Merge pull request #5 from ThreatEye/threateye-4.2-dhcp

porting dhcp additions to ndpi 4.2 stable
ThreatEye · Sep 27, 2022 · 5ae8f2a · 5ae8f2a
2 parents 0bb6af2 + 0777a0e
commit 5ae8f2a
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 3 deletions.
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1286,8 +1286,20 @@ struct ndpi_flow_struct {
     } bittorrent;
 
     struct {
-      char fingerprint[48];
-      char class_ident[48];
+      u_int32_t xid;
+      u_int32_t	yiaddr;
+      u_int32_t	siaddr;
+      u_int8_t	chaddr[6];
+      /* DHCP Options */
+      char domain_name[256]; /* option 15 limited to 255 chars see RFC 1035 */
+      u_int32_t requested_ip; /* option 50 */
+      u_int32_t lease_time; /* option 51 */
+      u_int8_t msg_type; /* option 53 */
+      u_int8_t valid; /* signifies valid dhcp resp */
+      ndpi_ip_addr_t server_ident; /* option 54 */
+      char fingerprint[48]; /* option 55 */
+      u_int32_t renew_time; /* option 58 */
+      char class_ident[48]; /* option 60 */
     } dhcp;
   } protos;
 

diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
@@ -101,6 +101,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
 
             if(msg_type <= 8) {
               foundValidMsgType = 1;
+              flow->protos.dhcp.valid = 1;
               break;
             }
           }
@@ -120,6 +121,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
       NDPI_LOG_INFO(ndpi_struct, "found DHCP\n");
       ndpi_int_dhcp_add_connection(ndpi_struct, flow);
 
+      /* Assign basic  dhcp information to flow structure */
+      flow->protos.dhcp.msg_type = msg_type; /* option 53 msg_type */
+      flow->protos.dhcp.xid = dhcp->xid; 
+      flow->protos.dhcp.siaddr = dhcp->siaddr;
+      flow->protos.dhcp.yiaddr = dhcp->yiaddr; 
+      memcpy(flow->protos.dhcp.chaddr, dhcp->chaddr, sizeof(dhcp->chaddr));
+
       /* Second iteration: parse the interesting options */
       while(i + 1 /* for the len */ < dhcp_options_size) {
         u_int8_t id  = dhcp->options[i];
@@ -166,8 +174,30 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
 	      //	    while(j < len) { printf( "%c", name[j]); j++; }; printf("\n");
 #endif
             ndpi_hostname_sni_set(flow, name, len);
-	  }
+          } else if(id == 15 /* Domain Name */) {
+            char *name = (char*)&dhcp->options[i+2];
+            int j = 0;
 
+            j = ndpi_min(len, sizeof(flow->protos.dhcp.domain_name)-1);
+            strncpy((char*)flow->protos.dhcp.domain_name, name, j);
+            flow->protos.dhcp.domain_name[j] = '\0';
+          } else if(id == 50) /* Requested IP */ {
+            if (len > sizeof(flow->protos.dhcp.requested_ip))
+              len = sizeof(flow->protos.dhcp.requested_ip);
+            memcpy(&flow->protos.dhcp.requested_ip, (char*)&dhcp->options[i+2], len); 
+          } else if(id == 51) /* Lease Time */ {
+            if (len > sizeof(flow->protos.dhcp.lease_time))
+              len = sizeof(flow->protos.dhcp.lease_time);
+            memcpy(&flow->protos.dhcp.lease_time, (char*)&dhcp->options[i+2], len);  
+          } else if(id == 54) /* Server Identifier */ {
+            if (len > sizeof(flow->protos.dhcp.server_ident))
+              len = sizeof(flow->protos.dhcp.server_ident);
+            memcpy(&flow->protos.dhcp.server_ident, (char*)&dhcp->options[i+2], len);
+          } else if(id == 58) /* Renewal Time */ {
+            if (len > sizeof(flow->protos.dhcp.renew_time))
+              len = sizeof(flow->protos.dhcp.renew_time);
+            memcpy(&flow->protos.dhcp.renew_time, (char*)&dhcp->options[i+2], len); 
+          }
           i += len + 2;
         }
       }