21 #include <arpa/inet.h> 29 #include "../misc/bpf_share.h" 30 #include "../misc/pcap_openvas.h" 31 #include "../misc/plugutils.h" 50 #ifdef BSD_BYTE_ORDERING 54 #define FIX(n) htons(n) 55 #define UNFIX(n) ntohs(n) 69 register u_short answer;
70 register long sum = 0;
82 *(u_char *) (&odd_byte) = *(u_char *) p;
86 sum = (sum >> 16) + (sum & 0xffff);
105 struct in6_addr *dst_addr;
111 if (dst_addr == NULL || (IN6_IS_ADDR_V4MAPPED (dst_addr) != 1))
119 retc->
size =
sizeof (
struct ip) + data_len;
121 pkt = (
struct ip *) g_malloc0 (
sizeof (
struct ip) + data_len);
129 pkt->ip_len =
FIX (20 + data_len);
133 pkt->ip_off =
FIX (pkt->ip_off);
140 inet_aton (s, &pkt->ip_src);
147 inet_aton (s, &pkt->ip_dst);
149 pkt->ip_dst.s_addr = dst_addr->s6_addr32[3];
153 bcopy (data, retc->
x.
str_val + sizeof (
struct ip), data_len);
160 pkt->ip_sum = np_in_cksum ((u_short *) pkt,
sizeof (
struct ip));
179 nasl_perror (lexic,
"get_ip_element : no valid 'ip' argument!\n");
185 nasl_perror (lexic,
"get_ip_element : no valid 'element' argument!\n");
189 if (!strcmp (element,
"ip_v"))
194 else if (!strcmp (element,
"ip_id"))
196 ret_int =
UNFIX (ip->ip_id);
199 else if (!strcmp (element,
"ip_hl"))
204 else if (!strcmp (element,
"ip_tos"))
206 ret_int = ip->ip_tos;
209 else if (!strcmp (element,
"ip_len"))
211 ret_int =
UNFIX (ip->ip_len);
214 else if (!strcmp (element,
"ip_off"))
216 ret_int =
UNFIX (ip->ip_off);
219 else if (!strcmp (element,
"ip_ttl"))
221 ret_int = ip->ip_ttl;
224 else if (!strcmp (element,
"ip_p"))
229 else if (!strcmp (element,
"ip_sum"))
231 ret_int =
UNFIX (ip->ip_sum);
245 if (!strcmp (element,
"ip_src"))
247 snprintf (ret_ascii,
sizeof (ret_ascii),
"%s", inet_ntoa (ip->ip_src));
250 else if (!strcmp (element,
"ip_dst"))
252 snprintf (ret_ascii,
sizeof (ret_ascii),
"%s", inet_ntoa (ip->ip_dst));
259 printf (
"%s : unknown element\n", element);
265 retc->
size = strlen (ret_ascii);
266 retc->
x.
str_val = g_strdup (ret_ascii);
285 nasl_perror (lexic,
"set_ip_elements: missing <ip> field\n");
289 pkt = (
struct ip *) g_malloc0 (size);
290 bcopy (o_pkt, pkt, size);
306 inet_aton (s, &pkt->ip_src);
309 if (pkt->ip_sum == 0)
310 pkt->ip_sum = np_in_cksum ((u_short *) pkt,
sizeof (
struct ip));
329 struct ip *new_packet;
332 u_char uc_code, uc_len;
344 "Usage : insert_ip_options(ip:<ip>, code:<code>, length:<len>, value:<value>\n");
348 pad_len = 4 - ((
sizeof (uc_code) +
sizeof (uc_len) + value_size) % 4);
352 hl = ip->ip_hl * 4 <
UNFIX (ip->ip_len) ? ip->ip_hl * 4 :
UNFIX (ip->ip_len);
353 new_packet = g_malloc0 (size + 4 + value_size + pad_len);
354 bcopy (ip, new_packet, hl);
356 uc_code = (u_char)
code;
357 uc_len = (u_char) len;
360 p = (
char *) new_packet;
361 bcopy (&uc_code, p + hl,
sizeof (uc_code));
362 bcopy (&uc_len, p + hl +
sizeof (uc_code),
sizeof (uc_len));
363 bcopy (value, p + hl +
sizeof (uc_code) +
sizeof (uc_len), value_size);
368 for (i = 0; i < pad_len; i++)
371 p + hl +
sizeof (uc_code) +
sizeof (uc_len) + value_size + i, 1);
377 new_packet + (
sizeof (uc_code) +
sizeof (uc_len) + value_size +
378 pad_len) + hl, size - hl);
382 (hl + (
sizeof (uc_code) +
sizeof (uc_len) + value_size + pad_len)) / 4;
384 FIX (size +
sizeof (uc_code) +
sizeof (uc_len) + value_size + pad_len);
385 new_packet->ip_sum = 0;
387 np_in_cksum ((u_short *) new_packet,
388 new_packet->ip_hl * 4 >
389 UNFIX (new_packet->ip_len) ?
UNFIX (new_packet->
390 ip_len) : new_packet->
395 retc->
size = size + value_size +
sizeof (uc_code) +
sizeof (uc_len) + pad_len;
396 retc->
x.
str_val = (
char *) new_packet;
416 printf (
"\tip_hl : %d\n", ip->ip_hl);
417 printf (
"\tip_v : %d\n", ip->ip_v);
418 printf (
"\tip_tos: %d\n", ip->ip_tos);
419 printf (
"\tip_len: %d\n",
UNFIX (ip->ip_len));
420 printf (
"\tip_id : %d\n", ntohs (ip->ip_id));
421 printf (
"\tip_off: %d\n",
UNFIX (ip->ip_off));
422 printf (
"\tip_ttl: %d\n", ip->ip_ttl);
426 printf (
"\tip_p : IPPROTO_TCP (%d)\n", ip->ip_p);
429 printf (
"\tip_p : IPPROTO_UDP (%d)\n", ip->ip_p);
432 printf (
"\tip_p : IPPROTO_ICMP (%d)\n", ip->ip_p);
435 printf (
"\tip_p : %d\n", ip->ip_p);
438 printf (
"\tip_sum: 0x%x\n", ntohs (ip->ip_sum));
439 printf (
"\tip_src: %s\n", inet_ntoa (ip->ip_src));
440 printf (
"\tip_dst: %s\n", inet_ntoa (ip->ip_dst));
452 struct in_addr
saddr;
453 struct in_addr
daddr;
475 "forge_tcp_packet : You must supply the 'ip' argument !");
480 if (ipsz > ip->ip_hl * 4)
481 ipsz = ip->ip_hl * 4;
490 tcp_packet = (
struct ip *) g_malloc0 (ipsz +
sizeof (
struct tcphdr) + len);
503 np_in_cksum ((u_short *)
tcp_packet,
sizeof (
struct ip));
520 bcopy (data, (
char *) tcp +
sizeof (
struct tcphdr), len);
526 char *tcpsumdata = g_malloc0 (
sizeof (
struct pseudohdr) + len + 1);
527 struct in_addr source, dest;
529 source.s_addr = ip->ip_src.s_addr;
530 dest.s_addr = ip->ip_dst.s_addr;
532 bzero (&pseudoheader, 12 +
sizeof (
struct tcphdr));
533 pseudoheader.
saddr.s_addr = source.s_addr;
534 pseudoheader.
daddr.s_addr = dest.s_addr;
536 pseudoheader.
protocol = IPPROTO_TCP;
537 pseudoheader.
length = htons (
sizeof (
struct tcphdr) + len);
538 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
539 sizeof (
struct tcphdr));
541 bcopy ((
char *) &pseudoheader, tcpsumdata,
sizeof (
struct pseudohdr));
543 bcopy ((
char *) data, tcpsumdata +
sizeof (
struct pseudohdr), len);
545 np_in_cksum ((
unsigned short *) tcpsumdata,
546 12 +
sizeof (
struct tcphdr) + len);
552 retc->
size = ipsz +
sizeof (
struct tcphdr) + len;
574 "get_tcp_element : Error ! No valid 'tcp' argument !\n");
578 ip = (
struct ip *) packet;
580 if (ip->ip_hl * 4 > ipsz)
583 if (
UNFIX (ip->ip_len) > ipsz)
586 tcp = (
struct tcphdr *) (packet + ip->ip_hl * 4);
592 "get_tcp_element : Error ! No valid 'element' argument !\n");
597 if (!strcmp (element,
"th_sport"))
598 ret = ntohs (tcp->th_sport);
599 else if (!strcmp (element,
"th_dsport"))
600 ret = ntohs (tcp->th_dport);
601 else if (!strcmp (element,
"th_seq"))
602 ret = ntohl (tcp->th_seq);
603 else if (!strcmp (element,
"th_ack"))
604 ret = ntohl (tcp->th_ack);
605 else if (!strcmp (element,
"th_x2"))
607 else if (!strcmp (element,
"th_off"))
609 else if (!strcmp (element,
"th_flags"))
611 else if (!strcmp (element,
"th_win"))
612 ret = ntohs (tcp->th_win);
613 else if (!strcmp (element,
"th_sum"))
615 else if (!strcmp (element,
"th_urp"))
617 else if (!strcmp (element,
"data"))
621 retc->
size =
UNFIX (ip->ip_len) - ntohl (tcp->th_off) * 4;
623 bcopy (tcp + ntohl (tcp->th_off) * 4, retc->
x.
str_val, retc->
size);
628 nasl_perror (lexic,
"Unknown tcp field %s\n", element);
642 struct ip *ip = (
struct ip *) pkt;
653 "set_tcp_elements : Invalid value for the argument 'tcp'\n");
657 if (ip->ip_hl * 4 > pktsz)
658 tcp = (
struct tcphdr *) (pkt + 20);
660 tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
663 if (pktsz <
UNFIX (ip->ip_len))
669 data_len =
UNFIX (ip->ip_len) - (ip->ip_hl * 4) - (tcp->th_off * 4);
670 data = (
char *) ((
char *) tcp + tcp->th_off * 4);
673 npkt = g_malloc0 (ip->ip_hl * 4 + tcp->th_off * 4 + data_len);
674 bcopy (pkt, npkt,
UNFIX (ip->ip_len));
676 ip = (
struct ip *) (npkt);
677 tcp = (
struct tcphdr *) (npkt + ip->ip_hl * 4);
681 (lexic,
"th_sport", ntohs (tcp->th_sport)));
684 (lexic,
"th_dport", ntohs (tcp->th_dport)));
696 bcopy (data, (
char *) tcp + tcp->th_off * 4, data_len);
700 ip->ip_len = ip->ip_hl * 4 + tcp->th_off * 4 + data_len;
702 ip->ip_sum = np_in_cksum ((u_short *) pkt, ip->ip_hl * 4);
705 if (tcp->th_sum == 0)
709 g_malloc0 (
sizeof (
struct pseudohdr) + data_len + 1);
710 struct in_addr source, dest;
712 source.s_addr = ip->ip_src.s_addr;
713 dest.s_addr = ip->ip_dst.s_addr;
715 bzero (&pseudoheader,
sizeof (pseudoheader));
716 pseudoheader.
saddr.s_addr = source.s_addr;
717 pseudoheader.
daddr.s_addr = dest.s_addr;
719 pseudoheader.
protocol = IPPROTO_TCP;
720 pseudoheader.
length = htons (
sizeof (
struct tcphdr) + data_len);
721 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
722 sizeof (
struct tcphdr));
724 bcopy ((
char *) &pseudoheader, tcpsumdata,
sizeof (
struct pseudohdr));
725 bcopy ((
char *) data, tcpsumdata +
sizeof (
struct pseudohdr), data_len);
727 np_in_cksum ((
unsigned short *) tcpsumdata,
728 sizeof (pseudoheader) + data_len);
734 retc->
size = (ip->ip_hl * 4) + (tcp->th_off * 4) + data_len;
749 struct ip *ip = (
struct ip *) pkt;
750 struct tcphdr *tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
756 printf (
"\tth_sport : %d\n", ntohs (tcp->th_sport));
757 printf (
"\tth_dport : %d\n", ntohs (tcp->th_dport));
758 printf (
"\tth_seq : %u\n", (
unsigned int) ntohl (tcp->th_seq));
759 printf (
"\tth_ack : %u\n", (
unsigned int) ntohl (tcp->th_ack));
760 printf (
"\tth_x2 : %d\n", tcp->th_x2);
761 printf (
"\tth_off : %d\n", tcp->th_off);
762 printf (
"\tth_flags : ");
763 if (tcp->th_flags & TH_FIN)
768 if (tcp->th_flags & TH_SYN)
775 if (tcp->th_flags & TH_RST)
782 if (tcp->th_flags & TH_PUSH)
789 if (tcp->th_flags & TH_ACK)
796 if (tcp->th_flags & TH_URG)
806 printf (
" (%d)", tcp->th_flags);
808 printf (
"\tth_win : %d\n", ntohs (tcp->th_win));
809 printf (
"\tth_sum : 0x%x\n", tcp->th_sum);
810 printf (
"\tth_urp : %d\n", tcp->th_urp);
811 printf (
"\tData : ");
812 c = (
char *) ((
char *) tcp +
sizeof (
struct tcphdr));
813 if (
UNFIX (ip->ip_len) > (sizeof (
struct ip) +
sizeof (
struct tcphdr)))
816 UNFIX (ip->ip_len) -
sizeof (
struct ip) - sizeof (struct tcphdr)
818 printf (
"%c", isprint (c[j]) ? c[j] :
'.');
850 struct ip *udp_packet;
853 pkt = g_malloc0 (
sizeof (
struct udphdr) + ip->ip_hl * 4 +
854 sizeof (
struct udphdr) + data_len);
856 udp_packet = (
struct ip *) pkt;
857 udp = (
struct udphdr *) (pkt + ip->ip_hl * 4);
864 (lexic,
"uh_ulen", data_len +
sizeof (
struct udphdr)));
868 if (data_len != 0 && data != NULL)
869 bcopy (data, (pkt + ip->ip_hl * 4 + sizeof (
struct udphdr)), data_len);
872 bcopy ((
char *) ip, pkt, ip->ip_hl * 4);
873 if (udp->uh_sum == 0)
876 struct in_addr source, dest;
880 source.s_addr = ip->ip_src.s_addr;
881 dest.s_addr = ip->ip_dst.s_addr;
888 pseudohdr.len = htons (
sizeof (
struct udphdr) + data_len);
889 bcopy ((
char *) udp, (
char *) &
pseudohdr.udpheader,
890 sizeof (
struct udphdr));
894 bcopy ((
char *) data, udpsumdata +
sizeof (
pseudohdr), data_len);
897 np_in_cksum ((
unsigned short *) udpsumdata,
898 12 +
sizeof (
struct udphdr) + data_len);
903 if (
UNFIX (udp_packet->ip_len) <= udp_packet->ip_hl * 4)
909 FIX (ntohs (udp->uh_ulen) + (udp_packet->ip_hl * 4));
910 udp_packet->ip_sum = 0;
912 np_in_cksum ((u_short *) udp_packet, udp_packet->ip_hl * 4);
919 retc->
size = 8 + ip->ip_hl * 4 + data_len;
923 printf (
"Error ! You must supply the 'ip' argument !\n");
937 struct udphdr *udphdr;
946 if (udp == NULL || element == NULL)
948 printf (
"get_udp_element() usage :\n");
949 printf (
"element = get_udp_element(udp:<udp>,element:<element>\n");
952 ip = (
struct ip *) udp;
954 if (ip->ip_hl * 4 + sizeof (
struct udphdr) > ipsz)
958 udphdr = (
struct udphdr *) (udp + ip->ip_hl * 4);
959 if (!strcmp (element,
"uh_sport"))
960 ret = ntohs (udphdr->uh_sport);
961 else if (!strcmp (element,
"uh_dport"))
962 ret = ntohs (udphdr->uh_dport);
963 else if (!strcmp (element,
"uh_ulen"))
964 ret = ntohs (udphdr->uh_ulen);
965 else if (!strcmp (element,
"uh_sum"))
966 ret = ntohs (udphdr->uh_sum);
967 else if (!strcmp (element,
"data"))
972 sz = ntohs (udphdr->uh_ulen) -
sizeof (
struct udphdr);
975 if (ntohs (udphdr->uh_ulen) - ip->ip_hl * 4 - sizeof (
struct udphdr) >
977 sz = ipsz - ip->ip_hl * 4 -
sizeof (
struct udphdr);
981 bcopy (udp + ip->ip_hl * 4 + sizeof (
struct udphdr), retc->
x.
str_val, sz);
986 printf (
"%s is not a value of a udp packet\n", element);
1014 if (ip->ip_hl * 4 + sizeof (
struct udphdr) > sz)
1019 sz = ip->ip_hl * 4 +
sizeof (
struct udphdr) + data_len;
1020 pkt = g_malloc0 (sz);
1021 bcopy (ip, pkt, ip->ip_hl * 4 + sizeof (
struct udphdr));
1025 pkt = g_malloc0 (sz);
1026 bcopy (ip, pkt, sz);
1031 ip = (
struct ip *) pkt;
1034 ip->ip_len =
FIX (sz);
1036 ip->ip_sum = np_in_cksum ((u_short *) ip, ip->ip_hl * 4);
1038 udp = (
struct udphdr *) (pkt + ip->ip_hl * 4);
1043 (lexic,
"uh_sport", ntohs (udp->uh_sport)));
1046 (lexic,
"uh_dport", ntohs (udp->uh_dport)));
1047 old_len = ntohs (udp->uh_ulen);
1050 (lexic,
"uh_ulen", ntohs (udp->uh_ulen)));
1055 bcopy (data, pkt + ip->ip_hl * 4 + sizeof (
struct udphdr), data_len);
1056 udp->uh_ulen = htons (
sizeof (
struct udphdr) + data_len);
1059 if (udp->uh_sum == 0)
1062 struct in_addr source, dest;
1063 int len = old_len -
sizeof (
struct udphdr);
1074 ptr = (
char *) udp +
sizeof (
struct udphdr);
1078 udpsumdata = g_malloc0 (
sizeof (
struct pseudo_udp_hdr) + len + 1);
1080 source.s_addr = ip->ip_src.s_addr;
1081 dest.s_addr = ip->ip_dst.s_addr;
1088 pseudohdr.len = htons (
sizeof (
struct udphdr) + len);
1089 bcopy ((
char *) udp, (
char *) &
pseudohdr.udpheader,
1090 sizeof (
struct udphdr));
1094 bcopy ((
char *) ptr, udpsumdata +
sizeof (
pseudohdr), len);
1097 np_in_cksum ((
unsigned short *) udpsumdata,
1098 12 +
sizeof (
struct udphdr) + len);
1099 g_free (udpsumdata);
1108 printf (
"Error ! You must supply the 'udp' argument !\n");
1121 struct udphdr *udp = (
struct udphdr *) (pkt +
sizeof (
struct ip));
1125 printf (
"------\n");
1126 printf (
"\tuh_sport : %d\n", ntohs (udp->uh_sport));
1127 printf (
"\tuh_dport : %d\n", ntohs (udp->uh_dport));
1128 printf (
"\tuh_sum : 0x%x\n", udp->uh_sum);
1129 printf (
"\tuh_ulen : %d\n", ntohs (udp->uh_ulen));
1130 printf (
"\tdata : ");
1131 c = (
char *) (udp +
sizeof (
struct udphdr));
1132 if (udp->uh_ulen > sizeof (
struct udphdr))
1134 j < (ntohs (udp->uh_ulen) -
sizeof (
struct udphdr)) && j < limit;
1136 printf (
"%c", isprint (c[j]) ? c[j] :
'.');
1167 if (t == 13 || t == 14)
1168 len += 3 *
sizeof (time_t);
1170 if (ip->ip_hl * 4 > ip_sz)
1173 pkt = g_malloc0 (
sizeof (
struct icmp) + ip_sz + len);
1174 ip_icmp = (
struct ip *) pkt;
1177 bcopy (ip, ip_icmp, ip_sz);
1178 if (
UNFIX (ip_icmp->ip_len) <= (ip_icmp->ip_hl * 4))
1182 ip_icmp->ip_len =
FIX (ip->ip_hl * 4 + 8 + len);
1183 ip_icmp->ip_sum = 0;
1185 np_in_cksum ((u_short *) ip_icmp, ip->ip_hl * 4);
1188 p = (
char *) (pkt + (ip->ip_hl * 4));
1189 icmp = (
struct icmp *) p;
1192 icmp->icmp_type = t;
1197 bcopy (data, &(p[8]), len);
1200 icmp->icmp_cksum = np_in_cksum ((u_short *) icmp, len + 8);
1209 retc->
size = ip_sz + len + 8;
1212 nasl_perror (lexic,
"forge_icmp_packet: missing 'ip' parameter\n");
1228 struct ip *ip = (
struct ip *) p;
1231 icmp = (
struct icmp *) (p + ip->ip_hl * 4);
1236 if (!strcmp (elem,
"icmp_id"))
1237 value = ntohs (icmp->icmp_id);
1238 else if (!strcmp (elem,
"icmp_code"))
1239 value = icmp->icmp_code;
1240 else if (!strcmp (elem,
"icmp_type"))
1241 value = icmp->icmp_type;
1242 else if (!strcmp (elem,
"icmp_seq"))
1243 value = ntohs (icmp->icmp_seq);
1244 else if (!strcmp (elem,
"icmp_cksum"))
1245 value = ntohs (icmp->icmp_cksum);
1246 else if (!strcmp (elem,
"data"))
1254 g_memdup (&(p[ip->ip_hl * 4 + 8]), retc->
size + 1);
1308 u_char *pkt = g_malloc0 (
sizeof (
struct igmp) + ip->ip_hl * 4 + len);
1309 struct ip *ip_igmp = (
struct ip *) pkt;
1316 bcopy (ip, ip_igmp, ipsz);
1319 if (
UNFIX (ip_igmp->ip_len) <= ip_igmp->ip_hl * 4)
1325 FIX (ip->ip_hl * 4 + sizeof (
struct igmp) + len);
1326 ip_igmp->ip_sum = 0;
1328 np_in_cksum ((u_short *) ip_igmp, ip->ip_hl * 4);
1331 p = (
char *) (pkt + ip_igmp->ip_hl * 4);
1346 char *p = (
char *) (pkt + ip->ip_hl * 4 + sizeof (
struct igmp));
1347 bcopy (p, data, len);
1352 retc->
size = ip->ip_hl * 4 +
sizeof (
struct igmp) + len;
1367 if (IN6_IS_ADDR_V4MAPPED (dst) != 1)
1373 u_char packet[
sizeof (
struct ip) + sizeof (struct tcphdr)];
1375 struct ip *ip = (
struct ip *) packet;
1376 struct tcphdr *tcp = (
struct tcphdr *) (packet +
sizeof (
struct ip));
1378 struct sockaddr_in soca;
1387 #define rnd_tcp_port() (rand() % 65535 + 1024) 1389 { 0, 0, 0, 0, 0, 1023, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 0, 0,
1390 20, 0, 25, 0, 0, 0 };
1392 { 139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025, 25, 111, 1028, 9100, 1029,
1393 79, 497, 548, 5000, 1917, 53, 161, 9001, 65535, 443, 113, 993, 8080, 0 };
1395 struct in_addr inaddr;
1397 if (dst == NULL || (IN6_IS_ADDR_V4MAPPED (dst) != 1))
1399 inaddr.s_addr = dst->s6_addr32[3];
1400 for (i = 0; i <
sizeof (sports) /
sizeof (
int); i++)
1407 for (i = 0; ports[i]; i++)
1410 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1413 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (
char *) &opt,
sizeof (opt)) < 0)
1414 perror (
"setsockopt ");
1421 src.s_addr = dst->s6_addr32[3];
1424 bzero (&src,
sizeof (src));
1428 snprintf (filter,
sizeof (filter),
"ip and src host %s", inet_ntoa (inaddr));
1436 for (i = 0; i <
sizeof (sports) /
sizeof (
int) && !flag; i++)
1438 bzero (packet,
sizeof (packet));
1441 ip->ip_off =
FIX (0);
1443 ip->ip_len =
FIX (40);
1445 ip->ip_p = IPPROTO_TCP;
1446 ip->ip_id = rand ();
1449 ip->ip_dst = inaddr;
1451 ip->ip_sum = np_in_cksum ((u_short *) ip, 20);
1456 port ? htons (
rnd_tcp_port ()) : htons (sports[i % num_ports]);
1457 tcp->th_flags = TH_SYN;
1458 tcp->th_dport = port ? htons (port) : htons (ports[i % num_ports]);
1459 tcp->th_seq = rand ();
1469 struct in_addr source, dest;
1471 source.s_addr = ip->ip_src.s_addr;
1472 dest.s_addr = ip->ip_dst.s_addr;
1474 bzero (&pseudoheader, 12 +
sizeof (
struct tcphdr));
1475 pseudoheader.
