suricata
decode-ipv4.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  * \author Brian Rectanus <brectanu@gmail.com>
30  *
31  * Decode IPv4
32  */
33 
34 #include "suricata-common.h"
35 #include "decode-ipv4.h"
36 #include "decode.h"
37 #include "defrag.h"
38 #include "flow.h"
39 #include "util-print.h"
40 
41 /* Generic validation
42  *
43  * [--type--][--len---]
44  *
45  * \todo This function needs removed in favor of specific validation.
46  *
47  * See: RFC 791
48  */
49 static int IPV4OptValidateGeneric(Packet *p, const IPV4Opt *o)
50 {
51  switch (o->type) {
52  /* See: RFC 4782 */
53  case IPV4_OPT_QS:
54  if (o->len < IPV4_OPT_QS_MIN) {
56  return -1;
57  }
58  break;
59  /* See: RFC 1108 */
60  case IPV4_OPT_SEC:
61  case IPV4_OPT_ESEC:
62  if (unlikely(o->len < IPV4_OPT_SEC_MIN)) {
64  return -1;
65  }
66  break;
67  case IPV4_OPT_SID:
68  if (o->len != IPV4_OPT_SID_LEN) {
70  return -1;
71  }
72  break;
73  /* See: RFC 2113 */
74  case IPV4_OPT_RTRALT:
75  if (o->len != IPV4_OPT_RTRALT_LEN) {
77  return -1;
78  }
79  break;
80  default:
81  /* Should never get here unless there is a coding error */
83  return -1;
84  }
85 
86  return 0;
87 }
88 
89 /* Validate route type options
90  *
91  * [--type--][--len---][--ptr---][address1]...[addressN]
92  *
93  * See: RFC 791
94  */
95 static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o)
96 {
97  uint8_t ptr;
98 
99  /* Check length */
100  if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) {
102  return -1;
103  }
104 
105  /* Data is required */
106  if (unlikely(o->data == NULL)) {
108  return -1;
109  }
110  ptr = *o->data;
111 
112  /* Address pointer is 1 based and points at least after type+len+ptr,
113  * must be a incremented by 4 bytes (address size) and cannot extend
114  * past option length.
115  */
116  if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) {
118  return -1;
119  }
120 
121  return 0;
122 }
123 
124 /* Validate timestamp type options
125  *
126  * [--type--][--len---][--ptr---][ovfl][flag][rec1----...]...[recN----...]
127  * NOTE: rec could be 4 (ts only) or 8 (ip+ts) bytes in length.
128  *
129  * See: RFC 781
130  */
131 static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o)
132 {
133  uint8_t ptr;
134  uint8_t flag;
135  uint8_t rec_size;
136 
137  /* Check length */
138  if (unlikely(o->len < IPV4_OPT_TS_MIN)) {
140  return -1;
141  }
142 
143  /* Data is required */
144  if (unlikely(o->data == NULL)) {
146  return -1;
147  }
148  ptr = *o->data;
149 
150  /* We need the flag to determine what is in the option payload */
151  if (unlikely(ptr < 5)) {
153  return -1;
154  }
155  flag = *(o->data + 1) & 0x0f;
156 
157  /* A flag of 1|3 means we have both the ip+ts in each record */
158  rec_size = ((flag == 1) || (flag == 3)) ? 8 : 4;
159 
160  /* Address pointer is 1 based and points at least after
161  * type+len+ptr+ovfl+flag, must be incremented by by the rec_size
162  * and cannot extend past option length.
163  */
164  if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) {
166  return -1;
167  }
168 
169  return 0;
170 }
171 
172 /* Validate CIPSO option
173  *
174  * [--type--][--len---][--doi---][tags--...]
175  *
176  * See: draft-ietf-cipso-ipsecurity-01.txt
177  * See: FIPS 188 (tags 6 & 7)
178  */
179 static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o)
180 {
181 // uint32_t doi;
182  const uint8_t *tag;
183  uint16_t len;
184 
185  /* Check length */
186  if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) {
188  return -1;
189  }
190 
191  /* Data is required */
192  if (unlikely(o->data == NULL)) {
194  return -1;
195  }
196 // doi = *o->data;
197  tag = o->data + 4;
198  len = o->len - 1 - 1 - 4; /* Length of tags after header */
199 
200 
201 #if 0
202  /* Domain of Interest (DOI) of 0 is reserved and thus invalid */
203  /** \todo Apparently a DOI of zero is fine in practice - verify. */
204  if (doi == 0) {
206  return -1;
207  }
208 #endif
209 
210  /* NOTE: We know len has passed min tests prior to this call */
211 
212  /* Check that tags are formatted correctly
213  * [-ttype--][--tlen--][-tagdata-...]
214  */
215  while (len) {
216  uint8_t ttype;
217  uint8_t tlen;
218 
219  /* Tag header must fit within option length */
220  if (unlikely(len < 2)) {
221  //printf("CIPSO tag header too large %" PRIu16 " < 2\n", len);
223  return -1;
224  }
225 
226  /* Tag header is type+len */
227  ttype = *(tag++);
228  tlen = *(tag++);
229 
230  /* Tag length must fit within the option length */
231  if (unlikely(tlen > len)) {
232  //printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len);
234  return -1;
235  }
236 
237  switch(ttype) {
238  case 1:
239  case 2:
240  case 5:
241  case 6:
242  case 7:
243  /* Tag is at least 4 and at most the remainder of option len */
244  if (unlikely((tlen < 4) || (tlen > len))) {
245  //printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len);
247  return -1;
248  }
249 
250  /* The alignment octet is always 0 except tag
251  * type 7, which has no such field.
252  */
253  if (unlikely((ttype != 7) && (*tag != 0))) {
254  //printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen);
256  return -1;
257  }
258 
259  /* Skip the rest of the tag payload */
260  tag += tlen - 2;
261  len -= tlen;
262 
263  continue;
264  case 0:
265  /* Tag type 0 is reserved and thus invalid */
266  /** \todo Wireshark marks this a padding, but spec says reserved. */
268  return -1;
269  default:
270  //printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype);
272  /** \todo May not want to return error here on unknown tag type (at least not for 3|4) */
273  return -1;
274  }
275  }
276 
277  return 0;
278 }
279 
280 typedef struct IPV4Options_ {
292 
293 /**
294  * Decode/Validate IPv4 Options.
295  */
296 static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Options *opts)
297 {
298  uint16_t plen = len;
299 
300 #ifdef DEBUG
301  if (SCLogDebugEnabled()) {
302  uint16_t i;
303  char buf[256] = "";
304  int offset = 0;
305 
306  for (i = 0; i < len; i++) {
307  offset += snprintf(buf + offset, (sizeof(buf) - offset), "%02" PRIx8 " ", pkt[i]);
308  }
309  SCLogDebug("IPV4OPTS: { %s}", buf);
310  }
311 #endif
312 
313  /* Options length must be padded to 8byte boundary */
314  if (plen % 8) {
316  /* Warn - we can keep going */
317  }
318 
319  while (plen)
320  {
321  p->l3.vars.ip4.opt_cnt++;
322 
323  /* single byte options */
324  if (*pkt == IPV4_OPT_EOL) {
325  /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */
326  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
327  *pkt, (len - plen), (len - 1));
329  break;
330  } else if (*pkt == IPV4_OPT_NOP) {
331  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
332  *pkt, (len - plen), (len - 1));
333  pkt++;
334  plen--;
335 
337 
338  /* multibyte options */
339  } else {
340  if (unlikely(plen < 2)) {
341  /** \todo What if padding is non-zero (possible covert channel or data leakage)? */
342  /** \todo Spec seems to indicate EOL required if there is padding */
344  break;
345  }
346 
347  /* Option length is too big for packet */
348  if (unlikely(*(pkt+1) > plen)) {
350  return -1;
351  }
352 
353  IPV4Opt opt = {*pkt, *(pkt+1), plen > 2 ? (pkt + 2) : NULL };
354 
355  /* we already know that the total options len is valid,
356  * so here the len of the specific option must be bad.
357  * Also check for invalid lengths 0 and 1. */
358  if (unlikely(opt.len > plen || opt.len < 2)) {
360  return -1;
361  }
362  /* we are parsing the most commonly used opts to prevent
363  * us from having to walk the opts list for these all the
364  * time. */
365  /** \todo Figure out which IP options are more common and list them first */
366  switch (opt.type) {
367  case IPV4_OPT_TS:
368  if (opts->o_ts.type != 0) {
370  /* Warn - we can keep going */
371  } else if (IPV4OptValidateTimestamp(p, &opt) == 0) {
372  opts->o_ts = opt;
374  }
375  break;
376  case IPV4_OPT_RR:
377  if (opts->o_rr.type != 0) {
379  /* Warn - we can keep going */
380  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
381  opts->o_rr = opt;
383  }
384  break;
385  case IPV4_OPT_QS:
386  if (opts->o_qs.type != 0) {
388  /* Warn - we can keep going */
389  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
390  opts->o_qs = opt;
392  }
393  break;
394  case IPV4_OPT_SEC:
395  if (opts->o_sec.type != 0) {
397  /* Warn - we can keep going */
398  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
399  opts->o_sec = opt;
401  }
402  break;
403  case IPV4_OPT_LSRR:
404  if (opts->o_lsrr.type != 0) {
406  /* Warn - we can keep going */
407  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
408  opts->o_lsrr = opt;
410  }
411  break;
412  case IPV4_OPT_ESEC:
413  if (opts->o_esec.type != 0) {
415  /* Warn - we can keep going */
416  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
417  opts->o_esec = opt;
419  }
420  break;
421  case IPV4_OPT_CIPSO:
422  if (opts->o_cipso.type != 0) {
424  /* Warn - we can keep going */
425  } else if (IPV4OptValidateCIPSO(p, &opt) == 0) {
426  opts->o_cipso = opt;
428  }
429  break;
430  case IPV4_OPT_SID:
431  if (opts->o_sid.type != 0) {
433  /* Warn - we can keep going */
434  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
435  opts->o_sid = opt;
437  }
438  break;
439  case IPV4_OPT_SSRR:
440  if (opts->o_ssrr.type != 0) {
442  /* Warn - we can keep going */
443  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
444  opts->o_ssrr = opt;
446  }
447  break;
448  case IPV4_OPT_RTRALT:
449  if (opts->o_rtralt.type != 0) {
451  /* Warn - we can keep going */
452  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
453  opts->o_rtralt = opt;
455  }
456  break;
457  default:
458  SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8,
459  opt.type, opt.len);
461  /* Warn - we can keep going */
462  break;
463  }
464 
465  pkt += opt.len;
466  plen -= opt.len;
467  }
468  }
469 
470  return 0;
471 }
472 
473 static const IPV4Hdr *DecodeIPV4Packet(Packet *p, const uint8_t *pkt, uint16_t len)
474 {
475  if (unlikely(len < IPV4_HEADER_LEN)) {
477  return NULL;
478  }
479 
480  if (unlikely(IP_GET_RAW_VER(pkt) != 4)) {
481  SCLogDebug("wrong ip version %d",IP_GET_RAW_VER(pkt));
483  return NULL;
484  }
485 
486  const IPV4Hdr *ip4h = PacketSetIPV4(p, pkt);
487 
490  return NULL;
491  }
492 
493  if (unlikely(IPV4_GET_RAW_IPLEN(ip4h) < IPV4_GET_RAW_HLEN(ip4h))) {
495  return NULL;
496  }
497 
498  if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
500  return NULL;
501  }
502 
503  /* set the address struct */
504  SET_IPV4_SRC_ADDR(ip4h, &p->src);
505  SET_IPV4_DST_ADDR(ip4h, &p->dst);
506 
507  /* save the options len */
508  uint8_t ip_opt_len = IPV4_GET_RAW_HLEN(ip4h) - IPV4_HEADER_LEN;
509  if (ip_opt_len > 0) {
510  IPV4Options opts;
511  memset(&opts, 0x00, sizeof(opts));
512  if (DecodeIPV4Options(p, pkt + IPV4_HEADER_LEN, ip_opt_len, &opts) < 0) {
513  return NULL;
514  }
515  }
516 
517  return ip4h;
518 }
519 
521  const uint8_t *pkt, uint16_t len)
522 {
524 
525  SCLogDebug("pkt %p len %"PRIu16"", pkt, len);
526 
527  if (!PacketIncreaseCheckLayers(p)) {
528  return TM_ECODE_FAILED;
529  }
530  /* do the actual decoding */
531  const IPV4Hdr *ip4h = DecodeIPV4Packet(p, pkt, len);
532  if (unlikely(ip4h == NULL)) {
533  SCLogDebug("decoding IPv4 packet failed");
534  PacketClearL3(p);
535  return TM_ECODE_FAILED;
536  }
537  p->proto = IPV4_GET_RAW_IPPROTO(ip4h);
538 
539  /* If a fragment, pass off for re-assembly. */
540  if (unlikely(IPV4_GET_RAW_FRAGOFFSET(ip4h) > 0 || IPV4_GET_RAW_FLAG_MF(ip4h))) {
541  Packet *rp = Defrag(tv, dtv, p);
542  if (rp != NULL) {
544  }
545  p->flags |= PKT_IS_FRAGMENT;
546  return TM_ECODE_OK;
547  }
548 
549  /* do hdr test, process hdr rules */
550 
551 #ifdef DEBUG
552  if (SCLogDebugEnabled()) { /* only convert the addresses if debug is really enabled */
553  /* debug print */
554  char s[16], d[16];
555  PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), s, sizeof(s));
556  PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), d, sizeof(d));
557  SCLogDebug("IPV4 %s->%s PROTO: %" PRIu32 " OFFSET: %" PRIu32 " RF: %" PRIu8 " DF: %" PRIu8
558  " MF: %" PRIu8 " ID: %" PRIu32 "",
559  s, d, IPV4_GET_RAW_IPPROTO(ip4h), IPV4_GET_RAW_IPOFFSET(ip4h),
561  IPV4_GET_RAW_IPID(ip4h));
562  }
563 #endif /* DEBUG */
564 
565  const uint8_t *data = pkt + IPV4_GET_RAW_HLEN(ip4h);
566  const uint16_t data_len = IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h);
567 
568  /* check what next decoder to invoke */
569  switch (p->proto) {
570  case IPPROTO_TCP:
571  DecodeTCP(tv, dtv, p, data, data_len);
572  break;
573  case IPPROTO_UDP:
574  DecodeUDP(tv, dtv, p, data, data_len);
575  break;
576  case IPPROTO_ICMP:
577  DecodeICMPV4(tv, dtv, p, data, data_len);
578  break;
579  case IPPROTO_GRE:
580  DecodeGRE(tv, dtv, p, data, data_len);
581  break;
582  case IPPROTO_SCTP:
583  DecodeSCTP(tv, dtv, p, data, data_len);
584  break;
585  case IPPROTO_ESP:
586  DecodeESP(tv, dtv, p, data, data_len);
587  break;
588  case IPPROTO_IPV6: {
589  /* spawn off tunnel packet */
590  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV6);
591  if (tp != NULL) {
595  }
596  FlowSetupPacket(p);
597  break;
598  }
599  case IPPROTO_IPIP: {
600  /* spawn off tunnel packet */
601  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV4);
602  if (tp != NULL) {
606  }
607  FlowSetupPacket(p);
608  break;
609  }
610  case IPPROTO_IP:
611  /* check PPP VJ uncompressed packets and decode tcp dummy */
612  if (p->flags & PKT_PPP_VJ_UCOMP) {
613  DecodeTCP(tv, dtv, p, data, data_len);
614  }
615  break;
616  case IPPROTO_ICMPV6:
618  break;
619  }
620 
621  return TM_ECODE_OK;
622 }
623 
624 /* UNITTESTS */
625 #ifdef UNITTESTS
626 #include "packet.h"
627 
628 /** \test IPV4 with no options. */
629 static int DecodeIPV4OptionsNONETest01(void)
630 {
631  uint8_t raw_opts[] = { };
632  Packet *p = PacketGetFromAlloc();
633  FAIL_IF(unlikely(p == NULL));
634 
635  IPV4Options opts;
636  memset(&opts, 0x00, sizeof(opts));
637  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
639 
640  SCFree(p);
641  PASS;
642 }
643 
644 /** \test IPV4 with EOL option. */
645 static int DecodeIPV4OptionsEOLTest01(void)
646 {
647  uint8_t raw_opts[] = {
648  IPV4_OPT_EOL, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
649  };
650  Packet *p = PacketGetFromAlloc();
651  FAIL_IF(unlikely(p == NULL));
652  IPV4Options opts;
653  memset(&opts, 0x00, sizeof(opts));
654  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
656  SCFree(p);
657  PASS;
658 }
659 
660 /** \test IPV4 with NOP option. */
661 static int DecodeIPV4OptionsNOPTest01(void)
662 {
663  uint8_t raw_opts[] = {
664  IPV4_OPT_NOP, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
665  };
666  Packet *p = PacketGetFromAlloc();
667  FAIL_IF(unlikely(p == NULL));
668  IPV4Options opts;
669  memset(&opts, 0x00, sizeof(opts));
670  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
672  SCFree(p);
673  PASS;
674 }
675 
676 /** \test IPV4 with RR option. */
677 static int DecodeIPV4OptionsRRTest01(void)
678 {
679  uint8_t raw_opts[] = {
680  IPV4_OPT_RR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
681  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
682  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
683  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
684  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
685  };
686  Packet *p = PacketGetFromAlloc();
687  FAIL_IF(unlikely(p == NULL));
688 
689  IPV4Options opts;
690  memset(&opts, 0x00, sizeof(opts));
691  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
693  FAIL_IF(opts.o_rr.type != IPV4_OPT_RR);
694  SCFree(p);
695  PASS;
696 }
697 
698 /** \test IPV4 with RR option (len too large). */
699 static int DecodeIPV4OptionsRRTest02(void)
700 {
701  uint8_t raw_opts[] = {
702  IPV4_OPT_RR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
703  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
704  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
705  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
707  };
708  Packet *p = PacketGetFromAlloc();
709  FAIL_IF(unlikely(p == NULL));
710 
711  IPV4Options opts;
712  memset(&opts, 0x00, sizeof(opts));
713  FAIL_IF(DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts) != -1);
714  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
715  FAIL_IF(opts.o_rr.type != 0);
716  SCFree(p);
717  PASS;
718 }
719 
720 /** \test IPV4 with RR option (ptr too large). */
721 static int DecodeIPV4OptionsRRTest03(void)
722 {
723  uint8_t raw_opts[] = {
724  IPV4_OPT_RR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
725  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
726  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
727  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
728  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
729  };
730  Packet *p = PacketGetFromAlloc();
731  FAIL_IF(unlikely(p == NULL));
732 
733  IPV4Options opts;
734  memset(&opts, 0x00, sizeof(opts));
735  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
736  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
737  FAIL_IF(opts.o_rr.type != 0);
738  SCFree(p);
739  PASS;
740 }
741 
742 /** \test IPV4 with RR option (ptr not in 4 byte increment). */
743 static int DecodeIPV4OptionsRRTest04(void)
744 {
745  uint8_t raw_opts[] = {
746  IPV4_OPT_RR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
747  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
748  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
749  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
750  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
751  };
752  Packet *p = PacketGetFromAlloc();
753  FAIL_IF(unlikely(p == NULL));
754 
755  IPV4Options opts;
756  memset(&opts, 0x00, sizeof(opts));
757  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
758  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
759  FAIL_IF(opts.o_rr.type != 0);
760  SCFree(p);
761  PASS;
762 }
763 
764 /** \test IPV4 with QS option. */
765 static int DecodeIPV4OptionsQSTest01(void)
766 {
767  uint8_t raw_opts[] = {
768  IPV4_OPT_QS, 0x08, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
769  };
770  Packet *p = PacketGetFromAlloc();
771  FAIL_IF(unlikely(p == NULL));
772 
773  IPV4Options opts;
774  memset(&opts, 0x00, sizeof(opts));
775  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
777  FAIL_IF(opts.o_qs.type != IPV4_OPT_QS);
778  SCFree(p);
779  PASS;
780 }
781 
782 /** \test IPV4 with QS option (len too small) */
783 static int DecodeIPV4OptionsQSTest02(void)
784 {
785  uint8_t raw_opts[] = {
786  IPV4_OPT_QS, 0x07, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
787  };
788  Packet *p = PacketGetFromAlloc();
789  FAIL_IF(unlikely(p == NULL));
790 
791  IPV4Options opts;
792  memset(&opts, 0x00, sizeof(opts));
793  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
794  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
795  FAIL_IF(opts.o_qs.type != 0);
796  SCFree(p);
797  PASS;
798 }
799 
800 /** \test IPV4 with TS option. */
801 static int DecodeIPV4OptionsTSTest01(void)
802 {
803  uint8_t raw_opts[] = {
804  IPV4_OPT_TS, 0x24, 0x0d, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
805  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
806  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
807  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
808  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
809  };
810  Packet *p = PacketGetFromAlloc();
811  FAIL_IF(unlikely(p == NULL));
812 
813  IPV4Options opts;
814  memset(&opts, 0x00, sizeof(opts));
815  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
817  FAIL_IF(opts.o_ts.type != IPV4_OPT_TS);
818  SCFree(p);
819  PASS;
820 }
821 
822 /** \test IPV4 with TS option (ptr too small). */
823 static int DecodeIPV4OptionsTSTest02(void)
824 {
825  uint8_t raw_opts[] = {
826  IPV4_OPT_TS, 0x24, 0x04, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
827  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
828  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
829  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
830  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
831  };
832  Packet *p = PacketGetFromAlloc();
833  FAIL_IF(unlikely(p == NULL));
834 
835  IPV4Options opts;
836  memset(&opts, 0x00, sizeof(opts));
837  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
838  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
839  FAIL_IF(opts.o_ts.type != 0);
840  SCFree(p);
841  PASS;
842 }
843 
844 /** \test IPV4 with TS option (ptr too large). */
845 static int DecodeIPV4OptionsTSTest03(void)
846 {
847  uint8_t raw_opts[] = {
848  IPV4_OPT_TS, 0x24, 0xff, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
849  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
850  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
851  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
852  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
853  };
854  Packet *p = PacketGetFromAlloc();
855  FAIL_IF(unlikely(p == NULL));
856 
857  IPV4Options opts;
858  memset(&opts, 0x00, sizeof(opts));
859  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
860  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
861  FAIL_IF(opts.o_ts.type != 0);
862  SCFree(p);
863  PASS;
864 }
865 
866 /** \test IPV4 with TS option (ptr not valid). */
867 static int DecodeIPV4OptionsTSTest04(void)
868 {
869  uint8_t raw_opts[] = {
870  IPV4_OPT_TS, 0x24, 0x0a, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
871  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
872  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
873  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
874  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
875  };
876  Packet *p = PacketGetFromAlloc();
877  FAIL_IF(unlikely(p == NULL));
878 
879  IPV4Options opts;
880  memset(&opts, 0x00, sizeof(opts));
881  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
882  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
883  FAIL_IF(opts.o_ts.type != 0);
884  SCFree(p);
885  PASS;
886 }
887 
888 /** \test IPV4 with SEC option. */
889 static int DecodeIPV4OptionsSECTest01(void)
890 {
891  uint8_t raw_opts[] = {
892  IPV4_OPT_SEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00,
893  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
894  };
895  Packet *p = PacketGetFromAlloc();
896  FAIL_IF(unlikely(p == NULL));
897 
898  IPV4Options opts;
899  memset(&opts, 0x00, sizeof(opts));
900  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
902  FAIL_IF(opts.o_sec.type != IPV4_OPT_SEC);
903  SCFree(p);
904  PASS;
905 }
906 
907 /** \test IPV4 with SEC option (invalid length). */
908 static int DecodeIPV4OptionsSECTest02(void)
909 {
910  uint8_t raw_opts[] = { IPV4_OPT_SEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
911  0x00, 0x00, 0x00, 0x00, 0x00 };
912  Packet *p = PacketGetFromAlloc();
913  FAIL_IF(unlikely(p == NULL));
914 
915  IPV4Options opts;
916  memset(&opts, 0x00, sizeof(opts));
917  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
918  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
919  FAIL_IF(opts.o_sec.type != 0);
920  SCFree(p);
921  PASS;
922 }
923 
924 /** \test IPV4 with ESEC option. */
925 static int DecodeIPV4OptionsESECTest01(void)
926 {
927  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
928  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
929  Packet *p = PacketGetFromAlloc();
930  FAIL_IF(unlikely(p == NULL));
931 
932  IPV4Options opts;
933  memset(&opts, 0x00, sizeof(opts));
934  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
936  FAIL_IF(opts.o_esec.type != IPV4_OPT_ESEC);
937  SCFree(p);
938  PASS;
939 }
940 
941 /** \test IPV4 with ESEC option (invalid length). */
942 static int DecodeIPV4OptionsESECTest02(void)
943 {
944  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
945  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
946  Packet *p = PacketGetFromAlloc();
947  FAIL_IF(unlikely(p == NULL));
948 
949  IPV4Options opts;
950  memset(&opts, 0x00, sizeof(opts));
951  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
952  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
953  FAIL_IF(opts.o_esec.type != 0);
954  SCFree(p);
955  PASS;
956 }
957 
958 /** \test IPV4 with LSRR option. */
959 static int DecodeIPV4OptionsLSRRTest01(void)
960 {
961  uint8_t raw_opts[] = {
962  IPV4_OPT_LSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
963  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
964  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
965  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
966  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
967  };
968  Packet *p = PacketGetFromAlloc();
969  FAIL_IF(unlikely(p == NULL));
970 
971  IPV4Options opts;
972  memset(&opts, 0x00, sizeof(opts));
973  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
975  FAIL_IF(opts.o_lsrr.type != IPV4_OPT_LSRR);
976  SCFree(p);
977  PASS;
978 }
979 
980 /** \test IPV4 with LSRR option (len too large). */
981 static int DecodeIPV4OptionsLSRRTest02(void)
982 {
983  uint8_t raw_opts[] = {
984  IPV4_OPT_LSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
985  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
986  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
987  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
988  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
989  };
990  Packet *p = PacketGetFromAlloc();
991  FAIL_IF(unlikely(p == NULL));
992 
993  IPV4Options opts;
994  memset(&opts, 0x00, sizeof(opts));
995  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
996  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
997  FAIL_IF(opts.o_lsrr.type != 0);
998  SCFree(p);
999  PASS;
1000 }
1001 
1002 /** \test IPV4 with LSRR option (ptr too large). */
1003 static int DecodeIPV4OptionsLSRRTest03(void)
1004 {
1005  uint8_t raw_opts[] = {
1006  IPV4_OPT_LSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1007  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1010  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1011  };
1012  Packet *p = PacketGetFromAlloc();
1013  FAIL_IF(unlikely(p == NULL));
1014 
1015  IPV4Options opts;
1016  memset(&opts, 0x00, sizeof(opts));
1017  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1018  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1019  FAIL_IF(opts.o_lsrr.type != 0);
1020  SCFree(p);
1021  PASS;
1022 }
1023 
1024 /** \test IPV4 with LSRR option (ptr not in 4 byte increment). */
1025 static int DecodeIPV4OptionsLSRRTest04(void)
1026 {
1027  uint8_t raw_opts[] = {
1028  IPV4_OPT_LSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1029  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1030  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1031  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1032  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1033  };
1034  Packet *p = PacketGetFromAlloc();
1035  FAIL_IF(unlikely(p == NULL));
1036 
1037  IPV4Options opts;
1038  memset(&opts, 0x00, sizeof(opts));
1039  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1040  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1041  FAIL_IF(opts.o_lsrr.type != 0);
1042  SCFree(p);
1043  PASS;
1044 }
1045 
1046 /** \test IPV4 with CIPSO option. */
1047 static int DecodeIPV4OptionsCIPSOTest01(void)
1048 {
1049  uint8_t raw_opts[] = {
1050  IPV4_OPT_CIPSO, 0x18, 0x00, 0x00, 0x00, 0x05, 0x05, 0x12,
1051  0x00, 0x03, 0x00, 0xef, 0x00, 0xef, 0x00, 0x06,
1052  0x00, 0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00
1053  };
1054  Packet *p = PacketGetFromAlloc();
1055  FAIL_IF(unlikely(p == NULL));
1056 
1057  IPV4Options opts;
1058  memset(&opts, 0x00, sizeof(opts));
1059  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1062  SCFree(p);
1063  PASS;
1064 }
1065 
1066 /** \test IPV4 with SID option. */
1067 static int DecodeIPV4OptionsSIDTest01(void)
1068 {
1069  uint8_t raw_opts[] = {
1070  IPV4_OPT_SID, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1071  };
1072  Packet *p = PacketGetFromAlloc();
1073  FAIL_IF(unlikely(p == NULL));
1074 
1075  IPV4Options opts;
1076  memset(&opts, 0x00, sizeof(opts));
1077  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1079  FAIL_IF(opts.o_sid.type != IPV4_OPT_SID);
1080  SCFree(p);
1081  PASS;
1082 }
1083 
1084 /** \test IPV4 with SID option (len invalid. */
1085 static int DecodeIPV4OptionsSIDTest02(void)
1086 {
1087  uint8_t raw_opts[] = {
1088  IPV4_OPT_SID, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1089  };
1090  Packet *p = PacketGetFromAlloc();
1091  FAIL_IF(unlikely(p == NULL));
1092 
1093  IPV4Options opts;
1094  memset(&opts, 0x00, sizeof(opts));
1095  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1096  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1097  FAIL_IF(opts.o_sid.type != 0);
1098  SCFree(p);
1099  PASS;
1100 }
1101 
1102 /** \test IPV4 with SSRR option. */
1103 static int DecodeIPV4OptionsSSRRTest01(void)
1104 {
1105  uint8_t raw_opts[] = {
1106  IPV4_OPT_SSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1107  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1108  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1109  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1110  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1111  };
1112  Packet *p = PacketGetFromAlloc();
1113  FAIL_IF(unlikely(p == NULL));
1114 
1115  IPV4Options opts;
1116  memset(&opts, 0x00, sizeof(opts));
1117  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1119  FAIL_IF(opts.o_ssrr.type != IPV4_OPT_SSRR);
1120  SCFree(p);
1121  PASS;
1122 }
1123 
1124 /** \test IPV4 with SSRR option (len too large). */
1125 static int DecodeIPV4OptionsSSRRTest02(void)
1126 {
1127  uint8_t raw_opts[] = {
1128  IPV4_OPT_SSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1129  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1130  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1131  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1132  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1133  };
1134  Packet *p = PacketGetFromAlloc();
1135  FAIL_IF(unlikely(p == NULL));
1136 
1137  IPV4Options opts;
1138  memset(&opts, 0x00, sizeof(opts));
1139  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1140  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1141  FAIL_IF(opts.o_ssrr.type != 0);
1142  SCFree(p);
1143  PASS;
1144 }
1145 
1146 /** \test IPV4 with SSRR option (ptr too large). */
1147 static int DecodeIPV4OptionsSSRRTest03(void)
1148 {
1149  uint8_t raw_opts[] = {
1150  IPV4_OPT_SSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1151  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1152  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1153  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1154  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1155  };
1156  Packet *p = PacketGetFromAlloc();
1157  FAIL_IF(unlikely(p == NULL));
1158 
1159  IPV4Options opts;
1160  memset(&opts, 0x00, sizeof(opts));
1161  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1162  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1163  FAIL_IF(opts.o_ssrr.type != 0);
1164  SCFree(p);
1165  PASS;
1166 }
1167 
1168 /** \test IPV4 with SSRR option (ptr not in 4 byte increment). */
1169 static int DecodeIPV4OptionsSSRRTest04(void)
1170 {
1171  uint8_t raw_opts[] = {
1172  IPV4_OPT_SSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1173  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1174  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1175  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1176  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1177  };
1178  Packet *p = PacketGetFromAlloc();
1179  FAIL_IF(unlikely(p == NULL));
1180 
1181  IPV4Options opts;
1182  memset(&opts, 0x00, sizeof(opts));
1183  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1184  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1185  FAIL_IF(opts.o_ssrr.type != 0);
1186  SCFree(p);
1187  PASS;
1188 }
1189 
1190 /** \test IPV4 with RTRALT option. */
1191 static int DecodeIPV4OptionsRTRALTTest01(void)
1192 {
1193  uint8_t raw_opts[] = {
1194  IPV4_OPT_RTRALT, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1195  };
1196  Packet *p = PacketGetFromAlloc();
1197  FAIL_IF(unlikely(p == NULL));
1198 
1199  IPV4Options opts;
1200  memset(&opts, 0x00, sizeof(opts));
1201  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1204  SCFree(p);
1205  PASS;
1206 }
1207 
1208 /** \test IPV4 with RTRALT option (len invalid. */
1209 static int DecodeIPV4OptionsRTRALTTest02(void)
1210 {
1211  uint8_t raw_opts[] = {
1212  IPV4_OPT_RTRALT, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1213  };
1214  Packet *p = PacketGetFromAlloc();
1215  FAIL_IF(unlikely(p == NULL));
1216 
1217  IPV4Options opts;
1218  memset(&opts, 0x00, sizeof(opts));
1219  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1220  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1221  FAIL_IF(opts.o_rtralt.type != 0);
1222  SCFree(p);
1223  PASS;
1224 }
1225 
1226 static int IPV4CalculateValidChecksumtest01(void)
1227 {
1228  uint16_t csum = 0;
1229 
1230  uint8_t raw_ipv4[] = {
1231  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1232  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1233  0xc0, 0xa8, 0x01, 0x03};
1234 
1235  csum = *( ((uint16_t *)raw_ipv4) + 5);
1236 
1237  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) != 0);
1238  PASS;
1239 }
1240 
1241 static int IPV4CalculateInvalidChecksumtest02(void)
1242 {
1243  uint16_t csum = 0;
1244 
1245  uint8_t raw_ipv4[] = {
1246  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1247  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1248  0xc0, 0xa8, 0x01, 0x07};
1249 
1250  csum = *( ((uint16_t *)raw_ipv4) + 5);
1251 
1252  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) == 0);
1253  PASS;
1254 }
1255 
1256 /**
1257  * \test IPV4 defrag and packet recursion level test
1258  */
1259 static int DecodeIPV4DefragTest01(void)
1260 {
1261  uint8_t pkt1[] = {
1262  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1263  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1264  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1265  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1266  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1267  0x81, 0x5e
1268  };
1269  uint8_t pkt2[] = {
1270  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1271  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1272  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1273  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1274  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1275  0x80, 0x00
1276  };
1277  uint8_t pkt3[] = {
1278  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1279  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1280  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1281  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1282  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1283  };
1284  uint8_t tunnel_pkt[] = {
1285  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1286  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1287  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1288  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1289  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1290  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1291  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1292  };
1293 
1294  Packet *p = PacketGetFromAlloc();
1295  FAIL_IF_NULL(p);
1296  ThreadVars tv;
1298 
1299  memset(&tv, 0, sizeof(ThreadVars));
1300  memset(&dtv, 0, sizeof(DecodeThreadVars));
1301 
1303  DefragInit();
1304 
1305  PacketCopyData(p, pkt1, sizeof(pkt1));
1308  FAIL_IF(PacketIsTCP(p));
1309  PacketRecycle(p);
1310 
1311  PacketCopyData(p, pkt2, sizeof(pkt2));
1314  FAIL_IF(PacketIsTCP(p));
1315  PacketRecycle(p);
1316 
1317  PacketCopyData(p, pkt3, sizeof(pkt3));
1320  FAIL_IF(PacketIsTCP(p));
1322  FAIL_IF_NULL(tp);
1324  FAIL_IF_NOT(PacketIsIPv4(tp));
1325  FAIL_IF_NOT(PacketIsTCP(tp));
1326  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1327  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1328  PacketRecycle(tp);
1329  SCFree(tp);
1330 
1331  DefragDestroy();
1332  PacketRecycle(p);
1333  FlowShutdown();
1334  SCFree(p);
1335  PASS;
1336 }
1337 
1338 /**
1339  * \test Don't send IPv4 fragments to the upper layer decoder and
1340  * and packet recursion level test.
1341  */
1342 static int DecodeIPV4DefragTest02(void)
1343 {
1344  uint8_t pkt1[] = {
1345  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1346  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1347  0x00, 0x24, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1348  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1349  0xe1, 0x0c,
1350  /* first frag */
1351  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1352  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1353  0x80, 0x00,
1354  };
1355  uint8_t pkt2[] = {
1356  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1357  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1358  0x00, 0x2c, 0xe9, 0xef, 0x20, 0x02, 0x40, 0x06,
1359  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1360  0xe1, 0x0c,
1361  /* second frag */
1362  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1363  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1364  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04
1365  };
1366  uint8_t pkt3[] = {
1367  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1368  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1369  0x00, 0x16, 0xe9, 0xef, 0x00, 0x05, 0x40, 0x06,
1370  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1371  0xe1, 0x0c,
1372  /* final frag */
1373  0xb1, 0xa3,
1374  };
1375 
1376  uint8_t tunnel_pkt[] = {
1377  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1378  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1379  0x00, 0x3e, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1380  0xba, 0xae, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1381  0xe1, 0x0c,
1382  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3, 0x81, 0x5e,
1383  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1384  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1385  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1386  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04,
1387  0xb1, 0xa3,
1388  };
1389 
1390  Packet *p = PacketGetFromAlloc();
1391  FAIL_IF_NULL(p);
1392  ThreadVars tv;
1394 
1395  memset(&tv, 0, sizeof(ThreadVars));
1396  memset(&dtv, 0, sizeof(DecodeThreadVars));
1397 
1399  DefragInit();
1400 
1401  PacketCopyData(p, pkt1, sizeof(pkt1));
1404  FAIL_IF(PacketIsTCP(p));
1405  PacketRecycle(p);
1406 
1407  PacketCopyData(p, pkt2, sizeof(pkt2));
1410  FAIL_IF(PacketIsTCP(p));
1411  PacketRecycle(p);
1412 
1413  p->recursion_level = 3;
1414  PacketCopyData(p, pkt3, sizeof(pkt3));
1417  FAIL_IF(PacketIsTCP(p));
1419  FAIL_IF_NULL(tp);
1421  FAIL_IF_NOT(PacketIsIPv4(tp));
1422  FAIL_IF_NOT(PacketIsTCP(tp));
1423  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1424  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1425  PacketRecycle(tp);
1426  SCFree(tp);
1427 
1428  DefragDestroy();
1429  PacketRecycle(p);
1430  FlowShutdown();
1431  SCFree(p);
1432  PASS;
1433 }
1434 
1435 /**
1436  * \test IPV4 defrag and flow retrieval test.
