int GetLWSessionKey(Packet *p, SessionKey *key)
{
u_int16_t sport;
u_int16_t dport;
int proto;
/* Because the key is going to be used for hash lookups,
* the lower of the values of the IP address field is
* stored in the key->ip_l and the port for that ip is
* stored in key->port_l.
*/
if (!key)
return 0;
#ifdef SUP_IP6
if (IS_IP4(p))
{
u_int32_t *src;
u_int32_t *dst;
proto = p->iph->ip_proto;
switch (proto)
{
case IPPROTO_TCP:
case IPPROTO_UDP:
sport = p->sp;
dport = p->dp;
break;
case IPPROTO_ICMP:
default:
sport = dport = 0;
break;
}
src = p->ip4h.ip_src.ip32;
dst = p->ip4h.ip_dst.ip32;
/* These comparisons are done in this fashion for performance reasons */
if (*src < *dst)
{
COPY4(key->ip_l, src);
COPY4(key->ip_h, dst);
key->port_l = sport;
key->port_h = dport;
}
else if (*src == *dst)
{
COPY4(key->ip_l, src);
COPY4(key->ip_h, dst);
if (sport < dport)
{
key->port_l = sport;
key->port_h = dport;
}
else
{
key->port_l = dport;
key->port_h = sport;
}
}
else
{
COPY4(key->ip_l, dst);
key->port_l = dport;
COPY4(key->ip_h, src);
key->port_h = sport;
}
#ifdef MPLS
if(pv.overlapping_IP && (p->mpls)
&& isPrivateIP(*src) && isPrivateIP(*dst) )
{
key->mplsLabel = p->mplsHdr.label;
} else {
key->mplsLabel = 0;
}
#endif
}
else
{
/* IPv6 */
sfip_t *src;
sfip_t *dst;
proto = p->ip6h.next;
switch (proto)
{
case IPPROTO_TCP:
case IPPROTO_UDP:
sport = p->sp;
dport = p->dp;
break;
case IPPROTO_ICMP:
default:
sport = dport = 0;
break;
}
src = &p->ip6h.ip_src;
dst = &p->ip6h.ip_dst;
if (sfip_fast_lt6(src, dst))
{
COPY4(key->ip_l, src->ip32);
key->port_l = sport;
COPY4(key->ip_h, dst->ip32);
key->port_h = dport;
}
else if (sfip_fast_eq6(src, dst))
{
COPY4(key->ip_l, src->ip32);
COPY4(key->ip_h, dst->ip32);
if (sport < dport)
{
key->port_l = sport;
key->port_h = dport;
}
else
{
key->port_l = dport;
key->port_h = sport;
}
}
else
{
COPY4(key->ip_l, dst->ip32);
key->port_l = dport;
COPY4(key->ip_h, src->ip32);
key->port_h = sport;
}
#ifdef MPLS
if(pv.overlapping_IP && (p->mpls))
{
key->mplsLabel = p->mplsHdr.label;
} else {
key->mplsLabel = 0;
}
#endif
}
#else
proto = p->iph->ip_proto;
switch (proto)
{
case IPPROTO_TCP:
case IPPROTO_UDP:
sport = p->sp;
dport = p->dp;
break;
case IPPROTO_ICMP:
default:
sport = dport = 0;
break;
}
/* These comparisons are done in this fashion for performance reasons */
if (IP_LESSER(GET_SRC_IP(p), GET_DST_IP(p)))
{
IP_COPY_VALUE(key->ip_l, GET_SRC_IP(p));
key->port_l = sport;
IP_COPY_VALUE(key->ip_h, GET_DST_IP(p));
key->port_h = dport;
}
else if (IP_EQUALITY(GET_SRC_IP(p), GET_DST_IP(p)))
{
IP_COPY_VALUE(key->ip_l, GET_SRC_IP(p));
IP_COPY_VALUE(key->ip_h, GET_DST_IP(p));
if (sport < dport)
{
key->port_l = sport;
key->port_h = dport;
}
else
{
key->port_l = dport;
key->port_h = sport;
}
}
else
{
IP_COPY_VALUE(key->ip_l, GET_DST_IP(p));
key->port_l = dport;
IP_COPY_VALUE(key->ip_h, GET_SRC_IP(p));
key->port_h = sport;
}
#ifdef MPLS
if(pv.overlapping_IP && (p->mpls)
&& isPrivateIP(key->ip_l) && isPrivateIP(key->ip_h))
{
key->mplsLabel = p->mplsHdr.label;
} else {
key->mplsLabel = 0;
}
#endif
#endif
key->protocol = proto;
if (p->vh)
key->vlan_tag = (u_int16_t)VTH_VLAN(p->vh);
else
key->vlan_tag = 0;
key->pad = 0;
#ifdef MPLS
key->mplsPad = 0;
#endif
return 1;
}
int GetSessionKey(Packet *p, SessionHashKey *key)
{
ip_p srcIp, dstIp;
u_int16_t srcPort, dstPort;
if (!key)
return 0;
memset(key, 0, sizeof(SessionHashKey));
srcIp = GET_SRC_IP(p);
dstIp = GET_DST_IP(p);
if (p->tcph)
{
srcPort = p->tcph->th_sport;
dstPort = p->tcph->th_dport;
}
#ifdef STREAM4_UDP
else if (p->udph)
{
srcPort = p->udph->uh_sport;
dstPort = p->udph->uh_dport;
}
#endif
else
{
srcPort = 0;
dstPort = 0;
}
if (IP_LESSER(srcIp, dstIp))
{
IP_COPY_VALUE(key->lowIP, srcIp);
key->port = srcPort;
IP_COPY_VALUE(key->highIP, dstIp);
key->port2 = dstPort;
}
else if (IP_EQUALITY(srcIp, dstIp))
{
IP_COPY_VALUE(key->lowIP, srcIp);
IP_COPY_VALUE(key->highIP, dstIp);
if (srcPort < dstPort)
{
key->port = srcPort;
key->port2 = dstPort;
}
else
{
key->port2 = srcPort;
key->port = dstPort;
}
}
else
{
IP_COPY_VALUE(key->lowIP, dstIp);
key->port = dstPort;
IP_COPY_VALUE(key->highIP, srcIp);
key->port2 = srcPort;
}
key->proto = GET_IPH_PROTO(p);
#ifdef _LP64
key->pad1 = key->pad2 = 0;
#endif
return 1;
}
static int ProcessIcmpUnreach(Packet *p)
{
/* Handle ICMP unreachable */
SessionKey skey;
SessionControlBlock *ssn = NULL;
uint16_t sport;
uint16_t dport;
sfip_t *src;
sfip_t *dst;
/* No "orig" IP Header */
if (!p->orig_iph)
return 0;
/* Get TCP/UDP/ICMP session from original protocol/port info
* embedded in the ICMP Unreach message. This is already decoded
* in p->orig_foo. TCP/UDP ports are decoded as p->orig_sp/dp.
*/
skey.protocol = GET_ORIG_IPH_PROTO(p);
sport = p->orig_sp;
dport = p->orig_dp;
src = GET_ORIG_SRC(p);
dst = GET_ORIG_DST(p);
if (sfip_fast_lt6(src, dst))
{
COPY4(skey.ip_l, src->ip32);
skey.port_l = sport;
COPY4(skey.ip_h, dst->ip32);
skey.port_h = dport;
}
else if (IP_EQUALITY(GET_ORIG_SRC(p), GET_ORIG_DST(p)))
{
COPY4(skey.ip_l, src->ip32);
COPY4(skey.ip_h, skey.ip_l);
if (sport < dport)
{
skey.port_l = sport;
skey.port_h = dport;
}
else
{
skey.port_l = dport;
skey.port_h = sport;
}
}
else
{
COPY4(skey.ip_l, dst->ip32);
COPY4(skey.ip_h, src->ip32);
skey.port_l = dport;
skey.port_h = sport;
}
if (p->vh)
skey.vlan_tag = (uint16_t)VTH_VLAN(p->vh);
else
skey.vlan_tag = 0;
switch (skey.protocol)
{
case IPPROTO_TCP:
/* Lookup a TCP session */
ssn = GetLWTcpSession(&skey);
break;
case IPPROTO_UDP:
/* Lookup a UDP session */
ssn = GetLWUdpSession(&skey);
break;
case IPPROTO_ICMP:
/* Lookup a ICMP session */
ssn = session_api->get_session_by_key(icmp_lws_cache, &skey);
break;
}
if (ssn)
{
/* Mark this session as dead. */
DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE,
"Marking session as dead, per ICMP Unreachable!\n"););
ssn->ha_state.session_flags |= SSNFLAG_DROP_CLIENT;
ssn->ha_state.session_flags |= SSNFLAG_DROP_SERVER;
ssn->session_state |= STREAM_STATE_UNREACH;
}
