yarrp icon indicating copy to clipboard operation
yarrp copied to clipboard

Published 20 hours ago verified publisher icon cmand

Bug found in timestamp decoding process

Open qiling07 opened this issue 3 years ago • 0 comments

Hello, I notice a bug in icmp.cpp when the encoded timestamp is extracted from udp header.

diff --git a/icmp.cpp b/icmp.cpp
index cb36644..a7823f6 100644
--- a/icmp.cpp
+++ b/icmp.cpp
@@ -59,7 +59,7 @@ ICMP4::ICMP4(struct ip *ip, struct icmp *icmp, uint32_t elapsed, bool _coarse):
         else if (quote->ip_p == IPPROTO_UDP) {
             struct udphdr *udp = (struct udphdr *) (ptr + 8 + (quote->ip_hl << 2));
             /* recover timestamp from UDP.check and UDP.payloadlen */
-            int payloadlen = ntohs(udp->uh_ulen) - sizeof(struct icmp);
+            int payloadlen = ntohs(udp->uh_ulen) - sizeof(struct udphdr);
             int timestamp = udp->uh_sum;
             sport = ntohs(udp->uh_sport);
             dport = ntohs(udp->uh_dport);

This bug prevents the carry of the timestamp to be calculated correctly, thus influencing the rtt.

qiling07 avatar Jan 16 '22 10:01 qiling07