OpenVAS Scanner  22.7.9
nasl_builtin_synscan.c
Go to the documentation of this file.
1 /* SPDX-FileCopyrightText: 2023 Greenbone AG
2  * SPDX-FileCopyrightText: 1998-2006 Tenable Network Security, Inc.
3  *
4  * SPDX-License-Identifier: GPL-2.0-only
5  */
6 
12 /* legacy feature macro */
13 #define _BSD_SOURCE 1
14 /* new feature macros that provides the same plus more */
15 #define _DEFAULT_SOURCE 1
16 #undef _SVID_SOURCE
17 
18 #include "../misc/bpf_share.h" /* for bpf_open_live */
19 #include "../misc/network.h" /* for getpts */
20 #include "../misc/pcap_openvas.h" /* for get_datalink_size */
21 #include "../misc/plugutils.h" /* for scanner_add_port */
22 #include "nasl_builtin_plugins.h"
23 #include "nasl_lex_ctxt.h"
24 
25 #include <arpa/inet.h> /* for AF_INET */
26 #include <gvm/base/logging.h>
27 #include <gvm/base/prefs.h> /* for prefs_get */
28 #include <netinet/ip.h>
29 #include <netinet/tcp.h> /* for TH_SYN */
30 #include <stdlib.h> /* for rand() */
31 #include <string.h> /* for memcpy() */
32 #include <unistd.h> /* for close() */
33 
34 #undef SHOW_RETRIES
35 #undef SHOW_RTT_REMOVAL
36 
37 #define NUM_RETRIES 2
38 
39 #undef G_LOG_DOMAIN
40 
43 #define G_LOG_DOMAIN "lib nasl"
44 /*----------------------------------------------------------------------------*/
45 struct pseudohdr
46 {
47  struct in_addr saddr;
48  struct in_addr daddr;
49  u_char zero;
50  u_char protocol;
51  u_short length;
52  struct tcphdr tcpheader;
53 };
54 
55 static int
56 in_cksum (u_short *p, int n)
57 {
58  register u_short answer;
59  register unsigned long sum = 0;
60  u_short odd_byte = 0;
61 
62  while (n > 1)
63  {
64  sum += *p++;
65  n -= 2;
66  }
67 
68  /* mop up an odd byte, if necessary */
69  if (n == 1)
70  {
71  *(u_char *) (&odd_byte) = *(u_char *) p;
72  sum += odd_byte;
73  }
74  sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
75  sum += (sum >> 16); /* add carry */
76  answer = (int) ~sum; /* ones-complement, truncate */
77  return (answer);
78 }
79 
80 static unsigned long
82 {
83  struct timeval tv;
84  unsigned long ret;
85 
86  gettimeofday (&tv, NULL);
87 
88  ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
89 
90  return htonl (ret);
91 }
92 
93 static struct timeval
94 timeval (unsigned long val)
95 {
96  struct timeval ret;
97  unsigned int h, l;
98 
99  val = ntohl (val);
100 
101  h = (val & 0xF0000000) >> 28;
102  l = (val & 0x0FFFFFFF) << 4;
103 
104  ret.tv_sec = h;
105  ret.tv_usec = l;
106  while (ret.tv_usec >= 1000000)
107  {
108  ret.tv_usec -= 1000000;
109  ret.tv_sec++;
110  }
111 
112  if (ret.tv_sec > 2)
113  {
114  ret.tv_sec = 2;
115  ret.tv_usec = 0;
116  }
117  return ret;
118 }
119 
120 static unsigned long
121 compute_rtt (unsigned long then)
122 {
123  unsigned long now = maketime ();
124  unsigned long res;
125  unsigned long a, b;
126 
127  a = (unsigned long) ntohl (now);
128  b = (unsigned long) ntohl (then);
129 
130  if (b > a)
131  {
132  return 0;
133  }
134  res = a - b;
135  if (res >= (1 << 28))
136  res = 1 << 28;
137 
138  return htonl (res);
139 }
140 
141 static int
142 packetdead (unsigned long then)
143 {
144  unsigned long now = maketime ();
145 
146  then = ntohl (then);
147  now = ntohl (now);
148 
149  if ((now - then) >= 2 << 28)
150  {
151  return 1;
152  }
153 
154  return 0;
155 }
156 
160 static int
161 rawsocket (int family)
162 {
163  int soc;
164  int opt = 1;
165  int offset = 8;
166 
167  if (family == AF_INET)
168  {
169  soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
170  if (soc < 0)
171  {
172  perror ("socket ");
173  printf ("error opeinig socket\n");
174  return -1;
175  }
176  if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, /*(char *) */ &opt,
177  sizeof (opt))
178  < 0)
179  {
180  perror ("setsockopt ");
181  printf ("error setting socket opt\n");
182  close (soc);
183  return -1;
184  }
185  }
186  else
187  {
188  soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
189  if (soc < 0
190  || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
191  sizeof (offset))
192  < 0)
193  {
194  perror ("socket ");
195  printf ("error opening socket\n");
196  if (soc >= 0)
197  close (soc);
198  return -1;
199  }
200  }
201 
202  return soc;
203 }
204 
215 static int
216 openbpf (struct in_addr dst, struct in_addr *src, int magic)
217 {
218  char *iface;
219  char filter[255];
220  int bpf;
221 
222  iface = routethrough (&dst, src);
223  snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
224  inet_ntoa (dst), magic);
225  bpf = bpf_open_live (iface, filter);
226  return bpf;
227 }
228 
229 static int
230 v6_openbpf (struct in6_addr *dst, struct in6_addr *src, int magic)
231 {
232  char *iface;
233  char filter[255];
234  char hostname[INET6_ADDRSTRLEN];
235  int bpf;
236 
237  iface = v6_routethrough (dst, src);
238 
239  snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
240  inet_ntop (AF_INET6, dst, hostname, sizeof (hostname)), magic);
241  bpf = bpf_open_live (iface, filter);
242  if (bpf < 0)
243  printf ("bpf_open_live returned error\n");
244  return bpf;
245 }
246 /*----------------------------------------------------------------------------*/
247 
248 struct list
249 {
250  unsigned short dport;
251  unsigned long when;
252  int retries;
253  struct list *prev;
254  struct list *next;
255 };
256 
261 static struct list *
262 get_packet (struct list *l, unsigned short dport)
263 {
264  while (l != NULL)
265  {
266  if (l->dport == dport)
267  return l;
268  else
269  l = l->next;
270  }
271  return NULL;
272 }
273 
278 static struct list *
279 add_packet (struct list *l, unsigned short dport, unsigned long ack)
280 {
281  struct list *ret;
282 
283  ret = get_packet (l, dport);
284  if (ret != NULL)
285  {
286 #ifdef SHOW_RETRIES
287  printf ("RETRIES FOR %d = %d\n", dport, ret->retries);
288 #endif
289  ret->retries++;
290  ret->when = ack;
291  return l;
292  }
293  ret = g_malloc0 (sizeof (struct list));
294 
295  ret->next = l;
296  ret->prev = NULL;
297  if (ret->next != NULL)
298  ret->next->prev = ret;
299 
300  ret->dport = dport;
301  ret->when = ack;
302  ret->retries = 0;
303  return ret;
304 }
305 
306 static struct list *
307 rm_packet (struct list *l, unsigned short dport)
308 {
309  struct list *ret = l;
310  struct list *p = get_packet (l, dport);
311 
312  if (p == NULL)
313  return l;
314  if (p->next != NULL)
315  p->next->prev = p->prev;
316 
317  if (p->prev != NULL)
318  p->prev->next = p->next;
319  else
320  ret = p->next;
321 
322  g_free (p);
323  return ret;
324 }
325 
326 static struct list *
327 rm_dead_packets (struct list *l, int *retry)
328 {
329  struct list *ret = l;
330  struct list *p = l;
331 
332  *retry = 0;
333  while (p != NULL)
334  {
335  struct list *next = p->next;
336  if (packetdead (p->when))
337  {
338  if (p->retries < NUM_RETRIES)
339  {
340 #ifdef SHOW_RETRIES
341  printf ("Will retry port %d\n", p->dport);
342 #endif
343  *retry = p->dport;
344  }
345  else
346  {
347 #ifdef SHOW_RTT_REMOVAL
348  printf ("Removing port %d (RTT elapsed)\n", p->dport);
349 #endif
350  if (p->next != NULL)
351  p->next->prev = p->prev;
352 
353  if (p->prev != NULL)
354  p->prev->next = p->next;
355  else
356  {
357  if (p->next == NULL)
358  {
359  g_free (p);
360  return NULL;
361  }
362  ret = p->next;
363  g_free (p);
364  }
365  }
366  }
367  p = next;
368  }
369  return ret;
370 }
371 
372 /*-----------------------------------------------------------------------------*/
373 
374 static struct tcphdr *
375 extracttcp (char *pkt, unsigned int len)
376 {
377  struct ip *ip;
378  struct tcphdr *tcp;
379 
380  ip = (struct ip *) pkt;
381  if (ip->ip_hl * 4 + sizeof (struct tcphdr) > len)
382  return NULL;
383 
384  tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
385  return tcp;
386 }
387 
388 static struct tcphdr *
389 v6_extracttcp (char *pkt)
390 {
391  struct tcphdr *tcp;
392  tcp = (struct tcphdr *) (pkt + 40);
393  return tcp;
394 }
395 
396 static unsigned long
397 extractack (char *pkt, int len, int family)
398 {
399  unsigned long ret;
400  struct tcphdr *tcp;
401  if (family == AF_INET)
402  tcp = extracttcp (pkt, len);
403  else
404  tcp = v6_extracttcp (pkt);
405 
406  if (tcp == NULL)
407  return -1;
408 
409  ret = htonl (ntohl (tcp->th_ack) - 1);
410  return ret;
411 }
412 
413 static unsigned short
414 extractsport (char *pkt, int len, int family)
415 {
416  struct tcphdr *tcp;
417 
418  if (family == AF_INET)
419  tcp = extracttcp (pkt, len);
420  else
421  tcp = v6_extracttcp (pkt);
422 
423  if (tcp == NULL)
424  return 0;
425 
426  return ntohs (tcp->th_sport);
427 }
428 
429 static int
430 issynack (char *pkt, int len, int family)
431 {
432  struct tcphdr *tcp;
433 
434  if (family == AF_INET)
435  tcp = extracttcp (pkt, len);
436  else
437  tcp = v6_extracttcp (pkt);
438 
439  if (tcp == NULL)
440  return 0;
441 
442  return tcp->th_flags == (TH_SYN | TH_ACK);
443 }
444 
445 static char *
446 mktcp (struct in_addr src, int sport, struct in_addr dst, int dport,
447  unsigned long th_ack, unsigned char flag)
448 {
449  static char pkt[sizeof (struct ip) + sizeof (struct tcphdr)];
450  struct ip *ip;
451  struct tcphdr *tcp;
452  struct pseudohdr pseudohdr;
453  char tcpsumdata[sizeof (pseudohdr)];
454 
455  ip = (struct ip *) (&pkt);
456  ip->ip_hl = 5;
457  ip->ip_v = 4;
458  ip->ip_tos = 0;
459  ip->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
460  ip->ip_id = rand ();
461  ip->ip_off = 0;
462  ip->ip_ttl = 64;
463  ip->ip_p = IPPROTO_TCP;
464  ip->ip_sum = 0;
465  ip->ip_src.s_addr = src.s_addr;
466  ip->ip_dst.s_addr = dst.s_addr;
467  ip->ip_sum = in_cksum ((u_short *) pkt, sizeof (struct ip));
468 
469  tcp = (struct tcphdr *) (&(pkt[sizeof (struct ip)]));
470  tcp->th_sport = htons (sport);
471  tcp->th_dport = htons (dport);
472  tcp->th_seq = th_ack;
473  tcp->th_ack = 0;
474  tcp->th_x2 = 0;
475  tcp->th_off = 5;
476  tcp->th_flags = flag;
477  tcp->th_win = 4096;
478  tcp->th_sum = 0;
479  tcp->th_urp = 0;
480 
481  bzero (&pseudohdr, sizeof (pseudohdr));
482  pseudohdr.saddr.s_addr = src.s_addr;
483  pseudohdr.daddr.s_addr = dst.s_addr;
484  pseudohdr.protocol = IPPROTO_TCP;
485  pseudohdr.length = htons (sizeof (struct tcphdr));
486  bcopy ((char *) tcp, (char *) &pseudohdr.tcpheader, sizeof (struct tcphdr));
487  bcopy (&pseudohdr, tcpsumdata, sizeof (struct pseudohdr));
488  tcp->th_sum =
489  in_cksum ((unsigned short *) tcpsumdata, 12 + sizeof (struct tcphdr));
490 
491  return pkt;
492 }
493 
494 static char *
495 mktcpv6 (int sport, int dport, unsigned long th_ack, unsigned char flag)
496 {
497  static char pkt[sizeof (struct tcphdr)];
498  struct tcphdr *tcp;
499 
500  tcp = (struct tcphdr *) (&(pkt[0]));
501  tcp->th_sport = htons (sport);
502  tcp->th_dport = htons (dport);
503  tcp->th_ack = htonl (rand ());
504  tcp->th_seq = th_ack;
505  tcp->th_off = 5;
506  tcp->th_flags = flag;
507  tcp->th_win = htons (5760);
508  tcp->th_urp = 0;
509  tcp->th_sum = 2;
510 
511  return pkt;
512 }
513 /*--------------------------------------------------------------------*/
514 
519 static struct list *
520 sendpacket (int soc, int bpf, int skip, struct in_addr dst, struct in_addr src,
521  int dport, int magic, struct list *packets, unsigned long *rtt,
522  int sniff, struct script_infos *env)
523 {
524  unsigned long ack = maketime ();
525  char *pkt = mktcp (src, magic, dst, dport, ack, TH_SYN);
526  int len;
527  char *res;
528  struct sockaddr_in soca;
529  struct timeval rtt_tv = timeval (*rtt);
530  int family = AF_INET;
531 
532  bzero (&soca, sizeof (soca));
533  soca.sin_family = AF_INET;
534  soca.sin_addr = dst;
535 
536  rtt_tv.tv_sec *= 1000;
537  rtt_tv.tv_sec /= 8;
538 
539  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
540  rtt_tv.tv_sec /= 1000;
541  if (rtt_tv.tv_sec >= 1)
542  {
543  rtt_tv.tv_sec = 1;
544  rtt_tv.tv_usec = 0;
545  }
546 
547  if (dport != 0)
548  {
549  int e;
550  packets = add_packet (packets, dport, ack);
551  e = sendto (soc, pkt, sizeof (struct ip) + sizeof (struct tcphdr), 0,
552  (struct sockaddr *) &soca, sizeof (soca));
553  if (e < 0)
554  {
555  perror ("sendto ");
556  close (soc);
557  bpf_close (bpf);
558  return NULL;
559  }
560  }
561  if (sniff != 0)
562  {
563  again:
564  res = (char *) bpf_next_tv (bpf, &len, &rtt_tv);
565  if (res != NULL)
566  {
567  unsigned short sport = extractsport (res + skip, len, family);
568  int synack = issynack (res + skip, len, family);
569  unsigned int rack = extractack (res + skip, len, family);
570  if (synack)
571  {
572  char *rst;
573  scanner_add_port (env, sport, "tcp");
574  /* Send a RST to make sure the connection is closed on the remote
575  * side */
576  rst = mktcp (src, magic, dst, sport, ack + 1, TH_RST);
577  if (sendto (soc, rst, sizeof (struct ip) + sizeof (struct tcphdr),
578  0, (struct sockaddr *) &soca, sizeof (soca))
579  < 0)
580  {
581  perror ("sendto ");
582  close (soc);
583  bpf_close (bpf);
584  return NULL;
585  }
586 
587  /* Adjust the rtt */
588  *rtt = compute_rtt (rack);
589  if (ntohl (*rtt) >= (1 << 28))
590  *rtt = 1 << 28;
591  }
592  packets = rm_packet (packets, sport);
593  rtt_tv.tv_sec = 0;
594  rtt_tv.tv_usec = 0;
595  goto again;
596  }
597  }
598  return packets;
599 }
600 
601 static struct list *
602 v6_sendpacket (int soc, int bpf, int skip, struct in6_addr *dst, int dport,
603  int magic, struct list *packets, unsigned long *rtt, int sniff,
604  struct script_infos *env)
605 {
606  unsigned long ack = maketime ();
607  char *pkt = mktcpv6 (magic, dport, ack, TH_SYN);
608  int len;
609  char *res;
610  struct sockaddr_in6 soca;
611  struct timeval rtt_tv = timeval (*rtt);
612 
613  bzero (&soca, sizeof (soca));
614  soca.sin6_family = AF_INET6;
615  memcpy (&soca.sin6_addr, dst, sizeof (struct in6_addr));
616  rtt_tv.tv_sec *= 1000;
617  rtt_tv.tv_sec /= 8;
618 
619  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
620  rtt_tv.tv_sec /= 1000;
621  if (rtt_tv.tv_sec >= 1)
622  {
623  rtt_tv.tv_sec = 1;
624  rtt_tv.tv_usec = 0;
625  }
626 
627  if (dport != 0)
628  {
629  int e;
630  packets = add_packet (packets, dport, ack);
631  e = sendto (soc, pkt, sizeof (struct tcphdr), 0,
632  (struct sockaddr *) &soca, sizeof (soca));
633  if (e < 0)
634  {
635  g_message ("sendto error in v6_sendpacket");
636  perror ("sendto ");
637  close (soc);
638  bpf_close (bpf);
639  return NULL;
640  }
641  }
642  if (sniff != 0)
643  {
644  res = (char *) bpf_next (bpf, &len);
645  if (res != NULL)
646  {
647  unsigned short sport = extractsport (res + skip, len, AF_INET6);
648  int synack = issynack (res + skip, len, AF_INET6);
649  if (synack)
650  {
651  char *rst;
652  scanner_add_port (env, sport, "tcp");
653  /* Send a RST to make sure the connection is closed on the remote
654  * side */
655  rst = mktcpv6 (magic, sport, ack + 1, TH_RST);
656  if (sendto (soc, rst, sizeof (struct tcphdr), 0,
657  (struct sockaddr *) &soca, sizeof (soca))
658  < 0)
659  {
660  perror ("sendto ");
661  close (soc);
662  bpf_close (bpf);
663  return NULL;
664  }
665  }
666  packets = rm_packet (packets, sport);
667  }
668  }
669  return packets;
670 }
671 
675 static int
676 scan (struct script_infos *env, char *portrange, struct in6_addr *dst6,
677  unsigned long rtt)
678 {
679  int num;
680  int soc;
681  int bpf;
682  struct in_addr src;
683  struct in_addr dst;
684  struct in6_addr src6;
685  int magic = 4441 + (rand () % 1200);
686  int skip;
687  int i;
688  struct list *packets = NULL;
689  int retry;
690  unsigned short *ports;
691  int family;
692 
693  dst.s_addr = 0;
694 
695  if (IN6_IS_ADDR_V4MAPPED (dst6))
696  {
697  family = AF_INET;
698  dst.s_addr = dst6->s6_addr32[3];
699  soc = rawsocket (AF_INET);
700  }
701  else
702  {
703  family = AF_INET6;
704  soc = rawsocket (AF_INET6);
705  }
706 
707  ports = (unsigned short *) getpts (portrange, &num);
708 
709  if (soc < 0)
710  {
711  printf ("error opening raw socket\n");
712  return -1;
713  }
714 
715  if (family == AF_INET)
716  bpf = openbpf (dst, &src, magic);
717  else
718  bpf = v6_openbpf (dst6, &src6, magic);
719  if (bpf < 0)
720  {
721  close (soc);
722  return -1;
723  }
724  skip = get_datalink_size (bpf_datalink (bpf));
725 
727  for (i = 0; i < num; i += 2)
728  {
729  if (family == AF_INET)
730  packets = sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
731  packets, &rtt, 0, env);
732  else
733  packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
734  &rtt, 0, env);
735  if (i + 1 < num)
736  {
737  g_debug ("=====>> Sniffing %u\n", ports[i + 1]);
738  if (family == AF_INET)
739  packets = sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
740  packets, &rtt, 1, env);
741  else
742  packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
743  packets, &rtt, 1, env);
744  }
745  }
746 
748  if (family == AF_INET)
749  {
750  while (packets != NULL)
751  {
752  i = 0;
753  retry = 0;
754  packets = rm_dead_packets (packets, &retry);
755  while (retry != 0 && i < 2)
756  {
757  packets = sendpacket (soc, bpf, skip, dst, src, retry, magic,
758  packets, &rtt, 0, env);
759  packets = rm_dead_packets (packets, &retry);
760  i++;
761  }
762  packets = sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
763  &rtt, 1, env);
764  }
765  }
766 
767  close (soc);
768  bpf_close (bpf);
769  if (ports != NULL)
770  g_free (ports);
771  if (num >= 65535)
772  plug_set_key (env, "Host/full_scan", ARG_INT, (void *) 1);
773 
774  return 0;
775 }
776 
777 tree_cell *
779 {
780  struct script_infos *env = lexic->script_infos;
781  unsigned long rtt;
782  struct in6_addr *dst6 = plug_get_host_ip (env);
783  struct in_addr *dst;
784  struct in_addr inaddr;
785 
786  inaddr.s_addr = dst6->s6_addr32[3];
787  dst = &inaddr;
788 
789  if (islocalhost (dst))
790  return NULL;
791 
792  rtt = htonl (1 << 28);
793 
794  const char *range = prefs_get ("port_range");
795  scan (env, (char *) range, dst6, rtt);
796  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
797  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void *) 1);
798  return NULL;
799 }
pseudohdr::saddr
struct in_addr saddr
Definition: nasl_builtin_synscan.c:47
compute_rtt
static unsigned long compute_rtt(unsigned long then)
Definition: nasl_builtin_synscan.c:121
script_infos
Definition: scanneraux.h:29
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
pseudohdr::tcpheader
struct tcphdr tcpheader
Definition: nasl_builtin_synscan.c:52
bpf_open_live
int bpf_open_live(char *iface, char *filter)
Definition: bpf_share.c:39
maketime
static unsigned long maketime()
Definition: nasl_builtin_synscan.c:81
packetdead
static int packetdead(unsigned long then)
Definition: nasl_builtin_synscan.c:142
openbpf
static int openbpf(struct in_addr dst, struct in_addr *src, int magic)
Opens a packet filter, grabs packets from dst to port magic.
Definition: nasl_builtin_synscan.c:216
v6_routethrough
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:841
sendpacket
static struct list * sendpacket(int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition: nasl_builtin_synscan.c:520
mktcpv6
static char * mktcpv6(int sport, int dport, unsigned long th_ack, unsigned char flag)
Definition: nasl_builtin_synscan.c:495
pseudohdr::daddr
struct in_addr daddr
Definition: nasl_builtin_synscan.c:48
bpf_close
void bpf_close(int bpf)
Definition: bpf_share.c:164
rawsocket
static int rawsocket(int family)
Opens and returns a raw socket.
Definition: nasl_builtin_synscan.c:161
NUM_RETRIES
#define NUM_RETRIES
Definition: nasl_builtin_synscan.c:37
pseudohdr::protocol
u_char protocol
Definition: nasl_builtin_synscan.c:50
getpts
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
Definition: network.c:2296
nasl_builtin_plugins.h
Header file for built-in plugins.
list::dport
unsigned short dport
Definition: nasl_builtin_synscan.c:250
rm_packet
static struct list * rm_packet(struct list *l, unsigned short dport)
Definition: nasl_builtin_synscan.c:307
add_packet
static struct list * add_packet(struct list *l, unsigned short dport, unsigned long ack)
If no packet with dport is in list, prepends a "packet" to the.
Definition: nasl_builtin_synscan.c:279
bpf_next_tv
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
Definition: bpf_share.c:119
v6_extracttcp
static struct tcphdr * v6_extracttcp(char *pkt)
Definition: nasl_builtin_synscan.c:389
nasl_lex_ctxt.h
extractsport
static unsigned short extractsport(char *pkt, int len, int family)
Definition: nasl_builtin_synscan.c:414
len
uint8_t len
Definition: nasl_packet_forgery.c:1
extractack
static unsigned long extractack(char *pkt, int len, int family)
Definition: nasl_builtin_synscan.c:397
pseudohdr::length
u_short length
Definition: nasl_builtin_synscan.c:51
islocalhost
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition: pcap.c:261
scanner_add_port
void scanner_add_port(struct script_infos *args, int port, char *proto)
Definition: plugutils.c:1049
pseudohdr::zero
u_char zero
Definition: nasl_builtin_synscan.c:49
bpf_datalink
int bpf_datalink(int bpf)
Definition: bpf_share.c:158
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30
get_packet
static struct list * get_packet(struct list *l, unsigned short dport)
Definition: nasl_builtin_synscan.c:262
pseudohdr
Definition: nasl_builtin_synscan.c:46
TC
Definition: nasl_tree.h:94
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:23
get_datalink_size
int get_datalink_size(int datalink)
Definition: pcap.c:288
plugin_run_synscan
tree_cell * plugin_run_synscan(lex_ctxt *lexic)
Definition: nasl_builtin_synscan.c:778
extracttcp
static struct tcphdr * extracttcp(char *pkt, unsigned int len)
Definition: nasl_builtin_synscan.c:375
ARG_INT
#define ARG_INT
Definition: plugutils.h:20
list::prev
struct list * prev
Definition: nasl_builtin_synscan.c:253
in_cksum
static int in_cksum(u_short *p, int n)
Definition: nasl_builtin_synscan.c:56
list::retries
int retries
Definition: nasl_builtin_synscan.c:252
hostname
const char * hostname
Definition: pluginlaunch.c:68
val
const char * val
Definition: nasl_init.c:412
list::when
unsigned long when
Definition: nasl_builtin_synscan.c:251
v6_sendpacket
static struct list * v6_sendpacket(int soc, int bpf, int skip, struct in6_addr *dst, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition: nasl_builtin_synscan.c:602
bpf_next
u_char * bpf_next(int bpf, int *caplen)
Definition: bpf_share.c:150
scan
static int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
Definition: nasl_builtin_synscan.c:676
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition: plugutils.c:962
mktcp
static char * mktcp(struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)
Definition: nasl_builtin_synscan.c:446
rm_dead_packets
static struct list * rm_dead_packets(struct list *l, int *retry)
Definition: nasl_builtin_synscan.c:327
list::next
struct list * next
Definition: nasl_builtin_synscan.c:254
routethrough
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:1060
issynack
static int issynack(char *pkt, int len, int family)
Definition: nasl_builtin_synscan.c:430
list
Definition: nasl_builtin_synscan.c:249
v6_openbpf
static int v6_openbpf(struct in6_addr *dst, struct in6_addr *src, int magic)
Definition: nasl_builtin_synscan.c:230