From d7657dd1d41a5f8ec5ce0fc53a9a91b48472dfce Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Tue, 1 Mar 2022 13:28:28 +0100 Subject: Add ICMP checksum check and set risk if mismatch detected. Signed-off-by: Toni Uhlig --- src/lib/ndpi_main.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/lib/ndpi_main.c') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 335cccba2..8b654e2de 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3030,6 +3030,12 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY); } + + struct ndpi_icmphdr * const icmphdr = (struct ndpi_icmphdr *)packet->payload; + u_int16_t chksm = ndpi_calculate_icmp4_checksum(packet->payload, packet->payload_packet_len); + if (icmphdr->checksum != chksm) { + ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); + } } } } -- cgit v1.2.3