Can anyone confirm that this is a safe, reliable patch?
--David
>Approved-By: [EMAIL PROTECTED]
>X-Sender: [EMAIL PROTECTED]
>Date: Sat, 28 Nov 1998 15:25:46 +0100
>Reply-To: Bugtraq List <[EMAIL PROTECTED]>
>Sender: Bugtraq List <[EMAIL PROTECTED]>
>From: Domas Mituzas <[EMAIL PROTECTED]>
>Subject: ipfwadm has pseudo-DoS ;)
>To: [EMAIL PROTECTED]
>
>ipfwadm delivered with all major Linux distributions doesn't know some new
>kernel features (included into latest releases). One of them is ICMP
>Masquerading. ipfwadm couldn't handle ICMP lines in
>/proc/net/ip_masquerade therefore it brought "unexpected input data"
>error not showing other records (that is TCP and UDP). Therefore if
>someone want's that his connections were not seen by `ipfwadm -Ml` can
>just ping one host and at the same time do what he wants. Of course the
>operator can look into /proc/net directory, but it's difficult to read ip
>addresses written in hex numbers... I've written a small fix to solve
>this problem - I've just added ICMP Masquerading support to ipfwadm. Here
>it is (you can get ipfwadm distribution from ftp.xos.nl/pub/linux/ipfwadm):
>
>--- ipfwadm.c.orig Tue Jul 30 14:54:22 1996
>+++ ipfwadm.c Sat Nov 28 16:20:53 1998
>@@ -1134,6 +1134,9 @@
> else if (kind == IP_FW_F_UDP &&
> (service = getservbyport(htons(port), "udp")) != NULL)
> return service->s_name;
>+ else if (kind == IP_FW_F_ICMP &&
>+ (service = getservbyport(htons(port), "icmp")) !=
NULL)
>+ return service->s_name;
> else
> return (char *) NULL;
> }
>@@ -1571,6 +1574,9 @@
> case IP_FW_F_UDP:
> fprintf(fp, "%-5s", "udp");
> break;
>+ case IP_FW_F_ICMP:
>+ fprintf(fp, "%-5s", "icmp");
>+ break;
> }
>
> sec100s = ms->expires % HZ;
>@@ -1668,9 +1674,10 @@
> ms->kind = IP_FW_F_TCP;
> else if (strcmp("UDP", buf) == 0)
> ms->kind = IP_FW_F_UDP;
>+ else if (strcmp("ICMP", buf) == 0)
>+ ms->kind = IP_FW_F_ICMP;
> else
> exit_error(1, "unexpected input data");
>-
> /* we always keep these addresses in network byte order */
> ms->src.s_addr = (__u32) htonl(temp[0]);
> ms->dst.s_addr = (__u32) htonl(temp[1]);
>--
>Domas Mituzas
>School of New Communications. Linux department.
>Now I'm pregnant... X-Ray proves - it's a penguin again!
>
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
