[Oisf-devel] [PATCH 2/2] Modify files to avoid direct pckt payload access

Eric Leblond eleblond at edenwall.com
Tue Nov 16 22:00:43 UTC 2010


This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.

Signed-off-by: Eric Leblond <eleblond at edenwall.com>
---
 src/alert-debuglog.c       |   12 +++---
 src/alert-fastlog.c        |    2 +-
 src/alert-unified-log.c    |    8 ++--
 src/alert-unified2-alert.c |   10 +++---
 src/decode-gre.c           |    8 ++--
 src/decode-ipv4.c          |    4 +-
 src/decode-ipv6.c          |    2 +-
 src/decode-raw.c           |   16 ++++----
 src/defrag.c               |   80 ++++++++++++++++++++++----------------------
 src/detect-bytetest.c      |    6 ++--
 src/detect-engine-tag.c    |    6 ++--
 src/detect.c               |   24 ++++++------
 src/flow.c                 |    2 +-
 src/source-erf-dag.c       |   20 +++++-----
 src/source-erf-file.c      |   16 ++++----
 src/source-ipfw.c          |   28 ++++++++--------
 src/source-nfq.c           |   29 +++++++++-------
 src/source-pcap-file.c     |   18 +++++-----
 src/source-pcap.c          |   25 +++++++------
 src/source-pfring.c        |   16 ++++----
 src/util-unittest-helper.c |    8 ++--
 21 files changed, 172 insertions(+), 168 deletions(-)

diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index 76db5d9..e7a04d4 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -248,9 +248,9 @@ TmEcode AlertDebugLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
 
     aft->file_ctx->alerts += p->alerts.cnt;
 
-    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", p->pktlen);
+    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", GET_PKT_LEN(p));
     fprintf(aft->file_ctx->fp, "PACKET:\n");
-    PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+    PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
 
     fflush(aft->file_ctx->fp);
     SCMutexUnlock(&aft->file_ctx->fp_mutex);
@@ -313,9 +313,9 @@ TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
 
     AlertDebugLogPktVars(aft, p);
 
-    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", p->pktlen);
+    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", GET_PKT_LEN(p));
     fprintf(aft->file_ctx->fp, "PACKET:\n");
-    PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+    PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
 
     fflush(aft->file_ctx->fp);
     SCMutexUnlock(&aft->file_ctx->fp_mutex);
@@ -356,9 +356,9 @@ TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQ
 
     aft->file_ctx->alerts += p->alerts.cnt;
 
-    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", p->pktlen);
+    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "\n", GET_PKT_LEN(p));
     fprintf(aft->file_ctx->fp, "PACKET:\n");
-    PrintRawDataFp(aft->file_ctx->fp, p->pkt, p->pktlen);
+    PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));
 
     fflush(aft->file_ctx->fp);
     SCMutexUnlock(&aft->file_ctx->fp_mutex);
diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index 1131a3f..3ca91cc 100644
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -235,7 +235,7 @@ TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQu
         fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: %s] [Priority: %" PRIu32 "] [**] [Raw pkt: ",
                 timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio);
 
-        PrintRawLineHexFp(aft->file_ctx->fp, p->pkt, p->pktlen < 32 ? p->pktlen : 32);
+        PrintRawLineHexFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);
         if (p->pcap_cnt != 0) {
             fprintf(aft->file_ctx->fp, "] [pcap file packet: %"PRIu64"]", p->pcap_cnt);
         }
diff --git a/src/alert-unified-log.c b/src/alert-unified-log.c
index 2ee5903..8901323 100644
--- a/src/alert-unified-log.c
+++ b/src/alert-unified-log.c
@@ -212,7 +212,7 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     hdr.tv.tv_sec = hdr.ref_tv.tv_sec = p->ts.tv_sec;
     hdr.tv.tv_usec = hdr.ref_tv.tv_usec = p->ts.tv_usec;
     hdr.pktflags = 0; /* XXX */
-    hdr.pktlen = hdr.caplen = p->pktlen + ethh_offset;
+    hdr.pktlen = hdr.caplen = GET_PKT_LEN(p) + ethh_offset;
 
 
     uint16_t i = 0;
@@ -244,13 +244,13 @@ TmEcode AlertUnifiedLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
             buflen += sizeof(ethh);
         }
 
-        memcpy(buf+buflen,&p->pkt,p->pktlen);
-        buflen += p->pktlen;
+        memcpy(buf+buflen, GET_PKT_DATA(p),GET_PKT_LEN(p));
+        buflen += GET_PKT_LEN(p);
 
         /** Wait for the mutex. We dont want all the threads rotating the file
          * at the same time :) */
         SCMutexLock(&aun->file_ctx->fp_mutex);
-        if ((aun->file_ctx->size_current + sizeof(hdr) + p->pktlen + ethh_offset) > aun->file_ctx->size_limit) {
+        if ((aun->file_ctx->size_current + sizeof(hdr) + GET_PKT_LEN(p) + ethh_offset) > aun->file_ctx->size_limit) {
             if (AlertUnifiedLogRotateFile(tv,aun) < 0) {
                 SCMutexUnlock(&aun->file_ctx->fp_mutex);
                 aun->file_ctx->alerts += i;
diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index 7ea721d..fb3787d 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -240,8 +240,8 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
     int ret, len;
     char write_buffer[sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) + IPV4_MAXPACKET_LEN];
 
-    if(p->pktlen > 0)
-        len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4 + p->pktlen;
+    if(GET_PKT_LEN(p) > 0)
+        len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4 + GET_PKT_LEN(p);
     else
         len = (sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet)) - 4;
 
