parser: unsupport all protocol other than TCP and UDP

817d8eab · Lukas Jelinek · e132a6e4 · 817d8eab
Verified Commit 817d8eab authored 2 years ago by Lukas Jelinek 🗄
--- a/fwlogs/parser.c
+++ b/fwlogs/parser.c
@@ -6,6 +6,9 @@
 #include "log.h"


+enum parse_result {SUCCESS = 0, LENGTH, PROTOCOL};
+
+
 size_t max_packet_size() {
 	return \
 		MAX(sizeof(struct ip), sizeof(struct ip6_hdr)) +
@@ -16,7 +19,8 @@ size_t max_packet_size() {


 __attribute__((nonnull))
-static bool handle_ipv4(const void *payload, size_t payload_size, struct packet_data *dt) {
+static enum parse_result handle_ipv4(const void *payload, size_t payload_size, struct packet_data *dt) {
+	enum parse_result res = SUCCESS;
 	const struct ip *p = (struct ip*)payload;

 	inet_ntop(AF_INET, &p->ip_src, dt->source_ip, sizeof(dt->source_ip));
@@ -27,32 +31,40 @@ static bool handle_ipv4(const void *payload, size_t payload_size, struct packet_
 	const void *phdr = payload + (4 * p->ip_hl);
 	switch (p->ip_p) {
 		case IPPROTO_UDP: {
-			if (payload_size < (sizeof(struct ip) + sizeof(struct udphdr)))
-				return false;
+			if (payload_size < (sizeof(struct ip) + sizeof(struct udphdr))) {
+				res = LENGTH;
+				break;
+			}
 			const struct udphdr *udp = (struct udphdr*)phdr;
 			dt->source_port = ntohs(udp->source);
 			dt->dest_port = ntohs(udp->dest);
 			break;
 		}
 		case IPPROTO_TCP: {
-			if (payload_size < (sizeof(struct ip) + sizeof(struct tcphdr)))
-				return false;
+			if (payload_size < (sizeof(struct ip) + sizeof(struct tcphdr))) {
+				res = LENGTH;
+				break;
+			}
 			const struct tcphdr *tcp = (struct tcphdr*)phdr;
 			dt->source_port = ntohs(tcp->source);
 			dt->dest_port = ntohs(tcp->dest);
 			break;
 		}
 		default:
-			dt->source_port = 0;
-			dt->dest_port = 0;
+			res = PROTOCOL;
 	}
-	return true;
+	return res;
 }

 __attribute__((nonnull))
-static bool handle_ipv6(const void *payload, size_t payload_size, struct packet_data *dt) {
-	if (payload_size < sizeof(struct ip6_hdr))
-		return false;
+static enum parse_result handle_ipv6(const void *payload, size_t payload_size, struct packet_data *dt) {
+	enum parse_result res = SUCCESS;
+
+	if (payload_size < sizeof(struct ip6_hdr)) {
+		res = LENGTH;
+		return res;
+	}
+
 	const struct ip6_hdr *p = (struct ip6_hdr*)payload;

 	inet_ntop(AF_INET6, &p->ip6_src, dt->source_ip, sizeof(dt->source_ip));
@@ -68,26 +80,29 @@ static bool handle_ipv6(const void *payload, size_t payload_size, struct packet_
 	const void *phdr = payload + sizeof(struct ip6_hdr);
 	switch (p->ip6_nxt) {
 		case IPPROTO_UDP: {
-			if (payload_size < (sizeof(struct ip6_hdr) + sizeof(struct udphdr)))
-				return false;
+			if (payload_size < (sizeof(struct ip6_hdr) + sizeof(struct udphdr))) {
+				res = LENGTH;
+				break;
+			}
 			const struct udphdr *udp = (struct udphdr*)phdr;
 			dt->source_port = ntohs(udp->source);
 			dt->dest_port = ntohs(udp->dest);
 			break;
 		}
 		case IPPROTO_TCP: {
-			if (payload_size < (sizeof(struct ip6_hdr) + sizeof(struct tcphdr)))
-				return false;
+			if (payload_size < (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))) {
+				res = LENGTH;
+				break;
+			}
 			const struct tcphdr *tcp = (struct tcphdr*)phdr;
 			dt->source_port = ntohs(tcp->source);
 			dt->dest_port = ntohs(tcp->dest);
 			break;
 		}
 		default:
-			dt->source_port = 0;
-			dt->dest_port = 0;
+			res = PROTOCOL;
 	}
-	return true;
+	return res;
 }


@@ -98,12 +113,20 @@ bool parse_packet(const void *data, size_t data_size, struct packet_data *packet
 	struct ip *p_ip = (struct ip*)data;
 	switch (p_ip->ip_v) {
 		case 4:
-			if (!handle_ipv4(data, data_size, packet_data))
-				goto invalid_size;
+			switch (handle_ipv4(data, data_size, packet_data)) {
+				case LENGTH:
+					goto invalid_size;
+				case PROTOCOL:
+					goto unsupported_protocol;
+			}
 			break;
 		case 6:
-			if (!handle_ipv6(data, data_size, packet_data))
-				goto invalid_size;
+			switch (handle_ipv6(data, data_size, packet_data)) {
+				case LENGTH:
+					goto invalid_size;
+				case PROTOCOL:
+					goto unsupported_protocol;
+			}
 			break;
 		default:
 			debug("Received packet with unknown IP version: %d", p_ip->ip_v);
@@ -119,4 +142,8 @@ bool parse_packet(const void *data, size_t data_size, struct packet_data *packet
 invalid_size:
 	debug("Received packet has smaller size than expected IP header. Ignoring");
 	return false;
+
+unsupported_protocol:
+	debug("Unsupported network protocol detected (other than TCP and UDP). Ignoring");
+	return false;
 }