[Sguil-cvs] sguil/sensor/barnyard_mods op_sguil.c,1.15,1.16

[Bamm V. <ba...@us...>]

Update of /cvsroot/sguil/sguil/sensor/barnyard_mods
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12710

Modified Files:
	op_sguil.c 
Log Message:
Fixed bug for packets w/o ICMP/TCP/UDP hdrs when ip_proto points to them. (snort_decoder alerts usually).


Index: op_sguil.c
===================================================================
RCS file: /cvsroot/sguil/sguil/sensor/barnyard_mods/op_sguil.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** op_sguil.c	6 Jun 2005 14:06:29 -0000	1.15
--- op_sguil.c	1 Sep 2005 15:17:56 -0000	1.16
***************
*** 2,6 ****
  
  /*
! ** Copyright (C) 2002-2004 Robert (Bamm) Visscher <ba...@sg...> 
  **
  ** This program is distributed under the terms of version 1.0 of the
--- 2,6 ----
  
  /*
! ** Copyright (C) 2002-2005 Robert (Bamm) Visscher <ba...@sg...> 
  **
  ** This program is distributed under the terms of version 1.0 of the
***************
*** 619,658 ****
      bzero(buffer, STD_BUFFER);
  
!     /* ICMP type */
!     sprintf(buffer, "%u", p->icmph->icmp_type);
!     Tcl_DStringAppendElement(list, buffer);
  
!     /* ICMP code */
!     sprintf(buffer, "%u", p->icmph->icmp_code);
!     Tcl_DStringAppendElement(list, buffer);
!     
!     /* ICMP CSUM */
!     sprintf(buffer, "%u", ntohs(p->icmph->icmp_csum));
!     Tcl_DStringAppendElement(list, buffer);
  
!     /* Append other ICMP data if we have it */
!     if(p->icmph->icmp_type == ICMP_ECHOREPLY || 
!        p->icmph->icmp_type == ICMP_ECHO ||
!        p->icmph->icmp_type == ICMP_TIMESTAMP ||
!        p->icmph->icmp_type == ICMP_TIMESTAMPREPLY ||
!        p->icmph->icmp_type == ICMP_INFO_REQUEST || 
!        p->icmph->icmp_type == ICMP_INFO_REPLY)
      {
  
!         /* ICMP ID */
!         sprintf(buffer, "%u", htons(p->icmph->icmp_hun.ih_idseq.icd_id));
          Tcl_DStringAppendElement(list, buffer);
  
!         /* ICMP Seq */
!         sprintf(buffer, "%u", htons(p->icmph->icmp_hun.ih_idseq.icd_seq));
          Tcl_DStringAppendElement(list, buffer);
  
!     }
!     else
!     {
  
!         /* Add two empty elements */
!         for(i=0; i < 2; i++)
!             Tcl_DStringAppendElement(list, "");
  
      }
--- 619,671 ----
      bzero(buffer, STD_BUFFER);
  
!     if(!p->icmph)
!     {
  
!         /* Null out ICMP fields */
!         for(i=0; i < 5; i++)
!             Tcl_DStringAppendElement(list, "");
  
!     }
!     else
      {
  
!         /* ICMP type */
!         sprintf(buffer, "%u", p->icmph->icmp_type);
          Tcl_DStringAppendElement(list, buffer);
  
!         /* ICMP code */
!         sprintf(buffer, "%u", p->icmph->icmp_code);
!         Tcl_DStringAppendElement(list, buffer);
!     
!         /* ICMP CSUM */
!         sprintf(buffer, "%u", ntohs(p->icmph->icmp_csum));
          Tcl_DStringAppendElement(list, buffer);
  
!         /* Append other ICMP data if we have it */
!         if(p->icmph->icmp_type == ICMP_ECHOREPLY || 
!            p->icmph->icmp_type == ICMP_ECHO ||
!            p->icmph->icmp_type == ICMP_TIMESTAMP ||
!            p->icmph->icmp_type == ICMP_TIMESTAMPREPLY ||
!            p->icmph->icmp_type == ICMP_INFO_REQUEST || 
!            p->icmph->icmp_type == ICMP_INFO_REPLY)
!         {
  
