suricata
decode-sctp.c
Go to the documentation of this file.
1/* Copyright (C) 2011-2021 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \ingroup decode
20 *
21 * @{
22 */
23
24
25/**
26 * \file
27 *
28 * \author Eric Leblond <eric@regit.org>
29 *
30 * Decode SCTP
31 */
32
33#include "suricata-common.h"
34#include "decode.h"
35#include "decode-sctp.h"
36#include "decode-events.h"
37
38#include "util-validate.h"
39#include "util-unittest.h"
40#include "util-debug.h"
41#include "util-optimize.h"
42#include "flow.h"
43
44static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, const uint8_t *pkt, uint16_t len)
45{
46 DEBUG_VALIDATE_BUG_ON(pkt == NULL);
47
48 if (unlikely(len < SCTP_HEADER_LEN)) {
49 ENGINE_SET_INVALID_EVENT(p, SCTP_PKT_TOO_SMALL);
50 return -1;
51 }
52
53 SCTPHdr *sctph = PacketSetSCTP(p, pkt);
54 p->sp = SCNtohs(sctph->sh_sport);
55 p->dp = SCNtohs(sctph->sh_dport);
56 p->payload = (uint8_t *)pkt + sizeof(SCTPHdr);
57 p->payload_len = len - sizeof(SCTPHdr);
58 p->proto = IPPROTO_SCTP;
59 return 0;
60}
61
62int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
63 const uint8_t *pkt, uint16_t len)
64{
65 StatsIncr(tv, dtv->counter_sctp);
66
67 if (unlikely(DecodeSCTPPacket(tv, p,pkt,len) < 0)) {
68 PacketClearL4(p);
69 return TM_ECODE_FAILED;
70 }
71
72 SCLogDebug("SCTP sp: %u -> dp: %u", p->sp, p->dp);
73
74 FlowSetupPacket(p);
75
76 return TM_ECODE_OK;
77}
78/**
79 * @}
80 */
len
uint8_t len
Definition app-layer-dnp3.h:2
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition counters.c:166
SCTP_PKT_TOO_SMALL
@ SCTP_PKT_TOO_SMALL
Definition decode-events.h:170
DecodeSCTP
int DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition decode-sctp.c:62
SCTP_HEADER_LEN
#define SCTP_HEADER_LEN
Definition decode-sctp.h:28
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition decode.h:1194
IPPROTO_SCTP
#define IPPROTO_SCTP
Definition decode.h:1228
FlowSetupPacket
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to indicate workers should do a flow look...
Definition flow-hash.c:533
dtv
DecodeThreadVars * dtv
Definition fuzz_decodepcapfile.c:33
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition decode.h:963
DecodeThreadVars_::counter_sctp
uint16_t counter_sctp
Definition decode.h:996
Packet_
Definition decode.h:501
Packet_::sp
Port sp
Definition decode.h:508
Packet_::payload
uint8_t * payload
Definition decode.h:605
Packet_::payload_len
uint16_t payload_len
Definition decode.h:606
Packet_::proto
uint8_t proto
Definition decode.h:523
Packet_::dp
Port dp
Definition decode.h:516
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
SCNtohs
#define SCNtohs(x)
Definition suricata-common.h:431
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
unlikely
#define unlikely(expr)
Definition util-optimize.h:35
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition util-validate.h:102