suricata
decode-ipv4.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  * \author Brian Rectanus <brectanu@gmail.com>
30  *
31  * Decode IPv4
32  */
33 
34 #include "suricata-common.h"
35 #include "decode-ipv4.h"
36 #include "decode.h"
37 #include "defrag.h"
38 #include "flow.h"
39 #include "util-print.h"
40 
41 /* Generic validation
42  *
43  * [--type--][--len---]
44  *
45  * \todo This function needs removed in favor of specific validation.
46  *
47  * See: RFC 791
48  */
49 static int IPV4OptValidateGeneric(Packet *p, const IPV4Opt *o)
50 {
51  switch (o->type) {
52  /* See: RFC 4782 */
53  case IPV4_OPT_QS:
54  if (o->len < IPV4_OPT_QS_MIN) {
56  return -1;
57  }
58  break;
59  /* See: RFC 1108 */
60  case IPV4_OPT_SEC:
61  case IPV4_OPT_ESEC:
62  if (unlikely(o->len < IPV4_OPT_SEC_MIN)) {
64  return -1;
65  }
66  break;
67  case IPV4_OPT_SID:
68  if (o->len != IPV4_OPT_SID_LEN) {
70  return -1;
71  }
72  break;
73  /* See: RFC 2113 */
74  case IPV4_OPT_RTRALT:
75  if (o->len != IPV4_OPT_RTRALT_LEN) {
77  return -1;
78  }
79  break;
80  default:
81  /* Should never get here unless there is a coding error */
83  return -1;
84  }
85 
86  return 0;
87 }
88 
89 /* Validate route type options
90  *
91  * [--type--][--len---][--ptr---][address1]...[addressN]
92  *
93  * See: RFC 791
94  */
95 static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o)
96 {
97  uint8_t ptr;
98 
99  /* Check length */
100  if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) {
102  return -1;
103  }
104 
105  /* Data is required */
106  if (unlikely(o->data == NULL)) {
108  return -1;
109  }
110  ptr = *o->data;
111 
112  /* Address pointer is 1 based and points at least after type+len+ptr,
113  * must be a incremented by 4 bytes (address size) and cannot extend
114  * past option length.
115  */
116  if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) {
118  return -1;
119  }
120 
121  return 0;
122 }
123 
124 /* Validate timestamp type options
125  *
126  * [--type--][--len---][--ptr---][ovfl][flag][rec1----...]...[recN----...]
127  * NOTE: rec could be 4 (ts only) or 8 (ip+ts) bytes in length.
128  *
129  * See: RFC 781
130  */
131 static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o)
132 {
133  uint8_t ptr;
134  uint8_t flag;
135  uint8_t rec_size;
136 
137  /* Check length */
138  if (unlikely(o->len < IPV4_OPT_TS_MIN)) {
140  return -1;
141  }
142 
143  /* Data is required */
144  if (unlikely(o->data == NULL)) {
146  return -1;
147  }
148  ptr = *o->data;
149 
150  /* We need the flag to determine what is in the option payload */
151  if (unlikely(ptr < 5)) {
153  return -1;
154  }
155  flag = *(o->data + 1) & 0x0f;
156 
157  /* A flag of 1|3 means we have both the ip+ts in each record */
158  rec_size = ((flag == 1) || (flag == 3)) ? 8 : 4;
159 
160  /* Address pointer is 1 based and points at least after
161  * type+len+ptr+ovfl+flag, must be incremented by by the rec_size
162  * and cannot extend past option length.
163  */
164  if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) {
166  return -1;
167  }
168 
169  return 0;
170 }
171 
172 /* Validate CIPSO option
173  *
174  * [--type--][--len---][--doi---][tags--...]
175  *
176  * See: draft-ietf-cipso-ipsecurity-01.txt
177  * See: FIPS 188 (tags 6 & 7)
178  */
179 static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o)
180 {
181 // uint32_t doi;
182  const uint8_t *tag;
183  uint16_t len;
184 
185  /* Check length */
186  if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) {
188  return -1;
189  }
190 
191  /* Data is required */
192  if (unlikely(o->data == NULL)) {
194  return -1;
195  }
196 // doi = *o->data;
197  tag = o->data + 4;
198  len = o->len - 1 - 1 - 4; /* Length of tags after header */
199 
200 
201 #if 0
202  /* Domain of Interest (DOI) of 0 is reserved and thus invalid */
203  /** \todo Apparently a DOI of zero is fine in practice - verify. */
204  if (doi == 0) {
206  return -1;
207  }
208 #endif
209 
210  /* NOTE: We know len has passed min tests prior to this call */
211 
212  /* Check that tags are formatted correctly
213  * [-ttype--][--tlen--][-tagdata-...]
214  */
215  while (len) {
216  uint8_t ttype;
217  uint8_t tlen;
218 
219  /* Tag header must fit within option length */
220  if (unlikely(len < 2)) {
221  //printf("CIPSO tag header too large %" PRIu16 " < 2\n", len);
223  return -1;
224  }
225 
226  /* Tag header is type+len */
227  ttype = *(tag++);
228  tlen = *(tag++);
229 
230  /* Tag length must fit within the option length */
231  if (unlikely(tlen > len)) {
232  //printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len);
234  return -1;
235  }
236 
237  switch(ttype) {
238  case 1:
239  case 2:
240  case 5:
241  case 6:
242  case 7:
243  /* Tag is at least 4 and at most the remainder of option len */
244  if (unlikely((tlen < 4) || (tlen > len))) {
245  //printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len);
247  return -1;
248  }
249 
250  /* The alignment octet is always 0 except tag
251  * type 7, which has no such field.
252  */
253  if (unlikely((ttype != 7) && (*tag != 0))) {
254  //printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen);
256  return -1;
257  }
258 
259  /* Skip the rest of the tag payload */
260  tag += tlen - 2;
261  len -= tlen;
262 
263  continue;
264  case 0:
265  /* Tag type 0 is reserved and thus invalid */
266  /** \todo Wireshark marks this a padding, but spec says reserved. */
268  return -1;
269  default:
270  //printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype);
272  /** \todo May not want to return error here on unknown tag type (at least not for 3|4) */
273  return -1;
274  }
275  }
276 
277  return 0;
278 }
279 
280 typedef struct IPV4Options_ {
292 
293 /**
294  * Decode/Validate IPv4 Options.
295  */
296 static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Options *opts)
297 {
298  uint16_t plen = len;
299 
300 #ifdef DEBUG
301  if (SCLogDebugEnabled()) {
302  uint16_t i;
303  char buf[256] = "";
304  int offset = 0;
305 
306  for (i = 0; i < len; i++) {
307  offset += snprintf(buf + offset, (sizeof(buf) - offset), "%02" PRIx8 " ", pkt[i]);
308  }
309  SCLogDebug("IPV4OPTS: { %s}", buf);
310  }
311 #endif
312 
313  /* Options length must be padded to 8byte boundary */
314  if (plen % 8) {
316  /* Warn - we can keep going */
317  }
318 
319  while (plen)
320  {
321  p->l3.vars.ip4.opt_cnt++;
322 
323  /* single byte options */
324  if (*pkt == IPV4_OPT_EOL) {
325  /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */
326  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
327  *pkt, (len - plen), (len - 1));
329  break;
330  } else if (*pkt == IPV4_OPT_NOP) {
331  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
332  *pkt, (len - plen), (len - 1));
333  pkt++;
334  plen--;
335 
337 
338  /* multibyte options */
339  } else {
340  if (unlikely(plen < 2)) {
341  /** \todo What if padding is non-zero (possible covert channel or data leakage)? */
342  /** \todo Spec seems to indicate EOL required if there is padding */
344  break;
345  }
346 
347  /* Option length is too big for packet */
348  if (unlikely(*(pkt+1) > plen)) {
350  return -1;
351  }
352 
353  IPV4Opt opt = {*pkt, *(pkt+1), plen > 2 ? (pkt + 2) : NULL };
354 
355  /* we already know that the total options len is valid,
356  * so here the len of the specific option must be bad.
357  * Also check for invalid lengths 0 and 1. */
358  if (unlikely(opt.len > plen || opt.len < 2)) {
360  return -1;
361  }
362  /* we are parsing the most commonly used opts to prevent
363  * us from having to walk the opts list for these all the
364  * time. */
365  /** \todo Figure out which IP options are more common and list them first */
366  switch (opt.type) {
367  case IPV4_OPT_TS:
368  if (opts->o_ts.type != 0) {
370  /* Warn - we can keep going */
371  } else if (IPV4OptValidateTimestamp(p, &opt) == 0) {
372  opts->o_ts = opt;
374  }
375  break;
376  case IPV4_OPT_RR:
377  if (opts->o_rr.type != 0) {
379  /* Warn - we can keep going */
380  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
381  opts->o_rr = opt;
383  }
384  break;
385  case IPV4_OPT_QS:
386  if (opts->o_qs.type != 0) {
388  /* Warn - we can keep going */
389  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
390  opts->o_qs = opt;
392  }
393  break;
394  case IPV4_OPT_SEC:
395  if (opts->o_sec.type != 0) {
397  /* Warn - we can keep going */
398  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
399  opts->o_sec = opt;
401  }
402  break;
403  case IPV4_OPT_LSRR:
404  if (opts->o_lsrr.type != 0) {
406  /* Warn - we can keep going */
407  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
408  opts->o_lsrr = opt;
410  }
411  break;
412  case IPV4_OPT_ESEC:
413  if (opts->o_esec.type != 0) {
415  /* Warn - we can keep going */
416  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
417  opts->o_esec = opt;
419  }
420  break;
421  case IPV4_OPT_CIPSO:
422  if (opts->o_cipso.type != 0) {
424  /* Warn - we can keep going */
425  } else if (IPV4OptValidateCIPSO(p, &opt) == 0) {
426  opts->o_cipso = opt;
428  }
429  break;
430  case IPV4_OPT_SID:
431  if (opts->o_sid.type != 0) {
433  /* Warn - we can keep going */
434  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
435  opts->o_sid = opt;
437  }
438  break;
439  case IPV4_OPT_SSRR:
440  if (opts->o_ssrr.type != 0) {
442  /* Warn - we can keep going */
443  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
444  opts->o_ssrr = opt;
446  }
447  break;
448  case IPV4_OPT_RTRALT:
449  if (opts->o_rtralt.type != 0) {
451  /* Warn - we can keep going */
452  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
453  opts->o_rtralt = opt;
455  }
456  break;
457  default:
458  SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8,
459  opt.type, opt.len);
461  /* Warn - we can keep going */
462  break;
463  }
464 
465  pkt += opt.len;
466  plen -= opt.len;
467  }
468  }
469 
470  return 0;
471 }
472 
473 static const IPV4Hdr *DecodeIPV4Packet(Packet *p, const uint8_t *pkt, uint16_t len)
474 {
475  if (unlikely(len < IPV4_HEADER_LEN)) {
477  return NULL;
478  }
479 
480  if (unlikely(IP_GET_RAW_VER(pkt) != 4)) {
481  SCLogDebug("wrong ip version %d",IP_GET_RAW_VER(pkt));
483  return NULL;
484  }
485 
486  const IPV4Hdr *ip4h = PacketSetIPV4(p, pkt);
487 
490  return NULL;
491  }
492 
493  if (unlikely(IPV4_GET_RAW_IPLEN(ip4h) < IPV4_GET_RAW_HLEN(ip4h))) {
495  return NULL;
496  }
497 
498  if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
500  return NULL;
501  }
502 
503  /* set the address struct */
504  SET_IPV4_SRC_ADDR(ip4h, &p->src);
505  SET_IPV4_DST_ADDR(ip4h, &p->dst);
506 
507  /* save the options len */
508  uint8_t ip_opt_len = IPV4_GET_RAW_HLEN(ip4h) - IPV4_HEADER_LEN;
509  if (ip_opt_len > 0) {
510  IPV4Options opts;
511  memset(&opts, 0x00, sizeof(opts));
512  if (DecodeIPV4Options(p, pkt + IPV4_HEADER_LEN, ip_opt_len, &opts) < 0) {
513  return NULL;
514  }
515  }
516 
517  return ip4h;
518 }
519 
521  const uint8_t *pkt, uint16_t len)
522 {
524 
525  SCLogDebug("pkt %p len %"PRIu16"", pkt, len);
526 
527  if (!PacketIncreaseCheckLayers(p)) {
528  return TM_ECODE_FAILED;
529  }
530  /* do the actual decoding */
531  const IPV4Hdr *ip4h = DecodeIPV4Packet(p, pkt, len);
532  if (unlikely(ip4h == NULL)) {
533  SCLogDebug("decoding IPv4 packet failed");
534  PacketClearL3(p);
535  return TM_ECODE_FAILED;
536  }
537  p->proto = IPV4_GET_RAW_IPPROTO(ip4h);
538 
539  /* If a fragment, pass off for re-assembly. */
540  if (unlikely(IPV4_GET_RAW_FRAGOFFSET(ip4h) > 0 || IPV4_GET_RAW_FLAG_MF(ip4h))) {
541  Packet *rp = Defrag(tv, dtv, p);
542  if (rp != NULL) {
544  }
545  p->flags |= PKT_IS_FRAGMENT;
546  return TM_ECODE_OK;
547  }
548 
549  /* do hdr test, process hdr rules */
550 
551 #ifdef DEBUG
552  if (SCLogDebugEnabled()) { /* only convert the addresses if debug is really enabled */
553  /* debug print */
554  char s[16], d[16];
555  PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), s, sizeof(s));
556  PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), d, sizeof(d));
557  SCLogDebug("IPV4 %s->%s PROTO: %" PRIu32 " OFFSET: %" PRIu32 " RF: %" PRIu8 " DF: %" PRIu8
558  " MF: %" PRIu8 " ID: %" PRIu32 "",
559  s, d, IPV4_GET_RAW_IPPROTO(ip4h), IPV4_GET_RAW_IPOFFSET(ip4h),
561  IPV4_GET_RAW_IPID(ip4h));
562  }
563 #endif /* DEBUG */
564 
565  const uint8_t *data = pkt + IPV4_GET_RAW_HLEN(ip4h);
566  const uint16_t data_len = IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h);
567 
568  /* check what next decoder to invoke */
569  switch (p->proto) {
570  case IPPROTO_TCP:
571  DecodeTCP(tv, dtv, p, data, data_len);
572  break;
573  case IPPROTO_UDP:
574  DecodeUDP(tv, dtv, p, data, data_len);
575  break;
576  case IPPROTO_ICMP:
577  DecodeICMPV4(tv, dtv, p, data, data_len);
578  break;
579  case IPPROTO_GRE:
580  DecodeGRE(tv, dtv, p, data, data_len);
581  break;
582  case IPPROTO_SCTP:
583  DecodeSCTP(tv, dtv, p, data, data_len);
584  break;
585  case IPPROTO_ESP:
586  DecodeESP(tv, dtv, p, data, data_len);
587  break;
588  case IPPROTO_IPV6: {
589  /* spawn off tunnel packet */
590  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV6);
591  if (tp != NULL) {
594  }
595  FlowSetupPacket(p);
596  break;
597  }
598  case IPPROTO_IPIP: {
599  /* spawn off tunnel packet */
600  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV4);
601  if (tp != NULL) {
604  }
605  FlowSetupPacket(p);
606  break;
607  }
608  case IPPROTO_IP:
609  /* check PPP VJ uncompressed packets and decode tcp dummy */
610  if (p->flags & PKT_PPP_VJ_UCOMP) {
611  DecodeTCP(tv, dtv, p, data, data_len);
612  }
613  break;
614  case IPPROTO_ICMPV6:
616  break;
617  }
618 
619  return TM_ECODE_OK;
620 }
621 
622 /* UNITTESTS */
623 #ifdef UNITTESTS
624 #include "packet.h"
625 
626 /** \test IPV4 with no options. */
627 static int DecodeIPV4OptionsNONETest01(void)
628 {
629  uint8_t raw_opts[] = { };
630  Packet *p = PacketGetFromAlloc();
631  FAIL_IF(unlikely(p == NULL));
632 
633  IPV4Options opts;
634  memset(&opts, 0x00, sizeof(opts));
635  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
637 
638  SCFree(p);
639  PASS;
640 }
641 
642 /** \test IPV4 with EOL option. */
643 static int DecodeIPV4OptionsEOLTest01(void)
644 {
645  uint8_t raw_opts[] = {
646  IPV4_OPT_EOL, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
647  };
648  Packet *p = PacketGetFromAlloc();
649  FAIL_IF(unlikely(p == NULL));
650  IPV4Options opts;
651  memset(&opts, 0x00, sizeof(opts));
652  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
654  SCFree(p);
655  PASS;
656 }
657 
658 /** \test IPV4 with NOP option. */
659 static int DecodeIPV4OptionsNOPTest01(void)
660 {
661  uint8_t raw_opts[] = {
