[Snort-devel] offset to fragment data (ip with options)

Vyacheslav V. Burdjanadze wr at ...2861...
Thu Feb 16 03:01:07 EST 2006


Hello, guys.

While trying to tweak snort-2.4.3 sources I've found this -

fragStart = ((char *)p->iph + IP_HLEN(p->iph) * 4) + 
(u_int16_t)p->ip_options_len;

Is it correct? Doesn't ip header length reflect options length?
It seems we may send fragmented packets with ip options inside to evade ids.
There are a few places with similar code.





More information about the Snort-devel mailing list