reorganize sources and headers, remove stupid #include ".c"

Makefile

@@ -24,6 +24,8 @@ CPPFLAGS = \
 	 $(CONFIGFLAGS)
 OBJS =  \
 	$(TARGETDIR)/spp_ipv6.o \
+	$(TARGETDIR)/spp_ipv6_ruleopt.o \
+	$(TARGETDIR)/spp_ipv6_data_structs.o \
 	$(TARGETDIR)/sf_ip.o \
 	$(TARGETDIR)/sfPolicyUserData.o \
 	$(TARGETDIR)/sf_dynamic_preproc_lib.o
@@ -45,8 +47,10 @@ install: $(TARGETDIR)/lib_ipv6_preproc.so
 #### Clean target deletes all generated files ####
 clean:
 	rm -f \
-		$(TARGETDIR)/lib_ipv6_preproc.so \
 		$(TARGETDIR)/spp_ipv6.o \
+		$(TARGETDIR)/spp_ipv6_ruleopt.o \
+		$(TARGETDIR)/spp_ipv6_data_structs.o \
+		$(TARGETDIR)/lib_ipv6_preproc.so \
 		$(TARGETDIR)/sf_ip.o \
 		$(TARGETDIR)/sf_dynamic_preproc_lib.o \
 		$(TARGETDIR)/sfPolicyUserData.o
@@ -56,5 +60,3 @@ clean:
 # Create the target directory (if needed)
 $(TARGETDIR):
 	mkdir -p $(TARGETDIR)
-
-

src/sf_preproc_info.h

@@ -26,8 +26,8 @@
 #define SF_PREPROC_INFO_H_
 
 #define MAJOR_VERSION   1
-#define MINOR_VERSION   4
-#define BUILD_VERSION   16
+#define MINOR_VERSION   5
+#define BUILD_VERSION   0
 #define PREPROC_NAME    "IPv6 Preprocessor"
 
 #define DYNAMIC_PREPROC_SETUP   IPv6_Preproc_Setup

src/spp_ipv6.c

@@ -24,12 +24,7 @@
  */
 
 #include "sf_ip.h"
-
 #include "spp_ipv6.h"
-#include "spp_ipv6_constants.h"
-#include "spp_ipv6_data_structs.h"
-#include "spp_ipv6_data_structs.c"
-#include "spp_ipv6_ruleopt.c"
 
 /* snort boilerplate code to support contexts and profiling */
 tSfPolicyUserContextId ipv6_config = NULL;
@@ -43,7 +38,27 @@ extern DynamicPreprocessorData _dpd;
 PreprocStats ipv6PerfStats;
 #endif
 
-#include "spp_ipv6_parse.c"
+/* This array defines which ICMPv6 types may contain neighbor discovery options
+ * and contain their header lengths, i.e. the right offsets to find their options.
+ *
+ * (Most lengths are sizeof(struct nd_router_solicit) -- this is the basic ICMPv6
+ * type with 32 bits for type/code/checksum, 32 bits reserved or for identifiers,
+ * and possibly ND options starting in the 3nd 32-bit block.)
+ */
+uint_fast8_t ND_hdrlen[255] = {
+    [ICMP6_SOLICITATION]      = sizeof(struct nd_router_solicit),
+    [ICMP6_ADVERTISEMENT]     = sizeof(struct nd_router_advert),
+    [ICMP6_N_SOLICITATION]    = sizeof(struct nd_neighbor_solicit),
+    [ICMP6_N_ADVERTISEMENT]   = sizeof(struct nd_neighbor_advert),
+    [ICMP6_REDIRECT]          = sizeof(struct nd_redirect),
+    [ICMP6_INV_SOLICITATION]  = sizeof(struct nd_router_solicit),
+    [ICMP6_INV_ADVERTISEMENT] = sizeof(struct nd_router_solicit),
+    [ICMP6_MOBILEPREFIX_ADV]  = sizeof(struct nd_router_solicit),
+    [ICMP6_CRT_SOLICITATION]  = sizeof(struct nd_router_solicit),
+    [ICMP6_CRT_ADVERTISEMENT] = sizeof(struct certpath_adv {struct icmp6_hdr hdr;
+                                                u_int16_t compact; u_int16_t reserved;}),
+    [ICMP6_MOBILE_FH]         = sizeof(struct nd_router_solicit),
+};
 
 /**
  * Register init functions when library is loaded.
@@ -674,3 +689,100 @@ static void IPv6_Process_ICMPv6_NS(const SFSnortPacket *p, struct IPv6_State *co
                   sfip_to_str(&ip_entry->ip)););
     ALERT(SID_ICMP6_ND_NEW_DAD);
 }
+
+/**
+ * Parse the configuration options in snort.conf
+ *
+ * Currently supported options: router_mac, host_mac, net_prefix
+ */
+void set_default_config(struct IPv6_Config *config)
+{
+    config->track_ndp = true;
+    // for testing: 1h, later: 2-12h
+    config->keep_state_duration = 60*60;
+    config->expire_run_interval = 20*60;
+    // not sure if these are realistic, should be high enough
+    config->max_routers     = 32;
+    config->max_hosts       = 8192;
+    config->max_unconfirmed = 32768;
+
+    return;
+}
+
+#define BIN_OPTION(X, Y) if (!strcasecmp(X, arg)) {         \
+                             (Y) = false;                   \
+                             _dpd.logMsg("  " X "\n");      \
+                             arg = strtok(NULL, " \t\n\r"); \
+                         }
+
+void read_num(char **arg, const char *param, u_int32_t *configptr)
+{
+    uint_fast32_t minutes;
+    *arg = strtok(NULL, " \t\n\r");
+    minutes = (uint_fast32_t) strtoul(*arg, NULL, 10);
+    if (errno) {
+        _dpd.fatalMsg("  Invalid parameter to %s\n", param);
+    }
+    *configptr = 60 * minutes;
+    _dpd.logMsg("  %s = %u minutes = %u secs\n",
+                param, minutes, *configptr);
+    *arg = strtok(NULL, " \t\n\r");
+}
+
+static void IPv6_Parse(char *args, struct IPv6_Config *config)
+{
+    char *arg;
+    char ismac;
+    sfip_t *prefix;
+    SFIP_RET rc;
+
+    set_default_config(config);
+    _dpd.logMsg("IPv6 preprocessor config:\n");
+    if (!args) {
+        _dpd.logMsg("\tno additional parameters\n");
+        return;
+    }
+
+    arg = strtok(args, " \t\n\r");
+    while (arg) {
+        if(!strcasecmp("router_mac", arg)) { // and now a list of 0-n router MACs
+            config->report_new_routers = true;
+            while ((arg = strtok(NULL, ", \t\n\r")) && (ismac = IS_MAC(arg))) {
+                mac_add(config->router_whitelist, arg);
+                _dpd.logMsg("  default router MAC %s\n", arg);
+            }
+        } else if(!strcasecmp("host_mac", arg)) { // and now a list of 0-n host MACs
+            config->report_new_hosts = true;
+            while ((arg = strtok(NULL, ", \t\n\r")) && (ismac = IS_MAC(arg))) {
+                mac_add(config->host_whitelist, arg);
+                _dpd.logMsg("  default host MAC %s\n", arg);
+            }
+        } else if(!strcasecmp("net_prefix", arg)) { // and now a list of 0-n prefixes
+            config->report_prefix_change = true;
+            while ((arg = strtok(NULL, ", \t\n\r")) && strchr(arg, '/')) {  // TODO remove /-check
+                prefix = sfip_alloc(arg, &rc);
+                if (rc == SFIP_SUCCESS) {
+                    add_ip(config->prefix_whitelist, prefix);
+                    _dpd.logMsg("  default net prefix %s/%d\n",
+                        sfip_to_str(prefix), sfip_bits(prefix));
+                } else {
+                    _dpd.fatalMsg("  Invalid prefix %s\n", arg);
+                }
+            }
+        } else if(!strcasecmp("max_routers", arg)) {
+            read_num(&arg, "max_routers", &(config->max_routers));
+        } else if(!strcasecmp("max_hosts", arg)) {
+            read_num(&arg, "max_hosts", &(config->max_hosts));
+        } else if(!strcasecmp("max_unconfirmed", arg)) {
+            read_num(&arg, "max_unconfirmed", &(config->max_unconfirmed));
+        } else if(!strcasecmp("keep_state", arg)) {
+            read_num(&arg, "keep_state", &(config->keep_state_duration));
+        } else if(!strcasecmp("expire_run", arg)) {
+            read_num(&arg, "expire_run", &(config->expire_run_interval));
+        } else BIN_OPTION("disable_tracking", config->track_ndp)
+          else {
+            _dpd.fatalMsg("IPv6: Invalid option %s\n", arg);
+        }
+    }
+}
+

src/spp_ipv6.h

@@ -23,144 +23,10 @@
 #ifndef _SPP_IPV6_H
 #define	_SPP_IPV6_H
 
-/**********************************************************************
- ** Includes                                                         **
- **********************************************************************/
-#include "../include/sf_types.h"
-#include <time.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <sys/queue.h>
-
-#ifdef __linux__
-#ifndef __unused
-#define __unused __attribute__((__unused__)) 
-#endif /* __unused */
-#include "tree.h"
-#else /* BSD */
-#include <sys/tree.h>
-#endif /* __linux__  */
-
-#include "preprocids.h"
-#include "sf_snort_packet.h"
-#include "sf_dynamic_preproc_lib.h"
-#include "sf_dynamic_preprocessor.h"
-#include "snort_debug.h"
-#include "sfPolicy.h"
-#include "sfPolicyUserData.h"
-/* for ICMPv6 format */
-#include <netinet/icmp6.h>
-#include <netinet/ip6.h>
-#include <netinet/in.h>
-
-/* verify string contains a MAC address */
-#define IS_MAC(string) ((string) != NULL                                     \
-  && isxdigit((string)[ 0]) && isxdigit((string)[ 1]) && (string)[ 2] == ':' \
-  && isxdigit((string)[ 3]) && isxdigit((string)[ 4]) && (string)[ 5] == ':' \
-  && isxdigit((string)[ 6]) && isxdigit((string)[ 7]) && (string)[ 8] == ':' \
-  && isxdigit((string)[ 9]) && isxdigit((string)[10]) && (string)[11] == ':' \
-  && isxdigit((string)[12]) && isxdigit((string)[13]) && (string)[14] == ':' \
-  && isxdigit((string)[15]) && isxdigit((string)[16]) && (string)[17] == '\0')
-
-
-/**********************************************************************
- ** Structures/Data Types                                            **
- **********************************************************************/
-
-/*
- * Some simple statistics.
- * TODO: only for data exploration; to be removed later on
- */
-struct IPv6_Statistics {
-    uint32_t pkt_seen;
-    uint32_t pkt_invalid;
-    uint32_t pkt_icmpv6;
-    uint32_t pkt_other;
-
-    uint32_t pkt_fragments;
-
-    uint32_t pkt_ip6h;
-
-    uint32_t pkt_icmp_rsol;
-    uint32_t pkt_icmp_radv;
-    uint32_t pkt_icmp_nsol;
-    uint32_t pkt_icmp_nadv;
-
-    uint32_t pkt_icmp_mlquery;
-    uint32_t pkt_icmp_mlreport;
-    uint32_t pkt_icmp_unreach;
-    uint32_t pkt_icmp_other;
-};
-
-/*
- * configuration and plugin state.
- */
-struct IPv6_Config {
-    u_int32_t keep_state_duration;  // in sec
-    u_int32_t expire_run_interval;  // in sec
-    u_int32_t max_routers;
-    u_int32_t max_hosts;
-    u_int32_t max_unconfirmed;
-    bool      track_ndp;
-    bool      report_prefix_change;
-    bool      report_new_routers;
-    bool      report_new_hosts;
-    struct MAC_Entry_head *router_whitelist;
-    struct MAC_Entry_head *host_whitelist;
-    struct IP_List_head   *prefix_whitelist;
-} __attribute__((packed));
-
-struct IPv6_State {
-    struct IPv6_Hosts_head *routers;   // known routers
-    struct IPv6_Hosts_head *hosts;     // established hosts
-    struct IPv6_Hosts_head *unconfirmed;  // ongoing duplicate detections/solicitations
-    struct IPv6_Statistics *stat;
-    struct IPv6_Config     *config;
-    time_t next_expire;
-} __attribute__((packed));
-
-/*
- * for Rule Options
- */
-enum IPv6_RuleOpt_Type {
-    IPV6_RULETYPE_IPV,
-    IPV6_RULETYPE_IP6EXTHDR,
-    IPV6_RULETYPE_IP6EXTCOUNT,
-    IPV6_RULETYPE_FLOWLABEL,
-    IPV6_RULETYPE_TRAFFICCLASS,
-    IPV6_RULETYPE_OPTION,
-    IPV6_RULETYPE_OPTION_EXT,
-    IPV6_RULETYPE_OPTVAL,
-    IPV6_RULETYPE_ND,
-    IPV6_RULETYPE_ND_OPTION,
-    IPV6_RULETYPE_RH,
-    IPV6_RULETYPE_EXT_ORDERED
-};
-
-enum cmp_op {
-    check_eq=0, check_neq,
-    check_lt, check_gt,
-    check_and, check_xor, check_nand
-};
+#include "spp_ipv6_common.h"
+#include "spp_ipv6_constants.h"
+#include "spp_ipv6_data_structs.h"
 
-struct IPv6_RuleOpt_Data {
-#ifdef DEBUG
-    char *debugname;
-    char *debugparam;
-#endif /* DEBUG */
-    enum IPv6_RuleOpt_Type type:4;
-    enum cmp_op op:4;
-    union {
-            u_int32_t number;
-            struct { // for ip6_optval
-                u_int8_t  ext_type;
-                u_int8_t  opt_type;
-                u_int16_t opt_value;
-            } exthdr;
-    } opt;
-} __attribute__((packed));
 
 /**********************************************************************
  ** Function Prototypes                                              **
@@ -180,9 +46,9 @@ static void IPv6_PrintStats(int);
 static void IPv6_ResetStats(int, void *);
 static void IPv6_Parse(char *, struct IPv6_Config *);
 
-static int IPv6_Rule_Init(char *, char *, void **);
-static int IPv6_Rule_Eval(void *, const u_int8_t **, void *);
-static u_int32_t IPv6_Rule_Hash(void *);
-static int IPv6_Rule_KeyCompare(void *, void *);
+int IPv6_Rule_Init(char *, char *, void **);
+int IPv6_Rule_Eval(void *, const u_int8_t **, void *);
+u_int32_t IPv6_Rule_Hash(void *);
+int IPv6_Rule_KeyCompare(void *, void *);
 
 #endif	/* _SPP_IPV6_H */

src/spp_ipv6_common.h

@@ -20,8 +20,13 @@
  *
  */
 
+<<<<<<< HEAD
+#ifndef _SPP_IPV6_COMMON_H
+#define	_SPP_IPV6_COMMON_H
+=======
 #ifndef _SPP_IPV6_H
 #define	_SPP_IPV6_H
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
 
 /**********************************************************************
  ** Includes                                                         **
@@ -33,6 +38,10 @@
 #include <ctype.h>
 #include <string.h>
 #include <sys/queue.h>
+<<<<<<< HEAD
+#include <errno.h>
+=======
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
 
 #ifdef __linux__
 #ifndef __unused
@@ -55,6 +64,12 @@
 #include <netinet/ip6.h>
 #include <netinet/in.h>
 
+<<<<<<< HEAD
+#include "spp_ipv6_constants.h"
+#include "spp_ipv6_data_structs.h"
+
+=======
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
 /* verify string contains a MAC address */
 #define IS_MAC(string) ((string) != NULL                                     \
   && isxdigit((string)[ 0]) && isxdigit((string)[ 1]) && (string)[ 2] == ':' \
@@ -66,6 +81,12 @@
 
 
 /**********************************************************************
+<<<<<<< HEAD
+ ** Function Prototypes                                              **
+ **********************************************************************/
+
+#endif	/* _SPP_IPV6_COMMON_H */
+=======
  ** Structures/Data Types                                            **
  **********************************************************************/
 
@@ -186,3 +207,4 @@ static u_int32_t IPv6_Rule_Hash(void *);
 static int IPv6_Rule_KeyCompare(void *, void *);
 
 #endif	/* _SPP_IPV6_H */
+>>>>>>> d3c75260618737d57f8edd18687983944a621490