aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename some decode event structure and macro.

Browse Source 
This patch renames DECODER_SET_EVENT, DECODER_ISSET_EVENT and some
other structures to ENGINE equivalent to take into account the fact
the event list is now related to all engines and not only to decoder.
remotes/origin/master-1.1.x
Eric Leblond 15 years ago
parent 5bbd8fe910
commit 7425bf5ca6
18 changed files with 184 additions and 184 deletions
Show Stats Download Patch File Download Diff File

2
src/decode-ethernet.c
Unescape Escape View File

@ -36,7 +36,7 @@ void DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *p
SCPerfCounterIncr(dtv->counter_eth, tv->sc_perf_pca);
if (len < ETHERNET_HEADER_LEN) {
DECODER_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL);
return;
}

34
src/decode-gre.c
Unescape Escape View File

@ -44,7 +44,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCPerfCounterIncr(dtv->counter_gre, tv->sc_perf_pca);
if(len < GRE_HDR_LEN) {
DECODER_SET_EVENT(p,GRE_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,GRE_PKT_TOO_SMALL);
return;
}
@ -69,12 +69,12 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
*/
if (GRE_FLAG_ISSET_RECUR(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION0_RECUR);
ENGINE_SET_EVENT(p,GRE_VERSION0_RECUR);
return;
}
if (GREV1_FLAG_ISSET_FLAGS(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION0_FLAGS);
ENGINE_SET_EVENT(p,GRE_VERSION0_FLAGS);
return;
}
@ -90,7 +90,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
header_len += GRE_CHKSUM_LEN + GRE_OFFSET_LEN;
if (header_len > len) {
DECODER_SET_EVENT(p,GRE_VERSION0_HDR_TOO_BIG);
ENGINE_SET_EVENT(p,GRE_VERSION0_HDR_TOO_BIG);
return;
}
@ -103,7 +103,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
while (1)
{
if ((header_len + GRE_SRE_HDR_LEN) > len) {
DECODER_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR);
ENGINE_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR);
return;
}
@ -114,7 +114,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
header_len += gsre->sre_length;
if (header_len > len) {
DECODER_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR);
ENGINE_SET_EVENT(p, GRE_VERSION0_MALFORMED_SRE_HDR);
return;
}
@ -137,37 +137,37 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
*/
if (GRE_FLAG_ISSET_CHKSUM(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION1_CHKSUM);
ENGINE_SET_EVENT(p,GRE_VERSION1_CHKSUM);
return;
}
if (GRE_FLAG_ISSET_ROUTE(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION1_ROUTE);
ENGINE_SET_EVENT(p,GRE_VERSION1_ROUTE);
return;
}
if (GRE_FLAG_ISSET_SSR(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION1_SSR);
ENGINE_SET_EVENT(p,GRE_VERSION1_SSR);
return;
}
if (GRE_FLAG_ISSET_RECUR(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION1_RECUR);
ENGINE_SET_EVENT(p,GRE_VERSION1_RECUR);
return;
}
if (GREV1_FLAG_ISSET_FLAGS(p->greh)) {
DECODER_SET_EVENT(p,GRE_VERSION1_FLAGS);
ENGINE_SET_EVENT(p,GRE_VERSION1_FLAGS);
return;
}
if (GRE_GET_PROTO(p->greh) != GRE_PROTO_PPP) {
DECODER_SET_EVENT(p,GRE_VERSION1_WRONG_PROTOCOL);
ENGINE_SET_EVENT(p,GRE_VERSION1_WRONG_PROTOCOL);
return;
}
if (!(GRE_FLAG_ISSET_KY(p->greh))) {
DECODER_SET_EVENT(p,GRE_VERSION1_NO_KEY);
ENGINE_SET_EVENT(p,GRE_VERSION1_NO_KEY);
return;
}
@ -182,13 +182,13 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
header_len += GREV1_ACK_LEN;
if (header_len > len) {
DECODER_SET_EVENT(p,GRE_VERSION1_HDR_TOO_BIG);
ENGINE_SET_EVENT(p,GRE_VERSION1_HDR_TOO_BIG);
return;
}
break;
default:
DECODER_SET_EVENT(p,GRE_WRONG_VERSION);
ENGINE_SET_EVENT(p,GRE_WRONG_VERSION);
return;
}
@ -278,7 +278,7 @@ static int DecodeGREtest01 (void) {
DecodeGRE(&tv, &dtv, p, raw_gre, sizeof(raw_gre), NULL);
if(DECODER_ISSET_EVENT(p,GRE_PKT_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,GRE_PKT_TOO_SMALL)) {
SCFree(p);
return 1;
}
@ -320,7 +320,7 @@ static int DecodeGREtest02 (void) {
DecodeGRE(&tv, &dtv, p, raw_gre, sizeof(raw_gre), NULL);
if(DECODER_ISSET_EVENT(p,GRE_WRONG_VERSION)) {
if(ENGINE_ISSET_EVENT(p,GRE_WRONG_VERSION)) {
SCFree(p);
return 1;
}

36
src/decode-icmpv4.c
Unescape Escape View File

@ -45,7 +45,7 @@ void DecodePartialIPV4( Packet* p, uint8_t* partial_packet, uint16_t len )
/** Check the sizes, the header must fit at least */
if (len < IPV4_HEADER_LEN) {
SCLogDebug("DecodePartialIPV4: ICMPV4_IPV4_TRUNC_PKT");
DECODER_SET_EVENT(p, ICMPV4_IPV4_TRUNC_PKT);
ENGINE_SET_EVENT(p, ICMPV4_IPV4_TRUNC_PKT);
return;
}
@ -56,7 +56,7 @@ void DecodePartialIPV4( Packet* p, uint8_t* partial_packet, uint16_t len )
/** Check the embedded version */
SCLogDebug("DecodePartialIPV4: ICMPv4 contains Unknown IPV4 version "
"ICMPV4_IPV4_UNKNOWN_VER");
DECODER_SET_EVENT(p, ICMPV4_IPV4_UNKNOWN_VER);
ENGINE_SET_EVENT(p, ICMPV4_IPV4_UNKNOWN_VER);
return;
}
@ -149,7 +149,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
SCPerfCounterIncr(dtv->counter_icmpv4, tv->sc_perf_pca);
if (len < ICMPV4_HEADER_LEN) {
DECODER_SET_EVENT(p,ICMPV4_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,ICMPV4_PKT_TOO_SMALL);
return;
}
@ -171,13 +171,13 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
case ICMP_DEST_UNREACH:
if (p->icmpv4h->code > NR_ICMP_UNREACH) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
/* parse IP header plus 64 bytes */
if (len >= ICMPV4_HEADER_PKT_OFFSET) {
@ -195,7 +195,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
case ICMP_SOURCE_QUENCH:
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
@ -205,7 +205,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
case ICMP_REDIRECT:
if (p->icmpv4h->code>ICMP_REDIR_HOSTTOS) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
@ -217,13 +217,13 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
case ICMP_TIME_EXCEEDED:
if (p->icmpv4h->code>ICMP_EXC_FRAGTIME) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
@ -233,7 +233,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
case ICMP_PARAMETERPROB:
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
} else {
// parse IP header plus 64 bytes
if (len >= ICMPV4_HEADER_PKT_OFFSET)
@ -245,7 +245,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
@ -253,7 +253,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
@ -261,7 +261,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
@ -269,7 +269,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
@ -277,7 +277,7 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
@ -285,12 +285,12 @@ void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
p->icmpv4vars.id=icmp4eh->id;
p->icmpv4vars.seq=icmp4eh->seq;
if (p->icmpv4h->code!=0) {
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_CODE);
}
break;
default:
DECODER_SET_EVENT(p,ICMPV4_UNKNOWN_TYPE);
ENGINE_SET_EVENT(p,ICMPV4_UNKNOWN_TYPE);
}
@ -695,7 +695,7 @@ static int ICMPV4InvalidType07(void) {
DecodeICMPV4(&tv, &dtv, p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
if(DECODER_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
if(ENGINE_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
ret = 1;
}

36
src/decode-icmpv6.c
Unescape Escape View File

@ -50,7 +50,7 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
/** Check the sizes, the header must fit at least */
if (len < IPV6_HEADER_LEN) {
SCLogDebug("ICMPV6_IPV6_TRUNC_PKT");
DECODER_SET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT);
ENGINE_SET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT);
return;
}
@ -61,7 +61,7 @@ void DecodePartialIPV6(Packet *p, uint8_t *partial_packet, uint16_t len )
{
SCLogDebug("ICMPv6 contains Unknown IPV6 version "
"ICMPV6_IPV6_UNKNOWN_VER");
DECODER_SET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER);
ENGINE_SET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER);
return;
}
@ -160,7 +160,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
if (len < ICMPV6_HEADER_LEN) {
SCLogDebug("ICMPV6_PKT_TOO_SMALL");
DECODER_SET_EVENT(p, ICMPV6_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, ICMPV6_PKT_TOO_SMALL);
return;
}
@ -179,7 +179,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
SCLogDebug("ICMP6_DST_UNREACH");
if (ICMPV6_GET_CODE(p) > ICMP6_DST_UNREACH_REJECTROUTE) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
DecodePartialIPV6(p, (uint8_t*) (pkt + ICMPV6_HEADER_LEN),
len - ICMPV6_HEADER_LEN );
@ -190,7 +190,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
SCLogDebug("ICMP6_PACKET_TOO_BIG");
if (ICMPV6_GET_CODE(p) != 0) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
p->icmpv6vars.mtu = ICMPV6_GET_MTU(p);
DecodePartialIPV6(p, (uint8_t*) (pkt + ICMPV6_HEADER_LEN),
@ -202,7 +202,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
SCLogDebug("ICMP6_TIME_EXCEEDED");
if (ICMPV6_GET_CODE(p) > ICMP6_TIME_EXCEED_REASSEMBLY) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
DecodePartialIPV6(p, (uint8_t*) (pkt + ICMPV6_HEADER_LEN),
len - ICMPV6_HEADER_LEN );
@ -213,7 +213,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
SCLogDebug("ICMP6_PARAM_PROB");
if (ICMPV6_GET_CODE(p) > ICMP6_PARAMPROB_OPTION) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
p->icmpv6vars.error_ptr= ICMPV6_GET_ERROR_PTR(p);
DecodePartialIPV6(p, (uint8_t*) (pkt + ICMPV6_HEADER_LEN),
@ -226,7 +226,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
p->icmpv6h->icmpv6b.icmpv6i.id, p->icmpv6h->icmpv6b.icmpv6i.seq);
if (ICMPV6_GET_CODE(p) != 0) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
p->icmpv6vars.id = p->icmpv6h->icmpv6b.icmpv6i.id;
p->icmpv6vars.seq = p->icmpv6h->icmpv6b.icmpv6i.seq;
@ -238,7 +238,7 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
p->icmpv6h->icmpv6b.icmpv6i.id, p->icmpv6h->icmpv6b.icmpv6i.seq);
if (p->icmpv6h->code != 0) {
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_CODE);
} else {
p->icmpv6vars.id = p->icmpv6h->icmpv6b.icmpv6i.id;
p->icmpv6vars.seq = p->icmpv6h->icmpv6b.icmpv6i.seq;
@ -248,14 +248,14 @@ void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
default:
SCLogDebug("ICMPV6 Message type %" PRIu8 " not "
"implemented yet", ICMPV6_GET_TYPE(p));
DECODER_SET_EVENT(p, ICMPV6_UNKNOWN_TYPE);
ENGINE_SET_EVENT(p, ICMPV6_UNKNOWN_TYPE);
}
if (DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE))
if (ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE))
SCLogDebug("Unknown Code, ICMPV6_UNKNOWN_CODE");
if (DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_TYPE))
if (ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_TYPE))
SCLogDebug("Unknown Type, ICMPV6_UNKNOWN_TYPE");
/* Flow is an integral part of us */
@ -774,7 +774,7 @@ static int ICMPV6ParamProbTest02(void)
goto end;
}
if (!DECODER_ISSET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_IPV6_UNKNOWN_VER)) {
SCLogDebug("ICMPv6 Error: Unknown embedded ipv6 version event not set");
retval = 0;
goto end;
@ -829,7 +829,7 @@ static int ICMPV6PktTooBigTest02(void)
goto end;
}
if (!DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
SCLogDebug("ICMPv6 Error: Unknown code event not set");
retval = 0;
goto end;
@ -875,7 +875,7 @@ static int ICMPV6TimeExceedTest02(void)
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_PKT_TOO_SMALL)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_PKT_TOO_SMALL)) {
SCLogDebug("ICMPv6 Error: event packet too small not set");
retval = 0;
goto end;
@ -924,7 +924,7 @@ static int ICMPV6DestUnreachTest02(void)
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_IPV6_TRUNC_PKT)) {
SCLogDebug("ICMPv6 Error: embedded ipv6 truncated packet event not set");
retval = 0;
goto end;
@ -969,7 +969,7 @@ static int ICMPV6EchoReqTest02(void)
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
SCLogDebug("ICMPv6 Error: Unknown code event not set");
retval = 0;
goto end;
@ -1014,7 +1014,7 @@ static int ICMPV6EchoRepTest02(void)
DecodeIPV6(&tv, &dtv, p, raw_ipv6, sizeof(raw_ipv6), NULL);
FlowShutdown();
if (!DECODER_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
if (!ENGINE_ISSET_EVENT(p, ICMPV6_UNKNOWN_CODE)) {
SCLogDebug("ICMPv6 Error: Unknown code event not set");
retval = 0;
goto end;

80
src/decode-ipv4.c
Unescape Escape View File

@ -51,33 +51,33 @@ static int IPV4OptValidateGeneric(Packet *p, const IPV4Opt *o) {
/* See: RFC 4782 */
case IPV4_OPT_QS:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < IPV4_OPT_QS_MIN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
break;
/* See: RFC 1108 */
case IPV4_OPT_SEC:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SEC_LEN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
break;
case IPV4_OPT_SID:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_SID_LEN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
break;
/* See: RFC 2113 */
case IPV4_OPT_RTRALT:
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len != IPV4_OPT_RTRALT_LEN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
break;
default:
/* Should never get here unless there is a coding error */
DECODER_SET_EVENT(p,IPV4_OPT_UNKNOWN);
ENGINE_SET_EVENT(p,IPV4_OPT_UNKNOWN);
return -1;
}
@ -95,13 +95,13 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
/* Check length */
if (o->len < IPV4_OPT_ROUTE_MIN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
/* Data is required */
if (o->data == NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
ptr = *o->data;
@ -111,7 +111,7 @@ static int IPV4OptValidateRoute(Packet *p, const IPV4Opt *o) {
* past option length.
*/
if ((ptr < 4) || (ptr % 4) || (ptr > o->len + 1)) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -132,20 +132,20 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
/* Check length */
if (o->len < IPV4_OPT_TS_MIN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
/* Data is required */
if (o->data == NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
ptr = *o->data;
/* We need the flag to determine what is in the option payload */
if (ptr < 5) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
flag = *(o->data + 3) & 0x00ff;
@ -158,7 +158,7 @@ static int IPV4OptValidateTimestamp(Packet *p, const IPV4Opt *o) {
* and cannot extend past option length.
*/
if (((ptr - 5) % rec_size) || (ptr > o->len + 1)) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -179,13 +179,13 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Check length */
if (o->len < IPV4_OPT_CIPSO_MIN) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
/* Data is required */
if (o->data == NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
doi = *o->data;
@ -197,7 +197,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/** \todo Aparently a DOI of zero is fine in practice - verify. */
if (doi == 0) {
#if 0
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
#endif
}
@ -214,7 +214,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag header must fit within option length */
if (len < 2) {
//printf("CIPSO tag header too large %" PRIu16 " < 2\n", len);
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -225,7 +225,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag length must fit within the option length */
if (tlen > len) {
//printf("CIPSO tag len too large %" PRIu8 " > %" PRIu16 "\n", tlen, len);
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -233,7 +233,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
case 0:
/* Tag type 0 is reserved and thus invalid */
/** \todo Wireshark marks this a padding, but spec says reserved. */
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
case 1:
case 2:
@ -243,7 +243,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
/* Tag is at least 4 and at most the remainder of option len */
if ((tlen < 4) || (tlen > len)) {
//printf("CIPSO tag %" PRIu8 " bad tlen=%" PRIu8 " len=%" PRIu8 "\n", ttype, tlen, len);
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -252,7 +252,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
*/
if ((ttype != 7) && (*tag != 0)) {
//printf("CIPSO tag %" PRIu8 " ao=%" PRIu8 "\n", ttype, tlen);
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
return -1;
}
@ -263,7 +263,7 @@ static int IPV4OptValidateCIPSO(Packet *p, const IPV4Opt *o) {
continue;
default:
//printf("CIPSO tag %" PRIu8 " unknown tag\n", ttype);
DECODER_SET_EVENT(p,IPV4_OPT_MALFORMED);
ENGINE_SET_EVENT(p,IPV4_OPT_MALFORMED);
/** \todo May not want to return error here on unknown tag type (at least not for 3|4) */
return -1;
}
@ -296,7 +296,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
/* Options length must be padded to 8byte boundary */
if (plen % 8) {
DECODER_SET_EVENT(p,IPV4_OPT_PAD_REQUIRED);
ENGINE_SET_EVENT(p,IPV4_OPT_PAD_REQUIRED);
/* Warn - we can keep going */
}
@ -319,13 +319,13 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
if (plen < 2) {
/** \todo What if padding is non-zero (possible covert channel or data leakage)? */
/** \todo Spec seems to indicate EOL required if there is padding */
DECODER_SET_EVENT(p,IPV4_OPT_EOL_REQUIRED);
ENGINE_SET_EVENT(p,IPV4_OPT_EOL_REQUIRED);
break;
}
/* Option length is too big for packet */
if (*(pkt+1) > plen) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
@ -345,7 +345,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
* Also check for invalid lengths 0 and 1. */
if (p->IPV4_OPTS[p->IPV4_OPTS_CNT].len > plen ||
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len < 2) {
DECODER_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID_LEN);
return -1;
}
@ -356,7 +356,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
switch (p->IPV4_OPTS[p->IPV4_OPTS_CNT].type) {
case IPV4_OPT_TS:
if (p->ip4vars.o_ts != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateTimestamp(p,&p->IPV4_OPTS[p->IPV4_OPTS_CNT])) {
@ -366,7 +366,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_RR:
if (p->ip4vars.o_rr != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateRoute(p,&p->IPV4_OPTS[p->IPV4_OPTS_CNT]) != 0) {
@ -376,7 +376,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_QS:
if (p->ip4vars.o_qs != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateGeneric(p, &p->IPV4_OPTS[p->IPV4_OPTS_CNT])) {
@ -386,7 +386,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_SEC:
if (p->ip4vars.o_sec != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateGeneric(p, &p->IPV4_OPTS[p->IPV4_OPTS_CNT])) {
@ -396,7 +396,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_LSRR:
if (p->ip4vars.o_lsrr != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateRoute(p,&p->IPV4_OPTS[p->IPV4_OPTS_CNT]) != 0) {
@ -406,7 +406,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_CIPSO:
if (p->ip4vars.o_cipso != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateCIPSO(p,&p->IPV4_OPTS[p->IPV4_OPTS_CNT]) != 0) {
@ -416,7 +416,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_SID:
if (p->ip4vars.o_sid != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateGeneric(p, &p->IPV4_OPTS[p->IPV4_OPTS_CNT])) {
@ -426,7 +426,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_SSRR:
if (p->ip4vars.o_ssrr != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateRoute(p,&p->IPV4_OPTS[p->IPV4_OPTS_CNT]) != 0) {
@ -436,7 +436,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
break;
case IPV4_OPT_RTRALT:
if (p->ip4vars.o_rtralt != NULL) {
DECODER_SET_EVENT(p,IPV4_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,IPV4_OPT_DUPLICATE);
/* Warn - we can keep going */
break;
} else if (IPV4OptValidateGeneric(p, &p->IPV4_OPTS[p->IPV4_OPTS_CNT])) {
@ -448,7 +448,7 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
SCLogDebug("IPV4OPT <unknown> (%" PRIu8 ") len %" PRIu8 "",
p->IPV4_OPTS[p->IPV4_OPTS_CNT].type,
p->IPV4_OPTS[p->IPV4_OPTS_CNT].len);
DECODER_SET_EVENT(p,IPV4_OPT_INVALID);
ENGINE_SET_EVENT(p,IPV4_OPT_INVALID);
/* Warn - we can keep going */
break;
}
@ -465,30 +465,30 @@ static int DecodeIPV4Options(Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeIPV4Packet(Packet *p, uint8_t *pkt, uint16_t len)
{
if (unlikely(len < IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
return -1;
}
if (unlikely(IP_GET_RAW_VER(pkt) != 4)) {
SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt));
DECODER_SET_EVENT(p,IPV4_WRONG_IP_VER);
ENGINE_SET_EVENT(p,IPV4_WRONG_IP_VER);
return -1;
}
p->ip4h = (IPV4Hdr *)pkt;
if (unlikely(IPV4_GET_HLEN(p) < IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,IPV4_HLEN_TOO_SMALL);
ENGINE_SET_EVENT(p,IPV4_HLEN_TOO_SMALL);
return -1;
}
if (unlikely(IPV4_GET_IPLEN(p) < IPV4_GET_HLEN(p))) {
DECODER_SET_EVENT(p,IPV4_IPLEN_SMALLER_THAN_HLEN);
ENGINE_SET_EVENT(p,IPV4_IPLEN_SMALLER_THAN_HLEN);
return -1;
}
if (unlikely(len < IPV4_GET_IPLEN(p))) {
DECODER_SET_EVENT(p,IPV4_TRUNC_PKT);
ENGINE_SET_EVENT(p,IPV4_TRUNC_PKT);
return -1;
}

