[Oisf-devel] [PATCH 2/9] decode sctp: basic SCTP decoding.

Eric Leblond eric at regit.org
Mon Feb 28 16:44:28 UTC 2011 

This files are basically a dummy conversion of UDP one. It
provides basic decoding (source port and destination port).
There is no chunk hanldling which means that suricata regexp
will match on all packet content except initial header and not
only on userspace data.
---
 src/decode-sctp.c |   75 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/decode-sctp.h |   50 +++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+), 0 deletions(-)
 create mode 100644 src/decode-sctp.c
 create mode 100644 src/decode-sctp.h

diff --git a/src/decode-sctp.c b/src/decode-sctp.c
new file mode 100644
index 0000000..3a798fa
--- /dev/null
+++ b/src/decode-sctp.c
@@ -0,0 +1,75 @@
+/* Copyright (C) 2011 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric at regit.org>
+ *
+ * Decode SCTP
+ */
+
+#include "suricata-common.h"
+#include "decode.h"
+#include "decode-sctp.h"
+#include "decode-events.h"
+#include "util-unittest.h"
+#include "util-debug.h"
+#include "util-optimize.h"
+#include "flow.h"
+
+static int DecodeSCTPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
+{
+    if (unlikely(len < SCTP_HEADER_LEN)) {
+        DECODER_SET_EVENT(p, SCTP_PKT_TOO_SMALL);
+        return -1;
+    }
+
+    p->sctph = (SCTPHdr *)pkt;
+
+    SET_SCTP_SRC_PORT(p,&p->sp);
+    SET_SCTP_DST_PORT(p,&p->dp);
+
+    p->payload = pkt + sizeof(SCTPHdr);
+    p->payload_len = len - sizeof(SCTPHdr);
+
+    p->proto = IPPROTO_SCTP;
+
+    return 0;
+}
+
+void DecodeSCTP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
+{
+    SCPerfCounterIncr(dtv->counter_sctp, tv->sc_perf_pca);
+
+    if (unlikely(DecodeSCTPPacket(tv, p,pkt,len) < 0)) {
+        p->sctph = NULL;
+        return;
+    }
+
+#ifdef DEBUG
+    SCLogDebug("SCTP sp: %" PRIu32 " -> dp: %" PRIu32,
+        SCTP_GET_SRC_PORT(p), SCTP_GET_DST_PORT(p));
+#endif
+
+    /* Flow is an integral part of us */
+    FlowHandlePacket(tv, p);
+
+    return;
+}
+
+
diff --git a/src/decode-sctp.h b/src/decode-sctp.h
new file mode 100644
index 0000000..4f44a1c
--- /dev/null
+++ b/src/decode-sctp.h
@@ -0,0 +1,50 @@
+/* Copyright (C) 2011 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric at regit.org>
+ */
+
+#ifndef __DECODE_SCTP_H__
+#define __DECODE_SCTP_H__
+
+#define SCTP_HEADER_LEN                       24
+
+/* XXX RAW* needs to be really 'raw', so no ntohs there */
+#define SCTP_GET_RAW_SRC_PORT(sctph)           ntohs((sctph)->sh_sport)
+#define SCTP_GET_RAW_DST_PORT(sctph)           ntohs((sctph)->sh_dport)
+
+#define SCTP_GET_SRC_PORT(p)                  SCTP_GET_RAW_SRC_PORT(p->sctph)
+#define SCTP_GET_DST_PORT(p)                  SCTP_GET_RAW_DST_PORT(p->sctph)
+
+typedef struct SCTPHdr_
+{
+    uint16_t sh_sport;     /* source port */
+    uint16_t sh_dport;     /* destination port */
+    uint32_t sh_vtag;      /* verification tag, defined per flow */
+    uint32_t sh_sum;       /* checksum, computed via crc32 */
+} SCTPHdr;
+
+#define CLEAR_SCTP_PACKET(p) { \
+    (p)->sctph = NULL; \
+} while (0)
+
+void DecodeSCTPRegisterTests(void);
+
+#endif /* __DECODE_SCTP_H__ */
-- 
1.7.1

More information about the Oisf-devel mailing list