On Feb 9, 2015, at 4:41 PM, Brian E Carpenter <[email protected]>
wrote:
> OK Ted, then please provide the pseudo-code for making that
> determination:
>
> if ???? then #it's an unknown extension header conforming to RFC 6564
> else #it's an unknown transport protocol;
>
> Brian
Apologies if there are horrific buffer overflow bugs, but here's roughly how
you would do it:
// return true if it's a dhcpv6 packet that we should drop
BOOL
guard_p(int next_header_type, u_int8_t *bufp, int buflen)
{
int header_len;
// no space for a valid protocol or extension header?
if (buflen < 2)
return false;
if (next_header_type == 59)
return false;
if (udp_p(next_header_type))
return dhcpv6_guard_p(bufp, buflen);
if (known_proto_header_type_p(next_header_type))
return false;
if (known_extension_header_type_p(next_header_type))
{
header_len = header_extension_len(next_header_type, bufp, buflen);
// evidently malformed header?
if (header_len == 0)
return false;
// tail call to check next header
return guard_p(known_extension_header_next_type(next_header_type, bufp,
buflen),
bufp + header_len, buflen - header_len);
}
// tail call to check presumed RFC 6564 header.
// if it's actually an unknown protocol header, we may
// have to parse over some garbage before running off
// the end of the packet and returning false.
// It may also be deliberate garbage, in which case the
// same thing will happen, but possibly more slowly.
return guard_p(bufp[0], bufp + bufp[1], buflen - bufp[1]);
}
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
