suricata
decode-null.c
Go to the documentation of this file.
1/* Copyright (C) 2015-2021 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \ingroup decode
20 *
21 * @{
22 */
23
24/**
25 * \file
26 *
27 * \author Victor Julien <victor@inliniac.net>
28 *
29 * Decode linktype null:
30 * http://www.tcpdump.org/linktypes.html
31 */
32
33#include "suricata-common.h"
34#include "decode.h"
35#include "decode-raw.h"
36#include "decode-events.h"
37
38#include "util-validate.h"
39#include "util-unittest.h"
40#include "util-debug.h"
41
42#define HDR_SIZE 4
43
44#define AF_INET6_BSD 24
45#define AF_INET6_FREEBSD 28
46#define AF_INET6_DARWIN 30
47#define AF_INET6_LINUX 10
48#define AF_INET6_SOLARIS 26
49#define AF_INET6_WINSOCK 23
50
51int DecodeNull(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
52 const uint8_t *pkt, uint32_t len)
53{
54 DEBUG_VALIDATE_BUG_ON(pkt == NULL);
55
56 StatsIncr(tv, dtv->counter_null);
57
58 if (unlikely(len < HDR_SIZE)) {
59 ENGINE_SET_INVALID_EVENT(p, LTNULL_PKT_TOO_SMALL);
60 return TM_ECODE_FAILED;
61 }
62
63 if (unlikely(GET_PKT_LEN(p) > HDR_SIZE + USHRT_MAX)) {
64 return TM_ECODE_FAILED;
65 }
66#if __BYTE_ORDER__ == __BIG_ENDIAN
67 uint32_t type = pkt[0] | pkt[1] << 8 | pkt[2] << 16 | pkt[3] << 24;
68#else
69 uint32_t type = *((uint32_t *)pkt);
70#endif
71 switch(type) {
72 case AF_INET:
73 SCLogDebug("IPV4 Packet");
74 if (GET_PKT_LEN(p) - HDR_SIZE > USHRT_MAX) {
75 return TM_ECODE_FAILED;
76 }
77 DecodeIPV4(
78 tv, dtv, p, GET_PKT_DATA(p) + HDR_SIZE, (uint16_t)(GET_PKT_LEN(p) - HDR_SIZE));
79 break;
80 case AF_INET6_BSD:
81 case AF_INET6_FREEBSD:
82 case AF_INET6_DARWIN:
83 case AF_INET6_LINUX:
84 case AF_INET6_SOLARIS:
85 case AF_INET6_WINSOCK:
86 SCLogDebug("IPV6 Packet");
87 if (GET_PKT_LEN(p) - HDR_SIZE > USHRT_MAX) {
88 return TM_ECODE_FAILED;
89 }
90 DecodeIPV6(
91 tv, dtv, p, GET_PKT_DATA(p) + HDR_SIZE, (uint16_t)(GET_PKT_LEN(p) - HDR_SIZE));
92 break;
93 default:
94 SCLogDebug("Unknown Null packet type version %" PRIu32 "", type);
95 ENGINE_SET_EVENT(p, LTNULL_UNSUPPORTED_TYPE);
96 break;
97 }
98 return TM_ECODE_OK;
99}
100
101/**
102 * @}
103 */
len
uint8_t len
Definition app-layer-dnp3.h:2
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition counters.c:166
LTNULL_PKT_TOO_SMALL
@ LTNULL_PKT_TOO_SMALL
Definition decode-events.h:166
LTNULL_UNSUPPORTED_TYPE
@ LTNULL_UNSUPPORTED_TYPE
Definition decode-events.h:167
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition decode-ipv4.c:520
DecodeIPV6
int DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition decode-ipv6.c:562
HDR_SIZE
#define HDR_SIZE
Definition decode-null.c:42
DecodeNull
int DecodeNull(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition decode-null.c:51
AF_INET6_LINUX
#define AF_INET6_LINUX
Definition decode-null.c:47
AF_INET6_SOLARIS
#define AF_INET6_SOLARIS
Definition decode-null.c:48
AF_INET6_WINSOCK
#define AF_INET6_WINSOCK
Definition decode-null.c:49
AF_INET6_BSD
#define AF_INET6_BSD
Definition decode-null.c:44
AF_INET6_DARWIN
#define AF_INET6_DARWIN
Definition decode-null.c:46
AF_INET6_FREEBSD
#define AF_INET6_FREEBSD
Definition decode-null.c:45
type
uint16_t type
Definition decode-vlan.c:106
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition decode.h:209
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition decode.h:1194
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition decode.h:208
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition decode.h:1186
dtv
DecodeThreadVars * dtv
Definition fuzz_decodepcapfile.c:33
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition decode.h:963
DecodeThreadVars_::counter_null
uint16_t counter_null
Definition decode.h:995
Packet_
Definition decode.h:501
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
unlikely
#define unlikely(expr)
Definition util-optimize.h:35
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition util-validate.h:102