diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-12-04 13:30:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-04 13:30:10 +0100 |
| commit | 7cba34a1e3aef9cb057db2a5f5fab22473aabc48 (patch) | |
| tree | 24c8a1192f90cedf60ba1c8c4ecbb8bc242755ed /src/lib/protocols/capwap.c | |
| parent | 6e86e6d924286491055608850e1df2db0c2322ad (diff) | |
Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1380)
There are no valid reasons for a (generic) protocol to ignore IPv6
traffic.
Note that:
* I have not found the specifications of "CheckPoint High Availability
Protocol", so I don't know how/if it supports IPv6
* all LRU caches are still IPv4 only
Even if src_id/dst_id stuff is probably useless (see #1279), the right
way to update the protocol classification is via `ndpi_set_detected_protocol()`
Diffstat (limited to 'src/lib/protocols/capwap.c')
| -rw-r--r-- | src/lib/protocols/capwap.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c index 73ec2b887..5d1831847 100644 --- a/src/lib/protocols/capwap.c +++ b/src/lib/protocols/capwap.c @@ -34,6 +34,30 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct * ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CAPWAP, NDPI_PROTOCOL_UNKNOWN); } +static int is_capwap_multicast(const struct ndpi_packet_struct *packet) +{ + /* RFC 5115 Sec 3.3 + "The WTP MUST send the Discovery Request + message to either the limited broadcast IP address (255.255.255.255), + the well-known CAPWAP multicast address (224.0.1.140), or to the + unicast IP address of the AC. For IPv6 networks, since broadcast + does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0: + 0:0:18C) is used instead. + */ + if(packet->iph) { + if((packet->iph->daddr == 0xFFFFFFFF) || + (ntohl(packet->iph->daddr) == 0XE000018C)) + return 1; + } else if(packet->iphv6) { + if(((ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] & 0xFFF0FFFF) == 0xFF000000)) && + (packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == 0) && + (packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == 0) && + (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == 0x0000018C))) + return 1; + } + return 0; +} + /* ************************************************** */ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct, @@ -41,15 +65,10 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport, dport; - if(!packet->iph) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); if((dport == NDPI_CAPWAP_CONTROL_PORT) - && (packet->iph->daddr == 0xFFFFFFFF) + && (is_capwap_multicast(packet)) && (packet->payload_packet_len >= 16) && (packet->payload[0] == 0x0) && (packet->payload[8] == 6 /* Mac len */) @@ -75,7 +94,7 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s } if( - (((dport == NDPI_CAPWAP_DATA_PORT) && (packet->iph->daddr != 0xFFFFFFFF)) || (sport == NDPI_CAPWAP_DATA_PORT)) + (((dport == NDPI_CAPWAP_DATA_PORT) && (!is_capwap_multicast(packet))) || (sport == NDPI_CAPWAP_DATA_PORT)) && (packet->payload_packet_len >= 16) && (packet->payload[0] == 0x0) ) { @@ -117,7 +136,7 @@ void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("CAPWAP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CAPWAP, ndpi_search_capwap, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); |