coydog/zmap-freebsd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UDP probe module updates saddr fieldset

Browse Source 
ICMP responses (e.g. DEST_UNREACH) to UDP probes (generally)
contain the IP/UDP packet that ellicited the response, though
they do not have to come from the host we sent them to (e.g.
NETWORK_UNREACH). We will "correct" this by switching the saddr
fieldset to be the host we WOULD have received a response from
This commit is contained in:
Eric 2013-09-02 17:58:20 -04:00
parent ee9593938b
commit d694fe69a6
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/probe_modules/module_udp.c
View File

@ -207,6 +207,10 @@ void udp_process_packet(const u_char *packet, UNUSED uint32_t len, fieldset_t *f
fs_add_binary(fs, "data", (ntohs(udp->len) - sizeof(struct udphdr)), (void*) &udp[1], 0); fs_add_binary(fs, "data", (ntohs(udp->len) - sizeof(struct udphdr)), (void*) &udp[1], 0);
} else if (ip_hdr->protocol == IPPROTO_ICMP) { } else if (ip_hdr->protocol == IPPROTO_ICMP) {
struct icmphdr *icmp = (struct icmphdr *)((char *)ip_hdr + ip_hdr->ihl * 4); struct icmphdr *icmp = (struct icmphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
struct iphdr *ip_inner = (struct iphdr*)&icmp[1];
// ICMP unreach comes from another server (not the one we sent a probe to);
// But we will fix up saddr to be who we sent the probe to, in case you care.
fs_modify_string(fs, "saddr", make_ip_str(ip_inner->daddr), 1);
fs_add_string(fs, "classification", (char*) "icmp-unreach", 0); fs_add_string(fs, "classification", (char*) "icmp-unreach", 0);
fs_add_uint64(fs, "success", 0); fs_add_uint64(fs, "success", 0);
fs_add_null(fs, "sport"); fs_add_null(fs, "sport");