diff options
| author | Luca Deri <deri@ntop.org> | 2024-10-18 00:00:33 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-10-18 00:00:33 +0200 |
| commit | 29d7344b3ec5dea29975e9b15ce23d4450ccd04f (patch) | |
| tree | aa7305dbf70021f643c2fb36cc80acf8b436b84d /src/lib/ndpi_main.c | |
| parent | 6a744d05443bdd0d079b2abc6c7408a625ebf20d (diff) | |
Added TCP header check
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 99 |
1 files changed, 51 insertions, 48 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index aa1e58a6b..1f24f47ef 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6911,7 +6911,7 @@ static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str, if(l4protocol == IPPROTO_TCP) { u_int16_t header_len; - if(l4_packet_len < 20 /* min size of tcp */) + if(l4_packet_len < sizeof(struct ndpi_tcphdr) /* min size of tcp */) return(1); /* tcp */ @@ -6927,63 +6927,66 @@ static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str, u_int8_t *options = (u_int8_t*)(&t[sizeof(struct ndpi_tcphdr)]); char fingerprint[128], options_fp[128]; u_int8_t i, fp_idx = 0, options_fp_idx = 0; - u_int8_t options_len = header_len - sizeof(struct ndpi_tcphdr); - u_int16_t tcp_win = ntohs(packet->tcp->window); - u_int8_t ip_ttl; - u_int8_t sha_hash[NDPI_SHA256_BLOCK_SIZE]; + + if(header_len >= sizeof(struct ndpi_tcphdr)) { + u_int8_t options_len = header_len - sizeof(struct ndpi_tcphdr); + u_int16_t tcp_win = ntohs(packet->tcp->window); + u_int8_t ip_ttl; + u_int8_t sha_hash[NDPI_SHA256_BLOCK_SIZE]; - if(packet->iph) - ip_ttl = packet->iph->ttl; - else - ip_ttl = packet->iphv6->ip6_hdr.ip6_un1_hlim; - - if(ip_ttl <= 32) ip_ttl = 32; - else if(ip_ttl <= 64) ip_ttl = 64; - else if(ip_ttl <= 128) ip_ttl = 128; - else if(ip_ttl <= 192) ip_ttl = 192; - else ip_ttl = 255; + if(packet->iph) + ip_ttl = packet->iph->ttl; + else + ip_ttl = packet->iphv6->ip6_hdr.ip6_un1_hlim; + + if(ip_ttl <= 32) ip_ttl = 32; + else if(ip_ttl <= 64) ip_ttl = 64; + else if(ip_ttl <= 128) ip_ttl = 128; + else if(ip_ttl <= 192) ip_ttl = 192; + else ip_ttl = 255; - fp_idx = snprintf(fingerprint, sizeof(fingerprint), "%u_%u_", ip_ttl, tcp_win); + fp_idx = snprintf(fingerprint, sizeof(fingerprint), "%u_%u_", ip_ttl, tcp_win); - for(i=0; i<options_len; ) { - u_int8_t kind = options[i]; - int rc; - - rc = snprintf(&options_fp[options_fp_idx], sizeof(options_fp)-options_fp_idx, "%02x", kind); - options_fp_idx += rc; + for(i=0; i<options_len; ) { + u_int8_t kind = options[i]; + int rc; - if(kind == 0) /* EOF */ - break; - else if(kind == 1) /* NOP */ - i++; - else { - u_int8_t len = options[i+1]; + rc = snprintf(&options_fp[options_fp_idx], sizeof(options_fp)-options_fp_idx, "%02x", kind); + options_fp_idx += rc; - if(len == 0) + if(kind == 0) /* EOF */ break; - else if(kind == 8) { - /* Timestamp: ignore it */ - } else { - int j = i+2; - u_int8_t opt_len = len - 2; - - while((opt_len > 0) && (j < options_len)) { - rc = snprintf(&options_fp[options_fp_idx], sizeof(options_fp)-options_fp_idx, "%02x", options[j]); - options_fp_idx += rc; - j++, opt_len--; + else if(kind == 1) /* NOP */ + i++; + else { + u_int8_t len = options[i+1]; + + if(len == 0) + break; + else if(kind == 8) { + /* Timestamp: ignore it */ + } else { + int j = i+2; + u_int8_t opt_len = len - 2; + + while((opt_len > 0) && (j < options_len)) { + rc = snprintf(&options_fp[options_fp_idx], sizeof(options_fp)-options_fp_idx, "%02x", options[j]); + options_fp_idx += rc; + j++, opt_len--; + } } - } - i += len; - } - } /* for */ + i += len; + } + } /* for */ - ndpi_sha256((const u_char*)options_fp, options_fp_idx, sha_hash); - snprintf(&fingerprint[fp_idx], sizeof(fingerprint)-fp_idx, "%02x%02x%02x%02x%02x%02x", - sha_hash[0], sha_hash[1], sha_hash[2], - sha_hash[3], sha_hash[4], sha_hash[5]); + ndpi_sha256((const u_char*)options_fp, options_fp_idx, sha_hash); + snprintf(&fingerprint[fp_idx], sizeof(fingerprint)-fp_idx, "%02x%02x%02x%02x%02x%02x", + sha_hash[0], sha_hash[1], sha_hash[2], + sha_hash[3], sha_hash[4], sha_hash[5]); - flow->tcp.fingerprint = ndpi_strdup(fingerprint); + flow->tcp.fingerprint = ndpi_strdup(fingerprint); + } } } |