From d3c351cc904edb1c6cd697c674d239c0a8c53558 Mon Sep 17 00:00:00 2001 From: wiz Date: Sun, 8 Jan 2006 11:02:10 +0000 Subject: This package contains a hardwired list of device driver names(ewww). Assume that x86_64 has the same drivers as i386, addresses PR 32332. No PKGREVISION bump since it didn't compile on amd64 before. While here: remove superfluous patches patch-af, patch-ag to config.sub files (get replaced by CONFIG_SUB_OVERRIDE anyway) split up multi-patch patch-aa into four patches patch-a[hijk] --- net/sniffit/distinfo | 11 ++- net/sniffit/patches/patch-aa | 218 ------------------------------------------- net/sniffit/patches/patch-ac | 12 ++- net/sniffit/patches/patch-af | 20 ---- net/sniffit/patches/patch-ag | 20 ---- net/sniffit/patches/patch-ah | 15 +++ net/sniffit/patches/patch-ai | 33 +++++++ net/sniffit/patches/patch-aj | 22 +++++ net/sniffit/patches/patch-ak | 106 +++++++++++++++++++++ 9 files changed, 189 insertions(+), 268 deletions(-) delete mode 100644 net/sniffit/patches/patch-aa delete mode 100644 net/sniffit/patches/patch-af delete mode 100644 net/sniffit/patches/patch-ag create mode 100644 net/sniffit/patches/patch-ah create mode 100644 net/sniffit/patches/patch-ai create mode 100644 net/sniffit/patches/patch-aj create mode 100644 net/sniffit/patches/patch-ak (limited to 'net/sniffit') diff --git a/net/sniffit/distinfo b/net/sniffit/distinfo index 4c665ea24c3..e93332532a1 100644 --- a/net/sniffit/distinfo +++ b/net/sniffit/distinfo @@ -1,12 +1,13 @@ -$NetBSD: distinfo,v 1.8 2005/02/24 12:14:04 agc Exp $ +$NetBSD: distinfo,v 1.9 2006/01/08 11:02:10 wiz Exp $ SHA1 (sniffit.0.3.5.tar.gz) = df9183fca2eec29a56bcfdc68a983c4e7d57bf9d RMD160 (sniffit.0.3.5.tar.gz) = 9508f357c6fe74a9147a735fd0eb419b9a1124eb Size (sniffit.0.3.5.tar.gz) = 197255 bytes -SHA1 (patch-aa) = 843011bc1b0679485e4df9fec2d2443ba1ef73e0 SHA1 (patch-ab) = 52ac607b99f30887b56de804eb8d8ee65f45b974 -SHA1 (patch-ac) = 8beaedcd40d955095eb30d808f9d38a549aa4db5 +SHA1 (patch-ac) = 05ab42b3499edd550de6f1bb667adce34e26a503 SHA1 (patch-ad) = 302391b40bbfe6f218136778738572109be3ce6b SHA1 (patch-ae) = c430e434309135189de7b3e61e4d0a1e63e50426 -SHA1 (patch-af) = 206fd228e6a26d4bf75e187c79b3f659ec60eb36 -SHA1 (patch-ag) = b2e76291d17fc6718cfb7f414fd211355856ae2e +SHA1 (patch-ah) = 50959ea602f9c31bd71a966b1c4b1903db2711d5 +SHA1 (patch-ai) = 35fc26728c08a73b44064f225096e3d0e59a9e5b +SHA1 (patch-aj) = db87dccf1c952e188aebb7bbb699c6257287c87d +SHA1 (patch-ak) = 1b924bf9e336f57b75911c0bc9d32ab9b667c9b0 diff --git a/net/sniffit/patches/patch-aa b/net/sniffit/patches/patch-aa deleted file mode 100644 index e8edc22c6bb..00000000000 --- a/net/sniffit/patches/patch-aa +++ /dev/null @@ -1,218 +0,0 @@ -$NetBSD: patch-aa,v 1.2 1998/08/07 11:10:57 agc Exp $ - -*** sn_defines.h Fri Apr 18 11:33:58 1997 ---- sn_defines.h Thu Jul 24 16:02:16 1997 -*************** -*** 80,90 **** - #define SYN 2 - #define FIN 1 - -! #define NO_IP 0 -! #define NO_IP_4 1000 -! #define ICMP 1 /* Protocol Numbers */ -! #define TCP 6 -! #define UDP 17 - - #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ - #define UDP_HEADLENGTH 8 /* fixed UDP header length */ ---- 80,91 ---- - #define SYN 2 - #define FIN 1 - -! #define NO_IP 0 -! #define NO_IP_4 1000 -! #define CORRUPT_IP 1001 -! #define ICMP 1 /* Protocol Numbers */ -! #define TCP 6 -! #define UDP 17 - - #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ - #define UDP_HEADLENGTH 8 /* fixed UDP header length */ -*** sn_packets.c Fri Apr 18 11:33:58 1997 ---- sn_packets.c Thu Aug 22 19:18:51 1985 -*************** -*** 43,48 **** ---- 43,49 ---- - struct UDP_header UDPhead; - - int i; -+ short int dummy; /* 2 bytes, important */ - - memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header)); - /* IP header Conversion */ -*************** -*** 51,56 **** ---- 52,58 ---- - unwrapped->TCP_len = 0; /* Reset structure NEEDED!!! */ - unwrapped->UDP_len = 0; - unwrapped->DATA_len = 0; -+ unwrapped->FRAG_nf = 0; - - if(NO_CHKSUM == 0) - { -*************** -*** 75,106 **** - /* restore orig buffer */ - /* general programming rule */ - } - if(IPhead.protocol == TCP ) /* TCP */ - { -! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct TCP_header)); -! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; -! unwrapped->TCP_len >>= 10; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->TCP_len); - return TCP; - } - if(IPhead.protocol == ICMP ) /* ICMP */ - { -! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct ICMP_header)); -! unwrapped->ICMP_len = ICMP_HEADLENGTH; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->ICMP_len); -! return ICMP; - } - if(IPhead.protocol == UDP ) /* UDP */ - { -! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct UDP_header)); -! unwrapped->UDP_len = UDP_HEADLENGTH; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->UDP_len); - return UDP; - } - return -1; ---- 77,150 ---- - /* restore orig buffer */ - /* general programming rule */ - } -+ -+ #ifdef DEBUG_ONSCREEN -+ printf("IPheadlen: %d total length: %d\n", unwrapped->IP_len, -+ ntohs(IPhead.length)); -+ #endif -+ -+ dummy=ntohs(IPhead.flag_offset); dummy<<=3; -+ if( dummy!=0 ) /* we have offset */ -+ { -+ unwrapped->FRAG_nf = 1; -+ } -+ - if(IPhead.protocol == TCP ) /* TCP */ - { -! if(unwrapped->FRAG_nf == 0) -! { -! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 ) -! {return CORRUPT_IP;}; -! -! memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct TCP_header)); -! unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; -! unwrapped->TCP_len >>= 10; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->TCP_len); -+ } -+ else -+ { -+ unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); -+ } - return TCP; - } - if(IPhead.protocol == ICMP ) /* ICMP */ - { -! if(unwrapped->FRAG_nf == 0) -! { -! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 ) -! {return CORRUPT_IP;}; -! -! memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct ICMP_header)); -! unwrapped->ICMP_len = ICMP_HEADLENGTH; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->ICMP_len); -! return ICMP; -! } -! else -! { -! return -1; /* don't handle fragmented ICMP */ -! } - } - if(IPhead.protocol == UDP ) /* UDP */ - { -! if(unwrapped->FRAG_nf == 0) -! { -! if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 ) -! {return CORRUPT_IP;}; -! -! memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), - sizeof(struct UDP_header)); -! unwrapped->UDP_len = UDP_HEADLENGTH; -! unwrapped->DATA_len = ntohs(IPhead.length) - - (unwrapped->IP_len) - (unwrapped->UDP_len); -+ } -+ else -+ { -+ unwrapped->DATA_len = ntohs(IPhead.length)-(unwrapped->IP_len); -+ } - return UDP; - } - return -1; -*** sn_packetstructs.h Fri Apr 18 11:33:58 1997 ---- sn_packetstructs.h Thu Jul 24 16:17:20 1997 -*************** -*** 44,51 **** - unsigned short length, checksum; - }; - -! struct unwrap /* some extra info */ - { - int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ - int DATA_len; - }; ---- 44,52 ---- - unsigned short length, checksum; - }; - -! struct unwrap /* some extra info */ - { - int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ - int DATA_len; -+ char FRAG_nf; /* not the first fragment */ - }; -*** sniffit.0.3.5.c Fri Apr 18 11:33:58 1997 ---- sniffit.0.3.5.c Thu Aug 22 19:19:49 1985 -*************** -*** 411,421 **** ---- 411,427 ---- - proto=unwrap_packet(sp, info); - if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ - if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ -+ if(proto == CORRUPT_IP) -+ {printf("Suspicious Packet detected... (Split header)\n"); -+ return DONT_EXAMINE;} - - memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header)); - so=(unsigned char *)&(iphead.source); - dest=(unsigned char *)&(iphead.destination); - -+ if(info->FRAG_nf!=0) -+ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; }; -+ - if((proto==TCP)&&(PROTOCOLS&F_TCP)) - { - #ifdef DEBUG_ONSCREEN -*************** -*** 1220,1225 **** ---- 1226,1235 ---- - proto=unwrap_packet(sp, info); - if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ - if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ -+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */ -+ -+ if(info->FRAG_nf!=0) -+ {return DONT_EXAMINE; }; - - (*IP_nr_of_packets)++; - if(proto==ICMP) diff --git a/net/sniffit/patches/patch-ac b/net/sniffit/patches/patch-ac index 8467ee66438..a11ca035137 100644 --- a/net/sniffit/patches/patch-ac +++ b/net/sniffit/patches/patch-ac @@ -1,8 +1,9 @@ -$NetBSD: patch-ac,v 1.8 2002/08/25 21:50:16 jlam Exp $ +$NetBSD: patch-ac,v 1.9 2006/01/08 11:02:10 wiz Exp $ ---- sn_data.h.orig Fri Apr 18 05:33:58 1997 -+++ sn_data.h Sat May 25 15:04:03 2002 -@@ -26,4 +26,38 @@ +--- sn_data.h.orig 1997-04-18 09:33:58.000000000 +0000 ++++ sn_data.h +@@ -25,6 +25,40 @@ char *ETH_DEV[]={"et"}; + char *ETH_DEV[]={"ed"}; #endif +#ifdef NETBSD @@ -13,7 +14,7 @@ $NetBSD: patch-ac,v 1.8 2002/08/25 21:50:16 jlam Exp $ +#define ETH_DEV_NR 18 +/* XXX This list may not be complete; cs tested on a DNARD */ +char *ETH_DEV[]={"cs", "de", "ea", "eb", "en", "ep", "ex", "fpa", "fxp", "ie", "le", "lmc", "ne", "rtk", "sip", "tl", "tlp", "vr"}; -+#elif defined(__i386__) ++#elif defined(__i386__) || defined(__x86_64__) +#define ETH_DEV_NR 20 +char *ETH_DEV[]={"ai","de","ec","ef","eg","el","en","ep","fe","fea","fpa","fxp","ix","iy","lc","le","ne","sm","tl","we"}; +#elif defined(__m68k__) @@ -41,3 +42,4 @@ $NetBSD: patch-ac,v 1.8 2002/08/25 21:50:16 jlam Exp $ + #ifdef BSDI #define ETH_DEV_NR 1 + char *ETH_DEV[]={"ef"}; diff --git a/net/sniffit/patches/patch-af b/net/sniffit/patches/patch-af deleted file mode 100644 index 25efd6f0057..00000000000 --- a/net/sniffit/patches/patch-af +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-af,v 1.2 2002/04/04 15:28:24 cjep Exp $ - ---- config.sub.orig Fri Apr 18 10:33:57 1997 -+++ config.sub Thu Apr 4 15:28:15 2002 -@@ -171,13 +171,13 @@ - ;; - # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ -- | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ -+ | sparc-* | ns32k-* | fx80-* | arm-* | arm32-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ -- | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) -+ | mips64el-* | mips64orion-* | mips64orionel-* | f301-* | macppc-*) - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. diff --git a/net/sniffit/patches/patch-ag b/net/sniffit/patches/patch-ag deleted file mode 100644 index a10a6566a3e..00000000000 --- a/net/sniffit/patches/patch-ag +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ag,v 1.2 2002/04/04 15:28:24 cjep Exp $ - ---- libpcap-0.3/config.sub.orig Fri Apr 18 10:33:57 1997 -+++ libpcap-0.3/config.sub Thu Apr 4 15:29:50 2002 -@@ -171,13 +171,13 @@ - ;; - # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ -- | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ -+ | sparc-* | ns32k-* | fx80-* | arm-* | arm32-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ -- | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) -+ | mips64el-* | mips64orion-* | mips64orionel-* | f301-* | macppc-*) - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. diff --git a/net/sniffit/patches/patch-ah b/net/sniffit/patches/patch-ah new file mode 100644 index 00000000000..dacd822e915 --- /dev/null +++ b/net/sniffit/patches/patch-ah @@ -0,0 +1,15 @@ +$NetBSD: patch-ah,v 1.1 2006/01/08 11:02:10 wiz Exp $ + +--- sn_packetstructs.h.orig 1997-04-18 11:33:58.000000000 +0200 ++++ sn_packetstructs.h +@@ -44,8 +44,9 @@ struct UDP_header + unsigned short length, checksum; + }; + +-struct unwrap /* some extra info */ ++struct unwrap /* some extra info */ + { + int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ + int DATA_len; ++ char FRAG_nf; /* not the first fragment */ + }; diff --git a/net/sniffit/patches/patch-ai b/net/sniffit/patches/patch-ai new file mode 100644 index 00000000000..6b1facf7be3 --- /dev/null +++ b/net/sniffit/patches/patch-ai @@ -0,0 +1,33 @@ +$NetBSD: patch-ai,v 1.1 2006/01/08 11:02:10 wiz Exp $ + +--- sniffit.0.3.5.c.orig 1997-04-18 11:33:58.000000000 +0200 ++++ sniffit.0.3.5.c +@@ -411,11 +411,17 @@ int check_packet(unsigned long ipaddr, + proto=unwrap_packet(sp, info); + if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ + if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ ++ if(proto == CORRUPT_IP) ++ {printf("Suspicious Packet detected... (Split header)\n"); ++ return DONT_EXAMINE;} + + memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header)); + so=(unsigned char *)&(iphead.source); + dest=(unsigned char *)&(iphead.destination); + ++ if(info->FRAG_nf!=0) ++ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; }; ++ + if((proto==TCP)&&(PROTOCOLS&F_TCP)) + { + #ifdef DEBUG_ONSCREEN +@@ -1220,6 +1226,10 @@ int check_mask (const struct packetheade + proto=unwrap_packet(sp, info); + if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */ + if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */ ++ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */ ++ ++ if(info->FRAG_nf!=0) ++ {return DONT_EXAMINE; }; + + (*IP_nr_of_packets)++; + if(proto==ICMP) diff --git a/net/sniffit/patches/patch-aj b/net/sniffit/patches/patch-aj new file mode 100644 index 00000000000..681a717460a --- /dev/null +++ b/net/sniffit/patches/patch-aj @@ -0,0 +1,22 @@ +$NetBSD: patch-aj,v 1.1 2006/01/08 11:02:10 wiz Exp $ + +--- sn_defines.h.orig 1997-04-18 11:33:58.000000000 +0200 ++++ sn_defines.h +@@ -80,11 +80,12 @@ + #define SYN 2 + #define FIN 1 + +-#define NO_IP 0 +-#define NO_IP_4 1000 +-#define ICMP 1 /* Protocol Numbers */ +-#define TCP 6 +-#define UDP 17 ++#define NO_IP 0 ++#define NO_IP_4 1000 ++#define CORRUPT_IP 1001 ++#define ICMP 1 /* Protocol Numbers */ ++#define TCP 6 ++#define UDP 17 + + #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ + #define UDP_HEADLENGTH 8 /* fixed UDP header length */ diff --git a/net/sniffit/patches/patch-ak b/net/sniffit/patches/patch-ak new file mode 100644 index 00000000000..5fdc14e1abb --- /dev/null +++ b/net/sniffit/patches/patch-ak @@ -0,0 +1,106 @@ +$NetBSD: patch-ak,v 1.1 2006/01/08 11:02:10 wiz Exp $ + +--- sn_packets.c.orig 1997-04-18 11:33:58.000000000 +0200 ++++ sn_packets.c +@@ -43,6 +43,7 @@ int unwrap_packet (unsigned char *sp, st + struct UDP_header UDPhead; + + int i; ++ short int dummy; /* 2 bytes, important */ + + memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header)); + /* IP header Conversion */ +@@ -51,6 +52,7 @@ int unwrap_packet (unsigned char *sp, st + unwrapped->TCP_len = 0; /* Reset structure NEEDED!!! */ + unwrapped->UDP_len = 0; + unwrapped->DATA_len = 0; ++ unwrapped->FRAG_nf = 0; + + if(NO_CHKSUM == 0) + { +@@ -75,32 +77,74 @@ int unwrap_packet (unsigned char *sp, st + /* restore orig buffer */ + /* general programming rule */ + } ++ ++#ifdef DEBUG_ONSCREEN ++ printf("IPheadlen: %d total length: %d\n", unwrapped->IP_len, ++ ntohs(IPhead.length)); ++#endif ++ ++ dummy=ntohs(IPhead.flag_offset); dummy<<=3; ++ if( dummy!=0 ) /* we have offset */ ++ { ++ unwrapped->FRAG_nf = 1; ++ } ++ + if(IPhead.protocol == TCP ) /* TCP */ + { +- memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), ++ if(unwrapped->FRAG_nf == 0) ++ { ++ if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 ) ++ {return CORRUPT_IP;}; ++ ++ memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct TCP_header)); +- unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; +- unwrapped->TCP_len >>= 10; +- unwrapped->DATA_len = ntohs(IPhead.length) - ++ unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; ++ unwrapped->TCP_len >>= 10; ++ unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->TCP_len); ++ } ++ else ++ { ++ unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); ++ } + return TCP; + } + if(IPhead.protocol == ICMP ) /* ICMP */ + { +- memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), ++ if(unwrapped->FRAG_nf == 0) ++ { ++ if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 ) ++ {return CORRUPT_IP;}; ++ ++ memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct ICMP_header)); +- unwrapped->ICMP_len = ICMP_HEADLENGTH; +- unwrapped->DATA_len = ntohs(IPhead.length) - ++ unwrapped->ICMP_len = ICMP_HEADLENGTH; ++ unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->ICMP_len); +- return ICMP; ++ return ICMP; ++ } ++ else ++ { ++ return -1; /* don't handle fragmented ICMP */ ++ } + } + if(IPhead.protocol == UDP ) /* UDP */ + { +- memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), ++ if(unwrapped->FRAG_nf == 0) ++ { ++ if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 ) ++ {return CORRUPT_IP;}; ++ ++ memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), + sizeof(struct UDP_header)); +- unwrapped->UDP_len = UDP_HEADLENGTH; +- unwrapped->DATA_len = ntohs(IPhead.length) - ++ unwrapped->UDP_len = UDP_HEADLENGTH; ++ unwrapped->DATA_len = ntohs(IPhead.length) - + (unwrapped->IP_len) - (unwrapped->UDP_len); ++ } ++ else ++ { ++ unwrapped->DATA_len = ntohs(IPhead.length)-(unwrapped->IP_len); ++ } + return UDP; + } + return -1; -- cgit v1.2.3