Port scanner Synscan. More...

#include "../misc/bpf_share.h"
#include "../misc/network.h"
#include "../misc/pcap_openvas.h"
#include "../misc/plugutils.h"
#include "nasl_builtin_plugins.h"
#include "nasl_lex_ctxt.h"
#include <arpa/inet.h>
#include <gvm/base/logging.h>
#include <gvm/base/prefs.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

Include dependency graph for nasl_builtin_synscan.c:

Go to the source code of this file.

Data Structures
struct	pseudohdr

struct	list

Macros
#define	_BSD_SOURCE 1

#define	_DEFAULT_SOURCE 1

#define	NUM_RETRIES 2

#define	G_LOG_DOMAIN "lib nasl"
	GLib logging domain.

Functions
static int	in_cksum (u_short *p, int n)

static unsigned long	maketime ()

static struct timeval	timeval (unsigned long val)

static unsigned long	compute_rtt (unsigned long then)

static int	packetdead (unsigned long then)

static int	rawsocket (int family)
	Opens and returns a raw socket.

static int	openbpf (struct in_addr dst, struct in_addr *src, int magic)
	Opens a packet filter, grabs packets from `dst` to port `magic`.

static int	v6_openbpf (struct in6_addr dst, struct in6_addr src, int magic)

static struct list *	get_packet (struct list *l, unsigned short dport)

static struct list *	add_packet (struct list *l, unsigned short dport, unsigned long ack)
	If no packet with `dport` is in list, prepends a "packet" to the.

static struct list *	rm_packet (struct list *l, unsigned short dport)

static struct list *	rm_dead_packets (struct list l, int retry)

static struct tcphdr *	extracttcp (char *pkt, unsigned int len)

static struct tcphdr *	v6_extracttcp (char *pkt)

static unsigned long	extractack (char *pkt, int len, int family)

static unsigned short	extractsport (char *pkt, int len, int family)

static int	issynack (char *pkt, int len, int family)

static char *	mktcp (struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)

static char *	mktcpv6 (int sport, int dport, unsigned long th_ack, unsigned char flag)

static struct list *	sendpacket (int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list packets, unsigned long rtt, int sniff, struct script_infos *env)

static struct list *	v6_sendpacket (int soc, int bpf, int skip, struct in6_addr dst, int dport, int magic, struct list packets, unsigned long rtt, int sniff, struct script_infos env)

static int	scan (struct script_infos env, char portrange, struct in6_addr *dst6, unsigned long rtt)

tree_cell *	plugin_run_synscan (lex_ctxt *lexic)

Detailed Description

Port scanner Synscan.

Definition in file nasl_builtin_synscan.c.

Macro Definition Documentation

◆ _BSD_SOURCE

#define _BSD_SOURCE 1

Definition at line 13 of file nasl_builtin_synscan.c.

◆ _DEFAULT_SOURCE

#define _DEFAULT_SOURCE 1

Definition at line 15 of file nasl_builtin_synscan.c.

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN "lib nasl"

GLib logging domain.

Definition at line 43 of file nasl_builtin_synscan.c.

◆ NUM_RETRIES

#define NUM_RETRIES 2

Definition at line 37 of file nasl_builtin_synscan.c.

Function Documentation

◆ add_packet()

static struct list * add_packet	(	struct list *	l,
		unsigned short	dport,
		unsigned long	ack
	)

static

If no packet with dport is in list, prepends a "packet" to the.

list l.

Definition at line 279 of file nasl_builtin_synscan.c.

{
  struct list *ret;
 
  ret = get_packet (l, dport);
  if (ret != NULL)
    {
#ifdef SHOW_RETRIES
      printf ("RETRIES FOR %d = %d\n", dport, ret->retries);
#endif
      ret->retries++;
      ret->when = ack;
      return l;
    }
  ret = g_malloc0 (sizeof (struct list));
 
  ret->next = l;
  ret->prev = NULL;
  if (ret->next != NULL)
    ret->next->prev = ret;
 
  ret->dport = dport;
  ret->when = ack;
  ret->retries = 0;
  return ret;
}

References list::dport, get_packet(), list::next, list::prev, list::retries, and list::when.

Referenced by sendpacket(), and v6_sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ compute_rtt()

static unsigned long compute_rtt ( unsigned long then )

static

Definition at line 121 of file nasl_builtin_synscan.c.

{
  unsigned long now = maketime ();
  unsigned long res;
  unsigned long a, b;
 
  a = (unsigned long) ntohl (now);
  b = (unsigned long) ntohl (then);
 
  if (b > a)
    {
      return 0;
    }
  res = a - b;
  if (res >= (1 << 28))
    res = 1 << 28;
 
  return htonl (res);
}

References maketime().

Referenced by sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ extractack()

static unsigned long extractack	(	char *	pkt,
		int	len,
		int	family
	)

static

Definition at line 397 of file nasl_builtin_synscan.c.

{
  unsigned long ret;
  struct tcphdr *tcp;
  if (family == AF_INET)
    tcp = extracttcp (pkt, len);
  else
    tcp = v6_extracttcp (pkt);
 
  if (tcp == NULL)
    return -1;
 
  ret = htonl (ntohl (tcp->th_ack) - 1);
  return ret;
}

References extracttcp(), len, and v6_extracttcp().

Referenced by sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ extractsport()

static unsigned short extractsport	(	char *	pkt,
		int	len,
		int	family
	)

static

Definition at line 414 of file nasl_builtin_synscan.c.

{
  struct tcphdr *tcp;
 
  if (family == AF_INET)
    tcp = extracttcp (pkt, len);
  else
    tcp = v6_extracttcp (pkt);
 
  if (tcp == NULL)
    return 0;
 
  return ntohs (tcp->th_sport);
}

References extracttcp(), len, and v6_extracttcp().

Referenced by sendpacket(), and v6_sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ extracttcp()

static struct tcphdr * extracttcp	(	char *	pkt,
		unsigned int	len
	)

static

Definition at line 375 of file nasl_builtin_synscan.c.

{
  struct ip *ip;
  struct tcphdr *tcp;
 
  ip = (struct ip *) pkt;
  if (ip->ip_hl * 4 + sizeof (struct tcphdr) > len)
    return NULL;
 
  tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
  return tcp;
}

References len.

Referenced by extractack(), extractsport(), and issynack().

Here is the caller graph for this function:

◆ get_packet()

static struct list * get_packet	(	struct list *	l,
		unsigned short	dport
	)

static

Returns: First pointer to list in l with the given dport , NULL if no such list item could be found.

Definition at line 262 of file nasl_builtin_synscan.c.

{
  while (l != NULL)
    {
      if (l->dport == dport)
        return l;
      else
        l = l->next;
    }
  return NULL;
}

References list::dport, and list::next.

Referenced by add_packet(), and rm_packet().

Here is the caller graph for this function:

◆ in_cksum()

static int in_cksum	(	u_short *	p,
		int	n
	)

static

Definition at line 56 of file nasl_builtin_synscan.c.

{
  register u_short answer;
  register unsigned long sum = 0;
  u_short odd_byte = 0;
 
  while (n > 1)
    {
      sum += *p++;
      n -= 2;
    }
 
  /* mop up an odd byte, if necessary */
  if (n == 1)
    {
      *(u_char *) (&odd_byte) = *(u_char *) p;
      sum += odd_byte;
    }
  sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
  sum += (sum >> 16);                 /* add carry */
  answer = (int) ~sum;                /* ones-complement, truncate */
  return (answer);
}

Referenced by mktcp().

Here is the caller graph for this function:

◆ issynack()

static int issynack	(	char *	pkt,
		int	len,
		int	family
	)

static

Definition at line 430 of file nasl_builtin_synscan.c.

{
  struct tcphdr *tcp;
 
  if (family == AF_INET)
    tcp = extracttcp (pkt, len);
  else
    tcp = v6_extracttcp (pkt);
 
  if (tcp == NULL)
    return 0;
 
  return tcp->th_flags == (TH_SYN | TH_ACK);
}

References extracttcp(), len, and v6_extracttcp().

Referenced by sendpacket(), and v6_sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ maketime()

static unsigned long maketime ( )

static

Definition at line 81 of file nasl_builtin_synscan.c.

{
  struct timeval tv;
  unsigned long ret;
 
  gettimeofday (&tv, NULL);
 
  ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
 
  return htonl (ret);
}

References timeval().

Referenced by compute_rtt(), packetdead(), sendpacket(), and v6_sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mktcp()

static char * mktcp	(	struct in_addr	src,
		int	sport,
		struct in_addr	dst,
		int	dport,
		unsigned long	th_ack,
		unsigned char	flag
	)

static

Definition at line 446 of file nasl_builtin_synscan.c.

{
  static char pkt[sizeof (struct ip) + sizeof (struct tcphdr)];
  struct ip *ip;
  struct tcphdr *tcp;
  struct pseudohdr pseudohdr;
  char tcpsumdata[sizeof (pseudohdr)];
 
  ip = (struct ip *) (&pkt);
  ip->ip_hl = 5;
  ip->ip_v = 4;
  ip->ip_tos = 0;
  ip->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
  ip->ip_id = rand ();
  ip->ip_off = 0;
  ip->ip_ttl = 64;
  ip->ip_p = IPPROTO_TCP;
  ip->ip_sum = 0;
  ip->ip_src.s_addr = src.s_addr;
  ip->ip_dst.s_addr = dst.s_addr;
  ip->ip_sum = in_cksum ((u_short *) pkt, sizeof (struct ip));
 
  tcp = (struct tcphdr *) (&(pkt[sizeof (struct ip)]));
  tcp->th_sport = htons (sport);
  tcp->th_dport = htons (dport);
  tcp->th_seq = th_ack;
  tcp->th_ack = 0;
  tcp->th_x2 = 0;
  tcp->th_off = 5;
  tcp->th_flags = flag;
  tcp->th_win = 4096;
  tcp->th_sum = 0;
  tcp->th_urp = 0;
 
  bzero (&pseudohdr, sizeof (pseudohdr));
  pseudohdr.saddr.s_addr = src.s_addr;
  pseudohdr.daddr.s_addr = dst.s_addr;
  pseudohdr.protocol = IPPROTO_TCP;
  pseudohdr.length = htons (sizeof (struct tcphdr));
  bcopy ((char *) tcp, (char *) &pseudohdr.tcpheader, sizeof (struct tcphdr));
  bcopy (&pseudohdr, tcpsumdata, sizeof (struct pseudohdr));
  tcp->th_sum =
    in_cksum ((unsigned short *) tcpsumdata, 12 + sizeof (struct tcphdr));
 
  return pkt;
}

References pseudohdr::daddr, in_cksum(), pseudohdr::length, pseudohdr::protocol, pseudohdr::saddr, and pseudohdr::tcpheader.

Referenced by sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mktcpv6()

static char * mktcpv6	(	int	sport,
		int	dport,
		unsigned long	th_ack,
		unsigned char	flag
	)

static

Definition at line 495 of file nasl_builtin_synscan.c.

{
  static char pkt[sizeof (struct tcphdr)];
  struct tcphdr *tcp;
 
  tcp = (struct tcphdr *) (&(pkt[0]));
  tcp->th_sport = htons (sport);
  tcp->th_dport = htons (dport);
  tcp->th_ack = htonl (rand ());
  tcp->th_seq = th_ack;
  tcp->th_off = 5;
  tcp->th_flags = flag;
  tcp->th_win = htons (5760);
  tcp->th_urp = 0;
  tcp->th_sum = 2;
 
  return pkt;
}

Referenced by v6_sendpacket().

Here is the caller graph for this function:

◆ openbpf()

static int openbpf	(	struct in_addr	dst,
		struct in_addr *	src,
		int	magic
	)

static

Opens a packet filter, grabs packets from dst to port magic.

Parameters

[out]	src	in_addr of source.
[in]	dst	Destination.
[in]	magic	Destination port on src to listen to.

Returns: A bpf that listens to tcp packets coming from dst to port magic.

Definition at line 216 of file nasl_builtin_synscan.c.

{
  char *iface;
  char filter[255];
  int bpf;
 
  iface = routethrough (&dst, src);
  snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
            inet_ntoa (dst), magic);
  bpf = bpf_open_live (iface, filter);
  return bpf;
}

References bpf_open_live(), and routethrough().

Referenced by scan().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ packetdead()

static int packetdead ( unsigned long then )

static

Definition at line 142 of file nasl_builtin_synscan.c.

{
  unsigned long now = maketime ();
 
  then = ntohl (then);
  now = ntohl (now);
 
  if ((now - then) >= 2 << 28)
    {
      return 1;
    }
 
  return 0;
}

References maketime().

Referenced by rm_dead_packets().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ plugin_run_synscan()

tree_cell * plugin_run_synscan ( lex_ctxt * lexic )

Definition at line 778 of file nasl_builtin_synscan.c.

{
  struct script_infos *env = lexic->script_infos;
  unsigned long rtt;
  struct in6_addr *dst6 = plug_get_host_ip (env);
  struct in_addr *dst;
  struct in_addr inaddr;
 
  inaddr.s_addr = dst6->s6_addr32[3];
  dst = &inaddr;
 
  if (islocalhost (dst))
    return NULL;
 
  rtt = htonl (1 << 28);
 
  const char *range = prefs_get ("port_range");
  scan (env, (char *) range, dst6, rtt);
  plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
  plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void *) 1);
  return NULL;
}

References ARG_INT, islocalhost(), plug_get_host_ip(), plug_set_key(), scan(), and struct_lex_ctxt::script_infos.

Here is the call graph for this function:

◆ rawsocket()

static int rawsocket ( int family )

static

Opens and returns a raw socket.

Definition at line 161 of file nasl_builtin_synscan.c.

{
  int soc;
  int opt = 1;
  int offset = 8;
 
  if (family == AF_INET)
    {
      soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
      if (soc < 0)
        {
          perror ("socket ");
          printf ("error opeinig socket\n");
          return -1;
        }
      if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, /*(char *) */ &opt,
                      sizeof (opt))
          < 0)
        {
          perror ("setsockopt ");
          printf ("error setting socket opt\n");
          close (soc);
          return -1;
        }
    }
  else
    {
      soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
      if (soc < 0
          || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
                         sizeof (offset))
               < 0)
        {
          perror ("socket ");
          printf ("error opening socket\n");
          if (soc >= 0)
            close (soc);
          return -1;
        }
    }
 
  return soc;
}

Referenced by scan().

Here is the caller graph for this function:

◆ rm_dead_packets()

static struct list * rm_dead_packets	(	struct list *	l,
		int *	retry
	)

static

Definition at line 327 of file nasl_builtin_synscan.c.

{
  struct list *ret = l;
  struct list *p = l;
 
  *retry = 0;
  while (p != NULL)
    {
      struct list *next = p->next;
      if (packetdead (p->when))
        {
          if (p->retries < NUM_RETRIES)
            {
#ifdef SHOW_RETRIES
              printf ("Will retry port %d\n", p->dport);
#endif
              *retry = p->dport;
            }
          else
            {
#ifdef SHOW_RTT_REMOVAL
              printf ("Removing port %d (RTT elapsed)\n", p->dport);
#endif
              if (p->next != NULL)
                p->next->prev = p->prev;
 
              if (p->prev != NULL)
                p->prev->next = p->next;
              else
                {
                  if (p->next == NULL)
                    {
                      g_free (p);
                      return NULL;
                    }
                  ret = p->next;
                  g_free (p);
                }
            }
        }
      p = next;
    }
  return ret;
}

References list::dport, list::next, NUM_RETRIES, packetdead(), list::prev, list::retries, and list::when.

Referenced by scan().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rm_packet()

static struct list * rm_packet	(	struct list *	l,
		unsigned short	dport
	)

static

Definition at line 307 of file nasl_builtin_synscan.c.

{
  struct list *ret = l;
  struct list *p = get_packet (l, dport);
 
  if (p == NULL)
    return l;
  if (p->next != NULL)
    p->next->prev = p->prev;
 
  if (p->prev != NULL)
    p->prev->next = p->next;
  else
    ret = p->next;
 
  g_free (p);
  return ret;
}

References list::dport, get_packet(), list::next, and list::prev.

Referenced by sendpacket(), and v6_sendpacket().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ scan()

static int scan	(	struct script_infos *	env,
		char *	portrange,
		struct in6_addr *	dst6,
		unsigned long	rtt
	)

static

Returns: -1 if the socket could not be opened (error), 0 otherwise.

This will send packets to ports not in ports list, will it?

Todo:: How to do this for ipv6? This causes much scan delay for IPv6.

Definition at line 676 of file nasl_builtin_synscan.c.

{
  int num;
  int soc;
  int bpf;
  struct in_addr src;
  struct in_addr dst;
  struct in6_addr src6;
  int magic = 4441 + (rand () % 1200);
  int skip;
  int i;
  struct list *packets = NULL;
  int retry;
  unsigned short *ports;
  int family;
 
  dst.s_addr = 0;
 
  if (IN6_IS_ADDR_V4MAPPED (dst6))
    {
      family = AF_INET;
      dst.s_addr = dst6->s6_addr32[3];
      soc = rawsocket (AF_INET);
    }
  else
    {
      family = AF_INET6;
      soc = rawsocket (AF_INET6);
    }
 
  ports = (unsigned short *) getpts (portrange, &num);
 
  if (soc < 0)
    {
      printf ("error opening raw socket\n");
      return -1;
    }
 
  if (family == AF_INET)
    bpf = openbpf (dst, &src, magic);
  else
    bpf = v6_openbpf (dst6, &src6, magic);
  if (bpf < 0)
    {
      close (soc);
      return -1;
    }
  skip = get_datalink_size (bpf_datalink (bpf));
 
  for (i = 0; i < num; i += 2)
    {
      if (family == AF_INET)
        packets = sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
                              packets, &rtt, 0, env);
      else
        packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
                                 &rtt, 0, env);
      if (i + 1 < num)
        {
          g_debug ("=====>> Sniffing %u\n", ports[i + 1]);
          if (family == AF_INET)
            packets = sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
                                  packets, &rtt, 1, env);
          else
            packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
                                     packets, &rtt, 1, env);
        }
    }
 
  if (family == AF_INET)
    {
      while (packets != NULL)
        {
          i = 0;
          retry = 0;
          packets = rm_dead_packets (packets, &retry);
          while (retry != 0 && i < 2)
            {
              packets = sendpacket (soc, bpf, skip, dst, src, retry, magic,
                                    packets, &rtt, 0, env);
              packets = rm_dead_packets (packets, &retry);
              i++;
            }
          packets = sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
                                &rtt, 1, env);
        }
    }
 
  close (soc);
  bpf_close (bpf);
  if (ports != NULL)
    g_free (ports);
  if (num >= 65535)
    plug_set_key (env, "Host/full_scan", ARG_INT, (void *) 1);
 
  return 0;
}

References ARG_INT, bpf_close(), bpf_datalink(), get_datalink_size(), getpts(), openbpf(), plug_set_key(), rawsocket(), rm_dead_packets(), sendpacket(), v6_openbpf(), and v6_sendpacket().

Referenced by plugin_run_synscan().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ sendpacket()

static struct list * sendpacket	(	int	soc,
		int	bpf,
		int	skip,
		struct in_addr	dst,
		struct in_addr	src,
		int	dport,
		int	magic,
		struct list *	packets,
		unsigned long *	rtt,
		int	sniff,
		struct script_infos *	env
	)

static

Parameters

sniff If != 0, "sniff" (listen to incoming packages), else just add packet.

Definition at line 520 of file nasl_builtin_synscan.c.

{
  unsigned long ack = maketime ();
  char *pkt = mktcp (src, magic, dst, dport, ack, TH_SYN);
  int len;
  char *res;
  struct sockaddr_in soca;
  struct timeval rtt_tv = timeval (*rtt);
  int family = AF_INET;
 
  bzero (&soca, sizeof (soca));
  soca.sin_family = AF_INET;
  soca.sin_addr = dst;
 
  rtt_tv.tv_sec *= 1000;
  rtt_tv.tv_sec /= 8;
 
  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
  rtt_tv.tv_sec /= 1000;
  if (rtt_tv.tv_sec >= 1)
    {
      rtt_tv.tv_sec = 1;
      rtt_tv.tv_usec = 0;
    }
 
  if (dport != 0)
    {
      int e;
      packets = add_packet (packets, dport, ack);
      e = sendto (soc, pkt, sizeof (struct ip) + sizeof (struct tcphdr), 0,
                  (struct sockaddr *) &soca, sizeof (soca));
      if (e < 0)
        {
          perror ("sendto ");
          close (soc);
          bpf_close (bpf);
          return NULL;
        }
    }
  if (sniff != 0)
    {
    again:
      res = (char *) bpf_next_tv (bpf, &len, &rtt_tv);
      if (res != NULL)
        {
          unsigned short sport = extractsport (res + skip, len, family);
          int synack = issynack (res + skip, len, family);
          unsigned int rack = extractack (res + skip, len, family);
          if (synack)
            {
              char *rst;
              scanner_add_port (env, sport, "tcp");
              /* Send a RST to make sure the connection is closed on the remote
               * side */
              rst = mktcp (src, magic, dst, sport, ack + 1, TH_RST);
              if (sendto (soc, rst, sizeof (struct ip) + sizeof (struct tcphdr),
                          0, (struct sockaddr *) &soca, sizeof (soca))
                  < 0)
                {
                  perror ("sendto ");
                  close (soc);
                  bpf_close (bpf);
                  return NULL;
                }
 
              /* Adjust the rtt */
              *rtt = compute_rtt (rack);
              if (ntohl (*rtt) >= (1 << 28))
                *rtt = 1 << 28;
            }
          packets = rm_packet (packets, sport);
          rtt_tv.tv_sec = 0;
          rtt_tv.tv_usec = 0;
          goto again;
        }
    }
  return packets;
}

References add_packet(), bpf_close(), bpf_next_tv(), compute_rtt(), list::dport, extractack(), extractsport(), issynack(), len, maketime(), mktcp(), rm_packet(), scanner_add_port(), and timeval().

Referenced by scan().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ timeval()

static struct timeval timeval ( unsigned long val )

static

Definition at line 94 of file nasl_builtin_synscan.c.

{
  struct timeval ret;
  unsigned int h, l;
 
  val = ntohl (val);
 
  h = (val & 0xF0000000) >> 28;
  l = (val & 0x0FFFFFFF) << 4;
 
  ret.tv_sec = h;
  ret.tv_usec = l;
  while (ret.tv_usec >= 1000000)
    {
      ret.tv_usec -= 1000000;
      ret.tv_sec++;
    }
 
  if (ret.tv_sec > 2)
    {
      ret.tv_sec = 2;
      ret.tv_usec = 0;
    }
  return ret;
}

References timeval(), and val.

Referenced by attack_network(), attack_start(), banner_grab(), bpf_next(), bpf_next_tv(), calculate_eta(), capture_next_frame(), capture_next_packet(), capture_next_v6_packet(), do_reseed_ntlmssp(), maketime(), nasl_gettimeofday(), nasl_open_privileged_socket(), nasl_pcap_next(), nasl_recv(), nasl_send_capture(), nasl_tcp_ping(), nasl_tcp_v6_ping(), nsend(), open_socket(), open_SSL_connection(), plugin_do_run(), plugins_reload_from_dir(), read_stream_connection_unbuffered(), sendpacket(), socket_ssl_do_handshake(), timeval(), update_running_processes(), v6_sendpacket(), wait_before_next_probe(), and write_stream_connection4().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ v6_extracttcp()

static struct tcphdr * v6_extracttcp ( char * pkt )

static

Definition at line 389 of file nasl_builtin_synscan.c.

{
  struct tcphdr *tcp;
  tcp = (struct tcphdr *) (pkt + 40);
  return tcp;
}

Referenced by extractack(), extractsport(), and issynack().

Here is the caller graph for this function:

◆ v6_openbpf()

static int v6_openbpf	(	struct in6_addr *	dst,
		struct in6_addr *	src,
		int	magic
	)

static

Definition at line 230 of file nasl_builtin_synscan.c.

{
  char *iface;
  char filter[255];
  char hostname[INET6_ADDRSTRLEN];
  int bpf;
 
  iface = v6_routethrough (dst, src);
 
  snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
            inet_ntop (AF_INET6, dst, hostname, sizeof (hostname)), magic);
  bpf = bpf_open_live (iface, filter);
  if (bpf < 0)
    printf ("bpf_open_live returned error\n");
  return bpf;
}

References bpf_open_live(), hostname, and v6_routethrough().

Referenced by scan().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ v6_sendpacket()

static struct list * v6_sendpacket	(	int	soc,
		int	bpf,
		int	skip,
		struct in6_addr *	dst,
		int	dport,
		int	magic,
		struct list *	packets,
		unsigned long *	rtt,
		int	sniff,
		struct script_infos *	env
	)

static

Definition at line 602 of file nasl_builtin_synscan.c.

{
  unsigned long ack = maketime ();
  char *pkt = mktcpv6 (magic, dport, ack, TH_SYN);
  int len;
  char *res;
  struct sockaddr_in6 soca;
  struct timeval rtt_tv = timeval (*rtt);
 
  bzero (&soca, sizeof (soca));
  soca.sin6_family = AF_INET6;
  memcpy (&soca.sin6_addr, dst, sizeof (struct in6_addr));
  rtt_tv.tv_sec *= 1000;
  rtt_tv.tv_sec /= 8;
 
  rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
  rtt_tv.tv_sec /= 1000;
  if (rtt_tv.tv_sec >= 1)
    {
      rtt_tv.tv_sec = 1;
      rtt_tv.tv_usec = 0;
    }
 
  if (dport != 0)
    {
      int e;
      packets = add_packet (packets, dport, ack);
      e = sendto (soc, pkt, sizeof (struct tcphdr), 0,
                  (struct sockaddr *) &soca, sizeof (soca));
      if (e < 0)
        {
          g_message ("sendto error in v6_sendpacket");
          perror ("sendto ");
          close (soc);
          bpf_close (bpf);
          return NULL;
        }
    }
  if (sniff != 0)
    {
      res = (char *) bpf_next (bpf, &len);
      if (res != NULL)
        {
          unsigned short sport = extractsport (res + skip, len, AF_INET6);
          int synack = issynack (res + skip, len, AF_INET6);
          if (synack)
            {
              char *rst;
              scanner_add_port (env, sport, "tcp");
              /* Send a RST to make sure the connection is closed on the remote
               * side */
              rst = mktcpv6 (magic, sport, ack + 1, TH_RST);
              if (sendto (soc, rst, sizeof (struct tcphdr), 0,
                          (struct sockaddr *) &soca, sizeof (soca))
                  < 0)
                {
                  perror ("sendto ");
                  close (soc);
                  bpf_close (bpf);
                  return NULL;
                }
            }
          packets = rm_packet (packets, sport);
        }
    }
  return packets;
}

References add_packet(), bpf_close(), bpf_next(), list::dport, extractsport(), issynack(), len, maketime(), mktcpv6(), rm_packet(), scanner_add_port(), and timeval().

Referenced by scan().

Here is the call graph for this function:

Here is the caller graph for this function:

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ _BSD_SOURCE

◆ _DEFAULT_SOURCE

◆ G_LOG_DOMAIN

◆ NUM_RETRIES

Function Documentation

◆ add_packet()

◆ compute_rtt()

◆ extractack()

◆ extractsport()

◆ extracttcp()

◆ get_packet()

◆ in_cksum()

◆ issynack()

◆ maketime()

◆ mktcp()

◆ mktcpv6()

◆ openbpf()

◆ packetdead()

◆ plugin_run_synscan()

◆ rawsocket()

◆ rm_dead_packets()

◆ rm_packet()

◆ scan()

◆ sendpacket()

◆ timeval()

◆ v6_extracttcp()

◆ v6_openbpf()

◆ v6_sendpacket()