[Bro] Re: Bug on Anon.cc
Jose M. Gonzalez
chema at cs.berkeley.edu
Sun Sep 11 21:09:45 PDT 2005
Ruoming Pang wrote:
> However, there's another minor tweak we need to make (I learned that in
> writing and testing the same anonymization function in the TCPMKPUB
> code). The byte-by-byte value of struct prefix currently depends on
> byte order of the machine. In order for Bro to produce the same results
> for both byte orders, we have to put the 32 bit values back to network
> order when assigning the struct prefix.
That's right. I enclose the patch.
-Chema
-------------- next part --------------
Index: Anon.cc
===================================================================
RCS file: /home/portnoy/u2/src/projects/bro/src/Anon.cc,v
retrieving revision 1.1
diff -u -r1.1 Anon.cc
--- Anon.cc 14 Jul 2004 20:15:39 -0000 1.1
+++ Anon.cc 12 Sep 2005 04:07:52 -0000
@@ -99,24 +99,36 @@
return output;
}
+/*
+ * this code is from "On the Design and Performance of Prefix-Preserving
+ * IP Traffic Trace Anonymization", by Xu et al (IMW 2001)
+ *
+ * http://www.imconf.net/imw-2001/proceedings.html
+ */
ipaddr32_t AnonymizeIPAddr_PrefixMD5::anonymize(ipaddr32_t input)
{
uint8 digest[16];
ipaddr32_t prefix_mask = 0xffffffff;
+ input = ntohl(input);
ipaddr32_t output = input;
for ( int i = 0; i < 32; ++i )
{
- prefix.len = 32 - i;
- prefix.prefix = input & prefix_mask;
+ /* PAD(x_0 ... x_{i-1}) = x_0 ... x_{i-1} 1 0 ... 0 */
+ prefix.len = htonl(i + 1);
+ prefix.prefix = htonl((input & ~(prefix_mask>>i)) | (1<<(31-i)));
+ /* HK(PAD(x_0 ... x_{i-1})) */
hmac_md5(sizeof(prefix), (u_char*)(&prefix), digest);
- ipaddr32_t bit_mask = (digest[0] & 1) << i;
+ /* f_{i-1} = LSB(HK(PAD(x_0 ... x_{i-1}))) */
+ ipaddr32_t bit_mask = (digest[0] & 1) << (31-i);
+
+ /* x_i' = x_i ^ f_{i-1} */
output ^= bit_mask;
}
- return output;
+ return htonl(output);
}
AnonymizeIPAddr_A50::~AnonymizeIPAddr_A50()
More information about the Bro
mailing list