@@ -251,7 +251,7 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
     memset(&phdr, 0, sizeof(Unified2Packet));
 
     hdr.type = htonl(UNIFIED2_PACKET_TYPE);
-    hdr.length = htonl(sizeof(Unified2Packet) -4 + p->pktlen);
+    hdr.length = htonl(sizeof(Unified2Packet) -4 + GET_PKT_LEN(p));
 
     memcpy(write_buffer,&hdr,sizeof(Unified2AlertFileHeader));
 
@@ -260,10 +260,10 @@ int Unified2PacketTypeAlert (ThreadVars *t, Packet *p, void *data)
     phdr.event_id = 0;
     phdr.event_second = phdr.packet_second = htonl(p->ts.tv_sec);
     phdr.packet_microsecond = htonl(p->ts.tv_usec);
-    phdr.packet_length = htonl(p->pktlen);
+    phdr.packet_length = htonl(GET_PKT_LEN(p));
 
     memcpy(write_buffer+sizeof(Unified2AlertFileHeader),&phdr,sizeof(Unified2Packet) - 4);
-    memcpy(write_buffer + sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) - 4 , p->pkt, p->pktlen);
+    memcpy(write_buffer + sizeof(Unified2AlertFileHeader) + sizeof(Unified2Packet) - 4 , GET_PKT_DATA(p), GET_PKT_LEN(p));
 
     ret = fwrite(write_buffer,len, 1, aun->file_ctx->fp);
     if (ret != 1) {
diff --git a/src/decode-gre.c b/src/decode-gre.c
index d50e019..098309c 100644
--- a/src/decode-gre.c
+++ b/src/decode-gre.c
@@ -196,7 +196,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
                     Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
                             len - header_len, IPPROTO_IP);
                     if (tp != NULL) {
-                        DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+                        DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
                         PacketEnqueue(pq,tp);
                     }
                 }
@@ -209,7 +209,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
                     Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
                             len - header_len, PPP_OVER_GRE);
                     if (tp != NULL) {
-                        DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+                        DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
                         PacketEnqueue(pq,tp);
                     }
                 }
@@ -222,7 +222,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
                     Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
                             len - header_len, IPPROTO_IPV6);
                     if (tp != NULL) {
-                        DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+                        DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
                         PacketEnqueue(pq,tp);
                     }
                 }
@@ -235,7 +235,7 @@ void DecodeGRE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
                     Packet *tp = PacketPseudoPktSetup(p, pkt + header_len,
                             len - header_len, VLAN_OVER_GRE);
                     if (tp != NULL) {
-                        DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+                        DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
                         PacketEnqueue(pq,tp);
                     }
                 }
diff --git a/src/decode-ipv4.c b/src/decode-ipv4.c
index 22963dc..503253e 100644
--- a/src/decode-ipv4.c
+++ b/src/decode-ipv4.c
@@ -565,7 +565,7 @@ void DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
                             IPV4_GET_IPPROTO(p));
                     if (tp != NULL) {
                         /* send that to the Tunnel decoder */
-                        DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
+                        DecodeTunnel(tv, dtv, tp, GET_PKT_DATA(tp), GET_PKT_LEN(tp), pq);
 
                         /* add the tp to the packet queue. */
                         PacketEnqueue(pq,tp);
@@ -584,7 +584,7 @@ void DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
         Packet *rp = Defrag(tv, dtv, NULL, p);
         if (rp != NULL) {
             /* Got re-assembled packet, re-run through decoder. */
-            DecodeIPV4(tv, dtv, rp, rp->pkt, rp->pktlen, pq);
+            DecodeIPV4(tv, dtv, rp, GET_PKT_DATA(rp), GET_PKT_LEN(rp), pq);
             PacketEnqueue(pq, rp);
         }
     }
diff --git a/src/decode-ipv6.c b/src/decode-ipv6.c
index 870062c..b3a5776 100644
--- a/src/decode-ipv6.c
+++ b/src/decode-ipv6.c
@@ -456,7 +456,7 @@ void DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt,
     if (IPV6_EXTHDR_ISSET_FH(p)) {
         Packet *rp = Defrag(tv, dtv, NULL, p);
         if (rp != NULL) {
-            DecodeIPV6(tv, dtv, rp, rp->pkt, rp->pktlen, pq);
+            DecodeIPV6(tv, dtv, rp, GET_PKT_DATA(rp), GET_PKT_LEN(rp), pq);
             PacketEnqueue(pq, rp);
 
             /* Not really a tunnel packet, but we're piggybacking that
diff --git a/src/decode-raw.c b/src/decode-raw.c
index d9581f3..8b43176 100644
--- a/src/decode-raw.c
+++ b/src/decode-raw.c
@@ -43,10 +43,10 @@ void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, u
 
     if (IP_GET_RAW_VER(pkt) == 4) {
         SCLogDebug("IPV4 Packet");
-        DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
     } else if (IP_GET_RAW_VER(pkt) == 6) {
         SCLogDebug("IPV6 Packet");
-        DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
     } else {
         SCLogDebug("Unknown ip version %" PRIu8 "", IP_GET_RAW_VER(pkt));
         DECODER_SET_EVENT(p,IPRAW_INVALID_IPV);
@@ -84,8 +84,8 @@ static int DecodeRawTest01 (void)   {
     memset(&tv,  0, sizeof(ThreadVars));
     memset(&p,   0, sizeof(Packet));
 
-    p.pktlen = sizeof(raw_ip);
-    memcpy(p.pkt, raw_ip, p.pktlen);
+    SET_PKT_LEN(&p, sizeof(raw_ip));
+    PacketCopyData(&p, raw_ip, p.pktlen);
 
     FlowInitConfig(FLOW_QUIET);
 
@@ -123,8 +123,8 @@ static int DecodeRawTest02 (void)   {
     memset(&tv,  0, sizeof(ThreadVars));
     memset(&p,   0, sizeof(Packet));
 
-    p.pktlen = sizeof(raw_ip);
-    memcpy(p.pkt, raw_ip, p.pktlen);
+    SET_PKT_LEN(&p, sizeof(raw_ip));
+    PacketCopyData(&p, raw_ip, p.pktlen);
 
     FlowInitConfig(FLOW_QUIET);
 
@@ -162,8 +162,8 @@ static int DecodeRawTest03 (void)   {
     memset(&tv,  0, sizeof(ThreadVars));
     memset(&p,   0, sizeof(Packet));
 
-    p.pktlen = sizeof(raw_ip);
-    memcpy(p.pkt, raw_ip, p.pktlen);
+    SET_PKT_LEN(&p, sizeof(raw_ip));
+    PacketCopyData(&p, raw_ip, p.pktlen);
 
     FlowInitConfig(FLOW_QUIET);
 
diff --git a/src/defrag.c b/src/defrag.c
index 4165560..b0bea5b 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -557,8 +557,8 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
         if (frag->offset == 0) {
             /* This is the first packet, we use this packets link and
              * IPv4 header. We also copy in its data. */
-            memcpy(rp->pkt, frag->pkt, frag->len);
-            rp->ip4h = (IPV4Hdr *)(rp->pkt + frag->ip_hdr_offset);
+            PacketCopyData(p, frag->pkt, frag->len);
+            rp->ip4h = (IPV4Hdr *)(GET_PKT_DATA(rp) + frag->ip_hdr_offset);
             hlen = frag->hlen;
             ip_hdr_offset = frag->ip_hdr_offset;
 
@@ -570,11 +570,11 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
         }
         else {
             int pkt_end = fragmentable_offset + frag->offset + frag->data_len;
-            if (pkt_end > (int)sizeof(rp->pkt)) {
+            if (pkt_end > (int)MAX_PAYLOAD_SIZE) {
                 SCLogWarning(SC_ERR_REASSEMBLY, "Failed re-assemble fragmented packet, exceeds size of packet buffer.");
                 goto remove_tracker;
             }
-            memcpy(rp->pkt + fragmentable_offset + frag->offset + frag->ltrim,
+            PacketCopyDataOffset(rp, fragmentable_offset + frag->offset + frag->ltrim,
                 frag->pkt + frag->data_offset + frag->ltrim,
                 frag->data_len - frag->ltrim);
             if (frag->offset + frag->data_len > fragmentable_len)
@@ -588,7 +588,7 @@ Defrag4Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
     rp->ip4h->ip_off = 0;
     rp->ip4h->ip_csum = FixChecksum(rp->ip4h->ip_csum,
         old, rp->ip4h->ip_len + rp->ip4h->ip_off);
-    rp->pktlen = ip_hdr_offset + hlen + fragmentable_len;
+    SET_PKT_LEN(p, ip_hdr_offset + hlen + fragmentable_len);
     IPV4_CACHE_INIT(rp);
 
 remove_tracker:
@@ -673,11 +673,11 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
             /* This is the first packet, we use this packets link and
              * IPv6 headers. We also copy in its data, but remove the
              * fragmentation header. */
-            memcpy(rp->pkt, frag->pkt, frag->frag_hdr_offset);
-            memcpy(rp->pkt + frag->frag_hdr_offset,
+            PacketCopyData(rp, frag->pkt, frag->frag_hdr_offset);
+            PacketCopyDataOffset(rp, frag->frag_hdr_offset,
                 frag->pkt + frag->frag_hdr_offset + sizeof(IPV6FragHdr),
                 frag->data_len);
-            rp->ip6h = (IPV6Hdr *)(rp->pkt + frag->ip_hdr_offset);
+            rp->ip6h = (IPV6Hdr *)(GET_PKT_DATA(rp) + frag->ip_hdr_offset);
             ip_hdr_offset = frag->ip_hdr_offset;
 
             /* This is the start of the fragmentable portion of the
@@ -687,7 +687,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
             fragmentable_len = frag->data_len;
         }
         else {
-            memcpy(rp->pkt + fragmentable_offset + frag->offset + frag->ltrim,
+            PacketCopyDataOffset(rp, fragmentable_offset + frag->offset + frag->ltrim,
                 frag->pkt + frag->data_offset + frag->ltrim,
                 frag->data_len - frag->ltrim);
             if (frag->offset + frag->data_len > fragmentable_len)
@@ -697,7 +697,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragContext *dc, DefragTracker *tracker,
     BUG_ON(rp->ip6h == NULL);
     rp->ip6h->s_ip6_plen = htons(fragmentable_len);
     rp->ip6h->s_ip6_nxt = next_hdr;
-    rp->pktlen = ip_hdr_offset + sizeof(IPV6Hdr) + fragmentable_len;
+    SET_PKT_LEN(rp, ip_hdr_offset + sizeof(IPV6Hdr) + fragmentable_len);
     IPV6_CACHE_INIT(rp);
 
 remove_tracker:
@@ -753,10 +753,10 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
         more_frags = IPV4_GET_MF(p);
         frag_offset = IPV4_GET_IPOFFSET(p) << 3;
         hlen = IPV4_GET_HLEN(p);
-        data_offset = (uint8_t *)p->ip4h + hlen - p->pkt;
+        data_offset = (uint8_t *)p->ip4h + hlen - GET_PKT_DATA(p);
         data_len = IPV4_GET_IPLEN(p) - hlen;
         frag_end = frag_offset + data_len;
-        ip_hdr_offset = (uint8_t *)p->ip4h - p->pkt;
+        ip_hdr_offset = (uint8_t *)p->ip4h - GET_PKT_DATA(p);
 
         /* Ignore fragment if the end of packet extends past the
          * maximum size of a packet. */
@@ -768,13 +768,13 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragContext *dc,
     else if (tracker->af == AF_INET6) {
         more_frags = IPV6_EXTHDR_GET_FH_FLAG(p);
         frag_offset = IPV6_EXTHDR_GET_FH_OFFSET(p);
-        data_offset = (uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr) - p->pkt;
+        data_offset = (uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr) - GET_PKT_DATA(p);
         data_len = IPV6_GET_PLEN(p) - (
             ((uint8_t *)p->ip6eh.ip6fh + sizeof(IPV6FragHdr)) -
                 ((uint8_t *)p->ip6h + sizeof(IPV6Hdr)));
         frag_end = frag_offset + data_len;
-        ip_hdr_offset = (uint8_t *)p->ip6h - p->pkt;
-        frag_hdr_offset = (uint8_t *)p->ip6eh.ip6fh - p->pkt;
+        ip_hdr_offset = (uint8_t *)p->ip6h - GET_PKT_DATA(p);
+        frag_hdr_offset = (uint8_t *)p->ip6eh.ip6fh - GET_PKT_DATA(p);
 
         /* Ignore fragment if the end of packet extends past the
          * maximum size of a packet. */
@@ -893,15 +893,15 @@ insert:
     if (new == NULL) {
         goto done;
     }
-    new->pkt = SCMalloc(p->pktlen);
+    new->pkt = SCMalloc(GET_PKT_LEN(p));
     if (new->pkt == NULL) {
         SCMutexLock(&dc->frag_pool_lock);
         PoolReturn(dc->frag_pool, new);
         SCMutexUnlock(&dc->frag_pool_lock);
         goto done;
     }
-    memcpy(new->pkt, p->pkt + ltrim, p->pktlen - ltrim);
-    new->len = p->pktlen - ltrim;
+    memcpy(new->pkt, GET_PKT_DATA(p) + ltrim, GET_PKT_LEN(p) - ltrim);
+    new->len = GET_PKT_LEN(p) - ltrim;
     new->hlen = hlen;
     new->offset = frag_offset + ltrim;
     new->data_offset = data_offset;
@@ -1216,7 +1216,7 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
     if (p == NULL)
         return NULL;
     gettimeofday(&p->ts, NULL);
-    p->ip4h = (IPV4Hdr *)p->pkt;
+    p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
     p->ip4h->ip_verhl = 4 << 4;
     p->ip4h->ip_verhl |= hlen >> 2;
     p->ip4h->ip_len = htons(hlen + content_len);
@@ -1233,10 +1233,10 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content,
     p->ip4h->ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
     SET_IPV4_SRC_ADDR(p, &p->src);
     SET_IPV4_DST_ADDR(p, &p->dst);
-    memset(p->pkt + hlen, content, content_len);
-    p->pktlen = hlen + content_len;
+    memset(GET_PKT_DATA(p) + hlen, content, content_len);
+    SET_PKT_LEN(p, hlen + content_len);
 
-    p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->pkt, hlen);
+    p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)GET_PKT_DATA(p), hlen);
 
     /* Self test. */
     IPV4_CACHE_INIT(p);
@@ -1275,7 +1275,7 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
         return NULL;
     gettimeofday(&p->ts, NULL);
 
-    p->ip6h = (IPV6Hdr *)p->pkt;
+    p->ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
     IPV6_SET_RAW_VER(p->ip6h, 6);
     p->ip6h->s_ip6_nxt = 44;
     p->ip6h->s_ip6_hlim = 2;
@@ -1291,14 +1291,14 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content,
     p->ip6h->ip6_dst[3] = 0x02020202;
 
     /* Fragmentation header. */
-    p->ip6eh.ip6fh = (IPV6FragHdr *)(p->pkt + sizeof(IPV6Hdr));
+    p->ip6eh.ip6fh = (IPV6FragHdr *)(GET_PKT_DATA(p) + sizeof(IPV6Hdr));
     p->ip6eh.ip6fh->ip6fh_nxt = IPPROTO_ICMP;
     p->ip6eh.ip6fh->ip6fh_ident = htonl(id);
     p->ip6eh.ip6fh->ip6fh_offlg = htons((off << 3) | mf);
 
-    memset(p->pkt + sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content,
+    memset(GET_PKT_DATA(p) + sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content,
         content_len);
-    p->pktlen = sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len;
+    SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);
 
     p->ip6h->s_ip6_plen = htons(sizeof(IPV6FragHdr) + content_len);
 
@@ -1368,19 +1368,19 @@ DefragInOrderSimpleTest(void)
 
     /* 20 bytes in we should find 8 bytes of A. */
     for (i = 20; i < 20 + 8; i++) {
-        if (reassembled->pkt[i] != 'A')
+        if (GET_PKT_DATA(reassembled)[i] != 'A')
             goto end;
     }
 
     /* 28 bytes in we should find 8 bytes of B. */
     for (i = 28; i < 28 + 8; i++) {
-        if (reassembled->pkt[i] != 'B')
+        if (GET_PKT_DATA(reassembled)[i] != 'B')
             goto end;
     }
 
     /* And 36 bytes in we should find 3 bytes of C. */
     for (i = 36; i < 36 + 3; i++) {
-        if (reassembled->pkt[i] != 'C')
+        if (GET_PKT_DATA(reassembled)[i] != 'C')
             goto end;
     }
 
@@ -1447,19 +1447,19 @@ DefragReverseSimpleTest(void)
 
     /* 20 bytes in we should find 8 bytes of A. */
     for (i = 20; i < 20 + 8; i++) {
-        if (reassembled->pkt[i] != 'A')
+        if (GET_PKT_DATA(reassembled)[i] != 'A')
             goto end;
     }
 
     /* 28 bytes in we should find 8 bytes of B. */
     for (i = 28; i < 28 + 8; i++) {
-        if (reassembled->pkt[i] != 'B')
+        if (GET_PKT_DATA(reassembled)[i] != 'B')
             goto end;
     }
 
     /* And 36 bytes in we should find 3 bytes of C. */
     for (i = 36; i < 36 + 3; i++) {
-        if (reassembled->pkt[i] != 'C')
+        if (GET_PKT_DATA(reassembled)[i] != 'C')
             goto end;
     }
 
@@ -1524,19 +1524,19 @@ IPV6DefragInOrderSimpleTest(void)
 
     /* 40 bytes in we should find 8 bytes of A. */
     for (i = 40; i < 40 + 8; i++) {
-        if (reassembled->pkt[i] != 'A')
+        if (GET_PKT_DATA(reassembled)[i] != 'A')
             goto end;
     }
 
     /* 28 bytes in we should find 8 bytes of B. */
     for (i = 48; i < 48 + 8; i++) {
-        if (reassembled->pkt[i] != 'B')
+        if (GET_PKT_DATA(reassembled)[i] != 'B')
             goto end;
     }
 
     /* And 36 bytes in we should find 3 bytes of C. */
     for (i = 56; i < 56 + 3; i++) {
-        if (reassembled->pkt[i] != 'C')
+        if (GET_PKT_DATA(reassembled)[i] != 'C')
             goto end;
     }
 
@@ -1593,19 +1593,19 @@ IPV6DefragReverseSimpleTest(void)
 
     /* 40 bytes in we should find 8 bytes of A. */
     for (i = 40; i < 40 + 8; i++) {
-        if (reassembled->pkt[i] != 'A')
+        if (GET_PKT_DATA(reassembled)[i] != 'A')
             goto end;
     }
 
     /* 28 bytes in we should find 8 bytes of B. */
     for (i = 48; i < 48 + 8; i++) {
-        if (reassembled->pkt[i] != 'B')
+        if (GET_PKT_DATA(reassembled)[i] != 'B')
             goto end;
     }
 
     /* And 36 bytes in we should find 3 bytes of C. */
     for (i = 56; i < 56 + 3; i++) {
-        if (reassembled->pkt[i] != 'C')
+        if (GET_PKT_DATA(reassembled)[i] != 'C')
             goto end;
     }
 
@@ -1726,7 +1726,7 @@ DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
     if (IPV4_GET_IPLEN(reassembled) != 20 + 192)
         goto end;
 
-    if (memcmp(reassembled->pkt + 20, expected, expected_len) != 0)
+    if (memcmp(GET_PKT_DATA(reassembled) + 20, expected, expected_len) != 0)
         goto end;
     SCFree(reassembled);
 
@@ -1917,7 +1917,7 @@ IPV6DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len)
     Packet *reassembled = Defrag(NULL, NULL, dc, packets[16]);
     if (reassembled == NULL)
         goto end;
-    if (memcmp(reassembled->pkt + 40, expected, expected_len) != 0)
+    if (memcmp(GET_PKT_DATA(reassembled) + 40, expected, expected_len) != 0)
         goto end;
 
     if (IPV6_GET_PLEN(reassembled) != 192)
diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c
index 96a454d..ff7247f 100644
--- a/src/detect-bytetest.c
+++ b/src/detect-bytetest.c
@@ -262,7 +262,7 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
      */
     if (data->flags & DETECT_BYTETEST_RELATIVE) {
         ptr = det_ctx->pkt_ptr;
-        len = p->pktlen - det_ctx->pkt_off;
+        len = GET_PKT_LEN(p) - det_ctx->pkt_off;
 
         /* No match if there is no relative base */
         if (ptr == NULL || len == 0) {
@@ -280,9 +280,9 @@ int DetectBytetestMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
     /* Validate that the to-be-extracted is within the packet
      * \todo Should this validate it is in the *payload*?
      */
-    if (ptr < p->pkt || data->nbytes > len) {
+    if (ptr < GET_PKT_DATA(p) || data->nbytes > len) {
         SCLogDebug("Data not within packet pkt=%p, ptr=%p, len=%d, nbytes=%d",
-                    p->pkt, ptr, len, data->nbytes);
+                    GET_PKT_DATA(p), ptr, len, data->nbytes);
         return 0;
     }
 
diff --git a/src/detect-engine-tag.c b/src/detect-engine-tag.c
index 2437796..0173049 100644
--- a/src/detect-engine-tag.c
+++ b/src/detect-engine-tag.c
@@ -348,7 +348,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
                 /* update counters */
                 iter->last_ts.tv_sec = ts.tv_sec;
                 iter->packets++;
-                iter->bytes += p->pktlen;
+                iter->bytes += GET_PKT_LEN(p);
 
                 /* If this packet triggered the rule with tag, we dont need
                  * to log it (the alert will log it) */
@@ -482,7 +482,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
         /* update counters */
         iter->last_ts.tv_sec = ts.tv_sec;
         iter->packets++;
-        iter->bytes += p->pktlen;
+        iter->bytes += GET_PKT_LEN(p);
 
         /* If this packet triggered the rule with tag, we dont need
          * to log it (the alert will log it) */
@@ -577,7 +577,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
         /* update counters */
         iter->last_ts.tv_sec = ts.tv_sec;
         iter->packets++;
-        iter->bytes += p->pktlen;
+        iter->bytes += GET_PKT_LEN(p);
 
         /* If this packet triggered the rule with tag, we dont need
          * to log it (the alert will log it) */
diff --git a/src/detect.c b/src/detect.c
index 215b314..2ac788c 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -7048,11 +7048,11 @@ int SigTest38Real(int mpm_type)
     memset(&p1, 0, sizeof(Packet));
 
