suricata
decode-icmpv6.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DECODE_ICMPV6_H__
25 #define __DECODE_ICMPV6_H__
26 
27 #include "decode-tcp.h"
28 #include "decode-sctp.h"
29 #include "decode-udp.h"
30 #include "decode-ipv6.h"
31 
32 #define ICMPV6_HEADER_LEN 8
33 #define ICMPV6_HEADER_PKT_OFFSET 8
34 
35 /** ICMPV6 Message Types: */
36 /** Error Messages: (type <128) */
37 #define ICMP6_DST_UNREACH 1
38 #define ICMP6_PACKET_TOO_BIG 2
39 #define ICMP6_TIME_EXCEEDED 3
40 #define ICMP6_PARAM_PROB 4
41 
42 /** Informational Messages (type>=128) */
43 #define ICMP6_ECHO_REQUEST 128
44 #define ICMP6_ECHO_REPLY 129
45 
46 #define MLD_LISTENER_QUERY 130
47 #define MLD_LISTENER_REPORT 131
48 #define MLD_LISTENER_REDUCTION 132
49 
50 #define ND_ROUTER_SOLICIT 133
51 #define ND_ROUTER_ADVERT 134
52 #define ND_NEIGHBOR_SOLICIT 135
53 #define ND_NEIGHBOR_ADVERT 136
54 #define ND_REDIRECT 137
55 
56 #define ICMP6_RR 138
57 #define ICMP6_NI_QUERY 139
58 #define ICMP6_NI_REPLY 140
59 #define ND_INVERSE_SOLICIT 141
60 #define ND_INVERSE_ADVERT 142
61 #define MLD_V2_LIST_REPORT 143
62 #define HOME_AGENT_AD_REQUEST 144
63 #define HOME_AGENT_AD_REPLY 145
64 #define MOBILE_PREFIX_SOLICIT 146
65 #define MOBILE_PREFIX_ADVERT 147
66 #define CERT_PATH_SOLICIT 148
67 #define CERT_PATH_ADVERT 149
68 #define ICMP6_MOBILE_EXPERIMENTAL 150
69 #define MC_ROUTER_ADVERT 151
70 #define MC_ROUTER_SOLICIT 152
71 #define MC_ROUTER_TERMINATE 153
72 #define FMIPV6_MSG 154
73 #define RPL_CONTROL_MSG 155
74 #define LOCATOR_UDATE_MSG 156
75 #define DUPL_ADDR_REQUEST 157
76 #define DUPL_ADDR_CONFIRM 158
77 #define MPL_CONTROL_MSG 159
78 
79 /** Destination Unreachable Message (type=1) Code: */
80 
81 #define ICMP6_DST_UNREACH_NOROUTE 0 /* no route to destination */
82 #define ICMP6_DST_UNREACH_ADMIN 1 /* communication with destination */
83  /* administratively prohibited */
84 #define ICMP6_DST_UNREACH_BEYONDSCOPE 2 /* beyond scope of source address */
85 #define ICMP6_DST_UNREACH_ADDR 3 /* address unreachable */
86 #define ICMP6_DST_UNREACH_NOPORT 4 /* bad port */
87 #define ICMP6_DST_UNREACH_FAILEDPOLICY 5 /* Source address failed ingress/egress policy */
88 #define ICMP6_DST_UNREACH_REJECTROUTE 6 /* Reject route to destination */
89 
90 
91 /** Time Exceeded Message (type=3) Code: */
92 #define ICMP6_TIME_EXCEED_TRANSIT 0 /* Hop Limit == 0 in transit */
93 #define ICMP6_TIME_EXCEED_REASSEMBLY 1 /* Reassembly time out */
94 
95 /** Parameter Problem Message (type=4) Code: */
96 #define ICMP6_PARAMPROB_HEADER 0 /* erroneous header field */
97 #define ICMP6_PARAMPROB_NEXTHEADER 1 /* unrecognized Next Header */
98 #define ICMP6_PARAMPROB_OPTION 2 /* unrecognized IPv6 option */
99 
100 
101 /** macro for icmpv6 "type" access */
102 #define ICMPV6_GET_TYPE(p) (p)->icmpv6h->type
