diff --git a/example/protos.txt b/example/protos.txt index 9c4425413f6..cb8ec60445a 100644 --- a/example/protos.txt +++ b/example/protos.txt @@ -27,6 +27,7 @@ host:"api-global.netflix.com"@Netflix # IP based Subprotocols # Format: # ip:,ip:,.....@ +# ipv6:[],ipv6:[],.....@ # # NOTES @@ -54,6 +55,12 @@ ip:3.3.3.3:443@CustomProtocolA ip:3.3.3.3:444@CustomProtocolB ip:3.3.3.3:446@CustomProtocolC=400 +ipv6:[3ffe:507:0:1:200:86ff:fe05:80da]@CustomProtocolD +ipv6:[247f:855b:5e16:3caf::]/64:100@CustomProtocolE +ipv6:[247f:855b:5e16:3caf::]/64@CustomProtocolF +ipv6:[fe80::76ac:b9ff:fe6c:c124]:12717@CustomProtocolG +ipv6:[fe80::76ac:b9ff:fe6c:c124]:12718@CustomProtocolH + # # Risk Exceptions # diff --git a/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_1.txt b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_1.txt new file mode 100644 index 00000000000..45cf1ce34e2 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_1.txt @@ -0,0 +1 @@ +ipv6:[3ffe:507:0:1:200:86ff:fe05:80da]@CustomProtocolD diff --git a/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_2.txt b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_2.txt new file mode 100644 index 00000000000..5d685f27b24 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_2.txt @@ -0,0 +1 @@ +ipv6:[247f:855b:5e16:3caf::]/64:100@CustomProtocolE diff --git a/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_3.txt b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_3.txt new file mode 100644 index 00000000000..0353282457c --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_3.txt @@ -0,0 +1 @@ +ipv6:[247f:855b:5e16:3caf::]/64@CustomProtocolF diff --git a/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_4.txt b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_4.txt new file mode 100644 index 00000000000..a35ef3255d5 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_4.txt @@ -0,0 +1 @@ +ipv6:[fe80::76ac:b9ff:fe6c:c124]:12717@CustomProtocolG diff --git a/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_5.txt b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_5.txt new file mode 100644 index 00000000000..2cff95d8835 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_5.txt @@ -0,0 +1 @@ +ipv6:[fe80::76ac:b9ff:fe6c:c124]:12718@CustomProtocolH diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8f7cf7435b5..c8ecb01f6cf 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2697,14 +2697,23 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp char *value, u_int16_t protocol_id) { ndpi_patricia_node_t *node; struct in_addr pin; + struct in6_addr pin6; int bits = 32; + int is_ipv6 = 0; char *ptr = strrchr(value, '/'); - u_int16_t port = 0; /* Format ip:8.248.73.247:443 */ - char *double_column; + u_int16_t port = 0; /* Format ip:8.248.73.247 */ + /* Format ipv6:[fe80::76ac:b9ff:fe6c:c124]/64 */ + char *double_column = NULL; if(!ndpi_str->protocols_ptree) return(-1); + if(value[0] == '[') { + is_ipv6 = 1; + bits = 128; + value += 1; + } + if(ptr) { ptr[0] = '\0'; ptr++; @@ -2714,14 +2723,32 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp port = atoi(&double_column[1]); } - if(atoi(ptr) >= 0 && atoi(ptr) <= 32) - bits = atoi(ptr); + if(!is_ipv6) { + if(atoi(ptr) >= 0 && atoi(ptr) <= 32) + bits = atoi(ptr); + } else { + if(atoi(ptr) >= 0 && atoi(ptr) <= 128) + bits = atoi(ptr); + + ptr = strrchr(value, ']'); + if(ptr) + *ptr = '\0'; + } } else { /* Let's check if there is the port defined Example: ip:8.248.73.247:443@AmazonPrime + Example: ipv6:[fe80::76ac:b9ff:fe6c:c124]:36818@CustomProtocolF */ - double_column = strrchr(value, ':'); + if(!is_ipv6) { + double_column = strrchr(value, ':'); + } else { + ptr = strrchr(value, ']'); + if(ptr) { + double_column = strrchr(ptr, ':'); + *ptr = '\0'; + } + } if(double_column) { double_column[0] = '\0'; @@ -2729,10 +2756,17 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp } } - if(inet_pton(AF_INET, value, &pin) != 1) - return(-1); + if(!is_ipv6) { + if(inet_pton(AF_INET, value, &pin) != 1) + return(-1); + node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits); + } else { + if(inet_pton(AF_INET6, value, &pin6) != 1) + return(-1); + node = add_to_ptree(ndpi_str->protocols_ptree6, AF_INET6, &pin6, bits); + } - if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) { + if(node != NULL) { int i; struct patricia_uv16_list *item; @@ -4227,6 +4261,8 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str, is_tcp = 1, value = &attr[4]; else if(strncmp(attr, "udp:", 4) == 0) is_udp = 1, value = &attr[4]; + else if(strncmp(attr, "ipv6:", 5) == 0) + is_ip = 1, value = &attr[5]; else if(strncmp(attr, "ip:", 3) == 0) is_ip = 1, value = &attr[3]; else if(strncmp(attr, "host:", 5) == 0) { diff --git a/tests/cfgs/default/pcap/custom_rules_ipv6.pcapng b/tests/cfgs/default/pcap/custom_rules_ipv6.pcapng new file mode 100644 index 00000000000..8283b1f47f3 Binary files /dev/null and b/tests/cfgs/default/pcap/custom_rules_ipv6.pcapng differ diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out new file mode 100644 index 00000000000..f3a2f23ad6f --- /dev/null +++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out @@ -0,0 +1,35 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 5 (1.00 pkts/flow) +Confidence Unknown : 5 (flows) +Num dissector calls: 0 (0.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 0/0 (search/found) +Patricia protocols IPv6: 9/5 (search/found) + +CustomProtocolD 2 600 1 +CustomProtocolE 1 1287 1 +CustomProtocolF 1 1287 1 +CustomProtocolG 1 318 1 +CustomProtocolH 1 318 1 + + 1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 365/CustomProtocolE][IP: 365/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 366/CustomProtocolF][IP: 366/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 364/CustomProtocolD][IP: 364/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 367/CustomProtocolG][IP: 367/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 368/CustomProtocolH][IP: 368/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]