line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
# |
2
|
|
|
|
|
|
|
# $Id: IP.pm,v 451c3602d7b2 2015/11/25 06:13:53 gomor $ |
3
|
|
|
|
|
|
|
# |
4
|
|
|
|
|
|
|
package Net::SinFP3::Ext::IP; |
5
|
1
|
|
|
1
|
|
696
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
25
|
|
6
|
1
|
|
|
1
|
|
5
|
use warnings; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
33
|
|
7
|
|
|
|
|
|
|
|
8
|
1
|
|
|
1
|
|
5
|
use base qw(Class::Gomor::Array); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
469
|
|
9
|
|
|
|
|
|
|
__PACKAGE__->cgBuildIndices; |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
# This is to verify that RST packets are generated from the target with |
12
|
|
|
|
|
|
|
# the same TTL as a SYN|ACK packet. We accept a difference of 3 hops, but |
13
|
|
|
|
|
|
|
# if this is greater, we consider to not be the same generated TTL |
14
|
|
|
|
|
|
|
# Example: SunOS 5.9 generates a TTL of 60 in a SYN|ACK from our probe, |
15
|
|
|
|
|
|
|
# but a TTL of 64 for a RST from our probe. So, $ttl = 0. |
16
|
|
|
|
|
|
|
sub __analyzeIpTtl { |
17
|
0
|
|
|
0
|
|
|
my $self = shift; |
18
|
0
|
|
|
|
|
|
my ($p, $p2) = @_; |
19
|
0
|
0
|
0
|
|
|
|
return 1 if ! $p2 || ! $p2->reply; |
20
|
0
|
|
|
|
|
|
my $ttlSrc = $self->getResponseIpTtl($p2); |
21
|
0
|
|
|
|
|
|
my $ttlDst = $self->getResponseIpTtl($p); |
22
|
0
|
|
|
|
|
|
my $ttl = 1; |
23
|
0
|
0
|
0
|
|
|
|
$ttl = 0 if (($ttlSrc > $ttlDst) && ($ttlSrc - $ttlDst > 3)); |
24
|
0
|
0
|
0
|
|
|
|
$ttl = 0 if (($ttlDst > $ttlSrc) && ($ttlDst - $ttlSrc > 3)); |
25
|
0
|
|
|
|
|
|
return $ttl; |
26
|
|
|
|
|
|
|
} |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
sub __analyzeIpDfBit { |
29
|
0
|
|
|
0
|
|
|
my $self = shift; |
30
|
0
|
|
|
|
|
|
my ($p) = @_; |
31
|
0
|
0
|
|
|
|
|
return $self->getResponseIpDfBit($p) ? '1' : '0'; |
32
|
|
|
|
|
|
|
} |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
sub __analyzeIpIdPassive { |
35
|
0
|
|
|
0
|
|
|
my $self = shift; |
36
|
0
|
|
|
|
|
|
my ($p) = @_; |
37
|
0
|
0
|
|
|
|
|
return $self->getResponseIpId($p) ? '1' : '0'; |
38
|
|
|
|
|
|
|
} |
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
sub __analyzeIpId { |
41
|
0
|
|
|
0
|
|
|
my $self = shift; |
42
|
0
|
|
|
|
|
|
my ($p) = @_; |
43
|
0
|
|
|
|
|
|
my $reqId = $self->getProbeIpId($p); |
44
|
0
|
|
|
|
|
|
my $repId = $self->getResponseIpId($p); |
45
|
0
|
|
|
|
|
|
my $flag = 1; |
46
|
0
|
0
|
|
|
|
|
if ($repId == 0) { $flag = 0 } |
|
0
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
47
|
0
|
|
|
|
|
|
elsif ($repId == $reqId) { $flag = 2 } |
48
|
0
|
|
|
|
|
|
elsif ($repId == ++$reqId) { $flag = 3 } # There is no reason for that, but |
49
|
|
|
|
|
|
|
# anyway, we have nothing to loose |
50
|
0
|
|
|
|
|
|
return $flag; |
51
|
|
|
|
|
|
|
} |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
sub _analyzeBinary { |
54
|
0
|
|
|
0
|
|
|
my $self = shift; |
55
|
0
|
|
|
|
|
|
my ($p, $p2) = @_; |
56
|
0
|
|
|
|
|
|
my $flagTtl = $self->__analyzeIpTtl($p, $p2); |
57
|
0
|
|
|
|
|
|
my $flagId = $self->__analyzeIpId($p); |
58
|
0
|
|
|
|
|
|
my $flagDf = $self->__analyzeIpDfBit($p); |
59
|
0
|
|
|
|
|
|
my $flagSeq = $self->_tcp->__analyzeTcpSeq($p); |
60
|
0
|
|
|
|
|
|
my $flagAck = $self->_tcp->__analyzeTcpAck($p); |
61
|
0
|
|
|
|
|
|
return 'B'.$flagTtl.$flagId.$flagDf.$flagSeq.$flagAck; |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
1; |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
__END__ |