662  IPV4_OPT_NOP, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
663  };
664  Packet *p = PacketGetFromAlloc();
665  FAIL_IF(unlikely(p == NULL));
666  IPV4Options opts;
667  memset(&opts, 0x00, sizeof(opts));
668  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
670  SCFree(p);
671  PASS;
672 }
673 
674 /** \test IPV4 with RR option. */
675 static int DecodeIPV4OptionsRRTest01(void)
676 {
677  uint8_t raw_opts[] = {
678  IPV4_OPT_RR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
679  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
681  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
682  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
683  };
684  Packet *p = PacketGetFromAlloc();
685  FAIL_IF(unlikely(p == NULL));
686 
687  IPV4Options opts;
688  memset(&opts, 0x00, sizeof(opts));
689  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
691  FAIL_IF(opts.o_rr.type != IPV4_OPT_RR);
692  SCFree(p);
693  PASS;
694 }
695 
696 /** \test IPV4 with RR option (len too large). */
697 static int DecodeIPV4OptionsRRTest02(void)
698 {
699  uint8_t raw_opts[] = {
700  IPV4_OPT_RR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
701  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
702  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
703  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
704  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
705  };
706  Packet *p = PacketGetFromAlloc();
707  FAIL_IF(unlikely(p == NULL));
708 
709  IPV4Options opts;
710  memset(&opts, 0x00, sizeof(opts));
711  FAIL_IF(DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts) != -1);
712  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
713  FAIL_IF(opts.o_rr.type != 0);
714  SCFree(p);
715  PASS;
716 }
717 
718 /** \test IPV4 with RR option (ptr too large). */
719 static int DecodeIPV4OptionsRRTest03(void)
720 {
721  uint8_t raw_opts[] = {
722  IPV4_OPT_RR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
723  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
724  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
725  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
726  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
727  };
728  Packet *p = PacketGetFromAlloc();
729  FAIL_IF(unlikely(p == NULL));
730 
731  IPV4Options opts;
732  memset(&opts, 0x00, sizeof(opts));
733  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
734  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
735  FAIL_IF(opts.o_rr.type != 0);
736  SCFree(p);
737  PASS;
738 }
739 
740 /** \test IPV4 with RR option (ptr not in 4 byte increment). */
741 static int DecodeIPV4OptionsRRTest04(void)
742 {
743  uint8_t raw_opts[] = {
744  IPV4_OPT_RR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
745  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
746  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
747  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
748  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
749  };
750  Packet *p = PacketGetFromAlloc();
751  FAIL_IF(unlikely(p == NULL));
752 
753  IPV4Options opts;
754  memset(&opts, 0x00, sizeof(opts));
755  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
756  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
757  FAIL_IF(opts.o_rr.type != 0);
758  SCFree(p);
759  PASS;
760 }
761 
762 /** \test IPV4 with QS option. */
763 static int DecodeIPV4OptionsQSTest01(void)
764 {
765  uint8_t raw_opts[] = {
766  IPV4_OPT_QS, 0x08, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
767  };
768  Packet *p = PacketGetFromAlloc();
769  FAIL_IF(unlikely(p == NULL));
770 
771  IPV4Options opts;
772  memset(&opts, 0x00, sizeof(opts));
773  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
775  FAIL_IF(opts.o_qs.type != IPV4_OPT_QS);
776  SCFree(p);
777  PASS;
778 }
779 
780 /** \test IPV4 with QS option (len too small) */
781 static int DecodeIPV4OptionsQSTest02(void)
782 {
783  uint8_t raw_opts[] = {
784  IPV4_OPT_QS, 0x07, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
785  };
786  Packet *p = PacketGetFromAlloc();
787  FAIL_IF(unlikely(p == NULL));
788 
789  IPV4Options opts;
790  memset(&opts, 0x00, sizeof(opts));
791  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
792  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
793  FAIL_IF(opts.o_qs.type != 0);
794  SCFree(p);
795  PASS;
796 }
797 
798 /** \test IPV4 with TS option. */
799 static int DecodeIPV4OptionsTSTest01(void)
800 {
801  uint8_t raw_opts[] = {
802  IPV4_OPT_TS, 0x24, 0x0d, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
803  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
804  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
805  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
806  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
807  };
808  Packet *p = PacketGetFromAlloc();
809  FAIL_IF(unlikely(p == NULL));
810 
811  IPV4Options opts;
812  memset(&opts, 0x00, sizeof(opts));
813  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
815  FAIL_IF(opts.o_ts.type != IPV4_OPT_TS);
816  SCFree(p);
817  PASS;
818 }
819 
820 /** \test IPV4 with TS option (ptr too small). */
821 static int DecodeIPV4OptionsTSTest02(void)
822 {
823  uint8_t raw_opts[] = {
824  IPV4_OPT_TS, 0x24, 0x04, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
825  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
826  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
827  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
828  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
829  };
830  Packet *p = PacketGetFromAlloc();
831  FAIL_IF(unlikely(p == NULL));
832 
833  IPV4Options opts;
834  memset(&opts, 0x00, sizeof(opts));
835  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
836  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
837  FAIL_IF(opts.o_ts.type != 0);
838  SCFree(p);
839  PASS;
840 }
841 
842 /** \test IPV4 with TS option (ptr too large). */
843 static int DecodeIPV4OptionsTSTest03(void)
844 {
845  uint8_t raw_opts[] = {
846  IPV4_OPT_TS, 0x24, 0xff, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
847  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
848  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
849  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
850  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
851  };
852  Packet *p = PacketGetFromAlloc();
853  FAIL_IF(unlikely(p == NULL));
854 
855  IPV4Options opts;
856  memset(&opts, 0x00, sizeof(opts));
857  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
858  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
859  FAIL_IF(opts.o_ts.type != 0);
860  SCFree(p);
861  PASS;
862 }
863 
864 /** \test IPV4 with TS option (ptr not valid). */
865 static int DecodeIPV4OptionsTSTest04(void)
866 {
867  uint8_t raw_opts[] = {
868  IPV4_OPT_TS, 0x24, 0x0a, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
869  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
870  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
871  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
872  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
873  };
874  Packet *p = PacketGetFromAlloc();
875  FAIL_IF(unlikely(p == NULL));
876 
877  IPV4Options opts;
878  memset(&opts, 0x00, sizeof(opts));
879  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
880  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
881  FAIL_IF(opts.o_ts.type != 0);
882  SCFree(p);
883  PASS;
884 }
885 
886 /** \test IPV4 with SEC option. */
887 static int DecodeIPV4OptionsSECTest01(void)
888 {
889  uint8_t raw_opts[] = {
890  IPV4_OPT_SEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00,
891  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
892  };
893  Packet *p = PacketGetFromAlloc();
894  FAIL_IF(unlikely(p == NULL));
895 
896  IPV4Options opts;
897  memset(&opts, 0x00, sizeof(opts));
898  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
900  FAIL_IF(opts.o_sec.type != IPV4_OPT_SEC);
901  SCFree(p);
902  PASS;
903 }
904 
905 /** \test IPV4 with SEC option (invalid length). */
906 static int DecodeIPV4OptionsSECTest02(void)
907 {
908  uint8_t raw_opts[] = { IPV4_OPT_SEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
909  0x00, 0x00, 0x00, 0x00, 0x00 };
910  Packet *p = PacketGetFromAlloc();
911  FAIL_IF(unlikely(p == NULL));
912 
913  IPV4Options opts;
914  memset(&opts, 0x00, sizeof(opts));
915  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
916  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
917  FAIL_IF(opts.o_sec.type != 0);
918  SCFree(p);
919  PASS;
920 }
921 
922 /** \test IPV4 with ESEC option. */
923 static int DecodeIPV4OptionsESECTest01(void)
924 {
925  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
926  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
927  Packet *p = PacketGetFromAlloc();
928  FAIL_IF(unlikely(p == NULL));
929 
930  IPV4Options opts;
931  memset(&opts, 0x00, sizeof(opts));
932  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
934  FAIL_IF(opts.o_esec.type != IPV4_OPT_ESEC);
935  SCFree(p);
936  PASS;
937 }
938 
939 /** \test IPV4 with ESEC option (invalid length). */
940 static int DecodeIPV4OptionsESECTest02(void)
941 {
942  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
943  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
944  Packet *p = PacketGetFromAlloc();
945  FAIL_IF(unlikely(p == NULL));
946 
947  IPV4Options opts;
948  memset(&opts, 0x00, sizeof(opts));
949  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
950  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
951  FAIL_IF(opts.o_esec.type != 0);
952  SCFree(p);
953  PASS;
954 }
955 
956 /** \test IPV4 with LSRR option. */
957 static int DecodeIPV4OptionsLSRRTest01(void)
958 {
959  uint8_t raw_opts[] = {
960  IPV4_OPT_LSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
961  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
962  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
963  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
964  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
965  };
966  Packet *p = PacketGetFromAlloc();
967  FAIL_IF(unlikely(p == NULL));
968 
969  IPV4Options opts;
970  memset(&opts, 0x00, sizeof(opts));
971  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
973  FAIL_IF(opts.o_lsrr.type != IPV4_OPT_LSRR);
974  SCFree(p);
975  PASS;
976 }
977 
978 /** \test IPV4 with LSRR option (len too large). */
979 static int DecodeIPV4OptionsLSRRTest02(void)
980 {
981  uint8_t raw_opts[] = {
982  IPV4_OPT_LSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
983  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
984  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
985  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
986  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
987  };
988  Packet *p = PacketGetFromAlloc();
989  FAIL_IF(unlikely(p == NULL));
990 
991  IPV4Options opts;
992  memset(&opts, 0x00, sizeof(opts));
993  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
994  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
995  FAIL_IF(opts.o_lsrr.type != 0);
996  SCFree(p);
997  PASS;
998 }
999 
1000 /** \test IPV4 with LSRR option (ptr too large). */
1001 static int DecodeIPV4OptionsLSRRTest03(void)
1002 {
1003  uint8_t raw_opts[] = {
1004  IPV4_OPT_LSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1005  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1006  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1007  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1009  };
1010  Packet *p = PacketGetFromAlloc();
1011  FAIL_IF(unlikely(p == NULL));
1012 
1013  IPV4Options opts;
1014  memset(&opts, 0x00, sizeof(opts));
1015  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1016  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1017  FAIL_IF(opts.o_lsrr.type != 0);
1018  SCFree(p);
1019  PASS;
1020 }
1021 
1022 /** \test IPV4 with LSRR option (ptr not in 4 byte increment). */
1023 static int DecodeIPV4OptionsLSRRTest04(void)
1024 {
1025  uint8_t raw_opts[] = {
1026  IPV4_OPT_LSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1027  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1028  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1029  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1030  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1031  };
1032  Packet *p = PacketGetFromAlloc();
1033  FAIL_IF(unlikely(p == NULL));
1034 
1035  IPV4Options opts;
1036  memset(&opts, 0x00, sizeof(opts));
1037  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1038  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1039  FAIL_IF(opts.o_lsrr.type != 0);
1040  SCFree(p);
1041  PASS;
1042 }
1043 
1044 /** \test IPV4 with CIPSO option. */
1045 static int DecodeIPV4OptionsCIPSOTest01(void)
1046 {
1047  uint8_t raw_opts[] = {
1048  IPV4_OPT_CIPSO, 0x18, 0x00, 0x00, 0x00, 0x05, 0x05, 0x12,
1049  0x00, 0x03, 0x00, 0xef, 0x00, 0xef, 0x00, 0x06,
1050  0x00, 0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00
1051  };
1052  Packet *p = PacketGetFromAlloc();
1053  FAIL_IF(unlikely(p == NULL));
1054 
1055  IPV4Options opts;
1056  memset(&opts, 0x00, sizeof(opts));
1057  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1060  SCFree(p);
1061  PASS;
1062 }
1063 
1064 /** \test IPV4 with SID option. */
1065 static int DecodeIPV4OptionsSIDTest01(void)
1066 {
1067  uint8_t raw_opts[] = {
1068  IPV4_OPT_SID, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1069  };
1070  Packet *p = PacketGetFromAlloc();
1071  FAIL_IF(unlikely(p == NULL));
1072 
1073  IPV4Options opts;
1074  memset(&opts, 0x00, sizeof(opts));
1075  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1077  FAIL_IF(opts.o_sid.type != IPV4_OPT_SID);
1078  SCFree(p);
1079  PASS;
1080 }
1081 
1082 /** \test IPV4 with SID option (len invalid. */
1083 static int DecodeIPV4OptionsSIDTest02(void)
1084 {
1085  uint8_t raw_opts[] = {
1086  IPV4_OPT_SID, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1087  };
1088  Packet *p = PacketGetFromAlloc();
1089  FAIL_IF(unlikely(p == NULL));
1090 
1091  IPV4Options opts;
1092  memset(&opts, 0x00, sizeof(opts));
1093  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1094  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1095  FAIL_IF(opts.o_sid.type != 0);
1096  SCFree(p);
1097  PASS;
1098 }
1099 
1100 /** \test IPV4 with SSRR option. */
1101 static int DecodeIPV4OptionsSSRRTest01(void)
1102 {
1103  uint8_t raw_opts[] = {
1104  IPV4_OPT_SSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1105  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1106  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1107  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1108  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1109  };
1110  Packet *p = PacketGetFromAlloc();
1111  FAIL_IF(unlikely(p == NULL));
1112 
1113  IPV4Options opts;
1114  memset(&opts, 0x00, sizeof(opts));
1115  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1117  FAIL_IF(opts.o_ssrr.type != IPV4_OPT_SSRR);
1118  SCFree(p);
1119  PASS;
1120 }
1121 
1122 /** \test IPV4 with SSRR option (len too large). */
1123 static int DecodeIPV4OptionsSSRRTest02(void)
1124 {
1125  uint8_t raw_opts[] = {
1126  IPV4_OPT_SSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1127  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1128  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1129  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1130  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1131  };
1132  Packet *p = PacketGetFromAlloc();
1133  FAIL_IF(unlikely(p == NULL));
1134 
1135  IPV4Options opts;
1136  memset(&opts, 0x00, sizeof(opts));
1137  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1138  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1139  FAIL_IF(opts.o_ssrr.type != 0);
1140  SCFree(p);
1141  PASS;
1142 }
1143 
1144 /** \test IPV4 with SSRR option (ptr too large). */
1145 static int DecodeIPV4OptionsSSRRTest03(void)
1146 {
1147  uint8_t raw_opts[] = {
1148  IPV4_OPT_SSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1149  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1150  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1151  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1152  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1153  };
1154  Packet *p = PacketGetFromAlloc();
1155  FAIL_IF(unlikely(p == NULL));
1156 
1157  IPV4Options opts;
1158  memset(&opts, 0x00, sizeof(opts));
1159  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1160  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1161  FAIL_IF(opts.o_ssrr.type != 0);
1162  SCFree(p);
1163  PASS;
1164 }
1165 
1166 /** \test IPV4 with SSRR option (ptr not in 4 byte increment). */
1167 static int DecodeIPV4OptionsSSRRTest04(void)
1168 {
1169  uint8_t raw_opts[] = {
1170  IPV4_OPT_SSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1171  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1172  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1173  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1174  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1175  };
1176  Packet *p = PacketGetFromAlloc();
1177  FAIL_IF(unlikely(p == NULL));
1178 
1179  IPV4Options opts;
1180  memset(&opts, 0x00, sizeof(opts));
1181  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1182  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1183  FAIL_IF(opts.o_ssrr.type != 0);
1184  SCFree(p);
1185  PASS;
1186 }
1187 
1188 /** \test IPV4 with RTRALT option. */
1189 static int DecodeIPV4OptionsRTRALTTest01(void)
1190 {
1191  uint8_t raw_opts[] = {
1192  IPV4_OPT_RTRALT, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1193  };
1194  Packet *p = PacketGetFromAlloc();
1195  FAIL_IF(unlikely(p == NULL));
1196 
1197  IPV4Options opts;
1198  memset(&opts, 0x00, sizeof(opts));
1199  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1202  SCFree(p);
1203  PASS;
1204 }
1205 
1206 /** \test IPV4 with RTRALT option (len invalid. */
1207 static int DecodeIPV4OptionsRTRALTTest02(void)
1208 {
1209  uint8_t raw_opts[] = {
1210  IPV4_OPT_RTRALT, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1211  };
1212  Packet *p = PacketGetFromAlloc();
1213  FAIL_IF(unlikely(p == NULL));
1214 
1215  IPV4Options opts;
1216  memset(&opts, 0x00, sizeof(opts));
1217  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1218  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1219  FAIL_IF(opts.o_rtralt.type != 0);
1220  SCFree(p);
1221  PASS;
1222 }
1223 
1224 static int IPV4CalculateValidChecksumtest01(void)
1225 {
1226  uint16_t csum = 0;
1227 
1228  uint8_t raw_ipv4[] = {
1229  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1230  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1231  0xc0, 0xa8, 0x01, 0x03};
1232 
1233  csum = *( ((uint16_t *)raw_ipv4) + 5);
1234 
1235  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) != 0);
1236  PASS;
1237 }
1238 
1239 static int IPV4CalculateInvalidChecksumtest02(void)
1240 {
1241  uint16_t csum = 0;
1242 
1243  uint8_t raw_ipv4[] = {
1244  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1245  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1246  0xc0, 0xa8, 0x01, 0x07};
1247 
1248  csum = *( ((uint16_t *)raw_ipv4) + 5);
1249 
1250  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) == 0);
1251  PASS;
1252 }
1253 
1254 /**
1255  * \test IPV4 defrag and packet recursion level test
1256  */
1257 static int DecodeIPV4DefragTest01(void)
1258 {
1259  uint8_t pkt1[] = {
1260  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1261  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1262  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1263  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1264  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1265  0x81, 0x5e
1266  };
1267  uint8_t pkt2[] = {
1268  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1269  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1270  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1271  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1272  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1273  0x80, 0x00
1274  };
1275  uint8_t pkt3[] = {
1276  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1277  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1278  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1279  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1280  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1281  };
1282  uint8_t tunnel_pkt[] = {
1283  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1284  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1285  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1286  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1287  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1288  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1289  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1290  };
1291 
1292  Packet *p = PacketGetFromAlloc();
1293  FAIL_IF_NULL(p);
1294  ThreadVars tv;
1296 
1297  memset(&tv, 0, sizeof(ThreadVars));
1298  memset(&dtv, 0, sizeof(DecodeThreadVars));
1299 
1301  DefragInit();
1302 
1303  PacketCopyData(p, pkt1, sizeof(pkt1));
1306  FAIL_IF(PacketIsTCP(p));
1307  PacketRecycle(p);
1308 
1309  PacketCopyData(p, pkt2, sizeof(pkt2));
1312  FAIL_IF(PacketIsTCP(p));
1313  PacketRecycle(p);
1314 
1315  PacketCopyData(p, pkt3, sizeof(pkt3));
1318  FAIL_IF(PacketIsTCP(p));
1320  FAIL_IF_NULL(tp);
1322  FAIL_IF_NOT(PacketIsIPv4(tp));
1323  FAIL_IF_NOT(PacketIsTCP(tp));
1324  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1325  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1326  PacketRecycle(tp);
1327  SCFree(tp);
1328 
1329  DefragDestroy();
1330  PacketRecycle(p);
1331  FlowShutdown();
1332  SCFree(p);
1333  PASS;
1334 }
1335 
1336 /**
1337  * \test Don't send IPv4 fragments to the upper layer decoder and
1338  * and packet recursion level test.
