From 03d3e1bafcc2cd966e6590f26de53a3b70901425 Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Sat, 18 Sep 2021 10:37:01 +0200 Subject: Fix parsing of ipv6 packets with extension headers Decoding of ipv6 traffic with extension headers was completely broken, since the beginning of the L4 header was always set to a wrong value. Handle the ipv6 fragments in the same way as the ipv4 ones: keep the first one and drop the others. --- src/lib/ndpi_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c8da3b3d5..4776095ef 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4122,7 +4122,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t **l4ptr, u_int16_t *l4len, u_int8_t *nxt_hdr) { while((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { - u_int16_t ehdr_len; + u_int16_t ehdr_len, frag_offset; // no next header if(*nxt_hdr == 59) { @@ -4136,6 +4136,10 @@ int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi } *nxt_hdr = (*l4ptr)[0]; + frag_offset = ntohs(*(u_int16_t *)((*l4ptr) + 2)) >> 3; + // Handle ipv6 fragments as the ipv4 ones: keep the first fragment, drop the others + if (frag_offset != 0) + return(1); *l4len -= 8; (*l4ptr) += 8; continue; -- cgit v1.2.3