gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bugfix: packet parser

Browse Source 
* Corrected the acquisition of GRE header length
    * Check whether the total length of IP is less than the length of IP header
This commit is contained in:
luwenpeng
2024-06-03 17:50:52 +08:00
parent eb1056b4f9
commit ae2e36b382
3 changed files with 111 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
src/packet/packet.cpp
View File

@@ -16,28 +16,28 @@
#define likely(expr) __builtin_expect((expr), 1)
#define unlikely(expr) __builtin_expect((expr), 0)
#define PACKET_LOG_DATA_INSUFFICIENCY(type) \
{ \
PACKET_LOG_WARN("layer: %s, data insufficiency", \
layer_type_to_str((type))); \
#define PACKET_LOG_DATA_INSUFFICIENCY(pkt, layer) \
{ \
PACKET_LOG_WARN("pkt: %p, layer: %s, data insufficiency", \
(pkt), layer_type_to_str(layer)); \
}
#define PACKET_LOG_UNSUPPORT_PROTO(tag, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next proto %d", \
(tag), (next_proto)); \
#define PACKET_LOG_UNSUPPORT_PROTO(pkt, layer, next_proto) \
{ \
PACKET_LOG_WARN("pkt: %p, layer: %s, unsupport next proto %d", \
(pkt), layer_type_to_str(layer), (next_proto)); \
}
#define PACKET_LOG_UNSUPPORT_ETHPROTO(tag, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next eth proto %d: %s", \
(tag), (next_proto), eth_proto_to_str(next_proto)); \
}
#define PACKET_LOG_UNSUPPORT_IPPROTO(tag, next_proto) \
#define PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next ip proto %d: %s", \
(tag), (next_proto), ip_proto_to_str(next_proto)); \
PACKET_LOG_WARN("pkt: %p, layer: l3, unsupport next eth proto %s", \
(pkt), eth_proto_to_str(next_proto)); \
}
#define PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto) \
{ \
PACKET_LOG_WARN("pkt: %p, layer: l4, unsupport next ip proto %s", \
(pkt), ip_proto_to_str(next_proto)); \
}
/******************************************************************************
@@ -462,7 +462,7 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len)
}
}
if (version == 1)
else if (version == 1)
{
hdr_offset = 8;
if (flags & GRE_SEQUENCE)
@@ -474,6 +474,10 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len)
hdr_offset += 4;
}
}
else
{
return 0;
}
if (hdr_offset > len)
{
@@ -524,7 +528,7 @@ static inline uint16_t get_l2tpv2_hdr_len(const char *data, uint16_t len)
if (CONTROL_BIT(control))
{
if (LENGTH_BIT(control) != 1 || SEQUENCE_BIT(control) != 1 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0)
if (LENGTH_BIT(control) == 0 || SEQUENCE_BIT(control) == 0 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0)
{
return 0;
}
@@ -580,7 +584,7 @@ static inline const char *parse_ether(struct packet *pkt, const char *data, uint
{
if (unlikely(len < sizeof(struct ethhdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ETHER);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ETHER);
return data;
}
@@ -608,7 +612,7 @@ static inline const char *parse_pweth(struct packet *pkt, const char *data, uint
*/
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PWETH);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PWETH);
return data;
}
@@ -677,7 +681,7 @@ static inline const char *parse_ppp(struct packet *pkt, const char *data, uint16
*/
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPP);
return data;
}
@@ -718,7 +722,7 @@ success:
case PPP_IPV6:
return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("ppp", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_PPP, next_proto);
return layer->pld_ptr;
}
}
@@ -730,7 +734,7 @@ static inline const char *parse_l2tpv2(struct packet *pkt, const char *data, uin
uint16_t hdr_len = get_l2tpv2_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_L2TP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_L2TP);
return data;
}
@@ -774,7 +778,7 @@ static inline const char *parse_vlan(struct packet *pkt, const char *data, uint1
if (unlikely(len < sizeof(struct vlan_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VLAN);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VLAN);
return data;
}
@@ -793,7 +797,7 @@ static inline const char *parse_pppoe_ses(struct packet *pkt, const char *data,
{
if (unlikely(len < 6))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPPOE);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPPOE);
return data;
}
@@ -811,7 +815,7 @@ static inline const char *parse_mpls(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_MPLS);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_MPLS);
return data;
}
@@ -860,7 +864,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < sizeof(struct ip)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
@@ -873,14 +877,19 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
uint16_t hdr_len = ipv4_hdr_get_hdr_len(hdr);
if (unlikely(hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
uint16_t total_len = ipv4_hdr_get_total_len(hdr);
if (unlikely(total_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
if (unlikely(total_len < hdr_len))
{
PACKET_LOG_ERROR("packet %p ip total_len %d < hdr_len %d", pkt, total_len, hdr_len);
return data;
}
uint16_t trim_len = len - total_len;
@@ -891,7 +900,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
{
PACKET_LOG_WARN("packet %p ip layer %p is fragmented", pkt, layer);
pkt->frag_layer = layer;
// try continue parse
return layer->pld_ptr;
}
uint8_t next_proto = ipv4_hdr_get_proto(hdr);
@@ -921,7 +930,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
if (unlikely(len < sizeof(struct ip6_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
@@ -934,7 +943,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
uint16_t pld_len = ipv6_hdr_get_payload_len(hdr);
if (unlikely(pld_len + sizeof(struct ip6_hdr) > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
uint8_t next_proto = ipv6_hdr_get_next_header(hdr);
@@ -945,14 +954,14 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
{
if (unlikely(pld_len < 2))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
struct ip6_ext *ext = (struct ip6_ext *)next_hdr_ptr;
uint16_t skip_len = ext->ip6e_len * 8 + 8;
if (unlikely(skip_len > pld_len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
hdr_len += skip_len;
@@ -967,7 +976,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
{
PACKET_LOG_WARN("packet %p ipv6 layer %p is fragmented", pkt, layer);
pkt->frag_layer = layer;
// try continue parse
return layer->pld_ptr;
}
return parse_l4(pkt, next_proto, layer->pld_ptr, layer->pld_len);
@@ -983,7 +992,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16
uint16_t hdr_len = get_gre_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GRE);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GRE);
return data;
}
@@ -1004,7 +1013,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16
case GRE_PRO_PPP:
return parse_ppp(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("gre", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GRE, next_proto);
return layer->pld_ptr;
}
}
@@ -1013,7 +1022,7 @@ static inline const char *parse_udp(struct packet *pkt, const char *data, uint16
{
if (unlikely(len < sizeof(struct udphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_UDP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_UDP);
return data;
}
@@ -1064,7 +1073,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16
{
if (unlikely(len < sizeof(struct tcphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP);
return data;
}
@@ -1076,7 +1085,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16
uint16_t hdr_len = tcp_hdr_get_hdr_len((const struct tcphdr *)data);
if (unlikely(hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP);
return data;
}
SET_LAYER(pkt, layer, LAYER_TYPE_TCP, hdr_len, data, len, 0);
@@ -1088,7 +1097,7 @@ static inline const char *parse_icmp(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < sizeof(struct icmphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP);
return data;
}
@@ -1106,7 +1115,7 @@ static inline const char *parse_icmp6(struct packet *pkt, const char *data, uint
{
if (unlikely(len < sizeof(struct icmp6_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP6);
return data;
}
@@ -1132,7 +1141,7 @@ static inline const char *parse_vxlan(struct packet *pkt, const char *data, uint
if (unlikely(len < sizeof(struct vxlan_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VXLAN);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VXLAN);
return data;
}
@@ -1151,7 +1160,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
uint16_t hdr_len = get_gtp_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GTPV1_U);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GTPV1_U);
return data;
}
@@ -1170,7 +1179,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
case 6:
return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("gtp", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GTPV1_U, next_proto);
return layer->pld_ptr;
}
}
@@ -1191,7 +1200,7 @@ static inline const char *parse_l3(struct packet *pkt, uint16_t next_proto, cons
case ETH_P_MPLS_UC:
return parse_mpls(pkt, data, len);
default:
PACKET_LOG_UNSUPPORT_ETHPROTO("l3", next_proto);
PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto);
return data;
}
}
@@ -1218,7 +1227,7 @@ static inline const char *parse_l4(struct packet *pkt, uint8_t next_proto, const
// L2TP
return parse_l2tpv3_over_ip(pkt, data, len);
default:
PACKET_LOG_UNSUPPORT_IPPROTO("l4", next_proto);
PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto);
return data;
}
}