1339  */
1340 static int DecodeIPV4DefragTest02(void)
1341 {
1342  uint8_t pkt1[] = {
1343  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1344  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1345  0x00, 0x24, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1346  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1347  0xe1, 0x0c,
1348  /* first frag */
1349  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1350  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1351  0x80, 0x00,
1352  };
1353  uint8_t pkt2[] = {
1354  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1355  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1356  0x00, 0x2c, 0xe9, 0xef, 0x20, 0x02, 0x40, 0x06,
1357  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1358  0xe1, 0x0c,
1359  /* second frag */
1360  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1361  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1362  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04
1363  };
1364  uint8_t pkt3[] = {
1365  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1366  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1367  0x00, 0x16, 0xe9, 0xef, 0x00, 0x05, 0x40, 0x06,
1368  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1369  0xe1, 0x0c,
1370  /* final frag */
1371  0xb1, 0xa3,
1372  };
1373 
1374  uint8_t tunnel_pkt[] = {
1375  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1376  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1377  0x00, 0x3e, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1378  0xba, 0xae, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1379  0xe1, 0x0c,
1380  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3, 0x81, 0x5e,
1381  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1382  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1383  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1384  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04,
1385  0xb1, 0xa3,
1386  };
1387 
1388  Packet *p = PacketGetFromAlloc();
1389  FAIL_IF_NULL(p);
1390  ThreadVars tv;
1392 
1393  memset(&tv, 0, sizeof(ThreadVars));
1394  memset(&dtv, 0, sizeof(DecodeThreadVars));
1395 
1397  DefragInit();
1398 
1399  PacketCopyData(p, pkt1, sizeof(pkt1));
1402  FAIL_IF(PacketIsTCP(p));
1403  PacketRecycle(p);
1404 
1405  PacketCopyData(p, pkt2, sizeof(pkt2));
1408  FAIL_IF(PacketIsTCP(p));
1409  PacketRecycle(p);
1410 
1411  p->recursion_level = 3;
1412  PacketCopyData(p, pkt3, sizeof(pkt3));
1415  FAIL_IF(PacketIsTCP(p));
1417  FAIL_IF_NULL(tp);
1419  FAIL_IF_NOT(PacketIsIPv4(tp));
1420  FAIL_IF_NOT(PacketIsTCP(tp));
1421  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1422  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1423  PacketRecycle(tp);
1424  SCFree(tp);
1425 
1426  DefragDestroy();
1427  PacketRecycle(p);
1428  FlowShutdown();
1429  SCFree(p);
1430  PASS;
1431 }
1432 
1433 /**
1434  * \test IPV4 defrag and flow retrieval test.
1435  */
1436 static int DecodeIPV4DefragTest03(void)
1437 {
1438  uint8_t pkt[] = {
1439  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1440  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1441  0x00, 0x28, 0xe9, 0xee, 0x00, 0x00, 0x40, 0x06,
1442  0xba, 0xbd, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1443  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1444  0x81, 0x5d, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
1445  0x80, 0x00, 0x0c, 0xee, 0x00, 0x00
1446  };
1447  uint8_t pkt1[] = {
1448  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1449  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1450  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1451  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1452  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1453  0x81, 0x5e
1454  };
1455  uint8_t pkt2[] = {
1456  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1457  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1458  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1459  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1460  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1461  0x80, 0x00
1462  };
1463  uint8_t pkt3[] = {
1464  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1465  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1466  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1467  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1468  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1469  };
1470  uint8_t tunnel_pkt[] = {
1471  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1472  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1473  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1474  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1475  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1476  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1477  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1478  };
1479 
1480  Packet *p = PacketGetFromAlloc();
1481  FAIL_IF_NULL(p);
1482  ThreadVars tv;
1484  memset(&tv, 0, sizeof(ThreadVars));
1485  memset(&dtv, 0, sizeof(DecodeThreadVars));
1486 
1488  DefragInit();
1489 
1490  PacketCopyData(p, pkt, sizeof(pkt));
1493  FAIL_IF_NOT(PacketIsTCP(p));
1494  FAIL_IF(!(p->flags & PKT_WANTS_FLOW));
1495  PacketRecycle(p);
1496 
1497  PacketCopyData(p, pkt1, sizeof(pkt1));
1500  FAIL_IF(PacketIsTCP(p));
1501  PacketRecycle(p);
1502 
1503  PacketCopyData(p, pkt2, sizeof(pkt2));
1506  FAIL_IF(PacketIsTCP(p));
1507  PacketRecycle(p);
1508 
1509  PacketCopyData(p, pkt3, sizeof(pkt3));
1512  FAIL_IF(PacketIsTCP(p));
1513 
1515  FAIL_IF_NULL(tp);
1516  FAIL_IF(!(tp->flags & PKT_WANTS_FLOW));
1517  FAIL_IF(tp->flow_hash != p->flow_hash);
1519  FAIL_IF_NOT(PacketIsIPv4(tp));
1520  FAIL_IF_NOT(PacketIsTCP(tp));
1521  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1522  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1523  PacketRecycle(tp);
1524  SCFree(tp);
1525 
1526  DefragDestroy();
1527  PacketRecycle(p);
1528  FlowShutdown();
1529  SCFree(p);
1530  PASS;
1531 }
1532 
1533 /**
1534  */
1535 static int DecodeEthernetTestIPv4Opt(void)
1536 {
1537  uint8_t raw_eth[] = {
1538  0xae, 0x71, 0x00, 0x00, 0x00, 0x4b, 0x06, 0x90, 0x61, 0x02, 0x00, 0xcd, 0x88, 0x64, 0x11, 0x00,
1539  0x15, 0x00, 0x80, 0x64, 0x00, 0x21, 0x4c, 0x00, 0x00, 0x30, 0x42, 0xd6, 0xff, 0xff, 0xbd, 0x2f,
1540  0x02, 0x02, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1541  0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1542  0x01, 0x44, 0x05, 0x22, 0x02, 0x01
1543  };
1544 
1545  DefragInit();
1546 
1547  Packet *p = PacketGetFromAlloc();
1548  FAIL_IF_NULL(p);
1549  ThreadVars tv;
1551 
1552  memset(&dtv, 0, sizeof(DecodeThreadVars));
1553  memset(&tv, 0, sizeof(ThreadVars));
1554 
1555  DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth));
1556 
1557  SCFree(p);
1558  DefragDestroy();
1559  PASS;
1560 }
1561 
1562 #endif /* UNITTESTS */
1563 
1565 {
1566 #ifdef UNITTESTS
1567  UtRegisterTest("DecodeIPV4OptionsNONETest01", DecodeIPV4OptionsNONETest01);
1568  UtRegisterTest("DecodeIPV4OptionsEOLTest01", DecodeIPV4OptionsEOLTest01);
1569  UtRegisterTest("DecodeIPV4OptionsNOPTest01", DecodeIPV4OptionsNOPTest01);
1570  UtRegisterTest("DecodeIPV4OptionsRRTest01", DecodeIPV4OptionsRRTest01);
