Add ICMP checksum check and set risk if mismatch detected.add/icmp-tunnel-chksm-risk

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-03-01 13:28:28 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2022-03-02 12:07:51 +0100
commit: d7657dd1d41a5f8ec5ce0fc53a9a91b48472dfce (patch)
tree: c6d1500792b187e8997277391b80e7035ae53376 /src/lib/ndpi_main.c
parent: 61a3c2eb5b3cac0f36a1bfadc5261b7694d3bfab (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 335cccba2..8b654e2de 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3030,6 +3030,12 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
 	    if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) {
 	      ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY);
 	    }
+
+	    struct ndpi_icmphdr * const icmphdr = (struct ndpi_icmphdr *)packet->payload;
+	    u_int16_t chksm = ndpi_calculate_icmp4_checksum(packet->payload, packet->payload_packet_len);
+	    if (icmphdr->checksum != chksm) {
+	      ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
+	    }
 	  }
 	}
       }
author	Toni Uhlig <matzeton@googlemail.com>	2022-03-01 13:28:28 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2022-03-02 12:07:51 +0100
commit	d7657dd1d41a5f8ec5ce0fc53a9a91b48472dfce (patch)
tree	c6d1500792b187e8997277391b80e7035ae53376 /src/lib/ndpi_main.c
parent	61a3c2eb5b3cac0f36a1bfadc5261b7694d3bfab (diff)