From a39529db5dbb12cf0632fdbe68991858f60c42a9 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 30 Mar 2012 13:07:00 +0200
Subject: [PATCH] ipv6: fix routing header parsing leading to rejection of
 valid packets.

---
 src/decode-ipv6.c | 61 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 59 insertions(+), 2 deletions(-)

diff --git a/src/decode-ipv6.c b/src/decode-ipv6.c
index a3c04d0f9d..3adf86006a 100644
--- a/src/decode-ipv6.c
+++ b/src/decode-ipv6.c
@@ -89,8 +89,7 @@ DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt
                 SCReturn;
 
             case IPPROTO_ROUTING:
-                hdrextlen = sizeof(IPV6RouteHdr);
-                hdrextlen += (*(pkt+1) * 8);  /* 8 octet units */
+                hdrextlen = 8 + (*(pkt+1) * 8);  /* 8 bytes + length in 8 octet units */
 
                 SCLogDebug("hdrextlen %"PRIu8, hdrextlen);
 
@@ -690,6 +689,63 @@ end:
     return result;
 }
 
+/**
+ * \test routing header decode
+ */
+static int DecodeIPV6RouteTest01 (void)   {
+
+    uint8_t raw_pkt1[] = {
+        0x60, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x2b, 0x40,
+        0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+        0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+
+        0xb2, 0xed, 0x00, 0x50, 0x1b, 0xc7, 0x6a, 0xdf,
+        0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00,
+        0xfa, 0x87, 0x00, 0x00,
+    };
+    Packet *p1 = SCMalloc(SIZE_OF_PACKET);
+    if (p1 == NULL)
+        return 0;
+    ThreadVars tv;
+    DecodeThreadVars dtv;
+    int result = 0;
+    PacketQueue pq;
+
+    FlowInitConfig(FLOW_QUIET);
+
+    memset(&pq, 0, sizeof(PacketQueue));
+    memset(&tv, 0, sizeof(ThreadVars));
+    memset(p1, 0, SIZE_OF_PACKET);
+    p1->pkt = (uint8_t *)(p1 + 1);
+    memset(&dtv, 0, sizeof(DecodeThreadVars));
+
+    PACKET_INITIALIZE(p1);
+
+    PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));
+
+    DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);
+
+    if (!(IPV6_EXTHDR_ISSET_RH(p1))) {
+        printf("ipv6 routing header not detected: ");
+        goto end;
+    }
+
+    if (p1->ip6eh.ip6_exthdrs[0].len != 8) {
+        printf("ipv6 routing length incorrect: ");
+        goto end;
+    }
+
+    result = 1;
+end:
+    PACKET_CLEANUP(p1);
+    SCFree(p1);
+    FlowShutdown();
+    return result;
+}
+
 #endif /* UNITTESTS */
 
 /**
@@ -699,6 +755,7 @@ end:
 void DecodeIPV6RegisterTests(void) {
 #ifdef UNITTESTS
     UtRegisterTest("DecodeIPV6FragTest01", DecodeIPV6FragTest01, 1);
+    UtRegisterTest("DecodeIPV6RouteTest01", DecodeIPV6RouteTest01, 1);
 #endif /* UNITTESTS */
 }