Project

General

Profile

Download (3.14 KB)

Bug #180 » 0001-Fix-for-bug-180-check-proto-specified-at-the-IP-hdr.patch

This patch should fix the issue to be compat, checking the proto at the ip hdr instead of p->proto (that is not set on invalid packets). - Pablo Rincon, 07/23/2010 10:20 AM

View differences:

src/decode.h
#define IPH_IS_VALID(p) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))
/* Retrieve proto regardless of IP version */
#define IP_GET_IPPROTO(p) \
(PKT_IS_IPV4(p)? IPV4_GET_IPPROTO(p) : (PKT_IS_IPV6(p)? IPV6_GET_NH(p) : 0))
/* structure to store the sids/gids/etc the detection engine
* found in this packet */
typedef struct PacketAlert_ {
src/detect-engine-iponly.c
Signature *s = de_ctx->sig_array[u * 8 + i];
/* Need to check the protocol first */
if (!(s->proto.proto[(p->proto/8)] & (1 << (p->proto % 8))))
if (!(s->proto.proto[(IP_GET_IPPROTO(p)/8)] & (1 << (IP_GET_IPPROTO(p) % 8))))
continue;
SCLogDebug("Signum %"PRIu16" match (sid: %"PRIu16", msg: %s)",
src/detect.c
SCLogDebug("f %d", f);
/* find the right mpm instance */
DetectAddress *ag = DetectAddressLookupInHead(de_ctx->flow_gh[f].src_gh[p->proto], &p->src);
DetectAddress *ag = DetectAddressLookupInHead(de_ctx->flow_gh[f].src_gh[IP_GET_IPPROTO(p)], &p->src);
if (ag != NULL) {
/* source group found, lets try a dst group */
ag = DetectAddressLookupInHead(ag->dst_gh, &p->dst);
......
/* Get the stored sgh from the flow (if any). Make sure we're not using
* the sgh for icmp error packets part of the same stream. */
if (p->proto == p->flow->proto) { /* filter out icmp */
if (IP_GET_IPPROTO(p) == p->flow->proto) { /* filter out icmp */
if (p->flowflags & FLOW_PKT_TOSERVER && p->flow->flags & FLOW_SGH_TOSERVER) {
sgh = p->flow->sgh_toserver;
use_flow_sgh = TRUE;
......
s = det_ctx->match_array[idx];
SCLogDebug("inspecting signature id %"PRIu32"", s->id);
if (DetectProtoContainsProto(&s->proto, p->proto) == 0) {
if (DetectProtoContainsProto(&s->proto, IP_GET_IPPROTO(p)) == 0) {
SCLogDebug("proto didn't match");
goto next;
}
(2-2/2)