* both directions).
*/
#ifdef INET6
- memset(&tha, 0, sizeof(tha));
rev = 0;
if (ip6) {
src = &ip6->ip6_src;
tha.port = sport << 16 | dport;
}
} else {
+ /*
+ * Zero out the tha structure; the src and dst
+ * fields are big enough to hold an IPv6
+ * address, but we only have IPv4 addresses
+ * and thus must clear out the remaining 124
+ * bits.
+ *
+ * XXX - should we just clear those bytes after
+ * copying the IPv4 addresses, rather than
+ * zeroing out the entire structure and then
+ * overwriting some of the zeroes?
+ *
+ * XXX - this could fail if we see TCP packets
+ * with an IPv6 address with the lower 124 bits
+ * all zero and also see TCP packes with an
+ * IPv4 address with the same 32 bits as the
+ * upper 32 bits of the IPv6 address in question.
+ * Can that happen? Is it likely enough to be
+ * an issue?
+ */
+ memset(&tha, 0, sizeof(tha));
src = &ip->ip_src;
dst = &ip->ip_dst;
if (sport > dport)
ip6 = (struct ip6_hdr *)ip;
MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
MD5_Update(&ctx, (char *)&ip6->ip6_dst, sizeof(ip6->ip6_dst));
- len32 = htonl(ntohs(ip6->ip6_plen));
+ len32 = htonl(EXTRACT_16BITS(&ip6->ip6_plen));
MD5_Update(&ctx, (char *)&len32, sizeof(len32));
nxt = 0;
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
projects / tcpdump / blobdiff