diff --git a/docs/changes.txt b/docs/changes.txt index 0bf299b..ff655f1 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -193,4 +193,4 @@ v0.8.1 0.8.6 * winws2, blockcheck2: allow multiple instances in windows, linux, freebsd (not openbsd) -* zapret-antidpi: oob instance cutoff if called not from the very beginning of tcp +* nfqws2: fix critical bug - wrong ipv6 dissection diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index b8b2d68..c5f7945 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -347,17 +347,18 @@ bool proto_check_ipv6_payload(const uint8_t *data, size_t len) } // move to transport protocol // proto_type = 0 => error -void proto_skip_ipv6(const uint8_t **data, size_t *len, uint8_t *proto_type, const uint8_t **last_header_type) +void proto_skip_ipv6(const uint8_t **data, size_t *len, uint8_t *proto_type) { size_t hdrlen; uint8_t HeaderType; uint16_t plen; + struct ip6_hdr *ip6 = (struct ip6_hdr*)*data; if (proto_type) *proto_type = 0; // put error in advance - HeaderType = (*data)[6]; // NextHeader field - if (last_header_type) *last_header_type = (*data)+6; - plen = ntohs(((struct ip6_hdr*)data)->ip6_ctlun.ip6_un1.ip6_un1_plen); + HeaderType = ip6->ip6_nxt; + if (proto_type) *proto_type = HeaderType; + plen = ntohs(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen); *data += sizeof(struct ip6_hdr); *len -= sizeof(struct ip6_hdr); // skip ipv6 base header if (plen < *len) *len = plen; while (*len) // need at least one byte for NextHeader field @@ -390,7 +391,6 @@ void proto_skip_ipv6(const uint8_t **data, size_t *len, uint8_t *proto_type, con } if (*len < hdrlen) return; // error HeaderType = **data; - if (last_header_type) *last_header_type = *data; // advance to the next header location *len -= hdrlen; *data += hdrlen; @@ -466,7 +466,7 @@ void proto_dissect_l3l4(const uint8_t *data, size_t len, struct dissect *dis) { dis->ip6 = (const struct ip6_hdr *) data; p = data; - proto_skip_ipv6(&data, &len, &dis->proto, NULL); + proto_skip_ipv6(&data, &len, &dis->proto); dis->len_l3 = data-p; } else