nasl_packet_forgery_v6.c File Reference
NASL IPv6 Packet Forgery functions. More...
#include <arpa/inet.h>#include <ctype.h>#include <pcap.h>#include <stdlib.h>#include <string.h>#include <sys/param.h>#include <sys/time.h>#include <unistd.h>#include "../misc/bpf_share.h"#include "../misc/pcap_openvas.h"#include "../misc/plugutils.h"#include "capture_packet.h"#include "exec.h"#include "nasl_debug.h"#include "nasl_func.h"#include "nasl_global_ctxt.h"#include "nasl_lex_ctxt.h"#include "nasl_packet_forgery_v6.h"#include "nasl_raw.h"#include "nasl_socket.h"#include "nasl_tree.h"#include "nasl_var.h"#include <netinet/icmp6.h>
Include dependency graph for nasl_packet_forgery_v6.c:
Go to the source code of this file.
Data Structures | |
| struct | v6pseudohdr |
| struct | tcp_opt_mss |
| struct | tcp_opt_wscale |
| struct | tcp_opt_sack_perm |
| struct | tcp_opt_tstamp |
| struct | tcp_options |
| struct | v6pseudo_udp_hdr |
| struct | v6pseudo_icmp_hdr |
| struct | igmp6_hdr |
Macros | |
| #define | FIX(n) |
| #define | UNFIX(n) |
| #define | rnd_tcp_port() |
Functions | |
| static int | np_in_cksum (u_short *p, int n) |
| tree_cell * | forge_ip_v6_packet (lex_ctxt *lexic) |
| Forge an IPv6 packet. | |
| tree_cell * | get_ip_v6_element (lex_ctxt *lexic) |
| Obtain IPv6 header element. | |
| tree_cell * | set_ip_v6_elements (lex_ctxt *lexic) |
| Set IPv6 header element. | |
| tree_cell * | dump_ip_v6_packet (lex_ctxt *lexic) |
| Print IPv6 Header. | |
| tree_cell * | insert_ip_v6_options (lex_ctxt *lexic) |
| Adds an IPv6 option to the datagram. | |
| struct v6pseudohdr | __attribute__ ((packed)) |
| tree_cell * | forge_tcp_v6_packet (lex_ctxt *lexic) |
| Forge TCP packet. | |
| tree_cell * | get_tcp_v6_element (lex_ctxt *lexic) |
| Get TCP Header element. | |
| static void | get_tcp_options (char *options, struct tcp_options *tcp_all_options) |
| Extract all TCP option from an IP datagram. | |
| tree_cell * | get_tcp_v6_option (lex_ctxt *lexic) |
| Get a TCP option from an IP datagram if present. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one. | |
| tree_cell * | set_tcp_v6_elements (lex_ctxt *lexic) |
| Set TCP Header element. | |
| tree_cell * | insert_tcp_v6_options (lex_ctxt *lexic) |
| Add options to a TCP segment header. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one. | |
| tree_cell * | dump_tcp_v6_packet (lex_ctxt *lexic) |
| Dump TCP part of an IPv6 Datagram. | |
| tree_cell * | forge_udp_v6_packet (lex_ctxt *lexic) |
| tree_cell * | get_udp_v6_element (lex_ctxt *lexic) |
| tree_cell * | set_udp_v6_elements (lex_ctxt *lexic) |
| tree_cell * | dump_udp_v6_packet (lex_ctxt *lexic) |
| tree_cell * | forge_icmp_v6_packet (lex_ctxt *lexic) |
| tree_cell * | get_icmp_v6_element (lex_ctxt *lexic) |
| tree_cell * | dump_icmp_v6_packet (lex_ctxt *lexic) |
| Dump the ICMP part of a IP Datagram. | |
| tree_cell * | forge_igmp_v6_packet (lex_ctxt *lexic) |
| tree_cell * | nasl_tcp_v6_ping (lex_ctxt *lexic) |
| Performs TCP Connect to test if host is alive. | |
| tree_cell * | nasl_send_v6packet (lex_ctxt *lexic) |
| Send forged IPv6 Packets. | |
Variables | |
| struct in6_addr | s6addr |
| struct in6_addr | d6addr |
| u_short | length |
| u_char | zero1 |
| u_char | zero2 |
| u_char | zero3 |
| u_char | protocol |
| struct tcphdr | tcpheader |
| uint8_t | kind |
| uint8_t | len |
| uint16_t | mss |
| uint8_t | wscale |
| uint32_t | tstamp |
| uint32_t | e_tstamp |
| struct tcp_opt_sack_perm | sack_perm |
| struct v6pseudo_udp_hdr | __attribute__ |
Detailed Description
NASL IPv6 Packet Forgery functions.
Provides IPv6 Packet Forgery functionalities The API set offers forgery for,
- TCP
- IPv6
Definition in file nasl_packet_forgery_v6.c.
Macro Definition Documentation
◆ FIX
| #define FIX | ( | n | ) |
Value:
htons (n)
- Todo
- : It still needs to be taken care BSD_BYTE_ORDERING gets here if defined (e.g. by config.h)
Definition at line 62 of file nasl_packet_forgery_v6.c.
Referenced by __attribute__(), forge_icmp_v6_packet(), forge_igmp_v6_packet(), forge_ip_v6_packet(), forge_tcp_v6_packet(), forge_udp_v6_packet(), insert_tcp_v6_options(), nasl_tcp_v6_ping(), set_tcp_v6_elements(), and set_udp_v6_elements().
◆ rnd_tcp_port
| #define rnd_tcp_port | ( | ) |
Value:
(rand () % 65535 + 1024)
Referenced by nasl_tcp_v6_ping().
◆ UNFIX
| #define UNFIX | ( | n | ) |
Value:
ntohs (n)
Definition at line 63 of file nasl_packet_forgery_v6.c.
Referenced by __attribute__(), dump_icmp_v6_packet(), dump_tcp_v6_packet(), get_ip_v6_element(), get_tcp_v6_element(), insert_tcp_v6_options(), and set_tcp_v6_elements().
Function Documentation
◆ __attribute__()
| struct v6pseudohdr __attribute__ | ( | (packed) | ) |
References alloc_typed_cell(), code, CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), TC::size, TC::str_val, UNFIX, TC::x, and zero.
Here is the call graph for this function:
◆ dump_icmp_v6_packet()
Dump the ICMP part of a IP Datagram.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ... IP datagrams to dump the ICMP part from.
Definition at line 2053 of file nasl_packet_forgery_v6.c.
2054{
2055 int i = 0;
2056 u_char *pkt;
2058 {
2059 unsigned int j;
2060 unsigned int limit;
2061 char *c;
2062 struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
2063 struct icmp6_hdr *icmp;
2064 icmp = (struct icmp6_hdr *) (pkt + 40);
2065 limit = get_var_size_by_num (lexic, i - 1);
2066 printf ("------\n");
2067 printf ("\ticmp6_id : %d\n", ntohs (icmp->icmp6_id));
2068 printf ("\ticmp6_code : %d\n", icmp->icmp6_code);
2069 printf ("\ticmp6_type : %u\n", icmp->icmp6_type);
2070 printf ("\ticmp6_seq : %u\n", ntohs (icmp->icmp6_seq));
2071 printf ("\ticmp6_cksum : %d\n", ntohs (icmp->icmp6_cksum));
2072 printf ("\tData : ");
2073 c = (char *) ((char *) icmp + sizeof (struct icmp6_hdr));
2075 for (j = 0;
2077 j++)
2078 printf ("%c", isprint (c[j]) ? c[j] : '.');
2079 printf ("\n");
2080 }
2081 return NULL;
2082}
References get_str_var_by_num(), get_var_size_by_num(), and UNFIX.
Here is the call graph for this function:
◆ dump_ip_v6_packet()
Print IPv6 Header.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ... IPv6 datagrams to dump.
- Returns
- Print and returns FAKE_CELL.
Definition at line 336 of file nasl_packet_forgery_v6.c.
337{
338 int i;
339 char addr[INET6_ADDRSTRLEN];
340
341 for (i = 0;; i++)
342 {
344
345 if (ip6 == NULL)
346 break;
347 else
348 {
349 printf ("------\n");
350 printf ("\tip6_v : %d\n", ntohl (ip6->ip6_flow) >> 28);
351 printf ("\tip6_tc : %d\n", (ntohl (ip6->ip6_flow) >> 20) & 0xff);
352 printf ("\tip6_fl : %d\n", ntohl (ip6->ip6_flow) & 0x3ffff);
354 printf ("\tip6_hlim : %d\n", ip6->ip6_hlim);
355 switch (ip6->ip6_nxt)
356 {
357 case IPPROTO_TCP:
358 printf ("\tip6_nxt : IPPROTO_TCP (%d)\n", ip6->ip6_nxt);
359 break;
360 case IPPROTO_UDP:
361 printf ("\tip6_nxt : IPPROTO_UDP (%d)\n", ip6->ip6_nxt);
362 break;
363 case IPPROTO_ICMPV6:
364 printf ("\tip6_nxt : IPPROTO_ICMPV6 (%d)\n", ip6->ip6_nxt);
365 break;
366 default:
367 printf ("\tip6_nxt : %d\n", ip6->ip6_nxt);
368 break;
369 }
370 printf ("\tip6_src : %s\n",
371 inet_ntop (AF_INET6, &ip6->ip6_src, addr, sizeof (addr)));
372 printf ("\tip6_dst : %s\n",
373 inet_ntop (AF_INET6, &ip6->ip6_dst, addr, sizeof (addr)));
374 printf ("\n");
375 }
376 }
377
379}
References FAKE_CELL, get_str_var_by_num(), and UNFIX.
