Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
...
  • 3 commits
  • 3 files changed
  • 0 commit comments
  • 1 contributor
Showing with 53 additions and 3 deletions.
  1. +7 −1 psad
  2. +2 −0 test/scans/iptables/ipv6_invalid_icmp6_type_code
  3. +44 −2 test/test-psad.pl
View
8 psad
@@ -8642,9 +8642,15 @@ sub print_scan_status() {
for my $code (keys %{$hr->{$type}}) {
for my $chain (keys %{$hr->{$type}->{$code}}) {
my $pkts = $hr->{$type}->{$code}->{$chain}->{'pkts'};
+ my $type_text = '';
+ if ($proto eq 'icmp') {
+ $type_text = $valid_icmp_types{$type}{'text'};
+ } else {
+ $type_text = $valid_icmp6_types{$type}{'text'};
+ }
push @lines, qq| Invalid | . uc($proto) .
qq| code: "$code" for | . uc($proto) .
- qq| "$valid_icmp_types{$type}{'text'}" packet | .
+ qq| "$type_text" packet | .
qq|Chain: $chain, Packets: $pkts\n|;
}
}
View
2 test/scans/iptables/ipv6_invalid_icmp6_type_code
@@ -0,0 +1,2 @@
+Mar 17 13:39:13 minastirith kernel: [956932.482127] DROP IN=eth0 OUT= MAC=33:33:ff:00:00:01:00:1b:b9:76:9c:e4:86:dd SRC=2001:0db8:0000:f101:0000:0000:0000:0002 DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=22
+Mar 17 13:41:49 minastirith kernel: [957088.700782] DROP IN=eth0 OUT= MAC=33:33:ff:00:00:01:00:1b:b9:76:9c:e4:86:dd SRC=2001:0db8:0000:f101:0000:0000:0000:0002 DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=22
View
46 test/test-psad.pl
@@ -19,6 +19,7 @@
my $udp_scan_file = 'udp_scan_1000_1150';
my $ipv6_connect_scan_file = 'ipv6_tcp_connect_nmap_default_scan';
my $ipv6_ping_scan_file = 'ipv6_ping_scan';
+my $ipv6_invalid_icmp6_type_code_file = 'ipv6_invalid_icmp6_type_code';
my $ignore_ipv4_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.55";
my $ignore_ipv4_subnet_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.0_24";
my $ignore_ipv6_addr_auto_dl_file = "$conf_dir/auto_dl_ignore_ipv6_addr";
@@ -514,6 +515,20 @@
'exec_err' => $NO,
'fatal' => $NO
},
+ {
+ 'category' => 'operations',
+ 'detail' => 'IPv6 invalid ICMP6 type/code detection',
+ 'err_msg' => 'did not generate detection event',
+ 'positive_output_matches' => [
+ qr/Invalid\sICMP6/,
+ qr/SRC\:.*2001\:DB8\:0\:F101\:\:2/],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&generic_exec,
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
+ &fw_type() . "/$ipv6_invalid_icmp6_type_code_file -c $default_conf",
+ 'exec_err' => $NO,
+ 'fatal' => $NO
+ },
{
'category' => 'operations',
@@ -555,6 +570,18 @@
'fatal' => $NO
},
+ {
+ 'category' => 'errors',
+ 'detail' => 'look for perl warnings',
+ 'err_msg' => 'found perl warnings',
+ 'negative_output_matches' => [qr/Use\sof\suninitialized\svalue/i],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&look_for_warnings,
+ 'cmdline' => "grep -i uninit $output_dir/*.test",
+ 'exec_err' => $IGNORE,
+ 'fatal' => $NO
+ },
+
);
my @args_cp = @ARGV;
@@ -651,6 +678,21 @@ ()
return &generic_exec($test_hr);
}
+sub look_for_warnings() {
+ my $test_hr = shift;
+
+ my $orig_test_file = $current_test_file;
+
+ $current_test_file = "$output_dir/grep.output";
+
+ my $rv = &generic_exec($test_hr);
+
+ copy $current_test_file, $orig_test_file;
+ unlink $current_test_file;
+
+ return $rv;
+}
+
sub generic_exec() {
my $test_hr = shift;
@@ -734,7 +776,7 @@ ()
next LINE if $line =~ /file_file_regex\(\)/;
if ($line =~ $re) {
push @write_lines, "[.] file_find_regex() " .
- "Matched '$re' with line: $line";
+ "Matched '$re' with line: $line (file: $file)\n";
$found = 1;
last LINE;
}
@@ -745,7 +787,7 @@ ()
}
} else {
push @write_lines, "[.] file_find_regex() " .
- "did not match '$re'\n";
+ "did not match '$re' (file: $file)\n";
if ($match_all_flag == $MATCH_ALL_RE) {
last RE;
}

No commit comments for this range

Something went wrong with that request. Please try again.