28
src/decode-ipv6.c
Unescape Escape View File

@ -86,7 +86,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
SCLogDebug("hdrextlen %"PRIu8, hdrextlen);
if (hdrextlen > plen) {
DECODER_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
ENGINE_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
SCReturn;
}
@ -100,7 +100,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
}
if (IPV6_EXTHDR_ISSET_RH(p)) {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_RH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_RH);
/* skip past this extension so we can continue parsing the rest
* of the packet */
nh = *pkt;
@ -143,7 +143,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
hdrextlen = (*(pkt+1) + 1) << 3;
if (hdrextlen > plen) {
DECODER_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
ENGINE_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
SCReturn;
}
@ -162,7 +162,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
* in Packet. */
if (nh == IPPROTO_HOPOPTS) {
if (IPV6_EXTHDR_ISSET_HH(p)) {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_HH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_HH);
/* skip past this extension so we can continue parsing the rest
* of the packet */
nh = *pkt;
@ -195,7 +195,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
optslen = ((IPV6_EXTHDR_DH2(p)->ip6dh_len+1)<<3)-2;
dstopts = 2;
} else {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_DH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_DH);
/* skip past this extension so we can continue parsing the rest
* of the packet */
nh = *pkt;
@ -208,7 +208,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
if (optslen > plen) {
/* since the packet is long enough (we checked
* plen against hdrlen, the optlen must be malformed. */
DECODER_SET_EVENT(p, IPV6_EXTHDR_INVALID_OPTLEN);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_INVALID_OPTLEN);
/* skip past this extension so we can continue parsing the rest
* of the packet */
nh = *pkt;
@ -276,7 +276,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
hdrextlen = sizeof(IPV6FragHdr);
if (hdrextlen > plen) {
DECODER_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
ENGINE_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
SCReturn;
}
@ -290,7 +290,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
}
if (IPV6_EXTHDR_ISSET_FH(p)) {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_FH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_FH);
nh = *pkt;
pkt += hdrextlen;
plen -= hdrextlen;
@ -309,7 +309,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
{
hdrextlen = sizeof(IPV6EspHdr);
if (hdrextlen > plen) {
DECODER_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
ENGINE_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
SCReturn;
}
@ -323,7 +323,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
}
if (IPV6_EXTHDR_ISSET_EH(p)) {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_EH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_EH);
SCReturn;
}
@ -344,7 +344,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
SCLogDebug("hdrextlen %"PRIu8, hdrextlen);
if (hdrextlen > plen) {
DECODER_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
ENGINE_SET_EVENT(p, IPV6_TRUNC_EXTHDR);
SCReturn;
}
@ -358,7 +358,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
}
if (IPV6_EXTHDR_ISSET_AH(p)) {
DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_AH);
ENGINE_SET_EVENT(p, IPV6_EXTHDR_DUPL_AH);
nh = *pkt;
pkt += hdrextlen;
plen -= hdrextlen;
@ -393,7 +393,7 @@ static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
if (IP_GET_RAW_VER(pkt) != 6) {
SCLogDebug("wrong ip version %" PRIu8 "",IP_GET_RAW_VER(pkt));
DECODER_SET_EVENT(p,IPV6_WRONG_IP_VER);
ENGINE_SET_EVENT(p,IPV6_WRONG_IP_VER);
return -1;
}
@ -401,7 +401,7 @@ static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, u
if (len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p)))
{
DECODER_SET_EVENT(p,IPV6_TRUNC_PKT);
ENGINE_SET_EVENT(p,IPV6_TRUNC_PKT);
return -1;
}

26
src/decode-ppp.c
Unescape Escape View File

@ -38,7 +38,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCPerfCounterIncr(dtv->counter_ppp, tv->sc_perf_pca);
if(len < PPP_HEADER_LEN) {
DECODER_SET_EVENT(p,PPP_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL);
return;
}
@ -79,13 +79,13 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
case PPP_PAP:
case PPP_LQM:
case PPP_CHAP:
DECODER_SET_EVENT(p,PPP_UNSUP_PROTO);
ENGINE_SET_EVENT(p,PPP_UNSUP_PROTO);
break;
case PPP_VJ_UCOMP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
return;
}
@ -96,7 +96,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
case PPP_IP:
if(len < (PPP_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
return;
}
@ -106,7 +106,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
/* PPP IPv6 was not tested */
case PPP_IPV6:
if(len < (PPP_HEADER_LEN + IPV6_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
return;
}
@ -115,7 +115,7 @@ void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
default:
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
ENGINE_SET_EVENT(p,PPP_WRONG_TYPE);
return;
}
@ -146,7 +146,7 @@ static int DecodePPPtest01 (void) {
/* Function my returns here with expected value */
if(DECODER_ISSET_EVENT(p,PPPIPV4_PKT_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,PPPIPV4_PKT_TOO_SMALL)) {
SCFree(p);
return 1;
}
@ -180,7 +180,7 @@ static int DecodePPPtest02 (void) {
/* Function must returns here */
if(DECODER_ISSET_EVENT(p,PPP_WRONG_TYPE)) {
if(ENGINE_ISSET_EVENT(p,PPP_WRONG_TYPE)) {
SCFree(p);
return 1;
}
@ -223,22 +223,22 @@ static int DecodePPPtest03 (void) {
return 0;
}
if(DECODER_ISSET_EVENT(p,PPP_PKT_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,PPP_PKT_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(DECODER_ISSET_EVENT(p,PPPIPV4_PKT_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,PPPIPV4_PKT_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(DECODER_ISSET_EVENT(p,PPP_WRONG_TYPE)) {
if(ENGINE_ISSET_EVENT(p,PPP_WRONG_TYPE)) {
SCFree(p);
return 0;
}
if (!(DECODER_ISSET_EVENT(p,IPV4_TRUNC_PKT))) {
if (!(ENGINE_ISSET_EVENT(p,IPV4_TRUNC_PKT))) {
SCFree(p);
return 0;
}
@ -282,7 +282,7 @@ static int DecodePPPtest04 (void) {
return 0;
}
if (!(DECODER_ISSET_EVENT(p,IPV4_TRUNC_PKT))) {
if (!(ENGINE_ISSET_EVENT(p,IPV4_TRUNC_PKT))) {
SCFree(p);
return 0;
}