1437  */
1438 static int DecodeIPV4DefragTest03(void)
1439 {
1440  uint8_t pkt[] = {
1441  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1442  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1443  0x00, 0x28, 0xe9, 0xee, 0x00, 0x00, 0x40, 0x06,
1444  0xba, 0xbd, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1445  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1446  0x81, 0x5d, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
1447  0x80, 0x00, 0x0c, 0xee, 0x00, 0x00
1448  };
1449  uint8_t pkt1[] = {
1450  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1451  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1452  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1453  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1454  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1455  0x81, 0x5e
1456  };
1457  uint8_t pkt2[] = {
1458  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1459  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1460  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1461  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1462  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1463  0x80, 0x00
1464  };
1465  uint8_t pkt3[] = {
1466  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1467  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1468  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1469  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1470  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1471  };
1472  uint8_t tunnel_pkt[] = {
1473  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1474  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1475  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1476  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1477  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1478  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1479  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1480  };
1481 
1482  Packet *p = PacketGetFromAlloc();
1483  FAIL_IF_NULL(p);
1484  ThreadVars tv;
1486  memset(&tv, 0, sizeof(ThreadVars));
1487  memset(&dtv, 0, sizeof(DecodeThreadVars));
1488 
1490  DefragInit();
1491 
1492  PacketCopyData(p, pkt, sizeof(pkt));
1495  FAIL_IF_NOT(PacketIsTCP(p));
1496  FAIL_IF(!(p->flags & PKT_WANTS_FLOW));
1497  PacketRecycle(p);
1498 
1499  PacketCopyData(p, pkt1, sizeof(pkt1));
1502  FAIL_IF(PacketIsTCP(p));
1503  PacketRecycle(p);
1504 
1505  PacketCopyData(p, pkt2, sizeof(pkt2));
1508  FAIL_IF(PacketIsTCP(p));
1509  PacketRecycle(p);
1510 
1511  PacketCopyData(p, pkt3, sizeof(pkt3));
1514  FAIL_IF(PacketIsTCP(p));
1515 
1517  FAIL_IF_NULL(tp);
1518  FAIL_IF(!(tp->flags & PKT_WANTS_FLOW));
1519  FAIL_IF(tp->flow_hash != p->flow_hash);
1521  FAIL_IF_NOT(PacketIsIPv4(tp));
1522  FAIL_IF_NOT(PacketIsTCP(tp));
1523  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1524  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1525  PacketRecycle(tp);
1526  SCFree(tp);
1527 
1528  DefragDestroy();
1529  PacketRecycle(p);
1530  FlowShutdown();
1531  SCFree(p);
1532  PASS;
1533 }
1534 
1535 /**
1536  */
1537 static int DecodeEthernetTestIPv4Opt(void)
1538 {
1539  uint8_t raw_eth[] = {
1540  0xae, 0x71, 0x00, 0x00, 0x00, 0x4b, 0x06, 0x90, 0x61, 0x02, 0x00, 0xcd, 0x88, 0x64, 0x11, 0x00,
1541  0x15, 0x00, 0x80, 0x64, 0x00, 0x21, 0x4c, 0x00, 0x00, 0x30, 0x42, 0xd6, 0xff, 0xff, 0xbd, 0x2f,
1542  0x02, 0x02, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1543  0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1544  0x01, 0x44, 0x05, 0x22, 0x02, 0x01
1545  };
1546 
1547  DefragInit();
1548 
1549  Packet *p = PacketGetFromAlloc();
1550  FAIL_IF_NULL(p);
1551  ThreadVars tv;
1553 
1554  memset(&dtv, 0, sizeof(DecodeThreadVars));
1555  memset(&tv, 0, sizeof(ThreadVars));
1556 
1557  DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth));
1558 
1559  SCFree(p);
1560  DefragDestroy();
1561  PASS;
1562 }
1563 
1564 #endif /* UNITTESTS */
1565 
1567 {
1568 #ifdef UNITTESTS
1569  UtRegisterTest("DecodeIPV4OptionsNONETest01", DecodeIPV4OptionsNONETest01);
1570  UtRegisterTest("DecodeIPV4OptionsEOLTest01", DecodeIPV4OptionsEOLTest01);
1571  UtRegisterTest("DecodeIPV4OptionsNOPTest01", DecodeIPV4OptionsNOPTest01);
1572  UtRegisterTest("DecodeIPV4OptionsRRTest01", DecodeIPV4OptionsRRTest01);
1573  UtRegisterTest("DecodeIPV4OptionsRRTest02", DecodeIPV4OptionsRRTest02);
1574  UtRegisterTest("DecodeIPV4OptionsRRTest03", DecodeIPV4OptionsRRTest03);
1575  UtRegisterTest("DecodeIPV4OptionsRRTest04", DecodeIPV4OptionsRRTest04);
1576  UtRegisterTest("DecodeIPV4OptionsQSTest01", DecodeIPV4OptionsQSTest01);
1577  UtRegisterTest("DecodeIPV4OptionsQSTest02", DecodeIPV4OptionsQSTest02);
1578  UtRegisterTest("DecodeIPV4OptionsTSTest01", DecodeIPV4OptionsTSTest01);
1579  UtRegisterTest("DecodeIPV4OptionsTSTest02", DecodeIPV4OptionsTSTest02);
1580  UtRegisterTest("DecodeIPV4OptionsTSTest03", DecodeIPV4OptionsTSTest03);
1581  UtRegisterTest("DecodeIPV4OptionsTSTest04", DecodeIPV4OptionsTSTest04);
1582  UtRegisterTest("DecodeIPV4OptionsSECTest01", DecodeIPV4OptionsSECTest01);
1583  UtRegisterTest("DecodeIPV4OptionsSECTest02", DecodeIPV4OptionsSECTest02);
1584  UtRegisterTest("DecodeIPV4OptionsESECTest01", DecodeIPV4OptionsESECTest01);
1585  UtRegisterTest("DecodeIPV4OptionsESECTest02", DecodeIPV4OptionsESECTest02);
1586  UtRegisterTest("DecodeIPV4OptionsLSRRTest01", DecodeIPV4OptionsLSRRTest01);
1587  UtRegisterTest("DecodeIPV4OptionsLSRRTest02", DecodeIPV4OptionsLSRRTest02);
1588  UtRegisterTest("DecodeIPV4OptionsLSRRTest03", DecodeIPV4OptionsLSRRTest03);
1589  UtRegisterTest("DecodeIPV4OptionsLSRRTest04", DecodeIPV4OptionsLSRRTest04);
1590  UtRegisterTest("DecodeIPV4OptionsCIPSOTest01",
1591  DecodeIPV4OptionsCIPSOTest01);
1592  UtRegisterTest("DecodeIPV4OptionsSIDTest01", DecodeIPV4OptionsSIDTest01);
