234,7 → 234,7 |
|
; check if it matches local ip |
|
mov eax, dword[IP_LIST+edi] |
mov eax, [IP_LIST+edi] |
cmp [edx + IPv4_Packet.DestinationAddress], eax |
je .ip_ok |
|
287,10 → 287,10 |
; No, it's just a regular IP packet, pass it to the higher protocols |
|
.handle_it: ; We reach here if packet hasnt been fragmented, or when it already has been re-constructed |
movzx eax, byte [edx + IPv4_Packet.VersionAndIHL] ; Calculate Header length by using IHL field |
movzx eax, [edx + IPv4_Packet.VersionAndIHL] ; Calculate Header length by using IHL field |
and eax, 0x0000000f ; |
shl eax, 2 ; |
movzx ecx, word [edx + IPv4_Packet.TotalLength] ; Calculate length of encapsulated Packet |
movzx ecx, [edx + IPv4_Packet.TotalLength] ; Calculate length of encapsulated Packet |
xchg cl , ch ; |
sub ecx, eax ; |
|
345,7 → 345,7 |
cmp esi, -1 |
je .dump |
|
mov word [esi + FRAGMENT_slot.ttl], 15 ; Reset the ttl |
mov [esi + FRAGMENT_slot.ttl], 15 ; Reset the ttl |
mov esi, [esi + FRAGMENT_slot.ptr] |
or edi, -1 |
.find_last_entry: ; The following routine will try to find the last entry |
384,15 → 384,15 |
jmp .dump ; If no free slot was found, dump the packet |
|
.found_free_slot: ; We found a free slot, let's fill in the FRAGMENT_slot structure |
mov word [esi + FRAGMENT_slot.ttl], 15 ; RFC recommends 15 secs as ttl |
mov ax , word [edx + IPv4_Packet.Identification] |
mov word [esi + FRAGMENT_slot.id], ax |
mov eax, dword [edx + IPv4_Packet.SourceAddress] |
mov dword [esi + FRAGMENT_slot.SrcIP], eax |
mov eax, dword [edx + IPv4_Packet.DestinationAddress] |
mov dword [esi + FRAGMENT_slot.DstIP], eax |
mov [esi + FRAGMENT_slot.ttl], 15 ; RFC recommends 15 secs as ttl |
mov ax , [edx + IPv4_Packet.Identification] |
mov [esi + FRAGMENT_slot.id], ax |
mov eax,[edx + IPv4_Packet.SourceAddress] |
mov [esi + FRAGMENT_slot.SrcIP], eax |
mov eax, [edx + IPv4_Packet.DestinationAddress] |
mov [esi + FRAGMENT_slot.DstIP], eax |
pop eax |
mov dword [esi + FRAGMENT_slot.ptr], eax |
mov [esi + FRAGMENT_slot.ptr], eax |
; Now, replace ethernet header in original buffer with a FRAGMENT_entry structure |
mov [eax + FRAGMENT_entry.NextPtr], -1 |
mov [eax + FRAGMENT_entry.PrevPtr], -1 |
420,11 → 420,11 |
.count_bytes: |
cmp [esi + FRAGMENT_entry.PrevPtr], edi |
jne .destroy_slot_pop ; Damn, something screwed up, remove the whole slot (and free buffers too if possible!) |
mov cx, word [esi + FRAGMENT_entry.Data + IPv4_Packet.TotalLength] ; Add total length |
mov cx, [esi + FRAGMENT_entry.Data + IPv4_Packet.TotalLength] ; Add total length |
xchg cl, ch |
DEBUGF 1,"Packet size: %u\n", cx |
add ax, cx |
movzx cx, byte [esi + FRAGMENT_entry.Data + IPv4_Packet.VersionAndIHL] ; Sub Header length |
movzx cx, [esi + FRAGMENT_entry.Data + IPv4_Packet.VersionAndIHL] ; Sub Header length |