28
src/decode-pppoe.c
Unescape Escape View File

@ -45,7 +45,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca);
if (len < PPPOE_DISCOVERY_HEADER_MIN_LEN) {
DECODER_SET_EVENT(p, PPPOE_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, PPPOE_PKT_TOO_SMALL);
return;
}
p->pppoedh = NULL;
@ -69,7 +69,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
break;
default:
SCLogDebug("unknown PPPOE code: 0x%0"PRIX8"", p->pppoedh->pppoe_code);
DECODER_SET_EVENT(p,PPPOE_WRONG_CODE);
ENGINE_SET_EVENT(p,PPPOE_WRONG_CODE);
return;
}
@ -86,7 +86,7 @@ void DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint
if (pppoe_length > packet_length) {
SCLogDebug("malformed PPPOE tags");
DECODER_SET_EVENT(p,PPPOE_MALFORMED_TAGS);
ENGINE_SET_EVENT(p,PPPOE_MALFORMED_TAGS);
return;
}
@ -123,7 +123,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
SCPerfCounterIncr(dtv->counter_pppoe, tv->sc_perf_pca);
if (len < PPPOE_SESSION_HEADER_LEN) {
DECODER_SET_EVENT(p, PPPOE_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, PPPOE_PKT_TOO_SMALL);
return;
}
@ -169,13 +169,13 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
case PPP_PAP:
case PPP_LQM:
case PPP_CHAP:
DECODER_SET_EVENT(p,PPP_UNSUP_PROTO);
ENGINE_SET_EVENT(p,PPP_UNSUP_PROTO);
break;
case PPP_VJ_UCOMP:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPVJU_PKT_TOO_SMALL);
return;
}
@ -186,7 +186,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
case PPP_IP:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV4_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPIPV4_PKT_TOO_SMALL);
return;
}
@ -196,7 +196,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
/* PPP IPv6 was not tested */
case PPP_IPV6:
if(len < (PPPOE_SESSION_HEADER_LEN + IPV6_HEADER_LEN)) {
DECODER_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPPIPV6_PKT_TOO_SMALL);
return;
}
@ -205,7 +205,7 @@ void DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_
default:
SCLogDebug("unknown PPP protocol: %" PRIx32 "",ntohs(p->ppph->protocol));
DECODER_SET_EVENT(p,PPP_WRONG_TYPE);
ENGINE_SET_EVENT(p,PPP_WRONG_TYPE);
return;
}
}
@ -232,7 +232,7 @@ static int DecodePPPOEtest01 (void) {
DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if (DECODER_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
if (ENGINE_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
SCFree(p);
return 1;
}
@ -274,13 +274,13 @@ static int DecodePPPOEtest02 (void) {
DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,PPPOE_PKT_TOO_SMALL)) {
goto end;
}
// and we insist that the invalid ICMP encapsulated (type 0xab, code 0xcd) is flagged
if(! DECODER_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
if(! ENGINE_ISSET_EVENT(p,ICMPV4_UNKNOWN_TYPE)) {
goto end;
}
@ -353,7 +353,7 @@ static int DecodePPPOEtest04 (void) {
DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(p,PPPOE_WRONG_CODE)) {
if(ENGINE_ISSET_EVENT(p,PPPOE_WRONG_CODE)) {
SCFree(p);
return 1;
}
@ -389,7 +389,7 @@ static int DecodePPPOEtest05 (void) {
DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(p,PPPOE_MALFORMED_TAGS)) {
if(ENGINE_ISSET_EVENT(p,PPPOE_MALFORMED_TAGS)) {
SCFree(p);
return 1;
}

6
src/decode-raw.c
Unescape Escape View File

@ -37,7 +37,7 @@ void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
/* If it is ipv4 or ipv6 it should at least be the size of ipv4 */
if (len < IPV4_HEADER_LEN) {
DECODER_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
return;
}
@ -49,7 +49,7 @@ void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else {
SCLogDebug("Unknown ip version %" PRIu8 "", IP_GET_RAW_VER(pkt));
DECODER_SET_EVENT(p,IPRAW_INVALID_IPV);
ENGINE_SET_EVENT(p,IPRAW_INVALID_IPV);
}
return;
}
@ -187,7 +187,7 @@ static int DecodeRawTest03 (void) {
FlowInitConfig(FLOW_QUIET);
DecodeRaw(&tv, &dtv, p, raw_ip, GET_PKT_LEN(p), NULL);
if (DECODER_ISSET_EVENT(p,IPRAW_INVALID_IPV)) {
if (ENGINE_ISSET_EVENT(p,IPRAW_INVALID_IPV)) {
FlowShutdown();
SCFree(p);
return 0;

2
src/decode-sctp.c
Unescape Escape View File

@ -35,7 +35,7 @@
static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
if (unlikely(len < SCTP_HEADER_LEN)) {
DECODER_SET_EVENT(p, SCTP_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, SCTP_PKT_TOO_SMALL);
return -1;
}

2
src/decode-sll.c
Unescape Escape View File

@ -34,7 +34,7 @@ void DecodeSll(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
SCPerfCounterIncr(dtv->counter_sll, tv->sc_perf_pca);
if (len < SLL_HEADER_LEN) {
DECODER_SET_EVENT(p,SLL_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,SLL_PKT_TOO_SMALL);
return;
}

28
src/decode-tcp.c
Unescape Escape View File

@ -54,7 +54,7 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
* so here the len of the specific option must be bad.
* Also check for invalid lengths 0 and 1. */
if (*(pkt+1) > plen || *(pkt+1) < 2) {
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
return -1;
}
@ -71,10 +71,10 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
switch (p->TCP_OPTS[p->TCP_OPTS_CNT].type) {
case TCP_OPT_WS:
if (p->TCP_OPTS[p->TCP_OPTS_CNT].len != TCP_OPT_WS_LEN) {
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.ws != NULL) {
DECODER_SET_EVENT(p,TCP_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
} else {
p->tcpvars.ws = &p->TCP_OPTS[p->TCP_OPTS_CNT];
}
@ -82,10 +82,10 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
break;
case TCP_OPT_MSS:
if (p->TCP_OPTS[p->TCP_OPTS_CNT].len != TCP_OPT_MSS_LEN) {
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.mss != NULL) {
DECODER_SET_EVENT(p,TCP_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
} else {
p->tcpvars.mss = &p->TCP_OPTS[p->TCP_OPTS_CNT];
}
@ -93,10 +93,10 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
break;
case TCP_OPT_SACKOK:
if (p->TCP_OPTS[p->TCP_OPTS_CNT].len != TCP_OPT_SACKOK_LEN) {
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.sackok != NULL) {
DECODER_SET_EVENT(p,TCP_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
} else {
p->tcpvars.sackok = &p->TCP_OPTS[p->TCP_OPTS_CNT];
}
@ -104,10 +104,10 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
break;
case TCP_OPT_TS:
if (p->TCP_OPTS[p->TCP_OPTS_CNT].len != TCP_OPT_TS_LEN) {
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.ts != NULL) {
DECODER_SET_EVENT(p,TCP_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
} else {
p->tcpvars.ts = &p->TCP_OPTS[p->TCP_OPTS_CNT];
}
@ -119,10 +119,10 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
p->TCP_OPTS[p->TCP_OPTS_CNT].len > TCP_OPT_SACK_MAX_LEN ||
!((p->TCP_OPTS[p->TCP_OPTS_CNT].len - 2) % 8 == 0))
{
DECODER_SET_EVENT(p,TCP_OPT_INVALID_LEN);
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.sack != NULL) {
DECODER_SET_EVENT(p,TCP_OPT_DUPLICATE);
ENGINE_SET_EVENT(p,TCP_OPT_DUPLICATE);
} else {
p->tcpvars.sack = &p->TCP_OPTS[p->TCP_OPTS_CNT];
}
@ -141,7 +141,7 @@ static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
if (unlikely(len < TCP_HEADER_LEN)) {
DECODER_SET_EVENT(p, TCP_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, TCP_PKT_TOO_SMALL);
return -1;
}
@ -149,13 +149,13 @@ static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len
uint8_t hlen = TCP_GET_HLEN(p);
if (unlikely(len < hlen)) {
DECODER_SET_EVENT(p, TCP_HLEN_TOO_SMALL);
ENGINE_SET_EVENT(p, TCP_HLEN_TOO_SMALL);
return -1;
}
uint8_t tcp_opt_len = hlen - TCP_HEADER_LEN;
if (unlikely(tcp_opt_len > TCP_OPTLENMAX)) {
DECODER_SET_EVENT(p, TCP_INVALID_OPTLEN);
ENGINE_SET_EVENT(p, TCP_INVALID_OPTLEN);
return -1;
}

6
src/decode-udp.c
Unescape Escape View File

@ -35,19 +35,19 @@
static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
{
if (len < UDP_HEADER_LEN) {
DECODER_SET_EVENT(p, UDP_HLEN_TOO_SMALL);
ENGINE_SET_EVENT(p, UDP_HLEN_TOO_SMALL);
return -1;
}
p->udph = (UDPHdr *)pkt;
if (len < UDP_GET_LEN(p)) {
DECODER_SET_EVENT(p, UDP_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p, UDP_PKT_TOO_SMALL);
return -1;
}
if (len != UDP_GET_LEN(p)) {
DECODER_SET_EVENT(p, UDP_HLEN_INVALID);
ENGINE_SET_EVENT(p, UDP_HLEN_INVALID);
return -1;
}

12
src/decode-vlan.c
Unescape Escape View File

@ -50,7 +50,7 @@ void DecodeVLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
SCPerfCounterIncr(dtv->counter_vlan, tv->sc_perf_pca);
if(len < VLAN_HEADER_LEN) {
DECODER_SET_EVENT(p,VLAN_HEADER_TOO_SMALL);
ENGINE_SET_EVENT(p,VLAN_HEADER_TOO_SMALL);
return;
}
@ -84,7 +84,7 @@ void DecodeVLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
break;
default:
SCLogDebug("unknown VLAN type: %" PRIx32 "",GET_VLAN_PROTO(p->vlanh));
DECODER_SET_EVENT(p,VLAN_UNKNOWN_TYPE);
ENGINE_SET_EVENT(p,VLAN_UNKNOWN_TYPE);
return;
}
@ -117,7 +117,7 @@ static int DecodeVLANtest01 (void) {
DecodeVLAN(&tv, &dtv, p, raw_vlan, sizeof(raw_vlan), NULL);
if(DECODER_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
SCFree(p);
return 1;
}
@ -155,7 +155,7 @@ static int DecodeVLANtest02 (void) {
DecodeVLAN(&tv, &dtv, p, raw_vlan, sizeof(raw_vlan), NULL);
if(DECODER_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
if(ENGINE_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
SCFree(p);
return 1;
}
@ -201,12 +201,12 @@ static int DecodeVLANtest03 (void) {
return 0;
}
if(DECODER_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
if(ENGINE_ISSET_EVENT(p,VLAN_HEADER_TOO_SMALL)) {
SCFree(p);
return 0;
}
if(DECODER_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
if(ENGINE_ISSET_EVENT(p,VLAN_UNKNOWN_TYPE)) {
SCFree(p);
return 0;
}

18
src/decode.h
Unescape Escape View File

@ -249,13 +249,13 @@ typedef struct PacketAlerts_ {
/** number of decoder events we support per packet. Power of 2 minus 1
* for memory layout */
#define PACKET_DECODER_EVENT_MAX 15
#define PACKET_ENGINE_EVENT_MAX 15
/** data structure to store decoder, defrag and stream events */
typedef struct PacketDecoderEvents_ {
typedef struct PacketEngineEvents_ {
uint8_t cnt; /**< number of events */
uint8_t events[PACKET_DECODER_EVENT_MAX]; /**< array of events */
} PacketDecoderEvents;
uint8_t events[PACKET_ENGINE_EVENT_MAX]; /**< array of events */
} PacketEngineEvents;
typedef struct PktVar_ {
char *name;
@ -406,8 +406,8 @@ typedef struct Packet_
SC_ATOMIC_DECLARE(unsigned short, tunnel_rtv_cnt);
SC_ATOMIC_DECLARE(unsigned short, tunnel_tpr_cnt);
/* decoder events */
PacketDecoderEvents events;
/* engine events */
PacketEngineEvents events;
/* double linked list ptrs */
struct Packet_ *next;
@ -784,14 +784,14 @@ void AddressDebugPrint(Address *);
} while (0)
#define DECODER_SET_EVENT(p, e) do { \
if ((p)->events.cnt < PACKET_DECODER_EVENT_MAX) { \
#define ENGINE_SET_EVENT(p, e) do { \
if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
(p)->events.events[(p)->events.cnt] = e; \
(p)->events.cnt++; \
} \
} while(0)
#define DECODER_ISSET_EVENT(p, e) ({ \
#define ENGINE_ISSET_EVENT(p, e) ({ \
int r = 0; \
uint8_t u; \
for (u = 0; u < (p)->events.cnt; u++) { \

18
src/defrag.c
Unescape Escape View File

@ -790,7 +790,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
/* Ignore fragment if the end of packet extends past the
* maximum size of a packet. */
if (IPV4_HEADER_LEN + frag_offset + data_len > IPV4_MAXPACKET_LEN) {
DECODER_SET_EVENT(p, IPV4_FRAG_PKT_TOO_LARGE);
ENGINE_SET_EVENT(p, IPV4_FRAG_PKT_TOO_LARGE);
return NULL;
}
}
@ -808,7 +808,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
/* Ignore fragment if the end of packet extends past the
* maximum size of a packet. */
if (frag_offset + data_len > IPV6_MAXPACKET) {
DECODER_SET_EVENT(p, IPV6_FRAG_PKT_TOO_LARGE);
ENGINE_SET_EVENT(p, IPV6_FRAG_PKT_TOO_LARGE);
return NULL;
}
}
@ -993,10 +993,10 @@ insert:
done:
if (overlap) {
if (af == AF_INET) {
DECODER_SET_EVENT(p, IPV4_FRAG_OVERLAP);
ENGINE_SET_EVENT(p, IPV4_FRAG_OVERLAP);
}
else {
DECODER_SET_EVENT(p, IPV6_FRAG_OVERLAP);
ENGINE_SET_EVENT(p, IPV6_FRAG_OVERLAP);
}
}
SCMutexUnlock(&tracker->lock);
@ -1798,7 +1798,7 @@ DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
SCFree(tp);
goto end;
}
if (DECODER_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) {
if (ENGINE_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) {
goto end;
}
}
@ -1809,7 +1809,7 @@ DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
SCFree(tp);
goto end;
}
if (DECODER_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) {
if (ENGINE_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) {
overlap++;
}
}
@ -1937,7 +1937,7 @@ IPV6DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
SCFree(tp);
goto end;
}
if (DECODER_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) {
if (ENGINE_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) {
goto end;
}
}
@ -1948,7 +1948,7 @@ IPV6DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
SCFree(tp);
goto end;
}
if (DECODER_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) {
if (ENGINE_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) {
overlap++;
}
}
@ -2541,7 +2541,7 @@ DefragIPv4TooLargeTest(void)
/* We do not expect a packet returned. */
if (Defrag(NULL, NULL, dc, p) != NULL)
goto end;
if (!DECODER_ISSET_EVENT(p, IPV4_FRAG_PKT_TOO_LARGE))
if (!ENGINE_ISSET_EVENT(p, IPV4_FRAG_PKT_TOO_LARGE))
goto end;
/* The fragment should have been ignored so no fragments should have

4
src/detect-engine-event.c
Unescape Escape View File

@ -115,7 +115,7 @@ int DetectEngineEventMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packe
DetectEngineEventData *de = (DetectEngineEventData *)m->ctx;
if (DECODER_ISSET_EVENT(p, de->event)) {
if (ENGINE_ISSET_EVENT(p, de->event)) {
SCReturnInt(1);
}
@ -343,7 +343,7 @@ int EngineEventTestParse06 (void) {
memset(p, 0, SIZE_OF_PACKET);
p->pkt = (uint8_t *)(p + 1);
DECODER_SET_EVENT(p,PPP_PKT_TOO_SMALL);
ENGINE_SET_EVENT(p,PPP_PKT_TOO_SMALL);
de = DetectEngineEventParse("ppp.pkt_too_small");
if (de == NULL)

2
src/stream-tcp.c
Unescape Escape View File

@ -599,7 +599,7 @@ void StreamTcpSetOSPolicy(TcpStream *stream, Packet *p)
}
void StreamTcpSetEvent(Packet *p, uint8_t e) {
DECODER_SET_EVENT(p, e);
ENGINE_SET_EVENT(p, e);
}
/**

Write Preview
Loading…
Cancel
Save