gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bugfix: packet parser

Browse Source 
* Corrected the acquisition of GRE header length
    * Check whether the total length of IP is less than the length of IP header
This commit is contained in:
luwenpeng
2024-06-03 17:50:52 +08:00
parent eb1056b4f9
commit ae2e36b382
3 changed files with 111 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
src/packet/packet.cpp
View File

@@ -16,28 +16,28 @@
#define likely(expr) __builtin_expect((expr), 1)
#define unlikely(expr) __builtin_expect((expr), 0)
#define PACKET_LOG_DATA_INSUFFICIENCY(type) \
#define PACKET_LOG_DATA_INSUFFICIENCY(pkt, layer) \
{ \
PACKET_LOG_WARN("layer: %s, data insufficiency", \
layer_type_to_str((type))); \
PACKET_LOG_WARN("pkt: %p, layer: %s, data insufficiency", \
(pkt), layer_type_to_str(layer)); \
}
#define PACKET_LOG_UNSUPPORT_PROTO(tag, next_proto) \
#define PACKET_LOG_UNSUPPORT_PROTO(pkt, layer, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next proto %d", \
(tag), (next_proto)); \
PACKET_LOG_WARN("pkt: %p, layer: %s, unsupport next proto %d", \
(pkt), layer_type_to_str(layer), (next_proto)); \
}
#define PACKET_LOG_UNSUPPORT_ETHPROTO(tag, next_proto) \
#define PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next eth proto %d: %s", \
(tag), (next_proto), eth_proto_to_str(next_proto)); \
PACKET_LOG_WARN("pkt: %p, layer: l3, unsupport next eth proto %s", \
(pkt), eth_proto_to_str(next_proto)); \
}
#define PACKET_LOG_UNSUPPORT_IPPROTO(tag, next_proto) \
#define PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto) \
{ \
PACKET_LOG_WARN("%s: unsupport next ip proto %d: %s", \
(tag), (next_proto), ip_proto_to_str(next_proto)); \
PACKET_LOG_WARN("pkt: %p, layer: l4, unsupport next ip proto %s", \
(pkt), ip_proto_to_str(next_proto)); \
}
/******************************************************************************
@@ -462,7 +462,7 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len)
}
}
if (version == 1)
else if (version == 1)
{
hdr_offset = 8;
if (flags & GRE_SEQUENCE)
@@ -474,6 +474,10 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len)
hdr_offset += 4;
}
}
else
{
return 0;
}
if (hdr_offset > len)
{
@@ -524,7 +528,7 @@ static inline uint16_t get_l2tpv2_hdr_len(const char *data, uint16_t len)
if (CONTROL_BIT(control))
{
if (LENGTH_BIT(control) != 1 || SEQUENCE_BIT(control) != 1 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0)
if (LENGTH_BIT(control) == 0 || SEQUENCE_BIT(control) == 0 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0)
{
return 0;
}
@@ -580,7 +584,7 @@ static inline const char *parse_ether(struct packet *pkt, const char *data, uint
{
if (unlikely(len < sizeof(struct ethhdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ETHER);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ETHER);
return data;
}
@@ -608,7 +612,7 @@ static inline const char *parse_pweth(struct packet *pkt, const char *data, uint
*/
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PWETH);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PWETH);
return data;
}
@@ -677,7 +681,7 @@ static inline const char *parse_ppp(struct packet *pkt, const char *data, uint16
*/
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPP);
return data;
}
@@ -718,7 +722,7 @@ success:
case PPP_IPV6:
return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("ppp", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_PPP, next_proto);
return layer->pld_ptr;
}
}
@@ -730,7 +734,7 @@ static inline const char *parse_l2tpv2(struct packet *pkt, const char *data, uin
uint16_t hdr_len = get_l2tpv2_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_L2TP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_L2TP);
return data;
}
@@ -774,7 +778,7 @@ static inline const char *parse_vlan(struct packet *pkt, const char *data, uint1
if (unlikely(len < sizeof(struct vlan_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VLAN);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VLAN);
return data;
}
@@ -793,7 +797,7 @@ static inline const char *parse_pppoe_ses(struct packet *pkt, const char *data,
{
if (unlikely(len < 6))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPPOE);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPPOE);
return data;
}
@@ -811,7 +815,7 @@ static inline const char *parse_mpls(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < 4))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_MPLS);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_MPLS);
return data;
}
@@ -860,7 +864,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < sizeof(struct ip)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
@@ -873,14 +877,19 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
uint16_t hdr_len = ipv4_hdr_get_hdr_len(hdr);
if (unlikely(hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
uint16_t total_len = ipv4_hdr_get_total_len(hdr);
if (unlikely(total_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4);
return data;
}
if (unlikely(total_len < hdr_len))
{
PACKET_LOG_ERROR("packet %p ip total_len %d < hdr_len %d", pkt, total_len, hdr_len);
return data;
}
uint16_t trim_len = len - total_len;
@@ -891,7 +900,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
{
PACKET_LOG_WARN("packet %p ip layer %p is fragmented", pkt, layer);
pkt->frag_layer = layer;
// try continue parse
return layer->pld_ptr;
}
uint8_t next_proto = ipv4_hdr_get_proto(hdr);
@@ -921,7 +930,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
if (unlikely(len < sizeof(struct ip6_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
@@ -934,7 +943,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
uint16_t pld_len = ipv6_hdr_get_payload_len(hdr);
if (unlikely(pld_len + sizeof(struct ip6_hdr) > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
uint8_t next_proto = ipv6_hdr_get_next_header(hdr);
@@ -945,14 +954,14 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
{
if (unlikely(pld_len < 2))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
struct ip6_ext *ext = (struct ip6_ext *)next_hdr_ptr;
uint16_t skip_len = ext->ip6e_len * 8 + 8;
if (unlikely(skip_len > pld_len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6);
return data;
}
hdr_len += skip_len;
@@ -967,7 +976,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
{
PACKET_LOG_WARN("packet %p ipv6 layer %p is fragmented", pkt, layer);
pkt->frag_layer = layer;
// try continue parse
return layer->pld_ptr;
}
return parse_l4(pkt, next_proto, layer->pld_ptr, layer->pld_len);
@@ -983,7 +992,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16
uint16_t hdr_len = get_gre_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GRE);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GRE);
return data;
}
@@ -1004,7 +1013,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16
case GRE_PRO_PPP:
return parse_ppp(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("gre", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GRE, next_proto);
return layer->pld_ptr;
}
}
@@ -1013,7 +1022,7 @@ static inline const char *parse_udp(struct packet *pkt, const char *data, uint16
{
if (unlikely(len < sizeof(struct udphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_UDP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_UDP);
return data;
}
@@ -1064,7 +1073,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16
{
if (unlikely(len < sizeof(struct tcphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP);
return data;
}
@@ -1076,7 +1085,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16
uint16_t hdr_len = tcp_hdr_get_hdr_len((const struct tcphdr *)data);
if (unlikely(hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP);
return data;
}
SET_LAYER(pkt, layer, LAYER_TYPE_TCP, hdr_len, data, len, 0);
@@ -1088,7 +1097,7 @@ static inline const char *parse_icmp(struct packet *pkt, const char *data, uint1
{
if (unlikely(len < sizeof(struct icmphdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP);
return data;
}
@@ -1106,7 +1115,7 @@ static inline const char *parse_icmp6(struct packet *pkt, const char *data, uint
{
if (unlikely(len < sizeof(struct icmp6_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP6);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP6);
return data;
}
@@ -1132,7 +1141,7 @@ static inline const char *parse_vxlan(struct packet *pkt, const char *data, uint
if (unlikely(len < sizeof(struct vxlan_hdr)))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VXLAN);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VXLAN);
return data;
}
@@ -1151,7 +1160,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
uint16_t hdr_len = get_gtp_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GTPV1_U);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GTPV1_U);
return data;
}
@@ -1170,7 +1179,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
case 6:
return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO("gtp", next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GTPV1_U, next_proto);
return layer->pld_ptr;
}
}
@@ -1191,7 +1200,7 @@ static inline const char *parse_l3(struct packet *pkt, uint16_t next_proto, cons
case ETH_P_MPLS_UC:
return parse_mpls(pkt, data, len);
default:
PACKET_LOG_UNSUPPORT_ETHPROTO("l3", next_proto);
PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto);
return data;
}
}
@@ -1218,7 +1227,7 @@ static inline const char *parse_l4(struct packet *pkt, uint8_t next_proto, const
// L2TP
return parse_l2tpv3_over_ip(pkt, data, len);
default:
PACKET_LOG_UNSUPPORT_IPPROTO("l4", next_proto);
PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto);
return data;
}
}

75
test/packet_parser/cmp_layers.sh
View File

@@ -18,26 +18,38 @@ function preprocess_tshark_ouput() {
output_file=$2
cp ${input_file} ${output_file}
kv_array=(
":data" ""
":tcp:pptp" ":tcp"
":tcp-text-lines" ":tcp"
":icmp:ip:udp" ":icmp"
":icmpv6:ipv6:udp" ":icmpv6"
":ieee8021ad" ":vlan"
":x509sat" ""
":x509ce" ""
":pkix1implicit" ""
":pkix1explicit" ""
":data-text-lines" ""
":http-text-lines" ""
":websocket" ""
":ssl" ""
":ftp-data" ""
":x11" ""
":ntp" ""
":rip" ""
":isakmp" ""
":esp" ""
":udpencap" ""
":sip:sdp" ""
":sip" ""
":sdp" ""
":rtcp" ""
":rtp" ""
":ssh" ""
":dns" ""
":ssl" ""
":gquic" ""
":http-text-lines" ""
":http" ""
":http:data-text-lines" ""
":http:data" ""
":msmms" ""
":bfd" ""
":ftp-data-text-lines" ""
":ftp" ""
":ssdp" ""
":mdns" ""
":radius" ""
@@ -48,21 +60,23 @@ function preprocess_tshark_ouput() {
":oicq" ""
":json" ""
":media" ""
":x11" ""
":telnet" ""
":nbss:smb" ""
":nbdgm:smb:browser" ""
":smb2" ""
":nbss" ""
":memcache" ""
":rtspi" ""
":rdt" ""
":rtsp" ""
":nbns" ""
":nbdgm:smb:browser" ""
":lcp" ""
":chap" ""
":ipcp" ""
":comp_data" ""
":ccp" ""
":snmp" ""
":socks:http:data" ""
":socks:http" ""
":socks" ""
":bgp" ""
":eigrp" ""
@@ -72,27 +86,40 @@ function preprocess_tshark_ouput() {
":vssmonitoring" ""
":mndp" ""
":websocket-text-lines" ""
":websocket" ""
":image-jfif" ""
":png" ""
":pkix1implicit" ""
":x509sat" ""
":x509ce" ""
":pkix1explicit" ""
":llmnr" ""
":pkcs-1" ""
":bitcoin:bitcoin" ""
":bitcoin" ""
":image-gif" ""
":dhcpv6" ""
":tcp:pptp" ":tcp"
":ieee8021ad" ":vlan"
":tcp-text-lines" ":tcp"
":arp" ""
":ccsrl" ""
":h245" ""
":srp" ""
":amr" ""
":mp4v-es" ""
":ajp13" ""
":ocsp" ""
":irc" ""
":http" ""
":ftp" ""
":data" ""
":sctp:m3ua" ""
":sctp" ""
":teredo:ipv6:udp" ""
":teredo:ipv6:tcp" ""
":teredo:ipv6:icmpv6" ""
":teredo:ipv6:gre:ip:udp" ""
":igmp" ""
":icmp:ip:tcp" ":icmp"
":pwethheuristic:pwethnocw" ""
)
for ((i = 0; i < ${#kv_array[@]}; i += 2)); do
key=${kv_array[i]}
val=${kv_array[i + 1]}
sed "s/$key/$val/g" ${output_file} >${output_file}.tmp
mv ${output_file}.tmp ${output_file}
sed -i "s/$key/$val/g" ${output_file}
done
}
@@ -107,8 +134,7 @@ function preprocess_parser_ouput() {
for ((i = 0; i < ${#kv_array[@]}; i += 2)); do
key=${kv_array[i]}
val=${kv_array[i + 1]}
sed "s/$key/$val/g" ${output_file} >${output_file}.tmp
mv ${output_file}.tmp ${output_file}
sed -i "s/$key/$val/g" ${output_file}
done
}
@@ -149,7 +175,10 @@ for pcap in "${pcap_files[@]}"; do
fi
done
printf "\033[32m\nTotal: ${total_count}, Passed: ${pass_count}, Failed: ${err_count}\033[0m\n"
printf "\033[33m Total : ${total_count} \033[0m\n"
printf "\033[32m Passed : ${pass_count} \033[0m\n"
printf "\033[31m Failed : ${err_count} \033[0m\n"
if [ "$err_count" -ne 0 ]; then
printf "\033[31mFailed pcap files are saved in ${err_pcap_dir}\033[0m\n"
printf "\n\033[31m failed pcap: ${err_pcap_dir} \033[0m\n"
fi

4
test/packet_parser/packet_parser.cpp
View File

@@ -19,7 +19,7 @@ static int ipv6_proto_to_str(const struct packet_layer *ipv6_layer, char *buff,
switch (next_hdr)
{
case IPPROTO_HOPOPTS:
used += snprintf(buff + used, size - used, ":ipv6.hopopt");
used += snprintf(buff + used, size - used, ":ipv6.hopopts");
break;
case IPPROTO_ROUTING:
used += snprintf(buff + used, size - used, ":ipv6.routing");
@@ -53,7 +53,7 @@ static int packet_proto_to_str(const struct packet *pkt, char *buff, int size)
used += snprintf(buff + used, size - used, "eth:ethertype");
break;
case LAYER_TYPE_PWETH:
used += snprintf(buff + used, size - used, "pweth:ethertype");
used += snprintf(buff + used, size - used, "pwethheuristic:pwethcw");
break;
case LAYER_TYPE_PPP:
used += snprintf(buff + used, size - used, "ppp");