diff options
Diffstat (limited to 'example/reader_util.c')
| -rw-r--r-- | example/reader_util.c | 48 |
1 files changed, 31 insertions, 17 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index dbce3636e..3c1af8397 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1675,7 +1675,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, ip_len = ((u_int16_t)iph->ihl * 4); iph6 = NULL; - if(iph->protocol == IPPROTO_IPV6) { + if(iph->protocol == IPPROTO_IPV6 || iph->protocol == IPPROTO_IPIP) { ip_offset += ip_len; if(ip_len > 0) goto iph_check; @@ -1707,6 +1707,12 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &proto) != 0) { return(nproto); } + if(proto == IPPROTO_IPV6 || proto == IPPROTO_IPIP) { + if(l4ptr > packet) { /* Better safe than sorry */ + ip_offset = (l4ptr - packet); + goto iph_check; + } + } iph = NULL; } else { @@ -1746,11 +1752,15 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(flags & 0x02) ip_offset += 4; /* sequence_number is present (it also includes next_ext_header and pdu_number) */ if(flags & 0x01) ip_offset += 1; /* pdu_number is present */ - iph = (struct ndpi_iphdr *) &packet[ip_offset]; - - if(iph->version != IPVERSION) { - // printf("WARNING: not good (packet_id=%u)!\n", (unsigned int)workflow->stats.raw_packet_count); - goto v4_warning; + if(ip_offset < header->caplen) { + iph = (struct ndpi_iphdr *)&packet[ip_offset]; + if(iph->version == 6) { + iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; + iph = NULL; + } else if(iph->version != IPVERSION) { + // printf("WARNING: not good (packet_id=%u)!\n", (unsigned int)workflow->stats.raw_packet_count); + goto v4_warning; + } } } } else if((sport == TZSP_PORT) || (dport == TZSP_PORT)) { @@ -1800,22 +1810,26 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, /* We dissect ONLY CAPWAP traffic */ u_int offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr); - if((offset+40) < header->caplen) { - u_int16_t msg_len = packet[offset+1] >> 1; + if((offset+1) < header->caplen) { + uint8_t preamble = packet[offset]; + + if((preamble & 0x0F) == 0) { /* CAPWAP header */ + u_int16_t msg_len = (packet[offset+1] & 0xF8) >> 1; - offset += msg_len; + offset += msg_len; - if(packet[offset] == 0x02) { - /* IEEE 802.11 Data */ + if((offset + 32 < header->caplen) && (packet[offset] == 0x02)) { + /* IEEE 802.11 Data */ - offset += 24; - /* LLC header is 8 bytes */ - type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6])); + offset += 24; + /* LLC header is 8 bytes */ + type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6])); - ip_offset = offset + 8; + ip_offset = offset + 8; - tunnel_type = ndpi_capwap_tunnel; - goto iph_check; + tunnel_type = ndpi_capwap_tunnel; + goto iph_check; + } } } } |