr_::type
uint8_t type
Definition: decode-icmpv6.h:130
ICMPV6Hdr_::error_ptr
uint32_t error_ptr
Definition: decode-icmpv6.h:139
ICMPV6Hdr
struct ICMPV6Hdr_ ICMPV6Hdr
ICMPV6Info_::id
uint16_t id
Definition: decode-icmpv6.h:123
ICMPV6Info
struct ICMPV6Info_ ICMPV6Info
ICMPV6Hdr_::csum
uint16_t csum
Definition: decode-icmpv6.h:132
decode-udp.h
ICMPV6Hdr_::unused
uint32_t unused
Definition: decode-icmpv6.h:138
ICMPV6Vars_::emb_sport
uint16_t emb_sport
Definition: decode-icmpv6.h:156
DecodeICMPV6RegisterTests
void DecodeICMPV6RegisterTests(void)
Registers ICMPV6 unit tests.
Definition: decode-icmpv6.c:1535
pad
uint16_t pad
Definition: source-erf-file.c:61
decode-ipv6.h
ICMPV6Hdr_::mtu
uint32_t mtu
Definition: decode-icmpv6.h:140
ICMPV6Hdr_::icmpv6e
union ICMPV6Hdr_::@19::@20 icmpv6e
ICMPV6Vars_::emb_ip6_proto_next
uint8_t emb_ip6_proto_next
Definition: decode-icmpv6.h:152
ICMPV6Hdr_::code
uint8_t code
Definition: decode-icmpv6.h:131
ICMPV6Vars
struct ICMPV6Vars_ ICMPV6Vars
ICMPV6Info_::seq
uint16_t seq
Definition: decode-icmpv6.h:124
type
uint16_t type
Definition: decode-vlan.c:107
ICMPV6Vars_::emb_dport
uint16_t emb_dport
Definition: decode-icmpv6.h:157
ICMPV6Vars_::emb_ip6h_offset
uint16_t emb_ip6h_offset
Definition: decode-icmpv6.h:160
ICMPV6Vars_::emb_ports_set
bool emb_ports_set
Definition: decode-icmpv6.h:154
ICMPV6Hdr_
Definition: decode-icmpv6.h:129
ICMPV6Vars_
Definition: decode-icmpv6.h:146
ICMPv6GetCounterpart
int ICMPv6GetCounterpart(uint8_t type)
Definition: decode-icmpv6.c:145
ICMPV6Vars_::seq
uint16_t seq
Definition: decode-icmpv6.h:149
ICMPV6Vars_::mtu
uint32_t mtu
Definition: decode-icmpv6.h:150
ICMPV6Vars_::id
uint16_t id
Definition: decode-icmpv6.h:148
ICMPV6Hdr_::icmpv6b
union ICMPV6Hdr_::@19 icmpv6b
ICMPV6Hdr_::icmpv6i
ICMPV6Info icmpv6i
Definition: decode-icmpv6.h:135
ICMPV6Info_
Definition: decode-icmpv6.h:122