tftp: check incrementation for DATA and ACK packets

The 2 bytes following the opcode for DATA and ACK packets are the block number and this should be incrementing every packet. We should check to see that this is occurring otherwise false matches can occur, eg L2TPv3 over UDP matches the DATA opcode but the next two bytes are always zero. Remove the DATA max block size assumption since this can be false if the blksize option is used to increase it. Fixes #2070
author: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz> 2023-08-29 13:14:27 +1200
committer: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-09-12 13:12:14 +0200
commit: a5f0cb7e6c4cfb45666876b79f23f2ec7a56a870 (patch)
tree: 1d28f046b8010caa89f94113217337f44d5f84cc /src/include/ndpi_typedefs.h
parent: 7263562514ac8c98ca923b98cc89d4c10bbdb30f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index d440a9e74..4d4d22161 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -921,6 +921,10 @@ struct ndpi_flow_udp_struct {
   /* NDPI_PROTOCOL_LINE_CALL */
   u_int8_t line_pkts[2];
   u_int8_t line_base_cnt[2];
+
+  /* NDPI_PROTOCOL_TFTP */
+  u_int16_t tftp_data_num;
+  u_int16_t tftp_ack_num;
 };
 
 /* ************************************************** */
author	Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>	2023-08-29 13:14:27 +1200
committer	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-09-12 13:12:14 +0200
commit	a5f0cb7e6c4cfb45666876b79f23f2ec7a56a870 (patch)
tree	1d28f046b8010caa89f94113217337f44d5f84cc /src/include/ndpi_typedefs.h
parent	7263562514ac8c98ca923b98cc89d4c10bbdb30f (diff)