OpenVAS Scanner  22.7.9
nasl_frame_forgery.h File Reference

Header file for module nasl_frame_forgery. More...

#include "nasl_lex_ctxt.h"
Include dependency graph for nasl_frame_forgery.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_send_arp_request (lex_ctxt *)
 Send an arp request to an IP host. More...
 
tree_cellnasl_get_local_mac_address_from_ip (lex_ctxt *)
 Get the MAC address of host. More...
 
tree_cellnasl_forge_frame (lex_ctxt *)
 Forge a datalink layer frame. More...
 
tree_cellnasl_send_frame (lex_ctxt *)
 Send a frame and listen to the answer. More...
 
tree_cellnasl_dump_frame (lex_ctxt *)
 Dump a datalink layer frame. More...
 

Detailed Description

Header file for module nasl_frame_forgery.

Definition in file nasl_frame_forgery.h.

Function Documentation

◆ nasl_dump_frame()

tree_cell* nasl_dump_frame ( lex_ctxt lexic)

Dump a datalink layer frame.

@naslparam


  • frame The frame to be dumped.
Parameters
lexicLexical context of NASL interpreter.
Returns
Null

Definition at line 363 of file nasl_frame_forgery.c.

364 {
365  u_char *frame = (u_char *) get_str_var_by_name (lexic, "frame");
366  int frame_sz = get_var_size_by_name (lexic, "frame");
367 
368  if (frame == NULL || frame_sz <= 0)
369  {
370  nasl_perror (lexic, "%s usage: frame is a mandatory parameters.\n",
371  __func__);
372  return NULL;
373  }
374 
375  dump_frame (frame, frame_sz);
376  return NULL;
377 }

References dump_frame(), get_str_var_by_name(), get_var_size_by_name(), and nasl_perror().

Here is the call graph for this function:

◆ nasl_forge_frame()

tree_cell* nasl_forge_frame ( lex_ctxt lexic)

Forge a datalink layer frame.

@naslparams


  • src_haddr Source MAC address to use.

  • dst_haddr Destination MAC address to use.

  • ether_proto Ethernet type integer in hex format. Default 0x0800 (ETHER_P_IP)

  • payload Payload to be attached to the frame. E.g a forged tcp datagram.
  • @naslreturn the forged frame.
Parameters
lexicLexical context of NASL interpreter.
Returns
tree_cell element or null.

Definition at line 268 of file nasl_frame_forgery.c.

269 {
270  tree_cell *retc;
271  struct pseudo_frame *frame;
272  int frame_sz;
273  u_char *payload = (u_char *) get_str_var_by_name (lexic, "payload");
274  int payload_sz = get_var_size_by_name (lexic, "payload");
275  char *ether_src_addr = get_str_var_by_name (lexic, "src_haddr");
276  char *ether_dst_addr = get_str_var_by_name (lexic, "dst_haddr");
277  int ether_proto = get_int_var_by_name (lexic, "ether_proto", 0x0800);
278 
279  if (ether_src_addr == NULL || ether_dst_addr == NULL || payload == NULL)
280  {
281  nasl_perror (lexic,
282  "%s usage: payload, src_haddr and dst_haddr are mandatory "
283  "parameters.\n",
284  __func__);
285  return NULL;
286  }
287 
288  frame_sz = forge_frame ((u_char *) ether_src_addr, (u_char *) ether_dst_addr,
289  ether_proto, payload, payload_sz, &frame);
290 
291  retc = alloc_typed_cell (CONST_DATA);
292  retc->x.str_val = (char *) frame;
293  retc->size = frame_sz;
294  return retc;
295 }

References alloc_typed_cell(), CONST_DATA, forge_frame(), get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), payload, TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_get_local_mac_address_from_ip()

tree_cell* nasl_get_local_mac_address_from_ip ( lex_ctxt lexic)

Get the MAC address of host.

@naslparam

  • ip_address Local IP address

    @naslreturn The MAC address of the host. NULL otherwise

Parameters
[in]lexicLexical context of NASL interpreter.

Definition at line 438 of file nasl_frame_forgery.c.

439 {
440  tree_cell *retc = NULL;
441  char *buffer = NULL;
442  u_char *mac;
443 
444  char *ip_address = get_str_var_by_num (lexic, 0);
445 
446  mac = g_malloc0 (sizeof (u_char) * ETHER_ADDR_LEN);
447  get_local_mac_address_from_ip (ip_address, mac);
448  if (mac != NULL)
449  {
450  buffer = g_strdup_printf ("%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1],
451  mac[2], mac[3], mac[4], mac[5]);
452  g_free (mac);
453  retc = alloc_typed_cell (CONST_DATA);
454  retc->x.str_val = buffer;
455  retc->size = 17;
456  }
457 
458  return retc;
459 }

References alloc_typed_cell(), CONST_DATA, get_local_mac_address_from_ip(), get_str_var_by_num(), mac(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_send_arp_request()

tree_cell* nasl_send_arp_request ( lex_ctxt lexic)

Send an arp request to an IP host.

NASL Returns:\n The MAC address of the target. NULL otherwise
Parameters
[in]lexicLexical context of NASL interpreter.
Returns
A tree cell or NULL.

Definition at line 471 of file nasl_frame_forgery.c.

472 {
473  tree_cell *retc = NULL;
474  struct in6_addr src, *dst = plug_get_host_ip (lexic->script_infos);
475  struct in_addr dst_inaddr, src_inaddr;
476  struct pseudo_eth_arp eth_arp;
477  struct pseudo_frame *frame;
478  int frame_sz;
479  char ip_src_str[INET6_ADDRSTRLEN];
480  u_char mac_broadcast_addr[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
481  u_char mac[6], *mac_aux;
482  char filter[255];
483  u_char *answer = NULL;
484  int answer_sz;
485  int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
486 
487  /* Get source IP address via routethrough. We need it to find our mac address.
488  */
489  if (dst == NULL || (IN6_IS_ADDR_V4MAPPED (dst) != 1))
490  return retc;
491 
492  memset (&dst_inaddr, '\0', sizeof (struct in_addr));
493  dst_inaddr.s_addr = dst->s6_addr32[3];
494  routethrough (&dst_inaddr, &src_inaddr);
495  ipv4_as_ipv6 (&src_inaddr, &src);
496 
497  /* Getting target IP address as string, to get the mac address */
498  addr6_to_str (&src, ip_src_str);
499 
500  mac_aux = (u_char *) g_malloc0 (sizeof (u_char) * 6);
501  get_local_mac_address_from_ip (ip_src_str, mac_aux);
502  mac[0] = mac_aux[0];
503  mac[1] = mac_aux[1];
504  mac[2] = mac_aux[2];
505  mac[3] = mac_aux[3];
506  mac[4] = mac_aux[4];
507  mac[5] = mac_aux[5];
508  g_free (mac_aux);
509 
510  /* Building ARP header */
511  memset (&eth_arp, '\0', sizeof (struct pseudo_eth_arp));
512  eth_arp.arp_header.ar_hrd = htons (ARPHRD_ETHER);
513  eth_arp.arp_header.ar_pro = htons (ETHERTYPE_IP);
514  eth_arp.arp_header.ar_hln = ETH_ALEN;
515  eth_arp.arp_header.ar_pln = 4;
516  eth_arp.arp_header.ar_op = htons (ARPOP_REQUEST);
517 
518  memcpy (&(eth_arp.__ar_sha), mac, ETH_ALEN);
519  memcpy (&(eth_arp.__ar_sip), &src_inaddr, 4);
520  memcpy (&(eth_arp.__ar_tha), mac_broadcast_addr, ETH_ALEN);
521  memcpy (&(eth_arp.__ar_tip), &dst_inaddr, 4);
522 
523  frame_sz =
524  forge_frame (mac, mac_broadcast_addr, ETH_P_ARP, (u_char *) &eth_arp,
525  sizeof (struct pseudo_eth_arp), &frame);
526 
527  /* Prepare filter */
528  snprintf (filter, sizeof (filter), "arp and src host %s",
529  inet_ntoa (dst_inaddr));
530 
531  answer_sz =
532  send_frame ((const u_char *) frame, frame_sz, 1, to, filter, dst, &answer);
533  g_free (frame);
534  if (answer_sz == -2)
535  {
536  g_message ("%s: Not possible to send the frame", __func__);
537  return NULL;
538  }
539 
540  if (answer && answer_sz > -1)
541  {
542  char *daddr;
543  struct ether_header *answer_aux;
544 
545  answer_aux = (struct ether_header *) answer;
546  daddr = g_strdup_printf (
547  "%02x:%02x:%02x:%02x:%02x:%02x", (u_int) answer_aux->ether_shost[0],
548  (u_int) answer_aux->ether_shost[1], (u_int) answer_aux->ether_shost[2],
549  (u_int) answer_aux->ether_shost[3], (u_int) answer_aux->ether_shost[4],
550  (u_int) answer_aux->ether_shost[5]);
551 
552  retc = alloc_typed_cell (CONST_DATA);
553  retc->x.str_val = daddr;
554  retc->size = strlen (daddr);
555  }
556  else
557  g_debug ("%s: No answer received.", __func__);
558 
559  return retc;
560 }

References pseudo_eth_arp::__ar_sha, pseudo_eth_arp::__ar_sip, pseudo_eth_arp::__ar_tha, pseudo_eth_arp::__ar_tip, alloc_typed_cell(), pseudo_eth_arp::arp_header, CONST_DATA, daddr, forge_frame(), get_int_var_by_name(), get_local_mac_address_from_ip(), mac(), plug_get_host_ip(), routethrough(), struct_lex_ctxt::script_infos, send_frame(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_send_frame()

tree_cell* nasl_send_frame ( lex_ctxt lexic)

Send a frame and listen to the answer.

@naslparams


  • frame The frame to be sent.

  • pcap_active TRUE by default. Otherwise, NASL does not listen for the answers.

  • pcap_filter BPF filter.

  • pcap_timeout Capture timeout. 5 by default.
  • @naslreturn Sniffed answer.
Parameters
lexicLexical context of NASL interpreter.
Returns
tree_cell element or null.

Definition at line 314 of file nasl_frame_forgery.c.

315 {
316  tree_cell *retc = NULL;
317  struct script_infos *script_infos = lexic->script_infos;
318  struct in6_addr *ipaddr = plug_get_host_ip (script_infos);
319  u_char *frame = (u_char *) get_str_var_by_name (lexic, "frame");
320  int frame_sz = get_var_size_by_name (lexic, "frame");
321  int use_pcap = get_int_var_by_name (lexic, "pcap_active", 1);
322  int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
323  char *filter = get_str_var_by_name (lexic, "pcap_filter");
324  u_char *answer = NULL;
325  int answer_sz;
326 
327  if (frame == NULL || frame_sz <= 0)
328  {
329  nasl_perror (lexic, "%s usage: frame is a mandatory parameters.\n",
330  __func__);
331  return NULL;
332  }
333 
334  answer_sz =
335  send_frame (frame, frame_sz, use_pcap, to, filter, ipaddr, &answer);
336  if (answer_sz == -2)
337  {
338  g_message ("%s: Not possible to send the frame", __func__);
339  return NULL;
340  }
341 
342  if (answer && answer_sz > -1)
343  {
344  retc = alloc_typed_cell (CONST_DATA);
345  retc->x.str_val = (char *) answer;
346  retc->size = answer_sz;
347  }
348 
349  return retc;
350 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), plug_get_host_ip(), struct_lex_ctxt::script_infos, send_frame(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:
daddr
struct in_addr daddr
Definition: nasl_packet_forgery.c:1
script_infos
Definition: scanneraux.h:29
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1138
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
get_local_mac_address_from_ip
static int get_local_mac_address_from_ip(char *ip_address, u_char *mac)
Get the MAC address of host.
Definition: nasl_frame_forgery.c:389
TC::str_val
char * str_val
Definition: nasl_tree.h:103
payload
u_char * payload
Definition: nasl_frame_forgery.c:1
TC::x
union TC::@5 x
pseudo_eth_arp
Definition: nasl_frame_forgery.c:41
forge_frame
static int forge_frame(const u_char *ether_src_addr, const u_char *ether_dst_addr, int ether_proto, u_char *payload, int payload_sz, struct pseudo_frame **frame)
Forge a datalink layer frame.
Definition: nasl_frame_forgery.c:230
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
dump_frame
static void dump_frame(const u_char *frame, int frame_sz)
Dump a datalink layer frame.
Definition: nasl_frame_forgery.c:63
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
TC::size
int size
Definition: nasl_tree.h:99
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
get_str_var_by_num
char * get_str_var_by_num(lex_ctxt *, int)
Definition: nasl_var.c:1111
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition: nasl_crypt_helper.c:97
TC
Definition: nasl_tree.h:94
send_frame
static int send_frame(const u_char *frame, int frame_sz, int use_pcap, int timeout, char *filter, struct in6_addr *ipaddr, u_char **answer)
Send a frame and listen to the answer.
Definition: nasl_frame_forgery.c:141
pseudo_frame
Definition: nasl_frame_forgery.c:51
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
routethrough
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:1060