saddr.s_addr = source.s_addr;
1476 pseudoheader.
daddr.s_addr = dest.s_addr;
1479 pseudoheader.
length = htons (
sizeof (
struct tcphdr));
1480 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
1481 sizeof (
struct tcphdr));
1483 np_in_cksum ((
unsigned short *) &pseudoheader,
1484 12 +
sizeof (
struct tcphdr));
1487 bzero (&soca,
sizeof (soca));
1488 soca.sin_family = AF_INET;
1489 soca.sin_addr = ip->ip_dst;
1490 sendto (soc, (
const void *) ip, 40, 0, (
struct sockaddr *) &soca,
1493 tv.tv_usec = 100000;
1518 struct sockaddr_in sockaddr;
1520 struct ip *sip = NULL;
1521 int vi = 0, b, len = 0;
1530 struct in_addr inaddr;
1533 if (dstip == NULL || (IN6_IS_ADDR_V4MAPPED (dstip) != 1))
1535 inaddr.s_addr = dstip->s6_addr32[3];
1536 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1539 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (
char *) &i,
sizeof (i)) < 0)
1540 perror (
"setsockopt ");
1547 if (sz <
sizeof (
struct ip))
1549 nasl_perror (lexic,
"send_packet(): packet is too short!\n");
1553 sip = (
struct ip *) ip;
1554 if (use_pcap != 0 && bpf < 0)
1558 bzero (&sockaddr,
sizeof (
struct sockaddr_in));
1559 sockaddr.sin_family = AF_INET;
1560 sockaddr.sin_addr = sip->ip_dst;
1561 if (sockaddr.sin_addr.s_addr != inaddr.s_addr)
1563 char txt1[64], txt2[64];
1564 strncpy (txt1, inet_ntoa (sockaddr.sin_addr), sizeof (txt1));
1565 txt1[
sizeof (txt1) - 1] =
'\0';
1566 strncpy (txt2, inet_ntoa (inaddr),
sizeof (txt2));
1567 txt2[
sizeof (txt2) - 1] =
'\0';
1569 "send_packet: malicious or buggy script is trying to send packet to %s instead of designated target %s\n",
1577 sip->ip_dst = inaddr;
1578 sip->ip_sum = np_in_cksum ((u_short *) sip,
sizeof (
struct ip));
1582 if (dfl_len > 0 && dfl_len < sz)
1590 sendto (soc, (u_char *) ip, len, 0, (
struct sockaddr *) &sockaddr,
1593 if (b >= 0 && use_pcap != 0 && bpf >= 0)
1598 while (answer != NULL
1599 && (!memcmp (answer, (
char *) ip,
sizeof (
struct ip))))
1614 retc->
size = answer_sz;
1633 static char errbuf[PCAP_ERRBUF_SIZE];
1635 struct ip *ret = NULL;
1636 struct ip6_hdr *ret6 = NULL;
1642 struct in_addr inaddr;
1648 int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1649 if (interface == NULL)
1654 bzero (&src,
sizeof (src));
1655 inaddr.s_addr = dst->s6_addr32[3];
1660 struct in6_addr src;
1661 bzero (&src,
sizeof (src));
1664 if (interface == NULL)
1665 interface = pcap_lookupdev (errbuf);
1668 if (interface != NULL)
1674 nasl_perror (lexic,
"pcap_next: Could not get a bpf\n");
1685 gettimeofday (&then, NULL);
1688 packet = (
char *)
bpf_next (bpf, &len);
1695 gettimeofday (&now, NULL);
1696 if (now.tv_sec - then.tv_sec >= timeout)
1708 ip = (
struct ip *) (packet + dl_len);
1709 sz =
UNFIX (ip->ip_len);
1710 ret = g_malloc0 (sz);
1712 is_ip = (ip->ip_v == 4);
1716 bcopy (ip, ret, sz);
1721 bcopy (ip, ret, sz);
1727 ip = (
struct ip6_hdr *) (packet + dl_len);
1728 sz =
UNFIX (ip->ip6_plen);
1729 ret6 = g_malloc0 (sz);
1731 is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1734 bcopy (ip, ret6, sz);
1739 bcopy (ip, ret6, sz);
1769 static char errbuf[PCAP_ERRBUF_SIZE];
1771 struct ip *ret = NULL;
1772 struct ip6_hdr *ret6 = NULL;
1778 struct in_addr inaddr;
1783 int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1784 if (interface == NULL)
1789 bzero (&src,
sizeof (src));
1790 inaddr.s_addr = dst->s6_addr32[3];
1795 struct in6_addr src;
1796 bzero (&src,
sizeof (src));
1799 if (interface == NULL)
1800 interface = pcap_lookupdev (errbuf);
1803 if (interface != NULL)
1808 nasl_perror (lexic,
"pcap_next: Could not get a bpf\n");
1821 gettimeofday (&then, NULL);
1824 packet = (
char *)
bpf_next (bpf, &len);
1831 gettimeofday (&now, NULL);
1832 if (now.tv_sec - then.tv_sec >= timeout)
1842 ip = (
struct ip *) (packet + dl_len);
1843 sz =
UNFIX (ip->ip_len);
1844 ret = g_malloc0 (sz);
1846 is_ip = (ip->ip_v == 4);
1849 bcopy (ip, ret, sz);
1854 bcopy (ip, ret, sz);
1860 ip = (
struct ip6_hdr *) (packet + dl_len);
1861 sz =
UNFIX (ip->ip6_plen);
1862 ret6 = g_malloc0 (sz);
1863 is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1866 bcopy (ip, ret6, sz);
1871 bcopy (ip, ret6, sz);
tree_cell * forge_icmp_packet(lex_ctxt *lexic)
tree_cell * forge_ip_packet(lex_ctxt *lexic)
tree_cell * get_icmp_element(lex_ctxt *lexic)
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
tree_cell * get_tcp_element(lex_ctxt *lexic)
tree_cell * nasl_pcap_next(lex_ctxt *lexic)
tree_cell * get_udp_element(lex_ctxt *lexic)
tree_cell * nasl_send_capture(lex_ctxt *lexic)
tree_cell * nasl_send(lex_ctxt *lexic)
tree_cell * get_ip_element(lex_ctxt *lexic)
struct tcp_packet tcpheader
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
tree_cell * forge_tcp_packet(lex_ctxt *lexic)
long int get_int_local_var_by_name(lex_ctxt *, const char *, int)
tree_cell * dump_udp_packet(lex_ctxt *lexic)
int get_datalink_size(int datalink)
int get_local_var_size_by_name(lex_ctxt *, const char *)
char * get_str_local_var_by_name(lex_ctxt *, const char *)
tree_cell * dump_tcp_packet(lex_ctxt *lexic)
tree_cell * set_tcp_elements(lex_ctxt *lexic)
int bpf_datalink(int bpf)
int get_var_size_by_num(lex_ctxt *, int)
int bpf_open_live(char *iface, char *filter)
tree_cell * set_udp_elements(lex_ctxt *lexic)
tree_cell * forge_igmp_packet(lex_ctxt *lexic)
struct in6_addr * plug_get_host_ip(struct arglist *desc)
tree_cell * set_ip_elements(lex_ctxt *lexic)
tree_cell * forge_udp_packet(lex_ctxt *lexic)
void nasl_perror(lex_ctxt *lexic, char *msg,...)
struct ip * capture_next_packet(int bpf, int timeout, int *sz)
char * get_str_var_by_num(lex_ctxt *, int)
tree_cell * nasl_tcp_v6_ping(lex_ctxt *lexic)
Performs TCP Connect to test if host is alive.
struct timeval timeval(unsigned long val)
tree_cell * dump_ip_packet(lex_ctxt *lexic)
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
tree_cell * alloc_tree_cell(int lnb, char *s)
u_char * bpf_next(int bpf, int *caplen)
unsigned int plug_get_host_open_port(struct arglist *desc)
struct arglist * script_infos
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
tree_cell * insert_ip_options(lex_ctxt *lexic)
int init_capture_device(struct in_addr src, struct in_addr dst, char *filter)
Set up the pcap filter, and select the correct interface.
tree_cell * nasl_send_packet(lex_ctxt *lexic)
tree_cell * nasl_tcp_ping(lex_ctxt *lexic)
int get_var_size_by_name(lex_ctxt *, const char *)