OpenVAS Scanner 23.32.3
nasl_frame_forgery.h File Reference

Header file for module nasl_frame_forgery. More...

#include "nasl_lex_ctxt.h"
Include dependency graph for nasl_frame_forgery.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

tree_cellnasl_send_arp_request (lex_ctxt *)
 Send an arp request to an IP host.
tree_cellnasl_get_local_mac_address_from_ip (lex_ctxt *)
 Get the MAC address of host.
tree_cellnasl_forge_frame (lex_ctxt *)
 Forge a datalink layer frame.
tree_cellnasl_send_frame (lex_ctxt *)
 Send a frame and listen to the answer.
tree_cellnasl_dump_frame (lex_ctxt *)
 Dump a datalink layer frame.

Detailed Description

Header file for module nasl_frame_forgery.

Definition in file nasl_frame_forgery.h.

Function Documentation

◆ nasl_dump_frame()

tree_cell * nasl_dump_frame ( lex_ctxt * lexic)

Dump a datalink layer frame.

@naslparam


  • frame The frame to be dumped.
Parameters
lexicLexical context of NASL interpreter.
Returns
Null

Definition at line 363 of file nasl_frame_forgery.c.

364{
365 u_char *frame = (u_char *) get_str_var_by_name (lexic, "frame");
366 int frame_sz = get_var_size_by_name (lexic, "frame");
367
368 if (frame == NULL || frame_sz <= 0)
369 {
370 nasl_perror (lexic, "%s usage: frame is a mandatory parameters.\n",
371 __func__);
372 return NULL;
373 }
374
375 dump_frame (frame, frame_sz);
376 return NULL;
377}
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition nasl_debug.c:105
dump_frame
static void dump_frame(const u_char *frame, int frame_sz)
Dump a datalink layer frame.
Definition nasl_frame_forgery.c:63
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition nasl_var.c:1138
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition nasl_var.c:1118

References dump_frame(), get_str_var_by_name(), get_var_size_by_name(), and nasl_perror().

Here is the call graph for this function:

◆ nasl_forge_frame()

tree_cell * nasl_forge_frame ( lex_ctxt * lexic)

Forge a datalink layer frame.

@naslparams


  • src_haddr Source MAC address to use.

  • dst_haddr Destination MAC address to use.

  • ether_proto Ethernet type integer in hex format. Default 0x0800 (ETHER_P_IP)

  • payload Payload to be attached to the frame. E.g a forged tcp datagram.
  • @naslreturn the forged frame.
Parameters
lexicLexical context of NASL interpreter.
Returns
tree_cell element or null.

Definition at line 268 of file nasl_frame_forgery.c.

269{
270 tree_cell *retc;
271 struct pseudo_frame *frame;
272 int frame_sz;
273 u_char *payload = (u_char *) get_str_var_by_name (lexic, "payload");
274 int payload_sz = get_var_size_by_name (lexic, "payload");
275 char *ether_src_addr = get_str_var_by_name (lexic, "src_haddr");
276 char *ether_dst_addr = get_str_var_by_name (lexic, "dst_haddr");
277 int ether_proto = get_int_var_by_name (lexic, "ether_proto", 0x0800);
278
279 if (ether_src_addr == NULL || ether_dst_addr == NULL || payload == NULL)
280 {
281 nasl_perror (lexic,
282 "%s usage: payload, src_haddr and dst_haddr are mandatory "
283 "parameters.\n",
284 __func__);
285 return NULL;
286 }
287
288 frame_sz = forge_frame ((u_char *) ether_src_addr, (u_char *) ether_dst_addr,
289 ether_proto, payload, payload_sz, &frame);
290
291 retc = alloc_typed_cell (CONST_DATA);
292 retc->x.str_val = (char *) frame;
293 retc->size = frame_sz;
294 return retc;
295}
forge_frame
static int forge_frame(const u_char *ether_src_addr, const u_char *ether_dst_addr, int ether_proto, u_char *payload, int payload_sz, struct pseudo_frame **frame)
Forge a datalink layer frame.
Definition nasl_frame_forgery.c:230
payload
u_char * payload
Definition nasl_frame_forgery.c:1
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition nasl_var.c:1101
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition nasl_tree.c:25
CONST_DATA
@ CONST_DATA
Definition nasl_tree.h:82
tree_cell
struct TC tree_cell
TC::size
int size
Definition nasl_tree.h:99
TC::x
union TC::@332262321161220155002104006201360276211317150140 x
TC::str_val
char * str_val
Definition nasl_tree.h:103
pseudo_frame
Definition nasl_frame_forgery.c:51

References alloc_typed_cell(), CONST_DATA, forge_frame(), get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), payload, TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_get_local_mac_address_from_ip()

tree_cell * nasl_get_local_mac_address_from_ip ( lex_ctxt * lexic)

Get the MAC address of host.

@naslparam

  • ip_address Local IP address

    @naslreturn The MAC address of the host. NULL otherwise

Parameters
[in]lexicLexical context of NASL interpreter.

Definition at line 438 of file nasl_frame_forgery.c.

439{
440 tree_cell *retc = NULL;
441 char *buffer = NULL;
442 u_char *mac;
443
444 char *ip_address = get_str_var_by_num (lexic, 0);
445
446 mac = g_malloc0 (sizeof (u_char) * ETHER_ADDR_LEN);
447 get_local_mac_address_from_ip (ip_address, mac);
448 if (mac != NULL)
449 {
450 buffer = g_strdup_printf ("%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1],
451 mac[2], mac[3], mac[4], mac[5]);
452 g_free (mac);
453 retc = alloc_typed_cell (CONST_DATA);
454 retc->x.str_val = buffer;
455 retc->size = 17;
456 }
457
458 return retc;
459}
mac
gpg_err_code_t mac(const char *key, const size_t key_len, const char *data, const size_t data_len, const char *iv, const size_t iv_len, int algo, int flags, char **out, size_t *out_len)
Definition nasl_crypt_helper.c:97
get_local_mac_address_from_ip
static int get_local_mac_address_from_ip(char *ip_address, u_char *mac)
Get the MAC address of host.
Definition nasl_frame_forgery.c:389
get_str_var_by_num
char * get_str_var_by_num(lex_ctxt *, int)
Definition nasl_var.c:1108

References alloc_typed_cell(), CONST_DATA, get_local_mac_address_from_ip(), get_str_var_by_num(), mac(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_send_arp_request()

tree_cell * nasl_send_arp_request ( lex_ctxt * lexic)

Send an arp request to an IP host.

NASL Returns:\n The MAC address of the target. NULL otherwise
Parameters
[in]lexicLexical context of NASL interpreter.
Returns
A tree cell or NULL.

Definition at line 471 of file nasl_frame_forgery.c.

472{
473 tree_cell *retc = NULL;
474 struct in6_addr src, *dst = plug_get_host_ip (lexic->script_infos);
475 struct in_addr dst_inaddr, src_inaddr;
476 struct pseudo_eth_arp eth_arp;
477 struct pseudo_frame *frame;
478 int frame_sz;
479 char ip_src_str[INET6_ADDRSTRLEN];
480 u_char mac_broadcast_addr[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
481 u_char mac[6], *mac_aux;
482 char filter[255];
483 u_char *answer = NULL;
484 int answer_sz;
485 int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
486
487 /* Get source IP address via routethrough. We need it to find our mac address.
488 */
489 if (dst == NULL || (IN6_IS_ADDR_V4MAPPED (dst) != 1))
490 return retc;
491
492 memset (&dst_inaddr, '\0', sizeof (struct in_addr));
493 dst_inaddr.s_addr = dst->s6_addr32[3];
494 routethrough (&dst_inaddr, &src_inaddr);
495 ipv4_as_ipv6 (&src_inaddr, &src);
496
497 /* Getting target IP address as string, to get the mac address */
498 addr6_to_str (&src, ip_src_str);
499
500 mac_aux = (u_char *) g_malloc0 (sizeof (u_char) * 6);
501 get_local_mac_address_from_ip (ip_src_str, mac_aux);
502 mac[0] = mac_aux[0];
503 mac[1] = mac_aux[1];
504 mac[2] = mac_aux[2];
505 mac[3] = mac_aux[3];
506 mac[4] = mac_aux[4];
507 mac[5] = mac_aux[5];
508 g_free (mac_aux);
509
510 /* Building ARP header */
511 memset (&eth_arp, '\0', sizeof (struct pseudo_eth_arp));
512 eth_arp.arp_header.ar_hrd = htons (ARPHRD_ETHER);
513 eth_arp.arp_header.ar_pro = htons (ETHERTYPE_IP);
514 eth_arp.arp_header.ar_hln = ETH_ALEN;
515 eth_arp.arp_header.ar_pln = 4;
516 eth_arp.arp_header.ar_op = htons (ARPOP_REQUEST);
517
518 memcpy (&(eth_arp.__ar_sha), mac, ETH_ALEN);
519 memcpy (&(eth_arp.__ar_sip), &src_inaddr, 4);
520 memcpy (&(eth_arp.__ar_tha), mac_broadcast_addr, ETH_ALEN);
521 memcpy (&(eth_arp.__ar_tip), &dst_inaddr, 4);
522
523 frame_sz =
524 forge_frame (mac, mac_broadcast_addr, ETH_P_ARP, (u_char *) &eth_arp,
525 sizeof (struct pseudo_eth_arp), &frame);
526
527 /* Prepare filter */
528 snprintf (filter, sizeof (filter), "arp and src host %s",
529 inet_ntoa (dst_inaddr));
530
531 answer_sz =
532 send_frame ((const u_char *) frame, frame_sz, 1, to, filter, dst, &answer);
533 g_free (frame);
534 if (answer_sz == -2)
535 {
536 g_message ("%s: Not possible to send the frame", __func__);
537 return NULL;
538 }
539
540 if (answer && answer_sz > -1)
541 {
542 char *daddr;
543 struct ether_header *answer_aux;
544
545 answer_aux = (struct ether_header *) answer;
546 daddr = g_strdup_printf (
547 "%02x:%02x:%02x:%02x:%02x:%02x", (u_int) answer_aux->ether_shost[0],
548 (u_int) answer_aux->ether_shost[1], (u_int) answer_aux->ether_shost[2],
549 (u_int) answer_aux->ether_shost[3], (u_int) answer_aux->ether_shost[4],
550 (u_int) answer_aux->ether_shost[5]);
551
552 retc = alloc_typed_cell (CONST_DATA);
553 retc->x.str_val = daddr;
554 retc->size = strlen (daddr);
555 }
556 else
557 g_debug ("%s: No answer received.", __func__);
558
559 return retc;
560}
send_frame
static int send_frame(const u_char *frame, int frame_sz, int use_pcap, int timeout, char *filter, struct in6_addr *ipaddr, u_char **answer)
Send a frame and listen to the answer.
Definition nasl_frame_forgery.c:141
daddr
struct in_addr daddr
Definition nasl_packet_forgery.c:1
routethrough
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:1070
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371
pseudo_eth_arp
Definition nasl_frame_forgery.c:41
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition nasl_lex_ctxt.h:33

References pseudo_eth_arp::__ar_sha, pseudo_eth_arp::__ar_sip, pseudo_eth_arp::__ar_tha, pseudo_eth_arp::__ar_tip, alloc_typed_cell(), pseudo_eth_arp::arp_header, CONST_DATA, daddr, forge_frame(), get_int_var_by_name(), get_local_mac_address_from_ip(), mac(), plug_get_host_ip(), routethrough(), struct_lex_ctxt::script_infos, send_frame(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function:

◆ nasl_send_frame()

tree_cell * nasl_send_frame ( lex_ctxt * lexic)

Send a frame and listen to the answer.

@naslparams


  • frame The frame to be sent.

  • pcap_active TRUE by default. Otherwise, NASL does not listen for the answers.

  • pcap_filter BPF filter.

  • pcap_timeout Capture timeout. 5 by default.
  • @naslreturn Sniffed answer.
Parameters
lexicLexical context of NASL interpreter.
Returns
tree_cell element or null.

Definition at line 314 of file nasl_frame_forgery.c.

315{
316 tree_cell *retc = NULL;
317 struct script_infos *script_infos = lexic->script_infos;
318 struct in6_addr *ipaddr = plug_get_host_ip (script_infos);
319 u_char *frame = (u_char *) get_str_var_by_name (lexic, "frame");
320 int frame_sz = get_var_size_by_name (lexic, "frame");
321 int use_pcap = get_int_var_by_name (lexic, "pcap_active", 1);
322 int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
323 char *filter = get_str_var_by_name (lexic, "pcap_filter");
324 u_char *answer = NULL;
325 int answer_sz;
326
327 if (frame == NULL || frame_sz <= 0)
328 {
329 nasl_perror (lexic, "%s usage: frame is a mandatory parameters.\n",
330 __func__);
331 return NULL;
332 }
333
334 answer_sz =
335 send_frame (frame, frame_sz, use_pcap, to, filter, ipaddr, &answer);
336 if (answer_sz == -2)
337 {
338 g_message ("%s: Not possible to send the frame", __func__);
339 return NULL;
340 }
341
342 if (answer && answer_sz > -1)
343 {
344 retc = alloc_typed_cell (CONST_DATA);
345 retc->x.str_val = (char *) answer;
346 retc->size = answer_sz;
347 }
348
349 return retc;
350}
script_infos
Definition scanneraux.h:29

References alloc_typed_cell(), CONST_DATA, get_int_var_by_name(), get_str_var_by_name(), get_var_size_by_name(), nasl_perror(), plug_get_host_ip(), struct_lex_ctxt::script_infos, send_frame(), TC::size, TC::str_val, and TC::x.

Here is the call graph for this function: