Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bad IP-checksums

From: Gisle Vanem <gvanem () broadpark no>
Date: Sat, 16 Aug 2008 13:08:55 +0200
"Michael Pattrick" <mpattrick () rhinovirus org> wrote:


Did this actually fix the problem for you?  For osscan2.cc, it looks
at first glance like ip_sum should already be zero because of line
3064:

   memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr));


This fixed the problem for me, after debugging a bit I noticed that
the ip check sum is set after:

realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP,
   sizeof(struct udp_hdr) + datalen, (char *) udp);

The actual checksum value seems to change at line 1052 of tcpip.cc,
but I'm not sure why.


I think I see why:

struct pseudo {
 struct in_addr src;
 struct in_addr dst;
 u8 zero;
 u8 proto;
 u16 length;
} *hdr = (struct pseudo *) (hstart - sizeof(struct pseudo));

Here 'hdr' is addressing part of the IP-header.

--gv

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: