/src/suricata7/src/respond-reject.c

Source
/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author William Metcalf <william.metcalf@gmail.com>
 *
 * RespondReject is a threaded wrapper for sending Rejects
 *
 */

#include "suricata-common.h"
#include "packet.h"
#include "decode.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-queuehandlers.h"
#include "tm-threads.h"
#include "action-globals.h"

#include "respond-reject.h"
#include "respond-reject-libnet11.h"

#include "util-debug.h"
#include "util-privs.h"

int RejectSendIPv4TCP(ThreadVars *, Packet *, void *);
int RejectSendIPv4ICMP(ThreadVars *, Packet *, void *);
int RejectSendIPv6TCP(ThreadVars *, Packet *, void *);
int RejectSendIPv6ICMP(ThreadVars *, Packet *, void *);
static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data);
static TmEcode RespondRejectThreadDeinit(ThreadVars *tv, void *data);

void TmModuleRespondRejectRegister (void)
{
    tmm_modules[TMM_RESPONDREJECT].name = "RespondReject";
    tmm_modules[TMM_RESPONDREJECT].ThreadInit = NULL;
    tmm_modules[TMM_RESPONDREJECT].Func = RespondRejectFunc;
    tmm_modules[TMM_RESPONDREJECT].ThreadDeinit = RespondRejectThreadDeinit;
    tmm_modules[TMM_RESPONDREJECT].cap_flags = 0; /* libnet is not compat with caps */
}

static TmEcode RespondRejectThreadDeinit(ThreadVars *tv, void *data)
{
    FreeCachedCtx();
    return TM_ECODE_OK;
}

static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
{
    /* ACTION_REJECT defaults to rejecting the SRC */
    if (likely(PacketCheckAction(p, ACTION_REJECT_ANY) == 0)) {
        return TM_ECODE_OK;
    }

    if (IS_TUNNEL_PKT(p)) {
        return TM_ECODE_OK;
    }

    if (PKT_IS_IPV4(p)) {
        if (PKT_IS_TCP(p)) {
            (void)RejectSendIPv4TCP(tv, p, data);
        } else {
            (void)RejectSendIPv4ICMP(tv, p, data);
        }
    } else if (PKT_IS_IPV6(p)) {
        if (PKT_IS_TCP(p)) {
            (void)RejectSendIPv6TCP(tv, p, data);
        } else {
            (void)RejectSendIPv6ICMP(tv, p, data);
        }
    }

    return TM_ECODE_OK;
}

int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
{
    SCEnter();
    if (PacketCheckAction(p, ACTION_REJECT)) {
        int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
        int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
        int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
        r |= RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    }
    SCReturnInt(0);
}

int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
{
    SCEnter();
    if (PacketCheckAction(p, ACTION_REJECT)) {
        int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
        int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
        int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
        r |= RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    }
    SCReturnInt(0);
}

int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
{
    SCEnter();
    if (PacketCheckAction(p, ACTION_REJECT)) {
        int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
        int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
        int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
        r |= RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    }
    SCReturnInt(0);
}

int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
{
    SCEnter();
    if (PacketCheckAction(p, ACTION_REJECT)) {
        int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
        int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
        int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
        r |= RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
        SCReturnInt(r);
    }
    SCReturnInt(0);
}

Line	Count	Source
1		/* Copyright (C) 2007-2020 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		/**
19		* \file
20		*
21		* \author William Metcalf <william.metcalf@gmail.com>
22		*
23		* RespondReject is a threaded wrapper for sending Rejects
24		*
25		*/
26
27		#include "suricata-common.h"
28		#include "packet.h"
29		#include "decode.h"
30		#include "packet-queue.h"
31		#include "threads.h"
32		#include "threadvars.h"
33		#include "tm-queuehandlers.h"
34		#include "tm-threads.h"
35		#include "action-globals.h"
36
37		#include "respond-reject.h"
38		#include "respond-reject-libnet11.h"
39
40		#include "util-debug.h"
41		#include "util-privs.h"
42
43		int RejectSendIPv4TCP(ThreadVars , Packet , void *);
44		int RejectSendIPv4ICMP(ThreadVars , Packet , void *);
45		int RejectSendIPv6TCP(ThreadVars , Packet , void *);
46		int RejectSendIPv6ICMP(ThreadVars , Packet , void *);
47		static TmEcode RespondRejectFunc(ThreadVars tv, Packet p, void *data);
48		static TmEcode RespondRejectThreadDeinit(ThreadVars tv, void data);
49
50		void TmModuleRespondRejectRegister (void)
51	71	{
52	71	tmm_modules[TMM_RESPONDREJECT].name = "RespondReject";
53	71	tmm_modules[TMM_RESPONDREJECT].ThreadInit = NULL;
54	71	tmm_modules[TMM_RESPONDREJECT].Func = RespondRejectFunc;
55	71	tmm_modules[TMM_RESPONDREJECT].ThreadDeinit = RespondRejectThreadDeinit;
56	71	tmm_modules[TMM_RESPONDREJECT].cap_flags = 0; /* libnet is not compat with caps */
57	71	}
58
59		static TmEcode RespondRejectThreadDeinit(ThreadVars tv, void data)
60	0	{
61	0	FreeCachedCtx();
62	0	return TM_ECODE_OK;
63	0	}
64
65		static TmEcode RespondRejectFunc(ThreadVars tv, Packet p, void *data)
66	0	{
67		/* ACTION_REJECT defaults to rejecting the SRC */
68	0	if (likely(PacketCheckAction(p, ACTION_REJECT_ANY) == 0)) {
69	0	return TM_ECODE_OK;
70	0	}
71
72	0	if (IS_TUNNEL_PKT(p)) {
73	0	return TM_ECODE_OK;
74	0	}
75
76	0	if (PKT_IS_IPV4(p)) {
77	0	if (PKT_IS_TCP(p)) {
78	0	(void)RejectSendIPv4TCP(tv, p, data);
79	0	} else {
80	0	(void)RejectSendIPv4ICMP(tv, p, data);
81	0	}
82	0	} else if (PKT_IS_IPV6(p)) {
83	0	if (PKT_IS_TCP(p)) {
84	0	(void)RejectSendIPv6TCP(tv, p, data);
85	0	} else {
86	0	(void)RejectSendIPv6ICMP(tv, p, data);
87	0	}
88	0	}
89
90	0	return TM_ECODE_OK;
91	0	}
92
93		int RejectSendIPv4TCP(ThreadVars tv, Packet p, void *data)
94	0	{
95	0	SCEnter();
96	0	if (PacketCheckAction(p, ACTION_REJECT)) {
97	0	int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
98	0	SCReturnInt(r);
99	0	} else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
100	0	int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
101	0	SCReturnInt(r);
102	0	} else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
103	0	int r = RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_SRC);
104	0	r \|= RejectSendLibnet11IPv4TCP(tv, p, data, REJECT_DIR_DST);
105	0	SCReturnInt(r);
106	0	}
107	0	SCReturnInt(0);
108	0	}
109
110		int RejectSendIPv4ICMP(ThreadVars tv, Packet p, void *data)
111	0	{
112	0	SCEnter();
113	0	if (PacketCheckAction(p, ACTION_REJECT)) {
114	0	int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
115	0	SCReturnInt(r);
116	0	} else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
117	0	int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
118	0	SCReturnInt(r);
119	0	} else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
120	0	int r = RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
121	0	r \|= RejectSendLibnet11IPv4ICMP(tv, p, data, REJECT_DIR_DST);
122	0	SCReturnInt(r);
123	0	}
124	0	SCReturnInt(0);
125	0	}
126
127		int RejectSendIPv6TCP(ThreadVars tv, Packet p, void *data)
128	0	{
129	0	SCEnter();
130	0	if (PacketCheckAction(p, ACTION_REJECT)) {
131	0	int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
132	0	SCReturnInt(r);
133	0	} else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
134	0	int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
135	0	SCReturnInt(r);
136	0	} else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
137	0	int r = RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_SRC);
138	0	r \|= RejectSendLibnet11IPv6TCP(tv, p, data, REJECT_DIR_DST);
139	0	SCReturnInt(r);
140	0	}
141	0	SCReturnInt(0);
142	0	}
143
144		int RejectSendIPv6ICMP(ThreadVars tv, Packet p, void *data)
145	0	{
146	0	SCEnter();
147	0	if (PacketCheckAction(p, ACTION_REJECT)) {
148	0	int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
149	0	SCReturnInt(r);
150	0	} else if (PacketCheckAction(p, ACTION_REJECT_DST)) {
151	0	int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
152	0	SCReturnInt(r);
153	0	} else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) {
154	0	int r = RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
155	0	r \|= RejectSendLibnet11IPv6ICMP(tv, p, data, REJECT_DIR_DST);
156	0	SCReturnInt(r);
157	0	}
158	0	SCReturnInt(0);
159	0	}

Coverage Report

Created: 2025-11-16 07:09