diff options
| author | Vitaly Lavrov <vel21ripn@gmail.com> | 2022-03-08 02:20:56 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-08 00:20:56 +0100 |
| commit | a1451935b8653adc830ee4cb827def3622fb02d6 (patch) | |
| tree | 7056ae6059f3a4126afec650420654cba0f44e66 /src/lib | |
| parent | c345b3c7af89957ef4bc55e2ccf1b1a4bc724f3a (diff) | |
Errors fixed (#1482)
Fixed errors for bigendian platforms in ndpiReader.
All address and port comparisons and hash calculations are done with
endian in mind.
The get_ndpi_flow_info() function searched for an existing flow for the
forward and reverse direction of the packet.
The ndpi_workflow_node_cmp() function looked for a flow regardless of
the packet's direction. This is what led to an error in determining the
direction of transmission of the packet.
Fixed error in "synscan" test: the number of packets in the forward and
reverse direction is incorrectly defined (verified via tcpdump).
Fixed bug with icmp protocol checksum check for big endian platforms.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 14 |
2 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c9ca62ea3..c1fb6fc1d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3064,9 +3064,8 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY); } - struct ndpi_icmphdr * const icmphdr = (struct ndpi_icmphdr *)packet->payload; u_int16_t chksm = ndpi_calculate_icmp4_checksum(packet->payload, packet->payload_packet_len); - if (icmphdr->checksum != chksm) { + if (chksm) { ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); } } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 313448c51..efb7d26f2 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2300,24 +2300,26 @@ float ndpi_entropy(u_int8_t const * const buf, size_t len) { } /* ******************************************************************** */ +static inline uint16_t get_n16bit(uint8_t const * cbuf) { + uint16_t r = ((uint16_t)cbuf[0]) | (((uint16_t)cbuf[1]) << 8); + return r; +} -u_int16_t ndpi_calculate_icmp4_checksum(u_int8_t const * const buf, size_t len) { - u_int16_t const * sbuf = (u_int16_t *)buf; +u_int16_t ndpi_calculate_icmp4_checksum(const u_int8_t * buf, size_t len) { u_int32_t checksum = 0; /* * The first two bytes of the icmp header are required. * The next two bytes is the checksum, which we want to ignore. */ - checksum += *sbuf++; len -= 2; /* icmp->type, icmp->code */ - sbuf++; len -= 2; /* icmp->checksum */ for (; len > 1; len -= 2) { - checksum += *sbuf++; + checksum += get_n16bit(buf); + buf += 2; } if (len == 1) { - checksum += *(u_int8_t *)sbuf; + checksum += *buf; } checksum = (checksum >> 16) + (checksum & 0xFFFF); |