103 /** macro for icmpv6 "code" access */
104 #define ICMPV6_GET_CODE(p) (p)->icmpv6h->code
105 /** macro for icmpv6 "csum" access */
106 #define ICMPV6_GET_RAW_CSUM(p) SCNtohs((p)->icmpv6h->csum)
107 #define ICMPV6_GET_CSUM(p) (p)->icmpv6h->csum
108 
109 /** If message is informational */
110 /** macro for icmpv6 "id" access */
111 #define ICMPV6_GET_ID(p) (p)->icmpv6vars.id
112 /** macro for icmpv6 "seq" access */
113 #define ICMPV6_GET_SEQ(p) (p)->icmpv6vars.seq
114 
115 /** If message is Error */
116 /** macro for icmpv6 "unused" access */
117 #define ICMPV6_GET_UNUSED(p) (p)->icmpv6h->icmpv6b.icmpv6e.unused
118 /** macro for icmpv6 "error_ptr" access */
119 #define ICMPV6_GET_ERROR_PTR(p) (p)->icmpv6h->icmpv6b.icmpv6e.error_ptr
120 /** macro for icmpv6 "mtu" access */
121 #define ICMPV6_GET_MTU(p) (p)->icmpv6h->icmpv6b.icmpv6e.mtu
122 
123 /** macro for icmpv6 embedded "protocol" access */
124 #define ICMPV6_GET_EMB_PROTO(p) (p)->icmpv6vars.emb_ip6_proto_next
125 /** macro for icmpv6 embedded "ipv6h" header access */
126 #define ICMPV6_GET_EMB_IPV6(p) (p)->icmpv6vars.emb_ipv6h
127 /** macro for icmpv6 embedded "tcph" header access */
128 #define ICMPV6_GET_EMB_TCP(p) (p)->icmpv6vars.emb_tcph
129 /** macro for icmpv6 embedded "udph" header access */
130 #define ICMPV6_GET_EMB_UDP(p) (p)->icmpv6vars.emb_udph
131 /** macro for icmpv6 embedded "icmpv6h" header access */
132 #define ICMPV6_GET_EMB_icmpv6h(p) (p)->icmpv6vars.emb_icmpv6h
133 
134 typedef struct ICMPV6Info_
135 {
136  uint16_t id;
137  uint16_t seq;
138 } ICMPV6Info;
139 
140 /** ICMPv6 header structure */
141 typedef struct ICMPV6Hdr_
142 {
143  uint8_t type;
144  uint8_t code;
145  uint16_t csum;
146 
147  union {
148  ICMPV6Info icmpv6i; /** Informational message */
149  union
150  {
151  uint32_t unused; /** for types 1 and 3, should be zero */
152  uint32_t error_ptr; /** for type 4, pointer to the octet that originate the error */
153  uint32_t mtu; /** for type 2, the Maximum Transmission Unit of the next-hop link */
154  } icmpv6e; /** Error Message */
155  } icmpv6b;
156 } ICMPV6Hdr;
157 
158 /** Data available from the decoded packet */
159 typedef struct ICMPV6Vars_ {
160  /* checksum of the icmpv6 packet */
161  uint16_t id;
162  uint16_t seq;
163  uint32_t mtu;
164  uint32_t error_ptr;
165 
166  /** Pointers to the embedded packet headers */
167  IPV6Hdr *emb_ipv6h;
168  TCPHdr *emb_tcph;
169  UDPHdr *emb_udph;
171 
172  /** IPv6 src and dst address */
173  uint32_t emb_ip6_src[4];
174  uint32_t emb_ip6_dst[4];
176 
177  /** TCP/UDP ports */
178  uint16_t emb_sport;
179  uint16_t emb_dport;
180 
181 } ICMPV6Vars;
182 
183 
184 #define CLEAR_ICMPV6_PACKET(p) do { \
185  (p)->level4_comp_csum = -1; \
186  PACKET_CLEAR_L4VARS((p)); \
187  (p)->icmpv6h = NULL; \
188 } while(0)
189 
190 void DecodeICMPV6RegisterTests(void);
191 
192 int ICMPv6GetCounterpart(uint8_t type);
193 
194 /** -------- Inline functions --------- */
195 static inline uint16_t ICMPV6CalculateChecksum(uint16_t *, uint16_t *, uint16_t);
196 
197 /**
198  * \brief Calculates the checksum for the ICMPV6 packet
199  *
200  * \param shdr Pointer to source address field from the IPV6 packet. Used as a
201  * part of the psuedoheader for computing the checksum
202  * \param pkt Pointer to the start of the ICMPV6 packet
203  * \param tlen Total length of the ICMPV6 packet(header + payload)
204  *
205  * \retval csum Checksum for the ICMPV6 packet
206  */
207 static inline uint16_t ICMPV6CalculateChecksum(uint16_t *shdr, uint16_t *pkt,
208  uint16_t tlen)
209 {
210  uint16_t pad = 0;
211  uint32_t csum = shdr[0];
212 
213  csum += shdr[1] + shdr[2] + shdr[3] + shdr[4] + shdr[5] + shdr[6] +
214  shdr[7] + shdr[8] + shdr[9] + shdr[10] + shdr[11] + shdr[12] +
215  shdr[13] + shdr[14] + shdr[15] + htons(58 + tlen);
216 
217  csum += pkt[0];
218 
219  tlen -= 4;
220  pkt += 2;
221 
222  while (tlen >= 64) {
223  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
224  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
225  pkt[14] + pkt[15] + pkt[16] + pkt[17] + pkt[18] + pkt[19] +
226  pkt[20] + pkt[21] + pkt[22] + pkt[23] + pkt[24] + pkt[25] +
227  pkt[26] + pkt[27] + pkt[28] + pkt[29] + pkt[30] + pkt[31];
228  tlen -= 64;
229  pkt += 32;
230  }
231 
232  while (tlen >= 32) {
233  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +
234  pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +
235  pkt[14] + pkt[15];
236  tlen -= 32;
237  pkt += 16;
238  }
239 
240  while(tlen >= 8) {
241  csum += pkt[0] + pkt[1] + pkt[2] + pkt[3];
242  tlen -= 8;
243  pkt += 4;
244  }
245 
246  while(tlen >= 4) {
247  csum += pkt[0] + pkt[1];
248  tlen -= 4;
249  pkt += 2;
250  }
251 
252  while (tlen > 1) {
253  csum += pkt[0];
254  tlen -= 2;
255  pkt += 1;
256  }
257 
258  if (tlen == 1) {
259  *(uint8_t *)(&pad) = (*(uint8_t *)pkt);
260  csum += pad;
261  }
262 
263  csum = (csum >> 16) + (csum & 0x0000FFFF);
264  csum += (csum >> 16);
265 
266  return (uint16_t) ~csum;
267 }
268 
269 
270 #endif /* __DECODE_ICMPV6_H__ */
271 
uint16_t csum
uint16_t seq
uint32_t unused
uint16_t emb_dport
void DecodeICMPV6RegisterTests(void)
Registers ICMPV6 unit tests.
uint8_t code
uint16_t pad
IPV6Hdr * emb_ipv6h
uint16_t id
uint8_t emb_ip6_proto_next
struct ICMPV6Vars_ ICMPV6Vars
struct ICMPV6Hdr_ ICMPV6Hdr
uint16_t id
uint32_t mtu
uint16_t type
struct ICMPV6Info_ ICMPV6Info
uint32_t mtu
ICMPV6Hdr * emb_icmpv6h
uint8_t type
int ICMPv6GetCounterpart(uint8_t type)
TCPHdr * emb_tcph
ICMPV6Info icmpv6i
uint16_t emb_sport
UDPHdr * emb_udph
uint16_t seq
uint32_t error_ptr
uint32_t error_ptr