From 7399cd7fecc0bf8156d183fd1fbe4daf3f0c1c8b Mon Sep 17 00:00:00 2001 From: david Date: Wed, 4 Nov 2009 21:37:02 +0000 Subject: [PATCH] Do the same thing as r16000 (IP ID matching only after other tests pass) for ping probe replies too. --- scan_engine.cc | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scan_engine.cc b/scan_engine.cc index ca9e4be3e..0237f92a6 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -4577,13 +4577,13 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (o.af() != AF_INET || probe->protocol() != IPPROTO_ICMP) continue; - if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) - continue; - /* Ensure the connection info matches. */ if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) continue; + if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) + continue; + /* If we made it this far, we found it. We don't yet know if it's going to change a host state (goodone) or not. */ break; @@ -4612,9 +4612,6 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (o.af() != AF_INET || probe->protocol() != IPPROTO_TCP) continue; - if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) - continue; - /* Ensure the connection info matches. */ if (probe->dport() != ntohs(tcp->th_dport) || probe->sport() != ntohs(tcp->th_sport) @@ -4622,6 +4619,9 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { || hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) continue; + if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) + continue; + /* If we made it this far, we found it. We don't yet know if it's going to change a host state (goodone) or not. */ break; @@ -4651,9 +4651,6 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (o.af() != AF_INET || probe->protocol() != IPPROTO_UDP) continue; - if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) - continue; - /* Ensure the connection info matches. */ if (probe->dport() != ntohs(udp->uh_dport) || probe->sport() != ntohs(udp->uh_sport) || @@ -4668,6 +4665,9 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { probe->ipid() == ntohs(ip->ip_id)) continue; /* We saw the packet we ourselves sent */ + if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) + continue; + /* If we made it this far, we found it. We don't yet know if it's going to change a host state (goodone) or not. */ break; @@ -4697,9 +4697,6 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (o.af() != AF_INET || probe->protocol() != IPPROTO_SCTP) continue; - if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) - continue; - /* Ensure the connection info matches. */ if (probe->dport() != ntohs(sctp->sh_dport) || probe->sport() != ntohs(sctp->sh_sport) || @@ -4714,6 +4711,9 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { probe->ipid() == ntohs(ip->ip_id)) continue; /* We saw the packet we ourselves sent */ + if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) + continue; + /* If we made it this far, we found it. We don't yet know if it's going to change a host state (goodone) or not. */ break; @@ -4745,13 +4745,13 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { if (o.af() != AF_INET || probe->protocol() != ip2->ip_p) continue; - if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) - continue; - /* Ensure the connection info matches. */ if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) continue; + if (!allow_ipid_match(probe->ipid(), ntohs(ip2->ip_id))) + continue; + /* If we made it this far, we found it. We don't yet know if it's going to change a host state (goodone) or not. */ break;