Permalink
Browse files

validate ICMP6 type+code fields

  • Loading branch information...
1 parent 6616c6c commit 7cedff04cc7cfd048c55e8077daa93be1dd3ed1f @mrash committed Mar 23, 2012
View
@@ -0,0 +1,99 @@
+#
+###############################################################################
+#
+# File: icmp6_types
+#
+# Purpose: This file contains all valid icmp6 types and corresponding codes as
+# defined by IANA. If a packet is logged by iptables that does
+# not have a valid type and/or code, then an alert will be generated.
+#
+###############################################################################
+#
+
+# Type
+# Code values
+
+0 Reserved
+1 Destination Unreachable
+ 0 No route to destination
+ 1 Communication with destination administratively prohibited
+ 2 Beyond scope of source address
+ 3 Address unreachable
+ 4 Port unreachable
+ 5 Source address failed ingress/egress policy
+ 6 Reject route to destination
+ 7 Error in Source Routing Header
+
+2 Packet Too Big
+ 0
+
+3 Time Exceeded
+ 0 Hop limit exceeded in transit
+ 1 Fragment reassembly time exceeded
+
+4 Parameter Problem
+ 0 Erroneous header field encountered
+ 1 Unrecognized Next Header type encountered
+ 2 Unrecognized IPv6 option encountered
+
+128 Echo Request
+ 0
+
+129 Echo Reply
+ 0
+
+130 Multicast Listener Query
+ 0
+
+131 Multicast Listener Report
+ 0
+
+132 Multicast Listener Done
+ 0
+
+133 Router Solicitation
+ 0
+
+134 Router Advertisement
+ 0
+
+135 Neighbor Solicitation
+ 0
+
+136 Neighbor Advertisement
+ 0
+
+ 137 Redirect Message
+ 0
+
+138 Router Renumbering
+ 0 Router Renumbering Command
+ 1 Router Renumbering Result
+ 255 Sequence Number Reset
+
+139 ICMP Node Information Query
+ 0 The Data field contains an IPv6 address which is the Subject of this Query.
+ 1 The Data field contains a name which is the Subject of this Query, or is empty, as in the case of a NOOP.
+ 2 The Data field contains an IPv4 address which is the Subject of this Query.
+
+140 ICMP Node Information Response
+ 0 A successful reply. The Reply Data field may or may not be empty.
+ 1 The Responder refuses to supply the answer. The Reply Data field will be empty.
+ 2 The Qtype of the Query is unknown to the Responder. The Reply Data field will be empty.
+
+141 Inverse Neighbor Discovery Solicitation Message
+ 0
+
+142 Inverse Neighbor Discovery Advertisement Message
+ 0
+144 Home Agent Address Discovery Request Message
+ 0
+
+145 Home Agent Address Discovery Reply Message
+ 0
+
+146 Mobile Prefix Solicitation
+ 0
+
+147 Mobile Prefix Advertisement
+ 0
View
@@ -1,7 +1,7 @@
#
###############################################################################
#
-# File: psad_icmp_types
+# File: icmp_types
#
# Purpose: This file contains all valid icmp types and corresponding codes as
# defined in RFC 792. If a packet is logged by iptables that does
@@ -12,7 +12,6 @@
0 Echo Reply
0
- NONE
1 Unassigned
@@ -38,7 +37,6 @@
4 Source Quench
0
- NONE
5 Redirect
0 Redirect Datagram for the Network (or subnet)
@@ -53,7 +51,6 @@
8 Echo
0
- NONE
9 Router Advertisement
0 Normal router advertisement
@@ -62,7 +59,6 @@
10 Router Selection
0
- NONE
11 Time Exceeded
0 Time to Live exceeded in Transit
@@ -76,27 +72,21 @@
13 Timestamp
0
- NONE
14 Timestamp Reply
0
- NONE
15 Information Request
0
- NONE
16 Information Reply
0
- NONE
17 Address Mask Request
0
- NONE
18 Address Mask Reply
0
- NONE
19 Reserved (for Security)
View
@@ -61,6 +61,7 @@
'signatures' => 'SIGS_FILE',
'auto_dl' => 'AUTO_DL_FILE',
'icmp_types' => 'ICMP_TYPES_FILE',
+ 'icmp6_types' => 'ICMP6_TYPES_FILE',
'posf' => 'POSF_FILE',
'pf.os' => 'P0F_FILE',
'snort_rule_dl' => 'SNORT_RULE_DL_FILE',
@@ -536,7 +537,7 @@ ()
&perms_ownership($prod_file, 0600);
### install auto_dl, signatures, icmp_types, posf, and pf.os files
- for my $filename (qw(signatures icmp_types
+ for my $filename (qw(signatures icmp_types icmp6_types
posf auto_dl snort_rule_dl pf.os ip_options)) {
my $file = $config{$file_vars{$filename}};
if (-e $file) {
Oops, something went wrong.

0 comments on commit 7cedff0

Please sign in to comment.