mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
Update PacketFilter/Discarder code for IP version independence.
The signatures of script-layer functions 'discarder_check_ip', 'discarder_check_tcp', 'discarder_check_udp', and 'discarder_check_icmp' were changed to use the more general 'pkt_hdr' type as a parameter instead of individual header types.
This commit is contained in:
Jon Siwek
parent
76ef36e048
commit
0b32c980bf
13 changed files with 251 additions and 194 deletions
|
|
@ -10,11 +10,6 @@
|
|||
|
||||
Discarder::Discarder()
|
||||
{
|
||||
ip_hdr = internal_type("ip_hdr")->AsRecordType();
|
||||
tcp_hdr = internal_type("tcp_hdr")->AsRecordType();
|
||||
udp_hdr = internal_type("udp_hdr")->AsRecordType();
|
||||
icmp_hdr = internal_type("icmp_hdr")->AsRecordType();
|
||||
|
||||
check_ip = internal_func("discarder_check_ip");
|
||||
check_tcp = internal_func("discarder_check_tcp");
|
||||
check_udp = internal_func("discarder_check_udp");
|
||||
|
|
@ -36,12 +31,10 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
{
|
||||
int discard_packet = 0;
|
||||
|
||||
const struct ip* ip4 = ip->IP4_Hdr();
|
||||
|
||||
if ( check_ip )
|
||||
{
|
||||
val_list* args = new val_list;
|
||||
args->append(BuildHeader(ip4));
|
||||
args->append(ip->BuildPktHdrVal());
|
||||
|
||||
try
|
||||
{
|
||||
|
|
@ -59,19 +52,18 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
return discard_packet;
|
||||
}
|
||||
|
||||
int proto = ip4->ip_p;
|
||||
int proto = ip->NextProto();
|
||||
if ( proto != IPPROTO_TCP && proto != IPPROTO_UDP &&
|
||||
proto != IPPROTO_ICMP )
|
||||
// This is not a protocol we understand.
|
||||
return 0;
|
||||
|
||||
// XXX shall we only check the first packet???
|
||||
uint32 frag_field = ntohs(ip4->ip_off);
|
||||
if ( (frag_field & 0x3fff) != 0 )
|
||||
if ( ip->IsFragment() )
|
||||
// Never check any fragment.
|
||||
return 0;
|
||||
|
||||
int ip_hdr_len = ip4->ip_hl * 4;
|
||||
int ip_hdr_len = ip->HdrLen();
|
||||
len -= ip_hdr_len; // remove IP header
|
||||
caplen -= ip_hdr_len;
|
||||
|
||||
|
|
@ -87,7 +79,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
|
||||
// Where the data starts - if this is a protocol we know about,
|
||||
// this gets advanced past the transport header.
|
||||
const u_char* data = ((u_char*) ip4 + ip_hdr_len);
|
||||
const u_char* data = ip->Payload();
|
||||
|
||||
if ( is_tcp )
|
||||
{
|
||||
|
|
@ -97,8 +89,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
int th_len = tp->th_off * 4;
|
||||
|
||||
val_list* args = new val_list;
|
||||
args->append(BuildHeader(ip4));
|
||||
args->append(BuildHeader(tp, len));
|
||||
args->append(ip->BuildPktHdrVal());
|
||||
args->append(BuildData(data, th_len, len, caplen));
|
||||
|
||||
try
|
||||
|
|
@ -123,8 +114,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
int uh_len = sizeof (struct udphdr);
|
||||
|
||||
val_list* args = new val_list;
|
||||
args->append(BuildHeader(ip4));
|
||||
args->append(BuildHeader(up));
|
||||
args->append(ip->BuildPktHdrVal());
|
||||
args->append(BuildData(data, uh_len, len, caplen));
|
||||
|
||||
try
|
||||
|
|
@ -148,8 +138,7 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
const struct icmp* ih = (const struct icmp*) data;
|
||||
|
||||
val_list* args = new val_list;
|
||||
args->append(BuildHeader(ip4));
|
||||
args->append(BuildHeader(ih));
|
||||
args->append(ip->BuildPktHdrVal());
|
||||
|
||||
try
|
||||
{
|
||||
|
|
@ -168,62 +157,6 @@ int Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
|
|||
return discard_packet;
|
||||
}
|
||||
|
||||
Val* Discarder::BuildHeader(const struct ip* ip)
|
||||
{
|
||||
RecordVal* hdr = new RecordVal(ip_hdr);
|
||||
|
||||
hdr->Assign(0, new Val(ip->ip_hl * 4, TYPE_COUNT));
|
||||
hdr->Assign(1, new Val(ip->ip_tos, TYPE_COUNT));
|
||||
hdr->Assign(2, new Val(ntohs(ip->ip_len), TYPE_COUNT));
|
||||
hdr->Assign(3, new Val(ntohs(ip->ip_id), TYPE_COUNT));
|
||||
hdr->Assign(4, new Val(ip->ip_ttl, TYPE_COUNT));
|
||||
hdr->Assign(5, new Val(ip->ip_p, TYPE_COUNT));
|
||||
hdr->Assign(6, new AddrVal(ip->ip_src.s_addr));
|
||||
hdr->Assign(7, new AddrVal(ip->ip_dst.s_addr));
|
||||
|
||||
return hdr;
|
||||
}
|
||||
|
||||
Val* Discarder::BuildHeader(const struct tcphdr* tp, int tcp_len)
|
||||
{
|
||||
RecordVal* hdr = new RecordVal(tcp_hdr);
|
||||
|
||||
hdr->Assign(0, new PortVal(ntohs(tp->th_sport), TRANSPORT_TCP));
|
||||
hdr->Assign(1, new PortVal(ntohs(tp->th_dport), TRANSPORT_TCP));
|
||||
hdr->Assign(2, new Val(uint32(ntohl(tp->th_seq)), TYPE_COUNT));
|
||||
hdr->Assign(3, new Val(uint32(ntohl(tp->th_ack)), TYPE_COUNT));
|
||||
|
||||
int tcp_hdr_len = tp->th_off * 4;
|
||||
|
||||
hdr->Assign(4, new Val(tcp_hdr_len, TYPE_COUNT));
|
||||
hdr->Assign(5, new Val(tcp_len - tcp_hdr_len, TYPE_COUNT));
|
||||
|
||||
hdr->Assign(6, new Val(tp->th_flags, TYPE_COUNT));
|
||||
hdr->Assign(7, new Val(ntohs(tp->th_win), TYPE_COUNT));
|
||||
|
||||
return hdr;
|
||||
}
|
||||
|
||||
Val* Discarder::BuildHeader(const struct udphdr* up)
|
||||
{
|
||||
RecordVal* hdr = new RecordVal(udp_hdr);
|
||||
|
||||
hdr->Assign(0, new PortVal(ntohs(up->uh_sport), TRANSPORT_UDP));
|
||||
hdr->Assign(1, new PortVal(ntohs(up->uh_dport), TRANSPORT_UDP));
|
||||
hdr->Assign(2, new Val(ntohs(up->uh_ulen), TYPE_COUNT));
|
||||
|
||||
return hdr;
|
||||
}
|
||||
|
||||
Val* Discarder::BuildHeader(const struct icmp* icmp)
|
||||
{
|
||||
RecordVal* hdr = new RecordVal(icmp_hdr);
|
||||
|
||||
hdr->Assign(0, new Val(icmp->icmp_type, TYPE_COUNT));
|
||||
|
||||
return hdr;
|
||||
}
|
||||
|
||||
Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
|
||||
{
|
||||
len -= hdrlen;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue