Fix MPLS header parsing in ndpiReader.

Reported at https://bugs.debian.org/886133.
The current parsing for the MPLS header in examples/ndpi_util.c has
multiple issues:
- the bitfield order is incorrect for little endian architectures
- ntohl() is applied to a 20 bit label, which has unclear purpose
- if multiple labels are detected, the while loop parsing labels will
never exit due to a missing re-read of the mpls label
- the last label is identified by looking inside the label field, while
it should be done by looking at the S bit

This change fixes the above issues.
Notice that bitfield ordering is implementation-dependent, so C
bitfields should not be used in the first place to parse network
packets.

1 files changed, 9 insertions, 6 deletions

diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index d0a8470dc..af83c6d14 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -689,7 +689,10 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow,
   const struct ndpi_wifi_header *wifi;
 
   /* --- MPLS header --- */
-  struct ndpi_mpls_header *mpls;
+  union mpls {
+    uint32_t u32;
+    struct ndpi_mpls_header mpls;
+  } mpls;
 
   /** --- IP header --- **/
   struct ndpi_iphdr *iph;
@@ -846,15 +849,15 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow,
     break;
   case MPLS_UNI:
   case MPLS_MULTI:
-    mpls = (struct ndpi_mpls_header *) &packet[ip_offset];
-    label = ntohl(mpls->label);
-    /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */
+    mpls.u32 = *((uint32_t *) &packet[ip_offset]);
+    mpls.u32 = ntohl(mpls.u32);
     workflow->stats.mpls_count++;
     type = ETH_P_IP, ip_offset += 4;
 
-    while((label & 0x100) != 0x100) {
+    while(!mpls.mpls.s) {
       ip_offset += 4;
-      label = ntohl(mpls->label);
+      mpls.u32 = *((uint32_t *) &packet[ip_offset]);
+      mpls.u32 = ntohl(mpls.u32);
     }
     break;
   case PPPoE: