diff options
| author | Luca <deri@ntop.org> | 2020-02-10 15:04:37 +0100 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2020-02-10 15:04:37 +0100 |
| commit | af6c86de2838a556997451ffd8e5c761b8b634f2 (patch) | |
| tree | 89aeda8b4e775cbb0fa136a50985068d373357b0 /example/reader_util.c | |
| parent | 452ba1f339ae112492b75b0c53f5c2dd98ab92d2 (diff) | |
| parent | 34984f1aec0eebdbee47408480c4f4cdb57cf0b3 (diff) | |
Merge branch 'dev' of https://github.com/ntop/nDPI into dev
Diffstat (limited to 'example/reader_util.c')
| -rw-r--r-- | example/reader_util.c | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 6d90121d2..ae132fcff 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -671,6 +671,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow l3 = (const u_int8_t*)iph; } else { l4_offset = sizeof(struct ndpi_ipv6hdr); + if(sizeof(struct ndpi_ipv6hdr) > ipsize) + return NULL; + l3 = (const u_int8_t*)iph6; } @@ -972,7 +975,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl inet_ntop(AF_INET, &flow->ndpi_flow->protos.dns.rsp_addr.ipv4, flow->info, sizeof(flow->info)); else { inet_ntop(AF_INET6, &flow->ndpi_flow->protos.dns.rsp_addr.ipv6, flow->info, sizeof(flow->info)); - + /* For consistency across platforms replace :0: with :: */ ndpi_patchIPv6Address(flow->info); } @@ -1069,6 +1072,15 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20); flow->ssh_tls.sha1_cert_fingerprint_set = 1; } + + if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn + && flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions) + snprintf(flow->info, sizeof(flow->info), "ALPN: %s][TLS Supported Versions: %s", + flow->ndpi_flow->protos.stun_ssl.ssl.alpn, + flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions); + else if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) + snprintf(flow->info, sizeof(flow->info), "ALPN: %s", + flow->ndpi_flow->protos.stun_ssl.ssl.alpn); } if(flow->detection_completed && (!flow->check_extra_packets)) { @@ -1287,11 +1299,11 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((proto == IPPROTO_TCP) && ( - is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) - ) { + is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) + ) { if((flow->src2dst_packets+flow->dst2src_packets) < 10 /* MIN_NUM_ENCRYPT_SKIP_PACKETS */) skip = 1; } @@ -1306,10 +1318,10 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, } else { if((proto == IPPROTO_TCP) && ( - is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) - || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) + is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) + || is_ndpi_proto(flow, NDPI_PROTOCOL_SSH) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSH)) ) flow->has_human_readeable_strings = 0; } @@ -1437,7 +1449,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(header->caplen < 40) return(nproto); /* Too short */ - + datalink_check: switch(datalink_type) { case DLT_NULL: @@ -1506,6 +1518,10 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, return(nproto); } + if(header->caplen < (eth_offset + radio_len + sizeof(struct ndpi_wifi_header))) + return(nproto); + + /* Calculate 802.11 header length (variable) */ wifi = (struct ndpi_wifi_header*)( packet + eth_offset + radio_len); fc = wifi->fc; @@ -1548,7 +1564,7 @@ ether_type_check: vlan_packet = 1; // double tagging for 802.1Q - while((type == 0x8100) && (ip_offset < ((u_int16_t)header->caplen))) { + while((type == 0x8100) && (((bpf_u_int32)ip_offset) < header->caplen)) { vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; ip_offset += 4; |