attack.h File Reference
Include dependency graph for attack.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Functions | |
| void | attack_network (struct scan_globals *) |
| Attack a whole network. | |
Detailed Description
Function Documentation
◆ attack_network()
| void attack_network | ( | struct scan_globals * | globals | ) |
Attack a whole network.
Definition at line 1247 of file attack.c.
1248{
1249 int max_hosts = 0, max_checks;
1250 const char *hostlist;
1251 gvm_host_t *host;
1252 plugins_scheduler_t sched;
1253 int fork_retries = 0;
1254 GHashTable *files;
1256 gvm_hosts_t *hosts;
1257 const gchar *port_range;
1258 int allow_simultaneous_ips;
1259 kb_t arg_host_kb, main_kb;
1260 GSList *unresolved;
1261 char buf[96];
1262
1263 check_deprecated_prefs ();
1264
1265 gboolean test_alive_hosts_only = prefs_get_bool ("test_alive_hosts_only");
1266 gvm_hosts_t *alive_hosts_list = NULL;
1267 kb_t alive_hosts_kb = NULL;
1268 if (test_alive_hosts_only)
1269 connect_main_kb (&alive_hosts_kb);
1270
1271 gettimeofday (&then, NULL);
1272
1274 return;
1275
1276 /* Init and check Target List */
1277 hostlist = prefs_get ("TARGET");
1278 if (hostlist == NULL)
1279 {
1280 return;
1281 }
1282
1283 /* Verify the port range is a valid one */
1284 port_range = prefs_get ("port_range");
1285 if (validate_port_range (port_range))
1286 {
1288 message_to_client (
1290 NULL, NULL, "ERRMSG");
1291 kb_lnk_reset (main_kb);
1292 g_warning ("Invalid port list. Ports must be in the range [1-65535]. "
1293 "Scan terminated.");
1295
1296 return;
1297 }
1298
1299 /* Initialize the attack. */
1300 int plugins_init_error = 0;
1302 prefs_get_bool ("auto_enable_dependencies"),
1303 &plugins_init_error);
1304 if (!sched)
1305 {
1306 g_message ("Couldn't initialize the plugin scheduler");
1307 return;
1308 }
1309
1310 if (plugins_init_error > 0)
1311 {
1312 sprintf (buf,
1313 "%d errors were found during the plugin scheduling. "
1314 "Some plugins have not been launched.",
1315 plugins_init_error);
1316
1319 kb_lnk_reset (main_kb);
1320 }
1321
1322 max_hosts = get_max_hosts_number ();
1323 max_checks = get_max_checks_number ();
1324
1325 hosts = gvm_hosts_new (hostlist);
1327 {
1328 char *buffer;
1329 buffer = g_strdup_printf ("Invalid target list: %s.", hostlist);
1332 g_free (buffer);
1333 /* Send the hosts count to the client as -1,
1334 * because the invalid target list.*/
1336 "HOSTS_COUNT");
1337 kb_lnk_reset (main_kb);
1338 g_warning ("Invalid target list. Scan terminated.");
1339 goto stop;
1340 }
1341
1342 unresolved = gvm_hosts_resolve (hosts);
1343 while (unresolved)
1344 {
1345 g_warning ("Couldn't resolve hostname '%s'", (char *) unresolved->data);
1346 unresolved = unresolved->next;
1347 }
1348 g_slist_free_full (unresolved, g_free);
1349
1350 /* Apply Hosts preferences. */
1352
1353 int already_excluded = 0;
1355
1356#ifdef FEATURE_HOSTS_ALLOWED_ONLY
1357 // Remove hosts which are denied and/or keep the ones in the allowed host
1358 // lists
1359 // for both, user and system wide settings.
1360 apply_hosts_allow_deny (hosts);
1361#endif
1362
1363 /* Send the hosts count to the client, after removing duplicated and
1364 * unresolved hosts.*/
1368 kb_lnk_reset (main_kb);
1369
1370 // Remove the excluded hosts
1372
1375 goto stop;
1376 hosts_init (max_hosts);
1377
1378 g_message ("Vulnerability scan %s started: Target has %d hosts: "
1379 "%s, with max_hosts = %d and max_checks = %d",
1381 max_checks);
1382
1383 if (test_alive_hosts_only)
1384 {
1385 /* Boolean signalling if alive detection finished. */
1386 gboolean ad_finished = FALSE;
1387 int err;
1388 pthread_t tid;
1389 struct in6_addr tmpaddr;
1390
1391 /* Reset the iterator. */
1392 hosts->current = 0;
1394 if (err == EAGAIN)
1395 g_warning (
1396 "%s: pthread_create() returned EAGAIN: Insufficient resources "
1397 "to create thread.",
1398 __func__);
1399 set_alive_detection_tid (tid);
1400 g_debug ("%s: started alive detection.", __func__);
1401
1404 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1405 {
1406 fork_sleep (1);
1407 }
1408
1412 {
1413 g_debug (
1414 "%s: Get first host to test from Queue. This host is used for "
1415 "initialising the alive_hosts_list.",
1416 __func__);
1417 }
1418 alive_hosts_list = gvm_hosts_new (gvm_host_value_str (host));
1419 }
1420
1421 /*
1422 * Start the attack !
1423 */
1424 allow_simultaneous_ips = prefs_get_bool ("allow_simultaneous_ips");
1427 {
1430 char *host_str;
1431
1432 if (!test_alive_hosts_only
1434 {
1435 sleep (1);
1436 // move the host at the end of the list and get the next host.
1437 gvm_hosts_move_current_host_to_end (hosts);
1439 continue;
1440 }
1441
1442 do
1443 {
1444 rc = kb_new (&arg_host_kb, prefs_get ("db_address"));
1445 if (rc < 0 && rc != -2)
1446 {
1447 report_kb_failure (rc);
1448 goto scan_stop;
1449 }
1450 else if (rc == -2)
1451 {
1452 sleep (KB_RETRY_DELAY);
1453 continue;
1454 }
1455 break;
1456 }
1457 while (1);
1458
1459 host_str = gvm_host_value_str (host);
1462 {
1463 kb_delete (arg_host_kb);
1464 g_free (host_str);
1465 goto scan_stop;
1466 }
1467
1469 {
1470 kb_delete (arg_host_kb);
1471 g_free (host_str);
1472 continue;
1473 }
1474
1475 args.host = host;
1476 args.globals = globals;
1477 args.sched = sched;
1478 args.host_kb = arg_host_kb;
1479
1480 forkagain:
1482 /* Close child process' socket. */
1484 {
1485 fork_retries++;
1487 {
1488 /* Forking failed - we go to the wait queue. */
1489 g_warning ("fork() failed - %s. %s won't be tested",
1490 strerror (errno), host_str);
1491 g_free (host_str);
1492 goto stop;
1493 }
1494
1495 g_debug ("fork() failed - "
1496 "sleeping %d seconds and trying again...",
1497 fork_retries);
1498 fork_sleep (fork_retries);
1499 goto forkagain;
1500 }
1502
1503 if (test_alive_hosts_only)
1504 {
1505 struct in6_addr tmpaddr;
1506 gvm_host_t *alive_buf;
1507
1508 while (1)
1509 {
1510 /* Boolean signalling if alive detection finished. */
1511 gboolean ad_finished = FALSE;
1514 host = get_host_from_queue (alive_hosts_kb, &ad_finished))
1515 {
1516 fork_sleep (1);
1517 }
1518
1521 {
1522 struct in6_addr hostip;
1523 char ip_str[INET6_ADDRSTRLEN];
1524 int flag_set;
1525
1526 gvm_host_get_addr6 (host, &hostip);
1527 addr6_to_str (&hostip, ip_str);
1528
1529 // Re-add host at the end of the queue and reallocate the flag
1530 // if it was already set.
1531 flag_set = finish_signal_on_queue (alive_hosts_kb);
1532
1533 put_host_on_queue (alive_hosts_kb, ip_str);
1534 g_debug ("Reallocating the host %s at the end of the queue",
1535 ip_str);
1536
1537 gvm_host_free (host);
1538 host = NULL;
1539
1540 if (flag_set)
1541 {
1542 g_debug ("Reallocating finish signal in the host queue");
1543 realloc_finish_signal_on_queue (alive_hosts_kb);
1544 }
1545 }
1546 else
1547 break;
1548 }
1549
1551 {
1552 alive_buf = host;
1554 gvm_host_free (alive_buf);
1555 alive_buf = NULL;
1556 }
1557
1559 gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
1560 else
1561 g_debug ("%s: got NULL host, stop/finish scan", __func__);
1562 }
1563 else
1564 {
1566 }
1567 g_free (host_str);
1568 }
1569
1570 /* Every host is being tested... We have to wait for the processes
1571 * to terminate. */
1574 killpg (getpid (), SIGUSR1);
1575
1576 g_debug ("Test complete");
1577
1578scan_stop:
1579 /* Free the memory used by the files uploaded by the user, if any. */
1580 files = globals->files_translation;
1581 if (files)
1582 g_hash_table_destroy (files);
1583
1584stop:
1585
1586 if (test_alive_hosts_only)
1587 {
1588 int err;
1589 void *retval;
1590
1591 kb_lnk_reset (alive_hosts_kb);
1592 g_debug ("%s: free alive detection data ", __func__);
1593
1594 /* need to wait for alive detection to finish */
1595 g_debug ("%s: waiting for alive detection thread to be finished...",
1596 __func__);
1597 /* Join alive detection thread. */
1598 err = pthread_join (get_alive_detection_tid (), &retval);
1599 if (err == EDEADLK)
1600 g_debug ("%s: pthread_join() returned EDEADLK.", __func__);
1601 if (err == EINVAL)
1602 g_debug ("%s: pthread_join() returned EINVAL.", __func__);
1603 if (err == ESRCH)
1604 g_debug ("%s: pthread_join() returned ESRCH.", __func__);
1605 if (retval == PTHREAD_CANCELED)
1606 g_debug ("%s: pthread_join() returned PTHREAD_CANCELED.", __func__);
1607 /* Set flag signaling that alive deteciton thread was joined. */
1608 if (err == 0)
1609 ad_thread_joined (TRUE);
1610 g_debug ("%s: Finished waiting for alive detection thread.", __func__);
1611 }
1612
1613 plugins_scheduler_free (sched);
1614
1615 gettimeofday (&now, NULL);
1616 if (test_alive_hosts_only)
1617 g_message ("Vulnerability scan %s finished in %ld seconds: "
1618 "%d alive hosts of %d",
1619 globals->scan_id, now.tv_sec - then.tv_sec,
1620 gvm_hosts_count (alive_hosts_list), gvm_hosts_count (hosts));
1621 else
1622 g_message ("Vulnerability scan %s finished in %ld seconds: %d hosts",
1623 globals->scan_id, now.tv_sec - then.tv_sec,
1624 gvm_hosts_count (hosts));
1625
1626 gvm_hosts_free (hosts);
1627 if (alive_hosts_list)
1628 gvm_hosts_free (alive_hosts_list);
1629
1631}
static void attack_start(struct ipc_context *ipcc, struct attack_start_args *args)
Set up some data and jump into attack_host()
Definition: attack.c:917
static int apply_hosts_reverse_lookup_preferences(gvm_hosts_t *hosts)
Definition: attack.c:1087
static void check_deprecated_prefs(void)
Check if any deprecated prefs are in pref table and print warning.
Definition: attack.c:819
static int connect_main_kb(kb_t *main_kb)
Connect to the main kb. Must be released with kb_lnk_reset() after use.
Definition: attack.c:95
static void apply_hosts_preferences_ordering(gvm_hosts_t *hosts)
Definition: attack.c:1064
static void message_to_client(kb_t kb, const char *msg, const char *ip_str, const char *port, const char *type)
Definition: attack.c:222
static gboolean ad_thread_joined(gboolean joined)
Set and get if alive detection thread was already joined by main thread.
Definition: attack.c:1179
static void set_scan_status(char *status)
Set scan status. This helps ospd-openvas to identify if a scan crashed or finished cleanly.
Definition: attack.c:134
int host_is_currently_scanned(gvm_host_t *host_to_check)
Returns 1 if the host is being scanned. 0 otherwise.
Definition: hosts.c:271
int hosts_read(void)
Returns -1 if client asked to stop all tests or connection was lost or error. 0 otherwise.
Definition: hosts.c:253
void plugins_scheduler_free(plugins_scheduler_t sched)
Definition: pluginscheduler.c:518
plugins_scheduler_t plugins_scheduler_init(const char *plugins_list, int autoload, int *error)
Definition: pluginscheduler.c:302
pid_t create_ipc_process(ipc_process_func func, void *args)
initializes a communication channels and calls a function with a new process
Definition: processes.c:195
Definition: attack.c:74
Definition: pluginscheduler.c:37
References ad_thread_joined(), apply_hosts_excluded(), apply_hosts_preferences_ordering(), apply_hosts_reverse_lookup_preferences(), attack_start(), check_deprecated_prefs(), check_kb_access(), connect_main_kb(), create_ipc_process(), scan_globals::files_translation, fork_sleep(), get_alive_detection_tid(), get_max_checks_number(), get_max_hosts_number(), attack_start_args::globals, handle_scan_stop_signal(), attack_start_args::host, host_is_currently_scanned(), attack_start_args::host_kb, hosts, hosts_init(), hosts_new(), hosts_read(), hosts_set_pid(), INVALID_TARGET_LIST, KB_RETRY_DELAY, main_kb, MAX_FORK_RETRIES, message_to_client(), openvas_signal, pid, plugins_scheduler_free(), plugins_scheduler_init(), report_kb_failure(), scan_globals::scan_id, scan_is_stopped(), attack_start_args::sched, set_alive_detection_tid(), set_scan_status(), and timeval().
Referenced by openvas().
Here is the call graph for this function:
Here is the caller graph for this function:
