Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Add Link-Local Address Network Assignment Block (IPv4) to ipv4.h in Snort 3

From: Bill Parker <wp02855 () gmail com>
Date: Fri, 10 Jul 2015 09:31:14 -0700
Hello All,

   In reviewing source code for Snort 3/Snort++, I found in directory
'src/protocols', file 'ipv4.h', that the private Microsoft Network
block 169.254.0.0/16 (which is assigned if MS DHCP fails for some
reason) is not included in the private IPv4 network listing.

In RFC 3927, the Internet Engineering Task Force has reserved the
address block 169.254.0.0 through 169.254.255.255] or 169.254.0.0/16
for link-local addressing in Internet Protocol Version 4.

Link-local addresses are assigned to interfaces by host-internal,
i.e. stateless, address autoconfiguration when other means of
address assignment are not available.

Additionally, the code does not check properly for the RFC 1918
Class B space of 172.16.0.0/12, but only 172.16.0.0/16, which
would exclude the address space of 172.17-31.0.0 being included
as private address space.

The patch file below addresses this issue:

--- ipv4.h.orig 2015-07-09 19:17:10.000000000 -0700
+++ ipv4.h      2015-07-09 19:35:11.000000000 -0700
@@ -169,6 +169,9 @@
         case 0x0a:
             return true;
             break;
+        case 0xa9:
+            if ((addr & 0xff00) == 0xfe00)
+               return true;
         case 0xac:
             if ((addr & 0xf000) == 0x1000)
                 return true;

I am attaching the patch file to this bug report...

Bill Parker (wp02855 at gmail dot com)

Attachment: ipv4.h.patch
Description: 

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: