diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-02-09 11:47:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-09 11:47:37 +0100 |
| commit | b5eea436ae151c0affeebbb79cd64f309555a3e6 (patch) | |
| tree | 9b6ae6d4b81532507ff0d824dc757a99216fa8b0 | |
| parent | 4cf853548c6744af6581ebf6becd37417e164a75 (diff) | |
HSRP: add support for IPv6 (#1440)
| -rw-r--r-- | src/lib/protocols/hsrp.c | 23 | ||||
| -rw-r--r-- | tests/pcap/hsrp2_ipv6.pcapng | bin | 0 -> 5684 bytes | |||
| -rw-r--r-- | tests/result/hsrp2_ipv6.pcapng.out | 12 |
3 files changed, 32 insertions, 3 deletions
diff --git a/src/lib/protocols/hsrp.c b/src/lib/protocols/hsrp.c index 4b8359548..6852c0da4 100644 --- a/src/lib/protocols/hsrp.c +++ b/src/lib/protocols/hsrp.c @@ -28,16 +28,33 @@ #include "ndpi_api.h" -#define HSRP_PORT 1985 +#define HSRP_PORT 1985 +#define HSRP_PORT_V6 2029 void ndpi_search_hsrp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; + u_int16_t port_to_match; NDPI_LOG_DBG(ndpi_struct, "search HSRP\n"); - if(packet->iph && packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { - u_int16_t port_to_match = htons(HSRP_PORT); + if(packet->iphv6) { + port_to_match = htons(HSRP_PORT_V6); + + if((packet->udp->source == port_to_match) && (packet->udp->dest == port_to_match) + && (packet->payload_packet_len >= 42) + && (packet->payload[2] == 0x02) /* Version 2 */ + && (packet->payload[5] == 0x06) /* IPv6 */ + && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000) + && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[1]) == 0x00000000) + && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[2]) == 0x00000000) + && (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[3]) == 0x00000066)) { /* multicast: ff02::66 */; + NDPI_LOG_INFO(ndpi_struct, "found HSRP\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HSRP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; + } + } else if(packet->iph) { + port_to_match = htons(HSRP_PORT); if((packet->udp->source == port_to_match) && (packet->udp->dest == port_to_match)) { u_int8_t found = 0; diff --git a/tests/pcap/hsrp2_ipv6.pcapng b/tests/pcap/hsrp2_ipv6.pcapng Binary files differnew file mode 100644 index 000000000..0b36e7bc0 --- /dev/null +++ b/tests/pcap/hsrp2_ipv6.pcapng diff --git a/tests/result/hsrp2_ipv6.pcapng.out b/tests/result/hsrp2_ipv6.pcapng.out new file mode 100644 index 000000000..1fc1d178f --- /dev/null +++ b/tests/result/hsrp2_ipv6.pcapng.out @@ -0,0 +1,12 @@ +Guessed flow protos: 2 + +DPI Packets (UDP): 36 (18.00 pkts/flow) +Confidence Unknown : 2 (flows) + +Unknown 36 4374 2 + + + +Undetected flows: + 1 UDP [fe80::1]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 0/Unknown][ClearText][Confidence: Unknown][18 pkts/2286 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][138.56 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8110/0 21092/0 4624/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 127/0 138/0 25/0][Plen Bins: 16,0,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP [fe80::2]:2029 -> [ff02::66]:2029 [VLAN: 16][proto: 0/Unknown][ClearText][Confidence: Unknown][18 pkts/2088 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][131.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 73/0 7611/0 21554/0 5305/0][Pkt Len c2s/s2c min/avg/max/stddev: 72/0 116/0 138/0 31/0][Plen Bins: 33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |