From 0777a0ed34b0d764fad30dfeb14baa21a22476ec Mon Sep 17 00:00:00 2001 From: Henry Aidan Leta Date: Wed, 21 Sep 2022 11:34:30 -0400 Subject: [PATCH] poritng dhcp additions to ndpi 4.2 stable --- src/include/ndpi_typedefs.h | 16 ++++++++++++++-- src/lib/protocols/dhcp.c | 32 +++++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a92eaa0ef09..2c1450dbc70 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1286,8 +1286,20 @@ struct ndpi_flow_struct { } bittorrent; struct { - char fingerprint[48]; - char class_ident[48]; + u_int32_t xid; + u_int32_t yiaddr; + u_int32_t siaddr; + u_int8_t chaddr[6]; + /* DHCP Options */ + char domain_name[256]; /* option 15 limited to 255 chars see RFC 1035 */ + u_int32_t requested_ip; /* option 50 */ + u_int32_t lease_time; /* option 51 */ + u_int8_t msg_type; /* option 53 */ + u_int8_t valid; /* signifies valid dhcp resp */ + ndpi_ip_addr_t server_ident; /* option 54 */ + char fingerprint[48]; /* option 55 */ + u_int32_t renew_time; /* option 58 */ + char class_ident[48]; /* option 60 */ } dhcp; } protos; diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 46f64759bbd..7eac54dec18 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -101,6 +101,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(msg_type <= 8) { foundValidMsgType = 1; + flow->protos.dhcp.valid = 1; break; } } @@ -120,6 +121,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru NDPI_LOG_INFO(ndpi_struct, "found DHCP\n"); ndpi_int_dhcp_add_connection(ndpi_struct, flow); + /* Assign basic dhcp information to flow structure */ + flow->protos.dhcp.msg_type = msg_type; /* option 53 msg_type */ + flow->protos.dhcp.xid = dhcp->xid; + flow->protos.dhcp.siaddr = dhcp->siaddr; + flow->protos.dhcp.yiaddr = dhcp->yiaddr; + memcpy(flow->protos.dhcp.chaddr, dhcp->chaddr, sizeof(dhcp->chaddr)); + /* Second iteration: parse the interesting options */ while(i + 1 /* for the len */ < dhcp_options_size) { u_int8_t id = dhcp->options[i]; @@ -166,8 +174,30 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru // while(j < len) { printf( "%c", name[j]); j++; }; printf("\n"); #endif ndpi_hostname_sni_set(flow, name, len); - } + } else if(id == 15 /* Domain Name */) { + char *name = (char*)&dhcp->options[i+2]; + int j = 0; + j = ndpi_min(len, sizeof(flow->protos.dhcp.domain_name)-1); + strncpy((char*)flow->protos.dhcp.domain_name, name, j); + flow->protos.dhcp.domain_name[j] = '\0'; + } else if(id == 50) /* Requested IP */ { + if (len > sizeof(flow->protos.dhcp.requested_ip)) + len = sizeof(flow->protos.dhcp.requested_ip); + memcpy(&flow->protos.dhcp.requested_ip, (char*)&dhcp->options[i+2], len); + } else if(id == 51) /* Lease Time */ { + if (len > sizeof(flow->protos.dhcp.lease_time)) + len = sizeof(flow->protos.dhcp.lease_time); + memcpy(&flow->protos.dhcp.lease_time, (char*)&dhcp->options[i+2], len); + } else if(id == 54) /* Server Identifier */ { + if (len > sizeof(flow->protos.dhcp.server_ident)) + len = sizeof(flow->protos.dhcp.server_ident); + memcpy(&flow->protos.dhcp.server_ident, (char*)&dhcp->options[i+2], len); + } else if(id == 58) /* Renewal Time */ { + if (len > sizeof(flow->protos.dhcp.renew_time)) + len = sizeof(flow->protos.dhcp.renew_time); + memcpy(&flow->protos.dhcp.renew_time, (char*)&dhcp->options[i+2], len); + } i += len + 2; } }