151a152,156
> #ifdef _WORM_CHECK_		/***** seirios *****/
> #include <sys/syslog.h>
> #include <netinet/tcp.h>
> #endif /* _WORM_CHECK_ */
> 
495a501,547
> 
> #ifdef _WORM_CHECK_	/***** seirios ****/
> 	{
> 		/*
> 		 * Code Red Worm Packet identification
> 		 * TCP(0x??)
> 		 * src/dst port 80(0x50)
> 		 * Payload is startd from
> 		 * "GET /default.ida?NNNNNNNN"
> 		 * "GET /default.ida?XXXXXXXX"
> 		 */
> 		char *WORMfp[] = {
> 			"Dummy",
> 			"GET /default.ida?NNNN",
> 			"GET /default.ida?XXXX",
> 			"GET /x.ida?AAAAAAAAAA"
> 		};
> 		int WORMid=3;	/* # of WORMfp -1 */
> 		int iphlen = ip->ip_hl << 2;
> 		struct tcphdr *th = (struct tcphdr *)(mtod(m, caddr_t) + iphlen);
> 		in_port_t destport = ntohs(th->th_dport);
> 		int tcpoffset = th->th_off << 2;
> 
> 		if( (ip->ip_p == IPPROTO_TCP) &&
> 		    (ip->ip_len - iphlen - tcpoffset >30) &&
> 		    (destport == 80)
> 		  ){
> 			char *data = (char *)(mtod(m, caddr_t) + iphlen + tcpoffset);
> 			for( ; WORMid > 0; WORMid-- ){
> 				if ( strncmp(data, WORMfp[WORMid], 21 ) == 0){
> 					break;
> 				}
> 			}
> 			if(WORMid){
> 				char src[4*sizeof "123"];
> 				char dst[4*sizeof "123"];
> 
> 				strcpy(src, inet_ntoa(ip->ip_src));
> 				strcpy(dst, inet_ntoa(ip->ip_dst));
> 				log(LOG_LOCAL7|LOG_DEBUG,
> 				    "This is Worm Packet(id=%d). saddr=%s, daddr=%s Filterd.\n",
> 				    WORMid, src, dst);
> 				goto bad;
> 			}
> 		}
> 	}
> #endif /* _WORM_CHECK_ */