decode/esp: move esph into L4 packet data

To reduce Packet size. Ticket: #6938.
2 years ago · 30ae13f2c3
parent 7d04216cad
commit 30ae13f2c3
6 changed files with 36 additions and 27 deletions
--- a/src/decode-esp.c
+++ b/src/decode-esp.c
@ -42,7 +42,7 @@ static int DecodeESPPacket(ThreadVars *tv, Packet *p, const uint8_t *pkt, uint16
        return -1;
    }

-    p->esph = (ESPHdr *)pkt;
+    (void)PacketSetESP(p, pkt);

    p->payload = (uint8_t *)pkt + sizeof(ESPHdr);
    p->payload_len = len - sizeof(ESPHdr);
@ -71,11 +71,12 @@ int DecodeESP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *p
        return TM_ECODE_FAILED;
    }
    if (unlikely(DecodeESPPacket(tv, p, pkt, len) < 0)) {
-        CLEAR_ESP_PACKET(p);
+        PacketClearL4(p);
        return TM_ECODE_FAILED;
    }

-    SCLogDebug("ESP spi: %" PRIu32 " sequence: %" PRIu32, ESP_GET_SPI(p), ESP_GET_SEQUENCE(p));
+    SCLogDebug("ESP spi: %" PRIu32 " sequence: %" PRIu32, ESP_GET_SPI(PacketGetESP(p)),
+            ESP_GET_SEQUENCE(PacketGetESP(p)));

    FlowSetupPacket(p);

@ -105,8 +106,8 @@ static int DecodeESPTest01(void)

    FAIL_IF(p->proto != IPPROTO_ESP);
    FAIL_IF(p->payload_len != sizeof(raw_esp) - ESP_HEADER_LEN);
-    FAIL_IF(ESP_GET_SPI(p) != 0x7b);
-    FAIL_IF(ESP_GET_SEQUENCE(p) != 0x08);
+    FAIL_IF(ESP_GET_SPI(PacketGetESP(p)) != 0x7b);
+    FAIL_IF(ESP_GET_SEQUENCE(PacketGetESP(p)) != 0x08);

    SCFree(p);

@ -133,8 +134,8 @@ static int DecodeESPTest02(void)
    FAIL_IF(p->proto != IPPROTO_ESP);
    FAIL_IF(p->payload_len != sizeof(raw_esp) - ESP_HEADER_LEN);
    FAIL_IF(memcmp(p->payload, raw_esp + ESP_HEADER_LEN, p->payload_len) != 0);
-    FAIL_IF(ESP_GET_SPI(p) != 0x7b);
-    FAIL_IF(ESP_GET_SEQUENCE(p) != 0x08);
+    FAIL_IF(ESP_GET_SPI(PacketGetESP(p)) != 0x7b);
+    FAIL_IF(ESP_GET_SEQUENCE(PacketGetESP(p)) != 0x08);

    SCFree(p);

--- a/src/decode-esp.h
+++ b/src/decode-esp.h
@ -25,14 +25,10 @@
 /** \brief size of the ESP header */
 #define ESP_HEADER_LEN 8

-#define ESP_GET_RAW_SPI(esph)      SCNtohl((esph)->spi)
-#define ESP_GET_RAW_SEQUENCE(esph) SCNtohl((esph)->sequence)
-
 /** \brief Get the spi field off a packet */
-#define ESP_GET_SPI(p) ESP_GET_RAW_SPI(p->esph)
-
+#define ESP_GET_SPI(esph) SCNtohl((esph)->spi)
 /** \brief Get the sequence field off a packet */
-#define ESP_GET_SEQUENCE(p) ESP_GET_RAW_SEQUENCE(p->esph)
+#define ESP_GET_SEQUENCE(esph) SCNtohl((esph)->sequence)

 /** \brief ESP Header */
 typedef struct ESPHdr_ {
@ -40,12 +36,6 @@ typedef struct ESPHdr_ {
    uint32_t sequence; /** < ESP sequence number */
 } __attribute__((__packed__)) ESPHdr;

-#define CLEAR_ESP_PACKET(p)                                                                        \
-    {                                                                                              \
-        (p)->esph = NULL;                                                                          \
-    }                                                                                              \
-    while (0)
-
 void DecodeESPRegisterTests(void);

