kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/sniffit/patches/patch-aa
agc 41bfb30737 Add NetBSD RCS Ids.
1998-08-07 11:08:53 +00:00

218 lines
6.7 KiB
Text
Raw Blame History

$NetBSD: patch-aa,v 1.2 1998/08/07 11:10:57 agc Exp $
*** sn_defines.h Fri Apr 18 11:33:58 1997
--- sn_defines.h Thu Jul 24 16:02:16 1997
***************
*** 80,90 ****
#define SYN 2
#define FIN 1
! #define NO_IP 0
! #define NO_IP_4 1000
! #define ICMP 1 /* Protocol Numbers */
! #define TCP 6
! #define UDP 17
#define ICMP_HEADLENGTH 4 /* fixed ICMP header length */
#define UDP_HEADLENGTH 8 /* fixed UDP header length */
--- 80,91 ----
#define SYN 2
#define FIN 1
! #define NO_IP 0
! #define NO_IP_4 1000
! #define CORRUPT_IP 1001
! #define ICMP 1 /* Protocol Numbers */
! #define TCP 6
! #define UDP 17
#define ICMP_HEADLENGTH 4 /* fixed ICMP header length */
#define UDP_HEADLENGTH 8 /* fixed UDP header length */
*** sn_packets.c Fri Apr 18 11:33:58 1997
--- sn_packets.c Thu Aug 22 19:18:51 1985
***************
*** 43,48 ****
--- 43,49 ----
struct UDP_header UDPhead;
int i;
+ short int dummy; /* 2 bytes, important */
memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header));
/* IP header Conversion */
***************
*** 51,56 ****
--- 52,58 ----
unwrapped->TCP_len = 0; /* Reset structure NEEDED!!! */
unwrapped->UDP_len = 0;
unwrapped->DATA_len = 0;
+ unwrapped->FRAG_nf = 0;
if(NO_CHKSUM == 0)
{
***************
*** 75,106 ****
/* restore orig buffer */
/* general programming rule */
}
if(IPhead.protocol == TCP ) /* TCP */
{
! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct TCP_header));
! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000;
! unwrapped->TCP_len >>= 10;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->TCP_len);
return TCP;
}
if(IPhead.protocol == ICMP ) /* ICMP */
{
! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct ICMP_header));
! unwrapped->ICMP_len = ICMP_HEADLENGTH;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->ICMP_len);
! return ICMP;
}
if(IPhead.protocol == UDP ) /* UDP */
{
! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct UDP_header));
! unwrapped->UDP_len = UDP_HEADLENGTH;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->UDP_len);
return UDP;
}
return -1;
--- 77,150 ----
/* restore orig buffer */
/* general programming rule */
}
+
+ #ifdef DEBUG_ONSCREEN
+ printf("IPheadlen: %d total length: %d\n", unwrapped->IP_len,
+ ntohs(IPhead.length));
+ #endif
+
+ dummy=ntohs(IPhead.flag_offset); dummy<<=3;
+ if( dummy!=0 ) /* we have offset */
+ {
+ unwrapped->FRAG_nf = 1;
+ }
+
if(IPhead.protocol == TCP ) /* TCP */
{
! if(unwrapped->FRAG_nf == 0)
! {
! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 )
! {return CORRUPT_IP;};
!
! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct TCP_header));
! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000;
! unwrapped->TCP_len >>= 10;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->TCP_len);
+ }
+ else
+ {
+ unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len);
+ }
return TCP;
}
if(IPhead.protocol == ICMP ) /* ICMP */
{
! if(unwrapped->FRAG_nf == 0)
! {
! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 )
! {return CORRUPT_IP;};
!
! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct ICMP_header));
! unwrapped->ICMP_len = ICMP_HEADLENGTH;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->ICMP_len);
! return ICMP;
! }
! else
! {
! return -1; /* don't handle fragmented ICMP */
! }
}
if(IPhead.protocol == UDP ) /* UDP */
{
! if(unwrapped->FRAG_nf == 0)
! {
! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 )
! {return CORRUPT_IP;};
!
! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
sizeof(struct UDP_header));
! unwrapped->UDP_len = UDP_HEADLENGTH;
! unwrapped->DATA_len = ntohs(IPhead.length) -
(unwrapped->IP_len) - (unwrapped->UDP_len);
+ }
+ else
+ {
+ unwrapped->DATA_len = ntohs(IPhead.length)-(unwrapped->IP_len);
+ }
return UDP;
}
return -1;
*** sn_packetstructs.h Fri Apr 18 11:33:58 1997
--- sn_packetstructs.h Thu Jul 24 16:17:20 1997
***************
*** 44,51 ****
unsigned short length, checksum;
};
! struct unwrap /* some extra info */
{
int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */
int DATA_len;
};
--- 44,52 ----
unsigned short length, checksum;
};
! struct unwrap /* some extra info */
{
int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */
int DATA_len;
+ char FRAG_nf; /* not the first fragment */
};
*** sniffit.0.3.5.c Fri Apr 18 11:33:58 1997
--- sniffit.0.3.5.c Thu Aug 22 19:19:49 1985
***************
*** 411,421 ****
--- 411,427 ----
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP)
+ {printf("Suspicious Packet detected... (Split header)\n");
+ return DONT_EXAMINE;}
memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
so=(unsigned char *)&(iphead.source);
dest=(unsigned char *)&(iphead.destination);
+ if(info->FRAG_nf!=0)
+ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; };
+
if((proto==TCP)&&(PROTOCOLS&F_TCP))
{
#ifdef DEBUG_ONSCREEN
***************
*** 1220,1225 ****
--- 1226,1235 ----
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
+
+ if(info->FRAG_nf!=0)
+ {return DONT_EXAMINE; };
(*IP_nr_of_packets)++;
if(proto==ICMP)
Reference in a new issue View git blame Copy permalink