icmpv6: fix icmp_id and icmp_seq keywords

Bug #907

src/decode-icmpv6.c

@@ -677,16 +677,16 @@ static int ICMPV6EchoReqTest01(void)
 
     if (p->icmpv6h == NULL) {
         SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6");
-        retval = 0;
         goto end;
     }
 
     SCLogDebug("ID: %u seq: %u", ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p));
 
     if (ICMPV6_GET_TYPE(p) != 128 || ICMPV6_GET_CODE(p) != 0 ||
-        ICMPV6_GET_ID(p) != 9712 || ICMPV6_GET_SEQ(p) != 29987) {
-        SCLogDebug("ICMPv6 Echo request decode failed");
-        retval = 0;
+        ntohs(ICMPV6_GET_ID(p)) != 9712 || ntohs(ICMPV6_GET_SEQ(p)) != 29987) {
+        printf("ICMPv6 Echo reply decode failed TYPE %u CODE %u ID %04x(%u) SEQ %04x(%u): ",
+                ICMPV6_GET_TYPE(p), ICMPV6_GET_CODE(p), ICMPV6_GET_ID(p), ntohs(ICMPV6_GET_ID(p)),
+                ICMPV6_GET_SEQ(p), ntohs(ICMPV6_GET_SEQ(p)));
         goto end;
     }
 
@@ -730,7 +730,6 @@ static int ICMPV6EchoRepTest01(void)
 
     if (p->icmpv6h == NULL) {
         SCLogDebug("ICMPv6 Unable to detect icmpv6 layer from ipv6");
-        retval = 0;
         goto end;
     }
 
@@ -738,9 +737,10 @@ static int ICMPV6EchoRepTest01(void)
                ICMPV6_GET_CODE(p),ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p));
 
     if (ICMPV6_GET_TYPE(p) != 129 || ICMPV6_GET_CODE(p) != 0 ||
-        ICMPV6_GET_ID(p) != 9712 || ICMPV6_GET_SEQ(p) != 29987) {
-        SCLogDebug("ICMPv6 Echo reply decode failed");
-        retval = 0;
+        ntohs(ICMPV6_GET_ID(p)) != 9712 || ntohs(ICMPV6_GET_SEQ(p)) != 29987) {
+        printf("ICMPv6 Echo reply decode failed TYPE %u CODE %u ID %04x(%u) SEQ %04x(%u): ",
+                ICMPV6_GET_TYPE(p), ICMPV6_GET_CODE(p), ICMPV6_GET_ID(p), ntohs(ICMPV6_GET_ID(p)),
+                ICMPV6_GET_SEQ(p), ntohs(ICMPV6_GET_SEQ(p)));
         goto end;
     }
 

src/decode-icmpv6.h

@@ -78,9 +78,9 @@
 
 /** If message is informational */
 /** macro for icmpv6 "id" access */
-#define ICMPV6_GET_ID(p)        (ntohs((p)->icmpv6vars.id))
+#define ICMPV6_GET_ID(p)        (p)->icmpv6vars.id
 /** macro for icmpv6 "seq" access */
-#define ICMPV6_GET_SEQ(p)       (ntohs((p)->icmpv6vars.seq))
+#define ICMPV6_GET_SEQ(p)       (p)->icmpv6vars.seq
 
 /** If message is Error */
 /** macro for icmpv6 "unused" access */

src/detect-icmp-id.c

@@ -99,10 +99,6 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
         return 0;
 
     if (PKT_IS_ICMPV4(p)) {
-        SCLogDebug("ICMPV4_GET_ID(p) %"PRIu16" (network byte order), "
-                "%"PRIu16" (host byte order)", ICMPV4_GET_ID(p),
-                ntohs(ICMPV4_GET_ID(p)));
-
         switch (ICMPV4_GET_TYPE(p)){
             case ICMP_ECHOREPLY:
             case ICMP_ECHO:
@@ -112,6 +108,10 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
             case ICMP_INFO_REPLY:
             case ICMP_ADDRESS:
             case ICMP_ADDRESSREPLY:
+                SCLogDebug("ICMPV4_GET_ID(p) %"PRIu16" (network byte order), "
+                        "%"PRIu16" (host byte order)", ICMPV4_GET_ID(p),
+                        ntohs(ICMPV4_GET_ID(p)));
+
                 pid = ICMPV4_GET_ID(p);
                 break;
             default:
@@ -122,6 +122,10 @@ int DetectIcmpIdMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
         switch (ICMPV6_GET_TYPE(p)) {
             case ICMP6_ECHO_REQUEST:
             case ICMP6_ECHO_REPLY:
+                SCLogDebug("ICMPV6_GET_ID(p) %"PRIu16" (network byte order), "
+                        "%"PRIu16" (host byte order)", ICMPV6_GET_ID(p),
+                        ntohs(ICMPV6_GET_ID(p)));
+
                 pid = ICMPV6_GET_ID(p);
                 break;
             default:

src/detect-icmp-seq.c

@@ -99,10 +99,6 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p
         return 0;
 
     if (PKT_IS_ICMPV4(p)) {
-        SCLogDebug("ICMPV4_GET_SEQ(p) %"PRIu16" (network byte order), "
-                "%"PRIu16" (host byte order)", ICMPV4_GET_SEQ(p),
-                ntohs(ICMPV4_GET_SEQ(p)));
-
         switch (ICMPV4_GET_TYPE(p)){
             case ICMP_ECHOREPLY:
             case ICMP_ECHO:
@@ -112,6 +108,10 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p
             case ICMP_INFO_REPLY:
             case ICMP_ADDRESS:
             case ICMP_ADDRESSREPLY:
+                SCLogDebug("ICMPV4_GET_SEQ(p) %"PRIu16" (network byte order), "
+                        "%"PRIu16" (host byte order)", ICMPV4_GET_SEQ(p),
+                        ntohs(ICMPV4_GET_SEQ(p)));
+
                 seqn = ICMPV4_GET_SEQ(p);
                 break;
             default:
@@ -119,9 +119,14 @@ int DetectIcmpSeqMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p
                 return 0;
         }
     } else if (PKT_IS_ICMPV6(p)) {
+
         switch (ICMPV6_GET_TYPE(p)) {
             case ICMP6_ECHO_REQUEST:
             case ICMP6_ECHO_REPLY:
+                SCLogDebug("ICMPV6_GET_SEQ(p) %"PRIu16" (network byte order), "
+                        "%"PRIu16" (host byte order)", ICMPV6_GET_SEQ(p),
+                        ntohs(ICMPV6_GET_SEQ(p)));
+
                 seqn = ICMPV6_GET_SEQ(p);
                 break;
             default:
@@ -268,7 +273,7 @@ void DetectIcmpSeqFree (void *ptr) {
 int DetectIcmpSeqParseTest01 (void) {
     DetectIcmpSeqData *iseq = NULL;
     iseq = DetectIcmpSeqParse("300");
-    if (iseq != NULL && iseq->seq == htons(300)) {
+    if (iseq != NULL && htons(iseq->seq) == 300) {
         DetectIcmpSeqFree(iseq);
         return 1;
     }
@@ -282,7 +287,7 @@ int DetectIcmpSeqParseTest01 (void) {
 int DetectIcmpSeqParseTest02 (void) {
     DetectIcmpSeqData *iseq = NULL;
     iseq = DetectIcmpSeqParse("  300  ");
-    if (iseq != NULL && iseq->seq == htons(300)) {
+    if (iseq != NULL && htons(iseq->seq) == 300) {
         DetectIcmpSeqFree(iseq);
         return 1;
     }