From 03d3e1bafcc2cd966e6590f26de53a3b70901425 Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Sat, 18 Sep 2021 10:37:01 +0200
Subject: Fix parsing of ipv6 packets with extension headers

Decoding of ipv6 traffic with extension headers was completely broken,
since the beginning of the L4 header was always set to a wrong value.

Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first
one and drop the others.
---
 example/reader_util.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'example')

diff --git a/example/reader_util.c b/example/reader_util.c
index 9a96810b6..453660ce7 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -669,6 +669,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
 						 u_int16_t ip_offset,
 						 u_int16_t ipsize,
 						 u_int16_t l4_packet_len,
+						 u_int16_t l4_offset,
 						 struct ndpi_tcphdr **tcph,
 						 struct ndpi_udphdr **udph,
 						 u_int16_t *sport, u_int16_t *dport,
@@ -679,7 +680,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
 						 u_int16_t *payload_len,
 						 u_int8_t *src_to_dst_direction,
                                                  pkt_timeval when) {
-  u_int32_t idx, l4_offset, hashval;
+  u_int32_t idx, hashval;
   struct ndpi_flow_info flow;
   void *ret;
   const u_int8_t *l3, *l4;
@@ -697,11 +698,9 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
        /* || (iph->frag_off & htons(0x1FFF)) != 0 */)
       return NULL;
 
-    l4_offset = iph->ihl * 4;
     l3 = (const u_int8_t*)iph;
   } else {
-    l4_offset = sizeof(struct ndpi_ipv6hdr);
-    if(sizeof(struct ndpi_ipv6hdr) > ipsize)
+    if(l4_offset > ipsize)
       return NULL;
 
     l3 = (const u_int8_t*)iph6;
@@ -988,7 +987,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo
 
   return(get_ndpi_flow_info(workflow, 6, vlan_id, tunnel_type,
 			    &iph, iph6, ip_offset, ipsize,
-			    ntohs(iph6->ip6_hdr.ip6_un1_plen),
+			    ip_len, l4ptr - (const u_int8_t *)iph6,
 			    tcph, udph, sport, dport,
 			    src, dst, proto, payload,
 			    payload_len, src_to_dst_direction, when));
@@ -1325,6 +1324,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
 			      tunnel_type, iph, NULL,
 			      ip_offset, ipsize,
 			      ntohs(iph->tot_len) - (iph->ihl * 4),
+			      iph->ihl * 4,
 			      &tcph, &udph, &sport, &dport,
 			      &src, &dst, &proto,
 			      &payload, &payload_len, &src_to_dst_direction, when);
-- 
cgit v1.2.3