     /* Copy raw data into packet */
-    memcpy(&p1.pkt, raw_eth, ethlen);
-    memcpy(p1.pkt + ethlen, raw_ipv4, ipv4len);
-    memcpy(p1.pkt + ethlen + ipv4len, raw_tcp, tcplen);
-    memcpy(p1.pkt + ethlen + ipv4len + tcplen, buf, buflen);
-    p1.pktlen = ethlen + ipv4len + tcplen + buflen;
+    PacketCopyData(&p1, raw_eth, ethlen);
+    PacketCopyDataOffset(&p1, ethlen, raw_ipv4, ipv4len);
+    PacketCopyDataOffset(&p1, ethlen + ipv4len, raw_tcp, tcplen);
+    PacketCopyDataOffset(&p1, ethlen + ipv4len + tcplen, buf, buflen);
+    SET_PKT_LEN(&p1, ethlen + ipv4len + tcplen + buflen);
 
     p1.tcpc.comp_csum = -1;
     p1.ethh = (EthernetHdr *)raw_eth;
@@ -7061,7 +7061,7 @@ int SigTest38Real(int mpm_type)
     p1.tcpvars.hlen = 0;
     p1.src.family = AF_INET;
     p1.dst.family = AF_INET;
-    p1.payload = p1.pkt + ethlen + ipv4len + tcplen;
+    p1.payload = GET_PKT_DATA(&p1) + ethlen + ipv4len + tcplen;
     p1.payload_len = buflen;
     p1.proto = IPPROTO_TCP;
 
@@ -7175,11 +7175,11 @@ int SigTest39Real(int mpm_type)
     memset(&p1, 0, sizeof(Packet));
 
     /* Copy raw data into packet */
-    memcpy(&p1.pkt, raw_eth, ethlen);
-    memcpy(p1.pkt + ethlen, raw_ipv4, ipv4len);
-    memcpy(p1.pkt + ethlen + ipv4len, raw_tcp, tcplen);
-    memcpy(p1.pkt + ethlen + ipv4len + tcplen, buf, buflen);
-    p1.pktlen = ethlen + ipv4len + tcplen + buflen;
+    PacketCopyData(&p1, raw_eth, ethlen);
+    PacketCopyDataOffset(&p1, ethlen, raw_ipv4, ipv4len);
+    PacketCopyDataOffset(&p1, ethlen + ipv4len, raw_tcp, tcplen);
+    PacketCopyDataOffset(&p1, ethlen + ipv4len + tcplen, buf, buflen);
+    SET_PKT_LEN(&p1, ethlen + ipv4len + tcplen + buflen);
 
     p1.tcpc.comp_csum = -1;
     p1.ethh = (EthernetHdr *)raw_eth;
@@ -7188,7 +7188,7 @@ int SigTest39Real(int mpm_type)
     p1.tcpvars.hlen = 0;
     p1.src.family = AF_INET;
     p1.dst.family = AF_INET;
-    p1.payload = p1.pkt + ethlen + ipv4len + tcplen;
+    p1.payload = GET_PKT_DATA(&p1) + ethlen + ipv4len + tcplen;
     p1.payload_len = buflen;
     p1.proto = IPPROTO_TCP;
 
diff --git a/src/flow.c b/src/flow.c
index d955529..cdc9d88 100644
--- a/src/flow.c
+++ b/src/flow.c
@@ -706,7 +706,7 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p)
         f->tosrcpktcnt++;
         p->flowflags |= FLOW_PKT_TOCLIENT;
     }
-    f->bytecnt += p->pktlen;
+    f->bytecnt += GET_PKT_LEN(p);
 
     if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) {
         SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index 44a11c7..862b452 100644
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -521,16 +521,16 @@ TmEcode ProcessErfDagRecord(ErfDagThreadVars *ewtn, char *prec, Packet *p)
 
     pload = &(dr->rec);
 
-    p->pktlen = wlen - 4;   /* Trim the FCS... */
+    GET_PKT_LEN(p) = wlen - 4;   /* Trim the FCS... */
     p->datalink = LINKTYPE_ETHERNET;
 
     /* Take into account for link type Ethernet ETH frame starts
      * after ther ERF header + pad.
      */
-    memcpy(p->pkt, pload->eth.dst, p->pktlen);
+    PacketCopyData(p, pload->eth.dst, GET_PKT_LEN(p));
 
-    SCLogDebug("p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)",
-               p->pktlen, *p, *p->pkt);
+    SCLogDebug("pktlen: %" PRIu32 " (pkt %02x, pkt data %02x)",
+               GET_PKT_LEN(p), *p, *GET_PKT_DATA(p));
 
     /* Convert ERF time to timeval - from libpcap. */
     uint64_t ts = dr->ts;
@@ -609,18 +609,18 @@ TmEcode DecodeErfDag(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
 
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0);
+                           (GET_PKT_LEN(p) * 8)/1000000.0);
 
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
         /* call the decoder */
     switch(p->datalink) {
         case LINKTYPE_ETHERNET:
-            DecodeEthernet(tv, dtv, p, p->pkt, p->pktlen, pq);
+            DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         default:
             SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED,
diff --git a/src/source-erf-file.c b/src/source-erf-file.c
index f8462c0..9c675f8 100644
--- a/src/source-erf-file.c
+++ b/src/source-erf-file.c
@@ -120,7 +120,7 @@ ReceiveErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
     }
     int rlen = ntohs(dr.rlen);
     int wlen = ntohs(dr.wlen);
-    r = fread(p->pkt, rlen - sizeof(DagRecord), 1, etv->erf);
+    r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);
     if (r < 1) {
         SCLogInfo("End of ERF file reached or an error occurred.");
         EngineStop();
@@ -134,7 +134,7 @@ ReceiveErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
         SCReturnInt(TM_ECODE_FAILED);
     }
 
-    p->pktlen = wlen - 4; /* Trim the FCS... */
+    GET_PKT_LEN(p) = wlen - 4; /* Trim the FCS... */
     p->datalink = LINKTYPE_ETHERNET;
 
     /* Convert ERF time to timeval - from libpcap. */
@@ -227,15 +227,15 @@ DecodeErfFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueu
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
 
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0 );
+                           (GET_PKT_LEN(p) * 8)/1000000.0 );
 
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
-    DecodeEthernet(tv, dtv, p, p->pkt, p->pktlen, pq);
+    DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
 
     SCReturnInt(TM_ECODE_OK);
 }
diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 8515085..14c18cc 100644
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -254,9 +254,9 @@ TmEcode ReceiveIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pack
     ptv->bytes += pktlen;
 
     p->datalink = ptv->datalink;
-    p->pktlen = pktlen;
-    memcpy(p->pkt, pkt, p->pktlen);
-    SCLogDebug("Packet info: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)", p->pktlen, *pkt, *p->pkt);
+    SET_PKT_LEN(p, pktlen);
+    PacketCopyData(p, pkt, p->pktlen);
+    SCLogDebug("Packet info: pkt_len: %" PRIu32 " (pkt %02x, pkt_data %02x)", GET_PKT_LEN(p), *pkt, GET_PKT_DATA(p));
 
     /* pass on... */
     tv->tmqh_out(tv, p);
@@ -401,30 +401,30 @@ TmEcode ReceiveIPFWThreadDeinit(ThreadVars *tv, void *data) {
  */
 TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
 {
-    IPV4Hdr *ip4h = (IPV4Hdr *)p->pkt;
-    IPV6Hdr *ip6h = (IPV6Hdr *)p->pkt;
+    IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
+    IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
     SCEnter();
 
     /* update counters */
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
     /* Process IP packets */
     if (IPV4_GET_RAW_VER(ip4h) == 4) {
         SCLogDebug("DecodeIPFW ip4 processing");
-        DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
 
     } else if(IPV6_GET_RAW_VER(ip6h) == 6) {
         SCLogDebug("DecodeIPFW ip6 processing");
-        DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
 
     } else {
         /* We don't support anything besides IP packets for now, bridged packets? */
-        SCLogInfo("IPFW unknown protocol support %02x", *p->pkt);
+        SCLogInfo("IPFW unknown protocol support %02x", *GET_PKT_DATA(p));
        SCReturnInt(TM_ECODE_FAILED);
     }
 
@@ -485,7 +485,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
         /* For divert sockets, accepting means writing the
          * packet back to the socket for ipfw to pick up
          */
-        SCLogDebug("IPFWSetVerdict writing to socket %d, %p, %u", ipfw_sock,p->pkt,p->pktlen);
+        SCLogDebug("IPFWSetVerdict writing to socket %d, %p, %u", ipfw_sock,GET_PKT_DATA(p),GET_PKT_LEN(p));
 
 
         while ( (poll(&IPFWpoll,1,IPFW_SOCKET_POLL_MSEC)) < 1) {
@@ -498,7 +498,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
         }
 
         SCMutexLock(&ipfw_socket_lock);
-        if (sendto(ipfw_sock, p->pkt, p->pktlen, 0,(struct sockaddr *)&ipfw_sin, ipfw_sinlen) == -1) {
+        if (sendto(ipfw_sock, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&ipfw_sin, ipfw_sinlen) == -1) {
             SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(errno));
             SCMutexUnlock(&ipfw_socket_lock);
             SCReturnInt(TM_ECODE_FAILED);
@@ -506,7 +506,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) {
 
         SCMutexUnlock(&ipfw_socket_lock);
 
-        SCLogDebug("Sent Packet back into IPFW Len: %d",p->pktlen);
+        SCLogDebug("Sent Packet back into IPFW Len: %d",GET_PKT_LEN(p));
 
     } /* end IPFW_ACCEPT */
 
diff --git a/src/source-nfq.c b/src/source-nfq.c
index 4e90bb8..d31d2b7 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -177,15 +177,18 @@ void NFQSetupPkt (Packet *p, void *data)
              * to trigger an error in packet decoding.
              * This is unlikely to happen */
             SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ sent too big packet");
-            p->pktlen = 0;
+            SET_PKT_LEN(p, 0);
         } else {
-            memcpy(p->pkt, pktdata, ret);
-            p->pktlen = (size_t)ret;
+            ret = PacketCopyData(p, (uint8_t *)pktdata, ret);
+            if (ret == -1) {
+                SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ send strange packet");
+                SET_PKT_LEN(p, 0);
+            }
         }
     } else if (ret ==  -1) {
         /* unable to get pointer to data, ensure packet length is zero.
          * This will trigger an error in packet decoding */
-        p->pktlen = 0;
+        SET_PKT_LEN(p, 0);
     }
 
     ret = nfq_get_timestamp(tb, &p->ts);
@@ -214,7 +217,7 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
 
 #ifdef COUNTERS
     nfq_t->pkts++;
-    nfq_t->bytes += p->pktlen;
+    nfq_t->bytes += GET_PKT_LEN(p);
 #endif /* COUNTERS */
 
     /* pass on... */
@@ -616,22 +619,22 @@ TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packet
     DecodeThreadVars *dtv = (DecodeThreadVars *)data;
 
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0);
+                           (GET_PKT_LEN(p) * 8)/1000000.0);
 
     if (IPV4_GET_RAW_VER(ip4h) == 4) {
         SCLogDebug("IPv4 packet");
 
-        DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
     } else if(IPV6_GET_RAW_VER(ip6h) == 6) {
         SCLogDebug("IPv6 packet");
-        DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
+        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
     } else {
-        SCLogDebug("packet unsupported by NFQ, first byte: %02x", *p->pkt);
+        SCLogDebug("packet unsupported by NFQ, first byte: %02x", *GET_PKT_DATA(p));
     }
 
     return TM_ECODE_OK;
diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c
index 0575d52..3c1ea4b 100644
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@@ -135,9 +135,9 @@ void PcapFileCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
     ptv->pkts++;
     ptv->bytes += h->caplen;
 
-    p->pktlen = h->caplen;
-    memcpy(p->pkt, pkt, p->pktlen);
-    //printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", p->pktlen, *pkt, *p->pkt);
+    SET_PKT_LEN(p, h->caplen);
+    PacketCopyData(p, pkt, GET_PKT_LEN(p));
+    //printf("PcapFileCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", GET_PKT_LEN(p), *pkt, *GET_PKT_DATA(p));
 
     /* store the packet in our array */
     ptv->array[ptv->array_idx] = p;
@@ -309,16 +309,16 @@ TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
 
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0 );
+                           (GET_PKT_LEN(p) * 8)/1000000.0 );
 
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
     /* call the decoder */
-    pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);
+    pcap_g.Decoder(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
 
     SCReturnInt(TM_ECODE_OK);
 }
diff --git a/src/source-pcap.c b/src/source-pcap.c
index bbf92d8..242ed3f 100644
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -151,9 +151,10 @@ void PcapCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
     ptv->bytes += h->caplen;
 
     p->datalink = ptv->datalink;
-    p->pktlen = h->caplen;
-    memcpy(p->pkt, pkt, p->pktlen);
-    SCLogDebug("p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)", p->pktlen, *pkt, *p->pkt);
+    SET_PKT_LEN(p, h->caplen);
+    PacketCopyData(p, pkt, GET_PKT_LEN(p));
+    SCLogDebug("pktlen: %" PRIu32 " (pkt %02x, pkt data %02x)",
+               GET_PKT_LEN(p), *pkt, *GET_PKT_DATA(p));
 
     /* store the packet in our array */
     ptv->array[ptv->array_idx] = p;
@@ -472,27 +473,27 @@ TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
 
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0);
+                           (GET_PKT_LEN(p) * 8)/1000000.0);
 
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
     /* call the decoder */
     switch(p->datalink) {
         case LINKTYPE_LINUX_SLL:
-            DecodeSll(tv, dtv, p, p->pkt, p->pktlen, pq);
+            DecodeSll(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_ETHERNET:
-            DecodeEthernet(tv, dtv, p,p->pkt, p->pktlen, pq);
+            DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_PPP:
-            DecodePPP(tv, dtv, p, p->pkt, p->pktlen, pq);
+            DecodePPP(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         case LINKTYPE_RAW:
-            DecodeRaw(tv, dtv, p, p->pkt, p->pktlen, pq);
+            DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
             break;
         default:
             SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodePcap", p->datalink);
diff --git a/src/source-pfring.c b/src/source-pfring.c
index bcbec88..c65ef2b 100644
--- a/src/source-pfring.c
+++ b/src/source-pfring.c
@@ -171,8 +171,8 @@ void PfringProcessPacket(void *user, struct pfring_pkthdr *h, u_char *pkt, Packe
     /* PF_RING all packets are marked as a link type of ethernet so that is what we do here.  */
     p->datalink = LINKTYPE_ETHERNET;
 
-    p->pktlen = h->caplen;
-    memcpy(p->pkt, pkt, p->pktlen);
+    SET_PKT_LEN(p, h->caplen);
+    PacketCopyData(p, pkt, GET_PKT_LEN(p));
 
 }
 
@@ -354,15 +354,15 @@ TmEcode DecodePfring(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac
     SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);
     SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);
 
-    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));
     SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,
-                           (p->pktlen * 8)/1000000.0 );
+                           (GET_PKT_LEN(p) * 8)/1000000.0 );
 
-    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, p->pktlen);
-    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, p->pktlen);
+    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
+    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));
 
-    DecodeEthernet(tv, dtv, p,p->pkt, p->pktlen, pq);
+    DecodeEthernet(tv, dtv, p,GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
 
     return TM_ECODE_OK;
 }
diff --git a/src/util-unittest-helper.c b/src/util-unittest-helper.c
index af3610d..f1bfb9f 100644
--- a/src/util-unittest-helper.c
+++ b/src/util-unittest-helper.c
@@ -100,7 +100,7 @@ Packet *UTHBuildPacketIPV6Real(uint8_t *payload, uint16_t payload_len,
     p->tcph->th_sport = sport;
     p->tcph->th_dport = dport;
 
-    p->pktlen = sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len;
+    SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(TCPHdr) + payload_len);
     return p;
 }
 
@@ -164,7 +164,7 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
             memset(p->udph, 0, sizeof(UDPHdr));
             p->udph->uh_sport = sport;
             p->udph->uh_dport = dport;
-            p->pktlen = sizeof(IPV4Hdr) + sizeof(UDPHdr) + payload_len;
+            SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(UDPHdr) + payload_len);
             break;
         case IPPROTO_TCP:
             p->tcph = SCMalloc(sizeof(TCPHdr));
@@ -173,14 +173,14 @@ Packet *UTHBuildPacketReal(uint8_t *payload, uint16_t payload_len,
             memset(p->tcph, 0, sizeof(TCPHdr));
             p->tcph->th_sport = sport;
             p->tcph->th_dport = dport;
-            p->pktlen = sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len;
+            SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(TCPHdr) + payload_len);
             break;
         case IPPROTO_ICMP:
             p->icmpv4h = SCMalloc(sizeof(ICMPV4Hdr));
             if (p->icmpv4h == NULL)
                 return NULL;
             memset(p->icmpv4h, 0, sizeof(ICMPV4Hdr));
-            p->pktlen = sizeof(IPV4Hdr) + sizeof(ICMPV4Hdr) + payload_len;
+            SET_PKT_LEN(p, sizeof(IPV4Hdr) + sizeof(ICMPV4Hdr) + payload_len);
             break;
         default:
             break;
-- 
1.7.1




More information about the Oisf-devel mailing list