suricata.8.0.0/decode-ipv4_8h_source.html

/* Copyright (C) 2007-2024 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


/**

 * \file

 *

 * \author Victor Julien <victor@inliniac.net>

 * \author Brian Rectanus <brectanu@gmail.com>

 */


#ifndef SURICATA_DECODE_IPV4_H

#define SURICATA_DECODE_IPV4_H


#define IPV4_HEADER_LEN           20    /**< Header length */

#define IPV4_OPTMAX               40    /**< Max options length */

#define IPV4_MAXPACKET_LEN        65535 /**< Maximum packet size */


/** IP Option Types */

#define IPV4_OPT_EOL              0x00  /**< Option: End of List */

#define IPV4_OPT_NOP              0x01  /**< Option: No op */

#define IPV4_OPT_RR               0x07  /**< Option: Record Route */

#define IPV4_OPT_QS               0x19  /**< Option: Quick Start */

#define IPV4_OPT_TS               0x44  /**< Option: Timestamp */

#define IPV4_OPT_SEC              0x82  /**< Option: Security */

#define IPV4_OPT_LSRR             0x83  /**< Option: Loose Source Route */

#define IPV4_OPT_ESEC             0x85  /**< Option: Extended Security */

#define IPV4_OPT_CIPSO            0x86  /**< Option: Commercial IP Security */

#define IPV4_OPT_SID              0x88  /**< Option: Stream Identifier */

#define IPV4_OPT_SSRR             0x89  /**< Option: Strict Source Route */

#define IPV4_OPT_RTRALT           0x94  /**< Option: Router Alert */


/** IP Option Lengths (fixed) */

#define IPV4_OPT_SID_LEN          4     /**< SID Option Fixed Length */

#define IPV4_OPT_RTRALT_LEN       4     /**< RTRALT Option Fixed Length */


/** IP Option Lengths (variable) */

#define IPV4_OPT_SEC_MIN          3     /**< SEC, ESEC Option Min Length */

#define IPV4_OPT_ROUTE_MIN        3     /**< RR, SRR, LTRR Option Min Length */

#define IPV4_OPT_QS_MIN           8     /**< QS Option Min Length */

#define IPV4_OPT_TS_MIN           5     /**< TS Option Min Length */

#define IPV4_OPT_CIPSO_MIN        10    /**< CIPSO Option Min Length */


/** IP Option fields */

#define IPV4_OPTS                 ip4vars.ip_opts

#define IPV4_OPTS_CNT             ip4vars.ip_opt_cnt


typedef struct IPV4Opt_ {

    /** \todo We may want to break type up into its 3 fields

     *        as the reassembler may want to know which options

     *        must be copied to each fragment.

     */

    uint8_t type;         /**< option type */

    uint8_t len;          /**< option length (type+len+data) */

    const uint8_t *data;  /**< option data */

} IPV4Opt;


typedef struct IPV4Hdr_

{

    uint8_t ip_verhl;     /**< version & header length */

    uint8_t ip_tos;       /**< type of service */

    uint16_t ip_len;      /**< length */

    uint16_t ip_id;       /**< id */

    uint16_t ip_off;      /**< frag offset */

    uint8_t ip_ttl;       /**< time to live */

    uint8_t ip_proto;     /**< protocol (tcp, udp, etc) */

    uint16_t ip_csum;     /**< checksum */

    union {

        struct {

            struct in_addr ip_src;/**< source address */

            struct in_addr ip_dst;/**< destination address */

        } ip4_un1;

        uint16_t ip_addrs[4];

    } ip4_hdrun1;

} IPV4Hdr;


#define s_ip_src                          ip4_hdrun1.ip4_un1.ip_src

#define s_ip_dst                          ip4_hdrun1.ip4_un1.ip_dst

#define s_ip_addrs                        ip4_hdrun1.ip_addrs


#define IPV4_GET_RAW_VER(ip4h)            (((ip4h)->ip_verhl & 0xf0) >> 4)

#define IPV4_GET_RAW_HLEN(ip4h)           (uint8_t)(((ip4h)->ip_verhl & (uint8_t)0x0f) << (uint8_t)2)

#define IPV4_GET_RAW_IPTOS(ip4h)          ((ip4h)->ip_tos)

#define IPV4_GET_RAW_IPLEN(ip4h)          (SCNtohs((ip4h)->ip_len))

#define IPV4_GET_RAW_IPID(ip4h)           (SCNtohs((ip4h)->ip_id))

#define IPV4_GET_RAW_IPOFFSET(ip4h)       SCNtohs((ip4h)->ip_off)

#define IPV4_GET_RAW_FRAGOFFSET(ip4h)     (IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x1fff)

#define IPV4_GET_RAW_IPTTL(ip4h)          ((ip4h)->ip_ttl)

#define IPV4_GET_RAW_IPPROTO(ip4h)        ((ip4h)->ip_proto)

#define IPV4_GET_RAW_IPSRC(ip4h)          ((ip4h)->s_ip_src)

#define IPV4_GET_RAW_IPDST(ip4h)          ((ip4h)->s_ip_dst)


/** return the raw (directly from the header) src ip as uint32_t */

#define IPV4_GET_RAW_IPSRC_U32(ip4h)      (uint32_t)((ip4h)->s_ip_src.s_addr)

/** return the raw (directly from the header) dst ip as uint32_t */

#define IPV4_GET_RAW_IPDST_U32(ip4h)      (uint32_t)((ip4h)->s_ip_dst.s_addr)


#define IPV4_GET_RAW_FLAG_MF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x2000) != 0)

#define IPV4_GET_RAW_FLAG_DF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x4000) != 0)

#define IPV4_GET_RAW_FLAG_RF(ip4h) ((IPV4_GET_RAW_IPOFFSET((ip4h)) & 0x8000) != 0)


#define IPV4_OPT_FLAG_EOL    BIT_U16(1)

#define IPV4_OPT_FLAG_NOP    BIT_U16(2)

#define IPV4_OPT_FLAG_RR     BIT_U16(3)

#define IPV4_OPT_FLAG_TS     BIT_U16(4)

#define IPV4_OPT_FLAG_QS     BIT_U16(5)

#define IPV4_OPT_FLAG_LSRR   BIT_U16(6)

#define IPV4_OPT_FLAG_SSRR   BIT_U16(7)

#define IPV4_OPT_FLAG_SID    BIT_U16(8)

#define IPV4_OPT_FLAG_SEC    BIT_U16(9)

#define IPV4_OPT_FLAG_CIPSO  BIT_U16(10)

#define IPV4_OPT_FLAG_RTRALT BIT_U16(11)

#define IPV4_OPT_FLAG_ESEC   BIT_U16(12)


/* helper structure with parsed ipv4 info */


typedef struct IPV4Vars_ {

    uint16_t opt_cnt;

    uint16_t opts_set;

} IPV4Vars;


void DecodeIPV4RegisterTests(void);


/** ----- Inline functions ----- */


/**

 * \brief Calculate or validate the checksum for the IP packet

 *

 * \param pkt  Pointer to the start of the IP packet

 * \param hlen Length of the IP header

 * \param init The current checksum if validating, 0 if generating.

 *

 * \retval csum For validation 0 will be returned for success, for calculation

 *    this will be the checksum.

 */

static inline uint16_t IPV4Checksum(const uint16_t *pkt, uint16_t hlen, uint16_t init)

{

    uint32_t csum = init;


    csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[6] + pkt[7] +

        pkt[8] + pkt[9];


    hlen -= 20;

    pkt += 10;


    if (hlen == 0) {

        ;

    } else if (hlen == 4) {

        csum += pkt[0] + pkt[1];

    } else if (hlen == 8) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3];

    } else if (hlen == 12) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5];

    } else if (hlen == 16) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7];

    } else if (hlen == 20) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9];

    } else if (hlen == 24) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11];

    } else if (hlen == 28) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13];

    } else if (hlen == 32) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +

            pkt[14] + pkt[15];

    } else if (hlen == 36) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +

            pkt[14] + pkt[15] + pkt[16] + pkt[17];

    } else if (hlen == 40) {

        csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

            pkt[7] + pkt[8] + pkt[9] + pkt[10] + pkt[11] + pkt[12] + pkt[13] +

            pkt[14] + pkt[15] + pkt[16] + pkt[17] + pkt[18] + pkt[19];

    }


    csum = (csum >> 16) + (csum & 0x0000FFFF);

    csum += (csum >> 16);


    return (uint16_t) ~csum;

}


#endif /* SURICATA_DECODE_IPV4_H */

IPV4Hdr
struct IPV4Hdr_ IPV4Hdr

DecodeIPV4RegisterTests
void DecodeIPV4RegisterTests(void)
Definition decode-ipv4.c:1566

IPV4Vars
struct IPV4Vars_ IPV4Vars

IPV4Opt
struct IPV4Opt_ IPV4Opt

IPV4Hdr_
Definition decode-ipv4.h:72

IPV4Hdr_::ip_verhl
uint8_t ip_verhl
Definition decode-ipv4.h:73

IPV4Hdr_::ip4_un1
struct IPV4Hdr_::@25::@26 ip4_un1

IPV4Hdr_::ip_id
uint16_t ip_id
Definition decode-ipv4.h:76

IPV4Hdr_::ip_src
struct in_addr ip_src
Definition decode-ipv4.h:83

IPV4Hdr_::ip_tos
uint8_t ip_tos
Definition decode-ipv4.h:74

IPV4Hdr_::ip_off
uint16_t ip_off
Definition decode-ipv4.h:77

IPV4Hdr_::ip_csum
uint16_t ip_csum
Definition decode-ipv4.h:80

IPV4Hdr_::ip_dst
struct in_addr ip_dst
Definition decode-ipv4.h:84

IPV4Hdr_::ip_proto
uint8_t ip_proto
Definition decode-ipv4.h:79

IPV4Hdr_::ip_ttl
uint8_t ip_ttl
Definition decode-ipv4.h:78

IPV4Hdr_::ip_addrs
uint16_t ip_addrs[4]
Definition decode-ipv4.h:86

IPV4Hdr_::ip4_hdrun1
union IPV4Hdr_::@25 ip4_hdrun1

IPV4Hdr_::ip_len
uint16_t ip_len
Definition decode-ipv4.h:75

IPV4Opt_
Definition decode-ipv4.h:61

IPV4Opt_::len
uint8_t len
Definition decode-ipv4.h:67

IPV4Opt_::data
const uint8_t * data
Definition decode-ipv4.h:68

IPV4Opt_::type
uint8_t type
Definition decode-ipv4.h:66

IPV4Vars_
Definition decode-ipv4.h:130

IPV4Vars_::opt_cnt
uint16_t opt_cnt
Definition decode-ipv4.h:131

IPV4Vars_::opts_set
uint16_t opts_set
Definition decode-ipv4.h:132