1571  UtRegisterTest("DecodeIPV4OptionsRRTest02", DecodeIPV4OptionsRRTest02);
1572  UtRegisterTest("DecodeIPV4OptionsRRTest03", DecodeIPV4OptionsRRTest03);
1573  UtRegisterTest("DecodeIPV4OptionsRRTest04", DecodeIPV4OptionsRRTest04);
1574  UtRegisterTest("DecodeIPV4OptionsQSTest01", DecodeIPV4OptionsQSTest01);
1575  UtRegisterTest("DecodeIPV4OptionsQSTest02", DecodeIPV4OptionsQSTest02);
1576  UtRegisterTest("DecodeIPV4OptionsTSTest01", DecodeIPV4OptionsTSTest01);
1577  UtRegisterTest("DecodeIPV4OptionsTSTest02", DecodeIPV4OptionsTSTest02);
1578  UtRegisterTest("DecodeIPV4OptionsTSTest03", DecodeIPV4OptionsTSTest03);
1579  UtRegisterTest("DecodeIPV4OptionsTSTest04", DecodeIPV4OptionsTSTest04);
1580  UtRegisterTest("DecodeIPV4OptionsSECTest01", DecodeIPV4OptionsSECTest01);
1581  UtRegisterTest("DecodeIPV4OptionsSECTest02", DecodeIPV4OptionsSECTest02);
1582  UtRegisterTest("DecodeIPV4OptionsESECTest01", DecodeIPV4OptionsESECTest01);
1583  UtRegisterTest("DecodeIPV4OptionsESECTest02", DecodeIPV4OptionsESECTest02);
1584  UtRegisterTest("DecodeIPV4OptionsLSRRTest01", DecodeIPV4OptionsLSRRTest01);
1585  UtRegisterTest("DecodeIPV4OptionsLSRRTest02", DecodeIPV4OptionsLSRRTest02);
1586  UtRegisterTest("DecodeIPV4OptionsLSRRTest03", DecodeIPV4OptionsLSRRTest03);
1587  UtRegisterTest("DecodeIPV4OptionsLSRRTest04", DecodeIPV4OptionsLSRRTest04);
1588  UtRegisterTest("DecodeIPV4OptionsCIPSOTest01",
1589  DecodeIPV4OptionsCIPSOTest01);
1590  UtRegisterTest("DecodeIPV4OptionsSIDTest01", DecodeIPV4OptionsSIDTest01);
1591  UtRegisterTest("DecodeIPV4OptionsSIDTest02", DecodeIPV4OptionsSIDTest02);
1592  UtRegisterTest("DecodeIPV4OptionsSSRRTest01", DecodeIPV4OptionsSSRRTest01);
1593  UtRegisterTest("DecodeIPV4OptionsSSRRTest02", DecodeIPV4OptionsSSRRTest02);
1594  UtRegisterTest("DecodeIPV4OptionsSSRRTest03", DecodeIPV4OptionsSSRRTest03);
1595  UtRegisterTest("DecodeIPV4OptionsSSRRTest04", DecodeIPV4OptionsSSRRTest04);
1596  UtRegisterTest("DecodeIPV4OptionsRTRALTTest01",
1597  DecodeIPV4OptionsRTRALTTest01);
1598  UtRegisterTest("DecodeIPV4OptionsRTRALTTest02",
1599  DecodeIPV4OptionsRTRALTTest02);
1600  UtRegisterTest("IPV4CalculateValidChecksumtest01",
1601  IPV4CalculateValidChecksumtest01);
1602  UtRegisterTest("IPV4CalculateInvalidChecksumtest02",
1603  IPV4CalculateInvalidChecksumtest02);
1604  UtRegisterTest("DecodeIPV4DefragTest01", DecodeIPV4DefragTest01);
1605  UtRegisterTest("DecodeIPV4DefragTest02", DecodeIPV4DefragTest02);
1606  UtRegisterTest("DecodeIPV4DefragTest03", DecodeIPV4DefragTest03);
1607  UtRegisterTest("DecodeEthernetTestIPv4Opt", DecodeEthernetTestIPv4Opt);
1608 #endif /* UNITTESTS */
1609 }
1610 /**
1611  * @}
1612  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1184
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1129
IPV4Options_::o_sid
IPV4Opt o_sid
Definition: decode-ipv4.c:288
Packet_::proto
uint8_t proto
Definition: decode.h:523
IPV4_GET_RAW_IPID
#define IPV4_GET_RAW_IPID(ip4h)
Definition: decode-ipv4.h:99
IPV4Options_::o_qs
IPV4Opt o_qs
Definition: decode-ipv4.c:282
IPV4_OPT_FLAG_NOP
#define IPV4_OPT_FLAG_NOP
Definition: decode-ipv4.h:117
len
uint8_t len
Definition: app-layer-dnp3.h:2
DECODE_TUNNEL_IPV6
@ DECODE_TUNNEL_IPV6
Definition: decode.h:1105
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
IPV4_OPT_QS_MIN
#define IPV4_OPT_QS_MIN
Definition: decode-ipv4.h:53
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
DecodeUDP
int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-udp.c:75
IPV4_GET_RAW_IPPROTO
#define IPV4_GET_RAW_IPPROTO(ip4h)
Definition: decode-ipv4.h:103
IPV4_OPT_TS_MIN
#define IPV4_OPT_TS_MIN
Definition: decode-ipv4.h:54
PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:377
IPV4_GET_RAW_FLAG_DF
#define IPV4_GET_RAW_FLAG_DF(ip4h)
Definition: decode-ipv4.h:113
IPV4_GET_RAW_FLAG_MF
#define IPV4_GET_RAW_FLAG_MF(ip4h)
Definition: decode-ipv4.h:112
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DecodeESP
int DecodeESP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Function to decode IPSEC-ESP packets.
Definition: decode-esp.c:64
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:275
IPV4_OPT_FLAG_SSRR
#define IPV4_OPT_FLAG_SSRR
Definition: decode-ipv4.h:122
PKT_SRC_DECODER_IPV4
@ PKT_SRC_DECODER_IPV4
Definition: decode.h:54
IPV4Options_::o_ts
IPV4Opt o_ts
Definition: decode-ipv4.c:283
Packet_::flags
uint32_t flags
Definition: decode.h:544
PacketRecycle
void PacketRecycle(Packet *p)
Definition: packet.c:150
IPV4_OPT_SEC
#define IPV4_OPT_SEC
Definition: decode-ipv4.h:38
IPV4_OPT_CIPSO_MIN
#define IPV4_OPT_CIPSO_MIN
Definition: decode-ipv4.h:55
IPV4_OPT_FLAG_TS
#define IPV4_OPT_FLAG_TS
Definition: decode-ipv4.h:119
IPV4_OPT_LSRR
#define IPV4_OPT_LSRR
Definition: decode-ipv4.h:39
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1294
IPV4Options_::o_sec
IPV4Opt o_sec
Definition: decode-ipv4.c:284
IPV4_OPT_DUPLICATE
@ IPV4_OPT_DUPLICATE
Definition: decode-events.h:45
IPV4Options_::o_rr
IPV4Opt o_rr
Definition: decode-ipv4.c:281
IPV4_GET_RAW_IPOFFSET
#define IPV4_GET_RAW_IPOFFSET(ip4h)
Definition: decode-ipv4.h:100
IPV4_OPT_FLAG_SEC
#define IPV4_OPT_FLAG_SEC
Definition: decode-ipv4.h:124
IPPROTO_GRE
#define IPPROTO_GRE
Definition: decode-gre.h:30
IP_GET_RAW_VER
#define IP_GET_RAW_VER(pkt)
Definition: decode.h:232
IPV4_OPT_NOP
#define IPV4_OPT_NOP
Definition: decode-ipv4.h:34
IPV4_OPT_FLAG_QS
#define IPV4_OPT_FLAG_QS
Definition: decode-ipv4.h:120
IPV4_OPT_SID_LEN
#define IPV4_OPT_SID_LEN
Definition: decode-ipv4.h:47
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
IPV4Opt_::len
uint8_t len
Definition: decode-ipv4.h:67
IPV4_OPT_QS
#define IPV4_OPT_QS
Definition: decode-ipv4.h:36
IPV4_OPT_FLAG_ESEC
#define IPV4_OPT_FLAG_ESEC
Definition: decode-ipv4.h:127
DecodeSCTP
int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-sctp.c:62
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
IPV4_PKT_TOO_SMALL
@ IPV4_PKT_TOO_SMALL
Definition: decode-events.h:34
tag
uint32_t tag
Definition: decode-vntag.h:0
IPV4_OPT_FLAG_LSRR
#define IPV4_OPT_FLAG_LSRR
Definition: decode-ipv4.h:121
PKT_SET_SRC
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1323
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
IPV4Vars_::opt_cnt
uint16_t opt_cnt
Definition: decode-ipv4.h:131
decode.h
IPV4_OPT_EOL
#define IPV4_OPT_EOL
Definition: decode-ipv4.h:33
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:199
IPV4_WRONG_IP_VER
@ IPV4_WRONG_IP_VER
Definition: decode-events.h:47
IPV4_OPT_EOL_REQUIRED
@ IPV4_OPT_EOL_REQUIRED
Definition: decode-events.h:44
IPV4_GET_RAW_FRAGOFFSET
#define IPV4_GET_RAW_FRAGOFFSET(ip4h)
Definition: decode-ipv4.h:101
PacketDequeueNoLock
Packet * PacketDequeueNoLock(PacketQueueNoLock *qnl)
Definition: packet-queue.c:208
PKT_IS_FRAGMENT
#define PKT_IS_FRAGMENT
Definition: decode.h:1288
IPV4_OPT_ROUTE_MIN
#define IPV4_OPT_ROUTE_MIN
Definition: decode-ipv4.h:52
util-print.h
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:209
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
IPV4_GET_RAW_HLEN
#define IPV4_GET_RAW_HLEN(ip4h)
Definition: decode-ipv4.h:96
IPV4_WITH_ICMPV6
@ IPV4_WITH_ICMPV6
Definition: decode-events.h:48
DecodeGRE
int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Function to decode GRE packets.
Definition: decode-gre.c:47
IPV4_OPT_RR
#define IPV4_OPT_RR
Definition: decode-ipv4.h:35
IPV4_OPT_FLAG_CIPSO
#define IPV4_OPT_FLAG_CIPSO
Definition: decode-ipv4.h:125
SET_IPV4_SRC_ADDR
#define SET_IPV4_SRC_ADDR(ip4h, a)
Definition: decode.h:140
IPV4_OPT_ESEC
#define IPV4_OPT_ESEC
Definition: decode-ipv4.h:40
IPV4_OPT_FLAG_RTRALT
#define IPV4_OPT_FLAG_RTRALT
Definition: decode-ipv4.h:126
IPV4_OPT_RTRALT_LEN
#define IPV4_OPT_RTRALT_LEN
Definition: decode-ipv4.h:48
IPV4Options_::o_cipso
IPV4Opt o_cipso
Definition: decode-ipv4.c:287
Packet_
Definition: decode.h:501
IPV4_HLEN_TOO_SMALL
@ IPV4_HLEN_TOO_SMALL
Definition: decode-events.h:35
DECODE_TUNNEL_IPV4
@ DECODE_TUNNEL_IPV4
Definition: decode.h:1104
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:208
IPV4_OPT_FLAG_RR
#define IPV4_OPT_FLAG_RR
Definition: decode-ipv4.h:118
ETHERNET_HEADER_LEN
#define ETHERNET_HEADER_LEN
Definition: decode-ethernet.h:27
PacketL3::ip4
IPV4Vars ip4
Definition: decode.h:445
IPV4_OPT_RTRALT
#define IPV4_OPT_RTRALT
Definition: decode-ipv4.h:44
PacketL3::vars
union PacketL3::@31 vars
IPV4_IPLEN_SMALLER_THAN_HLEN
@ IPV4_IPLEN_SMALLER_THAN_HLEN
Definition: decode-events.h:36
defrag.h
IPV4Opt_::data
const uint8_t * data
Definition: decode-ipv4.h:68
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
IPV4_OPT_TS
#define IPV4_OPT_TS
Definition: decode-ipv4.h:37
DecodeTCP
int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-tcp.c:273
IPV4Hdr_
Definition: decode-ipv4.h:72
decode-ipv4.h
IPV4_OPT_CIPSO
#define IPV4_OPT_CIPSO
Definition: decode-ipv4.h:41
PacketEnqueueNoLock
void PacketEnqueueNoLock(PacketQueueNoLock *qnl, Packet *p)
Definition: packet-queue.c:168
IPPROTO_IPIP
#define IPPROTO_IPIP
Definition: decode.h:1210
IPV4Options_
Definition: decode-ipv4.c:280
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:198
suricata-common.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:691
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
packet.h
IPV4Opt_::type
uint8_t type
Definition: decode-ipv4.h:66
IPV4Options
struct IPV4Options_ IPV4Options
IPV4_OPT_PAD_REQUIRED
@ IPV4_OPT_PAD_REQUIRED
Definition: decode-events.h:43
IPV4_OPT_INVALID_LEN
@ IPV4_OPT_INVALID_LEN
Definition: decode-events.h:41
IPV4_GET_RAW_FLAG_RF
#define IPV4_GET_RAW_FLAG_RF(ip4h)
Definition: decode-ipv4.h:114
IPV4Options_::o_rtralt
IPV4Opt o_rtralt
Definition: decode-ipv4.c:290
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
IPV4_TRUNC_PKT
@ IPV4_TRUNC_PKT
Definition: decode-events.h:37
PKT_PPP_VJ_UCOMP
#define PKT_PPP_VJ_UCOMP
Definition: decode.h:1247
DecodeThreadVars_::counter_ipv4
uint16_t counter_ipv4
Definition: decode.h:979
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:258
Packet_::flow_hash
uint32_t flow_hash
Definition: decode.h:550
Packet_::l3
struct PacketL3 l3
Definition: decode.h:600
IPV4_OPT_MALFORMED
@ IPV4_OPT_MALFORMED
Definition: decode-events.h:42
IPV4_OPT_SEC_MIN
#define IPV4_OPT_SEC_MIN
Definition: decode-ipv4.h:51
SCFree
#define SCFree(p)
Definition: util-mem.h:61
IPV4_OPT_SSRR
#define IPV4_OPT_SSRR
Definition: decode-ipv4.h:43
IPV4_OPT_FLAG_EOL
#define IPV4_OPT_FLAG_EOL
Definition: decode-ipv4.h:116
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:963
Packet_::recursion_level
uint8_t recursion_level
Definition: decode.h:526
IPV4Options_::o_lsrr
IPV4Opt o_lsrr
Definition: decode-ipv4.c:285
IPV4_OPT_INVALID
@ IPV4_OPT_INVALID
Definition: decode-events.h:40
ThreadVars_::decode_pq
PacketQueueNoLock decode_pq
Definition: threadvars.h:112
IPV4_OPT_FLAG_SID
#define IPV4_OPT_FLAG_SID
Definition: decode-ipv4.h:123
DecodeIPV4RegisterTests
void DecodeIPV4RegisterTests(void)
Definition: decode-ipv4.c:1564
Packet_::dst
Address dst
Definition: decode.h:506
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1192
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
IPV4_OPT_UNKNOWN
@ IPV4_OPT_UNKNOWN
Definition: decode-events.h:46
IPV4Vars_::opts_set
uint16_t opts_set
Definition: decode-ipv4.h:132
IPV4_GET_RAW_IPLEN
#define IPV4_GET_RAW_IPLEN(ip4h)
Definition: decode-ipv4.h:98
IPPROTO_SCTP
#define IPPROTO_SCTP
Definition: decode.h:1226
PacketTunnelPktSetup
Packet * PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
Setup a pseudo packet (tunnel)
Definition: decode.c:393
Defrag
Packet * Defrag(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for IPv4 and IPv6 fragments.
Definition: defrag.c:1063
flow.h
SET_IPV4_DST_ADDR
#define SET_IPV4_DST_ADDR(ip4h, a)
Definition: decode.h:149
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:520
IPV4_OPT_SID
#define IPV4_OPT_SID
Definition: decode-ipv4.h:42
IPV4Opt_
Definition: decode-ipv4.h:61
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:767
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
FlowSetupPacket
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow look...
Definition: flow-hash.c:533
Packet_::src
Address src
Definition: decode.h:505
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1289
IPV4Options_::o_ssrr
IPV4Opt o_ssrr
Definition: decode-ipv4.c:289
DefragInit
void DefragInit(void)
Definition: defrag.c:1109
DecodeICMPV4
int DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main ICMPv4 decoding function.
Definition: decode-icmpv4.c:143
IPV4Options_::o_esec
IPV4Opt o_esec
Definition: decode-ipv4.c:286