Report Bug: IPID_SEQ_RD

[Lior Levinsky <levinskylior () googlemail com>]

The function get_diffs return normally if all of ip ids was zero ,  (0 -
one or more ip->ip_id != 0  /  1 - All of the ip->ip_id == 0
but there are 2 specail cases :
1. If numSamples < 2 then return IPID_SEQ_UNKNOWN  (0)
2. if numSamples > 2 && one of the diffs gt 20000 then return IPID_SEQ_RD
(4)

And this function get_diffs return value (allipideqz)
uses in functions get_ipid_sequence_32 / get_ipid_sequence_16
as paramter to function  identify_sequence

And this function identify_sequence if alipideqz != 0 return IPID_SEQ_ZERO

This mean (if I don't miss something) that in case get_diffs return
IPID_SEQ_RD
we will definet the class as IPID_SEQ_ZERO and not IPID_SEQ_RD

About the IPID_SEQ_UNKNOWN that is zero , and also the value zero is
meaning one of the ip_id is not zero , I am not sure the full meaning.

Am I miss something  ?

Here cut&paste of the code : .

int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost)
{
  int i;
  int allipideqz = 1;

  if (numSamples < 2)
    return IPID_SEQ_UNKNOWN;

  for (i = 1; i < numSamples; i++) {
    if (ipids[i - 1] != 0 || ipids[i] != 0)
      allipideqz = 0; /* All IP.ID values do *NOT* equal zero */

    ipid_diffs[i - 1] = ipids[i] - ipids[i - 1];

    /* Random */
    if (numSamples > 2 && ipid_diffs[i - 1] > 20000)
      return IPID_SEQ_RD;
  }

  return allipideqz;

}

/* Indentify the ipid sequence for 32-bit IPID values (IPv6) */
int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost) {
  int allipideqz=1;
  u32 ipid_diffs[32];
  assert(numSamples < (int) (sizeof(ipid_diffs) / 2));
  allipideqz = get_diffs(ipid_diffs, numSamples, ipids, islocalhost);
  return identify_sequence(numSamples, ipid_diffs, islocalhost, allipideqz);
}

/* Indentify the ipid sequence for 16-bit IPID values (IPv4) */
int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost) {
  int i;
  int allipideqz=1;
  u32 ipid_diffs[32];
  assert(numSamples < (int) (sizeof(ipid_diffs) / 2));
  allipideqz = get_diffs(ipid_diffs, numSamples, ipids, islocalhost);
  /* AND with 0xffff so that in case the 16 bit counter was
   * flipped over we still have a continuous sequence */
  for (i = 0; i < numSamples; i++) {
    ipid_diffs[i] = ipid_diffs[i] & 0xffff;
  }
  return identify_sequence(numSamples, ipid_diffs, islocalhost, allipideqz);
}

int identify_sequence(int numSamples, u32 *ipid_diffs, int islocalhost, int
allipideqz) {
  int i, j, k, l;

  /* ZERO */
  if (allipideqz)
    return IPID_SEQ_ZERO;
....
}


-- 
Best Regards,

Lior Levinsky - Software & Consulting Services
Mobile   : +972-50-7370190
email     : levinskylior () gmail com
Address :  P.O. 647 Rishon-Letzion , Israel 75106
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/