pcapparse: bail out in case of fragmented packets

pcapparse cannot parse fragmented IP packets correctly, in particular it
will get confused when trying to parsing fragments as standalone frames
in two ways:

  1. the first fragment will have the packet length greater than the
     frame size and will always be discarded;

  2. fragments with non-zero offsets will be interpreted as full packets
     and the first part of their raw payload data will be parsed as the
     transport protocol header, resulting in bogus values for addresses
     and ports, thus evading the properties filtering on those values.

This can make it difficult for users to see why the data does not get
downstream.

So be more explicit and just bail out when fragmented packets are
encountered.

https://bugzilla.gnome.org/show_bug.cgi?id=795284
This commit is contained in:
Antonio Ospite 2018-04-15 10:06:46 +02:00 committed by Sebastian Dröge
parent a4df5132bc
commit 53d7a1298c

View file

@ -366,6 +366,8 @@ gst_pcap_parse_scan_frame (GstPcapParse * self,
guint16 eth_type;
guint8 b;
guint8 ip_header_size;
guint8 flags;
guint16 fragment_offset;
guint8 ip_protocol;
guint32 ip_src_addr;
guint32 ip_dst_addr;
@ -428,6 +430,14 @@ gst_pcap_parse_scan_frame (GstPcapParse * self,
if (buf_ip + ip_header_size > buf + buf_size)
return FALSE;
flags = buf_ip[6] >> 5;
fragment_offset =
(GUINT16_FROM_BE (*((guint16 *) (buf_ip + 6))) & 0x1fff) * 8;
if (flags & 0x1 || fragment_offset > 0) {
GST_ERROR_OBJECT (self, "Fragmented packets are not supported");
return FALSE;
}
ip_protocol = *(buf_ip + 9);
GST_LOG_OBJECT (self, "ip proto %d", (gint) ip_protocol);