Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] TCP Idle Scan in IPv6
From: David Fifield <david () bamsoftware com>
Date: Sat, 29 Jun 2013 19:21:02 -0700

On Sat, Jun 29, 2013 at 02:47:00PM -0700, David Fifield wrote:
+  //for me, htonl is not necessary, instead diving by 2
   if (seqclass == IPID_SEQ_BROKEN_INCR) {
     /* Convert to network byte order */
-    startid = htons(startid);
-    endid = htons(endid);
-    return endid - startid;
+    //startid = htonl(startid);
+    //endid = htonl(endid);
+    return (endid - startid)/2;
   }

You seem to be treating IPID_SEQ_BROKEN_INCR as meaning "counts by 2,"
but it really means "counts by 1 but byteswapped." That is, instead of
counting
      0000,0001,0002,...,00ff,0100,0101,0102,...,feff,ff00,ff01,...
it counts
      0000,0100,0200,...,ff00,0001,0101,0201,...,fffe,00ff,01ff,...
You probably need to add a new IPID_SEQ define for "counts by 2."

That said, calling htons to swap bytes will not work on big-endian
platforms, which is a bug in the current code.

I committed a fix for this in r31162.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]