15 #define _DEFAULT_SOURCE 1
18 #include "../misc/bpf_share.h"
19 #include "../misc/network.h"
20 #include "../misc/pcap_openvas.h"
21 #include "../misc/plugutils.h"
25 #include <arpa/inet.h>
26 #include <gvm/base/logging.h>
27 #include <gvm/base/prefs.h>
28 #include <netinet/ip.h>
29 #include <netinet/tcp.h>
35 #undef SHOW_RTT_REMOVAL
43 #define G_LOG_DOMAIN "lib nasl"
58 register u_short answer;
59 register unsigned long sum = 0;
71 *(u_char *) (&odd_byte) = *(u_char *) p;
74 sum = (sum >> 16) + (sum & 0xffff);
86 gettimeofday (&tv, NULL);
88 ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
101 h = (
val & 0xF0000000) >> 28;
102 l = (
val & 0x0FFFFFFF) << 4;
106 while (ret.tv_usec >= 1000000)
108 ret.tv_usec -= 1000000;
127 a = (
unsigned long) ntohl (now);
128 b = (
unsigned long) ntohl (then);
135 if (res >= (1 << 28))
149 if ((now - then) >= 2 << 28)
167 if (family == AF_INET)
169 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
173 printf (
"error opeinig socket\n");
176 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, &opt,
180 perror (
"setsockopt ");
181 printf (
"error setting socket opt\n");
188 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
190 || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
195 printf (
"error opening socket\n");
216 openbpf (
struct in_addr dst,
struct in_addr *src,
int magic)
223 snprintf (filter,
sizeof (filter),
"tcp and src host %s and dst port %d",
224 inet_ntoa (dst), magic);
230 v6_openbpf (
struct in6_addr *dst,
struct in6_addr *src,
int magic)
239 snprintf (filter,
sizeof (filter),
"tcp and src host %s and dst port %d",
243 printf (
"bpf_open_live returned error\n");
293 ret = g_malloc0 (
sizeof (
struct list));
297 if (ret->
next != NULL)
309 struct list *ret = l;
329 struct list *ret = l;
341 printf (
"Will retry port %d\n", p->
dport);
347 #ifdef SHOW_RTT_REMOVAL
348 printf (
"Removing port %d (RTT elapsed)\n", p->
dport);
374 static struct tcphdr *
380 ip = (
struct ip *) pkt;
381 if (ip->ip_hl * 4 + sizeof (
struct tcphdr) >
len)
384 tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
388 static struct tcphdr *
392 tcp = (
struct tcphdr *) (pkt + 40);
401 if (family == AF_INET)
409 ret = htonl (ntohl (tcp->th_ack) - 1);
413 static unsigned short
418 if (family == AF_INET)
426 return ntohs (tcp->th_sport);
434 if (family == AF_INET)
442 return tcp->th_flags == (TH_SYN | TH_ACK);
446 mktcp (
struct in_addr src,
int sport,
struct in_addr dst,
int dport,
447 unsigned long th_ack,
unsigned char flag)
449 static char pkt[
sizeof (
struct ip) + sizeof (struct tcphdr)];
455 ip = (
struct ip *) (&pkt);
459 ip->ip_len =
sizeof (
struct ip) + sizeof (struct tcphdr);
463 ip->ip_p = IPPROTO_TCP;
465 ip->ip_src.s_addr = src.s_addr;
466 ip->ip_dst.s_addr = dst.s_addr;
467 ip->ip_sum =
in_cksum ((u_short *) pkt,
sizeof (
struct ip));
469 tcp = (
struct tcphdr *) (&(pkt[
sizeof (
struct ip)]));
470 tcp->th_sport = htons (sport);
471 tcp->th_dport = htons (dport);
472 tcp->th_seq = th_ack;
476 tcp->th_flags = flag;
489 in_cksum ((
unsigned short *) tcpsumdata, 12 +
sizeof (
struct tcphdr));
495 mktcpv6 (
int sport,
