[Oisf-devel] [PATCH 2/2] Modify files to avoid direct pckt payload access
Eric Leblond
eleblond at edenwall.com
Tue Nov 16 22:00:43 UTC 2010
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
Signed-off-by: Eric Leblond <eleblond at edenwall.com>
---
src/alert-debuglog.c | 12 +++---
src/alert-fastlog.c | 2 +-
src/alert-unified-log.c | 8 ++--
src/alert-unified2-alert.c | 10 +++---
src/decode-gre.c | 8 ++--
src/decode-ipv4.c | 4 +-
src/decode-ipv6.c | 2 +-
src/decode-raw.c | 16 ++++----
src/defrag.c | 80 ++++++++++++++++++++++----------------------
src/detect-bytetest.c | 6 ++--
src/detect-engine-tag.c | 6 ++--
src/detect.c | 24 ++++++------
src/flow.c | 2 +-
src/source-erf-dag.c | 20 +++++-----
src/source-erf-file.c | 16 ++++----
src/source-ipfw.c | 28 ++++++++--------
src/source-nfq.c | 29 +++++++++-------
src/source-pcap-file.c | 18 +++++-----
src/source-pcap.c | 25 +++++++------
src/source-pfring.c | 16 ++++----
src/util-unittest-helper.c | 8 ++--
21 files changed, 172 insertions(+), 168 deletions(-)
diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index 76db5d9..e7a04d4 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -248,9 +248,9 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
aft->file_ctx->alerts += p->alerts.cnt;
- fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", p->pktlen);
+ fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", GET_PKT_LEN(p));
fprintf(aft->file_ctx->fp, "PACKET:\n");
- PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+ PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);
@@ -313,9 +313,9 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
AlertDebugLogPktVars(aft, p);
- fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", p->pktlen);
+ fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", GET_PKT_LEN(p));
fprintf(aft->file_ctx->fp, "PACKET:\n");
- PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+ PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);
@@ -356,9 +356,9 @@ TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQ
aft->file_ctx->alerts += p->alerts.cnt;
- fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", p->pktlen);
+ fprintf(aft->file_ctx->fp, "PACKET LEN: %" PRIu32 "\n", GET_PKT_LEN(p));
fprintf(aft->file_ctx->fp, "PACKET:\n");
- PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+ PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
fflush(aft->file_ctx->fp);
SCMutexUnlock(&aft->file_ctx->fp_mutex);
diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index 1131a3f..3ca91cc 100644
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -235,7 +235,7 @@ TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQu
fprintf(aft->file_ctx->fp, "%s [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: %s] [Priority: %" PRIu32 "] [**] [Raw pkt: ",
timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio);
- PrintRawLineHexFp(aft->file_ctx->fp, p->pkt, p->pktlen < 32 ? p->pktlen : 32);
+ PrintRawLineHexFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);
if (p->pcap_cnt != 0) {
fprintf(aft->file_ctx->fp, "] [pcap file packet: %"PRIu64"]", p->pcap_cnt);
}
diff --git a/src/alert-unified-log.c b/src/alert-unified-log.c
index 2ee5903..8901323 100644
--- a/src/alert-unified-log.c
+++ b/src/alert-unified-log.c
@@ -212,7 +212,7 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
hdr.tv.tv_sec = hdr.ref_tv.tv_sec = p->ts.tv_sec;
hdr.tv.tv_usec = hdr.ref_tv.tv_usec = p->ts.tv_usec;
hdr.pktflags = 0; /* XXX */
- hdr.pktlen = hdr.caplen = p->pktlen + ethh_offset;
+ hdr.pktlen = hdr.caplen = GET_PKT_LEN(p) + ethh_offset;
uint16_t i = 0;
@@ -244,13 +244,13 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
buflen += sizeof(ethh);
}
- memcpy(buf+buflen,&p->pkt,p->pktlen);
- buflen += p->pktlen;
+ memcpy(buf+buflen, GET_PKT_DATA(p),GET_PKT_LEN(p));
+ buflen += GET_PKT_LEN(p);
/** Wait for the mutex. We dont want all the threads rotating the file
* at the same time :) */
SCMutexLock(&aun->file_ctx->fp_mutex);
- if ((aun->file_ctx->size_current + sizeof(hdr) + p->pktlen + ethh_offset) > aun->file_ctx->size_limit) {
+ if ((aun->file_ctx->size_current + sizeof(hdr) + GET_PKT_LEN(p) + ethh_offset) > aun->file_ctx->size_limit) {
if (AlertUnifiedLogRotateFile(tv,aun) < 0) {
SCMutexUnlock(&aun->file_ctx->fp_mutex);
aun->file_ctx->alerts += i;
diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index 7ea721d..fb3787d 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -240,8 +240,8 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
int ret, len;
char write_buffer[sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) + IPV4_MAXPACKET_LEN];
- if(p->pktlen > 0)
- len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4 + p->pktlen;
+ if(GET_PKT_LEN(p) > 0)
+ len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4 + GET_PKT_LEN(p);
else
len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4;
@@ -251,7 +251,7 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
memset(&phdr, 0, sizeof(Unified2Packet));
hdr.type = htonl(UNIFIED2_PACKET_TYPE);
- hdr.length = htonl(sizeof(Unified2Packet) -4 + p->pktlen);
+ hdr.length = htonl(sizeof(Unified2Packet) -4 + GET_PKT_LEN(p));
memcpy(write_buffer,&hdr,sizeof(Unified2AlertFileHeader));
@@ -260,10 +260,10 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
phdr.event_id = 0;
phdr.event_second = phdr.packet_second = htonl(p->ts.tv_sec);
phdr.packet_microsecond = htonl(p->ts.tv_usec);
- phdr.packet_length = htonl(p->pktlen);
+ phdr.packet_length = htonl(GET_PKT_LEN(p));
memcpy(write_buffer+sizeof(Unified2AlertFileHeader),&phdr,sizeof(Unified2Packet) - 4);
- memcpy(write_buffer + sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) - 4 , p->pkt, p->pktlen);
+ memcpy(write_buffer + sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) - 4 , GET_PKT_DATA(p), GET_PKT_LEN(p));
ret = fwrite(write_buffer,len, 1, aun->file_ctx->fp);
if (ret != 1) {
diff --git a/src/decode-gre.c b/src/decode-gre.c
index d50e019..098309c 100644
--- a/src/decode-gre.c
+++ b/src/decode-gre.c
@@ -196,7 +196,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IP);
if (tp != NULL) {
- DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+ DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
PacketEnqueue(pq,tp);
}
}
@@ -209,7 +209,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, PPP_OVER_GRE);
if (tp != NULL) {
- DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+ DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
PacketEnqueue(pq,tp);
}
}
@@ -222,7 +222,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, IPPROTO_IPV6);
if (tp != NULL) {
- DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+ DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
PacketEnqueue(pq,tp);
}
}
@@ -235,7 +235,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
len - header_len, VLAN_OVER_GRE);
if (tp != NULL) {
- DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+ DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
PacketEnqueue(pq,tp);
}
}
diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c
index 22963dc..503253e 100644
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
@@ -565,7 +565,7 @@ void DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
IPV4_GET_IPPROTO(p));
if (tp != NULL) {
/* send that to the Tunnel decoder */
- DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+ DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);
@@ -584,7 +584,7 @@ void DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
Packet *rp = Defrag(tv, dtv, NULL, p);
if (rp != NULL) {
/* Got re-assembled packet, re-run through decoder. */
- DecodeIPV4(tv, dtv, rp, rp->pkt, rp->pktlen, pq);
+ DecodeIPV4(tv, dtv, rp, GET_PKT_DATA(rp), GET_PKT_LEN(rp), pq);
PacketEnqueue(pq, rp);
}
}
diff --git a/src/decode-ipv6.c b/src/decode-ipv6.c
index 870062c..b3a5776 100644
--- a/src/decode-ipv6.c
+++ b/src/decode-ipv6.c
@@ -456,7 +456,7 @@ void DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
if (IPV6_EXTHDR_ISSET_FH(p)) {
Packet *rp = Defrag(tv, dtv, NULL, p);
if (rp != NULL) {
- DecodeIPV6(tv, dtv, rp, rp->pkt, rp->pktlen, pq);
+ DecodeIPV6(tv, dtv, rp, GET_PKT_DATA(rp), GET_PKT_LEN(rp), pq);
PacketEnqueue(pq, rp);
/* Not really a tunnel packet, but we're piggybacking that
diff --git a/src/decode-raw.c b/src/decode-raw.c
index d9581f3..8b43176 100644
--- a/src/decode-raw.c
+++ b/src/decode-raw.c
@@ -43,10 +43,10 @@ void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
if (IP_GET_RAW_VER(pkt) == 4) {
SCLogDebug("IPV4 Packet");
- DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else if (IP_GET_RAW_VER(pkt) == 6) {
SCLogDebug("IPV6 Packet");
- DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else {
SCLogDebug("Unknown ip version %" PRIu8 "", IP_GET_RAW_VER(pkt));
DECODER_SET_EVENT(p,IPRAW_INVALID_IPV);
@@ -84,8 +84,8 @@ static int DecodeRawTest01 (void) {
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
- p.pktlen = sizeof(raw_ip);
- memcpy(p.pkt, raw_ip, p.pktlen);
+ SET_PKT_LEN(&p, sizeof(raw_ip));
+ PacketCopyData(&p, raw_ip, p.pktlen);
FlowInitConfig(FLOW_QUIET);
@@ -123,8 +123,8 @@ static int DecodeRawTest02 (void) {
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
- p.pktlen = sizeof(raw_ip);
- memcpy(p.pkt, raw_ip, p.pktlen);
+ SET_PKT_LEN(&p, sizeof(raw_ip));
+ PacketCopyData(&p, raw_ip, p.pktlen);
FlowInitConfig(FLOW_QUIET);
@@ -162,8 +162,8 @@ static int DecodeRawTest03 (void) {
memset(&tv, 0, sizeof(ThreadVars));
memset(&p, 0, sizeof(Packet));
- p.pktlen = sizeof(raw_ip);
- memcpy(p.pkt, raw_ip, p.pktlen);
+ SET_PKT_LEN(&p, sizeof(raw_ip));
+ PacketCopyData(&p, raw_ip, p.pktlen);
FlowInitConfig(FLOW_QUIET);
diff --git a/src/defrag.c b/src/defrag.c
index 4165560..b0bea5b 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -557,8 +557,8 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
if (frag->offset == 0) {
/* This is the first packet, we use this packets link and
* IPv4 header. We also copy in its data. */
- memcpy(rp->pkt, frag->pkt, frag->len);
- rp->ip4h = (IPV4Hdr *)(rp->pkt + frag->ip_hdr_offset);
+ PacketCopyData(p, frag->pkt, frag->len);
+ rp->ip4h = (IPV4Hdr *)(GET_PKT_DATA(rp) + frag->ip_hdr_offset);
hlen = frag->hlen;
ip_hdr_offset = frag->ip_hdr_offset;
@@ -570,11 +570,11 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
}
else {
int pkt_end = fragmentable_offset + frag->offset + frag->data_len;
- if (pkt_end > (int)sizeof(rp->pkt)) {
+ if (pkt_end > (int)MAX_PAYLOAD_SIZE) {
SCLogWarning(SC_ERR_REASSEMBLY, "Failed re-assemble fragmented packet, exceeds size of packet buffer.");
goto remove_tracker;
}
- memcpy(rp->pkt + fragmentable_offset + frag->offset + frag->ltrim,
+ PacketCopyDataOffset(rp, fragmentable_offset + frag->offset + frag->ltrim,
frag->pkt + frag->data_offset + frag->ltrim,
frag->data_len - frag->ltrim);
if (frag->offset + frag->data_len > fragmentable_len)
@@ -588,7 +588,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
rp->ip4h->ip_off = 0;
rp->ip4h->ip_csum = FixChecksum(rp->ip4h->ip_csum,
old, rp->ip4h->ip_len + rp->ip4h->ip_off);
- rp->pktlen = ip_hdr_offset + hlen + fragmentable_len;
+ SET_PKT_LEN(p, ip_hdr_offset + hlen + fragmentable_len);
IPV4_CACHE_INIT(rp);
remove_tracker:
@@ -673,11 +673,11 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
/* This is the first packet, we use this packets link and
* IPv6 headers. We also copy in its data, but remove the
* fragmentation header. */
- memcpy(rp->pkt, frag->pkt, frag->frag_hdr_offset);
- memcpy(rp->pkt + frag->frag_hdr_offset,
+ PacketCopyData(rp, frag->pkt, frag->frag_hdr_offset);
+ PacketCopyDataOffset(rp, frag->frag_hdr_offset,
frag->pkt + frag->frag_hdr_offset + sizeof(IPV6FragHdr),
frag->data_len);
- rp->ip6h = (IPV6Hdr *)(rp->pkt + frag->ip_hdr_offset);
+ rp->ip6h = (IPV6Hdr *)(GET_PKT_DATA(rp) + frag->ip_hdr_offset);
ip_hdr_offset = frag->ip_hdr_offset;
/* This is the start of the fragmentable portion of the
@@ -687,7 +687,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
fragmentable_len = frag->data_len;
}
else {
- memcpy(rp->pkt + fragmentable_offset + frag->offset + frag->ltrim,
+ PacketCopyDataOffset(rp, fragmentable_offset + frag->offset + frag->ltrim,
frag->pkt + frag->data_offset + frag->ltrim,
frag->data_len - frag->ltrim);
if (frag->offset + frag->data_len > fragmentable_len)
@@ -697,7 +697,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
BUG_ON(rp->ip6h == NULL);
rp->ip6h->s_ip6_plen = htons(fragmentable_len);
rp->ip6h->s_ip6_nxt = next_hdr;
- rp->pktlen = ip_hdr_offset + sizeof(IPV6Hdr) + fragmentable_len;
+ SET_PKT_LEN(rp, ip_hdr_offset + sizeof(IPV6Hdr) + fragmentable_len);
IPV6_CACHE_INIT(rp);
remove_tracker:
@@ -753,10 +753,10 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
more_frags = IPV4_GET_MF(p);
frag_offset = IPV4_GET_IPOFFSET(p) << 3;
hlen = IPV4_GET_HLEN(p);
- data_offset = (uint8_t *)p->ip4h + hlen - p->pkt;
+ data_offset = (uint8_t *)p->ip4h + hlen - GET_PKT_DATA(p);
data_len = IPV4_GET_IPLEN(p) - hlen;
frag_end = frag_offset + data_len;
- ip_hdr_offset = (uint8_t *)p->ip4h - p->pkt;
+ ip_hdr_offset = (uint8_t *)p->ip4h - GET_PKT_DATA(p);
/* Ignore fragment if the end of packet extends past the
* maximum size of a packet. */
@@ -768,13 +768,13 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
else if (tracker->af == AF_INET6) {
more_frags = IPV6_EXTHDR_GET_FH_FLAG(p);
frag_offset = IPV6_EXTHDR_GET_FH_OFFSET(p);
- data_offset = (uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr) - p->pkt;
+ data_offset = (uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr) - GET_PKT_DATA(p);
data_len = IPV6_GET_PLEN(p) - (
((uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr)) -
((uint8_t *)p->ip6h + sizeof(IPV6Hdr)));
frag_end = frag_offset + data_len;
- ip_hdr_offset = (uint8_t *)p->ip6h - p->pkt;
- frag_hdr_offset = (uint8_t *)p->ip6eh.ip6fh - p->pkt;
+ ip_hdr_offset = (uint8_t *)p->ip6h - GET_PKT_DATA(p);
+ frag_hdr_offset = (uint8_t *)p->ip6eh.ip6fh - GET_PKT_DATA(p);
/* Ignore fragment if the end of packet extends past the
* maximum size of a packet. */
@@ -893,15 +893,15 @@ insert:
if (new == NULL) {
goto done;
}
- new->pkt = SCMalloc(p->pktlen);
+ new->pkt = SCMalloc(GET_PKT_LEN(p));
if (new->pkt == NULL) {
SCMutexLock(&dc->frag_pool_lock);
PoolReturn(dc->frag_pool, new);
SCMutexUnlock(&dc->frag_pool_lock);
goto done;
}
- memcpy(new->pkt, p->pkt + ltrim, p->pktlen - ltrim);
- new->len = p->pktlen - ltrim;
+ memcpy(new->pkt, GET_PKT_DATA(p) + ltrim, GET_PKT_LEN(p) - ltrim);
+ new->len = GET_PKT_LEN(p) - ltrim;
new->hlen = hlen;
new->offset = frag_offset + ltrim;
new->data_offset = data_offset;
@@ -1216,7 +1216,7 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
if (p == NULL)
return NULL;
gettimeofday(&p->ts, NULL);
- p->ip4h = (IPV4Hdr *)p->pkt;
+ p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
p->ip4h->ip_verhl = 4 << 4;
p->ip4h->ip_verhl |= hlen >> 2;
p->ip4h->ip_len = htons(hlen + content_len);
@@ -1233,10 +1233,10 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
p->ip4h->ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
SET_IPV4_SRC_ADDR(p, &p->src);
SET_IPV4_DST_ADDR(p, &p->dst);
- memset(p->pkt + hlen, content, content_len);
- p->pktlen = hlen + content_len;
+ memset(GET_PKT_DATA(p) + hlen, content, content_len);
+ SET_PKT_LEN(p, hlen + content_len);
- p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->pkt, hlen);
+ p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)GET_PKT_DATA(p), hlen);
/* Self test. */
IPV4_CACHE_INIT(p);
@@ -1275,7 +1275,7 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
return NULL;
gettimeofday(&p->ts, NULL);
- p->ip6h = (IPV6Hdr *)p->pkt;
+ p->ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
IPV6_SET_RAW_VER(p->ip6h, 6);
p->ip6h->s_ip6_nxt = 44;
p->ip6h->s_ip6_hlim = 2;
@@ -1291,14 +1291,14 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
p->ip6h->ip6_dst[3] = 0x02020202;
/* Fragmentation header. */
- p->ip6eh.ip6fh = (IPV6FragHdr *)(p->pkt + sizeof(IPV6Hdr));
+ p->ip6eh.ip6fh = (IPV6FragHdr *)(GET_PKT_DATA(p) + sizeof(IPV6Hdr));
p->ip6eh.ip6fh->ip6fh_nxt = IPPROTO_ICMP;
p->ip6eh.ip6fh->ip6fh_ident = htonl(id);
p->ip6eh.ip6fh->ip6fh_offlg = htons((off << 3) | mf);
- memset(p->pkt + sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content,
+ memset(GET_PKT_DATA(p) + sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content,
content_len);
- p->pktlen = sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len;
+ SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);
p->ip6h->s_ip6_plen = htons(sizeof(IPV6FragHdr) + content_len);
@@ -1368,19 +1368,19 @@ DefragInOrderSimpleTest(void)
/* 20 bytes in we should find 8 bytes of A. */
for (i = 20; i < 20 + 8; i++) {
- if (reassembled->pkt[i] != 'A')
+ if (GET_PKT_DATA(reassembled)[i] != 'A')
goto end;
}
/* 28 bytes in we should find 8 bytes of B. */
for (i = 28; i < 28 + 8; i++) {
- if (reassembled->pkt[i] != 'B')
+ if (GET_PKT_DATA(reassembled)[i] != 'B')
goto end;
}
/* And 36 bytes in we should find 3 bytes of C. */
for (i = 36; i < 36 + 3; i++) {
- if (reassembled->pkt[i] != 'C')
+ if (GET_PKT_DATA(reassembled)[i] != 'C')
goto end;
}
@@ -1447,19 +1447,19 @@ DefragReverseSimpleTest(void)
/* 20 bytes in we should find 8 bytes of A. */
for (i = 20; i < 20 + 8; i++) {
- if (reassembled->pkt[i] != 'A')
+ if (GET_PKT_DATA(reassembled)[i] != 'A')
goto end;
}
/* 28 bytes in we should find 8 bytes of B. */
for (i = 28; i < 28 + 8; i++) {
- if (reassembled->pkt[i] != 'B')
+ if (GET_PKT_DATA(reassembled)[i] != 'B')
goto end;
}
/* And 36 bytes in we should find 3 bytes of C. */
for (i = 36; i < 36 + 3; i++) {
- if (reassembled->pkt[i] != 'C')
+ if (GET_PKT_DATA(reassembled)[i] != 'C')
goto end;
}
@@ -1524,19 +1524,19 @@ IPV6DefragInOrderSimpleTest(void)
/* 40 bytes in we should find 8 bytes of A. */
for (i = 40; i < 40 + 8; i++) {
- if (reassembled->pkt[i] != 'A')
+ if (GET_PKT_DATA(reassembled)[i] != 'A')
goto end;
}
/* 28 bytes in we should find 8 bytes of B. */
for (i = 48; i < 48 + 8; i++) {
- if (reassembled->pkt[i] != 'B')
+ if (GET_PKT_DATA(reassembled)[i] != 'B')
goto end;
}
/* And 36 bytes in we should find 3 bytes of C. */
for (i = 56; i < 56 + 3; i++) {
- if (reassembled->pkt[i] != 'C')
+ if (GET_PKT_DATA(reassembled)[i] != 'C')
goto end;
}
@@ -1593,19 +1593,19 @@ IPV6DefragReverseSimpleTest(void)
/* 40 bytes in we should find 8 bytes of A. */
for (i = 40; i < 40 + 8; i++) {
- if (reassembled->pkt[i] != 'A')
+ if (GET_PKT_DATA(reassembled)[i] != 'A')
goto end;
}
/* 28 bytes in we should find 8 bytes of B. */
for (i = 48; i < 48 + 8; i++) {
- if (reassembled->pkt[i] != 'B')
+ if (GET_PKT_DATA(reassembled)[i] != 'B')
goto end;
}
/* And 36 bytes in we should find 3 bytes of C. */
for (i = 56; i < 56 + 3; i++) {
- if (reassembled->pkt[i] != 'C')
+ if (GET_PKT_DATA(reassembled)[i] != 'C')
goto end;
}
@@ -1726,7 +1726,7 @@ DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
if (IPV4_GET_IPLEN(reassembled) != 20 + 192)
goto end;
- if (memcmp(reassembled->pkt + 20, expected, expected_len) != 0)
+ if (memcmp(GET_PKT_DATA(reassembled) + 20, expected, expected_len) != 0)
goto end;
SCFree(reassembled);
@@ -1917,7 +1917,7 @@ IPV6DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
Packet *reassembled = Defrag(NULL, NULL, dc, packets[16]);
if (reassembled == NULL)
goto end;
- if (memcmp(reassembled->pkt + 40, expected, expected_len) != 0)
+ if (memcmp(GET_PKT_DATA(reassembled) + 40, expected, expected_len) != 0)
goto end;
if (IPV6_GET_PLEN(reassembled) != 192)
diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index 96a454d..ff7247f 100644
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -262,7 +262,7 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
*/
if (data->flags & DETECT_BYTETEST_RELATIVE) {
ptr = det_ctx->pkt_ptr;
- len = p->pktlen - det_ctx->pkt_off;
+ len = GET_PKT_LEN(p) - det_ctx->pkt_off;
/* No match if there is no relative base */
if (ptr == NULL || len == 0) {
@@ -280,9 +280,9 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
/* Validate that the to-be-extracted is within the packet
* \todo Should this validate it is in the *payload*?
*/
- if (ptr < p->pkt || data->nbytes > len) {
+ if (ptr < GET_PKT_DATA(p) || data->nbytes > len) {
SCLogDebug("Data not within packet pkt=%p, ptr=%p, len=%d, nbytes=%d",
- p->pkt, ptr, len, data->nbytes);
+ GET_PKT_DATA(p), ptr, len, data->nbytes);
return 0;
}
diff --git a/src/detect-engine-tag.c b/src/detect-engine-tag.c
index 2437796..0173049 100644
--- a/src/detect-engine-tag.c
+++ b/src/detect-engine-tag.c
@@ -348,7 +348,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
/* update counters */
iter->last_ts.tv_sec = ts.tv_sec;
iter->packets++;
- iter->bytes += p->pktlen;
+ iter->bytes += GET_PKT_LEN(p);
/* If this packet triggered the rule with tag, we dont need
* to log it (the alert will log it) */
@@ -482,7 +482,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
/* update counters */
iter->last_ts.tv_sec = ts.tv_sec;
iter->packets++;
- iter->bytes += p->pktlen;
+ iter->bytes += GET_PKT_LEN(p);
/* If this packet triggered the rule with tag, we dont need
* to log it (the alert will log it) */
@@ -577,7 +577,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
/* update counters */
iter->last_ts.tv_sec = ts.tv_sec;
iter->packets++;
- iter->bytes += p->pktlen;
+ iter->bytes += GET_PKT_LEN(p);
/* If this packet triggered the rule with tag, we dont need
* to log it (the alert will log it) */
diff --git a/src/detect.c b/src/detect.c
index 215b314..2ac788c 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -7048,11 +7048,11 @@ int SigTest38Real(int mpm_type)
memset(&p1, 0, sizeof(Packet));
/* Copy raw data into packet */
- memcpy(&p1.pkt, raw_eth, ethlen);
- memcpy(p1.pkt + ethlen, raw_ipv4, ipv4len);
- memcpy(p1.pkt + ethlen + ipv4len, raw_tcp, tcplen);
- memcpy(p1.pkt + ethlen + ipv4len + tcplen, buf, buflen);
- p1.pktlen = ethlen + ipv4len + tcplen + buflen;
+ PacketCopyData(&p1, raw_eth, ethlen);
+ PacketCopyDataOffset(&p1, ethlen, raw_ipv4, ipv4len);
+ PacketCopyDataOffset(&p1, ethlen + ipv4len, raw_tcp, tcplen);
+ PacketCopyDataOffset(&p1, ethlen + ipv4len + tcplen, buf, buflen);
+ SET_PKT_LEN(&p1, ethlen + ipv4len + tcplen + buflen);
p1.tcpc.comp_csum = -1;
p1.ethh = (EthernetHdr *)raw_eth;
@@ -7061,7 +7061,7 @@ int SigTest38Real(int mpm_type)
p1.tcpvars.hlen = 0;
p1.src.family = AF_INET;
p1.dst.family = AF_INET;
- p1.payload = p1.pkt + ethlen + ipv4len + tcplen;
+ p1.payload = GET_PKT_DATA(&p1) + ethlen + ipv4len + tcplen;
p1.payload_len = buflen;
p1.proto = IPPROTO_TCP;
@@ -7175,11 +7175,11 @@ int SigTest39Real(int mpm_type)
memset(&p1, 0, sizeof(Packet));
/* Copy raw data into packet */
- memcpy(&p1.pkt, raw_eth, ethlen);
- memcpy(p1.pkt + ethlen, raw_ipv4, ipv4len);
- memcpy(p1.pkt + ethlen + ipv4len, raw_tcp, tcplen);
- memcpy(p1.pkt + ethlen + ipv4len + tcplen, buf, buflen);
- p1.pktlen = ethlen + ipv4len + tcplen + buflen;
+ PacketCopyData(&p1, raw_eth, ethlen);
+ PacketCopyDataOffset(&p1, ethlen, raw_ipv4, ipv4len);
+ PacketCopyDataOffset(&p1, ethlen + ipv4len, raw_tcp, tcplen);
+ PacketCopyDataOffset(&p1, ethlen + ipv4len + tcplen, buf, buflen);
+ SET_PKT_LEN(&p1, ethlen + ipv4len + tcplen + buflen);
p1.tcpc.comp_csum = -1;
p1.ethh = (EthernetHdr *)raw_eth;
@@ -7188,7 +7188,7 @@ int SigTest39Real(int mpm_type)
p1.tcpvars.hlen = 0;
p1.src.family = AF_INET;
p1.dst.family = AF_INET;
- p1.payload = p1.pkt + ethlen + ipv4len + tcplen;
+ p1.payload = GET_PKT_DATA(&p1) + ethlen + ipv4len + tcplen;
p1.payload_len = buflen;
p1.proto = IPPROTO_TCP;
diff --git a/src/flow.c b/src/flow.c
index d955529..cdc9d88 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -706,7 +706,7 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p)
f->tosrcpktcnt++;
p->flowflags |= FLOW_PKT_TOCLIENT;
}
- f->bytecnt += p->pktlen;
+ f->bytecnt += GET_PKT_LEN(p);
if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index 44a11c7..862b452 100644
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -521,16 +521,16 @@ TmEcode ProcessErfDagRecord(ErfDagThreadVars *ewtn, char *prec, Packet *p)
pload = &(dr->rec);
- p->pktlen = wlen - 4; /* Trim the FCS... */
+ GET_PKT_LEN(p) = wlen - 4; /* Trim the FCS... */
p->datalink = LINKTYPE_ETHERNET;
/* Take into account for link type Ethernet ETH frame starts
* after ther ERF header + pad.
*/
- memcpy(p->pkt, pload->eth.dst, p->pktlen);
+ PacketCopyData(p, pload->eth.dst, GET_PKT_LEN(p));
- SCLogDebug("p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)",
- p->pktlen, *p, *p->pkt);
+ SCLogDebug("pktlen: %" PRIu32 " (pkt %02x, pkt data %02x)",
+ GET_PKT_LEN(p), *p, *GET_PKT_DATA(p));
/* Convert ERF time to timeval - from libpcap. */
uint64_t ts = dr->ts;
@@ -609,18 +609,18 @@ TmEcode DecodeErfDag(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0);
+ (GET_PKT_LEN(p) * 8)/1000000.0);
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
/* call the decoder */
switch(p->datalink) {
case LINKTYPE_ETHERNET:
- DecodeEthernet(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
break;
default:
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED,
diff --git a/src/source-erf-file.c b/src/source-erf-file.c
index f8462c0..9c675f8 100644
--- a/src/source-erf-file.c
+++ b/src/source-erf-file.c
@@ -120,7 +120,7 @@ ReceiveErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
}
int rlen = ntohs(dr.rlen);
int wlen = ntohs(dr.wlen);
- r = fread(p->pkt, rlen - sizeof(DagRecord), 1, etv->erf);
+ r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);
if (r < 1) {
SCLogInfo("End of ERF file reached or an error occurred.");
EngineStop();
@@ -134,7 +134,7 @@ ReceiveErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
SCReturnInt(TM_ECODE_FAILED);
}
- p->pktlen = wlen - 4; /* Trim the FCS... */
+ GET_PKT_LEN(p) = wlen - 4; /* Trim the FCS... */
p->datalink = LINKTYPE_ETHERNET;
/* Convert ERF time to timeval - from libpcap. */
@@ -227,15 +227,15 @@ DecodeErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueu
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0 );
+ (GET_PKT_LEN(p) * 8)/1000000.0 );
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
- DecodeEthernet(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
SCReturnInt(TM_ECODE_OK);
}
diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 8515085..14c18cc 100644
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -254,9 +254,9 @@ TmEcode ReceiveIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pack
ptv->bytes += pktlen;
p->datalink = ptv->datalink;
- p->pktlen = pktlen;
- memcpy(p->pkt, pkt, p->pktlen);
- SCLogDebug("Packet info: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)", p->pktlen, *pkt, *p->pkt);
+ SET_PKT_LEN(p, pktlen);
+ PacketCopyData(p, pkt, p->pktlen);
+ SCLogDebug("Packet info: pkt_len: %" PRIu32 " (pkt %02x, pkt_data %02x)", GET_PKT_LEN(p), *pkt, GET_PKT_DATA(p));
/* pass on... */
tv->tmqh_out(tv, p);
@@ -401,30 +401,30 @@ TmEcode ReceiveIPFWThreadDeinit(ThreadVars *tv, void *data) {
*/
TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
- IPV4Hdr *ip4h = (IPV4Hdr *)p->pkt;
- IPV6Hdr *ip6h = (IPV6Hdr *)p->pkt;
+ IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
+ IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
SCEnter();
/* update counters */
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
/* Process IP packets */
if (IPV4_GET_RAW_VER(ip4h) == 4) {
SCLogDebug("DecodeIPFW ip4 processing");
- DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else if(IPV6_GET_RAW_VER(ip6h) == 6) {
SCLogDebug("DecodeIPFW ip6 processing");
- DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else {
/* We don't support anything besides IP packets for now, bridged packets? */
- SCLogInfo("IPFW unknown protocol support %02x", *p->pkt);
+ SCLogInfo("IPFW unknown protocol support %02x", *GET_PKT_DATA(p));
SCReturnInt(TM_ECODE_FAILED);
}
@@ -485,7 +485,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
/* For divert sockets, accepting means writing the
* packet back to the socket for ipfw to pick up
*/
- SCLogDebug("IPFWSetVerdict writing to socket %d, %p, %u", ipfw_sock,p->pkt,p->pktlen);
+ SCLogDebug("IPFWSetVerdict writing to socket %d, %p, %u", ipfw_sock,GET_PKT_DATA(p),GET_PKT_LEN(p));
while ( (poll(&IPFWpoll,1,IPFW_SOCKET_POLL_MSEC)) < 1) {
@@ -498,7 +498,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
}
SCMutexLock(&ipfw_socket_lock);
- if (sendto(ipfw_sock, p->pkt, p->pktlen, 0,(struct sockaddr *)&ipfw_sin, ipfw_sinlen) == -1) {
+ if (sendto(ipfw_sock, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&ipfw_sin, ipfw_sinlen) == -1) {
SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(errno));
SCMutexUnlock(&ipfw_socket_lock);
SCReturnInt(TM_ECODE_FAILED);
@@ -506,7 +506,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
SCMutexUnlock(&ipfw_socket_lock);
- SCLogDebug("Sent Packet back into IPFW Len: %d",p->pktlen);
+ SCLogDebug("Sent Packet back into IPFW Len: %d",GET_PKT_LEN(p));
} /* end IPFW_ACCEPT */
diff --git a/src/source-nfq.c b/src/source-nfq.c
index 4e90bb8..d31d2b7 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -177,15 +177,18 @@ void NFQSetupPkt (Packet *p, void *data)
* to trigger an error in packet decoding.
* This is unlikely to happen */
SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ sent too big packet");
- p->pktlen = 0;
+ SET_PKT_LEN(p, 0);
} else {
- memcpy(p->pkt, pktdata, ret);
- p->pktlen = (size_t)ret;
+ ret = PacketCopyData(p, (uint8_t *)pktdata, ret);
+ if (ret == -1) {
+ SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ send strange packet");
+ SET_PKT_LEN(p, 0);
+ }
}
} else if (ret == -1) {
/* unable to get pointer to data, ensure packet length is zero.
* This will trigger an error in packet decoding */
- p->pktlen = 0;
+ SET_PKT_LEN(p, 0);
}
ret = nfq_get_timestamp(tb, &p->ts);
@@ -214,7 +217,7 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
#ifdef COUNTERS
nfq_t->pkts++;
- nfq_t->bytes += p->pktlen;
+ nfq_t->bytes += GET_PKT_LEN(p);
#endif /* COUNTERS */
/* pass on... */
@@ -616,22 +619,22 @@ TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0);
+ (GET_PKT_LEN(p) * 8)/1000000.0);
if (IPV4_GET_RAW_VER(ip4h) == 4) {
SCLogDebug("IPv4 packet");
- DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else if(IPV6_GET_RAW_VER(ip6h) == 6) {
SCLogDebug("IPv6 packet");
- DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
} else {
- SCLogDebug("packet unsupported by NFQ, first byte: %02x", *p->pkt);
+ SCLogDebug("packet unsupported by NFQ, first byte: %02x", *GET_PKT_DATA(p));
}
return TM_ECODE_OK;
diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c
index 0575d52..3c1ea4b 100644
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@@ -135,9 +135,9 @@ void PcapFileCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
ptv->pkts++;
ptv->bytes += h->caplen;
- p->pktlen = h->caplen;
- memcpy(p->pkt, pkt, p->pktlen);
- //printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", p->pktlen, *pkt, *p->pkt);
+ SET_PKT_LEN(p, h->caplen);
+ PacketCopyData(p, pkt, GET_PKT_LEN(p));
+ //printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", GET_PKT_LEN(p), *pkt, *GET_PKT_DATA(p));
/* store the packet in our array */
ptv->array[ptv->array_idx] = p;
@@ -309,16 +309,16 @@ TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0 );
+ (GET_PKT_LEN(p) * 8)/1000000.0 );
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
/* call the decoder */
- pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);
+ pcap_g.Decoder(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
SCReturnInt(TM_ECODE_OK);
}
diff --git a/src/source-pcap.c b/src/source-pcap.c
index bbf92d8..242ed3f 100644
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -151,9 +151,10 @@ void PcapCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
ptv->bytes += h->caplen;
p->datalink = ptv->datalink;
- p->pktlen = h->caplen;
- memcpy(p->pkt, pkt, p->pktlen);
- SCLogDebug("p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)", p->pktlen, *pkt, *p->pkt);
+ SET_PKT_LEN(p, h->caplen);
+ PacketCopyData(p, pkt, GET_PKT_LEN(p));
+ SCLogDebug("pktlen: %" PRIu32 " (pkt %02x, pkt data %02x)",
+ GET_PKT_LEN(p), *pkt, *GET_PKT_DATA(p));
/* store the packet in our array */
ptv->array[ptv->array_idx] = p;
@@ -472,27 +473,27 @@ TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0);
+ (GET_PKT_LEN(p) * 8)/1000000.0);
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
/* call the decoder */
switch(p->datalink) {
case LINKTYPE_LINUX_SLL:
- DecodeSll(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeSll(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
break;
case LINKTYPE_ETHERNET:
- DecodeEthernet(tv, dtv, p,p->pkt, p->pktlen, pq);
+ DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
break;
case LINKTYPE_PPP:
- DecodePPP(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
break;
case LINKTYPE_RAW:
- DecodeRaw(tv, dtv, p, p->pkt, p->pktlen, pq);
+ DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
break;
default:
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodePcap", p->datalink);
diff --git a/src/source-pfring.c b/src/source-pfring.c
index bcbec88..c65ef2b 100644
--- a/src/source-pfring.c
+++ b/src/source-pfring.c
@@ -171,8 +171,8 @@ void PfringProcessPacket(void *user, struct pfring_pkthdr *h, u_char *pkt, Packe
/* PF_RING all packets are marked as a link type of ethernet so that is what we do here. */
p->datalink = LINKTYPE_ETHERNET;
- p->pktlen = h->caplen;
- memcpy(p->pkt, pkt, p->pktlen);
+ SET_PKT_LEN(p, h->caplen);
+ PacketCopyData(p, pkt, GET_PKT_LEN(p));
}
@@ -354,15 +354,15 @@ TmEcode DecodePfring(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac
SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
- SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
- (p->pktlen * 8)/1000000.0 );
+ (GET_PKT_LEN(p) * 8)/1000000.0 );
- SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
- SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+ SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+ SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
- DecodeEthernet(tv, dtv, p,p->pkt, p->pktlen, pq);
+ DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
return TM_ECODE_OK;
}
diff --git a/src/util-unittest-helper.c b/src/util-unittest-helper.c
index af3610d..f1bfb9f 100644
--- a/src/util-unittest-helper.c
+++ b/src/util-unittest-helper.c
@@ -100,7 +100,7 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
p->tcph->th_sport = sport;
p->tcph->th_dport = dport;
- p->pktlen = sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len;
+ SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
return p;
}
@@ -164,7 +164,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
memset(p->udph, 0, sizeof(UDPHdr));
p->udph->uh_sport = sport;
p->udph->uh_dport = dport;
- p->pktlen = sizeof(IPV4Hdr) + sizeof(UDPHdr) + payload_len;
+ SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(UDPHdr) + payload_len);
break;
case IPPROTO_TCP:
p->tcph = SCMalloc(sizeof(TCPHdr));
@@ -173,14 +173,14 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
memset(p->tcph, 0, sizeof(TCPHdr));
p->tcph->th_sport = sport;
p->tcph->th_dport = dport;
- p->pktlen = sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len;
+ SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len);
break;
case IPPROTO_ICMP:
p->icmpv4h = SCMalloc(sizeof(ICMPV4Hdr));
if (p->icmpv4h == NULL)
return NULL;
memset(p->icmpv4h, 0, sizeof(ICMPV4Hdr));
- p->pktlen = sizeof(IPV4Hdr) + sizeof(ICMPV4Hdr) + payload_len;
+ SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(ICMPV4Hdr) + payload_len);
break;
default:
break;
--
1.7.1
More information about the Oisf-devel
mailing list