suricata
respond-reject.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2020 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author William Metcalf <william.metcalf@gmail.com>
22 *
23 * RespondReject is a threaded wrapper for sending Rejects
24 *
25 */
26
27#include "suricata-common.h"
28#include "packet.h"
29#include "decode.h"
30#include "packet-queue.h"
31#include "threads.h"
32#include "threadvars.h"
33#include "tm-queuehandlers.h"
34#include "tm-threads.h"
35#include "action-globals.h"
36
37#include "respond-reject.h"
38#include "respond-reject-libnet11.h"
39
40#include "util-debug.h"
41#include "util-privs.h"
42
43int RejectSendIPv4TCP(ThreadVars *, Packet *, void *);
44int RejectSendIPv4ICMP(ThreadVars *, Packet *, void *);
45int RejectSendIPv6TCP(ThreadVars *, Packet *, void *);
46int RejectSendIPv6ICMP(ThreadVars *, Packet *, void *);
47static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data);
48static TmEcode RespondRejectThreadDeinit(ThreadVars *tv, void *data);
49
50void TmModuleRespondRejectRegister (void)
51{
52 tmm_modules[TMM_RESPONDREJECT].name = "RespondReject";
53 tmm_modules[TMM_RESPONDREJECT].ThreadInit = NULL;
54 tmm_modules[TMM_RESPONDREJECT].Func = RespondRejectFunc;
55 tmm_modules[TMM_RESPONDREJECT].ThreadDeinit = RespondRejectThreadDeinit;
56 tmm_modules[TMM_RESPONDREJECT].cap_flags = 0; /* libnet is not compat with caps */
57}
58
59static TmEcode RespondRejectThreadDeinit(ThreadVars *tv, void *data)
60{
61 FreeCachedCtx();
62 return TM_ECODE_OK;
63}
64
65static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
66{
67 /* ACTION_REJECT defaults to rejecting the SRC */
68 if (likely(PacketCheckAction(p, ACTION_REJECT_ANY) == 0)) {
69 return TM_ECODE_OK;
70 }
71
72 if (PacketIsTunnel(p)) {
73 return TM_ECODE_OK;
74 }
75
76 if (PacketIsIPv4(p)) {
77 if (PacketIsTCP(p)) {
78 (void)RejectSendIPv4TCP(tv, p, data);
79 } else {
80 (void)RejectSendIPv4ICMP(tv, p, data);
81 }
82 } else if (PacketIsIPv6(p)) {
83 if (PacketIsTCP(p)) {
84 (void)RejectSendIPv6TCP(tv, p, data);
85 } else {
86 (void)RejectSendIPv6ICMP(tv, p, data);
87 }
88 }
89
90 return TM_ECODE_OK;
91}
92
93int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
94{
95 SCEnter();
96 if (PacketCheckAction(p, ACTION_REJECT)) {
97 int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
98 SCReturnInt(r);
99 } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
100 int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
101 SCReturnInt(r);
102 } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
103 int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
104 r |= RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
105 SCReturnInt(r);
106 }
107 SCReturnInt(0);
108}
109
110int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
111{
112 SCEnter();
113 if (PacketCheckAction(p, ACTION_REJECT)) {
114 int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
115 SCReturnInt(r);
116 } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
117 int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
118 SCReturnInt(r);
119 } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
120 int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
121 r |= RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
122 SCReturnInt(r);
123 }
124 SCReturnInt(0);
125}
126
127int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
128{
129 SCEnter();
130 if (PacketCheckAction(p, ACTION_REJECT)) {
131 int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
132 SCReturnInt(r);
133 } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
134 int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
135 SCReturnInt(r);
136 } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
137 int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
138 r |= RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
139 SCReturnInt(r);
140 }
141 SCReturnInt(0);
142}
143
144int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
145{
146 SCEnter();
147 if (PacketCheckAction(p, ACTION_REJECT)) {
148 int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
149 SCReturnInt(r);
150 } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
151 int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
152 SCReturnInt(r);
153 } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
154 int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
155 r |= RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
156 SCReturnInt(r);
157 }
158 SCReturnInt(0);
159}
ACTION_REJECT
#define ACTION_REJECT
Definition action-globals.h:31
ACTION_REJECT_ANY
#define ACTION_REJECT_ANY
Definition action-globals.h:38
ACTION_REJECT_BOTH
#define ACTION_REJECT_BOTH
Definition action-globals.h:33
ACTION_REJECT_DST
#define ACTION_REJECT_DST
Definition action-globals.h:32
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
PacketCheckAction
bool PacketCheckAction(const Packet *p, const uint8_t a)
Definition packet.c:49
FreeCachedCtx
void FreeCachedCtx(void)
Definition respond-reject-libnet11.c:606
RejectSendLibnet11IPv6TCP
int RejectSendLibnet11IPv6TCP(ThreadVars *tv, Packet *p, void *data, enum RejectDirection dir)
Definition respond-reject-libnet11.c:590
RejectSendLibnet11IPv4TCP
int RejectSendLibnet11IPv4TCP(ThreadVars *tv, Packet *p, void *data, enum RejectDirection dir)
Definition respond-reject-libnet11.c:574
RejectSendLibnet11IPv6ICMP
int RejectSendLibnet11IPv6ICMP(ThreadVars *tv, Packet *p, void *data, enum RejectDirection dir)
Definition respond-reject-libnet11.c:598
RejectSendLibnet11IPv4ICMP
int RejectSendLibnet11IPv4ICMP(ThreadVars *tv, Packet *p, void *data, enum RejectDirection dir)
Definition respond-reject-libnet11.c:582
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition respond-reject.c:50
RejectSendIPv6ICMP
int RejectSendIPv6ICMP(ThreadVars *, Packet *, void *)
Definition respond-reject.c:144
RejectSendIPv6TCP
int RejectSendIPv6TCP(ThreadVars *, Packet *, void *)
Definition respond-reject.c:127
RejectSendIPv4ICMP
int RejectSendIPv4ICMP(ThreadVars *, Packet *, void *)
Definition respond-reject.c:110
RejectSendIPv4TCP
int RejectSendIPv4TCP(ThreadVars *, Packet *, void *)
Definition respond-reject.c:93
REJECT_DIR_DST
@ REJECT_DIR_DST
Definition respond-reject.h:29
REJECT_DIR_SRC
@ REJECT_DIR_SRC
Definition respond-reject.h:28
Packet_
Definition decode.h:501
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
TmModule_::name
const char * name
Definition tm-modules.h:48
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition tm-modules.h:53
TmModule_::cap_flags
uint8_t cap_flags
Definition tm-modules.h:77
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *)
Definition tm-modules.h:56
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition tm-modules.h:51
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition tm-modules.c:29
TMM_RESPONDREJECT
@ TMM_RESPONDREJECT
Definition tm-threads-common.h:44
TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81
SCEnter
#define SCEnter(...)
Definition util-debug.h:277
SCReturnInt
#define SCReturnInt(x)
Definition util-debug.h:281
likely
#define likely(expr)
Definition util-optimize.h:32