suricata
Macros | Enumerations | Functions | Variables
defrag.c File Reference
#include "suricata-common.h"
#include "queue.h"
#include "suricata.h"
#include "threads.h"
#include "conf.h"
#include "decode-ipv6.h"
#include "util-hashlist.h"
#include "util-pool.h"
#include "util-time.h"
#include "util-print.h"
#include "util-debug.h"
#include "util-fix_checksum.h"
#include "util-random.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "util-host-os-info.h"
#include "util-validate.h"
#include "defrag.h"
#include "defrag-hash.h"
#include "defrag-config.h"
#include "tmqh-packetpool.h"
#include "decode.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "packet.h"
Include dependency graph for defrag.c:

Go to the source code of this file.

Macros

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff
 
#define DEFAULT_DEFRAG_POOL_SIZE   0xffff
 
#define TIMEOUT_DEFAULT   60
 
#define TIMEOUT_MAX   (60 * 60 * 24)
 
#define TIMEOUT_MIN   1
 
#define IP_MF   0x2000
 
#define D_1   'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'
 
#define D_2   'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'
 
#define D_3   'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'
 
#define D_3_1   'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'
 
#define D_3_2   'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'
 
#define D_3_3   'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'
 
#define D_3_4   'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'
 
#define D_3_5   'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'
 
#define D_3_6   'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'
 
#define D_4   'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'
 
#define D_5   'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'
 
#define D_6   'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'
 
#define D_7   'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'
 
#define D_8   'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'
 
#define D_9   'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'
 
#define D_10   'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'
 
#define D_11   'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'
 

Enumerations

enum  defrag_policies {
  DEFRAG_POLICY_FIRST = 1 , DEFRAG_POLICY_LAST , DEFRAG_POLICY_BSD , DEFRAG_POLICY_BSD_RIGHT ,
  DEFRAG_POLICY_LINUX , DEFRAG_POLICY_WINDOWS , DEFRAG_POLICY_SOLARIS , DEFRAG_POLICY_DEFAULT = DEFRAG_POLICY_BSD
}
 

Functions

 RB_GENERATE (IP_FRAGMENTS, Frag_, rb, DefragRbFragCompare)
 
void DefragTrackerFreeFrags (DefragTracker *tracker)
 Free all frags associated with a tracker.
 
int DefragRbFragCompare (struct Frag_ *a, struct Frag_ *b)
 
uint8_t DefragGetOsPolicy (Packet *p)
 Get the defrag policy based on the destination address of the packet.
 
PacketDefrag (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 Entry point for IPv4 and IPv6 fragments.
 
void DefragInit (void)
 
void DefragDestroy (void)
 
void DefragRegisterTests (void)
 

Variables

ThreadVars test_tv = { 0 }
 
DecodeThreadVars test_dtv = { 0 }
 

Detailed Description

Author
Endace Technology Limited, Jason Ish jason.nosp@m..ish.nosp@m.@enda.nosp@m.ce.c.nosp@m.om

Defragmentation module. References:

  • RFC 815
  • OpenBSD PF's IP normalization (pf_norm.c)
Todo:

pool for frag packet storage

policy bsd-right

profile hash function

log anomalies

Definition in file defrag.c.

Macro Definition Documentation

◆ D_1

#define D_1   'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A'

Definition at line 1845 of file defrag.c.

◆ D_10

#define D_10   'P', 'P', 'P', 'P', 'P', 'P', 'P', 'P'

Definition at line 1860 of file defrag.c.

◆ D_11

#define D_11   'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q', 'Q'

Definition at line 1861 of file defrag.c.

◆ D_2

#define D_2   'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B'

Definition at line 1846 of file defrag.c.

◆ D_3

#define D_3   'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C'

Definition at line 1847 of file defrag.c.

◆ D_3_1

#define D_3_1   'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D'

Definition at line 1848 of file defrag.c.

◆ D_3_2

#define D_3_2   'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E'

Definition at line 1849 of file defrag.c.

◆ D_3_3

#define D_3_3   'F', 'F', 'F', 'F', 'F', 'F', 'F', 'F'

Definition at line 1850 of file defrag.c.

◆ D_3_4

#define D_3_4   'G', 'G', 'G', 'G', 'G', 'G', 'G', 'G'

Definition at line 1851 of file defrag.c.

◆ D_3_5

#define D_3_5   'H', 'H', 'H', 'H', 'H', 'H', 'H', 'H'

Definition at line 1852 of file defrag.c.

◆ D_3_6

#define D_3_6   'I', 'I', 'I', 'I', 'I', 'I', 'I', 'I'

Definition at line 1853 of file defrag.c.

◆ D_4

#define D_4   'J', 'J', 'J', 'J', 'J', 'J', 'J', 'J'

Definition at line 1854 of file defrag.c.

◆ D_5

#define D_5   'K', 'K', 'K', 'K', 'K', 'K', 'K', 'K'

Definition at line 1855 of file defrag.c.

◆ D_6

#define D_6   'L', 'L', 'L', 'L', 'L', 'L', 'L', 'L'

Definition at line 1856 of file defrag.c.

◆ D_7

#define D_7   'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M'

Definition at line 1857 of file defrag.c.

◆ D_8

#define D_8   'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N'

Definition at line 1858 of file defrag.c.

◆ D_9

#define D_9   'O', 'O', 'O', 'O', 'O', 'O', 'O', 'O'

Definition at line 1859 of file defrag.c.

◆ DEFAULT_DEFRAG_HASH_SIZE

#define DEFAULT_DEFRAG_HASH_SIZE   0xffff

Definition at line 65 of file defrag.c.

◆ DEFAULT_DEFRAG_POOL_SIZE

#define DEFAULT_DEFRAG_POOL_SIZE   0xffff

Definition at line 66 of file defrag.c.

◆ IP_MF

#define IP_MF   0x2000

Definition at line 1141 of file defrag.c.

◆ TIMEOUT_DEFAULT

#define TIMEOUT_DEFAULT   60

Default timeout (in seconds) before a defragmentation tracker will be released.

Definition at line 72 of file defrag.c.

◆ TIMEOUT_MAX

#define TIMEOUT_MAX   (60 * 60 * 24)

Maximum allowed timeout, 24 hours.

Definition at line 77 of file defrag.c.

◆ TIMEOUT_MIN

#define TIMEOUT_MIN   1

Minimum allowed timeout, 1 second.

Definition at line 82 of file defrag.c.

Enumeration Type Documentation

◆ defrag_policies

enum defrag_policies

Fragment reassembly policies.

Enumerator
DEFRAG_POLICY_FIRST 
DEFRAG_POLICY_LAST 
DEFRAG_POLICY_BSD 
DEFRAG_POLICY_BSD_RIGHT 
DEFRAG_POLICY_LINUX 
DEFRAG_POLICY_WINDOWS 
DEFRAG_POLICY_SOLARIS 
DEFRAG_POLICY_DEFAULT 

Definition at line 85 of file defrag.c.

Function Documentation

◆ Defrag()

Packet * Defrag ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p 
)

Entry point for IPv4 and IPv6 fragments.

Parameters
tvThreadVars for the calling decoder.
pThe packet fragment.
Return values
Anew Packet resembling the re-assembled packet if the most recent fragment allowed the packet to be re-assembled, otherwise NULL is returned.

Definition at line 1063 of file defrag.c.

References af, DecodeThreadVars_::counter_defrag_ipv4_fragments, DecodeThreadVars_::counter_defrag_ipv6_fragments, DecodeThreadVars_::counter_defrag_max_hit, DefragTrackerRelease(), dtv, IPV4_GET_RAW_FLAG_MF, IPV4_GET_RAW_FRAGOFFSET, IPV6_EXTHDR_GET_FH_FLAG, IPV6_EXTHDR_GET_FH_OFFSET, StatsIncr(), and tv.

Referenced by DecodeIPV4(), and DecodeIPV6().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragDestroy()

void DefragDestroy ( void  )

Definition at line 1129 of file defrag.c.

References DefragHashShutdown(), and DefragTreeDestroy().

Referenced by PostRunDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragGetOsPolicy()

uint8_t DefragGetOsPolicy ( Packet p)

Get the defrag policy based on the destination address of the packet.

Parameters
pThe packet used to get the destination address.
Return values
Thedefrag policy to use.

Definition at line 985 of file defrag.c.

References DEFRAG_POLICY_BSD, DEFRAG_POLICY_BSD_RIGHT, DEFRAG_POLICY_FIRST, DEFRAG_POLICY_LAST, DEFRAG_POLICY_LINUX, DEFRAG_POLICY_SOLARIS, DEFRAG_POLICY_WINDOWS, GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, OS_POLICY_BSD, OS_POLICY_BSD_RIGHT, OS_POLICY_FIRST, OS_POLICY_HPUX10, OS_POLICY_HPUX11, OS_POLICY_IRIX, OS_POLICY_LAST, OS_POLICY_LINUX, OS_POLICY_MACOS, OS_POLICY_OLD_LINUX, OS_POLICY_OLD_SOLARIS, OS_POLICY_SOLARIS, OS_POLICY_VISTA, OS_POLICY_WINDOWS, OS_POLICY_WINDOWS2K3, SCHInfoGetIPv4HostOSFlavour(), and SCHInfoGetIPv6HostOSFlavour().

Here is the call graph for this function:

◆ DefragInit()

void DefragInit ( void  )

Definition at line 1109 of file defrag.c.

References DEFAULT_DEFRAG_HASH_SIZE, DefragInitConfig(), DefragPolicyLoadFromConfig(), DefragSetDefaultTimeout(), FatalError, SCConfGetInt(), and DefragContext_::timeout.

Referenced by PreRunInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragRbFragCompare()

int DefragRbFragCompare ( struct Frag_ a,
struct Frag_ b 
)

The RB_TREE compare function for fragments.

When it comes to adding fragments, we want subsequent ones with the same offset to be treated as greater than, so we don't have an equal return value here.

Definition at line 537 of file defrag.c.

References Frag_::offset.

◆ DefragRegisterTests()

void DefragRegisterTests ( void  )

Definition at line 3111 of file defrag.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DefragTrackerFreeFrags()

void DefragTrackerFreeFrags ( DefragTracker tracker)

Free all frags associated with a tracker.

Definition at line 132 of file defrag.c.

References DefragContext_::frag_pool, DefragContext_::frag_pool_lock, DefragTracker_::fragment_tree, PoolReturn(), RB_FOREACH_SAFE, RB_REMOVE, SCMutexLock, and SCMutexUnlock.

Referenced by DefragTrackerClearMemory().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ RB_GENERATE()

RB_GENERATE ( IP_FRAGMENTS  ,
Frag_  ,
rb  ,
DefragRbFragCompare   
)

Variable Documentation

◆ test_dtv

DecodeThreadVars test_dtv = { 0 }

Definition at line 1144 of file defrag.c.

◆ test_tv

ThreadVars test_tv = { 0 }

Definition at line 1143 of file defrag.c.