From 53d7a1298c028205ebba52f5f964d47b434d8eed Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Sun, 15 Apr 2018 10:06:46 +0200 Subject: [PATCH] pcapparse: bail out in case of fragmented packets pcapparse cannot parse fragmented IP packets correctly, in particular it will get confused when trying to parsing fragments as standalone frames in two ways: 1. the first fragment will have the packet length greater than the frame size and will always be discarded; 2. fragments with non-zero offsets will be interpreted as full packets and the first part of their raw payload data will be parsed as the transport protocol header, resulting in bogus values for addresses and ports, thus evading the properties filtering on those values. This can make it difficult for users to see why the data does not get downstream. So be more explicit and just bail out when fragmented packets are encountered. https://bugzilla.gnome.org/show_bug.cgi?id=795284 --- gst/pcapparse/gstpcapparse.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/gst/pcapparse/gstpcapparse.c b/gst/pcapparse/gstpcapparse.c index c7cca24780..0670407b73 100644 --- a/gst/pcapparse/gstpcapparse.c +++ b/gst/pcapparse/gstpcapparse.c @@ -366,6 +366,8 @@ gst_pcap_parse_scan_frame (GstPcapParse * self, guint16 eth_type; guint8 b; guint8 ip_header_size; + guint8 flags; + guint16 fragment_offset; guint8 ip_protocol; guint32 ip_src_addr; guint32 ip_dst_addr; @@ -428,6 +430,14 @@ gst_pcap_parse_scan_frame (GstPcapParse * self, if (buf_ip + ip_header_size > buf + buf_size) return FALSE; + flags = buf_ip[6] >> 5; + fragment_offset = + (GUINT16_FROM_BE (*((guint16 *) (buf_ip + 6))) & 0x1fff) * 8; + if (flags & 0x1 || fragment_offset > 0) { + GST_ERROR_OBJECT (self, "Fragmented packets are not supported"); + return FALSE; + } + ip_protocol = *(buf_ip + 9); GST_LOG_OBJECT (self, "ip proto %d", (gint) ip_protocol);