OpenVAS Scanner  22.7.9
nasl_packet_forgery_v6.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellforge_ip_v6_packet (lex_ctxt *)
 Forge an IPv6 packet. More...
 
tree_cellset_ip_v6_elements (lex_ctxt *)
 Set IPv6 header element. More...
 
tree_cellget_ip_v6_element (lex_ctxt *)
 Obtain IPv6 header element. More...
 
tree_celldump_ip_v6_packet (lex_ctxt *)
 Print IPv6 Header. More...
 
tree_cellinsert_ip_v6_options (lex_ctxt *)
 Adds an IPv6 option to the datagram. More...
 
tree_cellforge_tcp_v6_packet (lex_ctxt *)
 Forge TCP packet. More...
 
tree_cellget_tcp_v6_element (lex_ctxt *)
 Get TCP Header element. More...
 
tree_cellget_tcp_v6_option (lex_ctxt *)
 Get a TCP option from an IP datagram if present. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one. More...
 
tree_cellset_tcp_v6_elements (lex_ctxt *)
 Set TCP Header element. More...
 
tree_cellinsert_tcp_v6_options (lex_ctxt *)
 Add options to a TCP segment header. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one. More...
 
tree_celldump_tcp_v6_packet (lex_ctxt *)
 Dump TCP part of an IPv6 Datagram. More...
 
tree_cellforge_udp_v6_packet (lex_ctxt *)
 
tree_cellset_udp_v6_elements (lex_ctxt *)
 
tree_celldump_udp_v6_packet (lex_ctxt *)
 
tree_cellget_udp_v6_element (lex_ctxt *)
 
tree_cellforge_icmp_v6_packet (lex_ctxt *)
 
tree_cellget_icmp_v6_element (lex_ctxt *)
 
tree_celldump_icmp_v6_packet (lex_ctxt *)
 Dump the ICMP part of a IP Datagram. More...
 
tree_cellforge_igmp_v6_packet (lex_ctxt *)
 
tree_cellnasl_tcp_v6_ping (lex_ctxt *)
 Performs TCP Connect to test if host is alive. More...
 
tree_cellnasl_send_v6packet (lex_ctxt *)
 Send forged IPv6 Packets. More...
 

Function Documentation

◆ dump_icmp_v6_packet()

tree_cell* dump_icmp_v6_packet ( lex_ctxt lexic)

Dump the ICMP part of a IP Datagram.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]...IP datagrams to dump the ICMP part from.

Definition at line 2053 of file nasl_packet_forgery_v6.c.

2054 {
2055  int i = 0;
2056  u_char *pkt;
2057  while ((pkt = (u_char *) get_str_var_by_num (lexic, i++)) != NULL)
2058  {
2059  unsigned int j;
2060  unsigned int limit;
2061  char *c;
2062  struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
2063  struct icmp6_hdr *icmp;
2064  icmp = (struct icmp6_hdr *) (pkt + 40);
2065  limit = get_var_size_by_num (lexic, i - 1);
2066  printf ("------\n");
2067  printf ("\ticmp6_id : %d\n", ntohs (icmp->icmp6_id));
2068  printf ("\ticmp6_code : %d\n", icmp->icmp6_code);
2069  printf ("\ticmp6_type : %u\n", icmp->icmp6_type);
2070  printf ("\ticmp6_seq : %u\n", ntohs (icmp->icmp6_seq));
2071  printf ("\ticmp6_cksum : %d\n", ntohs (icmp->icmp6_cksum));
2072  printf ("\tData : ");
2073  c = (char *) ((char *) icmp + sizeof (struct icmp6_hdr));
2074  if (UNFIX (ip6->ip6_plen) > (sizeof (struct icmp6_hdr)))
2075  for (j = 0;
2076  j < UNFIX (ip6->ip6_plen) - sizeof (struct icmp6_hdr) && j < limit;
2077  j++)
2078  printf ("%c", isprint (c[j]) ? c[j] : '.');
2079  printf ("\n");
2080  }
2081  return NULL;
2082 }

References get_str_var_by_num(), get_var_size_by_num(), and UNFIX.

Here is the call graph for this function:

◆ dump_ip_v6_packet()

tree_cell* dump_ip_v6_packet ( lex_ctxt lexic)

Print IPv6 Header.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]...IPv6 datagrams to dump.
Returns
Print and returns FAKE_CELL.

Definition at line 336 of file nasl_packet_forgery_v6.c.

337 {
338  int i;
339  char addr[INET6_ADDRSTRLEN];
340 
341  for (i = 0;; i++)
342  {
343  struct ip6_hdr *ip6 = (struct ip6_hdr *) get_str_var_by_num (lexic, i);
344 
345  if (ip6 == NULL)
346  break;
347  else
348  {
349  printf ("------\n");
350  printf ("\tip6_v : %d\n", ntohl (ip6->ip6_flow) >> 28);
351  printf ("\tip6_tc : %d\n", (ntohl (ip6->ip6_flow) >> 20) & 0xff);
352  printf ("\tip6_fl : %d\n", ntohl (ip6->ip6_flow) & 0x3ffff);
353  printf ("\tip6_plen : %d\n", UNFIX (ip6->ip6_plen));
354  printf ("\tip6_hlim : %d\n", ip6->ip6_hlim);
355  switch (ip6->ip6_nxt)
356  {
357  case IPPROTO_TCP:
358  printf ("\tip6_nxt : IPPROTO_TCP (%d)\n", ip6->ip6_nxt);
359  break;
360  case IPPROTO_UDP:
361  printf ("\tip6_nxt : IPPROTO_UDP (%d)\n", ip6->ip6_nxt);
362  break;
363  case IPPROTO_ICMPV6:
364  printf ("\tip6_nxt : IPPROTO_ICMPV6 (%d)\n", ip6->ip6_nxt);
365  break;
366  default:
367  printf ("\tip6_nxt : %d\n", ip6->ip6_nxt);
368  break;
369  }
370  printf ("\tip6_src : %s\n",
371  inet_ntop (AF_INET6, &ip6->ip6_src, addr, sizeof (addr)));
372  printf ("\tip6_dst : %s\n",
373  inet_ntop (AF_INET6, &ip6->ip6_dst, addr, sizeof (addr)));
374  printf ("\n");
375  }
376  }
377 
378  return FAKE_CELL;
379 }

References FAKE_CELL, get_str_var_by_num(), and UNFIX.

Here is the call graph for this function:

◆ dump_tcp_v6_packet()

tree_cell* dump_tcp_v6_packet ( lex_ctxt lexic)

Dump TCP part of an IPv6 Datagram.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]...IPv6 datagrams to dump.
Returns
Print and return FAKE_CELL.

Definition at line 1249 of file nasl_packet_forgery_v6.c.

1250 {
1251  int i = 0;
1252  u_char *pkt;
1253  int options_len = 0;
1254 
1255  while ((pkt = (u_char *) get_str_var_by_num (lexic, i++)) != NULL)
1256  {
1257  int a = 0;
1258  struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
1259  struct tcphdr *tcp = (struct tcphdr *) (pkt + 40);
1260  unsigned int j;
1261  unsigned int limit;
1262  char *c;
1263 
1264  limit = get_var_size_by_num (lexic, i - 1);
1265 
1266  printf ("------\n");
1267  printf ("\tth_sport : %d\n", ntohs (tcp->th_sport));
1268  printf ("\tth_dport : %d\n", ntohs (tcp->th_dport));
1269  printf ("\tth_seq : %u\n", (unsigned int) ntohl (tcp->th_seq));
1270  printf ("\tth_ack : %u\n", (unsigned int) ntohl (tcp->th_ack));
1271  printf ("\tth_x2 : %d\n", tcp->th_x2);
1272  printf ("\tth_off : %d\n", tcp->th_off);
1273  printf ("\tth_flags : ");
1274  if (tcp->th_flags & TH_FIN)
1275  {
1276  printf ("TH_FIN");
1277  a++;
1278  }
1279  if (tcp->th_flags & TH_SYN)
1280  {
1281  if (a)
1282  printf ("|");
1283  printf ("TH_SYN");
1284  a++;
1285  }
1286  if (tcp->th_flags & TH_RST)
1287  {
1288  if (a)
1289  printf ("|");
1290  printf ("TH_RST");
1291  a++;
1292  }
1293  if (tcp->th_flags & TH_PUSH)
1294  {
1295  if (a)
1296  printf ("|");
1297  printf ("TH_PUSH");
1298  a++;
1299  }
1300  if (tcp->th_flags & TH_ACK)
1301  {
1302  if (a)
1303  printf ("|");
1304  printf ("TH_ACK");
1305  a++;
1306  }
1307  if (tcp->th_flags & TH_URG)
1308  {
1309  if (a)
1310  printf ("|");
1311  printf ("TH_URG");
1312  a++;
1313  }
1314  if (!a)
1315  printf ("0");
1316  else
1317  printf (" (%d)", tcp->th_flags);
1318  printf ("\n");
1319  printf ("\tth_win : %d\n", ntohs (tcp->th_win));
1320  printf ("\tth_sum : 0x%x\n", tcp->th_sum);
1321  printf ("\tth_urp : %d\n", tcp->th_urp);
1322 
1323  options_len = sizeof (uint8_t) * 4 * (tcp->th_off - 5);
1324 
1325  if (options_len > 5) // Options present
1326  {
1327  char *options;
1328  struct tcp_options *tcp_all_options;
1329 
1330  options = (char *) g_malloc0 (options_len);
1331  memcpy (options, (char *) tcp + 20, options_len);
1332 
1333  tcp_all_options = g_malloc0 (sizeof (struct tcp_options));
1334  get_tcp_options (options, tcp_all_options);
1335  if (tcp_all_options != NULL)
1336  {
1337  printf ("\tTCP Options:\n");
1338  printf ("\t\tTCPOPT_MAXSEG: %u\n",
1339  ntohs ((uint16_t) tcp_all_options->mss.mss));
1340  printf ("\t\tTCPOPT_WINDOW: %u\n",
1341  tcp_all_options->wscale.wscale);
1342  printf ("\t\tTCPOPT_SACK_PERMITTED: %u\n",
1343  tcp_all_options->sack_perm.kind ? 1 : 0);
1344  printf ("\t\tTCPOPT_TIMESTAMP TSval: %u\n",
1345  ntohl ((uint32_t) tcp_all_options->tstamp.tstamp));
1346  printf ("\t\tTCPOPT_TIMESTAMP TSecr: %u\n",
1347  ntohl ((uint32_t) tcp_all_options->tstamp.e_tstamp));
1348  }
1349  g_free (options);
1350  g_free (tcp_all_options);
1351  }
1352  printf ("\n\tData : ");
1353  c = (char *) ((char *) tcp + sizeof (struct tcphdr) + options_len);
1354  if (UNFIX (ip6->ip6_plen) > (sizeof (struct tcphdr) + options_len))
1355  for (j = 0;
1356  j < UNFIX (ip6->ip6_plen) - sizeof (struct tcphdr) - options_len
1357  && j < limit;
1358  j++)
1359  printf ("%c", isprint (c[j]) ? c[j] : '.');
1360  printf ("\n");
1361  printf ("\n");
1362  }
1363  return NULL;
1364 }

References tcp_opt_tstamp::e_tstamp, get_str_var_by_num(), get_tcp_options(), get_var_size_by_num(), tcp_opt_sack_perm::kind, tcp_options::mss, tcp_opt_mss::mss, tcp_options::sack_perm, tcp_options::tstamp, tcp_opt_tstamp::tstamp, UNFIX, tcp_options::wscale, and tcp_opt_wscale::wscale.

Here is the call graph for this function:

◆ dump_udp_v6_packet()

tree_cell* dump_udp_v6_packet ( lex_ctxt )

Definition at line 1661 of file nasl_packet_forgery_v6.c.

