OpenVAS Libraries  9.0.3
nasl_builtin_synscan.c
Go to the documentation of this file.
1 /* OpenVAS
2 * $Id$
3 * Description: Port scanner Synscan
4 *
5 * Authors:
6 * Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
7 *
8 * Copyright:
9 * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2,
13 * as published by the Free Software Foundation
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
23 *
24 *
25 */
26 
27 /* legacy feature macro */
28 #define _BSD_SOURCE 1
29 /* new feature macros that provides the same plus more */
30 #define _DEFAULT_SOURCE 1
31 
32 #include <unistd.h> /* for close() */
33 #include <stdlib.h> /* for rand() */
34 #include <arpa/inet.h> /* for AF_INET */
35 #include <string.h> /* for memcpy() */
36 #include <netinet/tcp.h> /* for TH_SYN */
37 #include <netinet/ip.h>
38 
39 #include "../misc/arglists.h" /* for struct arglist */
40 #include "../misc/bpf_share.h" /* for bpf_open_live */
41 #include "../misc/pcap_openvas.h" /* for get_datalink_size */
42 #include "../misc/plugutils.h" /* for scanner_add_port */
43 #include "../misc/openvas_logging.h"
44 #include "../misc/prefs.h" /* for prefs_get */
45 #include "../misc/network.h" /* for getpts */
46 
47 #include "nasl_lex_ctxt.h"
48 
49 #undef SHOW_RETRIES
50 #undef SHOW_RTT_REMOVAL
51 
52 #define NUM_RETRIES 2
53 
54 #if 0
55 /* Enable when running standalone. */
56 #define DEBUG 1
57 #endif
58 
59 /*----------------------------------------------------------------------------*/
60 struct pseudohdr {
61  struct in_addr saddr;
62  struct in_addr daddr;
63  u_char zero;
64  u_char protocol;
65  u_short length;
66  struct tcphdr tcpheader;
67 };
68 
69 
70 static int
71 in_cksum (u_short *p, int n)
72 {
73  register u_short answer;
74  register unsigned long sum = 0;
75  u_short odd_byte = 0;
76 
77  while (n > 1) {
78  sum += *p++;
79  n -= 2;
80  }
81 
82  /* mop up an odd byte, if necessary */
83  if (n == 1) {
84  *(u_char *) (&odd_byte) = *(u_char *) p;
85  sum += odd_byte;
86  }
87  sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
88  sum += (sum >> 16); /* add carry */
89  answer = (int) ~sum; /* ones-complement, truncate */
90  return (answer);
91 }
92 
93 
94 unsigned long
96 {
97  struct timeval tv;
98  unsigned long ret;
99 
100  gettimeofday(&tv, NULL);
101 
102  ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
103 
104  return htonl (ret);
105 }
106 
107 
108 struct timeval
109 timeval (unsigned long val)
110 {
111  struct timeval ret;
112  unsigned int h, l;
113 
114  val = ntohl (val);
115 
116  h = ( val & 0xF0000000 ) >> 28;
117  l = ( val & 0x0FFFFFFF) << 4;
118 
119  ret.tv_sec = h;
120  ret.tv_usec = l;
121  while ( ret.tv_usec >= 1000000 )
122  {
123  ret.tv_usec -= 1000000;
124  ret.tv_sec ++;
125  }
126 
127  if ( ret.tv_sec > 2 ) {
128  ret.tv_sec = 2;
129  ret.tv_usec = 0;
130  }
131  return ret;
132 }
133 
134 
135 unsigned long
136 compute_rtt (unsigned long then)
137 {
138  unsigned long now = maketime();
139  unsigned long res;
140  unsigned long a, b;
141 
142  a = (unsigned long) ntohl(now);
143  b = (unsigned long) ntohl(then);
144 
145 
146  if (b > a) {
147  return 0;
148  }
149  res = a - b;
150  if ( res >= (1 << 28) )
151  res = 1 << 28;
152 
153  return htonl(res);
154 }
155 
156 
157 int
158 packetdead (unsigned long then, unsigned long rtt)
159 {
160  unsigned long now = maketime();
161 
162  then = ntohl(then);
163  now = ntohl(now);
164 
165  if ((now - then) >= 2 << 28 ) {
166  return 1;
167  }
168 
169  return 0;
170 }
171 
172 
176 int
177 rawsocket (int family)
178 {
179  int soc;
180  int opt = 1;
181  int offset = 8;
182 
183  if (family == AF_INET)
184  {
185  soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
186  if (soc < 0)
187  {
188  perror ("socket ");
189  printf ("error opeinig socket\n");
190  return -1;
191  }
192  if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, /*(char *) */&opt, sizeof (opt)) < 0)
193  {
194  perror ("setsockopt ");
195  printf ("error setting socket opt\n");
196  close (soc);
197  return -1;
198  }
199  }
200  else
201  {
202  soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
203  if (soc < 0)
204  {
205  perror ("socket ");
206  printf ("error opeinig socket\n");
207  return -1;
208  }
209  setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset, sizeof (offset));
210  }
211 
212  return soc;
213 }
214 
215 
226 int
227 openbpf (struct in_addr dst, struct in_addr * src, int magic)
228 {
229  char *iface;
230  char filter[255];
231  int bpf;
232 
233  iface = routethrough (&dst, src);
234 #ifdef DEBUG
235  printf ("Source address found via routethrough: %s\n", inet_ntoa (*src));
236 #endif
237  snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d", inet_ntoa (dst), magic);
238 #ifdef DEBUG
239  printf ("Open bpf on interface %s with filter: %s\n", iface, filter);
240 #endif
241  bpf = bpf_open_live (iface, filter);
242  return bpf;
243 }
244 
245 
246 int
247 v6_openbpf (struct in6_addr *dst, struct in6_addr * src, int magic)
248 {
249  char *iface;
250  char filter[255];
251  char hostname[INET6_ADDRSTRLEN];
252  int bpf;
253 
254  iface = v6_routethrough(dst, src);
255 
256  snprintf (filter, sizeof(filter), "tcp and src host %s and dst port %d",
257  inet_ntop (AF_INET6, dst, hostname, sizeof (hostname)), magic);
258  bpf = bpf_open_live (iface, filter);
259  if (bpf < 0)
260  printf("bpf_open_live returned error\n");
261  return bpf;
262 }
263 /*----------------------------------------------------------------------------*/
264 
265 
266 struct list {
267  unsigned short dport;
268  unsigned long when;
269  int retries;
270  struct list *prev;
271  struct list *next;
272 };
273 
274 
279 struct list*
280 get_packet (struct list * l, unsigned short dport)
281 {
282  while (l != NULL)
283  {
284  if (l->dport == dport)
285  return l;
286  else
287  l = l->next;
288  }
289  return NULL;
290 }
291 
292 
297 struct list*
298 add_packet (struct list * l, unsigned short dport, unsigned long ack)
299 {
300  struct list *ret;
301 
302  ret = get_packet (l, dport);
303  if (ret != NULL)
304  {
305 #ifdef SHOW_RETRIES
306  printf ("RETRIES FOR %d = %d\n", dport, ret->retries);
307 #endif
308  ret->retries++;
309  ret->when = ack;
310  return l;
311  }
312  ret = g_malloc0 (sizeof (struct list));
313 
314  ret->next = l;
315  ret->prev = NULL;
316  if (ret->next != NULL)
317  ret->next->prev = ret;
318 
319  ret->dport = dport;
320  ret->when = ack;
321  ret->retries = 0;
322  return ret;
323 }
324 
325 
326 struct list*
327 rm_packet (struct list * l, unsigned short dport)
328 {
329  struct list *ret = l;
330  struct list *p = get_packet (l, dport);
331 
332  if (p == NULL)
333  {
334 #if DEBUG > 1
335  log_legacy_write ("Odd - no entry for %d - RTT too low ?!", dport);
336 #endif
337  return l;
338  }
339  if (p->next != NULL)
340  p->next->prev = p->prev;
341 
342  if (p->prev != NULL)
343  p->prev->next = p->next;
344  else
345  ret = p->next;
346 
347  g_free(p);
348  return ret;
349 }
350 
351 struct list*
352 rm_dead_packets (struct list * l, unsigned long rtt, int *retry)
353 {
354  struct list *ret = l;
355  struct list *p = l;
356 
357 
358  *retry = 0;
359  while (p != NULL) {
360  struct list *next = p->next;
361  if (packetdead(p->when, rtt)) {
362  if (p->retries < NUM_RETRIES) {
363 #ifdef SHOW_RETRIES
364  printf("Will retry port %d\n", p->dport);
365 #endif
366  *retry = p->dport;
367  } else {
368 #ifdef SHOW_RTT_REMOVAL
369  printf("Removing port %d (RTT elapsed)\n", p->dport);
370 #endif
371  if (p->next != NULL)
372  p->next->prev = p->prev;
373 
374  if (p->prev != NULL)
375  p->prev->next = p->next;
376  else
377  ret = p->next;
378  g_free(p);
379  }
380  }
381  p = next;
382  }
383  return ret;
384 }
385 
386 
387 
388 /*-----------------------------------------------------------------------------*/
389 
390 
391 struct tcphdr *
392 extracttcp (char * pkt, int len)
393 {
394  struct ip * ip;
395  struct tcphdr *tcp;
396 
397  ip = (struct ip*)pkt;
398  if(ip->ip_hl * 4 + sizeof (struct tcphdr) > len)
399  return NULL;
400 
401  tcp = (struct tcphdr*)(pkt + ip->ip_hl * 4);
402  return tcp;
403 }
404 
405 struct tcphdr *
406 v6_extracttcp (char * pkt, int len)
407 {
408  struct tcphdr *tcp;
409  tcp = (struct tcphdr*)(pkt + 40);
410  return tcp;
411 }
412 
413 
414 unsigned long
415 extractack (char *pkt, int len, int family)
416 {
417  unsigned long ret;
418  struct tcphdr *tcp;
419  if(family == AF_INET)
420  tcp = extracttcp(pkt, len);
421  else
422  tcp = v6_extracttcp(pkt, len);
423 
424  if( tcp == NULL )
425  return -1;
426 
427  ret = htonl(ntohl(tcp->th_ack) - 1);
428  return ret;
429 }
430 
431 
432 unsigned short
433 extractsport (char *pkt, int len, int family)
434 {
435  struct tcphdr *tcp;
436 
437  if(family == AF_INET)
438  tcp = extracttcp(pkt, len);
439  else
440  tcp = v6_extracttcp(pkt, len);
441 
442  if(tcp == NULL)return 0;
443 
444  return ntohs(tcp->th_sport);
445 }
446 
447 int
448 issynack (char *pkt, int len, int family)
449 {
450  struct tcphdr *tcp;
451 
452  if (family == AF_INET)
453  tcp = extracttcp(pkt, len);
454  else
455  tcp = v6_extracttcp(pkt, len);
456 
457  if (tcp == NULL)
458  return 0;
459 
460  return tcp->th_flags == (TH_SYN | TH_ACK);
461 }
462 
463 char*
464 mktcp (struct in_addr src, int sport, struct in_addr dst, int dport,
465  unsigned long th_ack, unsigned char flag)
466 {
467  static char pkt[sizeof (struct ip) + sizeof (struct tcphdr)];
468  struct ip *ip;
469  struct tcphdr *tcp;
470  struct pseudohdr pseudohdr;
471  char tcpsumdata[sizeof(pseudohdr)];
472 
473  ip = (struct ip *) (&pkt);
474  ip->ip_hl = 5;
475  ip->ip_v = 4;
476  ip->ip_tos = 0;
477  ip->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
478  ip->ip_id = rand();
479  ip->ip_off = 0;
480  ip->ip_ttl = 64;
481  ip->ip_p = IPPROTO_TCP;
482  ip->ip_sum = 0;
483  ip->ip_src.s_addr = src.s_addr;
484  ip->ip_dst.s_addr = dst.s_addr;
485  ip->ip_sum = in_cksum ((u_short *) pkt, sizeof (struct ip));
486 
487  tcp = (struct tcphdr *) (&(pkt[sizeof (struct ip)]));
488  tcp->th_sport = htons(sport);
489  tcp->th_dport = htons(dport);
490  tcp->th_seq = th_ack;
491  tcp->th_ack = 0;
492  tcp->th_x2 = 0;
493  tcp->th_off = 5;
494  tcp->th_flags = flag;
495  tcp->th_win = 4096;
496  tcp->th_sum = 0;
497  tcp->th_urp = 0;
498 
499  bzero(&pseudohdr, 12);
500  pseudohdr.saddr.s_addr = src.s_addr;
501  pseudohdr.daddr.s_addr = dst.s_addr;
502  pseudohdr.protocol = IPPROTO_TCP;
503  pseudohdr.length = htons(sizeof (struct tcphdr));
504  bcopy((char *) tcp, (char *) &pseudohdr.tcpheader, sizeof (struct tcphdr));
505  bcopy(&pseudohdr, tcpsumdata, sizeof (struct pseudohdr));
506  tcp->th_sum = in_cksum((unsigned short *) tcpsumdata, 12 + sizeof (struct tcphdr));
507 
508  return pkt;
509 }
510 
511 char *
512 mktcpv6 (struct in6_addr *src, int sport, struct in6_addr *dst, int dport,
513  unsigned long th_ack, unsigned char flag)
514 {
515  static char pkt[sizeof (struct tcphdr)];
516  struct tcphdr *tcp;
517 
518  tcp = (struct tcphdr *) (&(pkt[0]));
519  tcp->th_sport = htons(sport);
520  tcp->th_dport = htons(dport);
521  tcp->th_ack = htonl (rand ());
522  tcp->th_seq = th_ack;
523  tcp->th_off = 5;
524  tcp->th_flags = flag;
525  tcp->th_win = htons (5760);
526  tcp->th_urp = 0;
527  tcp->th_sum = 2;
528 
529  return pkt;
530 }
531 /*--------------------------------------------------------------------*/
532 
537 struct list*
538 sendpacket (int soc, int bpf, int skip, struct in_addr dst, struct in_addr src,
539  int dport, int magic, struct list * packets, unsigned long * rtt,
540  int sniff, struct arglist * env)
541 {
542  unsigned long ack = maketime();
543  char *pkt = mktcp (src, magic, dst, dport, ack, TH_SYN);
544  int len;
545  char *res;
546  struct sockaddr_in soca;
547  struct timeval rtt_tv = timeval(*rtt);
548  int family = AF_INET;
549 
550  bzero (&soca, sizeof (soca));
551  soca.sin_family = AF_INET;
552  soca.sin_addr = dst;
553 
554  rtt_tv.tv_sec *= 1000;
555  rtt_tv.tv_sec /= 8;
556 
557  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
558  rtt_tv.tv_sec /= 1000;
559  if (rtt_tv.tv_sec >= 1)
560  {
561  rtt_tv.tv_sec = 1;
562  rtt_tv.tv_usec = 0;
563  }
564 
565  if (dport != 0) {
566  int e;
567  packets = add_packet(packets, dport, ack);
568  e = sendto(soc, pkt, sizeof(struct ip) + sizeof(struct tcphdr), 0, (struct sockaddr *) & soca, sizeof(soca));
569  if (e < 0) {
570  perror("sendto ");
571  close(soc);
572  bpf_close(bpf);
573  return NULL;
574  }
575  }
576  if (sniff != 0) {
577 again:
578  res = (char *) bpf_next_tv (bpf, &len, &rtt_tv);
579  if (res != NULL) {
580  unsigned short sport = extractsport(res + skip, len, family);
581  int synack = issynack(res + skip, len, family);
582  unsigned int rack = extractack(res + skip, len, family);
583  if (synack) {
584  char * rst;
585 #ifdef DEBUG
586  printf("=> Port %d is open\n", sport);
587 #endif
588  scanner_add_port (env, sport, "tcp");
589  /* Send a RST to make sure the connection is closed on the remote side */
590  rst = mktcp(src, magic, dst, sport, ack + 1, TH_RST);
591  sendto(soc, rst, sizeof(struct ip) + sizeof(struct tcphdr), 0, (struct sockaddr *) & soca, sizeof(soca));
592 
593  /* Adjust the rtt */
594  *rtt = compute_rtt(rack);
595  if (ntohl (*rtt) >= (1 << 28))
596  *rtt = 1 << 28;
597  }
598  packets = rm_packet(packets, sport);
599  rtt_tv.tv_sec = 0;
600  rtt_tv.tv_usec = 0;
601  goto again;
602  }
603  }
604  return packets;
605 }
606 
607 struct list *
608 v6_sendpacket (int soc, int bpf, int skip, struct in6_addr *dst,
609  struct in6_addr *src, int dport, int magic,
610  struct list * packets, unsigned long * rtt, int sniff,
611  struct arglist * env)
612 {
613  unsigned long ack = maketime();
614  char *pkt = mktcpv6(src, magic, dst, dport, ack, TH_SYN);
615  int len;
616  char *res;
617  struct sockaddr_in6 soca;
618  struct timeval rtt_tv = timeval(*rtt);
619 
620  bzero(&soca, sizeof(soca));
621  soca.sin6_family = AF_INET6;
622  memcpy(&soca.sin6_addr,dst, sizeof(struct in6_addr));
623  rtt_tv.tv_sec *= 1000;
624  rtt_tv.tv_sec /= 8;
625 
626  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
627  rtt_tv.tv_sec /= 1000;
628  if ( rtt_tv.tv_sec >= 1 )
629  {
630  rtt_tv.tv_sec = 1;
631  rtt_tv.tv_usec = 0;
632  }
633 
634  if (dport != 0) {
635  int e;
636  packets = add_packet(packets, dport, ack);
637  e = sendto(soc, pkt,sizeof(struct tcphdr), 0, (struct sockaddr *) & soca, sizeof(soca));
638  if (e < 0) {
639  log_legacy_write ("sendto error in v6_sendpacket");
640  perror("sendto ");
641  close(soc);
642  bpf_close(bpf);
643  return NULL;
644  }
645  }
646  if (sniff != 0) {
647  res = (char *) bpf_next(bpf, &len);
648  if (res != NULL) {
649  unsigned short sport = extractsport(res + skip, len, AF_INET6);
650  int synack = issynack(res + skip, len, AF_INET6);
651  if (synack) {
652  char * rst;
653 #ifdef DEBUG
654  printf("=> Port %d is open\n", sport);
655 #endif
656  scanner_add_port(env, sport, "tcp");
657  /* Send a RST to make sure the connection is closed on the remote side */
658  rst = mktcpv6(src, magic, dst, sport, ack + 1, TH_RST);
659  sendto(soc, rst, sizeof(struct tcphdr), 0, (struct sockaddr *) & soca, sizeof(soca));
660  }
661  packets = rm_packet(packets, sport);
662  }
663  }
664  return packets;
665 }
666 
667 
671 int
672 scan (struct arglist * env, char* hostname, char* portrange,
673  struct in6_addr *dst6, unsigned long rtt)
674 {
675  int num;
676  int soc;
677  int bpf;
678  struct in_addr src;
679  struct in_addr dst;
680  struct in6_addr src6;
681  int magic = 4441 + (rand() % 1200);
682  int skip;
683  int i;
684  struct list *packets = NULL;
685  int retry;
686  unsigned short *ports;
687  int family;
688 
689  dst.s_addr = 0;
690 
691  if (IN6_IS_ADDR_V4MAPPED (dst6))
692  {
693  family = AF_INET;
694  dst.s_addr = dst6->s6_addr32[3];
695  soc = rawsocket (AF_INET);
696  }
697  else
698  {
699  family = AF_INET6;
700  soc = rawsocket (AF_INET6);
701  }
702 #ifdef DEBUG
703  printf ("===> Port range = %s\n", portrange);
704  printf ("===> Target IP Family = %s\n", (family == AF_INET6) ? "v6"
705  : "v4");
706  printf ("===> Target = %s\n", inet_ntoa (dst));
707 #endif
708 
709  ports = (unsigned short *) getpts (portrange, &num);
710 
711  if (soc < 0)
712  {
713  printf ("error opening raw socket\n");
714  return -1;
715  }
716 
717  if (family == AF_INET)
718  bpf = openbpf (dst, &src, magic);
719  else
720  bpf = v6_openbpf (dst6, &src6, magic);
721  skip = get_datalink_size (bpf_datalink (bpf));
722 
724  for (i = 0; i < num ; i += 2)
725  {
726 #ifdef DEBUG
727  printf ("====> Sending packet to (at least) %u\n", ports[i]);
728 #endif
729  if (family == AF_INET)
730  packets = sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
731  packets, &rtt, 0, env);
732  else
733  packets = v6_sendpacket (soc, bpf, skip, dst6, &src6, ports[i], magic,
734  packets, &rtt, 0, env);
735  if (i + 1 < num)
736  {
737 #ifdef DEBUG
738  printf ("=====>> Sniffing %u\n", ports[i+1]);
739 #endif
740  if (family == AF_INET)
741  packets = sendpacket (soc, bpf, skip, dst, src, ports[i + 1],
742  magic, packets, &rtt, 1, env);
743  else
744  packets = v6_sendpacket (soc, bpf, skip, dst6, &src6, ports[i + 1],
745  magic, packets, &rtt, 1, env);
746  }
747  }
748 
749 #ifdef DEBUG
750  printf ("Done with the sending\n");
751 #endif
752 
754  if (family == AF_INET)
755  {
756  while (packets != NULL)
757  {
758 #ifdef DEBUG
759  printf ("===> Retry...\n");
760 #endif
761  i = 0;
762  retry = 0;
763  packets = rm_dead_packets (packets, rtt, &retry);
764  while (retry != 0 && i < 2)
765  {
766  packets = sendpacket (soc, bpf, skip, dst, src, retry, magic,
767  packets, &rtt, 0, env);
768  packets = rm_dead_packets (packets, rtt, &retry);
769  i++;
770  }
771  packets = sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
772  &rtt, 1, env);
773  }
774  }
775 
776  close (soc);
777  bpf_close (bpf);
778  if (ports != NULL)
779  g_free (ports);
780  if (num >= 65535)
781  plug_set_key (env, "Host/full_scan", ARG_INT, (void*) 1);
782 
783  return 0;
784 }
785 
786 
787 tree_cell *
789 {
790  struct arglist *env = lexic->script_infos;
791  unsigned long rtt;
792  struct in6_addr *dst6 = plug_get_host_ip (env);
793  struct in_addr *dst;
794  struct in_addr inaddr;
795 #ifdef DEBUG
796  struct timeval tv;
797 #endif
798 
799  inaddr.s_addr = dst6->s6_addr32[3];
800  dst = &inaddr;
801 
802  if (islocalhost (dst))
803  return NULL;
804 
805  rtt = htonl (1 << 28);
806 
807 #ifdef DEBUG
808  printf ("RTT = 0x%.8x\n", ntohl (rtt));
809  tv = timeval (rtt);
810  printf ("That's %ld seconds and %ld usecs\n", tv.tv_sec, tv.tv_usec);
811 #endif
812 
813  struct host_info *hostinfo = arg_get_value (env, "HOSTNAME");
814  char *hostname = hostinfo->name;
815  const char *range = prefs_get ("port_range");
816  scan (env, hostname, (char *)range, dst6, rtt);
817  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
818  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void*)1);
819  return NULL;
820 }
#define NUM_RETRIES
#define ARG_INT
Definition: arglists.h:40
int rawsocket(int family)
Opens and returns a raw socket.
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:1061
unsigned long extractack(char *pkt, int len, int family)
const char * val
Definition: nasl_init.c:525
struct list * add_packet(struct list *l, unsigned short dport, unsigned long ack)
If no packet with dport is in list, prepends a "packet" to the.
char * mktcp(struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)
void plug_set_key(struct arglist *args, char *name, int type, const void *value)
Definition: plugutils.c:658
struct in_addr saddr
Definition: ids_send.c:132
tree_cell * plugin_run_synscan(lex_ctxt *lexic)
struct list * rm_packet(struct list *l, unsigned short dport)
struct tcp_packet tcpheader
Definition: ids_send.c:137
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface...
Definition: pcap.c:415
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
void bpf_close(int bpf)
Definition: bpf_share.c:153
unsigned long compute_rtt(unsigned long then)
struct in_addr daddr
Definition: ids_send.c:133
const gchar * prefs_get(const gchar *key)
Get a string preference value via a key.
Definition: prefs.c:86
char * mktcpv6(struct in6_addr *src, int sport, struct in6_addr *dst, int dport, unsigned long th_ack, unsigned char flag)
int get_datalink_size(int datalink)
Definition: pcap.c:442
u_short length
Definition: ids_send.c:136
int bpf_datalink(int bpf)
Definition: bpf_share.c:146
struct list * get_packet(struct list *l, unsigned short dport)
u_char zero
Definition: ids_send.c:134
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
Definition: network.c:2416
unsigned short extractsport(char *pkt, int len, int family)
char * name
Definition: network.h:58
Definition: nasl_tree.h:105
u_char protocol
Definition: ids_send.c:135
int bpf_open_live(char *iface, char *filter)
Definition: bpf_share.c:40
unsigned short dport
int v6_openbpf(struct in6_addr *dst, struct in6_addr *src, int magic)
A port range.
struct in6_addr * plug_get_host_ip(struct arglist *desc)
Definition: plugutils.c:216
struct list * sendpacket(int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct arglist *env)
int issynack(char *pkt, int len, int family)
void scanner_add_port(struct arglist *args, int port, char *proto)
Definition: plugutils.c:703
struct tcphdr * extracttcp(char *pkt, int len)
struct list * v6_sendpacket(int soc, int bpf, int skip, struct in6_addr *dst, struct in6_addr *src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct arglist *env)
int packetdead(unsigned long then, unsigned long rtt)
int scan(struct arglist *env, char *hostname, char *portrange, struct in6_addr *dst6, unsigned long rtt)
struct timeval timeval(unsigned long val)
unsigned long when
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:1244
u_char * bpf_next(int bpf, int *caplen)
Definition: bpf_share.c:137
struct list * prev
struct list * rm_dead_packets(struct list *l, unsigned long rtt, int *retry)
unsigned long maketime()
struct arglist * script_infos
Definition: nasl_lex_ctxt.h:39
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
Definition: bpf_share.c:104
struct tcphdr * v6_extracttcp(char *pkt, int len)
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
struct list * next
int openbpf(struct in_addr dst, struct in_addr *src, int magic)
Opens a packet filter, grabs packets from dst to port magic.