[转载]ipguard 0.04 for Linux patch
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])[language=diff]*** packet.c.orig 2005-08-22 21:46:48.000000000 +0800
--- packet.c 2007-09-23 22:46:38.000000000 +0800
***************
*** 27,32 ****
--- 27,34 ----
#include <sys/types.h>
#include <sys/socket.h>
+ #include <time.h>
+ #include <netinet/ether.h>
#ifdef __OpenBSD__
# include <net/if.h>
# include <net/if_arp.h>
***************
*** 302,314 ****
--- 304,319 ----
for (n = 0, p = pairs; n < pair_num; n++, p++) {
if (!memcmp(&zp_addr, &p->ip, sizeof(struct in_addr))) {
+ /* wildcard IP */
if (!memcmp(&sh_addr, &p->mac, sizeof(struct ether_addr))) { zip++; if (!addr_nosubst) return; }
}
if (!memcmp(&zh_addr, &p->mac, sizeof(struct ether_addr))) {
+ /* wildcard MAC */
if (!memcmp(&sp_addr, &p->ip, sizeof(struct in_addr))) { zmac++; if (!addr_nosubst) return; }
}
if (!memcmp(&sh_addr, &p->mac, sizeof(struct ether_addr))) {
if (!memcmp(&sp_addr, &p->ip, sizeof(struct in_addr))) { good++; return; }
+ /* listed MAC but IP is not */
if (verbose) {
snprintf(s, 128, "%s %-15s", ether_ntoa(&sh_addr), inet_ntoa(sp_addr));
snprintf(s, 128, "%s %-15s", s, inet_ntoa(tp_addr));
***************
*** 316,328 ****
--- 321,338 ----
}
bip++; warn++;
} else if (!memcmp(&sp_addr, &p->ip, sizeof(struct in_addr))) {
+ /* listed IP but MAC is not*/
if (verbose) {
snprintf(s, 128, "%s %-15s", ether_ntoa(&sh_addr), inet_ntoa(sp_addr));
snprintf(s, 128, "%s %-15s", s, inet_ntoa(tp_addr));
log_str(NOTICE, "bmac:", s);
}
bmac++; warn++;
+ } else if (!memcmp(&tp_addr, &p->ip, sizeof(struct in_addr))) {
+ /* weird gratuitous ARP (Linux, MacOS, Vista) */
+ if (!memcmp(&zp_addr, &sp_addr, sizeof(struct in_addr))) { return; }
}
+
}
if (!warn) {
***************
*** 341,348 ****
--- 351,360 ----
if (buffer_num) buffer_add();
+ /* do not block gratuitous ARP if hidden mode */
if (!memcmp(&sp_addr, &tp_addr, sizeof(struct in_addr))) { bent++; if (hidden) return; }
+ /* block evil IP */
if (!read_only) packet_sendfake();
}
[/language]
Libnet 1.0.2a
页:
[1]