suricata
Macros | Enumerations | Functions
defrag.c File Reference
#include "suricata-common.h"
#include "queue.h"
#include "suricata.h"
#include "threads.h"
#include "conf.h"
#include "decode-ipv6.h"
#include "util-hashlist.h"
#include "util-pool.h"
#include "util-time.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-fix_checksum.h"
#include "util-random.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "util-host-os-info.h"
#include "util-validate.h"
#include "defrag.h"
#include "defrag-hash.h"
#include "defrag-config.h"
#include "tmqh-packetpool.h"
#include "decode.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "packet.h"
Include dependency graph for defrag.c:

Go to the source code of this file.

Macros

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff
 
#define DEFAULT_DEFRAG_POOL_SIZE   0xffff
 
#define TIMEOUT_DEFAULT   60
 
#define TIMEOUT_MAX   (60 * 60 * 24)
 
#define TIMEOUT_MIN   1
 
#define IP_MF   0x2000
 
#define D_1   'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'
 
#define D_2   'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'
 
#define D_3   'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'
 
#define D_3_1   'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'
 
#define D_3_2   'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'
 
#define D_3_3   'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'
 
#define D_3_4   'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'
 
#define D_3_5   'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'
 
#define D_3_6   'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'
 
#define D_4   'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'
 
#define D_5   'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'
 
#define D_6   'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'
 
#define D_7   'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'
 
#define D_8   'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'
 
#define D_9   'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'
 
#define D_10   'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'
 
#define D_11   'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'
 

Enumerations

enum  defrag_policies {
  DEFRAG_POLICY_FIRST = 1, DEFRAG_POLICY_LAST, DEFRAG_POLICY_BSD, DEFRAG_POLICY_BSD_RIGHT,
  DEFRAG_POLICY_LINUX, DEFRAG_POLICY_WINDOWS, DEFRAG_POLICY_SOLARIS, DEFRAG_POLICY_DEFAULT = DEFRAG_POLICY_BSD
}
 

Functions

 RB_GENERATE (IP_FRAGMENTS, Frag_, rb, DefragRbFragCompare)
 
void DefragTrackerFreeFrags (DefragTracker *tracker)
 Free all frags associated with a tracker. More...
 
int DefragRbFragCompare (struct Frag_ *a, struct Frag_ *b)
 
uint8_t DefragGetOsPolicy (Packet *p)
 Get the defrag policy based on the destination address of the packet. More...
 
PacketDefrag (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 Entry point for IPv4 and IPv6 fragments. More...
 
void DefragInit (void)
 
void DefragDestroy (void)
 
void DefragRegisterTests (void)
 

Detailed Description

Author
Endace Technology Limited, Jason Ish jason.nosp@m..ish.nosp@m.@enda.nosp@m.ce.c.nosp@m.om

Defragmentation module. References:

  • RFC 815
  • OpenBSD PF's IP normalization (pf_norm.c)
Todo:

pool for frag packet storage

policy bsd-right

profile hash function

log anomalies

Definition in file defrag.c.

Macro Definition Documentation

◆ D_1

#define D_1   'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'

Definition at line 1871 of file defrag.c.

◆ D_10

#define D_10   'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'

Definition at line 1886 of file defrag.c.

◆ D_11

#define D_11   'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'

Definition at line 1887 of file defrag.c.

◆ D_2

#define D_2   'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'

Definition at line 1872 of file defrag.c.

◆ D_3

#define D_3   'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'

Definition at line 1873 of file defrag.c.

◆ D_3_1

#define D_3_1   'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'

Definition at line 1874 of file defrag.c.

◆ D_3_2

#define D_3_2   'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'

Definition at line 1875 of file defrag.c.

◆ D_3_3

#define D_3_3   'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'

Definition at line 1876 of file defrag.c.

◆ D_3_4

#define D_3_4   'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'

Definition at line 1877 of file defrag.c.

◆ D_3_5

#define D_3_5   'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'

Definition at line 1878 of file defrag.c.

◆ D_3_6

#define D_3_6   'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'

Definition at line 1879 of file defrag.c.

◆ D_4

#define D_4   'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'

Definition at line 1880 of file defrag.c.

◆ D_5

#define D_5   'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'

Definition at line 1881 of file defrag.c.

◆ D_6

#define D_6   'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'

Definition at line 1882 of file defrag.c.

◆ D_7

#define D_7   'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'

Definition at line 1883 of file defrag.c.

◆ D_8

#define D_8   'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'

Definition at line 1884 of file defrag.c.

◆ D_9

#define D_9   'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'

Definition at line 1885 of file defrag.c.

◆ DEFAULT_DEFRAG_HASH_SIZE

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff

Definition at line 66 of file defrag.c.

◆ DEFAULT_DEFRAG_POOL_SIZE

#define DEFAULT_DEFRAG_POOL_SIZE   0xffff

Definition at line 67 of file defrag.c.

◆ IP_MF

#define IP_MF   0x2000

Definition at line 1146 of file defrag.c.

◆ TIMEOUT_DEFAULT

#define TIMEOUT_DEFAULT   60

Default timeout (in seconds) before a defragmentation tracker will be released.

Definition at line 73 of file defrag.c.

◆ TIMEOUT_MAX

#define TIMEOUT_MAX   (60 * 60 * 24)

Maximum allowed timeout, 24 hours.

Definition at line 78 of file defrag.c.

◆ TIMEOUT_MIN

#define TIMEOUT_MIN   1

Minimum allowed timeout, 1 second.

Definition at line 83 of file defrag.c.

Enumeration Type Documentation

◆ defrag_policies

enum defrag_policies

Fragment reassembly policies.

Enumerator
DEFRAG_POLICY_FIRST 
DEFRAG_POLICY_LAST 
DEFRAG_POLICY_BSD 
DEFRAG_POLICY_BSD_RIGHT 
DEFRAG_POLICY_LINUX 
DEFRAG_POLICY_WINDOWS 
DEFRAG_POLICY_SOLARIS 
DEFRAG_POLICY_DEFAULT 

Definition at line 85 of file defrag.c.

Function Documentation

◆ Defrag()

Packet* Defrag ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p 
)

Entry point for IPv4 and IPv6 fragments.

Parameters
tvThreadVars for the calling decoder.
pThe packet fragment.
Return values
Anew Packet resembling the re-assembled packet if the most recent fragment allowed the packet to be re-assembled, otherwise NULL is returned.

Definition at line 1064 of file defrag.c.

References af.

◆ DefragDestroy()

void DefragDestroy ( void  )

Definition at line 1133 of file defrag.c.

References DefragHashShutdown().

Here is the call graph for this function:

◆ DefragGetOsPolicy()

uint8_t DefragGetOsPolicy ( Packet p)

Get the defrag policy based on the destination address of the packet.

Parameters
pThe packet used to get the destination address.
Return values
Thedefrag policy to use.

Definition at line 986 of file defrag.c.

◆ DefragInit()

void DefragInit ( void  )

Definition at line 1113 of file defrag.c.

References ConfGetInt(), DEFAULT_DEFRAG_HASH_SIZE, and DefragPolicyLoadFromConfig().

Referenced by PreRunInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragRbFragCompare()

int DefragRbFragCompare ( struct Frag_ a,
struct Frag_ b 
)

The RB_TREE compare function for fragments.

When it comes to adding fragments, we want subsequent ones with the same offset to be treated as greater than, so we don't have an equal return value here.

Definition at line 538 of file defrag.c.

References Frag_::offset.

◆ DefragRegisterTests()

void DefragRegisterTests ( void  )

Definition at line 3179 of file defrag.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DefragTrackerFreeFrags()

void DefragTrackerFreeFrags ( DefragTracker tracker)

Free all frags associated with a tracker.

Definition at line 132 of file defrag.c.

References SCMutexLock.

Referenced by DefragTrackerClearMemory().

Here is the caller graph for this function:

◆ RB_GENERATE()

RB_GENERATE ( IP_FRAGMENTS  ,
Frag_  ,
rb  ,
DefragRbFragCompare   
)