suricata
decode-template.c
Go to the documentation of this file.
1 /* Copyright (C) 2015-2018 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author XXX Your Name <your@email.com>
29  *
30  * Decodes XXX describe the protocol
31  */
32 
33 #include "suricata-common.h"
34 #include "suricata.h"
35 #include "decode.h"
36 #include "decode-events.h"
37 #include "decode-template.h"
38 
39 /**
40  * \brief Function to decode TEMPLATE packets
41  * \param tv thread vars
42  * \param dtv decoder thread vars
43  * \param p packet
44  * \param pkt raw packet data
45  * \param len length in bytes of pkt array
46  * \retval TM_ECODE_OK or TM_ECODE_FAILED on serious error
47  */
48 
49 int DecodeTEMPLATE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
50  const uint8_t *pkt, uint32_t len, PacketQueue *pq)
51 {
52  /* TODO add counter for your type of packet to DecodeThreadVars,
53  * and register it in DecodeRegisterPerfCounters */
54  //StatsIncr(tv, dtv->counter_template);
55 
56  /* Validation: make sure that the input data is big enough to hold
57  * the header */
58  if (len < sizeof(TemplateHdr)) {
59  /* in case of errors, we set events. Events are defined in
60  * decode-events.h, and are then exposed to the detection
61  * engine through detect-engine-events.h */
62  //ENGINE_SET_EVENT(p,TEMPLATE_HEADER_TOO_SMALL);
63  return TM_ECODE_FAILED;
64  }
65 
66  /* Now we can access the header */
67  const TemplateHdr *hdr = (const TemplateHdr *)pkt;
68 
69  /* lets assume we have UDP encapsulated */
70  if (hdr->proto == 17) {
71  /* we need to pass on the pkt and it's length minus the current
72  * header */
73  size_t hdr_len = sizeof(TemplateHdr);
74 
75  /* in this example it's clear that hdr_len can't be bigger than
76  * 'len', but in more complex cases checking that we can't underflow
77  * len is very important
78  if (hdr_len >= len) {
79  ENGINE_SET_EVENT(p,TEMPLATE_MALFORMED_HDRLEN);
80  return TM_ECODE_FAILED;
81  }
82  */
83 
84  /* invoke the next decoder on the remainder of the data */
85  return DecodeUDP(tv, dtv, p, (uint8_t *)pkt + hdr_len, len - hdr_len, pq);
86  } else {
87  //ENGINE_SET_EVENT(p,TEMPLATE_UNSUPPORTED_PROTOCOL);
88  return TM_ECODE_FAILED;
89  }
90 
91  return TM_ECODE_OK;
92 }
93 
94 /**
95  * @}
96  */
DecodeUDP
int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
Definition: decode-udp.c:73
PacketQueue_
Definition: decode.h:620
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:632
Packet_
Definition: decode.h:405
len
uint8_t len
Definition: app-layer-dnp3.h:2620
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
DecodeTEMPLATE
int DecodeTEMPLATE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
Function to decode TEMPLATE packets.
Definition: decode-template.c:49