nasl_builtin_synscan.c File Reference
Port scanner Synscan. More...
#include "../misc/bpf_share.h"#include "../misc/network.h"#include "../misc/pcap_openvas.h"#include "../misc/plugutils.h"#include "nasl_builtin_plugins.h"#include "nasl_lex_ctxt.h"#include <arpa/inet.h>#include <gvm/base/logging.h>#include <gvm/base/prefs.h>#include <netinet/ip.h>#include <netinet/tcp.h>#include <stdlib.h>#include <string.h>#include <unistd.h>
Include dependency graph for nasl_builtin_synscan.c:
Go to the source code of this file.
Data Structures | |
| struct | pseudohdr |
| struct | list |
Macros | |
| #define | _BSD_SOURCE 1 |
| #define | _DEFAULT_SOURCE 1 |
| #define | NUM_RETRIES 2 |
| #define | G_LOG_DOMAIN "lib nasl" |
| GLib logging domain. | |
Functions | |
| static int | in_cksum (u_short *p, int n) |
| static unsigned long | maketime () |
| static struct timeval | timeval (unsigned long val) |
| static unsigned long | compute_rtt (unsigned long then) |
| static int | packetdead (unsigned long then) |
| static int | rawsocket (int family) |
| Opens and returns a raw socket. | |
| static int | openbpf (struct in_addr dst, struct in_addr *src, int magic) |
Opens a packet filter, grabs packets from dst to port magic. | |
| static int | v6_openbpf (struct in6_addr *dst, struct in6_addr *src, int magic) |
| static struct list * | get_packet (struct list *l, unsigned short dport) |
| static struct list * | add_packet (struct list *l, unsigned short dport, unsigned long ack) |
If no packet with dport is in list, prepends a "packet" to the. | |
| static struct list * | rm_packet (struct list *l, unsigned short dport) |
| static struct list * | rm_dead_packets (struct list *l, int *retry) |
| static struct tcphdr * | extracttcp (char *pkt, unsigned int len) |
| static struct tcphdr * | v6_extracttcp (char *pkt) |
| static unsigned long | extractack (char *pkt, int len, int family) |
| static unsigned short | extractsport (char *pkt, int len, int family) |
| static int | issynack (char *pkt, int len, int family) |
| static char * | mktcp (struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag) |
| static char * | mktcpv6 (int sport, int dport, unsigned long th_ack, unsigned char flag) |
| static struct list * | sendpacket (int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env) |
| static struct list * | v6_sendpacket (int soc, int bpf, int skip, struct in6_addr *dst, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env) |
| static int | scan (struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt) |
| tree_cell * | plugin_run_synscan (lex_ctxt *lexic) |
Detailed Description
Port scanner Synscan.
Definition in file nasl_builtin_synscan.c.
Macro Definition Documentation
◆ _BSD_SOURCE
| #define _BSD_SOURCE 1 |
Definition at line 13 of file nasl_builtin_synscan.c.
◆ _DEFAULT_SOURCE
| #define _DEFAULT_SOURCE 1 |
Definition at line 15 of file nasl_builtin_synscan.c.
◆ G_LOG_DOMAIN
| #define G_LOG_DOMAIN "lib nasl" |
GLib logging domain.
Definition at line 43 of file nasl_builtin_synscan.c.
◆ NUM_RETRIES
| #define NUM_RETRIES 2 |
Definition at line 37 of file nasl_builtin_synscan.c.
Referenced by rm_dead_packets().
Function Documentation
◆ add_packet()
If no packet with dport is in list, prepends a "packet" to the.
list l.
Definition at line 279 of file nasl_builtin_synscan.c.
280{
282
284 if (ret != NULL)
285 {
286#ifdef SHOW_RETRIES
288#endif
289 ret->retries++;
290 ret->when = ack;
291 return l;
292 }
294
295 ret->next = l;
296 ret->prev = NULL;
299
301 ret->when = ack;
302 ret->retries = 0;
303 return ret;
304}
static struct list * get_packet(struct list *l, unsigned short dport)
Definition nasl_builtin_synscan.c:262
Definition nasl_builtin_synscan.c:249
References list::dport, get_packet(), list::next, list::prev, list::retries, and list::when.
Referenced by sendpacket(), and v6_sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ compute_rtt()
|
static |
Definition at line 121 of file nasl_builtin_synscan.c.
122{
124 unsigned long res;
125 unsigned long a, b;
126
127 a = (unsigned long) ntohl (now);
128 b = (unsigned long) ntohl (then);
129
130 if (b > a)
131 {
132 return 0;
133 }
134 res = a - b;
135 if (res >= (1 << 28))
136 res = 1 << 28;
137
138 return htonl (res);
139}
References maketime().
Referenced by sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ extractack()
|
static |
Definition at line 397 of file nasl_builtin_synscan.c.
398{
399 unsigned long ret;
400 struct tcphdr *tcp;
401 if (family == AF_INET)
403 else
404 tcp = v6_extracttcp (pkt);
405
406 if (tcp == NULL)
407 return -1;
408
409 ret = htonl (ntohl (tcp->th_ack) - 1);
410 return ret;
411}
static struct tcphdr * extracttcp(char *pkt, unsigned int len)
Definition nasl_builtin_synscan.c:375
References extracttcp(), len, and v6_extracttcp().
Referenced by sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ extractsport()
|
static |
Definition at line 414 of file nasl_builtin_synscan.c.
415{
416 struct tcphdr *tcp;
417
418 if (family == AF_INET)
420 else
421 tcp = v6_extracttcp (pkt);
422
423 if (tcp == NULL)
424 return 0;
425
426 return ntohs (tcp->th_sport);
427}
References extracttcp(), len, and v6_extracttcp().
Referenced by sendpacket(), and v6_sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ extracttcp()
|
static |
Definition at line 375 of file nasl_builtin_synscan.c.
376{
377 struct ip *ip;
378 struct tcphdr *tcp;
379
380 ip = (struct ip *) pkt;
382 return NULL;
383
384 tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
385 return tcp;
386}
References len.
Referenced by extractack(), extractsport(), and issynack().
Here is the caller graph for this function:
◆ get_packet()
- Returns
- First pointer to list in l with the given
dport, NULL if no such list item could be found.
Definition at line 262 of file nasl_builtin_synscan.c.
263{
264 while (l != NULL)
265 {
267 return l;
268 else
269 l = l->next;
270 }
271 return NULL;
272}
References list::dport, and list::next.
Referenced by add_packet(), and rm_packet().
Here is the caller graph for this function:
◆ in_cksum()
|
static |
Definition at line 56 of file nasl_builtin_synscan.c.
57{
58 register u_short answer;
59 register unsigned long sum = 0;
60 u_short odd_byte = 0;
61
62 while (n > 1)
63 {
64 sum += *p++;
65 n -= 2;
66 }
67
68 /* mop up an odd byte, if necessary */
69 if (n == 1)
70 {
71 *(u_char *) (&odd_byte) = *(u_char *) p;
72 sum += odd_byte;
73 }
74 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
75 sum += (sum >> 16); /* add carry */
76 answer = (int) ~sum; /* ones-complement, truncate */
77 return (answer);
78}
Referenced by mktcp().
Here is the caller graph for this function:
◆ issynack()
|
static |
Definition at line 430 of file nasl_builtin_synscan.c.
431{
432 struct tcphdr *tcp;
433
434 if (family == AF_INET)
436 else
437 tcp = v6_extracttcp (pkt);
438
439 if (tcp == NULL)
440 return 0;
441
442 return tcp->th_flags == (TH_SYN | TH_ACK);
443}
References extracttcp(), len, and v6_extracttcp().
Referenced by sendpacket(), and v6_sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ maketime()
|
static |
Definition at line 81 of file nasl_builtin_synscan.c.
82{
84 unsigned long ret;
85
86 gettimeofday (&tv, NULL);
87
88 ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
89
90 return htonl (ret);
91}
References timeval().
Referenced by compute_rtt(), packetdead(), sendpacket(), and v6_sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mktcp()
|
static |
Definition at line 446 of file nasl_builtin_synscan.c.
448{
449 static char pkt[sizeof (struct ip) + sizeof (struct tcphdr)];
450 struct ip *ip;
451 struct tcphdr *tcp;
454
455 ip = (struct ip *) (&pkt);
456 ip->ip_hl = 5;
457 ip->ip_v = 4;
458 ip->ip_tos = 0;
459 ip->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
460 ip->ip_id = rand ();
461 ip->ip_off = 0;
462 ip->ip_ttl = 64;
463 ip->ip_p = IPPROTO_TCP;
464 ip->ip_sum = 0;
465 ip->ip_src.s_addr = src.s_addr;
466 ip->ip_dst.s_addr = dst.s_addr;
468
469 tcp = (struct tcphdr *) (&(pkt[sizeof (struct ip)]));
470 tcp->th_sport = htons (sport);
471 tcp->th_dport = htons (dport);
472 tcp->th_seq = th_ack;
473 tcp->th_ack = 0;
474 tcp->th_x2 = 0;
475 tcp->th_off = 5;
476 tcp->th_flags = flag;
477 tcp->th_win = 4096;
478 tcp->th_sum = 0;
479 tcp->th_urp = 0;
480
488 tcp->th_sum =
490
491 return pkt;
492}
Definition nasl_builtin_synscan.c:46
References pseudohdr::daddr, in_cksum(), pseudohdr::length, pseudohdr::protocol, pseudohdr::saddr, and pseudohdr::tcpheader.
Referenced by sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mktcpv6()
|
static |
Definition at line 495 of file nasl_builtin_synscan.c.
496{
497 static char pkt[sizeof (struct tcphdr)];
498 struct tcphdr *tcp;
499
500 tcp = (struct tcphdr *) (&(pkt[0]));
501 tcp->th_sport = htons (sport);
502 tcp->th_dport = htons (dport);
503 tcp->th_ack = htonl (rand ());
504 tcp->th_seq = th_ack;
505 tcp->th_off = 5;
506 tcp->th_flags = flag;
507 tcp->th_win = htons (5760);
508 tcp->th_urp = 0;
509 tcp->th_sum = 2;
510
511 return pkt;
512}
Referenced by v6_sendpacket().
Here is the caller graph for this function:
◆ openbpf()
|
static |
Opens a packet filter, grabs packets from dst to port magic.
- Parameters
-
[out] src in_addr of source. [in] dst Destination. [in] magic Destination port on src to listen to.
- Returns
- A bpf that listens to tcp packets coming from
dstto portmagic.
Definition at line 216 of file nasl_builtin_synscan.c.
217{
218 char *iface;
219 char filter[255];
220 int bpf;
221
222 iface = routethrough (&dst, src);
223 snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
224 inet_ntoa (dst), magic);
225 bpf = bpf_open_live (iface, filter);
226 return bpf;
227}
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:1070
References bpf_open_live(), and routethrough().
Referenced by scan().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ packetdead()
|
static |
Definition at line 142 of file nasl_builtin_synscan.c.
143{
145
146 then = ntohl (then);
147 now = ntohl (now);
148
149 if ((now - then) >= 2 << 28)
150 {
151 return 1;
152 }
153
154 return 0;
155}
References maketime().
Referenced by rm_dead_packets().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ plugin_run_synscan()
Definition at line 778 of file nasl_builtin_synscan.c.
779{
781 unsigned long rtt;
783 struct in_addr *dst;
784 struct in_addr inaddr;
785
786 inaddr.s_addr = dst6->s6_addr32[3];
787 dst = &inaddr;
788
790 return NULL;
791
792 rtt = htonl (1 << 28);
793
794 const char *range = prefs_get ("port_range");
798 return NULL;
799}
static int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
Definition nasl_builtin_synscan.c:676
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition pcap.c:271
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition plugutils.c:1055
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371
Definition scanneraux.h:29
References ARG_INT, islocalhost(), plug_get_host_ip(), plug_set_key(), scan(), and struct_lex_ctxt::script_infos.
Here is the call graph for this function:
◆ rawsocket()
|
static |
Opens and returns a raw socket.
Definition at line 161 of file nasl_builtin_synscan.c.
162{
163 int soc;
164 int opt = 1;
165 int offset = 8;
166
167 if (family == AF_INET)
168 {
169 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
170 if (soc < 0)
171 {
172 perror ("socket ");
173 printf ("error opeinig socket\n");
174 return -1;
175 }
176 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, /*(char *) */ &opt,
177 sizeof (opt))
178 < 0)
179 {
180 perror ("setsockopt ");
181 printf ("error setting socket opt\n");
182 close (soc);
183 return -1;
184 }
185 }
186 else
187 {
188 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
189 if (soc < 0
190 || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
191 sizeof (offset))
192 < 0)
193 {
194 perror ("socket ");
195 printf ("error opening socket\n");
196 if (soc >= 0)
197 close (soc);
198 return -1;
199 }
200 }
201
202 return soc;
203}
Referenced by scan().
Here is the caller graph for this function:
◆ rm_dead_packets()
Definition at line 327 of file nasl_builtin_synscan.c.
328{
331
332 *retry = 0;
333 while (p != NULL)
334 {
337 {
339 {
340#ifdef SHOW_RETRIES
342#endif
343 *retry = p->dport;
344 }
345 else
346 {
347#ifdef SHOW_RTT_REMOVAL
349#endif
352
355 else
356 {
358 {
359 g_free (p);
360 return NULL;
361 }
362 ret = p->next;
363 g_free (p);
364 }
365 }
366 }
367 p = next;
368 }
369 return ret;
370}
References list::dport, list::next, NUM_RETRIES, packetdead(), list::prev, list::retries, and list::when.
Referenced by scan().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ rm_packet()
Definition at line 307 of file nasl_builtin_synscan.c.
308{
311
312 if (p == NULL)
313 return l;
316
319 else
320 ret = p->next;
321
322 g_free (p);
323 return ret;
324}
References list::dport, get_packet(), list::next, and list::prev.
Referenced by sendpacket(), and v6_sendpacket().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ scan()
|
static |
- Returns
- -1 if the socket could not be opened (error), 0 otherwise.
This will send packets to ports not in ports list, will it?
- Todo
- How to do this for ipv6? This causes much scan delay for IPv6.
Definition at line 676 of file nasl_builtin_synscan.c.
678{
679 int num;
680 int soc;
681 int bpf;
682 struct in_addr src;
683 struct in_addr dst;
684 struct in6_addr src6;
685 int magic = 4441 + (rand () % 1200);
686 int skip;
687 int i;
689 int retry;
690 unsigned short *ports;
691 int family;
692
693 dst.s_addr = 0;
694
695 if (IN6_IS_ADDR_V4MAPPED (dst6))
696 {
697 family = AF_INET;
698 dst.s_addr = dst6->s6_addr32[3];
699 soc = rawsocket (AF_INET);
700 }
701 else
702 {
703 family = AF_INET6;
704 soc = rawsocket (AF_INET6);
705 }
706
708
709 if (soc < 0)
710 {
711 printf ("error opening raw socket\n");
712 return -1;
713 }
714
715 if (family == AF_INET)
716 bpf = openbpf (dst, &src, magic);
717 else
718 bpf = v6_openbpf (dst6, &src6, magic);
719 if (bpf < 0)
720 {
721 close (soc);
722 return -1;
723 }
725
727 for (i = 0; i < num; i += 2)
728 {
729 if (family == AF_INET)
730 packets = sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
731 packets, &rtt, 0, env);
732 else
733 packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
734 &rtt, 0, env);
735 if (i + 1 < num)
736 {
737 g_debug ("=====>> Sniffing %u\n", ports[i + 1]);
738 if (family == AF_INET)
739 packets = sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
740 packets, &rtt, 1, env);
741 else
742 packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
743 packets, &rtt, 1, env);
744 }
745 }
746
748 if (family == AF_INET)
749 {
750 while (packets != NULL)
751 {
752 i = 0;
753 retry = 0;
754 packets = rm_dead_packets (packets, &retry);
755 while (retry != 0 && i < 2)
756 {
757 packets = sendpacket (soc, bpf, skip, dst, src, retry, magic,
758 packets, &rtt, 0, env);
759 packets = rm_dead_packets (packets, &retry);
760 i++;
761 }
762 packets = sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
763 &rtt, 1, env);
764 }
765 }
766
767 close (soc);
768 bpf_close (bpf);
769 if (ports != NULL)
770 g_free (ports);
771 if (num >= 65535)
773
774 return 0;
775}
static int v6_openbpf(struct in6_addr *dst, struct in6_addr *src, int magic)
Definition nasl_builtin_synscan.c:230
static struct list * sendpacket(int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition nasl_builtin_synscan.c:520
static struct list * v6_sendpacket(int soc, int bpf, int skip, struct in6_addr *dst, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition nasl_builtin_synscan.c:602
static int openbpf(struct in_addr dst, struct in_addr *src, int magic)
Opens a packet filter, grabs packets from dst to port magic.
Definition nasl_builtin_synscan.c:216
static int rawsocket(int family)
Opens and returns a raw socket.
Definition nasl_builtin_synscan.c:161
static struct list * rm_dead_packets(struct list *l, int *retry)
Definition nasl_builtin_synscan.c:327
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
Definition network.c:2296
References ARG_INT, bpf_close(), bpf_datalink(), get_datalink_size(), getpts(), openbpf(), plug_set_key(), rawsocket(), rm_dead_packets(), sendpacket(), v6_openbpf(), and v6_sendpacket().
Referenced by plugin_run_synscan().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ sendpacket()
|
static |
- Parameters
-
sniff If != 0, "sniff" (listen to incoming packages), else just add packet.
Definition at line 520 of file nasl_builtin_synscan.c.
523{
527 char *res;
528 struct sockaddr_in soca;
530 int family = AF_INET;
531
532 bzero (&soca, sizeof (soca));
533 soca.sin_family = AF_INET;
534 soca.sin_addr = dst;
535
536 rtt_tv.tv_sec *= 1000;
537 rtt_tv.tv_sec /= 8;
538
539 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
540 rtt_tv.tv_sec /= 1000;
541 if (rtt_tv.tv_sec >= 1)
542 {
543 rtt_tv.tv_sec = 1;
544 rtt_tv.tv_usec = 0;
545 }
546
547 if (dport != 0)
548 {
549 int e;
550 packets = add_packet (packets, dport, ack);
551 e = sendto (soc, pkt, sizeof (struct ip) + sizeof (struct tcphdr), 0,
552 (struct sockaddr *) &soca, sizeof (soca));
553 if (e < 0)
554 {
555 perror ("sendto ");
556 close (soc);
557 bpf_close (bpf);
558 return NULL;
559 }
560 }
561 if (sniff != 0)
562 {
563 again:
565 if (res != NULL)
566 {
570 if (synack)
571 {
572 char *rst;
574 /* Send a RST to make sure the connection is closed on the remote
575 * side */
576 rst = mktcp (src, magic, dst, sport, ack + 1, TH_RST);
577 if (sendto (soc, rst, sizeof (struct ip) + sizeof (struct tcphdr),
578 0, (struct sockaddr *) &soca, sizeof (soca))
579 < 0)
580 {
581 perror ("sendto ");
582 close (soc);
583 bpf_close (bpf);
584 return NULL;
585 }
586
587 /* Adjust the rtt */
588 *rtt = compute_rtt (rack);
589 if (ntohl (*rtt) >= (1 << 28))
590 *rtt = 1 << 28;
591 }
592 packets = rm_packet (packets, sport);
593 rtt_tv.tv_sec = 0;
594 rtt_tv.tv_usec = 0;
595 goto again;
596 }
597 }
598 return packets;
599}
static char * mktcp(struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)
Definition nasl_builtin_synscan.c:446
static struct list * add_packet(struct list *l, unsigned short dport, unsigned long ack)
If no packet with dport is in list, prepends a "packet" to the.
Definition nasl_builtin_synscan.c:279
static unsigned long extractack(char *pkt, int len, int family)
Definition nasl_builtin_synscan.c:397
static struct list * rm_packet(struct list *l, unsigned short dport)
Definition nasl_builtin_synscan.c:307
static unsigned long compute_rtt(unsigned long then)
Definition nasl_builtin_synscan.c:121
static unsigned short extractsport(char *pkt, int len, int family)
Definition nasl_builtin_synscan.c:414
void scanner_add_port(struct script_infos *args, int port, char *proto)
Definition plugutils.c:1146
References add_packet(), bpf_close(), bpf_next_tv(), compute_rtt(), list::dport, extractack(), extractsport(), issynack(), len, maketime(), mktcp(), rm_packet(), scanner_add_port(), and timeval().
Referenced by scan().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ timeval()
|
static |
Definition at line 94 of file nasl_builtin_synscan.c.
95{
97 unsigned int h, l;
98
100
101 h = (val & 0xF0000000) >> 28;
102 l = (val & 0x0FFFFFFF) << 4;
103
104 ret.tv_sec = h;
105 ret.tv_usec = l;
106 while (ret.tv_usec >= 1000000)
107 {
108 ret.tv_usec -= 1000000;
109 ret.tv_sec++;
110 }
111
112 if (ret.tv_sec > 2)
113 {
114 ret.tv_sec = 2;
115 ret.tv_usec = 0;
116 }
117 return ret;
118}
References timeval(), and val.
Referenced by attack_network(), attack_start(), banner_grab(), bpf_next(), bpf_next_tv(), calculate_eta(), capture_next_frame(), capture_next_packet(), capture_next_v6_packet(), do_reseed_ntlmssp(), GetTimeOfDay_ntlmssp(), maketime(), nasl_gettimeofday(), nasl_open_privileged_socket(), nasl_pcap_next(), nasl_recv(), nasl_send_capture(), nasl_tcp_ping(), nasl_tcp_v6_ping(), nsend(), open_socket(), open_SSL_connection(), plugin_do_run(), plugins_reload_from_dir(), read_stream_connection_unbuffered(), sendpacket(), socket_ssl_do_handshake(), timeval(), update_running_processes(), v6_sendpacket(), wait_before_next_probe(), and write_stream_connection4().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ v6_extracttcp()
|
static |
Definition at line 389 of file nasl_builtin_synscan.c.
390{
391 struct tcphdr *tcp;
392 tcp = (struct tcphdr *) (pkt + 40);
393 return tcp;
394}
Referenced by extractack(), extractsport(), and issynack().
Here is the caller graph for this function:
◆ v6_openbpf()
|
static |
Definition at line 230 of file nasl_builtin_synscan.c.
231{
232 char *iface;
233 char filter[255];
235 int bpf;
236
237 iface = v6_routethrough (dst, src);
238
239 snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
241 bpf = bpf_open_live (iface, filter);
242 if (bpf < 0)
243 printf ("bpf_open_live returned error\n");
244 return bpf;
245}
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:851
References bpf_open_live(), hostname, and v6_routethrough().
Referenced by scan().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ v6_sendpacket()
|
static |
Definition at line 602 of file nasl_builtin_synscan.c.
605{
609 char *res;
610 struct sockaddr_in6 soca;
612
613 bzero (&soca, sizeof (soca));
614 soca.sin6_family = AF_INET6;
615 memcpy (&soca.sin6_addr, dst, sizeof (struct in6_addr));
616 rtt_tv.tv_sec *= 1000;
617 rtt_tv.tv_sec /= 8;
618
619 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
620 rtt_tv.tv_sec /= 1000;
621 if (rtt_tv.tv_sec >= 1)
622 {
623 rtt_tv.tv_sec = 1;
624 rtt_tv.tv_usec = 0;
625 }
626
627 if (dport != 0)
628 {
629 int e;
630 packets = add_packet (packets, dport, ack);
631 e = sendto (soc, pkt, sizeof (struct tcphdr), 0,
632 (struct sockaddr *) &soca, sizeof (soca));
633 if (e < 0)
634 {
635 g_message ("sendto error in v6_sendpacket");
636 perror ("sendto ");
637 close (soc);
638 bpf_close (bpf);
639 return NULL;
640 }
641 }
642 if (sniff != 0)
643 {
645 if (res != NULL)
646 {
649 if (synack)
650 {
651 char *rst;
653 /* Send a RST to make sure the connection is closed on the remote
654 * side */
655 rst = mktcpv6 (magic, sport, ack + 1, TH_RST);
656 if (sendto (soc, rst, sizeof (struct tcphdr), 0,
657 (struct sockaddr *) &soca, sizeof (soca))
658 < 0)
659 {
660 perror ("sendto ");
661 close (soc);
662 bpf_close (bpf);
663 return NULL;
664 }
665 }
666 packets = rm_packet (packets, sport);
667 }
668 }
669 return packets;
670}
static char * mktcpv6(int sport, int dport, unsigned long th_ack, unsigned char flag)
Definition nasl_builtin_synscan.c:495
References add_packet(), bpf_close(), bpf_next(), list::dport, extractsport(), issynack(), len, maketime(), mktcpv6(), rm_packet(), scanner_add_port(), and timeval().
Referenced by scan().
Here is the call graph for this function:
Here is the caller graph for this function:
