From e658387ff45788d45a3e017c175294ae591e1609 Mon Sep 17 00:00:00 2001 From: dmiller Date: Sat, 2 May 2015 13:25:49 +0000 Subject: [PATCH] More robustly handle asymmetric routes in IPv6 OS detection The HLIM feature was miscategorizing probes where the route from the target was shorter than the route to the target. This would result, e.g. in a distance calculation of 9 and a received hop limit of 57. Adding the distance to the hop limit remaining gave a guessed initial hop limit of 66, which would exceed the "64" category. In IPv4 fingerprints, we put the TG test (initial TTL guess) as a range of 5 up or down from the expected number to allow for this and other interference. This patch does the same for IPv6. --- FPEngine.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/FPEngine.cc b/FPEngine.cc index e50763d9c..49687354a 100644 --- a/FPEngine.cc +++ b/FPEngine.cc @@ -800,13 +800,13 @@ static int vectorize_hlim(const PacketElement *pe, int target_distance, enum dis } else er_lim = 20; - if (32 - er_lim <= hlim && hlim <= 32) + if (32 - er_lim <= hlim && hlim <= 32+ 5 ) hlim = 32; - else if (64 - er_lim <= hlim && hlim <= 64) + else if (64 - er_lim <= hlim && hlim <= 64+ 5 ) hlim = 64; - else if (128 - er_lim <= hlim && hlim <= 128) + else if (128 - er_lim <= hlim && hlim <= 128+ 5 ) hlim = 128; - else if (255 - er_lim <= hlim && hlim <= 255) + else if (255 - er_lim <= hlim && hlim <= 255+ 5 ) hlim = 255; else hlim = -1;