diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-02-10 09:16:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-10 09:16:27 +0100 |
| commit | ad25affcb7e40e64fa06c5f63e2eab0f12c7f517 (patch) | |
| tree | df148fe9482c1124aabb92e87c83133bb20116d3 | |
| parent | 31f0608b9aef16b8036c0509b63a3fe5efd6d17c (diff) | |
reader_util: fix GRE detunneling (#2314)
| -rw-r--r-- | example/reader_util.c | 3 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | tests/cfgs/default/pcap/gre.pcapng | bin | 0 -> 668 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/gre.pcapng.out | 28 |
4 files changed, 30 insertions, 3 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index bdf723e61..d42b92d25 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1783,10 +1783,9 @@ static uint32_t ndpi_is_valid_gre_tunnel(const struct pcap_pkthdr *header, struct ndpi_gre_basehdr *grehdr = (struct ndpi_gre_basehdr*)&packet[offset]; offset += sizeof(struct ndpi_gre_basehdr); /* - rfc-1701 The GRE flags are encoded in the first two octets. Bit 0 is the most significant bit, bit 15 is the least significant bit. Bits - 13 through 15 are reserved for the Version field. Bits 5 through + 13 through 15 are reserved for the Version field. Bits 9 through 12 are reserved for future use and MUST be transmitted as zero. */ if(NDPI_GRE_IS_FLAGS(grehdr->flags)) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index ee3128360..324e31c12 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -596,7 +596,7 @@ struct ndpi_vxlanhdr { #define NDPI_GRE_STRICT ntohs(0x0800) #define NDPI_GRE_REC ntohs(0x0700) #define NDPI_GRE_ACK ntohs(0x0080) -#define NDPI_GRE_FLAGS ntohs(0x00f8) +#define NDPI_GRE_FLAGS ntohs(0x0078) #define NDPI_GRE_VERSION ntohs(0x0007) #define NDPI_GRE_IS_CSUM(f) ((f) & NDPI_GRE_CSUM) diff --git a/tests/cfgs/default/pcap/gre.pcapng b/tests/cfgs/default/pcap/gre.pcapng Binary files differnew file mode 100644 index 000000000..af3f6eb42 --- /dev/null +++ b/tests/cfgs/default/pcap/gre.pcapng diff --git a/tests/cfgs/default/result/gre.pcapng.out b/tests/cfgs/default/result/gre.pcapng.out new file mode 100644 index 000000000..963287b74 --- /dev/null +++ b/tests/cfgs/default/result/gre.pcapng.out @@ -0,0 +1,28 @@ +DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 1 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 2/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +SIP 1 384 1 + +Acceptable 1 384 1 + + 1 UDP 192.168.10.210:5060 -> 192.168.103.40:5060 [VLAN: 142][proto: GRE:100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/384 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (SIP/2.0 100 Trying)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |