Re: [nse] very strange bug on Leopard - endian problems?

[majek04 <majek04+nmap-dev () gmail com>]

On 3/31/08, Kris Katterjohn <katterjohn () gmail com> wrote:
>  Raw sockets with IP_HDRINCL were never really documented, especially wrt
>  byte order.  The IP length field was one of the two fields that are
>  traditionally in *host* byte order when sent over the net on BSDs.
>  Since OS X is based on BSD, it should adhere to this (and it appears
>  that they did since this was never complained before about that I know
>  of).  But I guess with Leopard they went along with Linux and want it
>  all sent in network byte order (or nobody complained about the other
>  broken OS X versions..).

So maybe everything works okay... I haven't known about this "feature" of BSD.
And what is the second field that has to be in host order?

> I don't know why they would want to break raw
>  sockets programs, though.
>
>  p657 of UNIX Network Programming tells the BSD vs. Linux gist, and you
>  can grep for MACOSX in tcpip.cc to see that Nmap ntohs()'s the IP length
>  field for BSDs and OS X.
>
>  I guess configure will need to check for Leopard and later versions
>  specifically so this stuff can be taken into account.
>
>  I wonder if pcap_get_selectable_fd() will work with Leopard?  Maybe
>  that's changed as well (I don't know why it didn't work before, so I
>  can't guess to why it would now).

good question.

MM.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org