1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
$NetBSD: patch-ai,v 1.3 2013/01/11 00:02:13 joerg Exp $
- use standard headers
- fix signature of signal handler, make it file-static
- fix signature of pcap handler
- make const declarations internally consistent
- CORRUPT_IP/DONT_EXAMINE changes from a long time ago
--- sniffit.0.3.5.c.orig 1997-04-18 09:33:58.000000000 +0000
+++ sniffit.0.3.5.c
@@ -7,6 +7,8 @@
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
#include <netdb.h>
#include <errno.h>
#include <sys/stat.h>
@@ -93,7 +95,7 @@ printf(" 9 -- %s\n",PLUGIN9_NAME);
exit(0);
}
-void my_exit (void) { exit(0);};
+static void my_exit (int sig) { exit(0);};
/* DEBUGGING INFO */
#ifdef DEBUG
@@ -298,7 +300,7 @@ struct file_info *search_dynam(char *fil
/* Type 0: TELNET */
void record_buf(struct file_info *dummy_pointer, unsigned long cur_seq_nr,
- char *data, int len, int type)
+ const char *data, int len, int type)
{
int i,j,noloop=0;
@@ -337,7 +339,7 @@ for(i=1;i<SCBUF;i++)
}
void sbuf_update(struct file_info *dummy_pointer, unsigned long cur_seq_nr,
- char *data, int len)
+ const char *data, int len)
{
int i;
@@ -411,11 +413,17 @@ int check_packet(unsigned long ipaddr,
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP)
+ {printf("Suspicious Packet detected... (Split header)\n");
+ return DONT_EXAMINE;}
memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
so=(unsigned char *)&(iphead.source);
dest=(unsigned char *)&(iphead.destination);
+ if(info->FRAG_nf!=0)
+ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; };
+
if((proto==TCP)&&(PROTOCOLS&F_TCP))
{
#ifdef DEBUG_ONSCREEN
@@ -823,7 +831,7 @@ printf("Selected: %d\n",selected);
}
/* Default Processing of packets */
-pcap_handler packethandler(unsigned char *ipaddrpoint,
+void packethandler(unsigned char *ipaddrpoint,
const struct packetheader *p_header,
const unsigned char *sp)
{
@@ -1220,6 +1228,10 @@ int check_mask (const struct packetheade
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
+
+ if(info->FRAG_nf!=0)
+ {return DONT_EXAMINE; };
(*IP_nr_of_packets)++;
if(proto==ICMP)
@@ -1272,7 +1284,7 @@ int check_mask (const struct packetheade
return TCP_EXAMINE; /* interprete packet */
}
-pcap_handler interactive_packethandler( char *dummy,
+void interactive_packethandler( unsigned char *dummy,
const struct packetheader *p_header,
const unsigned char *sp)
{
|
