Skip to content

Commit

Permalink
Use GNU TCP/UDP header definitions to have access to _GNU_SOURCE func…
Browse files Browse the repository at this point in the history
…tions

The code currently assumes to have path names with limited length. This seems
to cause crashes and thus these static allocations will be replaced with
asprintf to avoid buffer overflows by str* functions. Unfortunately, the change
to _GNU_SOURCE also changes the definiton of the struct tcphdr and udphdr.
  • Loading branch information
ecsv committed Feb 12, 2014
1 parent 9c36559 commit 5e8cce6
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 9 deletions.
2 changes: 1 addition & 1 deletion SConstruct
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/evn python
env = Environment(CCFLAGS='-Wall -g')
env = Environment(CCFLAGS='-Wall -g', CPPFLAGS='-D_GNU_SOURCE')
lib_path = ['/usr/local/lib', '/usr/lib']
libs = Glob('./*.a') + ['pcap']
cpp_path=['.']
Expand Down
14 changes: 6 additions & 8 deletions pkt2flow.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#define _BSD_SOURCE

#include <stdio.h>
#include <stdlib.h>
Expand Down Expand Up @@ -227,15 +226,15 @@ static void process_trace(void)
if (hdr.caplen < offset + sizeof(struct tcphdr))
continue;
tcph = (struct tcphdr *)(pkt + offset);
src_port = ntohs(tcph->th_sport);
dst_port = ntohs(tcph->th_dport);
src_port = ntohs(tcph->source);
dst_port = ntohs(tcph->dest);
break;
case IPPROTO_UDP:
if (hdr.caplen < offset + sizeof(struct udphdr))
continue;
udph = (struct udphdr *)(pkt + offset);
src_port = ntohs(udph->uh_sport);
dst_port = ntohs(udph->uh_dport);
src_port = ntohs(udph->source);
dst_port = ntohs(udph->dest);
break;
default:
src_port = 0;
Expand All @@ -247,8 +246,7 @@ static void process_trace(void)
pair = find_ip_pair(iph->ip_src.s_addr, iph->ip_dst.s_addr,
src_port, dst_port);
if (pair == NULL) {
if ((iph->ip_p == IPPROTO_TCP) &&
((tcph->th_flags & TH_SYN) != TH_SYN) &&
if ((iph->ip_p == IPPROTO_TCP) && !tcph->syn &&
!isset_bits(dump_allowed, DUMP_TCP_NOSYN_ALLOWED)) {
// No SYN detected and don't create a new flow
continue;
Expand All @@ -258,7 +256,7 @@ static void process_trace(void)
dst_port);
switch (iph->ip_p) {
case IPPROTO_TCP:
if ((tcph->th_flags & TH_SYN) == TH_SYN)
if (tcph->syn)
pair->pdf.status = STS_TCP_SYN;
else
pair->pdf.status = STS_TCP_NOSYN;
Expand Down

0 comments on commit 5e8cce6

Please sign in to comment.