More robustly handle asymmetric routes in IPv6 OS detection

The HLIM feature was miscategorizing probes where the route from the target was shorter than the route to the target. This would result, e.g. in a distance calculation of 9 and a received hop limit of 57. Adding the distance to the hop limit remaining gave a guessed initial hop limit of 66, which would exceed the "64" category. In IPv4 fingerprints, we put the TG test (initial TTL guess) as a range of 5 up or down from the expected number to allow for this and other interference. This patch does the same for IPv6.
2026-02-07 22:16:33 +00:00 · 2015-05-02 13:25:49 +00:00
parent daf8c58a79
commit e658387ff4
1 changed files with 4 additions and 4 deletions
--- a/FPEngine.cc
+++ b/FPEngine.cc
@@ -800,13 +800,13 @@ static int vectorize_hlim(const PacketElement *pe, int target_distance, enum dis
  } else
    er_lim = 20;

-  if (32 - er_lim <= hlim && hlim <= 32)
+  if (32 - er_lim <= hlim && hlim <= 32+ 5 )
    hlim = 32;
-  else if (64 - er_lim <= hlim && hlim <= 64)
+  else if (64 - er_lim <= hlim && hlim <= 64+ 5 )
    hlim = 64;
-  else if (128 - er_lim <= hlim && hlim <= 128)
+  else if (128 - er_lim <= hlim && hlim <= 128+ 5 )
    hlim = 128;
-  else if (255 - er_lim <= hlim && hlim <= 255)
+  else if (255 - er_lim <= hlim && hlim <= 255+ 5 )
    hlim = 255;
  else
    hlim = -1;