Here is the call graph for this function:
◆ dump_tcp_v6_packet()
Dump TCP part of an IPv6 Datagram.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ... IPv6 datagrams to dump.
- Returns
- Print and return FAKE_CELL.
Definition at line 1249 of file nasl_packet_forgery_v6.c.
1250{
1251 int i = 0;
1252 u_char *pkt;
1253 int options_len = 0;
1254
1256 {
1257 int a = 0;
1258 struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
1259 struct tcphdr *tcp = (struct tcphdr *) (pkt + 40);
1260 unsigned int j;
1261 unsigned int limit;
1262 char *c;
1263
1264 limit = get_var_size_by_num (lexic, i - 1);
1265
1266 printf ("------\n");
1267 printf ("\tth_sport : %d\n", ntohs (tcp->th_sport));
1268 printf ("\tth_dport : %d\n", ntohs (tcp->th_dport));
1269 printf ("\tth_seq : %u\n", (unsigned int) ntohl (tcp->th_seq));
1270 printf ("\tth_ack : %u\n", (unsigned int) ntohl (tcp->th_ack));
1271 printf ("\tth_x2 : %d\n", tcp->th_x2);
1272 printf ("\tth_off : %d\n", tcp->th_off);
1273 printf ("\tth_flags : ");
1274 if (tcp->th_flags & TH_FIN)
1275 {
1276 printf ("TH_FIN");
1277 a++;
1278 }
1279 if (tcp->th_flags & TH_SYN)
1280 {
1281 if (a)
1282 printf ("|");
1283 printf ("TH_SYN");
1284 a++;
1285 }
1286 if (tcp->th_flags & TH_RST)
1287 {
1288 if (a)
1289 printf ("|");
1290 printf ("TH_RST");
1291 a++;
1292 }
1293 if (tcp->th_flags & TH_PUSH)
1294 {
1295 if (a)
1296 printf ("|");
1297 printf ("TH_PUSH");
1298 a++;
1299 }
1300 if (tcp->th_flags & TH_ACK)
1301 {
1302 if (a)
1303 printf ("|");
1304 printf ("TH_ACK");
1305 a++;
1306 }
1307 if (tcp->th_flags & TH_URG)
1308 {
1309 if (a)
1310 printf ("|");
1311 printf ("TH_URG");
1312 a++;
1313 }
1314 if (!a)
1315 printf ("0");
1316 else
1317 printf (" (%d)", tcp->th_flags);
1318 printf ("\n");
1319 printf ("\tth_win : %d\n", ntohs (tcp->th_win));
1320 printf ("\tth_sum : 0x%x\n", tcp->th_sum);
1321 printf ("\tth_urp : %d\n", tcp->th_urp);
1322
1323 options_len = sizeof (uint8_t) * 4 * (tcp->th_off - 5);
1324
1325 if (options_len > 5) // Options present
1326 {
1327 char *options;
1329
1330 options = (char *) g_malloc0 (options_len);
1331 memcpy (options, (char *) tcp + 20, options_len);
1332
1334 get_tcp_options (options, tcp_all_options);
1335 if (tcp_all_options != NULL)
1336 {
1337 printf ("\tTCP Options:\n");
1338 printf ("\t\tTCPOPT_MAXSEG: %u\n",
1340 printf ("\t\tTCPOPT_WINDOW: %u\n",
1342 printf ("\t\tTCPOPT_SACK_PERMITTED: %u\n",
1344 printf ("\t\tTCPOPT_TIMESTAMP TSval: %u\n",
1346 printf ("\t\tTCPOPT_TIMESTAMP TSecr: %u\n",
1348 }
1349 g_free (options);
1350 g_free (tcp_all_options);
1351 }
1352 printf ("\n\tData : ");
1353 c = (char *) ((char *) tcp + sizeof (struct tcphdr) + options_len);
1355 for (j = 0;
1357 && j < limit;
1358 j++)
1359 printf ("%c", isprint (c[j]) ? c[j] : '.');
1360 printf ("\n");
1361 printf ("\n");
1362 }
1363 return NULL;
1364}
static void get_tcp_options(char *options, struct tcp_options *tcp_all_options)
Extract all TCP option from an IP datagram.
Definition nasl_packet_forgery_v6.c:706
Definition nasl_packet_forgery.c:520
References tcp_opt_tstamp::e_tstamp, get_str_var_by_num(), get_tcp_options(), get_var_size_by_num(), tcp_opt_sack_perm::kind, tcp_opt_mss::mss, tcp_options::mss, tcp_options::sack_perm, tcp_opt_tstamp::tstamp, tcp_options::tstamp, UNFIX, tcp_opt_wscale::wscale, and tcp_options::wscale.
Here is the call graph for this function:
◆ dump_udp_v6_packet()
Definition at line 1661 of file nasl_packet_forgery_v6.c.
1662{
1663 int i = 0;
1664 u_char *pkt;
1666 {
1667 struct udphdr *udp = (struct udphdr *) (pkt + sizeof (struct ip6_hdr));
1668 unsigned int j;
1669 char *c;
1671 printf ("------\n");
1672 printf ("\tuh_sport : %d\n", ntohs (udp->uh_sport));
1673 printf ("\tuh_dport : %d\n", ntohs (udp->uh_dport));
1674 printf ("\tuh_sum : 0x%x\n", udp->uh_sum);
1675 printf ("\tuh_ulen : %d\n", ntohs (udp->uh_ulen));
1676 printf ("\tdata : ");
1677 c = (char *) udp;
1678 if (udp->uh_ulen > sizeof (struct udphdr))
1679 for (j = sizeof (struct udphdr); j < ntohs (udp->uh_ulen) && j < limit;
1680 j++)
1681 printf ("%c", isprint (c[j]) ? c[j] : '.');
1682
1683 printf ("\n");
1684 }
1685 return NULL;
1686}
References get_str_var_by_num(), and get_var_size_by_num().
Here is the call graph for this function:
◆ forge_icmp_v6_packet()
Definition at line 1725 of file nasl_packet_forgery_v6.c.
1726{
1727 tree_cell *retc = NULL;
1728 struct ip6_hdr *ip6;
1729 struct ip6_hdr *ip6_icmp;
1730 int ip6_sz, size = 0, sz = 0;
1731 struct icmp6_hdr *icmp;
1732 struct nd_router_solicit *routersolicit = NULL;
1733 struct nd_router_advert *routeradvert = NULL;
1734 struct nd_neighbor_solicit *neighborsolicit = NULL;
1735 struct nd_neighbor_advert *neighboradvert = NULL;
1736
1737 char *data, *p;
1739 u_char *pkt;
1740 int t;
1743
1744 if (ip6 != NULL)
1745 {
1750 if (40 > ip6_sz)
1751 return NULL;
1752
1753 /* ICMP header size is 8 */
1754 pkt = g_malloc0 (ip6_sz + 8 + len);
1755 ip6_icmp = (struct ip6_hdr *) pkt;
1756
1757 bcopy (ip6, ip6_icmp, ip6_sz);
1758 p = (char *) (pkt + ip6_sz);
1759 icmp = (struct icmp6_hdr *) p;
1760
1762 icmp->icmp6_type = t;
1763
1764 switch (t)
1765 {
1766 case ICMP6_ECHO_REQUEST:
1767 {
1768 if (data != NULL)
1769 bcopy (data, &(p[8]), len);
1772 size = ip6_sz + 8 + len;
1773 sz = 8;
1774 }
1775 break;
1776 case ND_ROUTER_SOLICIT:
1777 {
1778 pkt =
1780 p = (char *) (pkt + ip6_sz);
1781 // Update ip6_icmp because it gets used again below
1782 ip6_icmp = (struct ip6_hdr *) pkt;
1783 routersolicit = (struct nd_router_solicit *) p;
1784 ((struct icmp6_hdr *) routersolicit)->icmp6_type = icmp->icmp6_type;
1785 ((struct icmp6_hdr *) routersolicit)->icmp6_code = icmp->icmp6_code;
1786 ((struct icmp6_hdr *) routersolicit)->icmp6_cksum =
1787 icmp->icmp6_cksum;
1789 sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1790 }
1791 break;
1792 case ND_ROUTER_ADVERT:
1793 {
1794 pkt =
1796 p = (char *) (pkt + ip6_sz);
1797 // Update ip6_icmp because it gets used again below
1798 ip6_icmp = (struct ip6_hdr *) pkt;
1799 // Let routeradvert point to routeradvert location in pkt
1800 routeradvert = (struct nd_router_advert *) p;
1801 // Set icmp6 header members
1802 ((struct icmp6_hdr *) routeradvert)->icmp6_type = icmp->icmp6_type;
1803 ((struct icmp6_hdr *) routeradvert)->icmp6_code = icmp->icmp6_code;
1804 ((struct icmp6_hdr *) routeradvert)->icmp6_cksum =
1805 icmp->icmp6_cksum;
1806 routeradvert->nd_ra_reachable =
1808 routeradvert->nd_ra_retransmit =
1810 routeradvert->nd_ra_curhoplimit = ip6_icmp->ip6_hlim;
1811 routeradvert->nd_ra_flags_reserved =
1814 sz = 5; /*type-1 byte, code-1byte, cksum-2bytes, current
1815 hoplimit-1byte */
1816 }
1817 break;
1818 case ND_NEIGHBOR_SOLICIT:
1819 {
1820 // Make room for nd_neighbor_solicit.nd_ns_target in packet
1821 pkt = g_realloc (pkt, ip6_sz + sizeof (struct nd_neighbor_solicit)
1822 + len);
1823 // Let p point to the start of nd_neighbor_solicit
1824 p = (char *) (pkt + ip6_sz);
1825 // Update ip6_icmp because it gets used again below
1826 ip6_icmp = (struct ip6_hdr *) pkt;
1827 // Fill in user date if provided
1828 if (data != NULL)
1829 memmove (&(p[8 + 16]), data, len);
1830 // Let neighborsolicit point to nd_neighbor_solicit location in pkt
1831 neighborsolicit = (struct nd_neighbor_solicit *) p;
1832 // Set icmp6 header members
1833 ((struct icmp6_hdr *) neighborsolicit)->icmp6_type =
1834 icmp->icmp6_type;
1835 ((struct icmp6_hdr *) neighborsolicit)->icmp6_code =
1836 icmp->icmp6_code;
1837 ((struct icmp6_hdr *) neighborsolicit)->icmp6_cksum =
1838 icmp->icmp6_cksum;
1839 // Set nd_ns_target
1840 memcpy (&neighborsolicit->nd_ns_target, &ip6_icmp->ip6_dst,
1841 sizeof (struct in6_addr)); /*dst ip should be link local */
1843 sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1844 }
1845 break;
1846 case ND_NEIGHBOR_ADVERT:
1847 {
1848 pkt = g_realloc (pkt,
1850 // Update ip6_icmp because it gets used again below
1851 ip6_icmp = (struct ip6_hdr *) pkt;
1852 p = (char *) (pkt + 40);
1853 neighboradvert = (struct nd_neighbor_advert *) p;
1854 // Set icmp6 header members
1855 ((struct icmp6_hdr *) neighboradvert)->icmp6_type =
1856 icmp->icmp6_type;
1857 ((struct icmp6_hdr *) neighboradvert)->icmp6_code =
1858 icmp->icmp6_code;
1859 ((struct icmp6_hdr *) neighboradvert)->icmp6_cksum =
1860 icmp->icmp6_cksum;
1861 neighboradvert->nd_na_flags_reserved =
1863 if (neighboradvert->nd_na_flags_reserved & 0x00000020)
1864 memcpy (
1865 &neighboradvert->nd_na_target, &ip6_icmp->ip6_src,
1866 sizeof (struct in6_addr)); /*dst ip should be link local */
1867 else
1868 {
1871 &neighboradvert->nd_na_target);
1872 else
1873 {
1874 nasl_perror (lexic,
1875 "forge_icmp_v6_packet: missing 'target' "
1876 "parameter required for constructing response "
1877 "to a Neighbor Solicitation\n");
1878 g_free (ip6_icmp);
1879 return NULL;
1880 }
1881 }
1883 sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
1884 }
1885 break;
1886 default:
1887 {
1888 if (t < 0 || t > 255)
1889 {
1891 t);
1892 }
1893 else
1894 {
1895 if (data != NULL)
1896 bcopy (data, &(p[8]), len);
1899 size = ip6_sz + 8 + len;
1900 sz = 8;
1901 }
1902 }
1903 }
1904
1906 {
1908 {
1909 ip6_icmp->ip6_ctlun.ip6_un1.ip6_un1_plen = FIX (size - ip6_sz);
1910 }
1911 }
1913 {
1915 char *icmpsumdata =
1917
1921
1923 pseudohdr.len = htons (size - ip6_sz);
1926 if (data != NULL)
1928 icmp->icmp6_cksum =
1930 g_free (icmpsumdata);
1931 }
1932 else
1933 icmp->icmp6_cksum =
1935 switch (t)
1936 {
1937 case ICMP6_ECHO_REQUEST:
1938 break;
1939 case ND_ROUTER_SOLICIT:
1940 {
1941 routersolicit->nd_rs_hdr.icmp6_cksum = icmp->icmp6_cksum;
1942 }
1943 break;
1944 case ND_ROUTER_ADVERT:
1945 {
1946 routeradvert->nd_ra_hdr.icmp6_cksum = icmp->icmp6_cksum;
1947 }
1948 break;
1949 case ND_NEIGHBOR_SOLICIT:
1950 {
1951 neighborsolicit->nd_ns_hdr.icmp6_cksum = icmp->icmp6_cksum;
1952 }
1953 break;
1954 case ND_NEIGHBOR_ADVERT:
1955 {
1956 neighboradvert->nd_na_hdr.icmp6_cksum = icmp->icmp6_cksum;
1957 }
1958 break;
1959 default:
1960 {
1961 }
1962 }
1963
1965 retc->size = size;
1966 }
1967 else
1969
1970 return retc;
1971}
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition nasl_var.c:1101
struct TC tree_cell
union TC::@332262321161220155002104006201360276211317150140 x
Definition nasl_builtin_synscan.c:46
References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, UNFIX, and TC::x.
Here is the call graph for this function:
◆ forge_igmp_v6_packet()
Definition at line 2110 of file nasl_packet_forgery_v6.c.
2111{
2113
2114 if (ip6 != NULL)
2115 {
2119 struct ip6_hdr *ip6_igmp = (struct ip6_hdr *) pkt;
2121 char *p;
2122 char *grp;
2123 tree_cell *retc;
2125
2126 bcopy (ip6, ip6_igmp, ipsz);
2127
2129 {
2131 if (v != 0)
2132 {
2133 ip6_igmp->ip6_ctlun.ip6_un1.ip6_un1_plen =
2135 }
2136 }
2137 p = (char *) (pkt + 40);
2139
2143
2144 if (grp != NULL)
2145 {
2147 }
2148
2150 if (data != NULL)
2151 {
2153 bcopy (ptmp, data, len);
2154 }
2158 return retc;
2159 }
2160 else
2162
2163 return NULL;
2164}
Definition nasl_packet_forgery_v6.c:2090
Definition nasl_packet_forgery.c:1952
References alloc_typed_cell(), igmp::cksum, igmp::code, CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), igmp::group, len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, igmp::type, UNFIX, and TC::x.
Here is the call graph for this function:
◆ forge_ip_v6_packet()
Forge an IPv6 packet.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] data Data payload [in] ip6_v Version. 6 by default. [in] ip6_tc Traffic class. 0 by default. [in] ip6_fl Flow label. 0 by default. [in] ip6_p IP protocol. 0 by default. [in] ip6_hlim Hop limit. Max. 255. 64 by default. [in] ip6_src Source address. [in] ip6_dst Destination address.
- Returns
- Forged IP packet.
Definition at line 118 of file nasl_packet_forgery_v6.c.
119{
120 tree_cell *retc;
121 struct ip6_hdr *pkt;
122 char *s;
124 struct in6_addr *dst_addr;
125 char *data;
126 int data_len;
127 int version;
128 int tc;
129 int fl;
130
132
133 if (dst_addr == NULL || (IN6_IS_ADDR_V4MAPPED (dst_addr) == 1))
134 return NULL;
135
138
141
142 pkt = (struct ip6_hdr *) g_malloc0 (sizeof (struct ip6_hdr) + data_len);
144
148
149 pkt->ip6_flow = htonl (version << 28 | tc << 20 | fl);
150
154
155 /* source */
157 if (s != NULL)
158 inet_pton (AF_INET6, s, &pkt->ip6_src);
159 /* else this host address? */
160
162 if (s != NULL)
163 inet_pton (AF_INET6, s, &pkt->ip6_dst);
164 else
165 pkt->ip6_dst = *dst_addr;
166
167 if (data != NULL)
168 {
170 }
171
172 /*
173 There is no checksum for ipv6. Only upper layer
174 calculates a checksum using pseudoheader
175 */
176 return retc;
177}
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371
Definition scanneraux.h:29
References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, and TC::x.
Here is the call graph for this function:
◆ forge_tcp_v6_packet()
Forge TCP packet.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ip6 IPv6 packet. [in] data Data. [in] th_sport Source port. 0 by default. [in] th_dport Destination port. 0 by default. [in] th_seq Sequence number. Random by default. [in] th_ack Acknowledgement number. 0 by default. [in] th_x2 0 by default. [in] th_off Data offset. 5 by default. [in] th_flags Flags. 0 by default. [in] th_win Window. 0 by default. [in] th_sum Checksum. Is filled in automatically by default [in] th_urp Urgent pointer. 0 by default.
- Returns
- tree_cell with the forged TCP packet containing IPv6 header.
Definition at line 530 of file nasl_packet_forgery_v6.c.
531{
532 tree_cell *retc;
533 char *data;
535 struct ip6_hdr *ip6, *tcp_packet;
536 struct tcphdr *tcp;
537 int ipsz;
538
540 if (ip6 == NULL)
541 {
542 nasl_perror (lexic,
543 "forge_tcp_v6_packet: You must supply the 'ip6' argument\n");
544 return NULL;
545 }
546
548
549 // Not considering IP Options.
550 if (ipsz != 40)
551 ipsz = 40;
552
555
557 tcp_packet =
560
561 bcopy (ip6, tcp_packet, ipsz);
562 /* Adjust length in ipv6 header */
563 tcp_packet->ip6_ctlun.ip6_un1.ip6_un1_plen =
565 tcp = (struct tcphdr *) ((char *) tcp_packet + 40);
566
577
578 if (data != NULL)
580
581 if (!tcp->th_sum)
582 {
585
586 bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
587 memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
588 memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
589
590 pseudoheader.protocol = IPPROTO_TCP;
592 bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
593 sizeof (struct tcphdr));
594 /* fill tcpsumdata with data to checksum */
596 if (data != NULL)
600 g_free (tcpsumdata);
601 }
602
604 return retc;
605}
Definition nasl_packet_forgery_v6.c:462
References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, v6pseudohdr::length, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, and TC::x.
Here is the call graph for this function:
◆ forge_udp_v6_packet()
Definition at line 1395 of file nasl_packet_forgery_v6.c.
1396{
1397 tree_cell *retc;
1399
1400 if (ip6 != NULL)
1401 {
1404 u_char *pkt;
1405 struct ip6_hdr *udp_packet;
1406 struct udphdr *udp;
1407
1408 pkt = g_malloc0 (sizeof (struct udphdr) + 40 + data_len);
1409 udp_packet = (struct ip6_hdr *) pkt;
1410 udp = (struct udphdr *) (pkt + 40);
1411
1413 bcopy ((char *) ip6, pkt, 40);
1414
1417 udp->uh_ulen = htons (get_int_var_by_name (
1418 lexic, "uh_ulen", data_len + sizeof (struct udphdr)));
1419
1420 if (data_len != 0 && data != NULL)
1421 bcopy (data, (pkt + 40 + sizeof (struct udphdr)), data_len);
1422
1423 if (!udp->uh_sum)
1424 {
1426 char *udpsumdata =
1428
1432
1433 pseudohdr.proto = IPPROTO_UDP;
1436 sizeof (struct udphdr));
1438 if (data != NULL)
1439 {
1441 }
1443 38 + sizeof (struct udphdr) + data_len);
1444 g_free (udpsumdata);
1445 }
1446
1448 {
1450 if (v != 0)
1451 {
1452 udp_packet->ip6_ctlun.ip6_un1.ip6_un1_plen =
1453 FIX (ntohs (udp->uh_ulen));
1454 }
1455 }
1456
1459 retc->size = 8 + 40 + data_len;
1460
1461 return retc;
1462 }
1463 else
1465
1466 return NULL;
1467}
References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), np_in_cksum(), TC::size, TC::str_val, UNFIX, and TC::x.
Here is the call graph for this function:
◆ get_icmp_v6_element()
Definition at line 1984 of file nasl_packet_forgery_v6.c.
1985{
1986 struct icmp6_hdr *icmp;
1987 char *p;
1988
1990 {
1992 int value;
1993 tree_cell *retc;
1994
1995 icmp = (struct icmp6_hdr *) (p + 40);
1996
1997 if (elem == NULL)
1998 {
2000 return NULL;
2001 }
2002
2003 else if (!strcmp (elem, "icmp_code"))
2004 value = icmp->icmp6_code;
2005 else if (!strcmp (elem, "icmp_type"))
2006 value = icmp->icmp6_type;
2007 else if (!strcmp (elem, "icmp_cksum"))
2008 value = ntohs (icmp->icmp6_cksum);
2009 else if (!strcmp (elem, "icmp_id"))
2010 value = ntohs (icmp->icmp6_id);
2011 else if (!strcmp (elem, "icmp_seq"))
2012 value = ntohs (icmp->icmp6_seq);
2013 else if (!strcmp (elem, "data"))
2014 {
2018 {
2021 }
2022 else
2023 {
2025 retc->size = 0;
2026 }
2027 return retc;
2028 }
2029 else
2030 {
2032 __func__, elem);
2033 return NULL;
2034 }
2035
2038 return retc;
2039 }
2040 else
2042
2043 return NULL;
2044}
References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, and TC::x.
Here is the call graph for this function:
◆ get_ip_v6_element()
Obtain IPv6 header element.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ipv6 IPv6 header. TODO: Once versions older than 20.08 are no longer in use the parameter name can be changed to 'ip6'. [in] element Element to extract from the header.
- Returns
- tree_cell with the IP header element.
Definition at line 190 of file nasl_packet_forgery_v6.c.
191{
192 tree_cell *retc;
194 char ret_ascii[INET6_ADDRSTRLEN];
195 int ret_int = 0;
196 int flag = 0;
197 struct ip6_hdr *ip6;
198
199 /* Parameter name 'ipv6' was renamed to 'ip6' for consistency.
200 * For backwards compatibility reasons we still need to consider the 'ipv6'
201 * argument.
202 */
204 if (ip6 == NULL)
205 {
207 if (ip6 == NULL)
208 {
210 return NULL;
211 }
212 }
213
214 if (element == NULL)
215 {
217 return NULL;
218 }
219
220 if (!strcmp (element, "ip6_v"))
221 {
222 ret_int = ntohl (ip6->ip6_flow) >> 28;
223 flag++;
224 }
225 else if (!strcmp (element, "ip6_tc"))
226 {
227 ret_int = (ntohl (ip6->ip6_flow) >> 20) & 0xff;
228 flag++;
229 }
230 else if (!strcmp (element, "ip6_fl"))
231 {
232 ret_int = ntohl (ip6->ip6_flow) & 0x3ffff;
233 flag++;
234 }
235 else if (!strcmp (element, "ip6_plen"))
236 {
237 ret_int = UNFIX (ip6->ip6_plen);
238 flag++;
239 }
240 else if (!strcmp (element, "ip6_nxt"))
241 {
242 ret_int = (ip6->ip6_nxt);
243 flag++;
244 }
245 else if (!strcmp (element, "ip6_hlim"))
246 {
247 ret_int = (ip6->ip6_hlim);
248 flag++;
249 }
250
251 if (flag != 0)
252 {
255 return retc;
256 }
257
258 if (!strcmp (element, "ip6_src"))
259 {
260 inet_ntop (AF_INET6, &ip6->ip6_src, ret_ascii, sizeof (ret_ascii));
261 flag++;
262 }
263 else if (!strcmp (element, "ip6_dst"))
264 {
265 inet_ntop (AF_INET6, &ip6->ip6_dst, ret_ascii, sizeof (ret_ascii));
266 flag++;
267 }
268
269 if (flag == 0)
270 {
272 return NULL;
273 }
274
276 retc->size = strlen (ret_ascii);
278
279 return retc;
280}
References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, UNFIX, and TC::x.
Here is the call graph for this function:
◆ get_tcp_options()
|
static |
Extract all TCP option from an IP datagram.
- Parameters
-
[in] options All options present in the TCP segment. [out] tcp_all_options Container for the options to return.
Definition at line 706 of file nasl_packet_forgery_v6.c.
707{
708 uint8_t *opt_kind;
709 if (options == NULL)
710 return;
711
712 opt_kind = (uint8_t *) options;
713
714 while (*opt_kind != 0)
715 {
716 switch (*opt_kind)
717 {
718 case TCPOPT_MAXSEG:
722 opt_kind = opt_kind + *(opt_kind + 1);
723 break;
724 case TCPOPT_WINDOW:
728 opt_kind = opt_kind + *(opt_kind + 1);
729 break;
730 case TCPOPT_SACK_PERMITTED:
733 opt_kind = opt_kind + *(opt_kind + 1);
734 break;
735 case TCPOPT_TIMESTAMP:
740 opt_kind = opt_kind + *(opt_kind + 1);
741 break;
742 case TCPOPT_EOL:
743 case TCPOPT_NOP:
744 opt_kind++;
745 break;
746 case TCPOPT_SACK: // Not supported
747 opt_kind = opt_kind + *(opt_kind + 1);
748 break;
749 default:
750 g_debug ("%s: Unsupported %u TCP option. "
751 "Not all options are returned.",
752 __func__, *opt_kind);
753 *opt_kind = 0;
754 break;
755 }
756 }
757}
References tcp_opt_tstamp::e_tstamp, tcp_opt_mss::kind, tcp_opt_sack_perm::kind, tcp_opt_tstamp::kind, tcp_opt_wscale::kind, tcp_opt_mss::len, tcp_opt_sack_perm::len, tcp_opt_tstamp::len, tcp_opt_wscale::len, tcp_opt_mss::mss, tcp_options::mss, tcp_options::sack_perm, tcp_opt_tstamp::tstamp, tcp_options::tstamp, tcp_opt_wscale::wscale, and tcp_options::wscale.
Referenced by dump_tcp_v6_packet(), and get_tcp_v6_option().
Here is the caller graph for this function:
◆ get_tcp_v6_element()
Get TCP Header element.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] tcp IPv6 packet [in] element Element to extract from the header (see forge_tcp_v6_packet()).
- Returns
- tree_cell with the forged IP packet.
Definition at line 618 of file nasl_packet_forgery_v6.c.
619{
621 struct ip6_hdr *ip6;
622 int ipsz;
623 struct tcphdr *tcp;
624 char *element;
625 int ret;
626 tree_cell *retc;
627
629
630 if (packet == NULL)
631 {
633 return NULL;
634 }
635
636 ip6 = (struct ip6_hdr *) packet;
637
638 /* valid ipv6 header check */
640 return NULL; /* Invalid packet */
641
642 tcp = (struct tcphdr *) (packet + 40);
643
645 if (!element)
646 {
648 return NULL;
649 }
650
651 if (!strcmp (element, "th_sport"))
652 ret = ntohs (tcp->th_sport);
653 else if (!strcmp (element, "th_dsport"))
654 ret = ntohs (tcp->th_dport);
655 else if (!strcmp (element, "th_seq"))
656 ret = ntohl (tcp->th_seq);
657 else if (!strcmp (element, "th_ack"))
658 ret = ntohl (tcp->th_ack);
659 else if (!strcmp (element, "th_x2"))
660 ret = tcp->th_x2;
661 else if (!strcmp (element, "th_off"))
662 ret = tcp->th_off;
663 else if (!strcmp (element, "th_flags"))
664 ret = tcp->th_flags;
665 else if (!strcmp (element, "th_win"))
666 ret = ntohs (tcp->th_win);
667 else if (!strcmp (element, "th_sum"))
668 ret = tcp->th_sum;
669 else if (!strcmp (element, "th_urp"))
670 ret = tcp->th_urp;
671 else if (!strcmp (element, "data"))
672 {
676 {
677 nasl_perror (lexic,
678 "get_tcp_v6_element: Erroneous tcp header offset %d\n",
679 retc->size);
680 deref_cell (retc);
681 return NULL;
682 }
685 return retc;
686 }
687 else
688 {
690 element);
691 return NULL;
692 }
693
696 return retc;
697}
References alloc_typed_cell(), CONST_DATA, CONST_INT, deref_cell(), get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, UNFIX, and TC::x.
Here is the call graph for this function:
◆ get_tcp_v6_option()
Get a TCP option from an IP datagram if present. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] tcp The full IP datagram (IP + TCP). [in] option Option to get.
- Returns
- Integer or array given the case.
Definition at line 775 of file nasl_packet_forgery_v6.c.
776{
778 struct ip6_hdr *ip6;
779 int ipsz;
780 struct tcphdr *tcp;
781 char *options;
782 int opt;
783 tree_cell *retc;
784 nasl_array *arr;
785 anon_nasl_var v;
786
788
789 if (packet == NULL)
790 {
792 return NULL;
793 }
794
796 if (opt < 0)
797 {
798 nasl_perror (lexic,
799 "%s: No 'option' argument passed but required.\n."
800 "Usage: %s(tcp:<tcp>, option:<TCPOPT>)",
801 __func__, __func__);
802 return NULL;
803 }
804
805 ip6 = (struct ip6_hdr *) packet;
806
807 /* valid ipv6 header check */
810 return NULL; /* Invalid packet */
811
812 tcp = (struct tcphdr *) (packet + 40);
813
814 if (tcp->th_off <= 5)
815 return NULL;
816
817 // Get options from the segment
818 options = (char *) g_malloc0 (sizeof (uint8_t) * 4 * (tcp->th_off - 5));
819 memcpy (options, (char *) tcp + 20, (tcp->th_off - 5) * 4);
820
822 get_tcp_options (options, tcp_all_options);
823 if (tcp_all_options == NULL)
824 {
826 __func__);
827
828 g_free (options);
829 return NULL;
830 }
831
833 retc = NULL;
834 switch (opt)
835 {
836 case TCPOPT_MAXSEG:
839 break;
840 case TCPOPT_WINDOW:
843 break;
844 case TCPOPT_SACK_PERMITTED:
847 break;
848 case TCPOPT_TIMESTAMP:
851
852 memset (&v, 0, sizeof (v));
856
857 memset (&v, 0, sizeof (v));
861 break;
862 default:
864 break;
865 }
866
867 g_free (tcp_all_options);
868 g_free (options);
869 return retc;
870}
int add_var_to_array(nasl_array *a, char *name, const anon_nasl_var *v)
Definition nasl_var.c:1277
struct st_a_nasl_var anon_nasl_var
struct st_nasl_array nasl_array
union st_a_nasl_var::@154137074032032170165360023270032033276061363156 v
References add_var_to_array(), alloc_typed_cell(), CONST_INT, DYN_ARRAY, tcp_opt_tstamp::e_tstamp, get_int_var_by_name(), get_str_var_by_name(), get_tcp_options(), get_var_size_by_name(), TC::i_val, tcp_opt_sack_perm::kind, tcp_opt_mss::mss, tcp_options::mss, nasl_perror(), TC::ref_val, tcp_options::sack_perm, tcp_opt_tstamp::tstamp, tcp_options::tstamp, UNFIX, st_a_nasl_var::v, st_a_nasl_var::v_int, VAR2_INT, st_a_nasl_var::var_type, tcp_opt_wscale::wscale, tcp_options::wscale, and TC::x.
Here is the call graph for this function:
◆ get_udp_v6_element()
Definition at line 1479 of file nasl_packet_forgery_v6.c.
1480{
1481 tree_cell *retc;
1482 char *udp;
1483 char *element;
1484 unsigned int ipsz;
1485 struct udphdr *udphdr;
1486 int ret;
1487
1490
1492 if (udp == NULL || element == NULL)
1493 {
1494 nasl_perror (
1495 lexic, "get_udp_v6_element() usage :\n"
1496 "element = get_udp_v6_element(udp:<udp>,element:<element>\n");
1497 return NULL;
1498 }
1499
1500 if (40 + sizeof (struct udphdr) > ipsz)
1501 return NULL;
1502
1503 udphdr = (struct udphdr *) (udp + 40);
1504 if (!strcmp (element, "uh_sport"))
1505 ret = ntohs (udphdr->uh_sport);
1506 else if (!strcmp (element, "uh_dport"))
1507 ret = ntohs (udphdr->uh_dport);
1508 else if (!strcmp (element, "uh_ulen"))
1509 ret = ntohs (udphdr->uh_ulen);
1510 else if (!strcmp (element, "uh_sum"))
1511 ret = ntohs (udphdr->uh_sum);
1512 else if (!strcmp (element, "data"))
1513 {
1514 int sz;
1516 sz = ntohs (udphdr->uh_ulen) - sizeof (struct udphdr);
1517
1518 if (ntohs (udphdr->uh_ulen) - 40 - sizeof (struct udphdr) > ipsz)
1519 sz = ipsz - 40 - sizeof (struct udphdr);
1520
1522 retc->size = sz;
1524 return retc;
1525 }
1526 else
1527 {
1529 return NULL;
1530 }
1531
1534 return retc;
1535}
References alloc_typed_cell(), CONST_DATA, CONST_INT, get_str_var_by_name(), get_var_size_by_name(), TC::i_val, nasl_perror(), TC::size, TC::str_val, and TC::x.
Here is the call graph for this function:
◆ insert_ip_v6_options()
Adds an IPv6 option to the datagram.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ip6 IPv6 packet. [in] data Data payload. [in] code Code of option. [in] length Length of value. [in] value Value of the option.
- Returns
- the modified datagram.
Definition at line 394 of file nasl_packet_forgery_v6.c.
395{
401 tree_cell *retc;
402 struct ip6_hdr *new_packet;
403 char *p;
405 u_char uc_code, uc_len;
406 int pad_len;
408 int i;
409 int pl;
410
411 if (ip6 == NULL)
412 {
413 nasl_perror (lexic,
414 "Usage : %s(ip6:<ip6>, code:<code>, "
415 "length:<len>, value:<value>\n",
416 __func__);
417 return NULL;
418 }
419
420 pad_len = 4 - ((sizeof (uc_code) + sizeof (uc_len) + value_size) % 4);
421 if (pad_len == 4)
422 pad_len = 0;
423
425 new_packet = g_malloc0 (size + 4 + value_size + pad_len);
426 bcopy (ip6, new_packet, pl);
427
428 uc_code = (u_char) code;
429 uc_len = (u_char) len;
430
431 p = (char *) new_packet;
432 bcopy (&uc_code, p + pl, sizeof (uc_code));
433 bcopy (&uc_len, p + pl + sizeof (uc_code), sizeof (uc_len));
434 bcopy (value, p + pl + sizeof (uc_code) + sizeof (uc_len), value_size);
435
436 zero = 0;
437 for (i = 0; i < pad_len; i++)
438 {
439 bcopy (&zero,
440 p + pl + sizeof (uc_code) + sizeof (uc_len) + value_size + i, 1);
441 }
442
443 p = (char *) ip6;
444 bcopy (p + pl,
445 new_packet
446 + (sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len) + pl,
447 size - pl);
448
449 new_packet->ip6_plen =
451
455
456 return retc;
457}
#define code
◆ insert_tcp_v6_options()
Add options to a TCP segment header. Possible options are: TCPOPT_MAXSEG (2), values between 536 and 65535 TCPOPT_WINDOW (3), with values between 0 and 14 TCPOPT_SACK_PERMITTED (4), no value required. TCPOPT_TIMESTAMP (8), 8 bytes value for timestamp and echo timestamp, 4 bytes each one.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] tcp IP datagram. [in] data (optional) TCP data payload. [in] unnamed option. [in] Value for unnamed option if required.
- Returns
- The modified IP datagram.
Definition at line 999 of file nasl_packet_forgery_v6.c.
1000{
1002 struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
1004 struct tcphdr *tcp;
1005 tree_cell *retc;
1008 char *npkt;
1009 int tcp_opt, tcp_opt_val, tcp_opt_val2;
1010 int current_opt_len, total_opt_len, opt_size_allocated;
1011 char *opts, *ptr_opts_pos;
1012 uint8_t eol, nop;
1013 int i;
1014
1019
1020 if (pkt == NULL)
1021 {
1022 nasl_perror (
1023 lexic, "set_tcp_v6_elements: Invalid value for the argument 'tcp'\n");
1024 return NULL;
1025 }
1026 opts = g_malloc0 (sizeof (char) * 4);
1027 ptr_opts_pos = opts;
1028 opt_size_allocated = 4; // 4 bytes
1029 total_opt_len = 0;
1030 for (i = 0;; i++)
1031 {
1032 tcp_opt = get_int_var_by_num (lexic, i, -1);
1033 current_opt_len = total_opt_len;
1034
1035 if (tcp_opt == -1)
1036 break;
1037
1038 switch (tcp_opt)
1039 {
1040 case TCPOPT_MAXSEG:
1041 tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1042 i++;
1043 if (tcp_opt_val < (int) TCP_MSS_DESIRED || tcp_opt_val > 65535)
1044 {
1046 __func__);
1047 break;
1048 }
1050 total_opt_len += TCPOLEN_MAXSEG;
1051 opt_mss->kind = TCPOPT_MAXSEG;
1052 opt_mss->len = TCPOLEN_MAXSEG;
1054
1055 // Need reallocated memory because options requires it.
1056 if (total_opt_len > opt_size_allocated)
1057 {
1058 opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1059 opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1060 ptr_opts_pos = opts + current_opt_len;
1061 }
1062
1063 memcpy (ptr_opts_pos, (u_char *) opt_mss,
1066 g_free (opt_mss);
1067 break;
1068 case TCPOPT_WINDOW:
1069 tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1070 i++;
1071 if (tcp_opt_val < 0 || tcp_opt_val > 14)
1072 {
1074 __func__);
1075 break;
1076 }
1078 total_opt_len += TCPOLEN_WINDOW;
1079 opt_wscale->kind = TCPOPT_WINDOW;
1080 opt_wscale->len = TCPOLEN_WINDOW;
1081 opt_wscale->wscale = tcp_opt_val;
1082
1083 // Need reallocated memory because options requires it.
1084 if (total_opt_len > opt_size_allocated)
1085 {
1086 opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1087 opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1088 ptr_opts_pos = opts + current_opt_len;
1089 }
1090
1091 memcpy (ptr_opts_pos, (u_char *) opt_wscale,
1094 g_free (opt_wscale);
1095 break;
1096 case TCPOPT_SACK_PERMITTED:
1098 total_opt_len += TCPOLEN_SACK_PERMITTED;
1099 opt_sack_perm->kind = TCPOPT_SACK_PERMITTED;
1100 opt_sack_perm->len = TCPOLEN_SACK_PERMITTED;
1101
1102 // Need reallocated memory because options requires it.
1103 if (total_opt_len > opt_size_allocated)
1104 {
1105 opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1106 opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1107 ptr_opts_pos = opts + current_opt_len;
1108 }
1109
1110 memcpy (ptr_opts_pos, (u_char *) opt_sack_perm,
1113 g_free (opt_sack_perm);
1114 break;
1115 case TCPOPT_TIMESTAMP:
1116 tcp_opt_val = get_int_var_by_num (lexic, i + 1, -1);
1117 tcp_opt_val2 = get_int_var_by_num (lexic, i + 2, -1);
1118 i = i + 2;
1119 if (tcp_opt_val < 0)
1121 __func__);
1123 total_opt_len += TCPOLEN_TIMESTAMP;
1124 opt_tstamp->kind = TCPOPT_TIMESTAMP;
1125 opt_tstamp->len = TCPOLEN_TIMESTAMP;
1126 opt_tstamp->tstamp = htonl (tcp_opt_val);
1127 opt_tstamp->e_tstamp = htonl (tcp_opt_val2);
1128
1129 // Need reallocated memory because options requires it.
1130 if (total_opt_len > opt_size_allocated)
1131 {
1132 opt_size_allocated = ((total_opt_len / 4) + 1) * 4;
1133 opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1134 ptr_opts_pos = opts + current_opt_len;
1135 }
1136
1137 memcpy (ptr_opts_pos, (u_char *) opt_tstamp,
1140 g_free (opt_tstamp);
1141 break;
1142 case TCPOPT_NOP:
1143 case TCPOPT_EOL:
1144 case TCPOPT_SACK: /* Experimental, not supported */
1145 default:
1147 tcp_opt);
1148 break;
1149 }
1150 }
1151
1152 // Add NOP padding and End Of Option list kinds.
1153 current_opt_len = total_opt_len;
1154 eol = TCPOPT_EOL;
1155 nop = TCPOPT_NOP;
1156 if (total_opt_len % 4 == 0)
1157 {
1158 opt_size_allocated = opt_size_allocated + 4;
1159 opts = g_realloc (opts, sizeof (char) * opt_size_allocated);
1160 ptr_opts_pos = opts + total_opt_len;
1161 }
1162 if (current_opt_len < opt_size_allocated - 1)
1163 {
1164 // Add NOPs
1165 for (i = current_opt_len; i < opt_size_allocated - 1; i++)
1166 {
1167 memcpy (ptr_opts_pos, &nop, 1);
1168 total_opt_len++;
1169 ptr_opts_pos++;
1170 }
1171 }
1172 // Add EOL
1173 memcpy (ptr_opts_pos, &eol, 1);
1174
1175 tcp = (struct tcphdr *) (pkt + 40);
1176
1178 {
1179 g_free (opts);
1180 return NULL;
1181 }
1182
1183 if (data_len == 0)
1184 {
1185 data_len = UNFIX (ip6->ip6_plen) - (tcp->th_off * 4);
1186 data = (char *) ((char *) tcp + tcp->th_off * 4);
1187 }
1188
1189 // Alloc enough memory to hold the options
1190 npkt = g_malloc0 (40 + tcp->th_off * 4 + opt_size_allocated + data_len);
1191 memcpy (npkt, pkt, UNFIX (ip6->ip6_plen) + 40);
1192 ip6 = (struct ip6_hdr *) (npkt);
1193 tcp = (struct tcphdr *) (npkt + 40);
1194
1195 // copy options
1196 memcpy ((char *) tcp + tcp->th_off * 4, opts, opt_size_allocated);
1197 tcp->th_off = tcp->th_off + (opt_size_allocated / 4);
1198
1199 memcpy ((char *) tcp + tcp->th_off * 4, data, data_len);
1200
1201 ip6->ip6_plen = FIX (tcp->th_off * 4 + data_len);
1202
1204 char *tcpsumdata =
1206
1207 memset (&pseudoheader, 0, 38 + sizeof (struct tcphdr));
1208 memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
1209 memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
1210
1211 pseudoheader.protocol = IPPROTO_TCP;
1212 pseudoheader.length =
1213 htons (sizeof (struct tcphdr) + opt_size_allocated + data_len);
1214
1215 // Set th_sum to Zero, necessary for the new checksum calculation
1216 tcp->th_sum = 0;
1217
1218 memcpy ((char *) &pseudoheader.tcpheader, (char *) tcp,
1219 sizeof (struct tcphdr));
1220
1221 /* fill tcpsumdata with data to checksum */
1224 opt_size_allocated);
1225 if (data != NULL)
1227 (char *) data, data_len);
1228 tcp->th_sum =
1230 38 + sizeof (struct tcphdr) + opt_size_allocated + data_len);
1231 g_free (opts);
1232 g_free (tcpsumdata);
1233
1235 retc->size = 40 + (tcp->th_off * 4) + data_len;
1237 return retc;
1238}
Definition nasl_packet_forgery.c:492
Definition nasl_packet_forgery.c:506
Definition nasl_packet_forgery.c:512
Definition nasl_packet_forgery.c:499
References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, tcp_opt_tstamp::e_tstamp, FIX, get_int_var_by_num(), get_str_var_by_name(), get_var_size_by_name(), tcp_opt_mss::kind, tcp_opt_sack_perm::kind, tcp_opt_tstamp::kind, tcp_opt_wscale::kind, tcp_opt_mss::len, tcp_opt_sack_perm::len, tcp_opt_tstamp::len, tcp_opt_wscale::len, v6pseudohdr::length, tcp_opt_mss::mss, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, tcp_opt_tstamp::tstamp, UNFIX, tcp_opt_wscale::wscale, and TC::x.
Here is the call graph for this function:
◆ nasl_send_v6packet()
Send forged IPv6 Packets.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ... IPv6 packets to send. [in] length Length of each packet by default. [in] pcap_active TRUE by default. Otherwise, NASL does not listen for the answers. [in] pcap_filter BPF filter. [in] pcap_timeout Capture timeout. 5 by default. [in] allow_multicast Default 0.
- Returns
- tree_cell with the response to the sent packet.
Definition at line 2323 of file nasl_packet_forgery_v6.c.
2324{
2326 int bpf = -1;
2327 u_char *answer;
2328 int answer_sz;
2329 struct sockaddr_in6 sockaddr;
2330 char *ip = NULL;
2331 struct ip6_hdr *sip = NULL;
2333 int soc;
2340 int opt_on = 1;
2342 int allow_multicast = 0;
2343
2344 if (dstip == NULL || (IN6_IS_ADDR_V4MAPPED (dstip) == 1))
2345 return NULL;
2346 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_RAW);
2347 if (soc < 0)
2348 return NULL;
2349
2350 if (setsockopt (soc, IPPROTO_IPV6, IP_HDRINCL, (char *) &opt_on,
2351 sizeof (opt_on))
2352 < 0)
2353 perror ("setsockopt");
2355 {
2358 vi++;
2359
2360 if ((unsigned int) sz < sizeof (struct ip6_hdr))
2361 {
2363 continue;
2364 }
2365
2366 sip = (struct ip6_hdr *) ip;
2367 if (use_pcap != 0 && bpf < 0)
2368 bpf = init_v6_capture_device (sip->ip6_dst, sip->ip6_src, filter);
2369
2370 bzero (&sockaddr, sizeof (struct sockaddr_in6));
2371 sockaddr.sin6_family = AF_INET6;
2372 sockaddr.sin6_addr = sip->ip6_dst;
2373
2374 if (allow_multicast)
2375 {
2376 struct sockaddr_in6 multicast;
2377
2378 if (setsockopt (soc, SOL_SOCKET, SO_BROADCAST, &opt_on,
2379 sizeof (opt_on))
2380 < 0)
2381 perror ("setsockopt ");
2382
2383 bzero (&multicast, sizeof (struct sockaddr_in6));
2384 sockaddr.sin6_family = AF_INET6;
2385 inet_pton (AF_INET6, "ff02::1", &(multicast.sin6_addr));
2386
2387 if (!IN6_ARE_ADDR_EQUAL (&sockaddr.sin6_addr, &multicast.sin6_addr))
2388 allow_multicast = 0;
2389 }
2390
2391 if (dstip != NULL && !IN6_ARE_ADDR_EQUAL (&sockaddr.sin6_addr, dstip)
2392 && !allow_multicast)
2393 {
2394 char txt1[64], txt2[64];
2395 strncpy (
2396 txt1,
2397 inet_ntop (AF_INET6, &sockaddr.sin6_addr, name, INET6_ADDRSTRLEN),
2398 sizeof (txt1));
2399 txt1[sizeof (txt1) - 1] = '\0';
2400 strncpy (txt2, inet_ntop (AF_INET6, dstip, name, INET6_ADDRSTRLEN),
2401 sizeof (txt2));
2402 txt2[sizeof (txt2) - 1] = '\0';
2403 nasl_perror (lexic,
2404 "send_v6packet: malicious or buggy script is trying to "
2405 "send packet to %s instead of designated target %s\n",
2406 txt1, txt2);
2407 if (bpf >= 0)
2408 bpf_close (bpf);
2409 close (soc);
2410 return NULL;
2411 }
2412
2413 if (dfl_len > 0 && dfl_len < sz)
2414 len = dfl_len;
2415 else
2416 len = sz;
2417
2419 sizeof (struct sockaddr_in6));
2420 /* if(b < 0) perror("sendto "); */
2421 if (b >= 0 && use_pcap != 0 && bpf >= 0)
2422 {
2424 {
2425 answer = (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2426 while (
2427 answer != NULL
2428 && (!memcmp (answer, (char *) ip, sizeof (struct ip6_hdr))))
2429 {
2430 g_free (answer);
2431 answer =
2432 (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2433 }
2434 }
2435 else
2436 {
2437 answer = (u_char *) capture_next_v6_packet (bpf, to, &answer_sz);
2438 }
2439 if (answer)
2440 {
2443 retc->size = answer_sz;
2444 break;
2445 }
2446 }
2447 }
2448 if (bpf >= 0)
2449 bpf_close (bpf);
2450 close (soc);
2451 return retc;
2452}
struct ip6_hdr * capture_next_v6_packet(int bpf, int timeout, int *sz)
Definition capture_packet.c:271
int init_v6_capture_device(struct in6_addr src, struct in6_addr dest, char *filter)
Definition capture_packet.c:215
int v6_islocalhost(struct in6_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition pcap.c:234
References alloc_typed_cell(), bpf_close(), capture_next_v6_packet(), CONST_DATA, FAKE_CELL, get_int_var_by_name(), get_str_var_by_name(), get_str_var_by_num(), get_var_size_by_num(), init_v6_capture_device(), len, name, nasl_perror(), plug_get_host_ip(), struct_lex_ctxt::script_infos, TC::size, TC::str_val, v6_islocalhost(), and TC::x.
Here is the call graph for this function:
◆ nasl_tcp_v6_ping()
Performs TCP Connect to test if host is alive.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] port Port to ping. Internal list of common ports is used as default.
- Returns
- tree_cell > 0 if host is alive, 0 otherwise.
Definition at line 2177 of file nasl_packet_forgery_v6.c.
2178{
2179 int port;
2180 u_char packet[sizeof (struct ip6_hdr) + sizeof (struct tcphdr)];
2181 int soc;
2182 struct ip6_hdr *ip = (struct ip6_hdr *) packet;
2183 struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof (struct ip6_hdr));
2186 struct in6_addr source;
2187 struct sockaddr_in6 soca;
2188 int flag = 0;
2189 unsigned int i = 0;
2190 int bpf;
2191 char filter[255];
2192 tree_cell *retc;
2193 int opt = 1;
2196
2197#define rnd_tcp_port() (rand () % 65535 + 1024)
2198 int sports[] = {0, 0, 0, 0, 0, 1023, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2199 0, 0, 0, 0, 0, 53, 0, 0, 20, 0, 25, 0, 0, 0};
2200 int ports[] = {139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025,
2201 25, 111, 1028, 9100, 1029, 79, 497, 548, 5000, 1917,
2202 53, 161, 9001, 65535, 443, 113, 993, 8080, 0};
2203 char addr[INET6_ADDRSTRLEN];
2204
2205 if (!destination || (IN6_IS_ADDR_V4MAPPED (destination) == 1))
2206 return NULL;
2207
2208 for (i = 0; i < sizeof (sports) / sizeof (int); i++)
2209 {
2210 if (sports[i] == 0)
2211 sports[i] = rnd_tcp_port ();
2212 }
2213
2214 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_RAW);
2215 if (soc < 0)
2216 return NULL;
2217
2218 if (setsockopt (soc, IPPROTO_IPV6, IP_HDRINCL, (char *) &opt, sizeof (opt))
2219 < 0)
2220 perror ("setsockopt");
2221
2223 if (port == -1)
2226 source = *destination;
2227 else
2228 {
2229 bzero (&source, sizeof (source));
2230 v6_routethrough (destination, &source);
2231 }
2232
2233 snprintf (filter, sizeof (filter), "ip6 and src host %s",
2234 inet_ntop (AF_INET6, destination, addr, sizeof (addr)));
2235 bpf = init_v6_capture_device (*destination, source, filter);
2236
2238 flag++;
2239 else
2240 {
2241 unsigned int num_ports = sizeof (sports) / sizeof (int);
2242 for (i = 0; i < num_ports && !flag; i++)
2243 {
2244 bzero (packet, sizeof (packet));
2245 /* IPv6 */
2246 int version = 0x60, tc = 0, fl = 0;
2247 ip->ip6_ctlun.ip6_un1.ip6_un1_flow = version | tc | fl;
2248 ip->ip6_nxt = 0x06, ip->ip6_hlim = 0x40, ip->ip6_src = source;
2249 ip->ip6_dst = *destination;
2251
2252 /* TCP */
2253 tcp->th_sport = port ? htons (rnd_tcp_port ()) : htons (sports[i]);
2254 tcp->th_flags = TH_SYN;
2255 tcp->th_dport = port ? htons (port) : htons (ports[i]);
2256 tcp->th_seq = rand ();
2257 tcp->th_ack = 0;
2258 tcp->th_x2 = 0;
2259 tcp->th_off = 5;
2260 tcp->th_win = htons (512);
2261 tcp->th_urp = 0;
2262 tcp->th_sum = 0;
2263
2264 /* CKsum */
2265 {
2267
2268 bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
2269 memcpy (&pseudoheader.s6addr, &ip->ip6_src,
2270 sizeof (struct in6_addr));
2271 memcpy (&pseudoheader.d6addr, &ip->ip6_dst,
2272 sizeof (struct in6_addr));
2273
2274 pseudoheader.protocol = IPPROTO_TCP;
2275 pseudoheader.length = htons (sizeof (struct tcphdr));
2276 bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
2277 sizeof (struct tcphdr));
2279 38 + sizeof (struct tcphdr));
2280 }
2281
2282 bzero (&soca, sizeof (soca));
2283 soca.sin6_family = AF_INET6;
2284 soca.sin6_addr = ip->ip6_dst;
2285 if (sendto (soc, (const void *) ip,
2286 sizeof (struct tcphdr) + sizeof (struct ip6_hdr), 0,
2287 (struct sockaddr *) &soca, sizeof (struct sockaddr_in6))
2288 < 0)
2289 {
2290 close (soc);
2291 return NULL;
2292 }
2293 tv.tv_sec = 0;
2294 tv.tv_usec = 100000;
2296 flag++;
2297 }
2298 }
2299
2302 if (bpf >= 0)
2303 bpf_close (bpf);
2304 close (soc);
2305 return retc;
2306}
#define rnd_tcp_port()
#define rnd_tcp_port()
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:851
unsigned int plug_get_host_open_port(struct script_infos *desc)
Definition plugutils.c:1323
References alloc_typed_cell(), bpf_close(), bpf_next_tv(), CONST_INT, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), TC::i_val, init_v6_capture_device(), len, v6pseudohdr::length, np_in_cksum(), plug_get_host_ip(), plug_get_host_open_port(), v6pseudohdr::protocol, rnd_tcp_port, v6pseudohdr::s6addr, struct_lex_ctxt::script_infos, v6pseudohdr::tcpheader, timeval(), v6_islocalhost(), v6_routethrough(), and TC::x.
Referenced by nasl_tcp_ping().
Here is the call graph for this function:
Here is the caller graph for this function:
◆ np_in_cksum()
|
static |
Definition at line 73 of file nasl_packet_forgery_v6.c.
76{
77 register u_short answer = 0;
78 register long sum = 0;
79 u_short odd_byte = 0;
80
81 while (n > 1)
82 {
83 sum += *p++;
84 n -= 2;
85 }
86
87 /* mop up an odd byte, if necessary */
88 if (n == 1)
89 {
90 *(u_char *) (&odd_byte) = *(u_char *) p;
91 sum += odd_byte;
92 }
93
94 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
95 sum += (sum >> 16); /* add carry */
96 answer = (int) ~sum; /* ones-complement, truncate */
97 return (answer);
98}
Referenced by forge_icmp_v6_packet(), forge_igmp_v6_packet(), forge_tcp_v6_packet(), forge_udp_v6_packet(), insert_tcp_v6_options(), nasl_tcp_v6_ping(), set_tcp_v6_elements(), and set_udp_v6_elements().
Here is the caller graph for this function:
◆ set_ip_v6_elements()
Set IPv6 header element.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] ip6 IP v6 header. [in] ip6_plen Payload length. [in] ip6_hlim Hop limit. Max. 255 [in] ip6_nxt Next packet. [in] ip6_src Source address
- Returns
- tree_cell with the forged IP packet.
Definition at line 295 of file nasl_packet_forgery_v6.c.
296{
299 tree_cell *retc;
300 struct ip6_hdr *pkt;
301 char *s;
302
303 if (o_pkt == NULL)
304 {
306 return NULL;
307 }
308
309 pkt = (struct ip6_hdr *) g_malloc0 (size);
310 bcopy (o_pkt, pkt, size);
311
315
317 if (s != NULL)
318 inet_pton (AF_INET6, s, &pkt->ip6_src);
319
321 retc->size = size;
323
324 return retc;
325}
References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), TC::size, TC::str_val, and TC::x.
Here is the call graph for this function:
◆ set_tcp_v6_elements()
Set TCP Header element.
- Parameters
-
[in] lexic Lexical context of NASL interpreter. [in] tcp IPv6 packet to modify. [in] data Data. [in] th_sport Source port. [in] th_dport Destination port. [in] th_seq Sequence number. [in] th_ack Acknowledgement number. [in] th_x2 [in] th_off Data offset. [in] th_flags Flags. [in] th_win Window. [in] th_sum Checksum. [in] th_urp Urgent pointer. [in] update_ip_len Flag (TRUE by default). If set, NASL will recompute the size field of the IP datagram.
- Returns
- tree_cell with the modified IPv6 datagram.
Definition at line 894 of file nasl_packet_forgery_v6.c.
895{
897 struct ip6_hdr *ip6 = (struct ip6_hdr *) pkt;
899 struct tcphdr *tcp;
900 tree_cell *retc;
903 char *npkt;
904
905 if (pkt == NULL)
906 {
907 nasl_perror (
908 lexic, "set_tcp_v6_elements: Invalid value for the argument 'tcp'\n");
909 return NULL;
910 }
911
912 tcp = (struct tcphdr *) (pkt + 40);
913
915 return NULL;
916
917 if (data_len == 0)
918 {
919 data_len = UNFIX (ip6->ip6_plen) - (tcp->th_off * 4);
920 data = (char *) ((char *) tcp + tcp->th_off * 4);
921 }
922
923 npkt = g_malloc0 (40 + tcp->th_off * 4 + data_len);
924 bcopy (pkt, npkt, UNFIX (ip6->ip6_plen) + 40);
925
926 ip6 = (struct ip6_hdr *) (npkt);
927 tcp = (struct tcphdr *) (npkt + 40);
928
929 tcp->th_sport =
931 tcp->th_dport =
933 tcp->th_seq =
935 tcp->th_ack =
940 tcp->th_win =
944
945 bcopy (data, (char *) tcp + tcp->th_off * 4, data_len);
946
948 {
949 ip6->ip6_plen = FIX (tcp->th_off * 4 + data_len);
950 }
951
952 if (tcp->th_sum == 0)
953 {
956
957 bzero (&pseudoheader, 38 + sizeof (struct tcphdr));
958 memcpy (&pseudoheader.s6addr, &ip6->ip6_src, sizeof (struct in6_addr));
959 memcpy (&pseudoheader.d6addr, &ip6->ip6_dst, sizeof (struct in6_addr));
960
961 pseudoheader.protocol = IPPROTO_TCP;
962 pseudoheader.length = htons (sizeof (struct tcphdr) + data_len);
963 bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
964 sizeof (struct tcphdr));
965 /* fill tcpsumdata with data to checksum */
967 if (data != NULL)
969 data_len);
971 38 + sizeof (struct tcphdr) + data_len);
972 g_free (tcpsumdata);
973 }
974
976 retc->size = 40 + (tcp->th_off * 4) + data_len;
978 return retc;
979}
References alloc_typed_cell(), CONST_DATA, v6pseudohdr::d6addr, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), v6pseudohdr::length, nasl_perror(), np_in_cksum(), v6pseudohdr::protocol, v6pseudohdr::s6addr, TC::size, TC::str_val, v6pseudohdr::tcpheader, UNFIX, and TC::x.
Here is the call graph for this function:
◆ set_udp_v6_elements()
Definition at line 1551 of file nasl_packet_forgery_v6.c.
1552{
1557
1558 if (ip6 != NULL)
1559 {
1560 char *pkt;
1561 struct udphdr *udp;
1562 tree_cell *retc;
1563 int old_len;
1564
1565 if (40 + sizeof (struct udphdr) > sz)
1566 {
1567 return NULL;
1568 }
1569 if (data != NULL)
1570 {
1571 sz = 40 + sizeof (struct udphdr) + data_len;
1572 pkt = g_malloc0 (sz);
1573 bcopy (ip6, pkt, 40 + sizeof (struct udphdr));
1574 }
1575 else
1576 {
1577 pkt = g_malloc0 (sz);
1578 bcopy (ip6, pkt, sz);
1579 }
1580
1581 ip6 = (struct ip6_hdr *) pkt;
1582 if (data != NULL)
1583 {
1584 ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = FIX (sz - 40);
1585 }
1586 udp = (struct udphdr *) (pkt + 40);
1587
1588 udp->uh_sport =
1590 udp->uh_dport =
1592
1593 old_len = ntohs (udp->uh_ulen);
1594 udp->uh_ulen =
1597
1598 if (data != NULL)
1599 {
1600 bcopy (data, pkt + 40 + sizeof (struct udphdr), data_len);
1601 udp->uh_ulen = htons (sizeof (struct udphdr) + data_len);
1602 }
1603
1604 if (!udp->uh_sum)
1605 {
1608 char *udpsumdata;
1609 char *ptr = NULL;
1610
1611 if (data != NULL)
1612 {
1613 len = data_len;
1614 }
1615
1617 {
1618 ptr = (char *) udp + sizeof (struct udphdr);
1619 }
1620
1623
1624 pseudohdr.proto = IPPROTO_UDP;
1627 sizeof (struct udphdr));
1631 if (ptr != NULL)
1632 {
1634 }
1636 38 + sizeof (struct udphdr)
1638 g_free (udpsumdata);
1639 }
1641 retc->size = sz;
1643 return retc;
1644 }
1645 else
1646 nasl_perror (lexic,
1647 "set_udp_v6_elements: You must supply the 'udp' argument !\n");
1648
1649 return NULL;
1650}
References alloc_typed_cell(), CONST_DATA, FIX, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), len, nasl_perror(), np_in_cksum(), TC::size, TC::str_val, and TC::x.
Here is the call graph for this function:
Variable Documentation
◆ __attribute__
| struct v6pseudo_udp_hdr __attribute__ |
◆ d6addr
| struct in6_addr d6addr |
Definition at line 1 of file nasl_packet_forgery_v6.c.
◆ e_tstamp
| uint32_t e_tstamp |
Definition at line 3 of file nasl_packet_forgery_v6.c.
◆ kind
| uint8_t kind |
Definition at line 0 of file nasl_packet_forgery_v6.c.
◆ len
| uint8_t len |
Definition at line 1 of file nasl_packet_forgery_v6.c.
◆ length
| u_short length |
Definition at line 2 of file nasl_packet_forgery_v6.c.
◆ mss
| struct tcp_opt_mss mss |
Definition at line 2 of file nasl_packet_forgery_v6.c.
◆ protocol
| u_char protocol |
Definition at line 6 of file nasl_packet_forgery_v6.c.
◆ s6addr
| struct in6_addr s6addr |
Definition at line 0 of file nasl_packet_forgery_v6.c.
Referenced by v6_getinterfaces().
◆ sack_perm
| struct tcp_opt_sack_perm sack_perm |
Definition at line 2 of file nasl_packet_forgery_v6.c.
◆ tcpheader
| struct tcphdr tcpheader |
Definition at line 7 of file nasl_packet_forgery_v6.c.
◆ tstamp
| struct tcp_opt_tstamp tstamp |
Definition at line 2 of file nasl_packet_forgery_v6.c.
◆ wscale
| struct tcp_opt_wscale wscale |
Definition at line 2 of file nasl_packet_forgery_v6.c.
◆ zero1
| u_char zero1 |
Definition at line 3 of file nasl_packet_forgery_v6.c.
◆ zero2
| u_char zero2 |
Definition at line 4 of file nasl_packet_forgery_v6.c.
◆ zero3
| u_char zero3 |
Definition at line 5 of file nasl_packet_forgery_v6.c.
