Nmap Development mailing list archives
Re: [nse] very strange bug on Leopard - endian problems?
From: Kris Katterjohn <katterjohn () gmail com>
Date: Mon, 31 Mar 2008 14:21:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 majek04 wrote:
On 3/31/08, Kris Katterjohn <katterjohn () gmail com> wrote:Raw sockets with IP_HDRINCL were never really documented, especially wrt byte order. The IP length field was one of the two fields that are traditionally in *host* byte order when sent over the net on BSDs. Since OS X is based on BSD, it should adhere to this (and it appears that they did since this was never complained before about that I know of). But I guess with Leopard they went along with Linux and want it all sent in network byte order (or nobody complained about the other broken OS X versions..).So maybe everything works okay... I haven't known about this "feature" of BSD. And what is the second field that has to be in host order?
The fragment offset field (ip_off), which also contains the bits for DF and MF.
I don't know why they would want to break raw sockets programs, though. p657 of UNIX Network Programming tells the BSD vs. Linux gist, and you can grep for MACOSX in tcpip.cc to see that Nmap ntohs()'s the IP length field for BSDs and OS X. I guess configure will need to check for Leopard and later versions specifically so this stuff can be taken into account. I wonder if pcap_get_selectable_fd() will work with Leopard? Maybe that's changed as well (I don't know why it didn't work before, so I can't guess to why it would now).good question. MM.
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR/E5y/9K37xXYl36AQI/+xAAmepSoK8TRREHt9aBrlP1U+wsN+SvL/RF K4lz9FyMmYInhyE11wGex2oZAlIjgotkADv3viSPBQapcoYEy1IkxXzfGAgi9+wK ubU+yq7fpjcvczqFF7BMGEc16pu5t/9E5TNERqNnwG/8mneclERNvG3apHJAY7L2 wwTZcOxbqNAvsQO6eDuRyuG17iYN0OfdFn3eNTak3JZ+4zdIJu5n79F8yIWSPrNd 2kcdT/pCCRkVcS1FfqAVfr0LCcl3P63VyU67ScJZP//9eeg3NXxstFi7FJVKf9jR YXjkZk5ucLvJ4G0LXHa23LDt7WZNJy1NFuiv9iAH4LpHy2ePCTaD2IkjVeQpS/j1 o8pdU7aYhHlema3eoJC02/hUzOKNRgnhEQTS9T1b4jR7XG+K9eODSk5jl1CYvM/T D6WO22dpa7Pz+OXUN2azFe3NYnE4HnatGKMlGRNW6/N4tIhze7AtuSLi0nyp33Tc Q2cma1Zx93L9U/ZoCyMCIn2cJm+t1NUSp/Lc0vOR5LK1c8aB1XpMibewFb3V/fd1 KPGlu4Lzr5p2kpP6AWKP9knSI0jp9XbhL3z6fcwsYEgbSIjVfziTDMkk8Yaua8xf LmDEdGvIrd0d6rL/2q9BQU93u4WOHFomO4bYEWMSZ+Mlaq6LrCgAVjOCgW3EfOTY g+OIf/HZ0HM= =1b7D -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [nse] very strange bug on Leopard - endian problems? majek04 (Mar 31)
- Re: [nse] very strange bug on Leopard - endian problems? Kris Katterjohn (Mar 31)
- Re: [nse] very strange bug on Leopard - endian problems? majek04 (Mar 31)
- Re: [nse] very strange bug on Leopard - endian problems? Kris Katterjohn (Mar 31)
- Re: [nse] very strange bug on Leopard - endian problems? majek04 (Mar 31)
- Re: [nse] very strange bug on Leopard - endian problems? Kris Katterjohn (Mar 31)