suricata
decode-ipv4.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  * \author Brian Rectanus <brectanu@gmail.com>
30  *
31  * Decode IPv4
32  */
33 
34 #include "suricata-common.h"
35 #include "decode-ipv4.h"
36 #include "decode.h"
37 #include "defrag.h"
38 #include "flow.h"
39 #include "util-print.h"
40 
41 /* Generic validation
42  *
43  * [--type--][--len---]
44  *
45  * \todo This function needs removed in favor of specific validation.
46  *
47  * See: RFC 791
48  */
49 static int IPV4OptValidateGeneric(Packet *p, const IPV4Opt *o)
50 {
51  switch (o->type) {
52  /* See: RFC 4782 */
53  case IPV4_OPT_QS:
54  if (o->len < IPV4_OPT_QS_MIN) {
56  return -1;
57  }
58  break;
59  /* See: RFC 1108 */
60  case IPV4_OPT_SEC:
61  case IPV4_OPT_ESEC:
62  if (unlikely(o->len < IPV4_OPT_SEC_MIN)) {
64  return -1;
65  }
66  break;
67  case IPV4_OPT_SID:
68  if (o->len != IPV4_OPT_SID_LEN) {
70  return -1;
71  }
72  break;
73  /* See: RFC 2113 */
74  case IPV4_OPT_RTRALT:
75  if (o->len != IPV4_OPT_RTRALT_LEN) {
77  return -1;
78  }
79  break;
80  default:
81  /* Should never get here unless there is a coding error */
83  return -1;
84  }
85 
86  return 0;
87 }
88 
89 /* Validate route type options
90  *
91  * [--type--][--len---][--ptr---][address1]...[addressN]
92  *
93  * See: RFC 791
94  */
95 static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o)
96 {
97  uint8_t ptr;
98 
99  /* Check length */
100  if (unlikely(o->len < IPV4_OPT_ROUTE_MIN)) {
102  return -1;
103  }
104 
105  /* Data is required */
106  if (unlikely(o->data == NULL)) {
108  return -1;
109  }
110  ptr = *o->data;
111 
112  /* Address pointer is 1 based and points at least after type+len+ptr,
113  * must be a incremented by 4 bytes (address size) and cannot extend
114  * past option length.
115  */
116  if (unlikely((ptr < 4) || (ptr % 4) || (ptr > o->len + 1))) {
118  return -1;
119  }
120 
121  return 0;
122 }
123 
124 /* Validate timestamp type options
125  *
126  * [--type--][--len---][--ptr---][ovfl][flag][rec1----...]...[recN----...]
127  * NOTE: rec could be 4 (ts only) or 8 (ip+ts) bytes in length.
128  *
129  * See: RFC 781
130  */
131 static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o)
132 {
133  uint8_t ptr;
134  uint8_t flag;
135  uint8_t rec_size;
136 
137  /* Check length */
138  if (unlikely(o->len < IPV4_OPT_TS_MIN)) {
140  return -1;
141  }
142 
143  /* Data is required */
144  if (unlikely(o->data == NULL)) {
146  return -1;
147  }
148  ptr = *o->data;
149 
150  /* We need the flag to determine what is in the option payload */
151  if (unlikely(ptr < 5)) {
153  return -1;
154  }
155  flag = *(o->data + 1) & 0x0f;
156 
157  /* A flag of 1|3 means we have both the ip+ts in each record */
158  rec_size = ((flag == 1) || (flag == 3)) ? 8 : 4;
159 
160  /* Address pointer is 1 based and points at least after
161  * type+len+ptr+ovfl+flag, must be incremented by by the rec_size
162  * and cannot extend past option length.
163  */
164  if (unlikely(((ptr - 5) % rec_size) || (ptr > o->len + 1))) {
166  return -1;
167  }
168 
169  return 0;
170 }
171 
172 /* Validate CIPSO option
173  *
174  * [--type--][--len---][--doi---][tags--...]
175  *
176  * See: draft-ietf-cipso-ipsecurity-01.txt
177  * See: FIPS 188 (tags 6 & 7)
178  */
179 static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o)
180 {
181 // uint32_t doi;
182  const uint8_t *tag;
183  uint16_t len;
184 
185  /* Check length */
186  if (unlikely(o->len < IPV4_OPT_CIPSO_MIN)) {
188  return -1;
189  }
190 
191  /* Data is required */
192  if (unlikely(o->data == NULL)) {
194  return -1;
195  }
196 // doi = *o->data;
197  tag = o->data + 4;
198  len = o->len - 1 - 1 - 4; /* Length of tags after header */
199 
200 
201 #if 0
202  /* Domain of Interest (DOI) of 0 is reserved and thus invalid */
203  /** \todo Apparently a DOI of zero is fine in practice - verify. */
204  if (doi == 0) {
206  return -1;
207  }
208 #endif
209 
210  /* NOTE: We know len has passed min tests prior to this call */
211 
212  /* Check that tags are formatted correctly
213  * [-ttype--][--tlen--][-tagdata-...]
214  */
215  while (len) {
216  uint8_t ttype;
217  uint8_t tlen;
218 
219  /* Tag header must fit within option length */
220  if (unlikely(len < 2)) {
222  return -1;
223  }
224 
225  /* Tag header is type+len */
226  ttype = *(tag++);
227  tlen = *(tag++);
228 
229  /* Tag length must fit within the option length */
230  if (unlikely(tlen > len)) {
232  return -1;
233  }
234 
235  switch(ttype) {
236  case 1:
237  case 2:
238  case 5:
239  case 6:
240  case 7:
241  /* Tag is at least 4 and at most the remainder of option len */
242  if (unlikely((tlen < 4) || (tlen > len))) {
244  return -1;
245  }
246 
247  /* The alignment octet is always 0 except tag
248  * type 7, which has no such field.
249  */
250  if (unlikely((ttype != 7) && (*tag != 0))) {
252  return -1;
253  }
254 
255  /* Skip the rest of the tag payload */
256  tag += tlen - 2;
257  len -= tlen;
258 
259  continue;
260  case 0:
261  /* Tag type 0 is reserved and thus invalid */
262  /** \todo Wireshark marks this a padding, but spec says reserved. */
264  return -1;
265  default:
267  /** \todo May not want to return error here on unknown tag type (at least not for 3|4) */
268  return -1;
269  }
270  }
271 
272  return 0;
273 }
274 
275 typedef struct IPV4Options_ {
287 
288 /**
289  * Decode/Validate IPv4 Options.
290  */
291 static int DecodeIPV4Options(Packet *p, const uint8_t *pkt, uint16_t len, IPV4Options *opts)
292 {
293  uint16_t plen = len;
294 
295 #ifdef DEBUG
296  if (SCLogDebugEnabled()) {
297  uint16_t i;
298  char buf[256] = "";
299  int offset = 0;
300 
301  for (i = 0; i < len; i++) {
302  offset += snprintf(buf + offset, (sizeof(buf) - offset), "%02" PRIx8 " ", pkt[i]);
303  }
304  SCLogDebug("IPV4OPTS: { %s}", buf);
305  }
306 #endif
307 
308  /* Options length must be padded to 8byte boundary */
309  if (plen % 8) {
311  /* Warn - we can keep going */
312  }
313 
314  while (plen)
315  {
316  p->l3.vars.ip4.opt_cnt++;
317 
318  /* single byte options */
319  if (*pkt == IPV4_OPT_EOL) {
320  /** \todo What if more data exist after EOL (possible covert channel or data leakage)? */
321  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
322  *pkt, (len - plen), (len - 1));
324  break;
325  } else if (*pkt == IPV4_OPT_NOP) {
326  SCLogDebug("IPV4OPT %" PRIu8 " len 1 @ %d/%d",
327  *pkt, (len - plen), (len - 1));
328  pkt++;
329  plen--;
330 
332 
333  /* multibyte options */
334  } else {
335  if (unlikely(plen < 2)) {
336  /** \todo What if padding is non-zero (possible covert channel or data leakage)? */
337  /** \todo Spec seems to indicate EOL required if there is padding */
339  break;
340  }
341 
342  /* Option length is too big for packet */
343  if (unlikely(*(pkt+1) > plen)) {
345  return -1;
346  }
347 
348  IPV4Opt opt = {*pkt, *(pkt+1), plen > 2 ? (pkt + 2) : NULL };
349 
350  /* we already know that the total options len is valid,
351  * so here the len of the specific option must be bad.
352  * Also check for invalid lengths 0 and 1. */
353  if (unlikely(opt.len > plen || opt.len < 2)) {
355  return -1;
356  }
357  /* we are parsing the most commonly used opts to prevent
358  * us from having to walk the opts list for these all the
359  * time. */
360  /** \todo Figure out which IP options are more common and list them first */
361  switch (opt.type) {
362  case IPV4_OPT_TS:
363  if (opts->o_ts.type != 0) {
365  /* Warn - we can keep going */
366  } else if (IPV4OptValidateTimestamp(p, &opt) == 0) {
367  opts->o_ts = opt;
369  }
370  break;
371  case IPV4_OPT_RR:
372  if (opts->o_rr.type != 0) {
374  /* Warn - we can keep going */
375  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
376  opts->o_rr = opt;
378  }
379  break;
380  case IPV4_OPT_QS:
381  if (opts->o_qs.type != 0) {
383  /* Warn - we can keep going */
384  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
385  opts->o_qs = opt;
387  }
388  break;
389  case IPV4_OPT_SEC:
390  if (opts->o_sec.type != 0) {
392  /* Warn - we can keep going */
393  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
394  opts->o_sec = opt;
396  }
397  break;
398  case IPV4_OPT_LSRR:
399  if (opts->o_lsrr.type != 0) {
401  /* Warn - we can keep going */
402  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
403  opts->o_lsrr = opt;
405  }
406  break;
407  case IPV4_OPT_ESEC:
408  if (opts->o_esec.type != 0) {
410  /* Warn - we can keep going */
411  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
412  opts->o_esec = opt;
414  }
415  break;
416  case IPV4_OPT_CIPSO:
417  if (opts->o_cipso.type != 0) {
419  /* Warn - we can keep going */
420  } else if (IPV4OptValidateCIPSO(p, &opt) == 0) {
421  opts->o_cipso = opt;
423  }
424  break;
425  case IPV4_OPT_SID:
426  if (opts->o_sid.type != 0) {
428  /* Warn - we can keep going */
429  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
430  opts->o_sid = opt;
432  }
433  break;
434  case IPV4_OPT_SSRR:
435  if (opts->o_ssrr.type != 0) {
437  /* Warn - we can keep going */
438  } else if (IPV4OptValidateRoute(p, &opt) == 0) {
439  opts->o_ssrr = opt;
441  }
442  break;
443  case IPV4_OPT_RTRALT:
444  if (opts->o_rtralt.type != 0) {
446  /* Warn - we can keep going */
447  } else if (IPV4OptValidateGeneric(p, &opt) == 0) {
448  opts->o_rtralt = opt;
450  }
451  break;
452  default:
453  SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8,
454  opt.type, opt.len);
456  /* Warn - we can keep going */
457  break;
458  }
459 
460  pkt += opt.len;
461  plen -= opt.len;
462  }
463  }
464 
465  return 0;
466 }
467 
468 static const IPV4Hdr *DecodeIPV4Packet(Packet *p, const uint8_t *pkt, uint16_t len)
469 {
470  if (unlikely(len < IPV4_HEADER_LEN)) {
472  return NULL;
473  }
474 
475  if (unlikely(IP_GET_RAW_VER(pkt) != 4)) {
476  SCLogDebug("wrong ip version %d",IP_GET_RAW_VER(pkt));
478  return NULL;
479  }
480 
481  const IPV4Hdr *ip4h = PacketSetIPV4(p, pkt);
482 
485  return NULL;
486  }
487 
488  if (unlikely(IPV4_GET_RAW_IPLEN(ip4h) < IPV4_GET_RAW_HLEN(ip4h))) {
490  return NULL;
491  }
492 
493  if (unlikely(len < IPV4_GET_RAW_IPLEN(ip4h))) {
495  return NULL;
496  }
497 
498  /* set the address struct */
499  SET_IPV4_SRC_ADDR(ip4h, &p->src);
500  SET_IPV4_DST_ADDR(ip4h, &p->dst);
501 
502  /* save the options len */
503  uint8_t ip_opt_len = IPV4_GET_RAW_HLEN(ip4h) - IPV4_HEADER_LEN;
504  if (ip_opt_len > 0) {
505  IPV4Options opts;
506  memset(&opts, 0x00, sizeof(opts));
507  if (DecodeIPV4Options(p, pkt + IPV4_HEADER_LEN, ip_opt_len, &opts) < 0) {
508  return NULL;
509  }
510  }
511 
512  return ip4h;
513 }
514 
516  const uint8_t *pkt, uint16_t len)
517 {
519 
520  SCLogDebug("pkt %p len %"PRIu16"", pkt, len);
521 
522  if (!PacketIncreaseCheckLayers(p)) {
523  return TM_ECODE_FAILED;
524  }
525  /* do the actual decoding */
526  const IPV4Hdr *ip4h = DecodeIPV4Packet(p, pkt, len);
527  if (unlikely(ip4h == NULL)) {
528  SCLogDebug("decoding IPv4 packet failed");
529  PacketClearL3(p);
530  return TM_ECODE_FAILED;
531  }
532  p->proto = IPV4_GET_RAW_IPPROTO(ip4h);
533 
534  /* If a fragment, pass off for re-assembly. */
535  if (unlikely(IPV4_GET_RAW_FRAGOFFSET(ip4h) > 0 || IPV4_GET_RAW_FLAG_MF(ip4h))) {
536  Packet *rp = Defrag(tv, dtv, p);
537  if (rp != NULL) {
539  }
540  p->flags |= PKT_IS_FRAGMENT;
541  return TM_ECODE_OK;
542  }
543 
544  /* do hdr test, process hdr rules */
545 
546 #ifdef DEBUG
547  if (SCLogDebugEnabled()) { /* only convert the addresses if debug is really enabled */
548  /* debug print */
549  char s[16], d[16];
550  PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), s, sizeof(s));
551  PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), d, sizeof(d));
552  SCLogDebug("IPV4 %s->%s PROTO: %" PRIu32 " OFFSET: %" PRIu32 " RF: %" PRIu8 " DF: %" PRIu8
553  " MF: %" PRIu8 " ID: %" PRIu32 "",
554  s, d, IPV4_GET_RAW_IPPROTO(ip4h), IPV4_GET_RAW_IPOFFSET(ip4h),
556  IPV4_GET_RAW_IPID(ip4h));
557  }
558 #endif /* DEBUG */
559 
560  const uint8_t *data = pkt + IPV4_GET_RAW_HLEN(ip4h);
561  const uint16_t data_len = IPV4_GET_RAW_IPLEN(ip4h) - IPV4_GET_RAW_HLEN(ip4h);
562 
563  /* check what next decoder to invoke */
564  switch (p->proto) {
565  case IPPROTO_TCP:
566  DecodeTCP(tv, dtv, p, data, data_len);
567  break;
568  case IPPROTO_UDP:
569  DecodeUDP(tv, dtv, p, data, data_len);
570  break;
571  case IPPROTO_ICMP:
572  DecodeICMPV4(tv, dtv, p, data, data_len);
573  break;
574  case IPPROTO_GRE:
575  DecodeGRE(tv, dtv, p, data, data_len);
576  break;
577  case IPPROTO_SCTP:
578  DecodeSCTP(tv, dtv, p, data, data_len);
579  break;
580  case IPPROTO_ESP:
581  DecodeESP(tv, dtv, p, data, data_len);
582  break;
583  case IPPROTO_IPV6: {
584  /* spawn off tunnel packet */
585  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV6);
586  if (tp != NULL) {
590  }
591  FlowSetupPacket(p);
592  break;
593  }
594  case IPPROTO_IPIP: {
595  /* spawn off tunnel packet */
596  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, data, data_len, DECODE_TUNNEL_IPV4);
597  if (tp != NULL) {
601  }
602  FlowSetupPacket(p);
603  break;
604  }
605  case IPPROTO_IP:
606  /* check PPP VJ uncompressed packets and decode tcp dummy */
607  if (p->flags & PKT_PPP_VJ_UCOMP) {
608  DecodeTCP(tv, dtv, p, data, data_len);
609  }
610  break;
611  case IPPROTO_ICMPV6:
613  break;
614  }
615 
616  return TM_ECODE_OK;
617 }
618 
619 /* UNITTESTS */
620 #ifdef UNITTESTS
621 #include "packet.h"
622 
623 /** \test IPV4 with no options. */
624 static int DecodeIPV4OptionsNONETest01(void)
625 {
626  uint8_t raw_opts[] = { };
627  Packet *p = PacketGetFromAlloc();
628  FAIL_IF(unlikely(p == NULL));
629 
630  IPV4Options opts;
631  memset(&opts, 0x00, sizeof(opts));
632  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
634 
635  SCFree(p);
636  PASS;
637 }
638 
639 /** \test IPV4 with EOL option. */
640 static int DecodeIPV4OptionsEOLTest01(void)
641 {
642  uint8_t raw_opts[] = {
643  IPV4_OPT_EOL, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
644  };
645  Packet *p = PacketGetFromAlloc();
646  FAIL_IF(unlikely(p == NULL));
647  IPV4Options opts;
648  memset(&opts, 0x00, sizeof(opts));
649  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
651  SCFree(p);
652  PASS;
653 }
654 
655 /** \test IPV4 with NOP option. */
656 static int DecodeIPV4OptionsNOPTest01(void)
657 {
658  uint8_t raw_opts[] = {
659  IPV4_OPT_NOP, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
660  };
661  Packet *p = PacketGetFromAlloc();
662  FAIL_IF(unlikely(p == NULL));
663  IPV4Options opts;
664  memset(&opts, 0x00, sizeof(opts));
665  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
667  SCFree(p);
668  PASS;
669 }
670 
671 /** \test IPV4 with RR option. */
672 static int DecodeIPV4OptionsRRTest01(void)
673 {
674  uint8_t raw_opts[] = {
675  IPV4_OPT_RR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
676  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
677  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
678  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
679  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
680  };
681  Packet *p = PacketGetFromAlloc();
682  FAIL_IF(unlikely(p == NULL));
683 
684  IPV4Options opts;
685  memset(&opts, 0x00, sizeof(opts));
686  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
688  FAIL_IF(opts.o_rr.type != IPV4_OPT_RR);
689  SCFree(p);
690  PASS;
691 }
692 
693 /** \test IPV4 with RR option (len too large). */
694 static int DecodeIPV4OptionsRRTest02(void)
695 {
696  uint8_t raw_opts[] = {
697  IPV4_OPT_RR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
698  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
699  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
700  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
701  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
702  };
703  Packet *p = PacketGetFromAlloc();
704  FAIL_IF(unlikely(p == NULL));
705 
706  IPV4Options opts;
707  memset(&opts, 0x00, sizeof(opts));
708  FAIL_IF(DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts) != -1);
709  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
710  FAIL_IF(opts.o_rr.type != 0);
711  SCFree(p);
712  PASS;
713 }
714 
715 /** \test IPV4 with RR option (ptr too large). */
716 static int DecodeIPV4OptionsRRTest03(void)
717 {
718  uint8_t raw_opts[] = {
719  IPV4_OPT_RR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
720  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
721  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
722  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
723  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
724  };
725  Packet *p = PacketGetFromAlloc();
726  FAIL_IF(unlikely(p == NULL));
727 
728  IPV4Options opts;
729  memset(&opts, 0x00, sizeof(opts));
730  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
731  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
732  FAIL_IF(opts.o_rr.type != 0);
733  SCFree(p);
734  PASS;
735 }
736 
737 /** \test IPV4 with RR option (ptr not in 4 byte increment). */
738 static int DecodeIPV4OptionsRRTest04(void)
739 {
740  uint8_t raw_opts[] = {
741  IPV4_OPT_RR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
742  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
743  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
744  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
745  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
746  };
747  Packet *p = PacketGetFromAlloc();
748  FAIL_IF(unlikely(p == NULL));
749 
750  IPV4Options opts;
751  memset(&opts, 0x00, sizeof(opts));
752  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
753  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
754  FAIL_IF(opts.o_rr.type != 0);
755  SCFree(p);
756  PASS;
757 }
758 
759 /** \test IPV4 with QS option. */
760 static int DecodeIPV4OptionsQSTest01(void)
761 {
762  uint8_t raw_opts[] = {
763  IPV4_OPT_QS, 0x08, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
764  };
765  Packet *p = PacketGetFromAlloc();
766  FAIL_IF(unlikely(p == NULL));
767 
768  IPV4Options opts;
769  memset(&opts, 0x00, sizeof(opts));
770  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
772  FAIL_IF(opts.o_qs.type != IPV4_OPT_QS);
773  SCFree(p);
774  PASS;
775 }
776 
777 /** \test IPV4 with QS option (len too small) */
778 static int DecodeIPV4OptionsQSTest02(void)
779 {
780  uint8_t raw_opts[] = {
781  IPV4_OPT_QS, 0x07, 0x0d, 0x00, 0xbe, 0xef, 0x00, 0x00
782  };
783  Packet *p = PacketGetFromAlloc();
784  FAIL_IF(unlikely(p == NULL));
785 
786  IPV4Options opts;
787  memset(&opts, 0x00, sizeof(opts));
788  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
789  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
790  FAIL_IF(opts.o_qs.type != 0);
791  SCFree(p);
792  PASS;
793 }
794 
795 /** \test IPV4 with TS option. */
796 static int DecodeIPV4OptionsTSTest01(void)
797 {
798  uint8_t raw_opts[] = {
799  IPV4_OPT_TS, 0x24, 0x0d, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
800  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
801  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
802  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
803  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
804  };
805  Packet *p = PacketGetFromAlloc();
806  FAIL_IF(unlikely(p == NULL));
807 
808  IPV4Options opts;
809  memset(&opts, 0x00, sizeof(opts));
810  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
812  FAIL_IF(opts.o_ts.type != IPV4_OPT_TS);
813  SCFree(p);
814  PASS;
815 }
816 
817 /** \test IPV4 with TS option (ptr too small). */
818 static int DecodeIPV4OptionsTSTest02(void)
819 {
820  uint8_t raw_opts[] = {
821  IPV4_OPT_TS, 0x24, 0x04, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
822  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
823  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
824  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
825  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
826  };
827  Packet *p = PacketGetFromAlloc();
828  FAIL_IF(unlikely(p == NULL));
829 
830  IPV4Options opts;
831  memset(&opts, 0x00, sizeof(opts));
832  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
833  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
834  FAIL_IF(opts.o_ts.type != 0);
835  SCFree(p);
836  PASS;
837 }
838 
839 /** \test IPV4 with TS option (ptr too large). */
840 static int DecodeIPV4OptionsTSTest03(void)
841 {
842  uint8_t raw_opts[] = {
843  IPV4_OPT_TS, 0x24, 0xff, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
844  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
845  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
846  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
847  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
848  };
849  Packet *p = PacketGetFromAlloc();
850  FAIL_IF(unlikely(p == NULL));
851 
852  IPV4Options opts;
853  memset(&opts, 0x00, sizeof(opts));
854  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
855  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
856  FAIL_IF(opts.o_ts.type != 0);
857  SCFree(p);
858  PASS;
859 }
860 
861 /** \test IPV4 with TS option (ptr not valid). */
862 static int DecodeIPV4OptionsTSTest04(void)
863 {
864  uint8_t raw_opts[] = {
865  IPV4_OPT_TS, 0x24, 0x0a, 0x01, 0x0a, 0x0a, 0x0a, 0x69,
866  0x04, 0xce, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00,
867  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
868  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
869  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
870  };
871  Packet *p = PacketGetFromAlloc();
872  FAIL_IF(unlikely(p == NULL));
873 
874  IPV4Options opts;
875  memset(&opts, 0x00, sizeof(opts));
876  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
877  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
878  FAIL_IF(opts.o_ts.type != 0);
879  SCFree(p);
880  PASS;
881 }
882 
883 /** \test IPV4 with SEC option. */
884 static int DecodeIPV4OptionsSECTest01(void)
885 {
886  uint8_t raw_opts[] = {
887  IPV4_OPT_SEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00,
888  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
889  };
890  Packet *p = PacketGetFromAlloc();
891  FAIL_IF(unlikely(p == NULL));
892 
893  IPV4Options opts;
894  memset(&opts, 0x00, sizeof(opts));
895  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
897  FAIL_IF(opts.o_sec.type != IPV4_OPT_SEC);
898  SCFree(p);
899  PASS;
900 }
901 
902 /** \test IPV4 with SEC option (invalid length). */
903 static int DecodeIPV4OptionsSECTest02(void)
904 {
905  uint8_t raw_opts[] = { IPV4_OPT_SEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
906  0x00, 0x00, 0x00, 0x00, 0x00 };
907  Packet *p = PacketGetFromAlloc();
908  FAIL_IF(unlikely(p == NULL));
909 
910  IPV4Options opts;
911  memset(&opts, 0x00, sizeof(opts));
912  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
913  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
914  FAIL_IF(opts.o_sec.type != 0);
915  SCFree(p);
916  PASS;
917 }
918 
919 /** \test IPV4 with ESEC option. */
920 static int DecodeIPV4OptionsESECTest01(void)
921 {
922  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x0b, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
923  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
924  Packet *p = PacketGetFromAlloc();
925  FAIL_IF(unlikely(p == NULL));
926 
927  IPV4Options opts;
928  memset(&opts, 0x00, sizeof(opts));
929  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
931  FAIL_IF(opts.o_esec.type != IPV4_OPT_ESEC);
932  SCFree(p);
933  PASS;
934 }
935 
936 /** \test IPV4 with ESEC option (invalid length). */
937 static int DecodeIPV4OptionsESECTest02(void)
938 {
939  uint8_t raw_opts[] = { IPV4_OPT_ESEC, 0x02, 0xf1, 0x35, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
940  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
941  Packet *p = PacketGetFromAlloc();
942  FAIL_IF(unlikely(p == NULL));
943 
944  IPV4Options opts;
945  memset(&opts, 0x00, sizeof(opts));
946  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
947  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
948  FAIL_IF(opts.o_esec.type != 0);
949  SCFree(p);
950  PASS;
951 }
952 
953 /** \test IPV4 with LSRR option. */
954 static int DecodeIPV4OptionsLSRRTest01(void)
955 {
956  uint8_t raw_opts[] = {
957  IPV4_OPT_LSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
958  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
959  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
960  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
961  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
962  };
963  Packet *p = PacketGetFromAlloc();
964  FAIL_IF(unlikely(p == NULL));
965 
966  IPV4Options opts;
967  memset(&opts, 0x00, sizeof(opts));
968  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
970  FAIL_IF(opts.o_lsrr.type != IPV4_OPT_LSRR);
971  SCFree(p);
972  PASS;
973 }
974 
975 /** \test IPV4 with LSRR option (len too large). */
976 static int DecodeIPV4OptionsLSRRTest02(void)
977 {
978  uint8_t raw_opts[] = {
979  IPV4_OPT_LSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
980  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
981  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
982  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
983  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
984  };
985  Packet *p = PacketGetFromAlloc();
986  FAIL_IF(unlikely(p == NULL));
987 
988  IPV4Options opts;
989  memset(&opts, 0x00, sizeof(opts));
990  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
991  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
992  FAIL_IF(opts.o_lsrr.type != 0);
993  SCFree(p);
994  PASS;
995 }
996 
997 /** \test IPV4 with LSRR option (ptr too large). */
998 static int DecodeIPV4OptionsLSRRTest03(void)
999 {
1000  uint8_t raw_opts[] = {
1001  IPV4_OPT_LSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1002  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1003  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1004  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1005  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1006  };
1007  Packet *p = PacketGetFromAlloc();
1008  FAIL_IF(unlikely(p == NULL));
1009 
1010  IPV4Options opts;
1011  memset(&opts, 0x00, sizeof(opts));
1012  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1013  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1014  FAIL_IF(opts.o_lsrr.type != 0);
1015  SCFree(p);
1016  PASS;
1017 }
1018 
1019 /** \test IPV4 with LSRR option (ptr not in 4 byte increment). */
1020 static int DecodeIPV4OptionsLSRRTest04(void)
1021 {
1022  uint8_t raw_opts[] = {
1023  IPV4_OPT_LSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1024  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1025  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1026  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1027  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1028  };
1029  Packet *p = PacketGetFromAlloc();
1030  FAIL_IF(unlikely(p == NULL));
1031 
1032  IPV4Options opts;
1033  memset(&opts, 0x00, sizeof(opts));
1034  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1035  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1036  FAIL_IF(opts.o_lsrr.type != 0);
1037  SCFree(p);
1038  PASS;
1039 }
1040 
1041 /** \test IPV4 with CIPSO option. */
1042 static int DecodeIPV4OptionsCIPSOTest01(void)
1043 {
1044  uint8_t raw_opts[] = {
1045  IPV4_OPT_CIPSO, 0x18, 0x00, 0x00, 0x00, 0x05, 0x05, 0x12,
1046  0x00, 0x03, 0x00, 0xef, 0x00, 0xef, 0x00, 0x06,
1047  0x00, 0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00
1048  };
1049  Packet *p = PacketGetFromAlloc();
1050  FAIL_IF(unlikely(p == NULL));
1051 
1052  IPV4Options opts;
1053  memset(&opts, 0x00, sizeof(opts));
1054  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1057  SCFree(p);
1058  PASS;
1059 }
1060 
1061 /** \test IPV4 with SID option. */
1062 static int DecodeIPV4OptionsSIDTest01(void)
1063 {
1064  uint8_t raw_opts[] = {
1065  IPV4_OPT_SID, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1066  };
1067  Packet *p = PacketGetFromAlloc();
1068  FAIL_IF(unlikely(p == NULL));
1069 
1070  IPV4Options opts;
1071  memset(&opts, 0x00, sizeof(opts));
1072  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1074  FAIL_IF(opts.o_sid.type != IPV4_OPT_SID);
1075  SCFree(p);
1076  PASS;
1077 }
1078 
1079 /** \test IPV4 with SID option (len invalid. */
1080 static int DecodeIPV4OptionsSIDTest02(void)
1081 {
1082  uint8_t raw_opts[] = {
1083  IPV4_OPT_SID, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1084  };
1085  Packet *p = PacketGetFromAlloc();
1086  FAIL_IF(unlikely(p == NULL));
1087 
1088  IPV4Options opts;
1089  memset(&opts, 0x00, sizeof(opts));
1090  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1091  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1092  FAIL_IF(opts.o_sid.type != 0);
1093  SCFree(p);
1094  PASS;
1095 }
1096 
1097 /** \test IPV4 with SSRR option. */
1098 static int DecodeIPV4OptionsSSRRTest01(void)
1099 {
1100  uint8_t raw_opts[] = {
1101  IPV4_OPT_SSRR, 0x27, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1102  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1103  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1104  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1105  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1106  };
1107  Packet *p = PacketGetFromAlloc();
1108  FAIL_IF(unlikely(p == NULL));
1109 
1110  IPV4Options opts;
1111  memset(&opts, 0x00, sizeof(opts));
1112  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1114  FAIL_IF(opts.o_ssrr.type != IPV4_OPT_SSRR);
1115  SCFree(p);
1116  PASS;
1117 }
1118 
1119 /** \test IPV4 with SSRR option (len too large). */
1120 static int DecodeIPV4OptionsSSRRTest02(void)
1121 {
1122  uint8_t raw_opts[] = {
1123  IPV4_OPT_SSRR, 0xff, 0x08, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1124  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1125  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1126  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1127  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1128  };
1129  Packet *p = PacketGetFromAlloc();
1130  FAIL_IF(unlikely(p == NULL));
1131 
1132  IPV4Options opts;
1133  memset(&opts, 0x00, sizeof(opts));
1134  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1135  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1136  FAIL_IF(opts.o_ssrr.type != 0);
1137  SCFree(p);
1138  PASS;
1139 }
1140 
1141 /** \test IPV4 with SSRR option (ptr too large). */
1142 static int DecodeIPV4OptionsSSRRTest03(void)
1143 {
1144  uint8_t raw_opts[] = {
1145  IPV4_OPT_SSRR, 0x27, 0xff, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1146  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1147  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1148  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1149  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1150  };
1151  Packet *p = PacketGetFromAlloc();
1152  FAIL_IF(unlikely(p == NULL));
1153 
1154  IPV4Options opts;
1155  memset(&opts, 0x00, sizeof(opts));
1156  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1157  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1158  FAIL_IF(opts.o_ssrr.type != 0);
1159  SCFree(p);
1160  PASS;
1161 }
1162 
1163 /** \test IPV4 with SSRR option (ptr not in 4 byte increment). */
1164 static int DecodeIPV4OptionsSSRRTest04(void)
1165 {
1166  uint8_t raw_opts[] = {
1167  IPV4_OPT_SSRR, 0x27, 0x05, 0xc0, 0xa8, 0x2a, 0x64, 0x00,
1168  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1169  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1170  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1171  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1172  };
1173  Packet *p = PacketGetFromAlloc();
1174  FAIL_IF(unlikely(p == NULL));
1175 
1176  IPV4Options opts;
1177  memset(&opts, 0x00, sizeof(opts));
1178  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1179  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1180  FAIL_IF(opts.o_ssrr.type != 0);
1181  SCFree(p);
1182  PASS;
1183 }
1184 
1185 /** \test IPV4 with RTRALT option. */
1186 static int DecodeIPV4OptionsRTRALTTest01(void)
1187 {
1188  uint8_t raw_opts[] = {
1189  IPV4_OPT_RTRALT, 0x04, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1190  };
1191  Packet *p = PacketGetFromAlloc();
1192  FAIL_IF(unlikely(p == NULL));
1193 
1194  IPV4Options opts;
1195  memset(&opts, 0x00, sizeof(opts));
1196  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1199  SCFree(p);
1200  PASS;
1201 }
1202 
1203 /** \test IPV4 with RTRALT option (len invalid. */
1204 static int DecodeIPV4OptionsRTRALTTest02(void)
1205 {
1206  uint8_t raw_opts[] = {
1207  IPV4_OPT_RTRALT, 0x05, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00
1208  };
1209  Packet *p = PacketGetFromAlloc();
1210  FAIL_IF(unlikely(p == NULL));
1211 
1212  IPV4Options opts;
1213  memset(&opts, 0x00, sizeof(opts));
1214  DecodeIPV4Options(p, raw_opts, sizeof(raw_opts), &opts);
1215  FAIL_IF((p->flags & PKT_IS_INVALID) == 0);
1216  FAIL_IF(opts.o_rtralt.type != 0);
1217  SCFree(p);
1218  PASS;
1219 }
1220 
1221 static int IPV4CalculateValidChecksumtest01(void)
1222 {
1223  uint16_t csum = 0;
1224 
1225  uint8_t raw_ipv4[] = {
1226  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1227  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1228  0xc0, 0xa8, 0x01, 0x03};
1229 
1230  csum = *( ((uint16_t *)raw_ipv4) + 5);
1231 
1232  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) != 0);
1233  PASS;
1234 }
1235 
1236 static int IPV4CalculateInvalidChecksumtest02(void)
1237 {
1238  uint16_t csum = 0;
1239 
1240  uint8_t raw_ipv4[] = {
1241  0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00,
1242  0x40, 0x01, 0xb7, 0x52, 0xc0, 0xa8, 0x01, 0x03,
1243  0xc0, 0xa8, 0x01, 0x07};
1244 
1245  csum = *( ((uint16_t *)raw_ipv4) + 5);
1246 
1247  FAIL_IF(IPV4Checksum((uint16_t *)raw_ipv4, sizeof(raw_ipv4), csum) == 0);
1248  PASS;
1249 }
1250 
1251 /**
1252  * \test IPV4 defrag and packet recursion level test
1253  */
1254 static int DecodeIPV4DefragTest01(void)
1255 {
1256  uint8_t pkt1[] = {
1257  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1258  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1259  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1260  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1261  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1262  0x81, 0x5e
1263  };
1264  uint8_t pkt2[] = {
1265  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1266  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1267  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1268  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1269  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1270  0x80, 0x00
1271  };
1272  uint8_t pkt3[] = {
1273  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1274  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1275  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1276  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1277  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1278  };
1279  uint8_t tunnel_pkt[] = {
1280  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1281  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1282  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1283  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1284  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1285  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1286  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1287  };
1288 
1289  Packet *p = PacketGetFromAlloc();
1290  FAIL_IF_NULL(p);
1291  ThreadVars tv;
1293 
1294  memset(&tv, 0, sizeof(ThreadVars));
1295  memset(&dtv, 0, sizeof(DecodeThreadVars));
1296 
1298  DefragInit();
1299 
1300  PacketCopyData(p, pkt1, sizeof(pkt1));
1303  FAIL_IF(PacketIsTCP(p));
1304  PacketRecycle(p);
1305 
1306  PacketCopyData(p, pkt2, sizeof(pkt2));
1309  FAIL_IF(PacketIsTCP(p));
1310  PacketRecycle(p);
1311 
1312  PacketCopyData(p, pkt3, sizeof(pkt3));
1315  FAIL_IF(PacketIsTCP(p));
1317  FAIL_IF_NULL(tp);
1319  FAIL_IF_NOT(PacketIsIPv4(tp));
1320  FAIL_IF_NOT(PacketIsTCP(tp));
1321  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1322  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1323  PacketRecycle(tp);
1324  SCFree(tp);
1325 
1326  DefragDestroy();
1327  PacketRecycle(p);
1328  FlowShutdown();
1329  SCFree(p);
1330  PASS;
1331 }
1332 
1333 /**
1334  * \test Don't send IPv4 fragments to the upper layer decoder and
1335  * and packet recursion level test.
1336  */
1337 static int DecodeIPV4DefragTest02(void)
1338 {
1339  uint8_t pkt1[] = {
1340  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1341  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1342  0x00, 0x24, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1343  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1344  0xe1, 0x0c,
1345  /* first frag */
1346  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1347  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1348  0x80, 0x00,
1349  };
1350  uint8_t pkt2[] = {
1351  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1352  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1353  0x00, 0x2c, 0xe9, 0xef, 0x20, 0x02, 0x40, 0x06,
1354  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1355  0xe1, 0x0c,
1356  /* second frag */
1357  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1358  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1359  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04
1360  };
1361  uint8_t pkt3[] = {
1362  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1363  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1364  0x00, 0x16, 0xe9, 0xef, 0x00, 0x05, 0x40, 0x06,
1365  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1366  0xe1, 0x0c,
1367  /* final frag */
1368  0xb1, 0xa3,
1369  };
1370 
1371  uint8_t tunnel_pkt[] = {
1372  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1373  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1374  0x00, 0x3e, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1375  0xba, 0xae, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1376  0xe1, 0x0c,
1377  0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3, 0x81, 0x5e,
1378  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1379  0xb1, 0xa3, 0x00, 0x10, 0x5b, 0xa3, 0x81, 0x5e,
1380  0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10, 0x80, 0x00,
1381  0xb1, 0xa3, 0x00, 0x10, 0x01, 0x02, 0x03, 0x04,
1382  0xb1, 0xa3,
1383  };
1384 
1385  Packet *p = PacketGetFromAlloc();
1386  FAIL_IF_NULL(p);
1387  ThreadVars tv;
1389 
1390  memset(&tv, 0, sizeof(ThreadVars));
1391  memset(&dtv, 0, sizeof(DecodeThreadVars));
1392 
1394  DefragInit();
1395 
1396  PacketCopyData(p, pkt1, sizeof(pkt1));
1399  FAIL_IF(PacketIsTCP(p));
1400  PacketRecycle(p);
1401 
1402  PacketCopyData(p, pkt2, sizeof(pkt2));
1405  FAIL_IF(PacketIsTCP(p));
1406  PacketRecycle(p);
1407 
1408  p->recursion_level = 3;
1409  PacketCopyData(p, pkt3, sizeof(pkt3));
1412  FAIL_IF(PacketIsTCP(p));
1414  FAIL_IF_NULL(tp);
1416  FAIL_IF_NOT(PacketIsIPv4(tp));
1417  FAIL_IF_NOT(PacketIsTCP(tp));
1418  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1419  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1420  PacketRecycle(tp);
1421  SCFree(tp);
1422 
1423  DefragDestroy();
1424  PacketRecycle(p);
1425  FlowShutdown();
1426  SCFree(p);
1427  PASS;
1428 }
1429 
1430 /**
1431  * \test IPV4 defrag and flow retrieval test.
