suricata
Macros | Enumerations | Functions
defrag.c File Reference
#include "suricata-common.h"
#include "queue.h"
#include "suricata.h"
#include "threads.h"
#include "conf.h"
#include "decode-ipv6.h"
#include "util-hashlist.h"
#include "util-pool.h"
#include "util-time.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-fix_checksum.h"
#include "util-random.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "util-host-os-info.h"
#include "util-validate.h"
#include "defrag.h"
#include "defrag-hash.h"
#include "defrag-queue.h"
#include "defrag-config.h"
#include "tmqh-packetpool.h"
#include "decode.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "packet.h"
Include dependency graph for defrag.c:

Go to the source code of this file.

Macros

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff
 
#define DEFAULT_DEFRAG_POOL_SIZE   0xffff
 
#define TIMEOUT_DEFAULT   60
 
#define TIMEOUT_MAX   (60 * 60 * 24)
 
#define TIMEOUT_MIN   1
 
#define IP_MF   0x2000
 

Enumerations

enum  defrag_policies {
  DEFRAG_POLICY_FIRST = 1, DEFRAG_POLICY_LAST, DEFRAG_POLICY_BSD, DEFRAG_POLICY_BSD_RIGHT,
  DEFRAG_POLICY_LINUX, DEFRAG_POLICY_WINDOWS, DEFRAG_POLICY_SOLARIS, DEFRAG_POLICY_DEFAULT = DEFRAG_POLICY_BSD
}
 

Functions

 RB_GENERATE (IP_FRAGMENTS, Frag_, rb, DefragRbFragCompare)
 
void DefragTrackerFreeFrags (DefragTracker *tracker)
 Free all frags associated with a tracker. More...
 
int DefragRbFragCompare (struct Frag_ *a, struct Frag_ *b)
 
uint8_t DefragGetOsPolicy (Packet *p)
 Get the defrag policy based on the destination address of the packet. More...
 
PacketDefrag (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 Entry point for IPv4 and IPv6 fragments. More...
 
void DefragInit (void)
 
void DefragDestroy (void)
 
void DefragRegisterTests (void)
 

Detailed Description

Author
Endace Technology Limited, Jason Ish jason.nosp@m..ish.nosp@m.@enda.nosp@m.ce.c.nosp@m.om

Defragmentation module. References:

  • RFC 815
  • OpenBSD PF's IP normalization (pf_norm.c)
Todo:

pool for frag packet storage

policy bsd-right

profile hash function

log anomalies

Definition in file defrag.c.

Macro Definition Documentation

◆ DEFAULT_DEFRAG_HASH_SIZE

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff

Definition at line 67 of file defrag.c.

◆ DEFAULT_DEFRAG_POOL_SIZE

#define DEFAULT_DEFRAG_POOL_SIZE   0xffff

Definition at line 68 of file defrag.c.

◆ IP_MF

#define IP_MF   0x2000

Definition at line 1091 of file defrag.c.

◆ TIMEOUT_DEFAULT

#define TIMEOUT_DEFAULT   60

Default timeout (in seconds) before a defragmentation tracker will be released.

Definition at line 74 of file defrag.c.

◆ TIMEOUT_MAX

#define TIMEOUT_MAX   (60 * 60 * 24)

Maximum allowed timeout, 24 hours.

Definition at line 79 of file defrag.c.

◆ TIMEOUT_MIN

#define TIMEOUT_MIN   1

Minimum allowed timeout, 1 second.

Definition at line 84 of file defrag.c.

Enumeration Type Documentation

◆ defrag_policies

enum defrag_policies

Fragment reassembly policies.

Enumerator
DEFRAG_POLICY_FIRST 
DEFRAG_POLICY_LAST 
DEFRAG_POLICY_BSD 
DEFRAG_POLICY_BSD_RIGHT 
DEFRAG_POLICY_LINUX 
DEFRAG_POLICY_WINDOWS 
DEFRAG_POLICY_SOLARIS 
DEFRAG_POLICY_DEFAULT 

Definition at line 86 of file defrag.c.

Function Documentation

◆ Defrag()

Packet* Defrag ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p 
)

Entry point for IPv4 and IPv6 fragments.

Parameters
tvThreadVars for the calling decoder.
pThe packet fragment.
Return values
Anew Packet resembling the re-assembled packet if the most recent fragment allowed the packet to be re-assembled, otherwise NULL is returned.

Definition at line 1008 of file defrag.c.

References af, DecodeThreadVars_::counter_defrag_ipv4_fragments, DecodeThreadVars_::counter_defrag_ipv6_fragments, dtv, IPV4_GET_IPOFFSET, IPV4_GET_MF, IPV6_EXTHDR_GET_FH_FLAG, IPV6_EXTHDR_GET_FH_OFFSET, PKT_IS_IPV4, PKT_IS_IPV6, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DefragDestroy()

void DefragDestroy ( void  )

Definition at line 1078 of file defrag.c.

References DefragHashShutdown().

Here is the call graph for this function:

◆ DefragGetOsPolicy()

uint8_t DefragGetOsPolicy ( Packet p)

Get the defrag policy based on the destination address of the packet.

Parameters
pThe packet used to get the destination address.
Return values
Thedefrag policy to use.

Definition at line 929 of file defrag.c.

References GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, PKT_IS_IPV4, PKT_IS_IPV6, SCHInfoGetIPv4HostOSFlavour(), and SCHInfoGetIPv6HostOSFlavour().

Here is the call graph for this function:

◆ DefragInit()

void DefragInit ( void  )

Definition at line 1058 of file defrag.c.

References ConfGetInt(), DEFAULT_DEFRAG_HASH_SIZE, and DefragPolicyLoadFromConfig().

Referenced by PreRunInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragRbFragCompare()

int DefragRbFragCompare ( struct Frag_ a,
struct Frag_ b 
)

The RB_TREE compare function for fragments.

When it comes to adding fragments, we want subsequent ones with the same offset to be treated as greater than, so we don't have an equal return value here.

Definition at line 521 of file defrag.c.

References Frag_::offset.

◆ DefragRegisterTests()

void DefragRegisterTests ( void  )

Definition at line 2515 of file defrag.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DefragTrackerFreeFrags()

void DefragTrackerFreeFrags ( DefragTracker tracker)

Free all frags associated with a tracker.

Definition at line 153 of file defrag.c.

References SCMutexLock.

Referenced by DefragTrackerClearMemory().

Here is the caller graph for this function:

◆ RB_GENERATE()

RB_GENERATE ( IP_FRAGMENTS  ,
Frag_  ,
rb  ,
DefragRbFragCompare   
)