diff options
| author | Gerald Combs <gerald@wireshark.org> | 2015-08-12 15:11:39 -0700 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2015-08-17 16:15:47 +0000 |
| commit | 0368b827c965807ed130e2b5af93194ecdc6d5b6 (patch) | |
| tree | cd2b85a0c9a37ea9c3afdd3dfc36074df8cfd72c /ui/mcast_stream.c | |
| parent | 821ea20fda0b69b73142c14ff0d58686e4862a62 (diff) | |
| download | wireshark-0368b827c965807ed130e2b5af93194ecdc6d5b6.tar.gz | |
Improve multicast address checking.
Check for IPv4 and IPv6 multicast addresses. We might have captured on
an "any" interface, or on a PPP link, or used some other method that
doesn't result in dl_dst.type == AT_ETHER.
Change-Id: I18b0597fd432e4cec8c388a3c7d2d18ac4da0fad
Reviewed-on: https://code.wireshark.org/review/10009
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'ui/mcast_stream.c')
| -rw-r--r-- | ui/mcast_stream.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/ui/mcast_stream.c b/ui/mcast_stream.c index 63499a3539..6a845a384b 100644 --- a/ui/mcast_stream.c +++ b/ui/mcast_stream.c @@ -153,21 +153,33 @@ mcaststream_packet(void *arg, packet_info *pinfo, epan_dissect_t *edt _U_, const nstime_t delta; double deltatime; + /* + * Restrict statistics to standard multicast IPv4 and IPv6 addresses. + * We might want to check for and allow ethernet addresses starting + * with 01:00:05 and 33:33 as well. + */ + switch (pinfo->net_dst.type) { + case AT_IPv4: + /* 224.0.0.0/4 */ + if (pinfo->net_dst.len == 0 || (((const guint8*)pinfo->net_dst.data)[0] & 0xf0) != 0xe0) + return FALSE; + break; + case AT_IPv6: + /* ff00::/8 */ + /* XXX This includes DHCPv6. */ + if (pinfo->net_dst.len == 0 || ((const guint8*)pinfo->net_dst.data)[0] != 0xff) + return FALSE; + break; + default: + return FALSE; + } + /* gather infos on the stream this packet is part of */ - COPY_ADDRESS(&(tmp_strinfo.src_addr), &(pinfo->src)); + COPY_ADDRESS(&(tmp_strinfo.src_addr), &(pinfo->net_src)); tmp_strinfo.src_port = pinfo->srcport; - COPY_ADDRESS(&(tmp_strinfo.dest_addr), &(pinfo->dst)); + COPY_ADDRESS(&(tmp_strinfo.dest_addr), &(pinfo->net_dst)); tmp_strinfo.dest_port = pinfo->destport; - /* first we ignore non multicast packets; we filter out only those ethernet packets - * which start with the 01:00:5E multicast address (for IPv4) and 33:33 multicast - * address (for IPv6). - */ - if ((pinfo->dl_dst.type != AT_ETHER) || - ((g_ascii_strncasecmp("01005E", bytes_to_str(pinfo->pool, (const guint8 *)pinfo->dl_dst.data, pinfo->dl_dst.len), 6) != 0) && - (g_ascii_strncasecmp("3333", bytes_to_str(pinfo->pool, (const guint8 *)pinfo->dl_dst.data, pinfo->dl_dst.len), 4) != 0)) ) - return 0; - /* check whether we already have a stream with these parameters in the list */ list = g_list_first(tapinfo->strinfo_list); while (list) |