Actions
Feature #746
closedDecoding API modification
Effort:
Difficulty:
Label:
Description
I propose to change the type of Decode* function (and other decoding functions as well). It could then return an error if the decoding is not correct (let's say SC_ERR).
Then we could do in DecodeTeredo and other functions:
if (IP_GET_RAW_VER(start) == 6) { IPV6Hdr *thdr = (IPV6Hdr *)start; if (len == IPV6_HEADER_LEN + IPV6_GET_RAW_PLEN(thdr) + (start - pkt)) { if (pq != NULL) { int blen = len - (start - pkt); /* spawn off tunnel packet */ Packet *tp = PacketPseudoPktSetup(p, start, blen, IPPROTO_IPV6); if (tp != NULL) { PKT_SET_SRC(tp, PKT_SRC_DECODER_TEREDO); /* send that to the Tunnel decoder */ ret = DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq, IPPROTO_IPV6); if (ret != SC_ERR) { /* add the tp to the packet queue. */ PacketEnqueue(pq,tp); SCPerfCounterIncr(dtv->counter_teredo, tv->sc_perf_pca); return 1; } else { RETURN PACKET TO POOL return 0; } } } }
This would allow to detect incorrect IPv6 packets which will trigger a failure of DecodeIPv6 and hence of DecodeTunnel. This way we will detect invalid packet in the most accurate way.
Updated by Victor Julien over 11 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version changed from 2.0rc2 to 2.0beta2
Updated by Victor Julien over 11 years ago
The error should only be in case the packet is not the suspected protocol or when it's severely malformed.
We should also carefully review that the packet that errors out doesn't set vars in the packet, like a header pointer.
Updated by Eric Leblond about 11 years ago
- Status changed from Assigned to Closed
Implemented in https://github.com/inliniac/suricata/pull/666
Actions