c80b0b3d57
Firewalking is a technique developed by Mike D. Schiffman and David E. Goldsmith that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. This package was provided in PR 14020 by xs@nitric.net. I split it into two separate packages, firewalk-gtk and firewalk, and modified it to use buildlink functionality.
106 lines
3.6 KiB
Text
106 lines
3.6 KiB
Text
$NetBSD: patch-aa,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
|
|
|
|
--- packet.c.orig Sat Sep 8 22:43:44 2001
|
|
+++ packet.c Sat Sep 8 22:44:45 2001
|
|
@@ -42,24 +42,24 @@
|
|
int
|
|
icmp_verify(u_char *packet, struct firepack *fp)
|
|
{
|
|
- struct ip *ip_hdr;
|
|
- struct icmphdr *icmp_hdr;
|
|
- struct ip *origip_hdr;
|
|
- struct udphdr *origudp_hdr;
|
|
+ struct libnet_ip_hdr *ip_hdr;
|
|
+ struct libnet_icmp_hdr *icmp_hdr;
|
|
+ struct libnet_ip_hdr *origip_hdr;
|
|
+ struct libnet_udp_hdr *origudp_hdr;
|
|
|
|
- ip_hdr = (struct ip *)(packet + fp->packet_offset);
|
|
- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
|
|
+ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
|
|
+ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
|
|
|
|
- switch (icmp_hdr->type)
|
|
+ switch (icmp_hdr->icmp_type)
|
|
{
|
|
- case ICMP_DEST_UNREACH:
|
|
- case ICMP_TIME_EXCEEDED:
|
|
+ case ICMP_UNREACH:
|
|
+ case ICMP_TIMXCEED:
|
|
/*
|
|
* The ICMP error message contains the IP header and first 8
|
|
* bytes of data of datagram that caused the error.
|
|
*/
|
|
origip_hdr =
|
|
- (struct ip *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
|
|
+ (struct libnet_ip_hdr *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
|
|
|
|
/*
|
|
* Was this a UDP or TCP packet that caused the problem? If not,
|
|
@@ -78,7 +78,7 @@
|
|
* having a UDP header.
|
|
*/
|
|
origudp_hdr =
|
|
- (struct udphdr *)
|
|
+ (struct libnet_udp_hdr *)
|
|
(packet + fp->packet_offset + 2 * IP_H + ICMP_H + 4);
|
|
|
|
/*
|
|
@@ -92,22 +92,22 @@
|
|
*/
|
|
if (ip_hdr->ip_src.s_addr == fp->gateway)
|
|
{
|
|
- return (icmp_hdr->type == ICMP_DEST_UNREACH ?
|
|
+ return (icmp_hdr->icmp_type == ICMP_UNREACH ?
|
|
UNREACH_GW_REPLY : EXPIRED_GW_REPLY);
|
|
}
|
|
/*
|
|
* This is a response from the destination host.
|
|
*/
|
|
- if (icmp_hdr->type == ICMP_DEST_UNREACH &&
|
|
+ if (icmp_hdr->icmp_type == ICMP_UNREACH &&
|
|
ip_hdr->ip_src.s_addr == fp->destination)
|
|
{
|
|
- return (icmp_hdr->type == ICMP_DEST_UNREACH ?
|
|
+ return (icmp_hdr->icmp_type == ICMP_UNREACH ?
|
|
UNREACH_DEST_REPLY : EXPIRED_DEST_REPLY);
|
|
}
|
|
/*
|
|
* This is just a standard TTL expired reply.
|
|
*/
|
|
- return (icmp_hdr->type == ICMP_DEST_UNREACH ? UNREACH_REPLY :
|
|
+ return (icmp_hdr->icmp_type == ICMP_UNREACH ? UNREACH_REPLY :
|
|
EXPIRED_REPLY);
|
|
}
|
|
default:
|
|
@@ -249,9 +249,9 @@
|
|
void
|
|
print_ip(u_char *packet)
|
|
{
|
|
- struct ip *ip_hdr;
|
|
+ struct libnet_ip_hdr *ip_hdr;
|
|
|
|
- ip_hdr = (struct ip *)(packet + fp->packet_offset);
|
|
+ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
|
|
fire_write("[%s]", libnet_host_lookup(ip_hdr->ip_src.s_addr, fp->use_name));
|
|
}
|
|
|
|
@@ -259,14 +259,14 @@
|
|
u_char *
|
|
print_unreach_code(u_char *packet)
|
|
{
|
|
- struct icmphdr *icmp_hdr;
|
|
+ struct libnet_icmp_hdr *icmp_hdr;
|
|
|
|
- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
|
|
- if (icmp_hdr->code > 15)
|
|
+ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
|
|
+ if (icmp_hdr->icmp_code > 15)
|
|
{
|
|
return ("Unkown unreachable code");
|
|
}
|
|
- return (unreachables[icmp_hdr->code]);
|
|
+ return (unreachables[icmp_hdr->icmp_code]);
|
|
}
|
|
|
|
|