int dport,
unsigned long th_ack,
unsigned char flag)
497 static char pkt[
sizeof (
struct tcphdr)];
500 tcp = (
struct tcphdr *) (&(pkt[0]));
501 tcp->th_sport = htons (sport);
502 tcp->th_dport = htons (dport);
503 tcp->th_ack = htonl (rand ());
504 tcp->th_seq = th_ack;
506 tcp->th_flags = flag;
507 tcp->th_win = htons (5760);
520 sendpacket (
int soc,
int bpf,
int skip,
struct in_addr dst,
struct in_addr src,
521 int dport,
int magic,
struct list *packets,
unsigned long *rtt,
525 char *pkt =
mktcp (src, magic, dst,
dport, ack, TH_SYN);
528 struct sockaddr_in soca;
530 int family = AF_INET;
532 bzero (&soca,
sizeof (soca));
533 soca.sin_family = AF_INET;
536 rtt_tv.tv_sec *= 1000;
539 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
540 rtt_tv.tv_sec /= 1000;
541 if (rtt_tv.tv_sec >= 1)
551 e = sendto (soc, pkt,
sizeof (
struct ip) +
sizeof (
struct tcphdr), 0,
552 (
struct sockaddr *) &soca,
sizeof (soca));
576 rst =
mktcp (src, magic, dst, sport, ack + 1, TH_RST);
577 if (sendto (soc, rst,
sizeof (
struct ip) +
sizeof (
struct tcphdr),
578 0, (
struct sockaddr *) &soca,
sizeof (soca))
589 if (ntohl (*rtt) >= (1 << 28))
603 int magic,
struct list *packets,
unsigned long *rtt,
int sniff,
610 struct sockaddr_in6 soca;
613 bzero (&soca,
sizeof (soca));
614 soca.sin6_family = AF_INET6;
615 memcpy (&soca.sin6_addr, dst, sizeof (
struct in6_addr));
616 rtt_tv.tv_sec *= 1000;
619 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
620 rtt_tv.tv_sec /= 1000;
621 if (rtt_tv.tv_sec >= 1)
631 e = sendto (soc, pkt,
sizeof (
struct tcphdr), 0,
632 (
struct sockaddr *) &soca,
sizeof (soca));
635 g_message (
"sendto error in v6_sendpacket");
655 rst =
mktcpv6 (magic, sport, ack + 1, TH_RST);
656 if (sendto (soc, rst,
sizeof (
struct tcphdr), 0,
657 (
struct sockaddr *) &soca,
sizeof (soca))
684 struct in6_addr src6;
685 int magic = 4441 + (rand () % 1200);
688 struct list *packets = NULL;
690 unsigned short *ports;
695 if (IN6_IS_ADDR_V4MAPPED (dst6))
698 dst.s_addr = dst6->s6_addr32[3];
707 ports = (
unsigned short *)
getpts (portrange, &num);
711 printf (
"error opening raw socket\n");
715 if (family == AF_INET)
716 bpf =
openbpf (dst, &src, magic);
727 for (i = 0; i < num; i += 2)
729 if (family == AF_INET)
730 packets =
sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
731 packets, &rtt, 0, env);
733 packets =
v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
737 g_debug (
"=====>> Sniffing %u\n", ports[i + 1]);
738 if (family == AF_INET)
739 packets =
sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
740 packets, &rtt, 1, env);
742 packets =
v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
743 packets, &rtt, 1, env);
748 if (family == AF_INET)
750 while (packets != NULL)
755 while (retry != 0 && i < 2)
757 packets =
sendpacket (soc, bpf, skip, dst, src, retry, magic,
758 packets, &rtt, 0, env);
762 packets =
sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
784 struct in_addr inaddr;
786 inaddr.s_addr = dst6->s6_addr32[3];
792 rtt = htonl (1 << 28);
794 const char *range = prefs_get (
"port_range");
795 scan (env, (
char *) range, dst6, rtt);