suricata
decode-tcp.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  *
30  * Decode TCP
31  */
32 
33 #include "suricata-common.h"
34 #include "decode-tcp.h"
35 #include "decode.h"
36 #include "decode-events.h"
37 #include "util-unittest.h"
38 #include "util-debug.h"
39 #include "util-optimize.h"
40 #include "flow.h"
41 
42 #define SET_OPTS(dst, src) \
43  (dst).type = (src).type; \
44  (dst).len = (src).len; \
45  (dst).data = (src).data
46 
47 static void DecodeTCPOptions(Packet *p, const uint8_t *pkt, uint16_t pktlen)
48 {
49  uint8_t tcp_opt_cnt = 0;
50  TCPOpt tcp_opts[TCP_OPTMAX];
51 
52  uint16_t plen = pktlen;
53  while (plen)
54  {
55  const uint8_t type = *pkt;
56 
57  /* single byte options */
58  if (type == TCP_OPT_EOL) {
59  break;
60  } else if (type == TCP_OPT_NOP) {
61  pkt++;
62  plen--;
63 
64  /* multibyte options */
65  } else {
66  if (plen < 2) {
67  break;
68  }
69 
70  const uint8_t olen = *(pkt+1);
71 
72  /* we already know that the total options len is valid,
73  * so here the len of the specific option must be bad.
74  * Also check for invalid lengths 0 and 1. */
75  if (unlikely(olen > plen || olen < 2)) {
76  ENGINE_SET_INVALID_EVENT(p, TCP_OPT_INVALID_LEN);
77  return;
78  }
79 
80  tcp_opts[tcp_opt_cnt].type = type;
81  tcp_opts[tcp_opt_cnt].len = olen;
82  tcp_opts[tcp_opt_cnt].data = (olen > 2) ? (pkt+2) : NULL;
83 
84  /* we are parsing the most commonly used opts to prevent
85  * us from having to walk the opts list for these all the
86  * time. */
87  switch (type) {
88  case TCP_OPT_WS:
89  if (olen != TCP_OPT_WS_LEN) {
90  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
91  } else {
92  if (p->tcpvars.ws.type != 0) {
93  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
94  } else {
95  SET_OPTS(p->tcpvars.ws, tcp_opts[tcp_opt_cnt]);
96  }
97  }
98  break;
99  case TCP_OPT_MSS:
100  if (olen != TCP_OPT_MSS_LEN) {
101  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
102  } else {
103  if (p->tcpvars.mss.type != 0) {
104  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
105  } else {
106  SET_OPTS(p->tcpvars.mss, tcp_opts[tcp_opt_cnt]);
107  }
108  }
109  break;
110  case TCP_OPT_SACKOK:
111  if (olen != TCP_OPT_SACKOK_LEN) {
112  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
113  } else {
114  if (p->tcpvars.sackok.type != 0) {
115  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
116  } else {
117  SET_OPTS(p->tcpvars.sackok, tcp_opts[tcp_opt_cnt]);
118  }
119  }
120  break;
121  case TCP_OPT_TS:
122  if (olen != TCP_OPT_TS_LEN) {
123  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
124  } else {
125  if (p->tcpvars.ts_set) {
126  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
127  } else {
128  uint32_t values[2];
129  memcpy(&values, tcp_opts[tcp_opt_cnt].data, sizeof(values));
130  p->tcpvars.ts_val = SCNtohl(values[0]);
131  p->tcpvars.ts_ecr = SCNtohl(values[1]);
132  p->tcpvars.ts_set = true;
133  }
134  }
135  break;
136  case TCP_OPT_SACK:
137  SCLogDebug("SACK option, len %u", olen);
138  if ((olen != 2) &&
139  (olen < TCP_OPT_SACK_MIN_LEN ||
140  olen > TCP_OPT_SACK_MAX_LEN ||
141  !((olen - 2) % 8 == 0)))
142  {
143  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
144  } else {
145  if (p->tcpvars.sack.type != 0) {
146  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
147  } else {
148  SET_OPTS(p->tcpvars.sack, tcp_opts[tcp_opt_cnt]);
149  }
150  }
151  break;
152  case TCP_OPT_TFO:
153  SCLogDebug("TFO option, len %u", olen);
154  if ((olen != 2) && (olen < TCP_OPT_TFO_MIN_LEN || olen > TCP_OPT_TFO_MAX_LEN ||
155  !(((olen - 2) & 0x1) == 0))) {
156  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
157  } else {
158  if (p->tcpvars.tfo.type != 0) {
159  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
160  } else {
161  SET_OPTS(p->tcpvars.tfo, tcp_opts[tcp_opt_cnt]);
162  }
163  }
164  break;
165  /* experimental options, could be TFO */
166  case TCP_OPT_EXP1:
167  case TCP_OPT_EXP2:
168  SCLogDebug("TCP EXP option, len %u", olen);
169  if (olen == 4 || olen == 12) {
170  uint16_t magic = SCNtohs(*(uint16_t *)tcp_opts[tcp_opt_cnt].data);
171  if (magic == 0xf989) {
172  if (p->tcpvars.tfo.type != 0) {
173  ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
174  } else {
175  SET_OPTS(p->tcpvars.tfo, tcp_opts[tcp_opt_cnt]);
176  p->tcpvars.tfo.type = TCP_OPT_TFO; // treat as regular TFO
177  }
178  }
179  } else {
180  ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
181  }
182  break;
183  /* RFC 2385 MD5 option */
184  case TCP_OPT_MD5:
185  SCLogDebug("MD5 option, len %u", olen);
186  if (olen != 18) {
187  ENGINE_SET_INVALID_EVENT(p,TCP_OPT_INVALID_LEN);
188  } else {
189  /* we can't validate the option as the key is out of band */
190  p->tcpvars.md5_option_present = true;
191  }
192  break;
193  /* RFC 5925 AO option */
194  case TCP_OPT_AO:
195  SCLogDebug("AU option, len %u", olen);
196  if (olen < 4) {
197  ENGINE_SET_INVALID_EVENT(p,TCP_OPT_INVALID_LEN);
198  } else {
199  /* we can't validate the option as the key is out of band */
200  p->tcpvars.ao_option_present = true;
201  }
202  break;
203  }
204 
205  pkt += olen;
206  plen -= olen;
207  tcp_opt_cnt++;
208  }
209  }
210 }
211 
212 static int DecodeTCPPacket(ThreadVars *tv, Packet *p, const uint8_t *pkt, uint16_t len)
213 {
214  if (unlikely(len < TCP_HEADER_LEN)) {
215  ENGINE_SET_INVALID_EVENT(p, TCP_PKT_TOO_SMALL);
216  return -1;
217  }
218 
219  p->tcph = (TCPHdr *)pkt;
220 
221  uint8_t hlen = TCP_GET_HLEN(p);
222  if (unlikely(len < hlen)) {
223  ENGINE_SET_INVALID_EVENT(p, TCP_HLEN_TOO_SMALL);
224  return -1;
225  }
226 
227  uint8_t tcp_opt_len = hlen - TCP_HEADER_LEN;
228  if (unlikely(tcp_opt_len > TCP_OPTLENMAX)) {
229  ENGINE_SET_INVALID_EVENT(p, TCP_INVALID_OPTLEN);
230  return -1;
231  }
232 
233  if (likely(tcp_opt_len > 0)) {
234  DecodeTCPOptions(p, pkt + TCP_HEADER_LEN, tcp_opt_len);
235  }
236 
237  SET_TCP_SRC_PORT(p,&p->sp);
238  SET_TCP_DST_PORT(p,&p->dp);
239 
240  p->proto = IPPROTO_TCP;
241 
242  p->payload = (uint8_t *)pkt + hlen;
243  p->payload_len = len - hlen;
244 
245  return 0;
246 }
247 
248 int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
249  const uint8_t *pkt, uint16_t len)
250 {
251  StatsIncr(tv, dtv->counter_tcp);
252 
253  if (unlikely(DecodeTCPPacket(tv, p, pkt,len) < 0)) {
254  SCLogDebug("invalid TCP packet");
255  CLEAR_TCP_PACKET(p);
256  return TM_ECODE_FAILED;
257  }
258 
259  /* update counters */
260  if ((p->tcph->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
261  StatsIncr(tv, dtv->counter_tcp_synack);
262  } else if (p->tcph->th_flags & (TH_SYN)) {
263  StatsIncr(tv, dtv->counter_tcp_syn);
264  }
265  if (p->tcph->th_flags & (TH_RST)) {
266  StatsIncr(tv, dtv->counter_tcp_rst);
267  }
268 #ifdef DEBUG
269  SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s%s",
270  GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_HLEN(p), len,
271  TCP_HAS_SACKOK(p) ? "SACKOK " : "", TCP_HAS_SACK(p) ? "SACK " : "",
272  TCP_HAS_WSCALE(p) ? "WS " : "", TCP_HAS_TS(p) ? "TS " : "",
273  TCP_HAS_MSS(p) ? "MSS " : "", TCP_HAS_TFO(p) ? "TFO " : "");
274 #endif
275 
276  FlowSetupPacket(p);
277 
278  return TM_ECODE_OK;
279 }
280 
281 #ifdef UNITTESTS
282 #include "util-unittest-helper.h"
283 #include "packet.h"
284 
285 static int TCPCalculateValidChecksumtest01(void)
286 {
287  uint16_t csum = 0;
288 
289  uint8_t raw_ipshdr[] = {
290  0x40, 0x8e, 0x7e, 0xb2, 0xc0, 0xa8, 0x01, 0x03};
291 
292  uint8_t raw_tcp[] = {
293  0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
294  0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
295  0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
296  0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
297  0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 02};
298 
299  csum = *( ((uint16_t *)raw_tcp) + 8);
300 
301  FAIL_IF(TCPChecksum((uint16_t *)raw_ipshdr,
302  (uint16_t *)raw_tcp, sizeof(raw_tcp), csum) != 0);
303  PASS;
304 }
305 
306 static int TCPCalculateInvalidChecksumtest02(void)
307 {
308  uint16_t csum = 0;
309 
310  uint8_t raw_ipshdr[] = {
311  0x40, 0x8e, 0x7e, 0xb2, 0xc0, 0xa8, 0x01, 0x03};
312 
313  uint8_t raw_tcp[] = {
314  0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
315  0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
316  0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
317  0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
318  0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 03};
319 
320  csum = *( ((uint16_t *)raw_tcp) + 8);
321 
322  FAIL_IF(TCPChecksum((uint16_t *) raw_ipshdr,
323  (uint16_t *)raw_tcp, sizeof(raw_tcp), csum) == 0);
324  PASS;
325 }
326 
327 static int TCPV6CalculateValidChecksumtest03(void)
328 {
329  uint16_t csum = 0;
330 
331  static uint8_t raw_ipv6[] = {
332  0x00, 0x60, 0x97, 0x07, 0x69, 0xea, 0x00, 0x00,
333  0x86, 0x05, 0x80, 0xda, 0x86, 0xdd, 0x60, 0x00,
334  0x00, 0x00, 0x00, 0x20, 0x06, 0x40, 0x3f, 0xfe,
335  0x05, 0x07, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00,
336  0x86, 0xff, 0xfe, 0x05, 0x80, 0xda, 0x3f, 0xfe,
337  0x05, 0x01, 0x04, 0x10, 0x00, 0x00, 0x02, 0xc0,
338  0xdf, 0xff, 0xfe, 0x47, 0x03, 0x3e, 0x03, 0xfe,
339  0x00, 0x16, 0xd6, 0x76, 0xf5, 0x2d, 0x0c, 0x7a,
340  0x08, 0x77, 0x80, 0x10, 0x21, 0x5c, 0xc2, 0xf1,
341  0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x00, 0x08,
342  0xca, 0x5a, 0x00, 0x01, 0x69, 0x27};
343 
344  csum = *( ((uint16_t *)(raw_ipv6 + 70)));
345 
346  FAIL_IF(TCPV6Checksum((uint16_t *)(raw_ipv6 + 14 + 8),
347  (uint16_t *)(raw_ipv6 + 54), 32, csum) != 0);
348  PASS;
349 }
350 
351 static int TCPV6CalculateInvalidChecksumtest04(void)
352 {
353  uint16_t csum = 0;
354 
355  static uint8_t raw_ipv6[] = {
356  0x00, 0x60, 0x97, 0x07, 0x69, 0xea, 0x00, 0x00,
357  0x86, 0x05, 0x80, 0xda, 0x86, 0xdd, 0x60, 0x00,
358  0x00, 0x00, 0x00, 0x20, 0x06, 0x40, 0x3f, 0xfe,
359  0x05, 0x07, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00,
360  0x86, 0xff, 0xfe, 0x05, 0x80, 0xda, 0x3f, 0xfe,
361  0x05, 0x01, 0x04, 0x10, 0x00, 0x00, 0x02, 0xc0,
362  0xdf, 0xff, 0xfe, 0x47, 0x03, 0x3e, 0x03, 0xfe,
363  0x00, 0x16, 0xd6, 0x76, 0xf5, 0x2d, 0x0c, 0x7a,
364  0x08, 0x77, 0x80, 0x10, 0x21, 0x5c, 0xc2, 0xf1,
365  0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x00, 0x08,
366  0xca, 0x5a, 0x00, 0x01, 0x69, 0x28};
367 
368  csum = *( ((uint16_t *)(raw_ipv6 + 70)));
369 
370  FAIL_IF(TCPV6Checksum((uint16_t *)(raw_ipv6 + 14 + 8),
371  (uint16_t *)(raw_ipv6 + 54), 32, csum) == 0);
372  PASS;
373 }
374 
375 /** \test Get the wscale of 2 */
376 static int TCPGetWscaleTest01(void)
377 {
378  int retval = 0;
379  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x58,
380  0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0xd0,
381  0x8a, 0xaf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
382  0x04, 0x02, 0x08, 0x0a, 0x00, 0x62, 0x88, 0x28,
383  0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x02};
384  Packet *p = PacketGetFromAlloc();
385  if (unlikely(p == NULL))
386  return 0;
387  IPV4Hdr ip4h;
388  ThreadVars tv;
389  DecodeThreadVars dtv;
390 
391  memset(&tv, 0, sizeof(ThreadVars));
392  memset(&dtv, 0, sizeof(DecodeThreadVars));
393  memset(&ip4h, 0, sizeof(IPV4Hdr));
394 
395  p->src.family = AF_INET;
396  p->dst.family = AF_INET;
397  p->ip4h = &ip4h;
398 
399 
400  FlowInitConfig(FLOW_QUIET);
401  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp));
402 
403  if (p->tcph == NULL) {
404  printf("tcp packet decode failed: ");
405  goto end;
406  }
407 
408  uint8_t wscale = TCP_GET_WSCALE(p);
409  if (wscale != 2) {
410  printf("wscale %"PRIu8", expected 2: ", wscale);
411  goto end;
412  }
413 
414  retval = 1;
415 end:
416  PacketRecycle(p);
417  FlowShutdown();
418  SCFree(p);
419  return retval;
420 }
421 
422 /** \test Get the wscale of 15, so see if return 0 properly */
423 static int TCPGetWscaleTest02(void)
424 {
425  int retval = 0;
426  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x58,
427  0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0xd0,
428  0x8a, 0xaf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
429  0x04, 0x02, 0x08, 0x0a, 0x00, 0x62, 0x88, 0x28,
430  0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x0f};
431  Packet *p = PacketGetFromAlloc();
432  if (unlikely(p == NULL))
433  return 0;
434  IPV4Hdr ip4h;
435  ThreadVars tv;
436  DecodeThreadVars dtv;
437 
438  memset(&tv, 0, sizeof(ThreadVars));
439  memset(&dtv, 0, sizeof(DecodeThreadVars));
440  memset(&ip4h, 0, sizeof(IPV4Hdr));
441 
442  p->src.family = AF_INET;
443  p->dst.family = AF_INET;
444  p->ip4h = &ip4h;
445 
446  FlowInitConfig(FLOW_QUIET);
447  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp));
448 
449  if (p->tcph == NULL) {
450  printf("tcp packet decode failed: ");
451  goto end;
452  }
453 
454  uint8_t wscale = TCP_GET_WSCALE(p);
455  if (wscale != 0) {
456  printf("wscale %"PRIu8", expected 0: ", wscale);
457  goto end;
458  }
459 
460  retval = 1;
461 end:
462  PacketRecycle(p);
463  FlowShutdown();
464  SCFree(p);
465  return retval;
466 }
467 
468 /** \test Get the wscale, but it's missing, so see if return 0 properly */
469 static int TCPGetWscaleTest03(void)
470 {
471  int retval = 0;
472  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x59,
473  0xdd, 0xa3, 0x6f, 0xf8, 0x80, 0x10, 0x05, 0xb4,
474  0x7c, 0x70, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a,
475  0x00, 0x62, 0x88, 0x9e, 0x00, 0x00, 0x00, 0x00};
476  Packet *p = PacketGetFromAlloc();
477  if (unlikely(p == NULL))
478  return 0;
479  IPV4Hdr ip4h;
480  ThreadVars tv;
481  DecodeThreadVars dtv;
482 
483  memset(&tv, 0, sizeof(ThreadVars));
484  memset(&dtv, 0, sizeof(DecodeThreadVars));
485  memset(&ip4h, 0, sizeof(IPV4Hdr));
486 
487  p->src.family = AF_INET;
488  p->dst.family = AF_INET;
489  p->ip4h = &ip4h;
490 
491  FlowInitConfig(FLOW_QUIET);
492  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp));
493 
494  if (p->tcph == NULL) {
495  printf("tcp packet decode failed: ");
496  goto end;
497  }
498 
499  uint8_t wscale = TCP_GET_WSCALE(p);
500  if (wscale != 0) {
501  printf("wscale %"PRIu8", expected 0: ", wscale);
502  goto end;
503  }
504 
505  retval = 1;
506 end:
507  PacketRecycle(p);
508  FlowShutdown();
509  SCFree(p);
510  return retval;
511 }
512 
513 static int TCPGetSackTest01(void)
514 {
515  int retval = 0;
516  static uint8_t raw_tcp[] = {
517  0x00, 0x50, 0x06, 0xa6, 0xfa, 0x87, 0x0b, 0xf5,
518  0xf1, 0x59, 0x02, 0xe0, 0xa0, 0x10, 0x3e, 0xbc,
519  0x1d, 0xe7, 0x00, 0x00, 0x01, 0x01, 0x05, 0x12,
520  0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64,
521  0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 };
522  static uint8_t raw_tcp_sack[] = {
523  0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64,
524  0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 };
525  Packet *p = PacketGetFromAlloc();
526  if (unlikely(p == NULL))
527  return 0;
528  IPV4Hdr ip4h;
529  ThreadVars tv;
530  DecodeThreadVars dtv;
531 
532  memset(&tv, 0, sizeof(ThreadVars));
533  memset(&dtv, 0, sizeof(DecodeThreadVars));
534  memset(&ip4h, 0, sizeof(IPV4Hdr));
535 
536  p->src.family = AF_INET;
537  p->dst.family = AF_INET;
538  p->ip4h = &ip4h;
539 
540  FlowInitConfig(FLOW_QUIET);
541  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp));
542 
543  if (p->tcph == NULL) {
544  printf("tcp packet decode failed: ");
545  goto end;
546  }
547 
548  if (!TCP_HAS_SACK(p)) {
549  printf("tcp packet sack not decoded: ");
550  goto end;
551  }
552 
553  int sack = TCP_GET_SACK_CNT(p);
554  if (sack != 2) {
555  printf("expected 2 sack records, got %u: ", TCP_GET_SACK_CNT(p));
556  goto end;
557  }
558 
559  const uint8_t *sackptr = TCP_GET_SACK_PTR(p);
560  if (sackptr == NULL) {
561  printf("no sack data: ");
562  goto end;
563  }
564 
565  if (memcmp(sackptr, raw_tcp_sack, 16) != 0) {
566  printf("malformed sack data: ");
567  goto end;
568  }
569 
570  retval = 1;
571 end:
572  PacketRecycle(p);
573  FlowShutdown();
574  SCFree(p);
575  return retval;
576 }
577 #endif /* UNITTESTS */
578 
579 void DecodeTCPRegisterTests(void)
580 {
581 #ifdef UNITTESTS
582  UtRegisterTest("TCPCalculateValidChecksumtest01",
583  TCPCalculateValidChecksumtest01);
584  UtRegisterTest("TCPCalculateInvalidChecksumtest02",
585  TCPCalculateInvalidChecksumtest02);
586  UtRegisterTest("TCPV6CalculateValidChecksumtest03",
587  TCPV6CalculateValidChecksumtest03);
588  UtRegisterTest("TCPV6CalculateInvalidChecksumtest04",
589  TCPV6CalculateInvalidChecksumtest04);
590  UtRegisterTest("TCPGetWscaleTest01", TCPGetWscaleTest01);
591  UtRegisterTest("TCPGetWscaleTest02", TCPGetWscaleTest02);
592  UtRegisterTest("TCPGetWscaleTest03", TCPGetWscaleTest03);
593  UtRegisterTest("TCPGetSackTest01", TCPGetSackTest01);
594 #endif /* UNITTESTS */
595 }
596 /**
597  * @}
598  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:884
decode-tcp.h
Packet_::proto
uint8_t proto
Definition: decode.h:452
len
uint8_t len
Definition: app-layer-dnp3.h:2
TCPOpt_
Definition: decode-tcp.h:130
TCP_OPT_WS_LEN
#define TCP_OPT_WS_LEN
Definition: decode-tcp.h:60
TCP_OPT_MD5
#define TCP_OPT_MD5
Definition: decode-tcp.h:56
GET_TCP_DST_PORT
#define GET_TCP_DST_PORT(p)
Definition: decode.h:217
TCP_OPT_SACKOK
#define TCP_OPT_SACKOK
Definition: decode-tcp.h:50
TCPVars_::sackok
TCPOpt sackok
Definition: decode-tcp.h:164
GET_TCP_SRC_PORT
#define GET_TCP_SRC_PORT(p)
Definition: decode.h:216
TCPVars_::ts_set
bool ts_set
Definition: decode-tcp.h:159
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:167
TCP_HAS_TFO
#define TCP_HAS_TFO(p)
Definition: decode-tcp.h:97
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
TCP_PKT_TOO_SMALL
@ TCP_PKT_TOO_SMALL
Definition: decode-events.h:94
TCP_HEADER_LEN
#define TCP_HEADER_LEN
Definition: decode-tcp.h:28
Packet_::payload
uint8_t * payload
Definition: decode.h:577
PacketRecycle
void PacketRecycle(Packet *p)
Definition: packet.c:168
TH_RST
#define TH_RST
Definition: decode-tcp.h:36
TCP_OPT_SACKOK_LEN
#define TCP_OPT_SACKOK_LEN
Definition: decode-tcp.h:59
DecodeThreadVars_::counter_tcp_synack
uint16_t counter_tcp_synack
Definition: decode.h:688
TCP_OPT_DUPLICATE
@ TCP_OPT_DUPLICATE
Definition: decode-events.h:100
TCP_OPT_EXP2
#define TCP_OPT_EXP2
Definition: decode-tcp.h:55
TCP_HAS_MSS
#define TCP_HAS_MSS(p)
Definition: decode-tcp.h:96
Packet_::tcpvars
TCPVars tcpvars
Definition: decode.h:549
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
TCPVars_::md5_option_present
bool md5_option_present
Definition: decode-tcp.h:157
Packet_::payload_len
uint16_t payload_len
Definition: decode.h:578
TCP_OPT_EOL
#define TCP_OPT_EOL
Definition: decode-tcp.h:46
TCPOpt_::data
const uint8_t * data
Definition: decode-tcp.h:133
util-unittest.h
util-unittest-helper.h
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
TCP_GET_WSCALE
#define TCP_GET_WSCALE(p)
Definition: decode-tcp.h:100
TCPVars_::tfo
TCPOpt tfo
Definition: decode-tcp.h:167
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:549
decode.h
TCPVars_::ts_ecr
uint32_t ts_ecr
Definition: decode-tcp.h:161
TCPOpt_::type
uint8_t type
Definition: decode-tcp.h:131
util-debug.h
type
uint8_t type
Definition: decode-icmpv4.h:0
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
TCP_OPT_MSS
#define TCP_OPT_MSS
Definition: decode-tcp.h:48
TCP_OPT_WS
#define TCP_OPT_WS
Definition: decode-tcp.h:49
SET_TCP_SRC_PORT
#define SET_TCP_SRC_PORT(pkt, prt)
Definition: decode.h:179
DecodeThreadVars_::counter_tcp_rst
uint16_t counter_tcp_rst
Definition: decode.h:689
TCP_OPT_SACK_MAX_LEN
#define TCP_OPT_SACK_MAX_LEN
Definition: decode-tcp.h:64
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
Packet_::sp
Port sp
Definition: decode.h:437
TH_ACK
#define TH_ACK
Definition: decode-tcp.h:38
TCPVars_::mss
TCPOpt mss
Definition: decode-tcp.h:166
TCP_OPT_INVALID_LEN
@ TCP_OPT_INVALID_LEN
Definition: decode-events.h:99
Packet_
Definition: decode.h:430
TCP_GET_SACK_CNT
#define TCP_GET_SACK_CNT(p)
Definition: decode-tcp.h:106
TCP_OPT_SACK_MIN_LEN
#define TCP_OPT_SACK_MIN_LEN