 #endif /* SURICATA_DECODE_ESP_H */
--- a/src/decode.h
+++ b/src/decode.h
@ -430,6 +430,7 @@ enum PacketL4Types {
    PACKET_L4_UNKNOWN = 0,
    PACKET_L4_SCTP,
    PACKET_L4_GRE,
+    PACKET_L4_ESP,
 };

 struct PacketL4 {
@ -439,6 +440,7 @@ struct PacketL4 {
    union L4Hdrs {
        SCTPHdr *sctph;
        GREHdr *greh;
+        ESPHdr *esph;
    } hdrs;
 };

@ -577,7 +579,6 @@ typedef struct Packet_

    TCPHdr *tcph;
    UDPHdr *udph;
-    ESPHdr *esph;
    ICMPV4Hdr *icmpv4h;
    ICMPV6Hdr *icmpv6h;
    PPPOESessionHdr *pppoesh;
@ -815,6 +816,25 @@ static inline bool PacketIsGRE(const Packet *p)
    return p->l4.type == PACKET_L4_GRE;
 }

+static inline ESPHdr *PacketSetESP(Packet *p, const uint8_t *buf)
+{
+    DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_UNKNOWN);
+    p->l4.type = PACKET_L4_ESP;
+    p->l4.hdrs.esph = (ESPHdr *)buf;
+    return p->l4.hdrs.esph;
+}
+
+static inline const ESPHdr *PacketGetESP(const Packet *p)
+{
+    DEBUG_VALIDATE_BUG_ON(p->l4.type != PACKET_L4_ESP);
+    return p->l4.hdrs.esph;
+}
+
+static inline bool PacketIsESP(const Packet *p)
+{
+    return p->l4.type == PACKET_L4_ESP;
+}
+
 /** \brief Structure to hold thread specific data for all decode modules */
 typedef struct DecodeThreadVars_
 {
--- a/src/flow-hash.c
+++ b/src/flow-hash.c
@ -514,7 +514,8 @@ static inline int FlowCompareESP(Flow *f, const Packet *p)

    return CmpAddrs(f_src, p_src) && CmpAddrs(f_dst, p_dst) && f->proto == p->proto &&
           f->recursion_level == p->recursion_level && CmpVlanIds(f->vlan_id, p->vlan_id) &&
-           f->esp.spi == ESP_GET_SPI(p) && (f->livedev == p->livedev || g_livedev_mask == 0);
+           f->esp.spi == ESP_GET_SPI(PacketGetESP(p)) &&
+           (f->livedev == p->livedev || g_livedev_mask == 0);
 }

 void FlowSetupPacket(Packet *p)
@ -527,7 +528,7 @@ static inline int FlowCompare(Flow *f, const Packet *p)
 {
    if (p->proto == IPPROTO_ICMP) {
        return FlowCompareICMPv4(f, p);
-    } else if (p->proto == IPPROTO_ESP) {
+    } else if (PacketIsESP(p)) {
        return FlowCompareESP(f, p);
    } else {
        return CmpFlowPacket(f, p);
--- a/src/flow-util.c
+++ b/src/flow-util.c
@ -187,8 +187,8 @@ void FlowInit(Flow *f, const Packet *p)
    } else if (PacketIsSCTP(p)) {
        f->sp = p->sp;
        f->dp = p->dp;
-    } else if (p->esph != NULL) {
-        f->esp.spi = ESP_GET_SPI(p);
+    } else if (PacketIsESP(p)) {
+        f->esp.spi = ESP_GET_SPI(PacketGetESP(p));
    } else {
        /* nothing to do for this IP proto. */
        SCLogDebug("no special setup for IP proto %u", p->proto);
--- a/src/packet.c
+++ b/src/packet.c
@ -121,9 +121,6 @@ void PacketReinit(Packet *p)
    if (p->udph != NULL) {
        CLEAR_UDP_PACKET(p);
    }
-    if (p->esph != NULL) {
-        CLEAR_ESP_PACKET(p);
-    }
    if (p->icmpv4h != NULL) {
        CLEAR_ICMPV4_PACKET(p);
    }