40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
*** sniffit.0.3.5.c.orig Fri Apr 18 16:33:58 1997
|
|
--- sniffit.0.3.5.c Thu May 7 15:02:13 1998
|
|
***************
|
|
*** 411,421 ****
|
|
--- 411,432 ----
|
|
proto=unwrap_packet(sp, info);
|
|
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
|
|
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
|
|
+ if(proto == CORRUPT_IP)
|
|
+ {
|
|
+ printf("Suspicious Packet detected... (Split header)\n");
|
|
+ return DONT_EXAMINE;
|
|
+ }
|
|
|
|
memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
|
|
so=(unsigned char *)&(iphead.source);
|
|
dest=(unsigned char *)&(iphead.destination);
|
|
|
|
+ if(info->FRAG_nf!=0)
|
|
+ {
|
|
+ printf("Fragment Skipped...\n");
|
|
+ return DONT_EXAMINE;
|
|
+ }
|
|
+
|
|
if((proto==TCP)&&(PROTOCOLS&F_TCP))
|
|
{
|
|
#ifdef DEBUG_ONSCREEN
|
|
***************
|
|
*** 1220,1225 ****
|
|
--- 1231,1239 ----
|
|
proto=unwrap_packet(sp, info);
|
|
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
|
|
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
|
|
+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
|
|
+
|
|
+ if(info->FRAG_nf!=0) return DONT_EXAMINE;
|
|
|
|
(*IP_nr_of_packets)++;
|
|
if(proto==ICMP)
|