Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hl add dhcp dissection #4

Merged
merged 6 commits into from
Sep 29, 2022
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions src/include/ndpi_typedefs.h
Original file line number Diff line number Diff line change
Expand Up @@ -1351,8 +1351,20 @@ struct ndpi_flow_struct {
} bittorrent;

struct {
char fingerprint[48];
char class_ident[48];
u_int32_t xid;
u_int32_t yiaddr;
u_int32_t siaddr;
u_int8_t chaddr[6];
shla2022 marked this conversation as resolved.
Show resolved Hide resolved
/* DHCP Options */
char domain_name[256]; /* option 15 limited to 255 chars see RFC 1035 */
shla2022 marked this conversation as resolved.
Show resolved Hide resolved
u_int32_t requested_ip; /* option 50 */
u_int32_t lease_time; /* option 51 */
u_int8_t msg_type; /* option 53 */
u_int8_t valid; /* signifies valid dhcp resp */
ndpi_ip_addr_t server_ident; /* option 54 */
char fingerprint[48]; /* option 55 */
u_int32_t renew_time; /* option 58 */
char class_ident[48]; /* option 60 */
} dhcp;
hl33ta marked this conversation as resolved.
Show resolved Hide resolved

struct {
Expand Down
29 changes: 26 additions & 3 deletions src/lib/protocols/dhcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,6 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
u_int dhcp_options_size = ndpi_min(DHCP_VEND_LEN /* maximum size of options in struct dhcp_packet */,
packet->payload_packet_len - 240);


/* Parse options in two steps (since we need first the message type and
it seems there is no specific order in the options list) */

Expand All @@ -114,6 +113,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,

if(msg_type <= 8) {
foundValidMsgType = 1;
flow->protos.dhcp.valid = 1;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this conflict with use of this field as a flag below?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

technically no it does the same thing as something like this would do flow->protos.dhcp.valid |= 0x01 would do because it happens before the other assignments. but i think replacing the above with flow->protos.dhcp.valid |= 0x01 makes the most sense. good point.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to consider this in #6 as well ?

break;
}
}
Expand All @@ -133,7 +133,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
/* Ok, we have a valid DHCP packet -> we can write to flow->protos.dhcp */
NDPI_LOG_INFO(ndpi_struct, "found DHCP\n");
ndpi_int_dhcp_add_connection(ndpi_struct, flow);


/* Assign basic dhcp information to flow structure */
flow->protos.dhcp.msg_type = msg_type; /* option 53 msg_type */
flow->protos.dhcp.xid = dhcp->xid;
flow->protos.dhcp.siaddr = dhcp->siaddr;
flow->protos.dhcp.yiaddr = dhcp->yiaddr;
memcpy(flow->protos.dhcp.chaddr, dhcp->chaddr, sizeof(dhcp->chaddr));
/* Second iteration: parse the interesting options */
while(i + 1 /* for the len */ < dhcp_options_size) {
u_int8_t id = dhcp->options[i];
Expand Down Expand Up @@ -180,7 +186,24 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
// while(j < len) { printf( "%c", name[j]); j++; }; printf("\n");
#endif
ndpi_hostname_sni_set(flow, name, len);
}
} else if(id == 15 /* Domain Name */) {
char *name = (char*)&dhcp->options[i+2];
int j = 0;

j = ndpi_min(len, sizeof(flow->protos.dhcp.domain_name)-1);
strncpy((char*)flow->protos.dhcp.domain_name, name, j);
flow->protos.dhcp.domain_name[j] = '\0';
} else if(id == 50) /* Requested IP */ {
memcpy(&flow->protos.dhcp.requested_ip, (char*)&dhcp->options[i+2], len);
shla2022 marked this conversation as resolved.
Show resolved Hide resolved
} else if(id == 51) /* Lease Time */ {
memcpy(&flow->protos.dhcp.lease_time, (char*)&dhcp->options[i+2], len);
} else if(id == 54) /* Server Identifier */ {
memcpy(&flow->protos.dhcp.server_ident, (char*)&dhcp->options[i+2], len);
} else if(id == 58) /* Renewal Time */ {
memcpy(&flow->protos.dhcp.renew_time, (char*)&dhcp->options[i+2], len);
}



i += len + 2;
}
Expand Down