From 5e8cce6ff8ab26e02f74601e26380fea5bb38e2e Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Tue, 11 Feb 2014 13:50:45 +0100 Subject: [PATCH] Use GNU TCP/UDP header definitions to have access to _GNU_SOURCE functions The code currently assumes to have path names with limited length. This seems to cause crashes and thus these static allocations will be replaced with asprintf to avoid buffer overflows by str* functions. Unfortunately, the change to _GNU_SOURCE also changes the definiton of the struct tcphdr and udphdr. --- SConstruct | 2 +- pkt2flow.c | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/SConstruct b/SConstruct index 42832df..1280c63 100755 --- a/SConstruct +++ b/SConstruct @@ -1,5 +1,5 @@ #!/usr/bin/evn python -env = Environment(CCFLAGS='-Wall -g') +env = Environment(CCFLAGS='-Wall -g', CPPFLAGS='-D_GNU_SOURCE') lib_path = ['/usr/local/lib', '/usr/lib'] libs = Glob('./*.a') + ['pcap'] cpp_path=['.'] diff --git a/pkt2flow.c b/pkt2flow.c index a613acd..a7668e0 100644 --- a/pkt2flow.c +++ b/pkt2flow.c @@ -29,7 +29,6 @@ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ -#define _BSD_SOURCE #include #include @@ -227,15 +226,15 @@ static void process_trace(void) if (hdr.caplen < offset + sizeof(struct tcphdr)) continue; tcph = (struct tcphdr *)(pkt + offset); - src_port = ntohs(tcph->th_sport); - dst_port = ntohs(tcph->th_dport); + src_port = ntohs(tcph->source); + dst_port = ntohs(tcph->dest); break; case IPPROTO_UDP: if (hdr.caplen < offset + sizeof(struct udphdr)) continue; udph = (struct udphdr *)(pkt + offset); - src_port = ntohs(udph->uh_sport); - dst_port = ntohs(udph->uh_dport); + src_port = ntohs(udph->source); + dst_port = ntohs(udph->dest); break; default: src_port = 0; @@ -247,8 +246,7 @@ static void process_trace(void) pair = find_ip_pair(iph->ip_src.s_addr, iph->ip_dst.s_addr, src_port, dst_port); if (pair == NULL) { - if ((iph->ip_p == IPPROTO_TCP) && - ((tcph->th_flags & TH_SYN) != TH_SYN) && + if ((iph->ip_p == IPPROTO_TCP) && !tcph->syn && !isset_bits(dump_allowed, DUMP_TCP_NOSYN_ALLOWED)) { // No SYN detected and don't create a new flow continue; @@ -258,7 +256,7 @@ static void process_trace(void) dst_port); switch (iph->ip_p) { case IPPROTO_TCP: - if ((tcph->th_flags & TH_SYN) == TH_SYN) + if (tcph->syn) pair->pdf.status = STS_TCP_SYN; else pair->pdf.status = STS_TCP_NOSYN;