diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-02-10 11:46:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-10 11:46:32 +0100 |
| commit | ada7d32c50d8930f1a1a0707cb55b2053e348373 (patch) | |
| tree | 1452878c558bfe22b5a5ccdd3442a871868204e2 | |
| parent | 1431aa3d1c7cc27bf5cd1f08e485c2fd36c653ed (diff) | |
HSRP: fix dissection over IPv6 (#1443)
Handle all message types.
| -rw-r--r-- | src/lib/protocols/hsrp.c | 4 | ||||
| -rw-r--r-- | tests/result/hsrp2_ipv6.pcapng.out | 15 |
2 files changed, 7 insertions, 12 deletions
diff --git a/src/lib/protocols/hsrp.c b/src/lib/protocols/hsrp.c index 6852c0da4..a34205f99 100644 --- a/src/lib/protocols/hsrp.c +++ b/src/lib/protocols/hsrp.c @@ -42,9 +42,7 @@ void ndpi_search_hsrp(struct ndpi_detection_module_struct *ndpi_struct, port_to_match = htons(HSRP_PORT_V6); if((packet->udp->source == port_to_match) && (packet->udp->dest == port_to_match) - && (packet->payload_packet_len >= 42) - && (packet->payload[2] == 0x02) /* Version 2 */ - && (packet->payload[5] == 0x06) /* IPv6 */ + && (packet->payload[0] <= 0x04) /* Message type */ && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000) && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[1]) == 0x00000000) && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[2]) == 0x00000000) diff --git a/tests/result/hsrp2_ipv6.pcapng.out b/tests/result/hsrp2_ipv6.pcapng.out index 1fc1d178f..670634870 100644 --- a/tests/result/hsrp2_ipv6.pcapng.out +++ b/tests/result/hsrp2_ipv6.pcapng.out @@ -1,12 +1,9 @@ -Guessed flow protos: 2 +Guessed flow protos: 0 -DPI Packets (UDP): 36 (18.00 pkts/flow) -Confidence Unknown : 2 (flows) +DPI Packets (UDP): 2 (1.00 pkts/flow) +Confidence DPI : 2 (flows) -Unknown 36 4374 2 +HSRP 36 4374 2 - - -Undetected flows: - 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 0/Unknown][ClearText][Confidence: Unknown][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 0/Unknown][ClearText][Confidence: Unknown][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][ClearText][Confidence: DPI][cat: Network/14][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 282/HSRP][ClearText][Confidence: DPI][cat: Network/14][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Risk: ** Known Protocol on Non Standard Port **][Risk Score: 50][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |