diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-01-30 10:59:18 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-30 10:59:18 +0100 |
| commit | 9f27cd56b01db4c45fd5c3de8375b5287f9c72ce (patch) | |
| tree | 4af215bd4812f4e3498e5cece20f2041b4824f2c /example | |
| parent | 3e6cadbb76a3ebe9af7ff1b858f129116fbbb878 (diff) | |
ndpiReader: fix packet dissection (CAPWAP and TSO) (#1878)
Fix decapsulation of CAPWAP; we are interested only in "real" user data
tunneled via CAPWAP.
When Tcp Segmentation Offload is enabled in the NIC, the received packet
might have 0 as "ip length" in the IPv4 header
(see
https://osqa-ask.wireshark.org/questions/16279/why-are-the-bytes-00-00-but-wireshark-shows-an-ip-total-length-of-2016/)
The effect of these two bugs was that some packets were discarded.
Be sure that flows order is deterministic
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 1 | ||||
| -rw-r--r-- | example/reader_util.c | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 66706044a..925592de9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -656,6 +656,7 @@ int cmpFlows(const void *_a, const void *_b) { if(htons(fa->src_port) < htons(fb->src_port)) return(-1); else { if(htons(fa->src_port) > htons(fb->src_port)) return(1); } if(htonl(fa->dst_ip) < htonl(fb->dst_ip) ) return(-1); else { if(htonl(fa->dst_ip) > htonl(fb->dst_ip) ) return(1); } if(htons(fa->dst_port) < htons(fb->dst_port)) return(-1); else { if(htons(fa->dst_port) > htons(fb->dst_port)) return(1); } + if(fa->vlan_id < fb->vlan_id) return(-1); else { if(fa->vlan_id > fb->vlan_id) return(1); } return(0); } diff --git a/example/reader_util.c b/example/reader_util.c index 5c2a45914..62fa3046a 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1465,7 +1465,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow = get_ndpi_flow_info(workflow, IPVERSION, vlan_id, tunnel_type, iph, NULL, ip_offset, ipsize, - ntohs(iph->tot_len) - (iph->ihl * 4), + ntohs(iph->tot_len) ? (ntohs(iph->tot_len) - (iph->ihl * 4)) : ipsize - (iph->ihl * 4) /* TSO */, iph->ihl * 4, &tcph, &udph, &sport, &dport, &proto, @@ -2228,7 +2228,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, offset += msg_len; - if((offset + 32 < header->caplen)) { + if((offset + 32 < header->caplen) && + (packet[offset + 1] == 0x08)) { /* IEEE 802.11 Data */ offset += 24; /* LLC header is 8 bytes */ |