27 #define _DEFAULT_SOURCE 1 30 #include "../misc/bpf_share.h" 31 #include "../misc/network.h" 32 #include "../misc/pcap_openvas.h" 33 #include "../misc/plugutils.h" 36 #include <arpa/inet.h> 37 #include <gvm/base/logging.h> 38 #include <gvm/base/prefs.h> 39 #include <netinet/ip.h> 40 #include <netinet/tcp.h> 46 #undef SHOW_RTT_REMOVAL 54 #define G_LOG_DOMAIN "lib nasl" 69 register u_short answer;
70 register unsigned long sum = 0;
82 *(u_char *) (&odd_byte) = *(u_char *) p;
85 sum = (sum >> 16) + (sum & 0xffff);
97 gettimeofday (&tv, NULL);
99 ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
112 h = (
val & 0xF0000000) >> 28;
113 l = (
val & 0x0FFFFFFF) << 4;
117 while (ret.tv_usec >= 1000000)
119 ret.tv_usec -= 1000000;
138 a = (
unsigned long) ntohl (now);
139 b = (
unsigned long) ntohl (then);
146 if (res >= (1 << 28))
160 if ((now - then) >= 2 << 28)
178 if (family == AF_INET)
180 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
184 printf (
"error opeinig socket\n");
187 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, &opt,
191 perror (
"setsockopt ");
192 printf (
"error setting socket opt\n");
199 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
201 || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
206 printf (
"error opening socket\n");
227 openbpf (
struct in_addr dst,
struct in_addr *src,
int magic)
234 snprintf (filter,
sizeof (filter),
"tcp and src host %s and dst port %d",
235 inet_ntoa (dst), magic);
241 v6_openbpf (
struct in6_addr *dst,
struct in6_addr *src,
int magic)
250 snprintf (filter,
sizeof (filter),
"tcp and src host %s and dst port %d",
254 printf (
"bpf_open_live returned error\n");
304 ret = g_malloc0 (
sizeof (
struct list));
308 if (ret->
next != NULL)
320 struct list *ret = l;
340 struct list *ret = l;
352 printf (
"Will retry port %d\n", p->
dport);
358 #ifdef SHOW_RTT_REMOVAL 359 printf (
"Removing port %d (RTT elapsed)\n", p->
dport);
384 ip = (
struct ip *) pkt;
385 if (ip->ip_hl * 4 + sizeof (
struct tcphdr) > len)
388 tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
396 tcp = (
struct tcphdr *) (pkt + 40);
405 if (family == AF_INET)
413 ret = htonl (ntohl (tcp->th_ack) - 1);
422 if (family == AF_INET)
430 return ntohs (tcp->th_sport);
438 if (family == AF_INET)
446 return tcp->th_flags == (TH_SYN | TH_ACK);
450 mktcp (
struct in_addr src,
int sport,
struct in_addr dst,
int dport,
451 unsigned long th_ack,
unsigned char flag)
453 static char pkt[
sizeof (
struct ip) + sizeof (struct tcphdr)];
459 ip = (
struct ip *) (&pkt);
463 ip->ip_len =
sizeof (
struct ip) + sizeof (struct tcphdr);
467 ip->ip_p = IPPROTO_TCP;
469 ip->ip_src.s_addr = src.s_addr;
470 ip->ip_dst.s_addr = dst.s_addr;
471 ip->ip_sum =
in_cksum ((u_short *) pkt,
sizeof (
struct ip));
473 tcp = (
struct tcphdr *) (&(pkt[
sizeof (
struct ip)]));
474 tcp->th_sport = htons (sport);
475 tcp->th_dport = htons (dport);
476 tcp->th_seq = th_ack;
480 tcp->th_flags = flag;
493 in_cksum ((
unsigned short *) tcpsumdata, 12 +
sizeof (
struct tcphdr));
499 mktcpv6 (
int sport,
int dport,
unsigned long th_ack,
unsigned char flag)
501 static char pkt[
sizeof (
struct tcphdr)];
504 tcp = (
struct tcphdr *) (&(pkt[0]));
505 tcp->th_sport = htons (sport);
506 tcp->th_dport = htons (dport);
507 tcp->th_ack = htonl (rand ());
508 tcp->th_seq = th_ack;
510 tcp->th_flags = flag;
511 tcp->th_win = htons (5760);
524 sendpacket (
int soc,
int bpf,
int skip,
struct in_addr dst,
struct in_addr src,
525 int dport,
int magic,
struct list *packets,
unsigned long *rtt,
529 char *pkt =
mktcp (src, magic, dst,
dport, ack, TH_SYN);
532 struct sockaddr_in soca;
534 int family = AF_INET;
536 bzero (&soca,
sizeof (soca));
537 soca.sin_family = AF_INET;
540 rtt_tv.tv_sec *= 1000;
543 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
544 rtt_tv.tv_sec /= 1000;
545 if (rtt_tv.tv_sec >= 1)
555 e = sendto (soc, pkt,
sizeof (
struct ip) +
sizeof (
struct tcphdr), 0,
556 (
struct sockaddr *) &soca,
sizeof (soca));
571 unsigned short sport =
extractsport (res + skip, len, family);
572 int synack =
issynack (res + skip, len, family);
573 unsigned int rack =
extractack (res + skip, len, family);
580 rst =
mktcp (src, magic, dst, sport, ack + 1, TH_RST);
581 if (sendto (soc, rst,
sizeof (
struct ip) +
sizeof (
struct tcphdr),
582 0, (
struct sockaddr *) &soca,
sizeof (soca))
593 if (ntohl (*rtt) >= (1 << 28))
607 int magic,
struct list *packets,
unsigned long *rtt,
int sniff,
614 struct sockaddr_in6 soca;
617 bzero (&soca,
sizeof (soca));
618 soca.sin6_family = AF_INET6;
619 memcpy (&soca.sin6_addr, dst, sizeof (
struct in6_addr));
620 rtt_tv.tv_sec *= 1000;
623 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
624 rtt_tv.tv_sec /= 1000;
625 if (rtt_tv.tv_sec >= 1)
635 e = sendto (soc, pkt,
sizeof (
struct tcphdr), 0,
636 (
struct sockaddr *) &soca,
sizeof (soca));
639 g_message (
"sendto error in v6_sendpacket");
648 res = (
char *)
bpf_next (bpf, &len);
651 unsigned short sport =
extractsport (res + skip, len, AF_INET6);
652 int synack =
issynack (res + skip, len, AF_INET6);
659 rst =
mktcpv6 (magic, sport, ack + 1, TH_RST);
660 if (sendto (soc, rst,
sizeof (
struct tcphdr), 0,
661 (
struct sockaddr *) &soca,
sizeof (soca))
688 struct in6_addr src6;
689 int magic = 4441 + (rand () % 1200);
692 struct list *packets = NULL;
694 unsigned short *ports;
699 if (IN6_IS_ADDR_V4MAPPED (dst6))
702 dst.s_addr = dst6->s6_addr32[3];
711 ports = (
unsigned short *)
getpts (portrange, &num);
715 printf (
"error opening raw socket\n");
719 if (family == AF_INET)
720 bpf =
openbpf (dst, &src, magic);
731 for (i = 0; i < num; i += 2)
733 if (family == AF_INET)
734 packets =
sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
735 packets, &rtt, 0, env);
737 packets =
v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
741 g_debug (
"=====>> Sniffing %u\n", ports[i + 1]);
742 if (family == AF_INET)
743 packets =
sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
744 packets, &rtt, 1, env);
746 packets =
v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
747 packets, &rtt, 1, env);
752 if (family == AF_INET)
754 while (packets != NULL)
759 while (retry != 0 && i < 2)
761 packets =
sendpacket (soc, bpf, skip, dst, src, retry, magic,
762 packets, &rtt, 0, env);
766 packets =
sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
788 struct in_addr inaddr;
790 inaddr.s_addr = dst6->s6_addr32[3];
796 rtt = htonl (1 << 28);
798 const char *range = prefs_get (
"port_range");
799 scan (env, (
char *) range, dst6, rtt);
int rawsocket(int family)
Opens and returns a raw socket.
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
unsigned long extractack(char *pkt, int len, int family)
struct list * v6_sendpacket(int soc, int bpf, int skip, struct in6_addr *dst, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
struct list * add_packet(struct list *l, unsigned short dport, unsigned long ack)
If no packet with dport is in list, prepends a "packet" to the.
char * mktcpv6(int sport, int dport, unsigned long th_ack, unsigned char flag)
char * mktcp(struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)
void scanner_add_port(struct script_infos *args, int port, char *proto)
struct list * sendpacket(int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
tree_cell * plugin_run_synscan(lex_ctxt *lexic)
struct list * rm_packet(struct list *l, unsigned short dport)
struct list * rm_dead_packets(struct list *l, int *retry)
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface...
struct tcphdr * extracttcp(char *pkt, unsigned int len)
unsigned long compute_rtt(unsigned long then)
struct script_infos * script_infos
int get_datalink_size(int datalink)
int bpf_datalink(int bpf)
struct list * get_packet(struct list *l, unsigned short dport)
int packetdead(unsigned long then)
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
unsigned short extractsport(char *pkt, int len, int family)
struct in6_addr * plug_get_host_ip(struct script_infos *args)
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
int bpf_open_live(char *iface, char *filter)
int v6_openbpf(struct in6_addr *dst, struct in6_addr *src, int magic)
static int in_cksum(u_short *p, int n)
int issynack(char *pkt, int len, int family)
struct timeval timeval(unsigned long val)
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
u_char * bpf_next(int bpf, int *caplen)
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
int openbpf(struct in_addr dst, struct in_addr *src, int magic)
Opens a packet filter, grabs packets from dst to port magic.
struct tcphdr * v6_extracttcp(char *pkt)