suricata
decode-icmpv6.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DECODE_ICMPV6_H__
25 #define __DECODE_ICMPV6_H__
26 
27 #include "decode-tcp.h"
28 #include "decode-udp.h"
29 #include "decode-ipv6.h"
30 
31 #define ICMPV6_HEADER_LEN 8
32 #define ICMPV6_HEADER_PKT_OFFSET 8
33 
34 /** ICMPV6 Message Types: */
35 /** Error Messages: (type <128) */
36 #define ICMP6_DST_UNREACH 1
37 #define ICMP6_PACKET_TOO_BIG 2
38 #define ICMP6_TIME_EXCEEDED 3
39 #define ICMP6_PARAM_PROB 4
40 
41 /** Informational Messages (type>=128) */
42 #define ICMP6_ECHO_REQUEST 128
43 #define ICMP6_ECHO_REPLY 129
44 
45 #define MLD_LISTENER_QUERY 130
46 #define MLD_LISTENER_REPORT 131
47 #define MLD_LISTENER_REDUCTION 132
48 
49 #define ND_ROUTER_SOLICIT 133
50 #define ND_ROUTER_ADVERT 134
51 #define ND_NEIGHBOR_SOLICIT 135
52 #define ND_NEIGHBOR_ADVERT 136
53 #define ND_REDIRECT 137
54 
55 #define ICMP6_RR 138
56 #define ICMP6_NI_QUERY 139
57 #define ICMP6_NI_REPLY 140
58 #define ND_INVERSE_SOLICIT 141
59 #define ND_INVERSE_ADVERT 142
60 #define MLD_V2_LIST_REPORT 143
61 #define HOME_AGENT_AD_REQUEST 144
62 #define HOME_AGENT_AD_REPLY 145
63 #define MOBILE_PREFIX_SOLICIT 146
64 #define MOBILE_PREFIX_ADVERT 147
65 #define CERT_PATH_SOLICIT 148
66 #define CERT_PATH_ADVERT 149
67 #define ICMP6_MOBILE_EXPERIMENTAL 150
68 #define MC_ROUTER_ADVERT 151
69 #define MC_ROUTER_SOLICIT 152
70 #define MC_ROUTER_TERMINATE 153
71 #define FMIPV6_MSG 154
72 #define RPL_CONTROL_MSG 155
73 #define LOCATOR_UDATE_MSG 156
74 #define DUPL_ADDR_REQUEST 157
75 #define DUPL_ADDR_CONFIRM 158
76 #define MPL_CONTROL_MSG 159
77 
78 /** Destination Unreachable Message (type=1) Code: */
79 
80 #define ICMP6_DST_UNREACH_NOROUTE 0 /* no route to destination */
81 #define ICMP6_DST_UNREACH_ADMIN 1 /* communication with destination */
82  /* administratively prohibited */
83 #define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */
84 #define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */
85 #define ICMP6_DST_UNREACH_NOPORT 4 /* bad port */
86 #define ICMP6_DST_UNREACH_FAILEDPOLICY 5 /* Source address failed ingress/egress policy */
87 #define ICMP6_DST_UNREACH_REJECTROUTE 6 /* Reject route to destination */
88 
89 
90 /** Time Exceeded Message (type=3) Code: */
91 #define ICMP6_TIME_EXCEED_TRANSIT 0 /* Hop Limit == 0 in transit */
92 #define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* Reassembly time out */
93 
94 /** Parameter Problem Message (type=4) Code: */
95 #define ICMP6_PARAMPROB_HEADER 0 /* erroneous header field */
96 #define ICMP6_PARAMPROB_NEXTHEADER 1 /* unrecognized Next Header */
97 #define ICMP6_PARAMPROB_OPTION 2 /* unrecognized IPv6 option */
98 
99 
100 /** macro for icmpv6 "type" access */
101 #define ICMPV6_GET_TYPE(p) (p)->icmpv6h->type
102 /** macro for icmpv6 "code" access */
103 #define ICMPV6_GET_CODE(p) (p)->icmpv6h->code
104 /** macro for icmpv6 "csum" access */
105 #define ICMPV6_GET_RAW_CSUM(p) SCNtohs((p)->icmpv6h->csum)
106 #define ICMPV6_GET_CSUM(p) (p)->icmpv6h->csum
107 
108 /** If message is informational */
109 /** macro for icmpv6 "id" access */
110 #define ICMPV6_GET_ID(p) (p)->icmpv6vars.id
111 /** macro for icmpv6 "seq" access */
112 #define ICMPV6_GET_SEQ(p) (p)->icmpv6vars.seq
113 
114 /** If message is Error */
115 /** macro for icmpv6 "unused" access */
116 #define ICMPV6_GET_UNUSED(p) (p)->icmpv6h->icmpv6b.icmpv6e.unused
