Update PacketFilter/Discarder code for IP version independence.

The signatures of script-layer functions 'discarder_check_ip', 'discarder_check_tcp', 'discarder_check_udp', and 'discarder_check_icmp' were changed to use the more general 'pkt_hdr' type as a parameter instead of individual header types.
2025-10-11 02:58:20 +00:00 · 2012-03-08 13:12:04 -06:00 · 2012-03-08 13:12:04 -06:00 · 0b32c980bf
commit 0b32c980bf
parent 76ef36e048
13 changed files with 251 additions and 194 deletions
--- a/testing/btest/Baseline/bifs.install_src_addr_filter/output
+++ b/testing/btest/Baseline/bifs.install_src_addr_filter/output
@ -0,0 +1,8 @@
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
--- a/testing/btest/Baseline/core.discarder/output
+++ b/testing/btest/Baseline/core.discarder/output
@ -0,0 +1,24 @@
+################ IP Discarder ################
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+################ TCP Discarder ################
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
+################ UDP Discarder ################
+[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
+################ ICMP Discarder ################
+Discard icmp packet: [icmp_type=3]
--- a/testing/btest/Traces/icmp-unreach.trace
+++ b/testing/btest/Traces/icmp-unreach.trace
--- a/testing/btest/bifs/install_src_addr_filter.test
+++ b/testing/btest/bifs/install_src_addr_filter.test
@ -0,0 +1,13 @@
+# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+event bro_init()
+    {
+    install_src_addr_filter(141.142.220.118, TH_SYN, 100.0);
+    }
+
+event new_packet(c: connection, p: pkt_hdr)
+    {
+    if ( p?$tcp && p$ip$src == 141.142.220.118 )
+            print c$id;
+    }
--- a/testing/btest/core/discarder.bro
+++ b/testing/btest/core/discarder.bro
@ -0,0 +1,92 @@
+# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-ip.bro >output
+# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-tcp.bro >>output
+# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace discarder-udp.bro >>output
+# @TEST-EXEC: bro -C -r $TRACES/icmp-unreach.trace discarder-icmp.bro >>output
+# @TEST-EXEC: btest-diff output
+
+@TEST-START-FILE discarder-ip.bro
+
+event bro_init()
+	{
+	print "################ IP Discarder ################";
+	}
+
+function discarder_check_ip(p: pkt_hdr): bool
+    {
+    if ( p?$ip && p$ip$src == 141.142.220.118 && p$ip$dst == 208.80.152.2 )
+        return F;
+	return T;
+    }
+
+
+event new_packet(c: connection, p: pkt_hdr)
+    {
+    print c$id;
+    }
+
+@TEST-END-FILE
+
+@TEST-START-FILE discarder-tcp.bro
+
+event bro_init()
+    {
+    print "################ TCP Discarder ################";
+    }
+
+function discarder_check_tcp(p: pkt_hdr, d: string): bool
+    {
+    if ( p$tcp$flags == TH_SYN )
+        return F;
+    return T;
+    }
+
+event new_packet(c: connection, p: pkt_hdr)
+    {
+    if ( p?$tcp )
+        print c$id;
+    }
+
+@TEST-END-FILE
+
+@TEST-START-FILE discarder-udp.bro
+
+event bro_init()
+    {
+    print "################ UDP Discarder ################";
+    }
+
+function discarder_check_udp(p: pkt_hdr, d: string): bool
+    {
+    if ( p?$ip6 )
+        return F;
+    return T;
+    }
+
+event new_packet(c: connection, p: pkt_hdr)
+    {
+    if ( p?$udp )
+        print c$id;
+    }
+
+@TEST-END-FILE
+
+@TEST-START-FILE discarder-icmp.bro
+
+event bro_init()
+    {
+    print "################ ICMP Discarder ################";
+    }
+
+function discarder_check_icmp(p: pkt_hdr): bool
+    {
+    print fmt("Discard icmp packet: %s", p$icmp);
+    return T;
+    }
+
+event new_packet(c: connection, p: pkt_hdr)
+    {
+    if ( p?$icmp )
+        print c$id;
+    }
+
+@TEST-END-FILE