Adding upstream version 1:7.0.3.upstream/1%7.0.3

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 103 insertions, 0 deletions

diff --git a/src/decode-null.c b/src/decode-null.c
new file mode 100644
index 0000000..5bf9340
--- /dev/null
+++ b/src/decode-null.c
@@ -0,0 +1,103 @@
+/* Copyright (C) 2015-2021 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \ingroup decode
+ *
+ * @{
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * Decode linktype null:
+ * http://www.tcpdump.org/linktypes.html
+ */
+
+#include "suricata-common.h"
+#include "decode.h"
+#include "decode-raw.h"
+#include "decode-events.h"
+
+#include "util-validate.h"
+#include "util-unittest.h"
+#include "util-debug.h"
+
+#define HDR_SIZE 4
+
+#define AF_INET6_BSD     24
+#define AF_INET6_FREEBSD 28
+#define AF_INET6_DARWIN  30
+#define AF_INET6_LINUX   10
+#define AF_INET6_SOLARIS 26
+#define AF_INET6_WINSOCK 23
+
+int DecodeNull(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
+        const uint8_t *pkt, uint32_t len)
+{
+    DEBUG_VALIDATE_BUG_ON(pkt == NULL);
+
+    StatsIncr(tv, dtv->counter_null);
+
+    if (unlikely(len < HDR_SIZE)) {
+        ENGINE_SET_INVALID_EVENT(p, LTNULL_PKT_TOO_SMALL);
+        return TM_ECODE_FAILED;
+    }
+
+    if (unlikely(GET_PKT_LEN(p) > HDR_SIZE + USHRT_MAX)) {
+        return TM_ECODE_FAILED;
+    }
+#if __BYTE_ORDER__ == __BIG_ENDIAN
+    uint32_t type = pkt[0] | pkt[1] << 8 | pkt[2] << 16 | pkt[3] << 24;
+#else
+    uint32_t type = *((uint32_t *)pkt);
+#endif
+    switch(type) {
+        case AF_INET:
+            SCLogDebug("IPV4 Packet");
+            if (GET_PKT_LEN(p) - HDR_SIZE > USHRT_MAX) {
+                return TM_ECODE_FAILED;
+            }
+            DecodeIPV4(
+                    tv, dtv, p, GET_PKT_DATA(p) + HDR_SIZE, (uint16_t)(GET_PKT_LEN(p) - HDR_SIZE));
+            break;
+        case AF_INET6_BSD:
+        case AF_INET6_FREEBSD:
+        case AF_INET6_DARWIN:
+        case AF_INET6_LINUX:
+        case AF_INET6_SOLARIS:
+        case AF_INET6_WINSOCK:
+            SCLogDebug("IPV6 Packet");
+            if (GET_PKT_LEN(p) - HDR_SIZE > USHRT_MAX) {
+                return TM_ECODE_FAILED;
+            }
+            DecodeIPV6(
+                    tv, dtv, p, GET_PKT_DATA(p) + HDR_SIZE, (uint16_t)(GET_PKT_LEN(p) - HDR_SIZE));
+            break;
+        default:
+            SCLogDebug("Unknown Null packet type version %" PRIu32 "", type);
+            ENGINE_SET_EVENT(p, LTNULL_UNSUPPORTED_TYPE);
+            break;
+    }
+    return TM_ECODE_OK;
+}
+
+/**
+ * @}
+ */