suricata
decode-arp.c
Go to the documentation of this file.
1/* Copyright (C) 2024 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 *
20 * \author Giuseppe Longo <giuseppe@glongo.it>
21 *
22 */
23
24#include "suricata-common.h"
25#include "decode.h"
26#include "decode-arp.h"
27#include "decode-events.h"
28
29int DecodeARP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
30{
31 StatsIncr(tv, dtv->counter_arp);
32
33 if (unlikely(len < ARP_HEADER_MIN_LEN)) {
34 ENGINE_SET_INVALID_EVENT(p, ARP_PKT_TOO_SMALL);
35 return TM_ECODE_FAILED;
36 }
37
38 if (!PacketIncreaseCheckLayers(p)) {
39 return TM_ECODE_FAILED;
40 }
41
42 const ARPHdr *arph = PacketSetARP(p, pkt);
43 if (unlikely(arph == NULL))
44 return TM_ECODE_FAILED;
45
46 if (SCNtohs(arph->hw_type) != ARP_HW_TYPE_ETHERNET) {
47 ENGINE_SET_INVALID_EVENT(p, ARP_UNSUPPORTED_HARDWARE);
48 PacketClearL3(p);
49 return TM_ECODE_FAILED;
50 }
51
52 if (SCNtohs(arph->proto_type) != ETHERNET_TYPE_IP) {
53 ENGINE_SET_INVALID_EVENT(p, ARP_UNSUPPORTED_PROTOCOL);
54 PacketClearL3(p);
55 return TM_ECODE_FAILED;
56 }
57
58 if (unlikely(len < ARP_HEADER_LEN)) {
59 ENGINE_SET_INVALID_EVENT(p, ARP_INVALID_PKT);
60 PacketClearL3(p);
61 return TM_ECODE_FAILED;
62 }
63
64 if (arph->hw_size != ARP_HW_SIZE) {
65 ENGINE_SET_INVALID_EVENT(p, ARP_INVALID_HARDWARE_SIZE);
66 PacketClearL3(p);
67 return TM_ECODE_FAILED;
68 }
69
70 if (arph->proto_size != ARP_PROTO_SIZE) {
71 ENGINE_SET_INVALID_EVENT(p, ARP_INVALID_PROTOCOL_SIZE);
72 PacketClearL3(p);
73 return TM_ECODE_FAILED;
74 }
75
76 switch (SCNtohs(arph->opcode)) {
77 case 1:
78 case 2:
79 case 3:
80 case 4:
81 break;
82 default:
83 ENGINE_SET_INVALID_EVENT(p, ARP_UNSUPPORTED_OPCODE);
84 PacketClearL3(p);
85 return TM_ECODE_FAILED;
86 }
87
88 return TM_ECODE_OK;
89}
len
uint8_t len
Definition app-layer-dnp3.h:2
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition counters.c:166
DecodeARP
int DecodeARP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition decode-arp.c:29
ARP_PROTO_SIZE
#define ARP_PROTO_SIZE
Definition decode-arp.h:31
ARP_HEADER_LEN
#define ARP_HEADER_LEN
Definition decode-arp.h:27
ARP_HW_TYPE_ETHERNET
#define ARP_HW_TYPE_ETHERNET
Definition decode-arp.h:28
ARP_HEADER_MIN_LEN
#define ARP_HEADER_MIN_LEN
Definition decode-arp.h:26
ARP_HW_SIZE
#define ARP_HW_SIZE
Definition decode-arp.h:30
ETHERNET_TYPE_IP
#define ETHERNET_TYPE_IP
Definition decode-ethernet.h:34
ARP_UNSUPPORTED_PROTOCOL
@ ARP_UNSUPPORTED_PROTOCOL
Definition decode-events.h:311
ARP_INVALID_HARDWARE_SIZE
@ ARP_INVALID_HARDWARE_SIZE
Definition decode-events.h:313
ARP_UNSUPPORTED_HARDWARE
@ ARP_UNSUPPORTED_HARDWARE
Definition decode-events.h:310
ARP_UNSUPPORTED_OPCODE
@ ARP_UNSUPPORTED_OPCODE
Definition decode-events.h:315
ARP_INVALID_PKT
@ ARP_INVALID_PKT
Definition decode-events.h:312
ARP_PKT_TOO_SMALL
@ ARP_PKT_TOO_SMALL
Definition decode-events.h:309
ARP_INVALID_PROTOCOL_SIZE
@ ARP_INVALID_PROTOCOL_SIZE
Definition decode-events.h:314
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition decode.h:1194
dtv
DecodeThreadVars * dtv
Definition fuzz_decodepcapfile.c:33
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition decode.h:963
DecodeThreadVars_::counter_arp
uint16_t counter_arp
Definition decode.h:989
Packet_
Definition decode.h:501
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
SCNtohs
#define SCNtohs(x)
Definition suricata-common.h:431
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81
unlikely
#define unlikely(expr)
Definition util-optimize.h:35