From f965983c23e1c9fc4dbbd294bc39217660f7169b Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Tue, 21 Apr 2020 20:43:29 +0200 Subject: Add basic support for some ip-in-ip tunnels Add support for 4in4, 6in6 and 4in6 encapsulations Add support for ipv6 traffic in gtp tunnels, too To allow gtp unit test, gtp detunneling flag has been globally enabled in the test suite --- example/reader_util.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index dbce3636e..eeddeab61 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1675,7 +1675,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, ip_len = ((u_int16_t)iph->ihl * 4); iph6 = NULL; - if(iph->protocol == IPPROTO_IPV6) { + if(iph->protocol == IPPROTO_IPV6 || iph->protocol == IPPROTO_IPIP) { ip_offset += ip_len; if(ip_len > 0) goto iph_check; @@ -1707,6 +1707,12 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &proto) != 0) { return(nproto); } + if(proto == IPPROTO_IPV6 || proto == IPPROTO_IPIP) { + if(l4ptr > packet) { /* Better safe than sorry */ + ip_offset = (l4ptr - packet); + goto iph_check; + } + } iph = NULL; } else { @@ -1746,11 +1752,15 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(flags & 0x02) ip_offset += 4; /* sequence_number is present (it also includes next_ext_header and pdu_number) */ if(flags & 0x01) ip_offset += 1; /* pdu_number is present */ - iph = (struct ndpi_iphdr *) &packet[ip_offset]; - - if(iph->version != IPVERSION) { - // printf("WARNING: not good (packet_id=%u)!\n", (unsigned int)workflow->stats.raw_packet_count); - goto v4_warning; + if(ip_offset < header->caplen) { + iph = (struct ndpi_iphdr *)&packet[ip_offset]; + if(iph->version == 6) { + iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; + iph = NULL; + } else if(iph->version != IPVERSION) { + // printf("WARNING: not good (packet_id=%u)!\n", (unsigned int)workflow->stats.raw_packet_count); + goto v4_warning; + } } } } else if((sport == TZSP_PORT) || (dport == TZSP_PORT)) { -- cgit v1.2.3 From 097127c31d028bb8abae8d3aa8edcc367f17bfba Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Fri, 24 Apr 2020 10:42:52 +0200 Subject: Fix heap-overflow error in CAPWAP detunneling code --- example/reader_util.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index eeddeab61..3c1af8397 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1810,22 +1810,26 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, /* We dissect ONLY CAPWAP traffic */ u_int offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr); - if((offset+40) < header->caplen) { - u_int16_t msg_len = packet[offset+1] >> 1; + if((offset+1) < header->caplen) { + uint8_t preamble = packet[offset]; - offset += msg_len; + if((preamble & 0x0F) == 0) { /* CAPWAP header */ + u_int16_t msg_len = (packet[offset+1] & 0xF8) >> 1; - if(packet[offset] == 0x02) { - /* IEEE 802.11 Data */ + offset += msg_len; - offset += 24; - /* LLC header is 8 bytes */ - type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6])); + if((offset + 32 < header->caplen) && (packet[offset] == 0x02)) { + /* IEEE 802.11 Data */ - ip_offset = offset + 8; + offset += 24; + /* LLC header is 8 bytes */ + type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6])); - tunnel_type = ndpi_capwap_tunnel; - goto iph_check; + ip_offset = offset + 8; + + tunnel_type = ndpi_capwap_tunnel; + goto iph_check; + } } } } -- cgit v1.2.3