[Bro] Re: Bug on Anon.cc

Jose M. Gonzalez chema at cs.berkeley.edu
Sun Sep 11 21:09:45 PDT 2005


Ruoming Pang wrote:
> However, there's another minor tweak we need to make (I learned that in 
> writing and testing the same anonymization function in the TCPMKPUB 
> code). The byte-by-byte value of struct prefix currently depends on 
> byte order of the machine. In order for Bro to produce the same results 
> for both byte orders, we have to put the 32 bit values back to network 
> order when assigning the struct prefix.
That's right. I enclose the patch. 

-Chema

-------------- next part --------------
Index: Anon.cc
===================================================================
RCS file: /home/portnoy/u2/src/projects/bro/src/Anon.cc,v
retrieving revision 1.1
diff -u -r1.1 Anon.cc
--- Anon.cc	14 Jul 2004 20:15:39 -0000	1.1
+++ Anon.cc	12 Sep 2005 04:07:52 -0000
@@ -99,24 +99,36 @@
 	return output;
 	}
 
+/*
+ * this code is from "On the Design and Performance of Prefix-Preserving 
+ * IP Traffic Trace Anonymization", by Xu et al (IMW 2001)
+ * 
+ * http://www.imconf.net/imw-2001/proceedings.html
+ */
 ipaddr32_t AnonymizeIPAddr_PrefixMD5::anonymize(ipaddr32_t input)
 	{
 	uint8 digest[16];
 	ipaddr32_t prefix_mask = 0xffffffff;
+	input = ntohl(input);
 	ipaddr32_t output = input;
 
 	for ( int i = 0; i < 32; ++i )
 		{
-		prefix.len = 32 - i;
-		prefix.prefix = input & prefix_mask;
+		/* PAD(x_0 ... x_{i-1}) = x_0 ... x_{i-1} 1 0 ... 0 */
+		prefix.len = htonl(i + 1);
+		prefix.prefix = htonl((input & ~(prefix_mask>>i)) | (1<<(31-i)));
 
+		/* HK(PAD(x_0 ... x_{i-1})) */
 		hmac_md5(sizeof(prefix), (u_char*)(&prefix), digest);
 
-		ipaddr32_t bit_mask = (digest[0] & 1) << i;
+		/* f_{i-1} = LSB(HK(PAD(x_0 ... x_{i-1}))) */
+		ipaddr32_t bit_mask = (digest[0] & 1) << (31-i);
+
+		/* x_i' = x_i ^ f_{i-1} */
 		output ^= bit_mask;
 		}
 
-	return output;
+	return htonl(output);
 	}
 
 AnonymizeIPAddr_A50::~AnonymizeIPAddr_A50()


More information about the Bro mailing list