1593  UtRegisterTest("DecodeIPV4OptionsSIDTest02", DecodeIPV4OptionsSIDTest02);
1594  UtRegisterTest("DecodeIPV4OptionsSSRRTest01", DecodeIPV4OptionsSSRRTest01);
1595  UtRegisterTest("DecodeIPV4OptionsSSRRTest02", DecodeIPV4OptionsSSRRTest02);
1596  UtRegisterTest("DecodeIPV4OptionsSSRRTest03", DecodeIPV4OptionsSSRRTest03);
1597  UtRegisterTest("DecodeIPV4OptionsSSRRTest04", DecodeIPV4OptionsSSRRTest04);
1598  UtRegisterTest("DecodeIPV4OptionsRTRALTTest01",
1599  DecodeIPV4OptionsRTRALTTest01);
1600  UtRegisterTest("DecodeIPV4OptionsRTRALTTest02",
1601  DecodeIPV4OptionsRTRALTTest02);
1602  UtRegisterTest("IPV4CalculateValidChecksumtest01",
1603  IPV4CalculateValidChecksumtest01);
1604  UtRegisterTest("IPV4CalculateInvalidChecksumtest02",
1605  IPV4CalculateInvalidChecksumtest02);
1606  UtRegisterTest("DecodeIPV4DefragTest01", DecodeIPV4DefragTest01);
1607  UtRegisterTest("DecodeIPV4DefragTest02", DecodeIPV4DefragTest02);
1608  UtRegisterTest("DecodeIPV4DefragTest03", DecodeIPV4DefragTest03);
1609  UtRegisterTest("DecodeEthernetTestIPv4Opt", DecodeEthernetTestIPv4Opt);
1610 #endif /* UNITTESTS */
1611 }
1612 /**
1613  * @}
1614  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1186
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1129
IPV4Options_::o_sid
IPV4Opt o_sid
Definition: decode-ipv4.c:288
Packet_::proto
uint8_t proto
Definition: decode.h:523
IPV4_GET_RAW_IPID
#define IPV4_GET_RAW_IPID(ip4h)
Definition: decode-ipv4.h:99
IPV4Options_::o_qs
IPV4Opt o_qs
Definition: decode-ipv4.c:282
IPV4_OPT_FLAG_NOP
#define IPV4_OPT_FLAG_NOP
Definition: decode-ipv4.h:117
len
uint8_t len
Definition: app-layer-dnp3.h:2
DECODE_TUNNEL_IPV6
@ DECODE_TUNNEL_IPV6
Definition: decode.h:1107
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
IPV4_OPT_QS_MIN
#define IPV4_OPT_QS_MIN
Definition: decode-ipv4.h:53
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
DecodeUDP
int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-udp.c:75
IPV4_GET_RAW_IPPROTO
#define IPV4_GET_RAW_IPPROTO(ip4h)
Definition: decode-ipv4.h:103
IPV4_OPT_TS_MIN
#define IPV4_OPT_TS_MIN
Definition: decode-ipv4.h:54
PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:377
IPV4_GET_RAW_FLAG_DF
#define IPV4_GET_RAW_FLAG_DF(ip4h)
Definition: decode-ipv4.h:113
IPV4_GET_RAW_FLAG_MF
#define IPV4_GET_RAW_FLAG_MF(ip4h)
Definition: decode-ipv4.h:112
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DecodeESP
int DecodeESP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Function to decode IPSEC-ESP packets.
Definition: decode-esp.c:64
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:275
IPV4_OPT_FLAG_SSRR
#define IPV4_OPT_FLAG_SSRR
Definition: decode-ipv4.h:122
PKT_SRC_DECODER_IPV4
@ PKT_SRC_DECODER_IPV4
Definition: decode.h:54
IPV4Options_::o_ts
IPV4Opt o_ts
Definition: decode-ipv4.c:283
Packet_::flags
uint32_t flags
Definition: decode.h:544
PacketRecycle
void PacketRecycle(Packet *p)
Definition: packet.c:150
IPV4_OPT_SEC
#define IPV4_OPT_SEC
Definition: decode-ipv4.h:38
IPV4_OPT_CIPSO_MIN
#define IPV4_OPT_CIPSO_MIN
Definition: decode-ipv4.h:55
IPV4_OPT_FLAG_TS
#define IPV4_OPT_FLAG_TS
Definition: decode-ipv4.h:119
IPV4_OPT_LSRR
#define IPV4_OPT_LSRR
Definition: decode-ipv4.h:39
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1296
IPV4Options_::o_sec
IPV4Opt o_sec
Definition: decode-ipv4.c:284
IPV4_OPT_DUPLICATE
@ IPV4_OPT_DUPLICATE
Definition: decode-events.h:45
IPV4Options_::o_rr
IPV4Opt o_rr
Definition: decode-ipv4.c:281
IPV4_GET_RAW_IPOFFSET
#define IPV4_GET_RAW_IPOFFSET(ip4h)
Definition: decode-ipv4.h:100
IPV4_OPT_FLAG_SEC
#define IPV4_OPT_FLAG_SEC
Definition: decode-ipv4.h:124
IPPROTO_GRE
#define IPPROTO_GRE
Definition: decode-gre.h:30
IP_GET_RAW_VER
#define IP_GET_RAW_VER(pkt)
Definition: decode.h:232
IPV4_OPT_NOP
#define IPV4_OPT_NOP
Definition: decode-ipv4.h:34
IPV4_OPT_FLAG_QS
#define IPV4_OPT_FLAG_QS
Definition: decode-ipv4.h:120
IPV4_OPT_SID_LEN
#define IPV4_OPT_SID_LEN
Definition: decode-ipv4.h:47
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
IPV4Opt_::len
uint8_t len
Definition: decode-ipv4.h:67
IPV4_OPT_QS
#define IPV4_OPT_QS
Definition: decode-ipv4.h:36
IPV4_OPT_FLAG_ESEC
#define IPV4_OPT_FLAG_ESEC
Definition: decode-ipv4.h:127
DecodeSCTP
int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-sctp.c:62
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
IPV4_PKT_TOO_SMALL
@ IPV4_PKT_TOO_SMALL
Definition: decode-events.h:34
tag
uint32_t tag
Definition: decode-vntag.h:0
IPV4_OPT_FLAG_LSRR
#define IPV4_OPT_FLAG_LSRR
Definition: decode-ipv4.h:121
PKT_SET_SRC
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1325
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
IPV4Vars_::opt_cnt
uint16_t opt_cnt
Definition: decode-ipv4.h:131
decode.h
IPV4_OPT_EOL
#define IPV4_OPT_EOL
Definition: decode-ipv4.h:33
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:199
IPV4_WRONG_IP_VER
@ IPV4_WRONG_IP_VER
Definition: decode-events.h:47
IPV4_OPT_EOL_REQUIRED
@ IPV4_OPT_EOL_REQUIRED
Definition: decode-events.h:44
IPV4_GET_RAW_FRAGOFFSET
#define IPV4_GET_RAW_FRAGOFFSET(ip4h)
Definition: decode-ipv4.h:101
PacketDequeueNoLock
Packet * PacketDequeueNoLock(PacketQueueNoLock *qnl)
Definition: packet-queue.c:208
PKT_IS_FRAGMENT
#define PKT_IS_FRAGMENT
Definition: decode.h:1290
IPV4_OPT_ROUTE_MIN
#define IPV4_OPT_ROUTE_MIN
Definition: decode-ipv4.h:52
util-print.h
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:209
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
DecodeThreadVars_::counter_ipv6inipv4
uint16_t counter_ipv6inipv4
Definition: decode.h:1011
IPV4_GET_RAW_HLEN
#define IPV4_GET_RAW_HLEN(ip4h)
Definition: decode-ipv4.h:96
IPV4_WITH_ICMPV6
@ IPV4_WITH_ICMPV6
Definition: decode-events.h:48
DecodeGRE
int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Function to decode GRE packets.