Definition: decode-tcp.h:63
TCP_INVALID_OPTLEN
@ TCP_INVALID_OPTLEN
Definition: decode-events.h:96
TCP_HAS_SACK
#define TCP_HAS_SACK(p)
Definition: decode-tcp.h:93
TCP_OPT_NOP
#define TCP_OPT_NOP
Definition: decode-tcp.h:47
Packet_::ip4h
IPV4Hdr * ip4h
Definition: decode.h:535
TCP_HAS_TS
#define TCP_HAS_TS(p)
Definition: decode-tcp.h:95
TCPOpt_::len
uint8_t len
Definition: decode-tcp.h:132
DecodeTCPRegisterTests
void DecodeTCPRegisterTests(void)
Definition: decode-tcp.c:579
DecodeThreadVars_::counter_tcp
uint16_t counter_tcp
Definition: decode.h:686
decode-events.h
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
DecodeTCP
int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-tcp.c:248
IPV4Hdr_
Definition: decode-ipv4.h:72
TCP_OPT_EXP1
#define TCP_OPT_EXP1
Definition: decode-tcp.h:54
TCPVars_::ts_val
uint32_t ts_val
Definition: decode-tcp.h:160
TCPVars_::ws
TCPOpt ws
Definition: decode-tcp.h:165
TCP_HAS_SACKOK
#define TCP_HAS_SACKOK(p)
Definition: decode-tcp.h:94
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
TH_SYN
#define TH_SYN
Definition: decode-tcp.h:35
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:409
suricata-common.h
Packet_::tcph
TCPHdr * tcph
Definition: decode.h:557
TCP_OPTMAX
#define TCP_OPTMAX
Definition: decode-tcp.h:30
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:697
packet.h
TCPVars_::ao_option_present
bool ao_option_present
Definition: decode-tcp.h:158
CLEAR_TCP_PACKET
#define CLEAR_TCP_PACKET(p)
Definition: decode-tcp.h:170
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
TCP_OPT_SACK
#define TCP_OPT_SACK
Definition: decode-tcp.h:51
util-optimize.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:173
TCP_GET_SACK_PTR
#define TCP_GET_SACK_PTR(p)
Definition: decode-tcp.h:105
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SCNtohl
#define SCNtohl(x)
Definition: suricata-common.h:408
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:668
TCP_OPTLENMAX
#define TCP_OPTLENMAX
Definition: decode-tcp.h:29
SET_OPTS
#define SET_OPTS(dst, src)
Definition: decode-tcp.c:42
TCP_GET_HLEN
#define TCP_GET_HLEN(p)
Definition: decode-tcp.h:111
Address_::family
char family
Definition: decode.h:116
Packet_::dst
Address dst
Definition: decode.h:435
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:892
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:41
TCP_HAS_WSCALE
#define TCP_HAS_WSCALE(p)
Definition: decode-tcp.h:92
TCP_HLEN_TOO_SMALL
@ TCP_HLEN_TOO_SMALL
Definition: decode-events.h:95
TCP_OPT_AO
#define TCP_OPT_AO
Definition: decode-tcp.h:57
likely
#define likely(expr)
Definition: util-optimize.h:32
TCP_OPT_MSS_LEN
#define TCP_OPT_MSS_LEN
Definition: decode-tcp.h:62
DecodeThreadVars_::counter_tcp_syn
uint16_t counter_tcp_syn
Definition: decode.h:687
TCPVars_::sack
TCPOpt sack
Definition: decode-tcp.h:163
TCP_OPT_TFO_MAX_LEN
#define TCP_OPT_TFO_MAX_LEN
Definition: decode-tcp.h:66
flow.h
Packet_::dp
Port dp
Definition: decode.h:445
TCP_OPT_TS_LEN
#define TCP_OPT_TS_LEN
Definition: decode-tcp.h:61
SET_TCP_DST_PORT
#define SET_TCP_DST_PORT(pkt, prt)
Definition: decode.h:183
FlowSetupPacket
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow look...
Definition: flow-hash.c:520
Packet_::src
Address src
Definition: decode.h:434
TCP_OPT_TFO
#define TCP_OPT_TFO
Definition: decode-tcp.h:53
TCP_OPT_TS
#define TCP_OPT_TS
Definition: decode-tcp.h:52