Re: Bad IP-checksums

["Michael Pattrick" <mpattrick () rhinovirus org>]

On Wed, Aug 20, 2008 at 4:15 PM, David Fifield <david () bamsoftware com> wrote:
> On Sat, Aug 16, 2008 at 01:08:55PM +0200, Gisle Vanem wrote:
> > > > Did this actually fix the problem for you?  For osscan2.cc, it looks
> > > > at first glance like ip_sum should already be zero because of line
> > > > 3064:
> > > >
> > > >   memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr));
> > >
> > > This fixed the problem for me, after debugging a bit I noticed that
> > > the ip check sum is set after:
> > >
> > > realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP,
> > >   sizeof(struct udp_hdr) + datalen, (char *) udp);
> > >
> > > The actual checksum value seems to change at line 1052 of tcpip.cc,
> > > but I'm not sure why.
> >
> > I think I see why:
> >
> > struct pseudo {
> >  struct in_addr src;
> >  struct in_addr dst;
> >  u8 zero;
> >  u8 proto;
> >  u16 length;
> > } *hdr = (struct pseudo *) (hstart - sizeof(struct pseudo));
> >
> > Here 'hdr' is addressing part of the IP-header.
>
> I can't reproduce the bad checksums, maybe because if the checksum
> zeroing patch you sent. But you're right, that code is dubious. I
> modified the checksum calculation function not to write outside of the
> buffer it's passed. Can you try r9635 and see if you still get bad
> checksums?

Hey David,

This fixes the bad checksum for me.

Cheers,
Michael

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org