1662 {
1663  int i = 0;
1664  u_char *pkt;
1665  while ((pkt = (u_char *) get_str_var_by_num (lexic, i++)) != NULL)
1666  {
1667  struct udphdr *udp = (struct udphdr *) (pkt + sizeof (struct ip6_hdr));
1668  unsigned int j;
1669  char *c;
1670  unsigned int limit = get_var_size_by_num (lexic, i - 1);
1671  printf ("------\n");
1672  printf ("\tuh_sport : %d\n", ntohs (udp->uh_sport));
1673  printf ("\tuh_dport : %d\n", ntohs (udp->uh_dport));
1674  printf ("\tuh_sum : 0x%x\n", udp->uh_sum);
1675  printf ("\tuh_ulen : %d\n", ntohs (udp->uh_ulen));
1676  printf ("\tdata : ");
1677  c = (char *) udp;
1678  if (udp->uh_ulen > sizeof (struct udphdr))
1679  for (j = sizeof (struct udphdr); j < ntohs (udp->uh_ulen) && j < limit;
1680  j++)
1681  printf ("%c", isprint (c[j]) ? c[j] : '.');
1682 
1683  printf ("\n");
1684  }
1685  return NULL;
1686 }

References get_str_var_by_num(), and get_var_size_by_num().

Here is the call graph for this function:

◆ forge_icmp_v6_packet()

tree_cell* forge_icmp_v6_packet ( lex_ctxt )

Definition at line 1725 of file nasl_packet_forgery_v6.c.

1726 {
1727  tree_cell *retc = NULL;
1728  struct ip6_hdr *ip6;
1729  struct ip6_hdr *ip6_icmp;
1730  int ip6_sz, size = 0, sz = 0;
1731  struct icmp6_hdr *icmp;
1732  struct nd_router_solicit *routersolicit = NULL;
1733  struct nd_router_advert *routeradvert = NULL;
1734  struct nd_neighbor_solicit *neighborsolicit = NULL;
1735  struct nd_neighbor_advert *neighboradvert = NULL;
1736 
1737  char *data, *p;
1738  int len;
1739  u_char *pkt;
1740  int t;
1741  ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
1742  ip6_sz = get_var_size_by_name (lexic, "ip6");
1743 
1744  if (ip6 != NULL)
1745  {
1746  retc = alloc_typed_cell (CONST_DATA);
1747  data = get_str_var_by_name (lexic, "data");
1748  len = data == NULL ? 0 : get_var_size_by_name (lexic, "data");
1749  t = get_int_var_by_name (lexic, "icmp_type", 0);
1750  if (40 > ip6_sz)
1751  return NULL;
1752 
1753  /* ICMP header size is 8 */
1754  pkt = g_malloc0 (ip6_sz + 8 + len);
1755  ip6_icmp = (struct ip6_hdr *) pkt;
1756 
1757  bcopy (ip6, ip6_icmp, ip6_sz);
1758  p = (char *) (pkt + ip6_sz);
1759  icmp = (struct icmp6_hdr *) p;
1760 
1761  icmp->icmp6_code = get_int_var_by_name (lexic, "icmp_code", 0);
1762  icmp->icmp6_type = t;
1763 
1764  switch (t)
1765  {
1766  case ICMP6_ECHO_REQUEST:
1767  {
1768  if (data != NULL)
1769  bcopy (data, &(p[8]), len);
1770  icmp->icmp6_id = get_int_var_by_name (lexic, "icmp_id", 0);
1771  icmp->icmp6_seq = get_int_var_by_name (lexic, "icmp_seq", 0);
1772  size = ip6_sz + 8 + len;
1773  sz = 8;
1774  }
1775  break;
1776  case ND_ROUTER_SOLICIT:
1777  {
1778  pkt =
1779  g_realloc (pkt, ip6_sz + sizeof (struct nd_router_solicit) + len);
1780  p = (char *) (pkt + ip6_sz);
1781  // Update ip6_icmp because it gets used again below
1782  ip6_icmp = (struct ip6_hdr *) pkt;
1783  routersolicit = (struct nd_router_solicit *) p;
1784  ((struct icmp6_hdr *) routersolicit)->icmp6_type = icmp->icmp6_type;
1785  ((struct icmp6_hdr *) routersolicit)->icmp6_code = icmp->icmp6_code;
1786  ((struct icmp6_hdr *) routersolicit)->icmp6_cksum =
1787  icmp->icmp6_cksum;
1788  size = ip6_sz + sizeof (struct nd_router_solicit) + len;
1789  sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1790  }
1791  break;
1792  case ND_ROUTER_ADVERT:
1793  {
1794  pkt =
1795  g_realloc (pkt, ip6_sz + sizeof (struct nd_router_advert) + len);
1796  p = (char *) (pkt + ip6_sz);
1797  // Update ip6_icmp because it gets used again below
1798  ip6_icmp = (struct ip6_hdr *) pkt;
1799  // Let routeradvert point to routeradvert location in pkt
1800  routeradvert = (struct nd_router_advert *) p;
1801  // Set icmp6 header members
1802  ((struct icmp6_hdr *) routeradvert)->icmp6_type = icmp->icmp6_type;
1803  ((struct icmp6_hdr *) routeradvert)->icmp6_code = icmp->icmp6_code;
1804  ((struct icmp6_hdr *) routeradvert)->icmp6_cksum =
1805  icmp->icmp6_cksum;
1806  routeradvert->nd_ra_reachable =
1807  get_int_var_by_name (lexic, "reachable_time", 0);
1808  routeradvert->nd_ra_retransmit =
1809  get_int_var_by_name (lexic, "retransmit_timer", 0);
1810  routeradvert->nd_ra_curhoplimit = ip6_icmp->ip6_hlim;
1811  routeradvert->nd_ra_flags_reserved =
1812  get_int_var_by_name (lexic, "flags", 0);
1813  size = ip6_sz + sizeof (struct nd_router_advert) + len;
1814  sz = 5; /*type-1 byte, code-1byte, cksum-2bytes, current
1815  hoplimit-1byte */
1816  }
1817  break;
1818  case ND_NEIGHBOR_SOLICIT:
1819  {
1820  // Make room for nd_neighbor_solicit.nd_ns_target in packet
1821  pkt = g_realloc (pkt, ip6_sz + sizeof (struct nd_neighbor_solicit)
1822  + len);
1823  // Let p point to the start of nd_neighbor_solicit
1824  p = (char *) (pkt + ip6_sz);
1825  // Update ip6_icmp because it gets used again below
1826  ip6_icmp = (struct ip6_hdr *) pkt;
1827  // Fill in user date if provided
1828  if (data != NULL)
1829  memmove (&(p[8 + 16]), data, len);
1830  // Let neighborsolicit point to nd_neighbor_solicit location in pkt
1831  neighborsolicit = (struct nd_neighbor_solicit *) p;
1832  // Set icmp6 header members
1833  ((struct icmp6_hdr *) neighborsolicit)->icmp6_type =
1834  icmp->icmp6_type;
1835  ((struct icmp6_hdr *) neighborsolicit)->icmp6_code =
1836  icmp->icmp6_code;
1837  ((struct icmp6_hdr *) neighborsolicit)->icmp6_cksum =
1838  icmp->icmp6_cksum;
1839  // Set nd_ns_target
1840  memcpy (&neighborsolicit->nd_ns_target, &ip6_icmp->ip6_dst,
1841  sizeof (struct in6_addr)); /*dst ip should be link local */
1842  size = ip6_sz + sizeof (struct nd_neighbor_solicit) + len;
1843  sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1844  }
1845  break;
1846  case ND_NEIGHBOR_ADVERT:
1847  {
1848  pkt = g_realloc (pkt,
1849  ip6_sz + sizeof (struct nd_neighbor_advert) + len);
1850  // Update ip6_icmp because it gets used again below
1851  ip6_icmp = (struct ip6_hdr *) pkt;
1852  p = (char *) (pkt + 40);
1853  neighboradvert = (struct nd_neighbor_advert *) p;
1854  // Set icmp6 header members
1855  ((struct icmp6_hdr *) neighboradvert)->icmp6_type =
1856  icmp->icmp6_type;
1857  ((struct icmp6_hdr *) neighboradvert)->icmp6_code =
1858  icmp->icmp6_code;
1859  ((struct icmp6_hdr *) neighboradvert)->icmp6_cksum =
1860  icmp->icmp6_cksum;
1861  neighboradvert->nd_na_flags_reserved =
1862  get_int_var_by_name (lexic, "flags", 0);
1863  if (neighboradvert->nd_na_flags_reserved & 0x00000020)
1864  memcpy (
1865  &neighboradvert->nd_na_target, &ip6_icmp->ip6_src,
1866  sizeof (struct in6_addr)); /*dst ip should be link local */
1867  else
1868  {
1869  if (get_var_size_by_name (lexic, "target") != 0)
1870  inet_pton (AF_INET6, get_str_var_by_name (lexic, "target"),
1871  &neighboradvert->nd_na_target);
1872  else
1873  {
1874  nasl_perror (lexic,
1875  "forge_icmp_v6_packet: missing 'target' "
1876  "parameter required for constructing response "
1877  "to a Neighbor Solicitation\n");
1878  g_free (ip6_icmp);
1879  return NULL;
1880  }
1881  }
1882  size = ip6_sz + sizeof (struct nd_neighbor_advert) + len;
1883  sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1884  }
1885  break;
1886  default:
1887  {
1888  if (t < 0 || t > 255)
1889  {
1890  nasl_perror (lexic, "forge_icmp_v6_packet: illegal type %d\n",
1891  t);
1892  }
1893  else
1894  {
1895  if (data != NULL)
1896  bcopy (data, &(p[8]), len);
1897  icmp->icmp6_id = get_int_var_by_name (lexic, "icmp_id", 0);
1898  icmp->icmp6_seq = get_int_var_by_name (lexic, "icmp_seq", 0);
1899  size = ip6_sz + 8 + len;
1900  sz = 8;
1901  }
1902  }
1903  }
1904 
1905  if (UNFIX (ip6_icmp->ip6_ctlun.ip6_un1.ip6_un1_plen) <= 40)
1906  {
1907  if (get_int_var_by_name (lexic, "update_ip_len", 1) != 0)
1908  {
1909  ip6_icmp->ip6_ctlun.ip6_un1.ip6_un1_plen = FIX (size - ip6_sz);
1910  }
1911  }
1912  if (get_int_var_by_name (lexic, "icmp_cksum", -1) == -1)
1913  {
1915  char *icmpsumdata =
1916  g_malloc0 (sizeof (struct v6pseudo_icmp_hdr) + len + 1);
1917 
1918  bzero (&pseudohdr, sizeof (struct v6pseudo_icmp_hdr));
1919  memcpy (&pseudohdr.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
1920  memcpy (&pseudohdr.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
1921 
1922  pseudohdr.proto = 0x3a; /*ICMPv6 */
1923  pseudohdr.len = htons (size - ip6_sz);
1924  bcopy ((char *) icmp, (char *) &pseudohdr.icmpheader, sz);
1925  bcopy ((char *) &pseudohdr, icmpsumdata, sizeof (pseudohdr));
1926  if (data != NULL)
1927  bcopy ((char *) data, icmpsumdata + sizeof (pseudohdr), len);
1928  icmp->icmp6_cksum =
1929  np_in_cksum ((unsigned short *) icmpsumdata, size);
1930  g_free (icmpsumdata);
1931  }
1932  else
1933  icmp->icmp6_cksum =
1934  htons (get_int_var_by_name (lexic, "icmp_cksum", 0));
1935  switch (t)
1936  {
1937  case ICMP6_ECHO_REQUEST:
1938  break;
1939  case ND_ROUTER_SOLICIT:
1940  {
1941  routersolicit->nd_rs_hdr.icmp6_cksum = icmp->icmp6_cksum;
1942  }
1943  break;
1944  case ND_ROUTER_ADVERT:
1945  {
1946  routeradvert->nd_ra_hdr.icmp6_cksum = icmp->icmp6_cksum;
1947  }
1948  break;
1949  case ND_NEIGHBOR_SOLICIT:
1950  {
1951  neighborsolicit->nd_ns_hdr.icmp6_cksum = icmp->icmp6_cksum;
1952  }
1953  break;
1954  case ND_NEIGHBOR_ADVERT:
1955  {
1956  neighboradvert->nd_na_hdr.icmp6_cksum = icmp->icmp6_cksum;
1957  }
1958  break;
1959  default:
1960  {
1961  }
1962  }
1963 
1964  retc->x.str_val = (char *) pkt;
1965  retc->size = size;
1966  }
1967  else
1968  nasl_perror (lexic, "forge_icmp_v6_packet: missing 'ip6' parameter\n");
1969 
1970  return retc;
1971 }

References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, UNFIX, and TC::x.

Here is the call graph for this function:

◆ forge_igmp_v6_packet()

tree_cell* forge_igmp_v6_packet ( lex_ctxt )

Definition at line 2110 of file nasl_packet_forgery_v6.c.

2111 {
2112  struct ip6_hdr *ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
2113 
2114  if (ip6 != NULL)
2115  {
2116  char *data = get_str_var_by_name (lexic, "data");
2117  int len = data ? get_var_size_by_name (lexic, "data") : 0;
2118  u_char *pkt = g_malloc0 (sizeof (struct igmp6_hdr) + 40 + len);
2119  struct ip6_hdr *ip6_igmp = (struct ip6_hdr *) pkt;
2120  struct igmp6_hdr *igmp;
2121  char *p;
2122  char *grp;
2123  tree_cell *retc;
2124  int ipsz = get_var_size_by_name (lexic, "ip6");
2125 
2126  bcopy (ip6, ip6_igmp, ipsz);
2127 
2128  if (UNFIX (ip6_igmp->ip6_ctlun.ip6_un1.ip6_un1_plen) <= 40)
2129  {
2130  int v = get_int_var_by_name (lexic, "update_ip6_len", 1);
2131  if (v != 0)
2132  {
2133  ip6_igmp->ip6_ctlun.ip6_un1.ip6_un1_plen =
2134  FIX (40 + sizeof (struct igmp6_hdr) + len);
2135  }
2136  }
2137  p = (char *) (pkt + 40);
2138  igmp = (struct igmp6_hdr *) p;
2139 
2140  igmp->code = get_int_var_by_name (lexic, "code", 0);
2141  igmp->type = get_int_var_by_name (lexic, "type", 0);
2142  grp = get_str_var_by_name (lexic, "group");
2143 
2144  if (grp != NULL)
2145  {
2146  inet_pton (AF_INET6, grp, &igmp->group);
2147  }
2148 
2149  igmp->cksum = np_in_cksum ((u_short *) igmp, sizeof (struct igmp6_hdr));
2150  if (data != NULL)
2151  {
2152  char *ptmp = (char *) (pkt + 40 + sizeof (struct igmp6_hdr));
2153  bcopy (ptmp, data, len);
2154  }
2155  retc = alloc_typed_cell (CONST_DATA);
2156  retc->x.str_val = (char *) pkt;
2157  retc->size = 40 + sizeof (struct igmp6_hdr) + len;
2158  return retc;
2159  }
2160  else
2161  nasl_perror (lexic, "forge_igmp_v6_packet: missing 'ip6' parameter\n");
2162 
2163  return NULL;
2164 }

References alloc_typed_cell(), igmp::cksum, igmp::code, CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), igmp::group, len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, igmp::type, UNFIX, and TC::x.

Here is the call graph for this function:

◆ forge_ip_v6_packet()

tree_cell* forge_ip_v6_packet ( lex_ctxt lexic)

Forge an IPv6 packet.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]dataData payload
[in]ip6_vVersion. 6 by default.
[in]ip6_tcTraffic class. 0 by default.
[in]ip6_flFlow label. 0 by default.
[in]ip6_pIP protocol. 0 by default.
[in]ip6_hlimHop limit. Max. 255. 64 by default.
[in]ip6_srcSource address.
[in]ip6_dstDestination address.
Returns
Forged IP packet.

Definition at line 118 of file nasl_packet_forgery_v6.c.

119 {
120  tree_cell *retc;
121  struct ip6_hdr *pkt;
122  char *s;
123  struct script_infos *script_infos = lexic->script_infos;
124  struct in6_addr *dst_addr;
125  char *data;
126  int data_len;
127  int version;
128  int tc;
129  int fl;
130 
131  dst_addr = plug_get_host_ip (script_infos);
132 
133  if (dst_addr == NULL || (IN6_IS_ADDR_V4MAPPED (dst_addr) == 1))
134  return NULL;
135 
136  data = get_str_var_by_name (lexic, "data");
137  data_len = get_var_size_by_name (lexic, "data");
138 
139  retc = alloc_typed_cell (CONST_DATA);
140  retc->size = sizeof (struct ip6_hdr) + data_len;
141 
142  pkt = (struct ip6_hdr *) g_malloc0 (sizeof (struct ip6_hdr) + data_len);
143  retc->x.str_val = (char *) pkt;
144 
145  version = get_int_var_by_name (lexic, "ip6_v", 6);
146  tc = get_int_var_by_name (lexic, "ip6_tc", 0);
147  fl = get_int_var_by_name (lexic, "ip6_fl", 0);
148 
149  pkt->ip6_flow = htonl (version << 28 | tc << 20 | fl);
150 
151  pkt->ip6_plen = FIX (data_len); /* No extension headers ? */
152  pkt->ip6_nxt = get_int_var_by_name (lexic, "ip6_p", 0);
153  pkt->ip6_hlim = get_int_var_by_name (lexic, "ip6_hlim", 64);
154 
155  /* source */
156  s = get_str_var_by_name (lexic, "ip6_src");
157  if (s != NULL)
158  inet_pton (AF_INET6, s, &pkt->ip6_src);
159  /* else this host address? */
160 
161  s = get_str_var_by_name (lexic, "ip6_dst");
162  if (s != NULL)
163  inet_pton (AF_INET6, s, &pkt->ip6_dst);
164  else
165  pkt->ip6_dst = *dst_addr;
166 
167  if (data != NULL)
168  {
169  bcopy (data, retc->x.str_val + sizeof (struct ip6_hdr), data_len);
170  }
171 
172  /*
173  There is no checksum for ipv6. Only upper layer
174  calculates a checksum using pseudoheader
175  */
176  return retc;
177 }

References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ forge_tcp_v6_packet()

tree_cell* forge_tcp_v6_packet ( lex_ctxt lexic)

Forge TCP packet.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]ip6IPv6 packet.
[in]dataData.
[in]th_sportSource port. 0 by default.
[in]th_dportDestination port. 0 by default.
[in]th_seqSequence number. Random by default.
[in]th_ackAcknowledgement number. 0 by default.
[in]th_x20 by default.
[in]th_offData offset. 5 by default.
[in]th_flagsFlags. 0 by default.
[in]th_winWindow. 0 by default.
[in]th_sumChecksum. Is filled in automatically by default
[in]th_urpUrgent pointer. 0 by default.
Returns
tree_cell with the forged TCP packet containing IPv6 header.

Definition at line 530 of file nasl_packet_forgery_v6.c.

531 {
532  tree_cell *retc;
533  char *data;
534  int len;
535  struct ip6_hdr *ip6, *tcp_packet;
536  struct tcphdr *tcp;
537  int ipsz;
538 
539  ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
540  if (ip6 == NULL)
541  {
542  nasl_perror (lexic,
543  "forge_tcp_v6_packet: You must supply the 'ip6' argument\n");
544  return NULL;
545  }
546 
547  ipsz = get_var_size_by_name (lexic, "ip6");
548 
549  // Not considering IP Options.
550  if (ipsz != 40)
551  ipsz = 40;
552 
553  data = get_str_var_by_name (lexic, "data");
554  len = data == NULL ? 0 : get_var_size_by_name (lexic, "data");
555 
556  retc = alloc_typed_cell (CONST_DATA);
557  tcp_packet =
558  (struct ip6_hdr *) g_malloc0 (ipsz + sizeof (struct tcphdr) + len);
559  retc->x.str_val = (char *) tcp_packet;
560 
561  bcopy (ip6, tcp_packet, ipsz);
562  /* Adjust length in ipv6 header */
563  tcp_packet->ip6_ctlun.ip6_un1.ip6_un1_plen =
564  FIX (sizeof (struct tcphdr) + len);
565  tcp = (struct tcphdr *) ((char *) tcp_packet + 40);
566 
567  tcp->th_sport = ntohs (get_int_var_by_name (lexic, "th_sport", 0));
568  tcp->th_dport = ntohs (get_int_var_by_name (lexic, "th_dport", 0));
569  tcp->th_seq = htonl (get_int_var_by_name (lexic, "th_seq", rand ()));
570  tcp->th_ack = htonl (get_int_var_by_name (lexic, "th_ack", 0));
571  tcp->th_x2 = get_int_var_by_name (lexic, "th_x2", 0);
572  tcp->th_off = get_int_var_by_name (lexic, "th_off", 5);
573  tcp->th_flags = get_int_var_by_name (lexic, "th_flags", 0);
574  tcp->th_win = htons (get_int_var_by_name (lexic, "th_win", 0));
575  tcp->th_sum = get_int_var_by_name (lexic, "th_sum", 0);
576  tcp->th_urp = get_int_var_by_name (lexic, "th_urp", 0);
577 
578  if (data != NULL)
579  bcopy (data, (char *) tcp + sizeof (struct tcphdr), len);
580 
581  if (!tcp->th_sum)
582  {
583  struct v6pseudohdr pseudoheader;
584  char *tcpsumdata = g_malloc0 (sizeof (struct v6pseudohdr) + len + 1);
585 
586  bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
587  memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
588  memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
589 
590  pseudoheader.protocol = IPPROTO_TCP;
591  pseudoheader.length = htons (sizeof (struct tcphdr) + len);
592  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
593  sizeof (struct tcphdr));
594  /* fill tcpsumdata with data to checksum */
595  bcopy ((char *) &pseudoheader, tcpsumdata, sizeof (struct v6pseudohdr));
596  if (data != NULL)
597  bcopy ((char *) data, tcpsumdata + sizeof (struct v6pseudohdr), len);
598  tcp->th_sum = np_in_cksum ((unsigned short *) tcpsumdata,
599  38 + sizeof (struct tcphdr) + len);
600  g_free (tcpsumdata);
601  }
602 
603  retc->size = ipsz + sizeof (struct tcphdr) + len;
604  return retc;
605 }

References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, v6pseudohdr::length, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, and TC::x.

Here is the call graph for this function:

◆ forge_udp_v6_packet()

tree_cell* forge_udp_v6_packet ( lex_ctxt )

Definition at line 1395 of file nasl_packet_forgery_v6.c.

1396 {
1397  tree_cell *retc;
1398  struct ip6_hdr *ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
1399 
1400  if (ip6 != NULL)
1401  {
1402  char *data = get_str_var_by_name (lexic, "data");
1403  int data_len = get_var_size_by_name (lexic, "data");
1404  u_char *pkt;
1405  struct ip6_hdr *udp_packet;
1406  struct udphdr *udp;
1407 
1408  pkt = g_malloc0 (sizeof (struct udphdr) + 40 + data_len);
1409  udp_packet = (struct ip6_hdr *) pkt;
1410  udp = (struct udphdr *) (pkt + 40);
1411 
1412  udp->uh_sum = get_int_var_by_name (lexic, "uh_sum", 0);
1413  bcopy ((char *) ip6, pkt, 40);
1414 
1415  udp->uh_sport = htons (get_int_var_by_name (lexic, "uh_sport", 0));
1416  udp->uh_dport = htons (get_int_var_by_name (lexic, "uh_dport", 0));
1417  udp->uh_ulen = htons (get_int_var_by_name (
1418  lexic, "uh_ulen", data_len + sizeof (struct udphdr)));
1419 
1420  if (data_len != 0 && data != NULL)
1421  bcopy (data, (pkt + 40 + sizeof (struct udphdr)), data_len);
1422 
1423  if (!udp->uh_sum)
1424  {
1425  struct v6pseudo_udp_hdr pseudohdr;
1426  char *udpsumdata =
1427  g_malloc0 (sizeof (struct v6pseudo_udp_hdr) + data_len + 1);
1428 
1429  bzero (&pseudohdr, sizeof (struct v6pseudo_udp_hdr));
1430  memcpy (&pseudohdr.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
1431  memcpy (&pseudohdr.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
1432 
1433  pseudohdr.proto = IPPROTO_UDP;
1434  pseudohdr.len = htons (sizeof (struct udphdr) + data_len);
1435  bcopy ((char *) udp, (char *) &pseudohdr.udpheader,
1436  sizeof (struct udphdr));
1437  bcopy ((char *) &pseudohdr, udpsumdata, sizeof (pseudohdr));
1438  if (data != NULL)
1439  {
1440  bcopy ((char *) data, udpsumdata + sizeof (pseudohdr), data_len);
1441  }
1442  udp->uh_sum = np_in_cksum ((unsigned short *) udpsumdata,
1443  38 + sizeof (struct udphdr) + data_len);
1444  g_free (udpsumdata);
1445  }
1446 
1447  if (UNFIX (udp_packet->ip6_ctlun.ip6_un1.ip6_un1_plen) <= 40)
1448  {
1449  int v = get_int_var_by_name (lexic, "update_ip6_len", 1);
1450  if (v != 0)
1451  {
1452  udp_packet->ip6_ctlun.ip6_un1.ip6_un1_plen =
1453  FIX (ntohs (udp->uh_ulen));
1454  }
1455  }
1456 
1457  retc = alloc_typed_cell (CONST_DATA);
1458  retc->x.str_val = (char *) pkt;
1459  retc->size = 8 + 40 + data_len;
1460 
1461  return retc;
1462  }
1463  else
1464  nasl_perror (lexic, "forge_udp_v6_packet:'ip6' argument missing. \n");
1465 
1466  return NULL;
1467 }

References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), np_in_cksum(), TC::size, TC::str_val, UNFIX, and TC::x.

Here is the call graph for this function:

◆ get_icmp_v6_element()

tree_cell* get_icmp_v6_element ( lex_ctxt )

Definition at line 1984 of file nasl_packet_forgery_v6.c.

1985 {
1986  struct icmp6_hdr *icmp;
1987  char *p;
1988 
1989  if ((p = get_str_var_by_name (lexic, "icmp")) != NULL)
1990  {
1991  char *elem = get_str_var_by_name (lexic, "element");
1992  int value;
1993  tree_cell *retc;
1994 
1995  icmp = (struct icmp6_hdr *) (p + 40);
1996 
1997  if (elem == NULL)
1998  {
1999  nasl_perror (lexic, "%s: Missing 'element' argument\n", __func__);
2000  return NULL;
2001  }
2002 
2003  else if (!strcmp (elem, "icmp_code"))
2004  value = icmp->icmp6_code;
2005  else if (!strcmp (elem, "icmp_type"))
2006  value = icmp->icmp6_type;
2007  else if (!strcmp (elem, "icmp_cksum"))
2008  value = ntohs (icmp->icmp6_cksum);
2009  else if (!strcmp (elem, "icmp_id"))
2010  value = ntohs (icmp->icmp6_id);
2011  else if (!strcmp (elem, "icmp_seq"))
2012  value = ntohs (icmp->icmp6_seq);
2013  else if (!strcmp (elem, "data"))
2014  {
2015  retc = alloc_typed_cell (CONST_DATA);
2016  retc->size = get_var_size_by_name (lexic, "icmp") - 40 - 8;
2017  if (retc->size > 0)
2018  {
2019  retc->x.str_val = g_malloc0 (retc->size + 1);
2020  memcpy (retc->x.str_val, &(p[40 + 8]), retc->size + 1);
2021  }
2022  else
2023  {
2024  retc->x.str_val = NULL;
2025  retc->size = 0;
2026  }
2027  return retc;
2028  }
2029  else
2030  {
2031  nasl_perror (lexic, "%s: '%s' not a valid 'element' argument\n",
2032  __func__, elem);
2033  return NULL;
2034  }
2035 
2036  retc = alloc_typed_cell (CONST_INT);
2037  retc->x.i_val = value;
2038  return retc;
2039  }
2040  else
2041  nasl_perror (lexic, "%s: missing 'icmp' parameter\n", __func__);
2042 
2043  return NULL;
2044 }

References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ get_ip_v6_element()

tree_cell* get_ip_v6_element ( lex_ctxt lexic)

Obtain IPv6 header element.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]ipv6IPv6 header. TODO: Once versions older than 20.08 are no longer in use the parameter name can be changed to 'ip6'.
[in]elementElement to extract from the header.
Returns
tree_cell with the IP header element.

Definition at line 190 of file nasl_packet_forgery_v6.c.

191 {
192  tree_cell *retc;
193  char *element = get_str_var_by_name (lexic, "element");
194  char ret_ascii[INET6_ADDRSTRLEN];
195  int ret_int = 0;
196  int flag = 0;
197  struct ip6_hdr *ip6;
198 
199  /* Parameter name 'ipv6' was renamed to 'ip6' for consistency.
200  * For backwards compatibility reasons we still need to consider the 'ipv6'
201  * argument.
202  */
203  ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ipv6");
204  if (ip6 == NULL)
205  {
206  ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
207  if (ip6 == NULL)
208  {
209  nasl_perror (lexic, "%s: no valid 'ip6' argument\n", __func__);
210  return NULL;
211  }
212  }
213 
214  if (element == NULL)
215  {
216  nasl_perror (lexic, "%s: no valid 'element' argument\n", __func__);
217  return NULL;
218  }
219 
220  if (!strcmp (element, "ip6_v"))
221  {
222  ret_int = ntohl (ip6->ip6_flow) >> 28;
223  flag++;
224  }
225  else if (!strcmp (element, "ip6_tc"))
226  {
227  ret_int = (ntohl (ip6->ip6_flow) >> 20) & 0xff;
228  flag++;
229  }
230  else if (!strcmp (element, "ip6_fl"))
231  {
232  ret_int = ntohl (ip6->ip6_flow) & 0x3ffff;
233  flag++;
234  }
235  else if (!strcmp (element, "ip6_plen"))
236  {
237  ret_int = UNFIX (ip6->ip6_plen);
238  flag++;
239  }
240  else if (!strcmp (element, "ip6_nxt"))
241  {
242  ret_int = (ip6->ip6_nxt);
243  flag++;
244  }
245  else if (!strcmp (element, "ip6_hlim"))
246  {
247  ret_int = (ip6->ip6_hlim);
248  flag++;
249  }
250 
251  if (flag != 0)
252  {
253  retc = alloc_typed_cell (CONST_INT);
254  retc->x.i_val = ret_int;
255  return retc;
256  }
257 
258  if (!strcmp (element, "ip6_src"))
259  {
260  inet_ntop (AF_INET6, &ip6->ip6_src, ret_ascii, sizeof (ret_ascii));
261  flag++;
262  }
263  else if (!strcmp (element, "ip6_dst"))
264  {
265  inet_ntop (AF_INET6, &ip6->ip6_dst, ret_ascii, sizeof (ret_ascii));
266  flag++;
267  }
268 
269  if (flag == 0)
270  {
271  nasl_perror (lexic, "%s : unknown element '%s'\n", __func__, element);
272  return NULL;
273  }
274 
275  retc = alloc_typed_cell (CONST_DATA);
276  retc->size = strlen (ret_ascii);
277  retc->x.str_val = g_strdup (ret_ascii);
278 
279  return retc;
280 }

References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, UNFIX, and TC::x.

Here is the call graph for this function:

◆ get_tcp_v6_element()

tree_cell* get_tcp_v6_element ( lex_ctxt lexic)

Get TCP Header element.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]tcpIPv6 packet
[in]elementElement to extract from the header (see forge_tcp_v6_packet()).
Returns
tree_cell with the forged IP packet.

Definition at line 618 of file nasl_packet_forgery_v6.c.

619 {
620  u_char *packet = (u_char *) get_str_var_by_name (lexic, "tcp");
621  struct ip6_hdr *ip6;
622  int ipsz;
623  struct tcphdr *tcp;
624  char *element;
625  int ret;
626  tree_cell *retc;
627 
628  ipsz = get_var_size_by_name (lexic, "tcp");
629 
630  if (packet == NULL)
631  {
632  nasl_perror (lexic, "get_tcp_v6_element: No valid 'tcp' argument\n");
633  return NULL;
634  }
635 
636  ip6 = (struct ip6_hdr *) packet;
637 
638  /* valid ipv6 header check */
639  if (UNFIX (ip6->ip6_plen) > ipsz)
640  return NULL; /* Invalid packet */
641 
642  tcp = (struct tcphdr *) (packet + 40);
643 
644  element = get_str_var_by_name (lexic, "element");
645  if (!element)
646  {
647  nasl_perror (lexic, "get_tcp_v6_element: No valid 'element' argument\n");
648  return NULL;
649  }
650 
651  if (!strcmp (element, "th_sport"))
652  ret = ntohs (tcp->th_sport);
653  else if (!strcmp (element, "th_dsport"))
654  ret = ntohs (tcp->th_dport);
655  else if (!strcmp (element, "th_seq"))
656  ret = ntohl (tcp->th_seq);
657  else if (!strcmp (element, "th_ack"))
658  ret = ntohl (tcp->th_ack);
659  else if (!strcmp (element, "th_x2"))
660  ret = tcp->th_x2;
661  else if (!strcmp (element, "th_off"))
662  ret = tcp->th_off;
663  else if (!strcmp (element, "th_flags"))
664  ret = tcp->th_flags;
665  else if (!strcmp (element, "th_win"))
666  ret = ntohs (tcp->th_win);
667  else if (!strcmp (element, "th_sum"))
668  ret = tcp->th_sum;
669  else if (!strcmp (element, "th_urp"))
670  ret = tcp->th_urp;
671  else if (!strcmp (element, "data"))
672  {
673  retc = alloc_typed_cell (CONST_DATA);
674  retc->size = UNFIX (ip6->ip6_plen) - tcp->th_off * 4;
675  if (retc->size < 0 || retc->size > ipsz - 40 - tcp->th_off * 4)
676  {
677  nasl_perror (lexic,
678  "get_tcp_v6_element: Erroneous tcp header offset %d\n",
679  retc->size);
680  deref_cell (retc);
681  return NULL;
682  }
683  retc->x.str_val = g_malloc0 (retc->size);
684  bcopy ((char *) tcp + tcp->th_off * 4, retc->x.str_val, retc->size);
685  return retc;
686  }
687  else
688  {
689  nasl_perror (lexic, "get_tcp_v6_element: Unknown tcp field %s\n",
690  element);
691  return NULL;
692  }
693 
694  retc = alloc_typed_cell (CONST_INT);
695  retc->x.i_val = ret;
696  return retc;
697 }

References alloc_typed_cell(), CONST_DATA, CONST_INT, deref_cell(), get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, UNFIX, and TC::x.

Here is the call graph for this function:

◆ get_tcp_v6_option()

tree_cell* get_tcp_v6_option ( lex_ctxt lexic)

Get a TCP option from an IP datagram if present. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]tcpThe full IP datagram (IP + TCP).
[in]optionOption to get.
Returns
Integer or array given the case.

Definition at line 775 of file nasl_packet_forgery_v6.c.

776 {
777  u_char *packet = (u_char *) get_str_var_by_name (lexic, "tcp");
778  struct ip6_hdr *ip6;
779  int ipsz;
780  struct tcphdr *tcp;
781  char *options;
782  int opt;
783  tree_cell *retc;
784  nasl_array *arr;
785  anon_nasl_var v;
786 
787  struct tcp_options *tcp_all_options = NULL;
788 
789  if (packet == NULL)
790  {
791  nasl_perror (lexic, "%s: No valid 'tcp' argument passed.\n", __func__);
792  return NULL;
793  }
794 
795  opt = get_int_var_by_name (lexic, "option", -1);
796  if (opt < 0)
797  {
798  nasl_perror (lexic,
799  "%s: No 'option' argument passed but required.\n."
800  "Usage: %s(tcp:<tcp>, option:<TCPOPT>)",
801  __func__, __func__);
802  return NULL;
803  }
804 
805  ip6 = (struct ip6_hdr *) packet;
806 
807  /* valid ipv6 header check */
808  ipsz = get_var_size_by_name (lexic, "tcp");
809  if (UNFIX (ip6->ip6_plen) > ipsz)
810  return NULL; /* Invalid packet */
811 
812  tcp = (struct tcphdr *) (packet + 40);
813 
814  if (tcp->th_off <= 5)
815  return NULL;
816 
817  // Get options from the segment
818  options = (char *) g_malloc0 (sizeof (uint8_t) * 4 * (tcp->th_off - 5));
819  memcpy (options, (char *) tcp + 20, (tcp->th_off - 5) * 4);
820 
821  tcp_all_options = g_malloc0 (sizeof (struct tcp_options));
822  get_tcp_options (options, tcp_all_options);
823  if (tcp_all_options == NULL)
824  {
825  nasl_perror (lexic, "%s: No TCP options found in passed TCP packet.\n",
826  __func__);
827 
828  g_free (options);
829  return NULL;
830  }
831 
832  opt = get_int_var_by_name (lexic, "option", -1);
833  retc = NULL;
834  switch (opt)
835  {
836  case TCPOPT_MAXSEG:
837  retc = alloc_typed_cell (CONST_INT);
838  retc->x.i_val = ntohs ((uint16_t) tcp_all_options->mss.mss);
839  break;
840  case TCPOPT_WINDOW:
841  retc = alloc_typed_cell (CONST_INT);
842  retc->x.i_val = tcp_all_options->wscale.wscale;
843  break;
844  case TCPOPT_SACK_PERMITTED:
845  retc = alloc_typed_cell (CONST_INT);
846  retc->x.i_val = tcp_all_options->sack_perm.kind ? 1 : 0;
847  break;
848  case TCPOPT_TIMESTAMP:
849  retc = alloc_typed_cell (DYN_ARRAY);
850  retc->x.ref_val = arr = g_malloc0 (sizeof (nasl_array));
851 
852  memset (&v, 0, sizeof (v));
853  v.var_type = VAR2_INT;
854  v.v.v_int = ntohl ((uint32_t) tcp_all_options->tstamp.tstamp);
855  add_var_to_array (arr, "timestamp", &v);
856 
857  memset (&v, 0, sizeof (v));
858  v.var_type = VAR2_INT;
859  v.v.v_int = ntohl ((uint32_t) tcp_all_options->tstamp.e_tstamp);
860  add_var_to_array (arr, "echo_timestamp", &v);
861  break;
862  default:
863  nasl_perror (lexic, "%s: Invalid TCP option passed.\n", __func__);
864  break;
865  }
866 
867  g_free (tcp_all_options);
868  g_free (options);
869  return retc;
870 }

References add_var_to_array(), alloc_typed_cell(), CONST_INT, DYN_ARRAY, tcp_opt_tstamp::e_tstamp, get_int_var_by_name(), get_str_var_by_name(), get_tcp_options(), get_var_size_by_name(), TC::i_val, tcp_opt_sack_perm::kind, tcp_options::mss, tcp_opt_mss::mss, nasl_perror(), TC::ref_val, tcp_options::sack_perm, tcp_options::tstamp, tcp_opt_tstamp::tstamp, UNFIX, st_a_nasl_var::v, st_a_nasl_var::v_int, VAR2_INT, st_a_nasl_var::var_type, tcp_options::wscale, tcp_opt_wscale::wscale, and TC::x.

Here is the call graph for this function:

◆ get_udp_v6_element()

tree_cell* get_udp_v6_element ( lex_ctxt )

Definition at line 1479 of file nasl_packet_forgery_v6.c.

1480 {
1481  tree_cell *retc;
1482  char *udp;
1483  char *element;
1484  unsigned int ipsz;
1485  struct udphdr *udphdr;
1486  int ret;
1487 
1488  udp = get_str_var_by_name (lexic, "udp");
1489  ipsz = get_var_size_by_name (lexic, "udp");
1490 
1491  element = get_str_var_by_name (lexic, "element");
1492  if (udp == NULL || element == NULL)
1493  {
1494  nasl_perror (
1495  lexic, "get_udp_v6_element() usage :\n"
1496  "element = get_udp_v6_element(udp:<udp>,element:<element>\n");
1497  return NULL;
1498  }
1499 
1500  if (40 + sizeof (struct udphdr) > ipsz)
1501  return NULL;
1502 
1503  udphdr = (struct udphdr *) (udp + 40);
1504  if (!strcmp (element, "uh_sport"))
1505  ret = ntohs (udphdr->uh_sport);
1506  else if (!strcmp (element, "uh_dport"))
1507  ret = ntohs (udphdr->uh_dport);
1508  else if (!strcmp (element, "uh_ulen"))
1509  ret = ntohs (udphdr->uh_ulen);
1510  else if (!strcmp (element, "uh_sum"))
1511  ret = ntohs (udphdr->uh_sum);
1512  else if (!strcmp (element, "data"))
1513  {
1514  int sz;
1515  retc = alloc_typed_cell (CONST_DATA);
1516  sz = ntohs (udphdr->uh_ulen) - sizeof (struct udphdr);
1517 
1518  if (ntohs (udphdr->uh_ulen) - 40 - sizeof (struct udphdr) > ipsz)
1519  sz = ipsz - 40 - sizeof (struct udphdr);
1520 
1521  retc->x.str_val = g_malloc0 (sz);
1522  retc->size = sz;
1523  bcopy (udp + 40 + sizeof (struct udphdr), retc->x.str_val, sz);
1524  return retc;
1525  }
1526  else
1527  {
1528  nasl_perror (lexic, "%s is not a value of a udp packet\n", element);
1529  return NULL;
1530  }
1531 
1532  retc = alloc_typed_cell (CONST_INT);
1533  retc->x.i_val = ret;
1534  return retc;
1535 }

References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ insert_ip_v6_options()

tree_cell* insert_ip_v6_options ( lex_ctxt lexic)

Adds an IPv6 option to the datagram.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]ip6IPv6 packet.
[in]dataData payload.
[in]codeCode of option.
[in]lengthLength of value.
[in]valueValue of the option.
Returns
the modified datagram.

Definition at line 394 of file nasl_packet_forgery_v6.c.

395 {
396  struct ip6_hdr *ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
397  int code = get_int_var_by_name (lexic, "code", 0);
398  int len = get_int_var_by_name (lexic, "length", 0);
399  char *value = get_str_var_by_name (lexic, "value");
400  int value_size = get_var_size_by_name (lexic, "value");
401  tree_cell *retc;
402  struct ip6_hdr *new_packet;
403  char *p;
404  int size = get_var_size_by_name (lexic, "ip6");
405  u_char uc_code, uc_len;
406  int pad_len;
407  char zero = '0';
408  int i;
409  int pl;
410 
411  if (ip6 == NULL)
412  {
413  nasl_perror (lexic,
414  "Usage : %s(ip6:<ip6>, code:<code>, "
415  "length:<len>, value:<value>\n",
416  __func__);
417  return NULL;
418  }
419 
420  pad_len = 4 - ((sizeof (uc_code) + sizeof (uc_len) + value_size) % 4);
421  if (pad_len == 4)
422  pad_len = 0;
423 
424  pl = 40 < UNFIX (ip6->ip6_plen) ? 40 : UNFIX (ip6->ip6_plen);
425  new_packet = g_malloc0 (size + 4 + value_size + pad_len);
426  bcopy (ip6, new_packet, pl);
427 
428  uc_code = (u_char) code;
429  uc_len = (u_char) len;
430 
431  p = (char *) new_packet;
432  bcopy (&uc_code, p + pl, sizeof (uc_code));
433  bcopy (&uc_len, p + pl + sizeof (uc_code), sizeof (uc_len));
434  bcopy (value, p + pl + sizeof (uc_code) + sizeof (uc_len), value_size);
435 
436  zero = 0;
437  for (i = 0; i < pad_len; i++)
438  {
439  bcopy (&zero,
440  p + pl + sizeof (uc_code) + sizeof (uc_len) + value_size + i, 1);
441  }
442 
443  p = (char *) ip6;
444  bcopy (p + pl,
445  new_packet
446  + (sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len) + pl,
447  size - pl);
448 
449  new_packet->ip6_plen =
450  FIX (size + sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len);
451 
452  retc = alloc_typed_cell (CONST_DATA);
453  retc->size = size + value_size + sizeof (uc_code) + sizeof (uc_len) + pad_len;
454  retc->x.str_val = (char *) new_packet;
455 
456  return retc;
457 }

References alloc_typed_cell(), code, CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), TC::size, TC::str_val, UNFIX, TC::x, and zero.

Here is the call graph for this function:

◆ insert_tcp_v6_options()

tree_cell* insert_tcp_v6_options ( lex_ctxt lexic)

Add options to a TCP segment header. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]tcpIP datagram.
[in]data(optional) TCP data payload.
[in]unnamedoption.
[in]Valuefor unnamed option if required.
Returns
The modified IP datagram.

Definition at line 999 of file nasl_packet_forgery_v6.c.

1000 {
1001  char *pkt = get_str_var_by_name (lexic, "tcp");
1002  struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
1003  int pktsz = get_var_size_by_name (lexic, "tcp");
1004  struct tcphdr *tcp;
1005  tree_cell *retc;
1006  char *data = get_str_var_by_name (lexic, "data");
1007  int data_len = get_var_size_by_name (lexic, "data");
1008  char *npkt;
1009  int tcp_opt, tcp_opt_val, tcp_opt_val2;
1010  int current_opt_len, total_opt_len, opt_size_allocated;
1011  char *opts, *ptr_opts_pos;
1012  uint8_t eol, nop;
1013  int i;
1014 
1015  struct tcp_opt_mss *opt_mss;
1016  struct tcp_opt_wscale *opt_wscale;
1017  struct tcp_opt_sack_perm *opt_sack_perm;
1018  struct tcp_opt_tstamp *opt_tstamp;
1019 
1020  if (pkt == NULL)
1021  {
1022  nasl_perror (
1023  lexic, "set_tcp_v6_elements: Invalid value for the argument 'tcp'\n");
1024  return NULL;
1025  }
1026  opts = g_malloc0 (sizeof (char) * 4);
1027  ptr_opts_pos = opts;
1028  opt_size_allocated = 4; // 4 bytes
1029  total_opt_len = 0;
1030  for (i = 0;; i++)
1031  {
1032  tcp_opt = get_int_var_by_num (lexic, i, -1);
1033  current_opt_len = total_opt_len;
1034 
1035  if (tcp_opt == -1)
1036  break;
1037 
1038  switch (tcp_opt)
1039  {
1040  case TCPOPT_MAXSEG:
1041  tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1042  i++;
1043  if (tcp_opt_val < (int) TCP_MSS_DESIRED || tcp_opt_val > 65535)
1044  {
1045  nasl_perror (lexic, "%s: Invalid value for TCP option MSS\n",
1046  __func__);
1047  break;
1048  }
1049  opt_mss = g_malloc0 (sizeof (struct tcp_opt_mss));
1050  total_opt_len += TCPOLEN_MAXSEG;
1051  opt_mss->kind = TCPOPT_MAXSEG;
1052  opt_mss->len = TCPOLEN_MAXSEG;
1053  opt_mss->mss = FIX (tcp_opt_val);
1054 
1055  // Need reallocated memory because options requires it.
1056  if (total_opt_len > opt_size_allocated)
1057  {
1058  opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1059  opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1060  ptr_opts_pos = opts + current_opt_len;
1061  }
1062 
1063  memcpy (ptr_opts_pos, (u_char *) opt_mss,
1064  sizeof (struct tcp_opt_mss));
1065  ptr_opts_pos = ptr_opts_pos + sizeof (struct tcp_opt_mss);
1066  g_free (opt_mss);
1067  break;
1068  case TCPOPT_WINDOW:
1069  tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1070  i++;
1071  if (tcp_opt_val < 0 || tcp_opt_val > 14)
1072  {
1073  nasl_perror (lexic, "%s: Invalid value for TCP option WScale\n",
1074  __func__);
1075  break;
1076  }
1077  opt_wscale = g_malloc0 (sizeof (struct tcp_opt_wscale));
1078  total_opt_len += TCPOLEN_WINDOW;
1079  opt_wscale->kind = TCPOPT_WINDOW;
1080  opt_wscale->len = TCPOLEN_WINDOW;
1081  opt_wscale->wscale = tcp_opt_val;
1082 
1083  // Need reallocated memory because options requires it.
1084  if (total_opt_len > opt_size_allocated)
1085  {
1086  opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1087  opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1088  ptr_opts_pos = opts + current_opt_len;
1089  }
1090 
1091  memcpy (ptr_opts_pos, (u_char *) opt_wscale,
1092  sizeof (struct tcp_opt_wscale));
1093  ptr_opts_pos = ptr_opts_pos + sizeof (struct tcp_opt_wscale);
1094  g_free (opt_wscale);
1095  break;
1096  case TCPOPT_SACK_PERMITTED:
1097  opt_sack_perm = g_malloc0 (sizeof (struct tcp_opt_sack_perm));
1098  total_opt_len += TCPOLEN_SACK_PERMITTED;
1099  opt_sack_perm->kind = TCPOPT_SACK_PERMITTED;
1100  opt_sack_perm->len = TCPOLEN_SACK_PERMITTED;
1101 
1102  // Need reallocated memory because options requires it.
1103  if (total_opt_len > opt_size_allocated)
1104  {
1105  opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1106  opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1107  ptr_opts_pos = opts + current_opt_len;
1108  }
1109 
1110  memcpy (ptr_opts_pos, (u_char *) opt_sack_perm,
1111  sizeof (struct tcp_opt_sack_perm));
1112  ptr_opts_pos = ptr_opts_pos + sizeof (struct tcp_opt_sack_perm);
1113  g_free (opt_sack_perm);
1114  break;
1115  case TCPOPT_TIMESTAMP:
1116  tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1117  tcp_opt_val2 = get_int_var_by_num (lexic, i + 2, -1);
1118  i = i + 2;
1119  if (tcp_opt_val < 0)
1120  nasl_perror (lexic, "%s: Invalid value for TCP option Timestamp\n",
1121  __func__);
1122  opt_tstamp = g_malloc0 (sizeof (struct tcp_opt_tstamp));
1123  total_opt_len += TCPOLEN_TIMESTAMP;
1124  opt_tstamp->kind = TCPOPT_TIMESTAMP;
1125  opt_tstamp->len = TCPOLEN_TIMESTAMP;
1126  opt_tstamp->tstamp = htonl (tcp_opt_val);
1127  opt_tstamp->e_tstamp = htonl (tcp_opt_val2);
1128 
1129  // Need reallocated memory because options requires it.
1130  if (total_opt_len > opt_size_allocated)
1131  {
1132  opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1133  opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1134  ptr_opts_pos = opts + current_opt_len;
1135  }
1136 
1137  memcpy (ptr_opts_pos, (u_char *) opt_tstamp,
1138  sizeof (struct tcp_opt_tstamp));
1139  ptr_opts_pos = ptr_opts_pos + sizeof (struct tcp_opt_tstamp);
1140  g_free (opt_tstamp);
1141  break;
1142  case TCPOPT_NOP:
1143  case TCPOPT_EOL:
1144  case TCPOPT_SACK: /* Experimental, not supported */
1145  default:
1146  nasl_perror (lexic, "%s: TCP option %d not supported\n", __func__,
1147  tcp_opt);
1148  break;
1149  }
1150  }
1151 
1152  // Add NOP padding and End Of Option list kinds.
1153  current_opt_len = total_opt_len;
1154  eol = TCPOPT_EOL;
1155  nop = TCPOPT_NOP;
1156  if (total_opt_len % 4 == 0)
1157  {
1158  opt_size_allocated = opt_size_allocated + 4;
1159  opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1160  ptr_opts_pos = opts + total_opt_len;
1161  }
1162  if (current_opt_len < opt_size_allocated - 1)
1163  {
1164  // Add NOPs
1165  for (i = current_opt_len; i < opt_size_allocated - 1; i++)
1166  {
1167  memcpy (ptr_opts_pos, &nop, 1);
1168  total_opt_len++;
1169  ptr_opts_pos++;
1170  }
1171  }
1172  // Add EOL
1173  memcpy (ptr_opts_pos, &eol, 1);
1174 
1175  tcp = (struct tcphdr *) (pkt + 40);
1176 
1177  if (pktsz < UNFIX (ip6->ip6_plen))
1178  {
1179  g_free (opts);
1180  return NULL;
1181  }
1182 
1183  if (data_len == 0)
1184  {
1185  data_len = UNFIX (ip6->ip6_plen) - (tcp->th_off * 4);
1186  data = (char *) ((char *) tcp + tcp->th_off * 4);
1187  }
1188 
1189  // Alloc enough memory to hold the options
1190  npkt = g_malloc0 (40 + tcp->th_off * 4 + opt_size_allocated + data_len);
1191  memcpy (npkt, pkt, UNFIX (ip6->ip6_plen) + 40);
1192  ip6 = (struct ip6_hdr *) (npkt);
1193  tcp = (struct tcphdr *) (npkt + 40);
1194 
1195  // copy options
1196  memcpy ((char *) tcp + tcp->th_off * 4, opts, opt_size_allocated);
1197  tcp->th_off = tcp->th_off + (opt_size_allocated / 4);
1198 
1199  memcpy ((char *) tcp + tcp->th_off * 4, data, data_len);
1200 
1201  ip6->ip6_plen = FIX (tcp->th_off * 4 + data_len);
1202 
1203  struct v6pseudohdr pseudoheader;
1204  char *tcpsumdata =
1205  g_malloc0 (sizeof (struct v6pseudohdr) + opt_size_allocated + data_len + 1);
1206 
1207  memset (&pseudoheader, 0, 38 + sizeof (struct tcphdr));
1208  memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
1209  memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
1210 
1211  pseudoheader.protocol = IPPROTO_TCP;
1212  pseudoheader.length =
1213  htons (sizeof (struct tcphdr) + opt_size_allocated + data_len);
1214 
1215  // Set th_sum to Zero, necessary for the new checksum calculation
1216  tcp->th_sum = 0;
1217 
1218  memcpy ((char *) &pseudoheader.tcpheader, (char *) tcp,
1219  sizeof (struct tcphdr));
1220 
1221  /* fill tcpsumdata with data to checksum */
1222  memcpy (tcpsumdata, (char *) &pseudoheader, sizeof (struct v6pseudohdr));
1223  memcpy (tcpsumdata + sizeof (struct v6pseudohdr), (char *) opts,
1224  opt_size_allocated);
1225  if (data != NULL)
1226  memcpy (tcpsumdata + sizeof (struct v6pseudohdr) + opt_size_allocated,
1227  (char *) data, data_len);
1228  tcp->th_sum =
1229  np_in_cksum ((unsigned short *) tcpsumdata,
1230  38 + sizeof (struct tcphdr) + opt_size_allocated + data_len);
1231  g_free (opts);
1232  g_free (tcpsumdata);
1233 
1234  retc = alloc_typed_cell (CONST_DATA);
1235  retc->size = 40 + (tcp->th_off * 4) + data_len;
1236  retc->x.str_val = npkt;
1237  return retc;
1238 }

References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, tcp_opt_tstamp::e_tstamp, FIX, get_int_var_by_num(), get_str_var_by_name(), get_var_size_by_name(), tcp_opt_mss::kind, tcp_opt_wscale::kind, tcp_opt_sack_perm::kind, tcp_opt_tstamp::kind, tcp_opt_mss::len, tcp_opt_wscale::len, tcp_opt_sack_perm::len, tcp_opt_tstamp::len, v6pseudohdr::length, tcp_opt_mss::mss, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, tcp_opt_tstamp::tstamp, UNFIX, tcp_opt_wscale::wscale, and TC::x.

Here is the call graph for this function:

◆ nasl_send_v6packet()

tree_cell* nasl_send_v6packet ( lex_ctxt lexic)

Send forged IPv6 Packets.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]...IPv6 packets to send.
[in]lengthLength of each packet by default.
[in]pcap_activeTRUE by default. Otherwise, NASL does not listen for the answers.
[in]pcap_filterBPF filter.
[in]pcap_timeoutCapture timeout. 5 by default.
[in]allow_multicastDefault 0.
Returns
tree_cell with the response to the sent packet.

Definition at line 2323 of file nasl_packet_forgery_v6.c.

2324 {
2325  tree_cell *retc = FAKE_CELL;
2326  int bpf = -1;
2327  u_char *answer;
2328  int answer_sz;
2329  struct sockaddr_in6 sockaddr;
2330  char *ip = NULL;
2331  struct ip6_hdr *sip = NULL;
2332  int vi = 0, b = 0, len = 0;
2333  int soc;
2334  int use_pcap = get_int_var_by_name (lexic, "pcap_active", 1);
2335  int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
2336  char *filter = get_str_var_by_name (lexic, "pcap_filter");
2337  int dfl_len = get_int_var_by_name (lexic, "length", -1);
2338  struct script_infos *script_infos = lexic->script_infos;
2339  struct in6_addr *dstip = plug_get_host_ip (script_infos);
2340  int opt_on = 1;
2341  char name[INET6_ADDRSTRLEN];
2342  int allow_multicast = 0;
2343 
2344  if (dstip == NULL || (IN6_IS_ADDR_V4MAPPED (dstip) == 1))
2345  return NULL;
2346  soc = socket (AF_INET6, SOCK_RAW, IPPROTO_RAW);
2347  if (soc < 0)
2348  return NULL;
2349 
2350  if (setsockopt (soc, IPPROTO_IPV6, IP_HDRINCL, (char *) &opt_on,
2351  sizeof (opt_on))
2352  < 0)
2353  perror ("setsockopt");
2354  while ((ip = get_str_var_by_num (lexic, vi)) != NULL)
2355  {
2356  allow_multicast = get_int_var_by_name (lexic, "allow_multicast", 0);
2357  int sz = get_var_size_by_num (lexic, vi);
2358  vi++;
2359 
2360  if ((unsigned int) sz < sizeof (struct ip6_hdr))
2361  {
2362  nasl_perror (lexic, "send_v6packet: packet is too short\n");
2363  continue;
2364  }
2365 
2366  sip = (struct ip6_hdr *) ip;
2367  if (use_pcap != 0 && bpf < 0)
2368  bpf = init_v6_capture_device (sip->ip6_dst, sip->ip6_src, filter);
2369 
2370  bzero (&sockaddr, sizeof (struct sockaddr_in6));
2371  sockaddr.sin6_family = AF_INET6;
2372  sockaddr.sin6_addr = sip->ip6_dst;
2373 
2374  if (allow_multicast)
2375  {
2376  struct sockaddr_in6 multicast;
2377 
2378  if (setsockopt (soc, SOL_SOCKET, SO_BROADCAST, &opt_on,
2379  sizeof (opt_on))
2380  < 0)
2381  perror ("setsockopt ");
2382 
2383  bzero (&multicast, sizeof (struct sockaddr_in6));
2384  sockaddr.sin6_family = AF_INET6;
2385  inet_pton (AF_INET6, "ff02::1", &(multicast.sin6_addr));
2386 
2387  if (!IN6_ARE_ADDR_EQUAL (&sockaddr.sin6_addr, &multicast.sin6_addr))
2388  allow_multicast = 0;
2389  }
2390 
2391  if (dstip != NULL && !IN6_ARE_ADDR_EQUAL (&sockaddr.sin6_addr, dstip)
2392  && !allow_multicast)
2393  {
2394  char txt1[64], txt2[64];
2395  strncpy (
2396  txt1,
2397  inet_ntop (AF_INET6, &sockaddr.sin6_addr, name, INET6_ADDRSTRLEN),
2398  sizeof (txt1));
2399  txt1[sizeof (txt1) - 1] = '\0';
2400  strncpy (txt2, inet_ntop (AF_INET6, dstip, name, INET6_ADDRSTRLEN),
2401  sizeof (txt2));
2402  txt2[sizeof (txt2) - 1] = '\0';
2403  nasl_perror (lexic,
2404  "send_v6packet: malicious or buggy script is trying to "
2405  "send packet to %s instead of designated target %s\n",
2406  txt1, txt2);
2407  if (bpf >= 0)
2408  bpf_close (bpf);
2409  close (soc);
2410  return NULL;
2411  }
2412 
2413  if (dfl_len > 0 && dfl_len < sz)
2414  len = dfl_len;
2415  else
2416  len = sz;
2417 
2418  b = sendto (soc, (u_char *) ip, len, 0, (struct sockaddr *) &sockaddr,
2419  sizeof (struct sockaddr_in6));
2420  /* if(b < 0) perror("sendto "); */
2421  if (b >= 0 && use_pcap != 0 && bpf >= 0)
2422  {
2423  if (v6_islocalhost (&sip->ip6_dst))
2424  {
2425  answer = (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2426  while (
2427  answer != NULL
2428  && (!memcmp (answer, (char *) ip, sizeof (struct ip6_hdr))))
2429  {
2430  g_free (answer);
2431  answer =
2432  (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2433  }
2434  }
2435  else
2436  {
2437  answer = (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2438  }
2439  if (answer)
2440  {
2441  retc = alloc_typed_cell (CONST_DATA);
2442  retc->x.str_val = (char *) answer;
2443  retc->size = answer_sz;
2444  break;
2445  }
2446  }
2447  }
2448  if (bpf >= 0)
2449  bpf_close (bpf);
2450  close (soc);
2451  return retc;
2452 }

References alloc_typed_cell(), bpf_close(), capture_next_v6_packet(), CONST_DATA, FAKE_CELL, get_int_var_by_name(), get_str_var_by_name(), get_str_var_by_num(), get_var_size_by_num(), init_v6_capture_device(), len, name, nasl_perror(), plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, v6_islocalhost(), and TC::x.

Here is the call graph for this function:

◆ nasl_tcp_v6_ping()

tree_cell* nasl_tcp_v6_ping ( lex_ctxt lexic)

Performs TCP Connect to test if host is alive.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]portPort to ping. Internal list of common ports is used as default.
Returns
tree_cell > 0 if host is alive, 0 otherwise.

Definition at line 2177 of file nasl_packet_forgery_v6.c.

2178 {
2179  int port;
2180  u_char packet[sizeof (struct ip6_hdr) + sizeof (struct tcphdr)];
2181  int soc;
2182  struct ip6_hdr *ip = (struct ip6_hdr *) packet;
2183  struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof (struct ip6_hdr));
2184  struct script_infos *script_infos = lexic->script_infos;
2185  struct in6_addr *destination = plug_get_host_ip (script_infos);
2186  struct in6_addr source;
2187  struct sockaddr_in6 soca;
2188  int flag = 0;
2189  unsigned int i = 0;
2190  int bpf;
2191  char filter[255];
2192  tree_cell *retc;
2193  int opt = 1;
2194  struct timeval tv;
2195  int len;
2196 
2197 #define rnd_tcp_port() (rand () % 65535 + 1024)
2198  int sports[] = {0, 0, 0, 0, 0, 1023, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2199  0, 0, 0, 0, 0, 53, 0, 0, 20, 0, 25, 0, 0, 0};
2200  int ports[] = {139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025,
2201  25, 111, 1028, 9100, 1029, 79, 497, 548, 5000, 1917,
2202  53, 161, 9001, 65535, 443, 113, 993, 8080, 0};
2203  char addr[INET6_ADDRSTRLEN];
2204 
2205  if (!destination || (IN6_IS_ADDR_V4MAPPED (destination) == 1))
2206  return NULL;
2207 
2208  for (i = 0; i < sizeof (sports) / sizeof (int); i++)
2209  {
2210  if (sports[i] == 0)
2211  sports[i] = rnd_tcp_port ();
2212  }
2213 
2214  soc = socket (AF_INET6, SOCK_RAW, IPPROTO_RAW);
2215  if (soc < 0)
2216  return NULL;
2217 
2218  if (setsockopt (soc, IPPROTO_IPV6, IP_HDRINCL, (char *) &opt, sizeof (opt))
2219  < 0)
2220  perror ("setsockopt");
2221 
2222  port = get_int_var_by_name (lexic, "port", -1);
2223  if (port == -1)
2225  if (v6_islocalhost (destination) > 0)
2226  source = *destination;
2227  else
2228  {
2229  bzero (&source, sizeof (source));
2230  v6_routethrough (destination, &source);
2231  }
2232 
2233  snprintf (filter, sizeof (filter), "ip6 and src host %s",
2234  inet_ntop (AF_INET6, destination, addr, sizeof (addr)));
2235  bpf = init_v6_capture_device (*destination, source, filter);
2236 
2237  if (v6_islocalhost (destination) != 0)
2238  flag++;
2239  else
2240  {
2241  unsigned int num_ports = sizeof (sports) / sizeof (int);
2242  for (i = 0; i < num_ports && !flag; i++)
2243  {
2244  bzero (packet, sizeof (packet));
2245  /* IPv6 */
2246  int version = 0x60, tc = 0, fl = 0;
2247  ip->ip6_ctlun.ip6_un1.ip6_un1_flow = version | tc | fl;
2248  ip->ip6_nxt = 0x06, ip->ip6_hlim = 0x40, ip->ip6_src = source;
2249  ip->ip6_dst = *destination;
2250  ip->ip6_ctlun.ip6_un1.ip6_un1_plen = FIX (sizeof (struct tcphdr));
2251 
2252  /* TCP */
2253  tcp->th_sport = port ? htons (rnd_tcp_port ()) : htons (sports[i]);
2254  tcp->th_flags = TH_SYN;
2255  tcp->th_dport = port ? htons (port) : htons (ports[i]);
2256  tcp->th_seq = rand ();
2257  tcp->th_ack = 0;
2258  tcp->th_x2 = 0;
2259  tcp->th_off = 5;
2260  tcp->th_win = htons (512);
2261  tcp->th_urp = 0;
2262  tcp->th_sum = 0;
2263 
2264  /* CKsum */
2265  {
2266  struct v6pseudohdr pseudoheader;
2267 
2268  bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
2269  memcpy (&pseudoheader.s6addr, &ip->ip6_src,
2270  sizeof (struct in6_addr));
2271  memcpy (&pseudoheader.d6addr, &ip->ip6_dst,
2272  sizeof (struct in6_addr));
2273 
2274  pseudoheader.protocol = IPPROTO_TCP;
2275  pseudoheader.length = htons (sizeof (struct tcphdr));
2276  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
2277  sizeof (struct tcphdr));
2278  tcp->th_sum = np_in_cksum ((unsigned short *) &pseudoheader,
2279  38 + sizeof (struct tcphdr));
2280  }
2281 
2282  bzero (&soca, sizeof (soca));
2283  soca.sin6_family = AF_INET6;
2284  soca.sin6_addr = ip->ip6_dst;
2285  if (sendto (soc, (const void *) ip,
2286  sizeof (struct tcphdr) + sizeof (struct ip6_hdr), 0,
2287  (struct sockaddr *) &soca, sizeof (struct sockaddr_in6))
2288  < 0)
2289  {
2290  close (soc);
2291  return NULL;
2292  }
2293  tv.tv_sec = 0;
2294  tv.tv_usec = 100000;
2295  if (bpf >= 0 && bpf_next_tv (bpf, &len, &tv))
2296  flag++;
2297  }
2298  }
2299 
2300  retc = alloc_typed_cell (CONST_INT);
2301  retc->x.i_val = flag;
2302  if (bpf >= 0)
2303  bpf_close (bpf);
2304  close (soc);
2305  return retc;
2306 }

References alloc_typed_cell(), bpf_close(), bpf_next_tv(), CONST_INT, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), TC::i_val, init_v6_capture_device(), len, v6pseudohdr::length, np_in_cksum(), plug_get_host_ip(), plug_get_host_open_port(), v6pseudohdr::protocol, rnd_tcp_port, v6pseudohdr::s6addr, struct_lex_ctxt::script_infos, v6pseudohdr::tcpheader, timeval(), v6_islocalhost(), v6_routethrough(), and TC::x.

Referenced by nasl_tcp_ping().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_ip_v6_elements()

tree_cell* set_ip_v6_elements ( lex_ctxt lexic)

Set IPv6 header element.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]ip6IP v6 header.
[in]ip6_plenPayload length.
[in]ip6_hlimHop limit. Max. 255
[in]ip6_nxtNext packet.
[in]ip6_srcSource address
Returns
tree_cell with the forged IP packet.

Definition at line 295 of file nasl_packet_forgery_v6.c.

296 {
297  struct ip6_hdr *o_pkt = (struct ip6_hdr *) get_str_var_by_name (lexic, "ip6");
298  int size = get_var_size_by_name (lexic, "ip6");
299  tree_cell *retc;
300  struct ip6_hdr *pkt;
301  char *s;
302 
303  if (o_pkt == NULL)
304  {
305  nasl_perror (lexic, "%s: missing <ip6> field\n", __func__);
306  return NULL;
307  }
308 
309  pkt = (struct ip6_hdr *) g_malloc0 (size);
310  bcopy (o_pkt, pkt, size);
311 
312  pkt->ip6_plen = get_int_var_by_name (lexic, "ip6_plen", pkt->ip6_plen);
313  pkt->ip6_nxt = get_int_var_by_name (lexic, "ip6_nxt", pkt->ip6_nxt);
314  pkt->ip6_hlim = get_int_var_by_name (lexic, "ip6_hlim", pkt->ip6_hlim);
315 
316  s = get_str_var_by_name (lexic, "ip6_src");
317  if (s != NULL)
318  inet_pton (AF_INET6, s, &pkt->ip6_src);
319 
320  retc = alloc_typed_cell (CONST_DATA);
321  retc->size = size;
322  retc->x.str_val = (char *) pkt;
323 
324  return retc;
325 }

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ set_tcp_v6_elements()

tree_cell* set_tcp_v6_elements ( lex_ctxt lexic)

Set TCP Header element.

Parameters
[in]lexicLexical context of NASL interpreter.
[in]tcpIPv6 packet to modify.
[in]dataData.
[in]th_sportSource port.
[in]th_dportDestination port.
[in]th_seqSequence number.
[in]th_ackAcknowledgement number.
[in]th_x2
[in]th_offData offset.
[in]th_flagsFlags.
[in]th_winWindow.
[in]th_sumChecksum.
[in]th_urpUrgent pointer.
[in]update_ip_lenFlag (TRUE by default). If set, NASL will recompute the size field of the IP datagram.
Returns
tree_cell with the modified IPv6 datagram.

Definition at line 894 of file nasl_packet_forgery_v6.c.

895 {
896  char *pkt = get_str_var_by_name (lexic, "tcp");
897  struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
898  int pktsz = get_var_size_by_name (lexic, "tcp");
899  struct tcphdr *tcp;
900  tree_cell *retc;
901  char *data = get_str_var_by_name (lexic, "data");
902  int data_len = get_var_size_by_name (lexic, "data");
903  char *npkt;
904 
905  if (pkt == NULL)
906  {
907  nasl_perror (
908  lexic, "set_tcp_v6_elements: Invalid value for the argument 'tcp'\n");
909  return NULL;
910  }
911 
912  tcp = (struct tcphdr *) (pkt + 40);
913 
914  if (pktsz < UNFIX (ip6->ip6_plen))
915  return NULL;
916 
917  if (data_len == 0)
918  {
919  data_len = UNFIX (ip6->ip6_plen) - (tcp->th_off * 4);
920  data = (char *) ((char *) tcp + tcp->th_off * 4);
921  }
922 
923  npkt = g_malloc0 (40 + tcp->th_off * 4 + data_len);
924  bcopy (pkt, npkt, UNFIX (ip6->ip6_plen) + 40);
925 
926  ip6 = (struct ip6_hdr *) (npkt);
927  tcp = (struct tcphdr *) (npkt + 40);
928 
929  tcp->th_sport =
930  htons (get_int_var_by_name (lexic, "th_sport", ntohs (tcp->th_sport)));
931  tcp->th_dport =
932  htons (get_int_var_by_name (lexic, "th_dport", ntohs (tcp->th_dport)));
933  tcp->th_seq =
934  htonl (get_int_var_by_name (lexic, "th_seq", ntohl (tcp->th_seq)));
935  tcp->th_ack =
936  htonl (get_int_var_by_name (lexic, "th_ack", ntohl (tcp->th_ack)));
937  tcp->th_x2 = get_int_var_by_name (lexic, "th_x2", tcp->th_x2);
938  tcp->th_off = get_int_var_by_name (lexic, "th_off", tcp->th_off);
939  tcp->th_flags = get_int_var_by_name (lexic, "th_flags", tcp->th_flags);
940  tcp->th_win =
941  htons (get_int_var_by_name (lexic, "th_win", ntohs (tcp->th_win)));
942  tcp->th_sum = get_int_var_by_name (lexic, "th_sum", 0);
943  tcp->th_urp = get_int_var_by_name (lexic, "th_urp", tcp->th_urp);
944 
945  bcopy (data, (char *) tcp + tcp->th_off * 4, data_len);
946 
947  if (get_int_var_by_name (lexic, "update_ip_len", 1) != 0)
948  {
949  ip6->ip6_plen = FIX (tcp->th_off * 4 + data_len);
950  }
951 
952  if (tcp->th_sum == 0)
953  {
954  struct v6pseudohdr pseudoheader;
955  char *tcpsumdata = g_malloc0 (sizeof (struct v6pseudohdr) + data_len + 1);
956 
957  bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
958  memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
959  memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
960 
961  pseudoheader.protocol = IPPROTO_TCP;
962  pseudoheader.length = htons (sizeof (struct tcphdr) + data_len);
963  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
964  sizeof (struct tcphdr));
965  /* fill tcpsumdata with data to checksum */
966  bcopy ((char *) &pseudoheader, tcpsumdata, sizeof (struct v6pseudohdr));
967  if (data != NULL)
968  bcopy ((char *) data, tcpsumdata + sizeof (struct v6pseudohdr),
969  data_len);
970  tcp->th_sum = np_in_cksum ((unsigned short *) tcpsumdata,
971  38 + sizeof (struct tcphdr) + data_len);
972  g_free (tcpsumdata);
973  }
974 
975  retc = alloc_typed_cell (CONST_DATA);
976  retc->size = 40 + (tcp->th_off * 4) + data_len;
977  retc->x.str_val = npkt;
978  return retc;
979 }

References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), v6pseudohdr::length, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, UNFIX, and TC::x.

Here is the call graph for this function:

◆ set_udp_v6_elements()

tree_cell* set_udp_v6_elements ( lex_ctxt )

Definition at line 1551 of file nasl_packet_forgery_v6.c.

1552 {
1553  struct ip6_hdr *ip6 = (struct ip6_hdr *) get_str_var_by_name (lexic, "udp");
1554  unsigned int sz = get_var_size_by_name (lexic, "udp");
1555  char *data = get_str_var_by_name (lexic, "data");
1556  int data_len = get_var_size_by_name (lexic, "data");
1557 
1558  if (ip6 != NULL)
1559  {
1560  char *pkt;
1561  struct udphdr *udp;
1562  tree_cell *retc;
1563  int old_len;
1564 
1565  if (40 + sizeof (struct udphdr) > sz)
1566  {
1567  return NULL;
1568  }
1569  if (data != NULL)
1570  {
1571  sz = 40 + sizeof (struct udphdr) + data_len;
1572  pkt = g_malloc0 (sz);
1573  bcopy (ip6, pkt, 40 + sizeof (struct udphdr));
1574  }
1575  else
1576  {
1577  pkt = g_malloc0 (sz);
1578  bcopy (ip6, pkt, sz);
1579  }
1580 
1581  ip6 = (struct ip6_hdr *) pkt;
1582  if (data != NULL)
1583  {
1584  ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = FIX (sz - 40);
1585  }
1586  udp = (struct udphdr *) (pkt + 40);
1587 
1588  udp->uh_sport =
1589  htons (get_int_var_by_name (lexic, "uh_sport", ntohs (udp->uh_sport)));
1590  udp->uh_dport =
1591  htons (get_int_var_by_name (lexic, "uh_dport", ntohs (udp->uh_dport)));
1592 
1593  old_len = ntohs (udp->uh_ulen);
1594  udp->uh_ulen =
1595  htons (get_int_var_by_name (lexic, "uh_ulen", ntohs (udp->uh_ulen)));
1596  udp->uh_sum = get_int_var_by_name (lexic, "uh_sum", 0);
1597 
1598  if (data != NULL)
1599  {
1600  bcopy (data, pkt + 40 + sizeof (struct udphdr), data_len);
1601  udp->uh_ulen = htons (sizeof (struct udphdr) + data_len);
1602  }
1603 
1604  if (!udp->uh_sum)
1605  {
1606  struct v6pseudo_udp_hdr pseudohdr;
1607  int len = old_len - sizeof (struct udphdr);
1608  char *udpsumdata;
1609  char *ptr = NULL;
1610 
1611  if (data != NULL)
1612  {
1613  len = data_len;
1614  }
1615 
1616  if (len > 0)
1617  {
1618  ptr = (char *) udp + sizeof (struct udphdr);
1619  }
1620 
1621  udpsumdata = g_malloc0 (sizeof (struct v6pseudo_udp_hdr) + len + 1);
1622  bzero (&pseudohdr, sizeof (struct v6pseudo_udp_hdr));
1623 
1624  pseudohdr.proto = IPPROTO_UDP;
1625  pseudohdr.len = htons (sizeof (struct udphdr) + data_len);
1626  bcopy ((char *) udp, (char *) &pseudohdr.udpheader,
1627  sizeof (struct udphdr));
1628  memcpy (&pseudohdr.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
1629  memcpy (&pseudohdr.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
1630  bcopy ((char *) &pseudohdr, udpsumdata, sizeof (pseudohdr));
1631  if (ptr != NULL)
1632  {
1633  bcopy ((char *) ptr, udpsumdata + sizeof (pseudohdr), data_len);
1634  }
1635  udp->uh_sum = np_in_cksum ((unsigned short *) udpsumdata,
1636  38 + sizeof (struct udphdr)
1637  + ((len % 2) ? len + 1 : len));
1638  g_free (udpsumdata);
1639  }
1640  retc = alloc_typed_cell (CONST_DATA);
1641  retc->size = sz;
1642  retc->x.str_val = pkt;
1643  return retc;
1644  }
1645  else
1646  nasl_perror (lexic,
1647  "set_udp_v6_elements: You must supply the 'udp' argument !\n");
1648 
1649  return NULL;
1650 }

References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:
tcp_options::sack_perm
struct tcp_opt_sack_perm sack_perm
Definition: nasl_packet_forgery.c:523
st_a_nasl_var
Definition: nasl_var.h:40
len
uint8_t len
Definition: nasl_packet_forgery_v6.c:1
script_infos
Definition: scanneraux.h:29
tcp_opt_wscale
Definition: nasl_packet_forgery.c:499
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1138
igmp::cksum
unsigned short cksum
Definition: nasl_packet_forgery.c:1955
tcp_opt_wscale::len
uint8_t len
Definition: nasl_packet_forgery.c:501
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:316
TC::str_val
char * str_val
Definition: nasl_tree.h:103
tcp_options::mss
struct tcp_opt_mss mss
Definition: nasl_packet_forgery.c:521
tcp_opt_wscale::kind
uint8_t kind
Definition: nasl_packet_forgery.c:500
tcp_opt_sack_perm::len
uint8_t len
Definition: nasl_packet_forgery.c:508
tcp_options
Definition: nasl_packet_forgery.c:520
TC::x
union TC::@5 x
DYN_ARRAY
@ DYN_ARRAY
Definition: nasl_tree.h:90
v6_routethrough
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:841
FAKE_CELL
#define FAKE_CELL
Definition: nasl_tree.h:110
tcp_opt_sack_perm::kind
uint8_t kind
Definition: nasl_packet_forgery.c:507
rnd_tcp_port
#define rnd_tcp_port()
st_a_nasl_var::v
union st_a_nasl_var::@7 v
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1118
bpf_close
void bpf_close(int bpf)
Definition: bpf_share.c:164
v6pseudo_icmp_hdr
Definition: nasl_packet_forgery_v6.c:1694
name
const char * name
Definition: nasl_init.c:411
st_nasl_array
Definition: nasl_var.h:33
zero
u_char zero
Definition: nasl_packet_forgery.c:2
VAR2_INT
@ VAR2_INT
Definition: nasl_var.h:16
tcp_options::wscale
struct tcp_opt_wscale wscale
Definition: nasl_packet_forgery.c:522
plug_get_host_open_port
unsigned int plug_get_host_open_port(struct script_infos *desc)
Definition: plugutils.c:1220
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
bpf_next_tv
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
Definition: bpf_share.c:119
add_var_to_array
int add_var_to_array(nasl_array *a, char *name, const anon_nasl_var *v)
Definition: nasl_var.c:1277
TC::size
int size
Definition: nasl_tree.h:99
tcp_opt_tstamp::tstamp
uint32_t tstamp
Definition: nasl_packet_forgery.c:515
tcp_opt_tstamp::len
uint8_t len
Definition: nasl_packet_forgery.c:514
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1104
tcp_opt_sack_perm
Definition: nasl_packet_forgery.c:506
igmp6_hdr
Definition: nasl_packet_forgery_v6.c:2090
igmp::group
struct in_addr group
Definition: nasl_packet_forgery.c:1956
tcp_opt_mss::mss
uint16_t mss
Definition: nasl_packet_forgery.c:495
igmp
Definition: nasl_packet_forgery.c:1952
tcp_opt_mss
Definition: nasl_packet_forgery.c:492
TC::ref_val
void * ref_val
Definition: nasl_tree.h:105
get_int_var_by_num
long int get_int_var_by_num(lex_ctxt *, int, int)
Definition: nasl_var.c:1097
get_str_var_by_num
char * get_str_var_by_num(lex_ctxt *, int)
Definition: nasl_var.c:1111
st_a_nasl_var::var_type
int var_type
Definition: nasl_var.h:41
tcp_opt_wscale::wscale
uint8_t wscale
Definition: nasl_packet_forgery.c:502
timeval
static struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:94
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30
pseudohdr
Definition: nasl_builtin_synscan.c:46
TC
Definition: nasl_tree.h:94
v6pseudohdr
Definition: nasl_packet_forgery_v6.c:462
tcp_opt_tstamp::e_tstamp
uint32_t e_tstamp
Definition: nasl_packet_forgery.c:516
np_in_cksum
static int np_in_cksum(u_short *p, int n)
Definition: nasl_packet_forgery_v6.c:73
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
get_var_size_by_num
int get_var_size_by_num(lex_ctxt *, int)
Definition: nasl_var.c:1145
capture_next_v6_packet
struct ip6_hdr * capture_next_v6_packet(int bpf, int timeout, int *sz)
Definition: capture_packet.c:271
v6_islocalhost
int v6_islocalhost(struct in6_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition: pcap.c:224
tcp_opt_tstamp::kind
uint8_t kind
Definition: nasl_packet_forgery.c:513
tcp_opt_tstamp
Definition: nasl_packet_forgery.c:512
FIX
#define FIX(n)
Definition: nasl_packet_forgery_v6.c:62
get_tcp_options
static void get_tcp_options(char *options, struct tcp_options *tcp_all_options)
Extract all TCP option from an IP datagram.
Definition: nasl_packet_forgery_v6.c:706
tcp_opt_mss::kind
uint8_t kind
Definition: nasl_packet_forgery.c:493
tcp_options::tstamp
struct tcp_opt_tstamp tstamp
Definition: nasl_packet_forgery.c:524
st_a_nasl_var::v_int
long int v_int
Definition: nasl_var.h:48
tcp_opt_mss::len
uint8_t len
Definition: nasl_packet_forgery.c:494
UNFIX
#define UNFIX(n)
Definition: nasl_packet_forgery_v6.c:63
v6pseudo_udp_hdr
Definition: nasl_packet_forgery_v6.c:1372
deref_cell
void deref_cell(tree_cell *c)
Definition: nasl_tree.c:181
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
init_v6_capture_device
int init_v6_capture_device(struct in6_addr src, struct in6_addr dest, char *filter)
Definition: capture_packet.c:215
code
#define code
igmp::code
unsigned char code
Definition: nasl_packet_forgery.c:1954
igmp::type
unsigned char type
Definition: nasl_packet_forgery.c:1953
TC::i_val
long int i_val
Definition: nasl_tree.h:104