diff options
Diffstat (limited to 'net/sniffit/patches/patch-aa')
| -rw-r--r-- | net/sniffit/patches/patch-aa | 216 |
1 files changed, 216 insertions, 0 deletions
diff --git a/net/sniffit/patches/patch-aa b/net/sniffit/patches/patch-aa new file mode 100644 index 00000000000..59926bc6157 --- /dev/null +++ b/net/sniffit/patches/patch-aa @@ -0,0 +1,216 @@ +*** sn_defines.h Fri Apr 18 11:33:58 1997 +--- sn_defines.h Thu Jul 24 16:02:16 1997 +*************** +*** 80,90 **** + #define SYN 2 + #define FIN 1 + +! #define NO_IP 0 +! #define NO_IP_4 1000 +! #define ICMP 1 /* Protocol Numbers */ +! #define TCP 6 +! #define UDP 17 + + #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ + #define UDP_HEADLENGTH 8 /* fixed UDP header length */ +--- 80,91 ---- + #define SYN 2 + #define FIN 1 + +! #define NO_IP 0 +! #define NO_IP_4 1000 +! #define CORRUPT_IP 1001 +! #define ICMP 1 /* Protocol Numbers */ +! #define TCP 6 +! #define UDP 17 + + #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ + #define UDP_HEADLENGTH 8 /* fixed UDP header length */ +*** sn_packets.c Fri Apr 18 11:33:58 1997 +--- sn_packets.c Thu Aug 22 19:18:51 1985 +*************** +*** 43,48 **** +--- 43,49 ---- + struct UDP_header UDPhead; + + int i; ++ short int dummy; /* 2 bytes, important */ + + memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header)); + /* IP header Conversion */ +*************** +*** 51,56 **** +--- 52,58 ---- + unwrapped->TCP_len = 0; /* Reset structure NEEDED!!! */ + unwrapped->UDP_len = 0; + unwrapped->DATA_len = 0; ++ unwrapped->FRAG_nf = 0; + + if(NO_CHKSUM == 0) + { +*************** +*** 75,106 **** + /* restore orig buffer */ + /* general programming rule */ + } + if(IPhead.protocol == TCP ) /* TCP */ + { +! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct TCP_header)); +! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; +! unwrapped->TCP_len >>= 10; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->TCP_len); + return TCP; + } + if(IPhead.protocol == ICMP ) /* ICMP */ + { +! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct ICMP_header)); +! unwrapped->ICMP_len = ICMP_HEADLENGTH; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->ICMP_len); +! return ICMP; + } + if(IPhead.protocol == UDP ) /* UDP */ + { +! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct UDP_header)); +! unwrapped->UDP_len = UDP_HEADLENGTH; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->UDP_len); + return UDP; + } + return -1; +--- 77,150 ---- + /* restore orig buffer */ + /* general programming rule */ + } ++ ++ #ifdef DEBUG_ONSCREEN ++ printf("IPheadlen: %d total length: %d\n", unwrapped->IP_len, ++ ntohs(IPhead.length)); ++ #endif ++ ++ dummy=ntohs(IPhead.flag_offset); dummy<<=3; ++ if( dummy!=0 ) /* we have offset */ ++ { ++ unwrapped->FRAG_nf = 1; ++ } ++ + if(IPhead.protocol == TCP ) /* TCP */ + { +! if(unwrapped->FRAG_nf == 0) +! { +! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 ) +! {return CORRUPT_IP;}; +! +! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct TCP_header)); +! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; +! unwrapped->TCP_len >>= 10; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->TCP_len); ++ } ++ else ++ { ++ unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); ++ } + return TCP; + } + if(IPhead.protocol == ICMP ) /* ICMP */ + { +! if(unwrapped->FRAG_nf == 0) +! { +! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 ) +! {return CORRUPT_IP;}; +! +! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct ICMP_header)); +! unwrapped->ICMP_len = ICMP_HEADLENGTH; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->ICMP_len); +! return ICMP; +! } +! else +! { +! return -1; /* don't handle fragmented ICMP */ +! } + } + if(IPhead.protocol == UDP ) /* UDP */ + { +! if(unwrapped->FRAG_nf == 0) +! { +! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 ) +! {return CORRUPT_IP;}; +! +! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct UDP_header)); +! unwrapped->UDP_len = UDP_HEADLENGTH; +! unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->UDP_len); ++ } ++ else ++ { ++ unwrapped->DATA_len = ntohs(IPhead.length)-(unwrapped->IP_len); ++ } + return UDP; + } + return -1; +*** sn_packetstructs.h Fri Apr 18 11:33:58 1997 +--- sn_packetstructs.h Thu Jul 24 16:17:20 1997 +*************** +*** 44,51 **** + unsigned short length, checksum; + }; + +! struct unwrap /* some extra info */ + { + int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ + int DATA_len; + }; +--- 44,52 ---- + unsigned short length, checksum; + }; + +! struct unwrap /* some extra info */ + { + int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ + int DATA_len; ++ char FRAG_nf; /* not the first fragment */ + }; +*** sniffit.0.3.5.c Fri Apr 18 11:33:58 1997 +--- sniffit.0.3.5.c Thu Aug 22 19:19:49 1985 +*************** +*** 411,421 **** +--- 411,427 ---- + proto=unwrap_packet(sp, info); + if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ + if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ ++ if(proto == CORRUPT_IP) ++ {printf("Suspicious Packet detected... (Split header)\n"); ++ return DONT_EXAMINE;} + + memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header)); + so=(unsigned char *)&(iphead.source); + dest=(unsigned char *)&(iphead.destination); + ++ if(info->FRAG_nf!=0) ++ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; }; ++ + if((proto==TCP)&&(PROTOCOLS&F_TCP)) + { + #ifdef DEBUG_ONSCREEN +*************** +*** 1220,1225 **** +--- 1226,1235 ---- + proto=unwrap_packet(sp, info); + if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ + if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ ++ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */ ++ ++ if(info->FRAG_nf!=0) ++ {return DONT_EXAMINE; }; + + (*IP_nr_of_packets)++; + if(proto==ICMP) |