1432  */
1433 static int DecodeIPV4DefragTest03(void)
1434 {
1435  uint8_t pkt[] = {
1436  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1437  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1438  0x00, 0x28, 0xe9, 0xee, 0x00, 0x00, 0x40, 0x06,
1439  0xba, 0xbd, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1440  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1441  0x81, 0x5d, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
1442  0x80, 0x00, 0x0c, 0xee, 0x00, 0x00
1443  };
1444  uint8_t pkt1[] = {
1445  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1446  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1447  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x00, 0x40, 0x06,
1448  0x9a, 0xc8, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1449  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1450  0x81, 0x5e
1451  };
1452  uint8_t pkt2[] = {
1453  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1454  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1455  0x00, 0x1c, 0xe9, 0xef, 0x20, 0x01, 0x40, 0x06,
1456  0x9a, 0xc7, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1457  0xe1, 0x0c, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1458  0x80, 0x00
1459  };
1460  uint8_t pkt3[] = {
1461  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1462  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1463  0x00, 0x18, 0xe9, 0xef, 0x00, 0x02, 0x40, 0x06,
1464  0xba, 0xca, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1465  0xe1, 0x0c, 0xb1, 0xa3, 0x00, 0x00
1466  };
1467  uint8_t tunnel_pkt[] = {
1468  0x00, 0x50, 0x56, 0x00, 0x03, 0x05, 0xde, 0xad,
1469  0x01, 0xa3, 0xa2, 0x2f, 0x08, 0x00, 0x45, 0x00,
1470  0x00, 0x28, 0xe9, 0xef, 0x00, 0x00, 0x40, 0x06,
1471  0xba, 0xbc, 0x0a, 0x00, 0xe1, 0x17, 0x0a, 0x00,
1472  0xe1, 0x0c, 0x6e, 0x12, 0x01, 0xbd, 0x5b, 0xa3,
1473  0x81, 0x5e, 0xac, 0xb0, 0xae, 0x8a, 0x50, 0x10,
1474  0x80, 0x00, 0xb1, 0xa3, 0x00, 0x00
1475  };
1476 
1477  Packet *p = PacketGetFromAlloc();
1478  FAIL_IF_NULL(p);
1479  ThreadVars tv;
1481  memset(&tv, 0, sizeof(ThreadVars));
1482  memset(&dtv, 0, sizeof(DecodeThreadVars));
1483 
1485  DefragInit();
1486 
1487  PacketCopyData(p, pkt, sizeof(pkt));
1490  FAIL_IF_NOT(PacketIsTCP(p));
1491  FAIL_IF(!(p->flags & PKT_WANTS_FLOW));
1492  PacketRecycle(p);
1493 
1494  PacketCopyData(p, pkt1, sizeof(pkt1));
1497  FAIL_IF(PacketIsTCP(p));
1498  PacketRecycle(p);
1499 
1500  PacketCopyData(p, pkt2, sizeof(pkt2));
1503  FAIL_IF(PacketIsTCP(p));
1504  PacketRecycle(p);
1505 
1506  PacketCopyData(p, pkt3, sizeof(pkt3));
1509  FAIL_IF(PacketIsTCP(p));
1510 
1512  FAIL_IF_NULL(tp);
1513  FAIL_IF(!(tp->flags & PKT_WANTS_FLOW));
1514  FAIL_IF(tp->flow_hash != p->flow_hash);
1516  FAIL_IF_NOT(PacketIsIPv4(tp));
1517  FAIL_IF_NOT(PacketIsTCP(tp));
1518  FAIL_IF(GET_PKT_LEN(tp) != sizeof(tunnel_pkt));
1519  FAIL_IF(memcmp(GET_PKT_DATA(tp), tunnel_pkt, sizeof(tunnel_pkt)) != 0);
1520  PacketRecycle(tp);
1521  SCFree(tp);
1522 
1523  DefragDestroy();
1524  PacketRecycle(p);
1525  FlowShutdown();
1526  SCFree(p);
1527  PASS;
1528 }
1529 
1530 /**
1531  */
1532 static int DecodeEthernetTestIPv4Opt(void)
1533 {
1534  uint8_t raw_eth[] = {
1535  0xae, 0x71, 0x00, 0x00, 0x00, 0x4b, 0x06, 0x90, 0x61, 0x02, 0x00, 0xcd, 0x88, 0x64, 0x11, 0x00,
1536  0x15, 0x00, 0x80, 0x64, 0x00, 0x21, 0x4c, 0x00, 0x00, 0x30, 0x42, 0xd6, 0xff, 0xff, 0xbd, 0x2f,
1537  0x02, 0x02, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1538  0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1539  0x01, 0x44, 0x05, 0x22, 0x02, 0x01
1540  };
1541 
1542  DefragInit();
1543 
1544  Packet *p = PacketGetFromAlloc();
1545  FAIL_IF_NULL(p);
1546  ThreadVars tv;
1548 
1549  memset(&dtv, 0, sizeof(DecodeThreadVars));
1550  memset(&tv, 0, sizeof(ThreadVars));
1551 
1552  DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth));
1553 
1554  SCFree(p);
1555  DefragDestroy();
1556  PASS;
1557 }
1558 
1559 #endif /* UNITTESTS */
1560 
1562 {
1563 #ifdef UNITTESTS
1564  UtRegisterTest("DecodeIPV4OptionsNONETest01", DecodeIPV4OptionsNONETest01);
1565  UtRegisterTest("DecodeIPV4OptionsEOLTest01", DecodeIPV4OptionsEOLTest01);
1566  UtRegisterTest("DecodeIPV4OptionsNOPTest01", DecodeIPV4OptionsNOPTest01);
1567  UtRegisterTest("DecodeIPV4OptionsRRTest01", DecodeIPV4OptionsRRTest01);
1568  UtRegisterTest("DecodeIPV4OptionsRRTest02", DecodeIPV4OptionsRRTest02);
1569  UtRegisterTest("DecodeIPV4OptionsRRTest03", DecodeIPV4OptionsRRTest03);
1570  UtRegisterTest("DecodeIPV4OptionsRRTest04", DecodeIPV4OptionsRRTest04);
1571  UtRegisterTest("DecodeIPV4OptionsQSTest01", DecodeIPV4OptionsQSTest01);
1572  UtRegisterTest("DecodeIPV4OptionsQSTest02", DecodeIPV4OptionsQSTest02);
1573  UtRegisterTest("DecodeIPV4OptionsTSTest01", DecodeIPV4OptionsTSTest01);
1574  UtRegisterTest("DecodeIPV4OptionsTSTest02", DecodeIPV4OptionsTSTest02);
1575  UtRegisterTest("DecodeIPV4OptionsTSTest03", DecodeIPV4OptionsTSTest03);
1576  UtRegisterTest("DecodeIPV4OptionsTSTest04", DecodeIPV4OptionsTSTest04);
1577  UtRegisterTest("DecodeIPV4OptionsSECTest01", DecodeIPV4OptionsSECTest01);
1578  UtRegisterTest("DecodeIPV4OptionsSECTest02", DecodeIPV4OptionsSECTest02);
1579  UtRegisterTest("DecodeIPV4OptionsESECTest01", DecodeIPV4OptionsESECTest01);
1580  UtRegisterTest("DecodeIPV4OptionsESECTest02", DecodeIPV4OptionsESECTest02);
1581  UtRegisterTest("DecodeIPV4OptionsLSRRTest01", DecodeIPV4OptionsLSRRTest01);
1582  UtRegisterTest("DecodeIPV4OptionsLSRRTest02", DecodeIPV4OptionsLSRRTest02);
1583  UtRegisterTest("DecodeIPV4OptionsLSRRTest03", DecodeIPV4OptionsLSRRTest03);
1584  UtRegisterTest("DecodeIPV4OptionsLSRRTest04", DecodeIPV4OptionsLSRRTest04);
1585  UtRegisterTest("DecodeIPV4OptionsCIPSOTest01",
1586  DecodeIPV4OptionsCIPSOTest01);
1587  UtRegisterTest("DecodeIPV4OptionsSIDTest01", DecodeIPV4OptionsSIDTest01);
1588  UtRegisterTest("DecodeIPV4OptionsSIDTest02", DecodeIPV4OptionsSIDTest02);
1589  UtRegisterTest("DecodeIPV4OptionsSSRRTest01", DecodeIPV4OptionsSSRRTest01);
1590  UtRegisterTest("DecodeIPV4OptionsSSRRTest02", DecodeIPV4OptionsSSRRTest02);
1591  UtRegisterTest("DecodeIPV4OptionsSSRRTest03", DecodeIPV4OptionsSSRRTest03);
1592  UtRegisterTest("DecodeIPV4OptionsSSRRTest04", DecodeIPV4OptionsSSRRTest04);
1593  UtRegisterTest("DecodeIPV4OptionsRTRALTTest01",
1594  DecodeIPV4OptionsRTRALTTest01);
1595  UtRegisterTest("DecodeIPV4OptionsRTRALTTest02",
1596  DecodeIPV4OptionsRTRALTTest02);
1597  UtRegisterTest("IPV4CalculateValidChecksumtest01",
1598  IPV4CalculateValidChecksumtest01);
1599  UtRegisterTest("IPV4CalculateInvalidChecksumtest02",
1600  IPV4CalculateInvalidChecksumtest02);
1601  UtRegisterTest("DecodeIPV4DefragTest01", DecodeIPV4DefragTest01);
1602  UtRegisterTest("DecodeIPV4DefragTest02", DecodeIPV4DefragTest02);
1603  UtRegisterTest("DecodeIPV4DefragTest03", DecodeIPV4DefragTest03);
1604  UtRegisterTest("DecodeEthernetTestIPv4Opt", DecodeEthernetTestIPv4Opt);
1605 #endif /* UNITTESTS */
1606 }
1607 /**
1608  * @}
1609  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1188
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1129
IPV4Options_::o_sid
IPV4Opt o_sid
Definition: decode-ipv4.c:283
Packet_::proto
uint8_t proto
Definition: decode.h:523
IPV4_GET_RAW_IPID
#define IPV4_GET_RAW_IPID(ip4h)
Definition: decode-ipv4.h:99
IPV4Options_::o_qs
IPV4Opt o_qs
Definition: decode-ipv4.c:277
IPV4_OPT_FLAG_NOP
#define IPV4_OPT_FLAG_NOP
Definition: decode-ipv4.h:117
len
uint8_t len
Definition: app-layer-dnp3.h:2
DECODE_TUNNEL_IPV6
@ DECODE_TUNNEL_IPV6
Definition: decode.h:1108
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
IPV4_OPT_QS_MIN
#define IPV4_OPT_QS_MIN
Definition: decode-ipv4.h:53
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
DecodeUDP
int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-udp.c:75
IPV4_GET_RAW_IPPROTO
#define IPV4_GET_RAW_IPPROTO(ip4h)
Definition: decode-ipv4.h:103
IPV4_OPT_TS_MIN
#define IPV4_OPT_TS_MIN
Definition: decode-ipv4.h:54
PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:377
IPV4_GET_RAW_FLAG_DF
#define IPV4_GET_RAW_FLAG_DF(ip4h)
Definition: decode-ipv4.h:113
IPV4_GET_RAW_FLAG_MF
#define IPV4_GET_RAW_FLAG_MF(ip4h)
Definition: decode-ipv4.h:112
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DecodeESP
int DecodeESP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Function to decode IPSEC-ESP packets.
Definition: decode-esp.c:64
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:279
IPV4_OPT_FLAG_SSRR
#define IPV4_OPT_FLAG_SSRR
Definition: decode-ipv4.h:122
PKT_SRC_DECODER_IPV4
@ PKT_SRC_DECODER_IPV4
Definition: decode.h:54
IPV4Options_::o_ts
IPV4Opt o_ts
Definition: decode-ipv4.c:278
Packet_::flags
uint32_t flags
Definition: decode.h:544
PacketRecycle
void PacketRecycle(Packet *p)
Definition: packet.c:151
IPV4_OPT_SEC
#define IPV4_OPT_SEC
Definition: decode-ipv4.h:38
IPV4_OPT_CIPSO_MIN
#define IPV4_OPT_CIPSO_MIN
Definition: decode-ipv4.h:55
IPV4_OPT_FLAG_TS
#define IPV4_OPT_FLAG_TS
Definition: decode-ipv4.h:119
IPV4_OPT_LSRR
#define IPV4_OPT_LSRR
Definition: decode-ipv4.h:39
PKT_WANTS_FLOW
#define PKT_WANTS_FLOW
Definition: decode.h:1298
IPV4Options_::o_sec
IPV4Opt o_sec
Definition: decode-ipv4.c:279
IPV4_OPT_DUPLICATE
@ IPV4_OPT_DUPLICATE
Definition: decode-events.h:45
IPV4Options_::o_rr
IPV4Opt o_rr
Definition: decode-ipv4.c:276
IPV4_GET_RAW_IPOFFSET
#define IPV4_GET_RAW_IPOFFSET(ip4h)
Definition: decode-ipv4.h:100
IPV4_OPT_FLAG_SEC
#define IPV4_OPT_FLAG_SEC
Definition: decode-ipv4.h:124
IPPROTO_GRE
#define IPPROTO_GRE
Definition: decode-gre.h:30
IP_GET_RAW_VER
#define IP_GET_RAW_VER(pkt)
Definition: decode.h:232
IPV4_OPT_NOP
#define IPV4_OPT_NOP
Definition: decode-ipv4.h:34
IPV4_OPT_FLAG_QS
#define IPV4_OPT_FLAG_QS
Definition: decode-ipv4.h:120
IPV4_OPT_SID_LEN
#define IPV4_OPT_SID_LEN
Definition: decode-ipv4.h:47
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
IPV4Opt_::len
uint8_t len
Definition: decode-ipv4.h:67
IPV4_OPT_QS
#define IPV4_OPT_QS
Definition: decode-ipv4.h:36
IPV4_OPT_FLAG_ESEC
#define IPV4_OPT_FLAG_ESEC
Definition: decode-ipv4.h:127
DecodeSCTP
int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-sctp.c:62
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
IPV4_PKT_TOO_SMALL
@ IPV4_PKT_TOO_SMALL
Definition: decode-events.h:34
tag
uint32_t tag
Definition: decode-vntag.h:0
IPV4_OPT_FLAG_LSRR
#define IPV4_OPT_FLAG_LSRR
Definition: decode-ipv4.h:121
PKT_SET_SRC
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1327
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
IPV4Vars_::opt_cnt
uint16_t opt_cnt
Definition: decode-ipv4.h:131
decode.h
IPV4_OPT_EOL
#define IPV4_OPT_EOL
Definition: decode-ipv4.h:33
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:199
IPV4_WRONG_IP_VER
@ IPV4_WRONG_IP_VER
Definition: decode-events.h:47
IPV4_OPT_EOL_REQUIRED
@ IPV4_OPT_EOL_REQUIRED
Definition: decode-events.h:44
IPV4_GET_RAW_FRAGOFFSET
#define IPV4_GET_RAW_FRAGOFFSET(ip4h)
Definition: decode-ipv4.h:101
PacketDequeueNoLock
Packet * PacketDequeueNoLock(PacketQueueNoLock *qnl)
Definition: packet-queue.c:208
PKT_IS_FRAGMENT
#define PKT_IS_FRAGMENT
Definition: decode.h:1292
IPV4_OPT_ROUTE_MIN
#define IPV4_OPT_ROUTE_MIN
Definition: decode-ipv4.h:52
util-print.h
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:209
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
DecodeThreadVars_::counter_ipv6inipv4
uint16_t counter_ipv6inipv4
Definition: decode.h:1012
IPV4_GET_RAW_HLEN
#define IPV4_GET_RAW_HLEN(ip4h)
Definition: decode-ipv4.h:96
IPV4_WITH_ICMPV6
@ IPV4_WITH_ICMPV6
Definition: decode-events.h:48
DecodeGRE
int DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Function to decode GRE packets.
Definition: decode-gre.c:47
IPV4_OPT_RR
#define IPV4_OPT_RR
Definition: decode-ipv4.h:35
IPV4_OPT_FLAG_CIPSO
#define IPV4_OPT_FLAG_CIPSO
Definition: decode-ipv4.h:125
SET_IPV4_SRC_ADDR
#define SET_IPV4_SRC_ADDR(ip4h, a)
Definition: decode.h:140
IPV4_OPT_ESEC
#define IPV4_OPT_ESEC
Definition: decode-ipv4.h:40
IPV4_OPT_FLAG_RTRALT
#define IPV4_OPT_FLAG_RTRALT
Definition: decode-ipv4.h:126
IPV4_OPT_RTRALT_LEN
#define IPV4_OPT_RTRALT_LEN
Definition: decode-ipv4.h:48
IPV4Options_::o_cipso
IPV4Opt o_cipso
Definition: decode-ipv4.c:282
Packet_
Definition: decode.h:501
IPV4_HLEN_TOO_SMALL
@ IPV4_HLEN_TOO_SMALL
Definition: decode-events.h:35
DECODE_TUNNEL_IPV4
@ DECODE_TUNNEL_IPV4
Definition: decode.h:1107
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:208
IPV4_OPT_FLAG_RR
#define IPV4_OPT_FLAG_RR
Definition: decode-ipv4.h:118
ETHERNET_HEADER_LEN
#define ETHERNET_HEADER_LEN
Definition: decode-ethernet.h:27
PacketL3::ip4
IPV4Vars ip4
Definition: decode.h:445
IPV4_OPT_RTRALT
#define IPV4_OPT_RTRALT
Definition: decode-ipv4.h:44
PacketL3::vars
union PacketL3::@31 vars
IPV4_IPLEN_SMALLER_THAN_HLEN
@ IPV4_IPLEN_SMALLER_THAN_HLEN
Definition: decode-events.h:36
defrag.h
IPV4Opt_::data
const uint8_t * data
Definition: decode-ipv4.h:68
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
IPV4_OPT_TS
#define IPV4_OPT_TS
Definition: decode-ipv4.h:37
DecodeTCP
int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-tcp.c:273
IPV4Hdr_
Definition: decode-ipv4.h:72
decode-ipv4.h
IPV4_OPT_CIPSO
#define IPV4_OPT_CIPSO
Definition: decode-ipv4.h:41
PacketEnqueueNoLock
void PacketEnqueueNoLock(PacketQueueNoLock *qnl, Packet *p)
Definition: packet-queue.c:168
IPPROTO_IPIP
#define IPPROTO_IPIP
Definition: decode.h:1214
IPV4Options_
Definition: decode-ipv4.c:275
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:198
suricata-common.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:691
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
packet.h
IPV4Opt_::type
uint8_t type
Definition: decode-ipv4.h:66
IPV4Options
struct IPV4Options_ IPV4Options
IPV4_OPT_PAD_REQUIRED
@ IPV4_OPT_PAD_REQUIRED
Definition: decode-events.h:43
IPV4_OPT_INVALID_LEN
@ IPV4_OPT_INVALID_LEN
Definition: decode-events.h:41
IPV4_GET_RAW_FLAG_RF
#define IPV4_GET_RAW_FLAG_RF(ip4h)
Definition: decode-ipv4.h:114
IPV4Options_::o_rtralt
IPV4Opt o_rtralt
Definition: decode-ipv4.c:285
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
IPV4_TRUNC_PKT
@ IPV4_TRUNC_PKT
Definition: decode-events.h:37
PKT_PPP_VJ_UCOMP
#define PKT_PPP_VJ_UCOMP
Definition: decode.h:1251
DecodeThreadVars_::counter_ipv4
uint16_t counter_ipv4
Definition: decode.h:979
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:258
Packet_::flow_hash
uint32_t flow_hash
Definition: decode.h:550
Packet_::l3
struct PacketL3 l3
Definition: decode.h:600
IPV4_OPT_MALFORMED
@ IPV4_OPT_MALFORMED
Definition: decode-events.h:42
IPV4_OPT_SEC_MIN
#define IPV4_OPT_SEC_MIN
Definition: decode-ipv4.h:51
SCFree
#define SCFree(p)
Definition: util-mem.h:61
IPV4_OPT_SSRR
#define IPV4_OPT_SSRR
Definition: decode-ipv4.h:43
IPV4_OPT_FLAG_EOL
#define IPV4_OPT_FLAG_EOL
Definition: decode-ipv4.h:116
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:963
Packet_::recursion_level
uint8_t recursion_level
Definition: decode.h:526
IPV4Options_::o_lsrr
IPV4Opt o_lsrr
Definition: decode-ipv4.c:280
IPV4_OPT_INVALID
@ IPV4_OPT_INVALID
Definition: decode-events.h:40
ThreadVars_::decode_pq
PacketQueueNoLock decode_pq
Definition: threadvars.h:112
IPV4_OPT_FLAG_SID
#define IPV4_OPT_FLAG_SID
Definition: decode-ipv4.h:123
DecodeIPV4RegisterTests
void DecodeIPV4RegisterTests(void)
Definition: decode-ipv4.c:1561
Packet_::dst
Address dst
Definition: decode.h:506
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1196
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
IPV4_OPT_UNKNOWN
@ IPV4_OPT_UNKNOWN
Definition: decode-events.h:46
IPV4Vars_::opts_set
uint16_t opts_set
Definition: decode-ipv4.h:132
IPV4_GET_RAW_IPLEN
#define IPV4_GET_RAW_IPLEN(ip4h)
Definition: decode-ipv4.h:98
IPPROTO_SCTP
#define IPPROTO_SCTP
Definition: decode.h:1230
DecodeThreadVars_::counter_ipv4inipv4
uint16_t counter_ipv4inipv4
Definition: decode.h:1011
PacketTunnelPktSetup
Packet * PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
Setup a pseudo packet (tunnel)
Definition: decode.c:393
Defrag
Packet * Defrag(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Entry point for IPv4 and IPv6 fragments.
Definition: defrag.c:1063
flow.h
SET_IPV4_DST_ADDR
#define SET_IPV4_DST_ADDR(ip4h, a)
Definition: decode.h:149
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:515
IPV4_OPT_SID
#define IPV4_OPT_SID
Definition: decode-ipv4.h:42
IPV4Opt_
Definition: decode-ipv4.h:61
SCLogDebugEnabled
int SCLogDebugEnabled(void)
Returns whether debug messages are enabled to be logged or not.
Definition: util-debug.c:767
DecodeEthernet
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-ethernet.c:42
FlowSetupPacket
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow look...
Definition: flow-hash.c:533
Packet_::src
Address src
Definition: decode.h:505
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1293
IPV4Options_::o_ssrr
IPV4Opt o_ssrr
Definition: decode-ipv4.c:284
DefragInit
void DefragInit(void)
Definition: defrag.c:1109
DecodeICMPV4
int DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main ICMPv4 decoding function.
Definition: decode-icmpv4.c:143
IPV4Options_::o_esec
IPV4Opt o_esec
Definition: decode-ipv4.c:281