#include "suricata-common.h"
#include "queue.h"
#include "suricata.h"
#include "threads.h"
#include "conf.h"
#include "decode-ipv6.h"
#include "util-hashlist.h"
#include "util-pool.h"
#include "util-time.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-fix_checksum.h"
#include "util-random.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "util-host-os-info.h"
#include "util-validate.h"
#include "defrag.h"
#include "defrag-hash.h"
#include "defrag-queue.h"
#include "defrag-config.h"
#include "tmqh-packetpool.h"
#include "decode.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "packet.h"

Include dependency graph for defrag.c:

Macros
#define	DEFAULT_DEFRAG_HASH_SIZE 0xffff

#define	DEFAULT_DEFRAG_POOL_SIZE 0xffff

#define	TIMEOUT_DEFAULT 60

#define	TIMEOUT_MAX (60 * 60 * 24)

#define	TIMEOUT_MIN 1

#define	IP_MF 0x2000

#define	D_1 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'

#define	D_2 'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'

#define	D_3 'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'

#define	D_3_1 'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'

#define	D_3_2 'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'

#define	D_3_3 'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'

#define	D_3_4 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'

#define	D_3_5 'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'

#define	D_3_6 'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'

#define	D_4 'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'

#define	D_5 'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'

#define	D_6 'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'

#define	D_7 'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'

#define	D_8 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'

#define	D_9 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'

#define	D_10 'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'

#define	D_11 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'

Enumerations
enum	defrag_policies { DEFRAG_POLICY_FIRST = 1, DEFRAG_POLICY_LAST, DEFRAG_POLICY_BSD, DEFRAG_POLICY_BSD_RIGHT, DEFRAG_POLICY_LINUX, DEFRAG_POLICY_WINDOWS, DEFRAG_POLICY_SOLARIS, DEFRAG_POLICY_DEFAULT = DEFRAG_POLICY_BSD }

Functions
	RB_GENERATE (IP_FRAGMENTS, Frag_, rb, DefragRbFragCompare)

void	DefragTrackerFreeFrags (DefragTracker *tracker)
	Free all frags associated with a tracker. More...

int	DefragRbFragCompare (struct Frag_ a, struct Frag_ b)

uint8_t	DefragGetOsPolicy (Packet *p)
	Get the defrag policy based on the destination address of the packet. More...

Packet *	Defrag (ThreadVars tv, DecodeThreadVars dtv, Packet *p)
	Entry point for IPv4 and IPv6 fragments. More...

void	DefragInit (void)

void	DefragDestroy (void)

void	DefragRegisterTests (void)

Detailed Description

Author: Endace Technology Limited, Jason Ish jason.nosp@m..ish.nosp@m.@enda.nosp@m.ce.c.nosp@m.om

Defragmentation module. References:

RFC 815
OpenBSD PF's IP normalization (pf_norm.c)

Todo:

pool for frag packet storage

policy bsd-right

profile hash function

log anomalies

Definition in file defrag.c.

Macro Definition Documentation

◆ D_1

#define D_1 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'

Definition at line 1868 of file defrag.c.

◆ D_10

#define D_10 'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'

Definition at line 1883 of file defrag.c.

◆ D_11

#define D_11 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'

Definition at line 1884 of file defrag.c.

◆ D_2

#define D_2 'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'

Definition at line 1869 of file defrag.c.

◆ D_3

#define D_3 'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'

Definition at line 1870 of file defrag.c.

◆ D_3_1

#define D_3_1 'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'

Definition at line 1871 of file defrag.c.

◆ D_3_2

#define D_3_2 'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'

Definition at line 1872 of file defrag.c.

◆ D_3_3

#define D_3_3 'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'

Definition at line 1873 of file defrag.c.

◆ D_3_4

#define D_3_4 'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'

Definition at line 1874 of file defrag.c.

◆ D_3_5

#define D_3_5 'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'

Definition at line 1875 of file defrag.c.

◆ D_3_6

#define D_3_6 'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'

Definition at line 1876 of file defrag.c.

◆ D_4

#define D_4 'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'

Definition at line 1877 of file defrag.c.

◆ D_5

#define D_5 'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'

Definition at line 1878 of file defrag.c.

◆ D_6

#define D_6 'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'

Definition at line 1879 of file defrag.c.

◆ D_7

#define D_7 'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'

Definition at line 1880 of file defrag.c.

◆ D_8

#define D_8 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'

Definition at line 1881 of file defrag.c.

◆ D_9

#define D_9 'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'

Definition at line 1882 of file defrag.c.

◆ DEFAULT_DEFRAG_HASH_SIZE

#define DEFAULT_DEFRAG_HASH_SIZE 0xffff

Definition at line 67 of file defrag.c.

◆ DEFAULT_DEFRAG_POOL_SIZE

#define DEFAULT_DEFRAG_POOL_SIZE 0xffff

Definition at line 68 of file defrag.c.

◆ IP_MF

#define IP_MF 0x2000

Definition at line 1132 of file defrag.c.

◆ TIMEOUT_DEFAULT

#define TIMEOUT_DEFAULT 60

Default timeout (in seconds) before a defragmentation tracker will be released.

Definition at line 74 of file defrag.c.

◆ TIMEOUT_MAX

#define TIMEOUT_MAX (60 * 60 * 24)

Maximum allowed timeout, 24 hours.

Definition at line 79 of file defrag.c.

◆ TIMEOUT_MIN

#define TIMEOUT_MIN 1

Minimum allowed timeout, 1 second.

Definition at line 84 of file defrag.c.

Enumeration Type Documentation

◆ defrag_policies

enum defrag_policies

Fragment reassembly policies.

Enumerator
DEFRAG_POLICY_FIRST
DEFRAG_POLICY_LAST
DEFRAG_POLICY_BSD
DEFRAG_POLICY_BSD_RIGHT
DEFRAG_POLICY_LINUX
DEFRAG_POLICY_WINDOWS
DEFRAG_POLICY_SOLARIS
DEFRAG_POLICY_DEFAULT

Definition at line 86 of file defrag.c.

Function Documentation

◆ Defrag()

Packet* Defrag	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p
	)

Entry point for IPv4 and IPv6 fragments.

Parameters

tv	ThreadVars for the calling decoder.
p	The packet fragment.

Return values

A	new Packet resembling the re-assembled packet if the most recent fragment allowed the packet to be re-assembled, otherwise NULL is returned.

Definition at line 1049 of file defrag.c.

References af, DecodeThreadVars_::counter_defrag_ipv4_fragments, DecodeThreadVars_::counter_defrag_ipv6_fragments, dtv, IPV4_GET_IPOFFSET, IPV4_GET_MF, IPV6_EXTHDR_GET_FH_FLAG, IPV6_EXTHDR_GET_FH_OFFSET, PKT_IS_IPV4, PKT_IS_IPV6, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DefragDestroy()

void DefragDestroy ( void )

Definition at line 1119 of file defrag.c.

References DefragHashShutdown().

Here is the call graph for this function:

◆ DefragGetOsPolicy()

uint8_t DefragGetOsPolicy ( Packet * p )

Get the defrag policy based on the destination address of the packet.

Parameters

p	The packet used to get the destination address.

Return values

The	defrag policy to use.

Definition at line 970 of file defrag.c.

References GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, PKT_IS_IPV4, PKT_IS_IPV6, SCHInfoGetIPv4HostOSFlavour(), and SCHInfoGetIPv6HostOSFlavour().

Here is the call graph for this function:

◆ DefragInit()

void DefragInit ( void )

Definition at line 1099 of file defrag.c.

References ConfGetInt(), DEFAULT_DEFRAG_HASH_SIZE, and DefragPolicyLoadFromConfig().

Referenced by PreRunInit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DefragRbFragCompare()

int DefragRbFragCompare	(	struct Frag_ *	a,
		struct Frag_ *	b
	)

The RB_TREE compare function for fragments.

When it comes to adding fragments, we want subsequent ones with the same offset to be treated as greater than, so we don't have an equal return value here.

Definition at line 536 of file defrag.c.

References Frag_::offset.

◆ DefragRegisterTests()

void DefragRegisterTests ( void )

Definition at line 3173 of file defrag.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DefragTrackerFreeFrags()

void DefragTrackerFreeFrags ( DefragTracker * tracker )

Free all frags associated with a tracker.

Definition at line 133 of file defrag.c.

References SCMutexLock.

Referenced by DefragTrackerClearMemory().

Here is the caller graph for this function:

◆ RB_GENERATE()

RB_GENERATE	(	IP_FRAGMENTS	,
		Frag_	,
		rb	,
		DefragRbFragCompare
	)

Macros

Enumerations

Functions

Detailed Description

Macro Definition Documentation

◆ D_1

◆ D_10

◆ D_11

◆ D_2

◆ D_3

◆ D_3_1

◆ D_3_2

◆ D_3_3

◆ D_3_4

◆ D_3_5

◆ D_3_6

◆ D_4

◆ D_5

◆ D_6

◆ D_7

◆ D_8

◆ D_9

◆ DEFAULT_DEFRAG_HASH_SIZE

◆ DEFAULT_DEFRAG_POOL_SIZE

◆ IP_MF

◆ TIMEOUT_DEFAULT

◆ TIMEOUT_MAX

◆ TIMEOUT_MIN

Enumeration Type Documentation

◆ defrag_policies

Function Documentation

◆ Defrag()

◆ DefragDestroy()

◆ DefragGetOsPolicy()

◆ DefragInit()

◆ DefragRbFragCompare()

◆ DefragRegisterTests()

◆ DefragTrackerFreeFrags()

◆ RB_GENERATE()