and cx, 0x000F |
shl cx, 2 |
DEBUGF 1,"Header size: %u\n", cx |
465,18 → 465,18 |
mov edx, [esp+4] ; Get pointer to first fragment entry back in edx |
|
.rebuild_packet_loop: |
movzx ecx, word [edx + FRAGMENT_entry.Data + IPv4_Packet.FlagsAndFragmentOffset] ; Calculate the fragment offset |
movzx ecx, [edx + FRAGMENT_entry.Data + IPv4_Packet.FlagsAndFragmentOffset] ; Calculate the fragment offset |
xchg cl , ch ; intel byte order |
shl cx , 3 ; multiply by 8 and clear first 3 bits |
DEBUGF 1,"Fragment offset: %u\n", cx |
|
lea edi, [eax + ecx] ; Notice that edi will be equal to eax for first fragment |
movzx ebx, byte [edx + FRAGMENT_entry.Data + IPv4_Packet.VersionAndIHL] ; Find header size (in ebx) of fragment |
movzx ebx, [edx + FRAGMENT_entry.Data + IPv4_Packet.VersionAndIHL] ; Find header size (in ebx) of fragment |
and bx , 0x000F ; |
shl bx , 2 ; |
|
lea esi, [edx + FRAGMENT_entry.Data] ; Set esi to the correct begin of fragment |
movzx ecx, word [edx + FRAGMENT_entry.Data + IPv4_Packet.TotalLength] ; Calculate total length of fragment |
movzx ecx, [edx + FRAGMENT_entry.Data + IPv4_Packet.TotalLength] ; Calculate total length of fragment |
xchg cl, ch ; intel byte order |
|
cmp edi, eax ; Is this packet the first fragment ? |
501,10 → 501,10 |
cmp edx, -1 ; Check if it is last fragment in chain |
jne .rebuild_packet_loop |
|
pop ecx ; |
pop ecx |
xchg cl, ch |
mov edx, eax |
mov word [edx + IPv4_Packet.TotalLength], cx |
mov [edx + IPv4_Packet.TotalLength], cx |
add esp, 8 |
|
xchg cl, ch ; |
550,17 → 550,17 |
;;; TODO: the RFC says we should check protocol number too |
|
push eax ebx ecx edx |
mov ax , word [edx + IPv4_Packet.Identification] |
mov ax , [edx + IPv4_Packet.Identification] |
mov ecx, MAX_FRAGMENTS |
mov esi, FRAGMENT_LIST |
mov ebx, dword [edx + IPv4_Packet.SourceAddress] |
mov edx, dword [edx + IPv4_Packet.DestinationAddress] |
mov ebx, [edx + IPv4_Packet.SourceAddress] |
mov edx, [edx + IPv4_Packet.DestinationAddress] |
.find_slot: |
cmp word [esi + FRAGMENT_slot.id], ax |
cmp [esi + FRAGMENT_slot.id], ax |
jne .try_next |
cmp dword [esi + FRAGMENT_slot.SrcIP], ebx |
cmp [esi + FRAGMENT_slot.SrcIP], ebx |
jne .try_next |
cmp dword [esi + FRAGMENT_slot.DstIP], edx |
cmp [esi + FRAGMENT_slot.DstIP], edx |
je .found_slot |
.try_next: |
add esi, FRAGMENT_slot.size |
630,7 → 630,7 |
rol [edi + IPv4_Packet.TotalLength], 8 ; internet byte order |
mov [edi + IPv4_Packet.FlagsAndFragmentOffset], 0x0000 |
mov [edi + IPv4_Packet.HeaderChecksum], 0 |
popw word [edi + IPv4_Packet.TimeToLive] ; ttl shl 8 + protocol |
pop word [edi + IPv4_Packet.TimeToLive] ; ttl shl 8 + protocol |
; [edi + IPv4_Packet.Protocol] |
popw [edi + IPv4_Packet.Identification] ; fragment id |
popd [edi + IPv4_Packet.SourceAddress] |