Add ICMP checksum check and set risk if mismatch detected. (#1464)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-03-02 13:12:01 +0100
committer: GitHub <noreply@github.com> 2022-03-02 13:12:01 +0100
commit: e8559a4127a75993655a75e0595c76378873ae51 (patch)
tree: 0a6b10f46b91a391ddc92bdc3ddffb1c0438fcc2 /src/lib/ndpi_main.c
parent: 6c4df21238e2002bfea04ac95d39afb36cbc3d37 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index d9dc9ec02..f85ff831d 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3066,6 +3066,12 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
 	    if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) {
 	      ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY);
 	    }
+
+	    struct ndpi_icmphdr * const icmphdr = (struct ndpi_icmphdr *)packet->payload;
+	    u_int16_t chksm = ndpi_calculate_icmp4_checksum(packet->payload, packet->payload_packet_len);
+	    if (icmphdr->checksum != chksm) {
+	      ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
+	    }
 	  }
 	}
       }
author	Toni <matzeton@googlemail.com>	2022-03-02 13:12:01 +0100
committer	GitHub <noreply@github.com>	2022-03-02 13:12:01 +0100
commit	e8559a4127a75993655a75e0595c76378873ae51 (patch)
tree	0a6b10f46b91a391ddc92bdc3ddffb1c0438fcc2 /src/lib/ndpi_main.c
parent	6c4df21238e2002bfea04ac95d39afb36cbc3d37 (diff)