Definition: decode-gre.c:47
IPV4_OPT_RR
#define IPV4_OPT_RR
Definition: decode-ipv4.h:35
IPV4_OPT_FLAG_CIPSO
#define IPV4_OPT_FLAG_CIPSO
Definition: decode-ipv4.h:125
SET_IPV4_SRC_ADDR
#define SET_IPV4_SRC_ADDR(ip4h, a)
Definition: decode.h:140
IPV4_OPT_ESEC
#define IPV4_OPT_ESEC
Definition: decode-ipv4.h:40
IPV4_OPT_FLAG_RTRALT
#define IPV4_OPT_FLAG_RTRALT
Definition: decode-ipv4.h:126
IPV4_OPT_RTRALT_LEN
#define IPV4_OPT_RTRALT_LEN
Definition: decode-ipv4.h:48
IPV4Options_::o_cipso
IPV4Opt o_cipso
Definition: decode-ipv4.c:287
Packet_
Definition: decode.h:501
IPV4_HLEN_TOO_SMALL
@ IPV4_HLEN_TOO_SMALL
Definition: decode-events.h:35
DECODE_TUNNEL_IPV4
@ DECODE_TUNNEL_IPV4
Definition: decode.h:1106
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:208
IPV4_OPT_FLAG_RR
#define IPV4_OPT_FLAG_RR
Definition: decode-ipv4.h:118
ETHERNET_HEADER_LEN
#define ETHERNET_HEADER_LEN
Definition: decode-ethernet.h:27
PacketL3::ip4
IPV4Vars ip4
Definition: decode.h:445
IPV4_OPT_RTRALT
#define IPV4_OPT_RTRALT
Definition: decode-ipv4.h:44
PacketL3::vars
union PacketL3::@31 vars
IPV4_IPLEN_SMALLER_THAN_HLEN
@ IPV4_IPLEN_SMALLER_THAN_HLEN
Definition: decode-events.h:36
defrag.h
IPV4Opt_::data
const uint8_t * data
Definition: decode-ipv4.h:68
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
IPV4_OPT_TS
#define IPV4_OPT_TS
Definition: decode-ipv4.h:37
DecodeTCP
int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-tcp.c:273
IPV4Hdr_
Definition: decode-ipv4.h:72
decode-ipv4.h
IPV4_OPT_CIPSO
#define IPV4_OPT_CIPSO
Definition: decode-ipv4.h:41
PacketEnqueueNoLock
void PacketEnqueueNoLock(PacketQueueNoLock *qnl, Packet *p)
Definition: packet-queue.c:168
IPPROTO_IPIP
#define IPPROTO_IPIP
Definition: decode.h:1212
IPV4Options_
Definition: decode-ipv4.c:280
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:198
suricata-common.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:691
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
packet.h
IPV4Opt_::type
uint8_t type
Definition: decode-ipv4.h:66
IPV4Options
struct IPV4Options_ IPV4Options
IPV4_OPT_PAD_REQUIRED
@ IPV4_OPT_PAD_REQUIRED
Definition: decode-events.h:43
IPV4_OPT_INVALID_LEN
@ IPV4_OPT_INVALID_LEN
Definition: decode-events.h:41
IPV4_GET_RAW_FLAG_RF
#define IPV4_GET_RAW_FLAG_RF(ip4h)
Definition: decode-ipv4.h:114
IPV4Options_::o_rtralt
IPV4Opt o_rtralt
Definition: decode-ipv4.c:290
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
IPV4_TRUNC_PKT
@ IPV4_TRUNC_PKT
Definition: decode-events.h:37
PKT_PPP_VJ_UCOMP
#define PKT_PPP_VJ_UCOMP
Definition: decode.h:1249
DecodeThreadVars_::counter_ipv4
uint16_t counter_ipv4
Definition: decode.h:979
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:258
Packet_::flow_hash
uint32_t flow_hash
Definition: decode.h:550
Packet_::l3
struct PacketL3 l3
Definition: decode.h:600
IPV4_OPT_MALFORMED
@ IPV4_OPT_MALFORMED
Definition: decode-events.h:42
IPV4_OPT_SEC_MIN
#define IPV4_OPT_SEC_MIN
Definition: decode-ipv4.h:51
SCFree
#define SCFree(p)
Definition: util-mem.h:61
IPV4_OPT_SSRR
#define IPV4_OPT_SSRR
Definition: decode-ipv4.h:43
IPV4_OPT_FLAG_EOL
#define IPV4_OPT_FLAG_EOL
Definition: decode-ipv4.h:116
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:963
Packet_::recursion_level
uint8_t recursion_level
Definition: decode.h:526
IPV4Options_::o_lsrr
IPV4Opt o_lsrr
Definition: decode-ipv4.c:285
IPV4_OPT_INVALID
@ IPV4_OPT_INVALID
Definition: decode-events.h:40
ThreadVars_::decode_pq
PacketQueueNoLock decode_pq
Definition: threadvars.h:112
IPV4_OPT_FLAG_SID
#define IPV4_OPT_FLAG_SID
Definition: decode-ipv4.h:123
DecodeIPV4RegisterTests
void DecodeIPV4RegisterTests(void)
Definition: decode-ipv4.c:1566
Packet_::dst
Address dst
Definition: decode.h:506
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1194
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
IPV4_OPT_UNKNOWN
@ IPV4_OPT_UNKNOWN
Definition: decode-events.h:46
IPV4Vars_::opts_set
uint16_t opts_set
Definition: decode-ipv4.h:132
IPV4_GET_RAW_IPLEN
#define IPV4_GET_RAW_IPLEN(ip4h)
Definition: decode-ipv4.h:98
IPPROTO_SCTP
#define IPPROTO_SCTP
Definition: decode.h:1228
DecodeThreadVars_::counter_ipv4inipv4
uint16_t counter_ipv4inipv4
Definition: decode.h:1010
PacketTunnelPktSetup
Packet * PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
Setup a pseudo packet (tunnel)
Definition: decode.c:393
Defrag
Packet * Defrag(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for IPv4 and IPv6 fragments.
Definition: defrag.c:1063
flow.h
SET_IPV4_DST_ADDR
#define SET_IPV4_DST_ADDR(ip4h, a)
Definition: decode.h:149
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:520
IPV4_OPT_SID
#define IPV4_OPT_SID
Definition: decode-ipv4.h:42
IPV4Opt_
Definition: decode-ipv4.h:61
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:767
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
FlowSetupPacket
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow look...
Definition: flow-hash.c:533
Packet_::src
Address src
Definition: decode.h:505
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1291
IPV4Options_::o_ssrr
IPV4Opt o_ssrr
Definition: decode-ipv4.c:289
DefragInit
void DefragInit(void)
Definition: defrag.c:1109
DecodeICMPV4
int DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main ICMPv4 decoding function.
Definition: decode-icmpv4.c:143
IPV4Options_::o_esec
IPV4Opt o_esec
Definition: decode-ipv4.c:286