[Bro] Bug on Anon.cc

Jose M. Gonzalez chema at cs.berkeley.edu
Sat Sep 10 15:32:02 PDT 2005


Hi,

I think I found a bug in the IP anonymizer code, more concretely in 
the PREFIX_PRESERVING_MD5 mode (well, considering that the anonymized 
addresses do not preserve prefixes, I'd say it is a bug). I include 
a patch. 

-Chema

-------------- next part --------------
Index: Anon.cc
===================================================================
RCS file: /home/portnoy/u2/src/projects/bro/src/Anon.cc,v
retrieving revision 1.1
diff -r1.1 Anon.cc
101a102,107
> /*
>  * this code is from "On the Design and Performance of Prefix-Preserving 
>  * IP Traffic Trace Anonymization", by Xu et al (IMW 2001)
>  * 
>  * http://www.imconf.net/imw-2001/proceedings.html
>  */
105a112
> 	input = ntohl(input);
110,111c117,119
< 		prefix.len = 32 - i;
< 		prefix.prefix = input & prefix_mask;
---
> 		/* PAD(x_0 ... x_{i-1}) = x_0 ... x_{i-1} 0 ... 0 */
> 		prefix.len = 31 - i;
> 		prefix.prefix = input & ~(prefix_mask>>prefix.len);
113c121,122
< 		hmac_md5(sizeof(prefix), (u_char*)(&prefix), digest);
---
> 		/* HK(PAD(x_0 ... x_{i-1})) */
> 		hmac_md5(sizeof(prefix.prefix), (u_char*)(&prefix.prefix), digest);
114a124
> 		/* f_{i-1} = LSB(HK(PAD(x_0 ... x_{i-1}))) */
115a126,127
> 
> 		/* x_i' = x_i ^ f_{i-1} */
119c131
< 	return output;
---
> 	return htonl(output);


More information about the Bro mailing list