117 /** macro for icmpv6 "error_ptr" access */
118 #define ICMPV6_GET_ERROR_PTR(p) (p)->icmpv6h->icmpv6b.icmpv6e.error_ptr
119 /** macro for icmpv6 "mtu" accessibility */
120 // ICMPv6 has MTU only for type too big
121 #define ICMPV6_HAS_MTU(p) ((p)->icmpv6h->type == ICMP6_PACKET_TOO_BIG)
122 /** macro for icmpv6 "mtu" access */
123 #define ICMPV6_GET_MTU(p) SCNtohl((p)->icmpv6h->icmpv6b.icmpv6e.mtu)
124 
125 /** macro for icmpv6 embedded "protocol" access */
126 #define ICMPV6_GET_EMB_PROTO(p) (p)->icmpv6vars.emb_ip6_proto_next
127 /** macro for icmpv6 embedded "ipv6h" header access */
128 #define ICMPV6_GET_EMB_IPV6(p) (p)->icmpv6vars.emb_ipv6h
129 /** macro for icmpv6 embedded "tcph" header access */
130 #define ICMPV6_GET_EMB_TCP(p) (p)->icmpv6vars.emb_tcph
131 /** macro for icmpv6 embedded "udph" header access */
132 #define ICMPV6_GET_EMB_UDP(p) (p)->icmpv6vars.emb_udph
133 /** macro for icmpv6 embedded "icmpv6h" header access */
134 #define ICMPV6_GET_EMB_icmpv6h(p) (p)->icmpv6vars.emb_icmpv6h
135 
136 typedef struct ICMPV6Info_
137 {
138  uint16_t id;
139  uint16_t seq;
141 
142 /** ICMPv6 header structure */
143 typedef struct ICMPV6Hdr_
144 {
145  uint8_t type;
146  uint8_t code;
147  uint16_t csum;
148 
149  union {
150  ICMPV6Info icmpv6i; /** Informational message */
151  union
152  {
153  uint32_t unused; /** for types 1 and 3, should be zero */
154  uint32_t error_ptr; /** for type 4, pointer to the octet that originate the error */
155  uint32_t mtu; /** for type 2, the Maximum Transmission Unit of the next-hop link */
156  } icmpv6e; /** Error Message */
159 
160 /** Data available from the decoded packet */
161 typedef struct ICMPV6Vars_ {
162  /* checksum of the icmpv6 packet */
163  uint16_t id;
164  uint16_t seq;
165  uint32_t mtu;
166  uint32_t error_ptr;
167 
168  /** Pointers to the embedded packet headers */
170  TCPHdr *emb_tcph;
171  UDPHdr *emb_udph;
173 
174  /** IPv6 src and dst address */
175  uint32_t emb_ip6_src[4];
176  uint32_t emb_ip6_dst[4];
178 
179  /** TCP/UDP ports */
180  uint16_t emb_sport;
181  uint16_t emb_dport;
182 
184 
185 
186 #define CLEAR_ICMPV6_PACKET(p) do { \
187  (p)->level4_comp_csum = -1; \
188  PACKET_CLEAR_L4VARS((p)); \
189  (p)->icmpv6h = NULL; \
190 } while(0)
191 
192 void DecodeICMPV6RegisterTests(void);
193 
194 int ICMPv6GetCounterpart(uint8_t type);
195 
196 /** -------- Inline functions --------- */
197 
198 /**
199  * \brief Calculates the checksum for the ICMPV6 packet
200  *
201  * \param shdr Pointer to source address field from the IPV6 packet. Used as a
202  * part of the psuedoheader for computing the checksum
203  * \param pkt Pointer to the start of the ICMPV6 packet
204  * \param tlen Total length of the ICMPV6 packet(header + payload)
205  *
206  * \retval csum Checksum for the ICMPV6 packet
207  */
208 static inline uint16_t ICMPV6CalculateChecksum(
209  const uint16_t *shdr, const uint16_t *pkt, uint16_t tlen)
210 {
211  uint16_t pad = 0;
212  uint32_t csum = shdr[0];
213 
214  csum += shdr[1] + shdr[2] + shdr[3] + shdr[4] + shdr[5] + shdr[6] +
215  shdr[7] + shdr[8] + shdr[9] + shdr[10] + shdr[11] + shdr[12] +
216  shdr[13] + shdr[14] + shdr[15] + htons(58 + tlen);
217 
218  csum += pkt[0];
219 
220  tlen -= 4;
221  pkt += 2;
222 
223  while (tlen >= 64) {
224  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
225  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
226  pkt[14] + pkt[15] + pkt[16] + pkt[17] + pkt[18] + pkt[19] +
227  pkt[20] + pkt[21] + pkt[22] + pkt[23] + pkt[24] + pkt[25] +
228  pkt[26] + pkt[27] + pkt[28] + pkt[29] + pkt[30] + pkt[31];
229  tlen -= 64;
230  pkt += 32;
231  }
232 
233  while (tlen >= 32) {
234  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
235  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
236  pkt[14] + pkt[15];
237  tlen -= 32;
238  pkt += 16;
239  }
240 
241  while(tlen >= 8) {
242  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3];
243  tlen -= 8;
244  pkt += 4;
245  }
246 
247  while(tlen >= 4) {
248  csum += pkt[0] + pkt[1];
249  tlen -= 4;
250  pkt += 2;
251  }
252 
253  while (tlen > 1) {
254  csum += pkt[0];
255  tlen -= 2;
256  pkt += 1;
257  }
258 
259  if (tlen == 1) {
260  *(uint8_t *)(&pad) = (*(uint8_t *)pkt);
261  csum += pad;
262  }
263 
264  csum = (csum >> 16) + (csum & 0x0000FFFF);
265  csum += (csum >> 16);
266 
267  return (uint16_t) ~csum;
268 }
269 
270 #endif /* __DECODE_ICMPV6_H__ */
ICMPV6Vars_::emb_ip6_src
uint32_t emb_ip6_src[4]
Definition: decode-icmpv6.h:175
decode-tcp.h
ICMPV6Hdr_::type
uint8_t type
Definition: decode-icmpv6.h:145
ICMPV6Hdr_::error_ptr
uint32_t error_ptr
Definition: decode-icmpv6.h:154
ICMPV6Hdr
struct ICMPV6Hdr_ ICMPV6Hdr
ICMPV6Hdr_::icmpv6e
union ICMPV6Hdr_::@24::@25 icmpv6e
ICMPV6Vars_::emb_tcph
TCPHdr * emb_tcph
Definition: decode-icmpv6.h:170
ICMPV6Info_::id
uint16_t id
Definition: decode-icmpv6.h:138
ICMPV6Info
struct ICMPV6Info_ ICMPV6Info
ICMPV6Hdr_::csum
uint16_t csum
Definition: decode-icmpv6.h:147
decode-udp.h
ICMPV6Hdr_::unused
uint32_t unused
Definition: decode-icmpv6.h:153
ICMPV6Vars_::emb_sport
uint16_t emb_sport
Definition: decode-icmpv6.h:180
DecodeICMPV6RegisterTests
void DecodeICMPV6RegisterTests(void)
Registers ICMPV6 unit tests.
Definition: decode-icmpv6.c:1554
pad
uint16_t pad
Definition: source-erf-file.c:61
decode-ipv6.h
ICMPV6Hdr_::mtu
uint32_t mtu
Definition: decode-icmpv6.h:155
ICMPV6Hdr_::icmpv6b
union ICMPV6Hdr_::@24 icmpv6b
type
uint8_t type
Definition: decode-icmpv4.h:0
ICMPV6Vars_::error_ptr
uint32_t error_ptr
Definition: decode-icmpv6.h:166
ICMPV6Vars_::emb_ip6_proto_next
uint8_t emb_ip6_proto_next
Definition: decode-icmpv6.h:177
ICMPV6Hdr_::code
uint8_t code
Definition: decode-icmpv6.h:146
ICMPV6Vars
struct ICMPV6Vars_ ICMPV6Vars
ICMPV6Info_::seq
uint16_t seq
Definition: decode-icmpv6.h:139
IPV6Hdr_
Definition: decode-ipv6.h:32
ICMPV6Vars_::emb_dport
uint16_t emb_dport
Definition: decode-icmpv6.h:181
ICMPV6Vars_::emb_udph
UDPHdr * emb_udph
Definition: decode-icmpv6.h:171
ICMPV6Hdr_
Definition: decode-icmpv6.h:144
ICMPV6Vars_
Definition: decode-icmpv6.h:161
ICMPv6GetCounterpart
int ICMPv6GetCounterpart(uint8_t type)
Definition: decode-icmpv6.c:146
ICMPV6Vars_::seq
uint16_t seq
Definition: decode-icmpv6.h:164
ICMPV6Vars_::emb_ip6_dst
uint32_t emb_ip6_dst[4]
Definition: decode-icmpv6.h:176
ICMPV6Vars_::mtu
uint32_t mtu
Definition: decode-icmpv6.h:165
ICMPV6Vars_::id
uint16_t id
Definition: decode-icmpv6.h:163
ICMPV6Hdr_::icmpv6i
ICMPV6Info icmpv6i
Definition: decode-icmpv6.h:150
ICMPV6Vars_::emb_ipv6h
IPV6Hdr * emb_ipv6h
Definition: decode-icmpv6.h:169
ICMPV6Vars_::emb_icmpv6h
ICMPV6Hdr * emb_icmpv6h
Definition: decode-icmpv6.h:172
ICMPV6Info_
Definition: decode-icmpv6.h:137