diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2021-09-18 10:37:01 +0200 |
|---|---|---|
| committer | Nardi Ivan <nardi.ivan@gmail.com> | 2021-09-19 17:29:22 +0200 |
| commit | 03d3e1bafcc2cd966e6590f26de53a3b70901425 (patch) | |
| tree | fca1cbf4a22ad3435ec00561df6a88746fc981bd /example | |
| parent | 994bd0696b348adbdd29ede905a53d548c2a2cff (diff) | |
Fix parsing of ipv6 packets with extension headers
Decoding of ipv6 traffic with extension headers was completely broken,
since the beginning of the L4 header was always set to a wrong value.
Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first
one and drop the others.
Diffstat (limited to 'example')
| -rw-r--r-- | example/reader_util.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 9a96810b6..453660ce7 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -669,6 +669,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int16_t ip_offset, u_int16_t ipsize, u_int16_t l4_packet_len, + u_int16_t l4_offset, struct ndpi_tcphdr **tcph, struct ndpi_udphdr **udph, u_int16_t *sport, u_int16_t *dport, @@ -679,7 +680,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int16_t *payload_len, u_int8_t *src_to_dst_direction, pkt_timeval when) { - u_int32_t idx, l4_offset, hashval; + u_int32_t idx, hashval; struct ndpi_flow_info flow; void *ret; const u_int8_t *l3, *l4; @@ -697,11 +698,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow /* || (iph->frag_off & htons(0x1FFF)) != 0 */) return NULL; - l4_offset = iph->ihl * 4; l3 = (const u_int8_t*)iph; } else { - l4_offset = sizeof(struct ndpi_ipv6hdr); - if(sizeof(struct ndpi_ipv6hdr) > ipsize) + if(l4_offset > ipsize) return NULL; l3 = (const u_int8_t*)iph6; @@ -988,7 +987,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo return(get_ndpi_flow_info(workflow, 6, vlan_id, tunnel_type, &iph, iph6, ip_offset, ipsize, - ntohs(iph6->ip6_hdr.ip6_un1_plen), + ip_len, l4ptr - (const u_int8_t *)iph6, tcph, udph, sport, dport, src, dst, proto, payload, payload_len, src_to_dst_direction, when)); @@ -1325,6 +1324,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, tunnel_type, iph, NULL, ip_offset, ipsize, ntohs(iph->tot_len) - (iph->ihl * 4), + iph->ihl * 4, &tcph, &udph, &sport, &dport, &src, &dst, &proto, &payload, &payload_len, &src_to_dst_direction, when); |