!             /* ICMP ID */
!             sprintf(buffer, "%u", htons(p->icmph->icmp_hun.ih_idseq.icd_id));
!             Tcl_DStringAppendElement(list, buffer);
! 
!             /* ICMP Seq */
!             sprintf(buffer, "%u", htons(p->icmph->icmp_hun.ih_idseq.icd_seq));
!             Tcl_DStringAppendElement(list, buffer);
! 
!         }
!         else
!         {
! 
!             /* Add two empty elements */
!             for(i=0; i < 2; i++)
!                 Tcl_DStringAppendElement(list, "");
!     
!         }
  
      }
***************
*** 684,716 ****
          Tcl_DStringAppendElement(list, "");
  
!     sprintf(buffer, "%u", p->sp);
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", p->dp);
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohl(p->tcph->th_seq));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohl(p->tcph->th_ack));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", TCP_OFFSET(p->tcph));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", TCP_X2(p->tcph));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", p->tcph->th_flags);
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohs(p->tcph->th_win));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohs(p->tcph->th_sum));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohs(p->tcph->th_urp));
!     Tcl_DStringAppendElement(list, buffer);
  
      /* empty elements for UDP data */
--- 697,742 ----
          Tcl_DStringAppendElement(list, "");
  
!     if(!p->tcph)
!     {
  
!         /* Null out TCP fields */
!         for(i=0; i < 10; i++)
!             Tcl_DStringAppendElement(list, "");
  
!     }
!     else
!     {
  
!         sprintf(buffer, "%u", p->sp);
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", p->dp);
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", ntohl(p->tcph->th_seq));
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", ntohl(p->tcph->th_ack));
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", TCP_OFFSET(p->tcph));
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", TCP_X2(p->tcph));
!         Tcl_DStringAppendElement(list, buffer);
  
!         sprintf(buffer, "%u", p->tcph->th_flags);
!         Tcl_DStringAppendElement(list, buffer);
! 
!         sprintf(buffer, "%u", ntohs(p->tcph->th_win));
!         Tcl_DStringAppendElement(list, buffer);
! 
!         sprintf(buffer, "%u", ntohs(p->tcph->th_sum));
!         Tcl_DStringAppendElement(list, buffer);
! 
!         sprintf(buffer, "%u", ntohs(p->tcph->th_urp));
!         Tcl_DStringAppendElement(list, buffer);
! 
!     }
  
      /* empty elements for UDP data */
***************
*** 734,743 ****
          Tcl_DStringAppendElement(list, "");
  
!     /* source and dst port */
!     sprintf(buffer, "%u", p->sp);
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", p->dp);
!     Tcl_DStringAppendElement(list, buffer);
  
      /* empty elements for tcp data */
--- 760,782 ----
          Tcl_DStringAppendElement(list, "");
  
!     if(!p->udph)
!     {
!         
!         /* Null out port info */
!         for(i=0; i < 2; i++)
!             Tcl_DStringAppendElement(list, "");
  
!     }
!     else
!     {
! 
!         /* source and dst port */
!         sprintf(buffer, "%u", p->sp);
!         Tcl_DStringAppendElement(list, buffer);
! 
!         sprintf(buffer, "%u", p->dp);
!         Tcl_DStringAppendElement(list, buffer);
! 
!     }
  
      /* empty elements for tcp data */
***************
*** 745,753 ****
          Tcl_DStringAppendElement(list, "");
  
!     sprintf(buffer, "%u", ntohs(p->udph->uh_len));
!     Tcl_DStringAppendElement(list, buffer);
  
!     sprintf(buffer, "%u", ntohs(p->udph->uh_chk));
!     Tcl_DStringAppendElement(list, buffer);
  
      return 0;
--- 784,805 ----
          Tcl_DStringAppendElement(list, "");
  
!     if(!p->udph)
!     {
!         
!         /* Null out UDP info */
!         for(i=0; i < 2; i++)
!             Tcl_DStringAppendElement(list, "");
  
!     }
!     else
!     {
! 
!         sprintf(buffer, "%u", ntohs(p->udph->uh_len));
!         Tcl_DStringAppendElement(list, buffer);
! 
!         sprintf(buffer, "%u", ntohs(p->udph->uh_chk));
!         Tcl_DStringAppendElement(list, buffer);
! 
!     }
  
      return 0;