static int ICMPV4CalculateInvalidChecksumtest06(void) {
uint16_t csum = 0;
uint8_t raw_icmpv4[] = {
0x08, 0x00, 0xab, 0x9b, 0x7f, 0x2b, 0x05, 0x2c,
0x3f, 0x72, 0x93, 0x4a, 0x00, 0x4d, 0x0a, 0x00,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x38};
csum = *( ((uint16_t *)raw_icmpv4) + 1);
return (csum == ICMPV4CalculateChecksum((uint16_t *)raw_icmpv4, sizeof(raw_icmpv4)));
}
/**
* \brief Checks if the packet sent as the argument, has a valid or invalid
* icmpv4 checksum, based on whether icmpv4-csum option for this rule
* has been supplied with "valid" or "invalid" argument
*
* \param t Pointer to the tv for this detection module instance
* \param det_ctx Pointer to the detection engine thread context
* \param p Pointer to the Packet currently being matched
* \param s Pointer to the Signature, the packet is being currently
* matched with
* \param m Pointer to the keyword_structure(SigMatch) from the above
* Signature, the Packet is being currently matched with
*
* \retval 1 if the Packet contents match the keyword option; 0 otherwise
*/
static int DetectICMPV4CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
Packet *p, const Signature *s, const SigMatchCtx *ctx)
{
const DetectCsumData *cd = (const DetectCsumData *)ctx;
if (p->ip4h == NULL || p->icmpv4h == NULL || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p))
return 0;
if (p->flags & PKT_IGNORE_CHECKSUM) {
return cd->valid;
}
if (p->level4_comp_csum == -1)
p->level4_comp_csum = ICMPV4CalculateChecksum((uint16_t *)p->icmpv4h,
ntohs(IPV4_GET_RAW_IPLEN(p->ip4h)) -
IPV4_GET_RAW_HLEN(p->ip4h) * 4);
if (p->level4_comp_csum == p->icmpv4h->checksum && cd->valid == 1)
return 1;
else if (p->level4_comp_csum != p->icmpv4h->checksum && cd->valid == 0)
return 1;
else
return 0;
}