42 #define DETECT_CSUM_VALID "valid"
43 #define DETECT_CSUM_INVALID "invalid"
94 static void DetectCsumRegisterTests(
void);
199 static int DetectCsumParseArg(
const char *key,
DetectCsumData *cd)
203 if (key[0] ==
'\"' && key[strlen(key) - 1] ==
'\"') {
208 str[strlen(key) - 2] =
'\0';
247 if (!PacketIsIPv4(p))
255 const IPV4Hdr *ip4h = PacketGetIPv4(p);
286 if (DetectCsumParseArg(csum_str, cd) == 0)
297 DetectIPV4CsumFree(
de_ctx, cd);
326 if (!PacketIsIPv4(p) || !PacketIsTCP(p) || p->
proto != IPPROTO_TCP)
334 const IPV4Hdr *ip4h = PacketGetIPv4(p);
335 const TCPHdr *tcph = PacketGetTCP(p);
336 p->
l4.
csum = TCPChecksum(ip4h->s_ip_addrs, (uint16_t *)tcph,
366 if (DetectCsumParseArg(csum_str, cd) == 0)
377 DetectTCPV4CsumFree(
de_ctx, cd);
406 if (!PacketIsIPv6(p) || !PacketIsTCP(p) || p->
proto != IPPROTO_TCP)
414 const IPV6Hdr *ip6h = PacketGetIPv6(p);
415 const TCPHdr *tcph = PacketGetTCP(p);
416 p->
l4.
csum = TCPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)tcph,
447 if (DetectCsumParseArg(csum_str, cd) == 0)
458 DetectTCPV6CsumFree(
de_ctx, cd);
487 if (!PacketIsIPv4(p) || !PacketIsUDP(p) || p->
proto != IPPROTO_UDP)
490 const UDPHdr *udph = PacketGetUDP(p);
499 const IPV4Hdr *ip4h = PacketGetIPv4(p);
500 p->
l4.
csum = UDPV4Checksum(ip4h->s_ip_addrs, (uint16_t *)udph,
530 if (DetectCsumParseArg(csum_str, cd) == 0)
541 DetectUDPV4CsumFree(
de_ctx, cd);
570 if (!PacketIsIPv6(p) || !PacketIsUDP(p) || p->
proto != IPPROTO_UDP)
578 const IPV6Hdr *ip6h = PacketGetIPv6(p);
579 const UDPHdr *udph = PacketGetUDP(p);
580 p->
l4.
csum = UDPV6Checksum(ip6h->s_ip6_addrs, (uint16_t *)udph,
610 if (DetectCsumParseArg(csum_str, cd) == 0)
621 DetectUDPV6CsumFree(
de_ctx, cd);
653 if (!PacketIsIPv4(p) || !PacketIsICMPv4(p) || p->
proto != IPPROTO_ICMP)
660 const ICMPV4Hdr *icmpv4h = PacketGetICMPv4(p);
662 const IPV4Hdr *ip4h = PacketGetIPv4(p);
663 p->
l4.
csum = ICMPV4CalculateChecksum(
667 if (p->
l4.
csum == icmpv4h->checksum && cd->
valid == 1)
669 else if (p->
l4.
csum != icmpv4h->checksum && cd->
valid == 0)
693 if (DetectCsumParseArg(csum_str, cd) == 0)
704 DetectICMPV4CsumFree(
de_ctx, cd);
733 if (!PacketIsIPv6(p) || !PacketIsICMPv6(p) || p->
proto != IPPROTO_ICMPV6) {
736 const ICMPV6Hdr *icmpv6h = PacketGetICMPv6(p);
746 const IPV6Hdr *ip6h = PacketGetIPv6(p);
749 p->
l4.
csum = ICMPV6CalculateChecksum(ip6h->s_ip6_addrs, (uint16_t *)icmpv6h,
len);
779 if (DetectCsumParseArg(csum_str, cd) == 0)
790 DetectICMPV6CsumFree(
de_ctx, cd);
808 #define TEST1(kwstr) {\
809 DetectEngineCtx *de_ctx = DetectEngineCtxInit();\
810 FAIL_IF_NULL(de_ctx);\
811 de_ctx->flags = DE_QUIET;\
813 Signature *s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:valid; sid:1;)");\
815 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:invalid; sid:2;)");\
817 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:vaLid; sid:3;)");\
819 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:VALID; sid:4;)");\
821 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:iNvaLid; sid:5;)");\
823 DetectEngineCtxFree(de_ctx);\
827 static int DetectCsumValidArgsTestParse01(
void)
840 #define TEST2(kwstr) \
842 DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \
843 FAIL_IF_NULL(de_ctx); \
844 Signature *s = DetectEngineAppendSig( \
845 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxx; sid:1;)"); \
847 s = DetectEngineAppendSig( \
848 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxxxxxx; sid:2;)"); \
850 s = DetectEngineAppendSig( \
851 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:xxxxxx; sid:3;)"); \
853 s = DetectEngineAppendSig( \
854 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:XXXXXX; sid:4;)"); \
856 s = DetectEngineAppendSig( \
857 de_ctx, "alert ip any any -> any any (" mystr(kwstr) "-csum:XxXxXxX; sid:5;)"); \
859 DetectEngineCtxFree(de_ctx); \
862 static int DetectCsumInvalidArgsTestParse02(
void)
875 #define TEST3(kwstr, kwtype) { \
876 DetectEngineCtx *de_ctx = DetectEngineCtxInit();\
877 FAIL_IF_NULL(de_ctx);\
878 Signature *s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:valid; sid:1;)");\
880 SigMatch *sm = DetectGetLastSMFromLists(s, (kwtype), -1);\
882 FAIL_IF_NULL(sm->ctx);\
883 FAIL_IF_NOT(((DetectCsumData *)sm->ctx)->valid == 1);\
884 s = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any ("mystr(kwstr)"-csum:INVALID; sid:2;)");\
886 sm = DetectGetLastSMFromLists(s, (kwtype), -1);\
888 FAIL_IF_NULL(sm->ctx);\
889 FAIL_IF_NOT(((DetectCsumData *)sm->ctx)->valid == 0);\
890 DetectEngineCtxFree(de_ctx);\
893 static int DetectCsumValidArgsTestParse03(
void)
909 static int DetectCsumICMPV6Test01(
void)
921 0x00, 0x30, 0x18, 0xa8, 0x7c, 0x23, 0x2c, 0x41,
922 0x38, 0xa7, 0xea, 0xeb, 0x86, 0xdd, 0x60, 0x00,
923 0x00, 0x00, 0x00, 0x40, 0x3c, 0x40, 0xad, 0xa1,
924 0x09, 0x80, 0x00, 0x01, 0xd6, 0xf3, 0x20, 0x01,
925 0xf4, 0xbe, 0xea, 0x3c, 0x00, 0x01, 0x00, 0x00,
926 0x00, 0x00, 0x32, 0xb2, 0x00, 0x01, 0x32, 0xb2,
927 0x09, 0x80, 0x20, 0x01, 0x00, 0x00, 0x3c, 0x00,
928 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x00,
929 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
930 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
931 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x00,
932 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0x00,
933 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00,
934 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
935 0x63, 0xc2, 0x00, 0x00, 0x00, 0x00 };
939 memset(&
tv, 0,
sizeof(
tv));
940 memset(&
dtv, 0,
sizeof(
dtv));
951 "(icmpv6-csum:valid; sid:1;)");
973 static void DetectCsumRegisterTests(
void)
976 DetectCsumValidArgsTestParse01);
978 DetectCsumInvalidArgsTestParse02);
980 DetectCsumValidArgsTestParse03);
983 DetectCsumICMPV6Test01);