OpenVAS Scanner 23.40.3
nasl_builtin_synscan.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 * SPDX-FileCopyrightText: 1998-2006 Tenable Network Security, Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0-only
5 */
6
11
12/* legacy feature macro */
13#define _BSD_SOURCE 1
14/* new feature macros that provides the same plus more */
15#define _DEFAULT_SOURCE 1
16#undef _SVID_SOURCE
17
18#include "../misc/bpf_share.h" /* for bpf_open_live */
19#include "../misc/network.h" /* for getpts */
20#include "../misc/pcap_openvas.h" /* for get_datalink_size */
21#include "../misc/plugutils.h" /* for scanner_add_port */
22#include "nasl_builtin_plugins.h"
23#include "nasl_lex_ctxt.h"
24
25#include <arpa/inet.h> /* for AF_INET */
26#include <gvm/base/logging.h>
27#include <gvm/base/prefs.h> /* for prefs_get */
28#include <netinet/ip.h>
29#include <netinet/tcp.h> /* for TH_SYN */
30#include <stdlib.h> /* for rand() */
31#include <string.h> /* for memcpy() */
32#include <unistd.h> /* for close() */
33
34#undef SHOW_RETRIES
35#undef SHOW_RTT_REMOVAL
36
37#define NUM_RETRIES 2
38
39#undef G_LOG_DOMAIN
43#define G_LOG_DOMAIN "lib nasl"
44/*----------------------------------------------------------------------------*/
45struct pseudohdr
46{
47 struct in_addr saddr;
48 struct in_addr daddr;
49 u_char zero;
50 u_char protocol;
51 u_short length;
52 struct tcphdr tcpheader;
53};
54
55static int
56in_cksum (u_short *p, int n)
57{
58 register u_short answer;
59 register unsigned long sum = 0;
60 u_short odd_byte = 0;
61
62 while (n > 1)
63 {
64 sum += *p++;
65 n -= 2;
66 }
67
68 /* mop up an odd byte, if necessary */
69 if (n == 1)
70 {
71 *(u_char *) (&odd_byte) = *(u_char *) p;
72 sum += odd_byte;
73 }
74 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
75 sum += (sum >> 16); /* add carry */
76 answer = (int) ~sum; /* ones-complement, truncate */
77 return (answer);
78}
79
80static unsigned long
81maketime (void)
82{
83 struct timeval tv;
84 unsigned long ret;
85
86 gettimeofday (&tv, NULL);
87
88 ret = ((tv.tv_sec & 0x0000000F) << 28) | (((tv.tv_usec) & 0xFFFFFFF0) >> 4);
89
90 return htonl (ret);
91}
92
93static struct timeval
94timeval (unsigned long val)
95{
96 struct timeval ret;
97 unsigned int h, l;
98
99 val = ntohl (val);
100
101 h = (val & 0xF0000000) >> 28;
102 l = (val & 0x0FFFFFFF) << 4;
103
104 ret.tv_sec = h;
105 ret.tv_usec = l;
106 while (ret.tv_usec >= 1000000)
107 {
108 ret.tv_usec -= 1000000;
109 ret.tv_sec++;
110 }
111
112 if (ret.tv_sec > 2)
113 {
114 ret.tv_sec = 2;
115 ret.tv_usec = 0;
116 }
117 return ret;
118}
119
120static unsigned long
121compute_rtt (unsigned long then)
122{
123 unsigned long now = maketime ();
124 unsigned long res;
125 unsigned long a, b;
126
127 a = (unsigned long) ntohl (now);
128 b = (unsigned long) ntohl (then);
129
130 if (b > a)
131 {
132 return 0;
133 }
134 res = a - b;
135 if (res >= (1 << 28))
136 res = 1 << 28;
137
138 return htonl (res);
139}
140
141static int
142packetdead (unsigned long then)
143{
144 unsigned long now = maketime ();
145
146 then = ntohl (then);
147 now = ntohl (now);
148
149 if ((now - then) >= 2 << 28)
150 {
151 return 1;
152 }
153
154 return 0;
155}
156
160static int
161rawsocket (int family)
162{
163 int soc;
164 int opt = 1;
165 int offset = 8;
166
167 if (family == AF_INET)
168 {
169 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
170 if (soc < 0)
171 {
172 perror ("socket ");
173 printf ("error opeinig socket\n");
174 return -1;
175 }
176 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, /*(char *) */ &opt,
177 sizeof (opt))
178 < 0)
179 {
180 perror ("setsockopt ");
181 printf ("error setting socket opt\n");
182 close (soc);
183 return -1;
184 }
185 }
186 else
187 {
188 soc = socket (AF_INET6, SOCK_RAW, IPPROTO_TCP);
189 if (soc < 0
190 || setsockopt (soc, IPPROTO_IPV6, IPV6_CHECKSUM, &offset,
191 sizeof (offset))
192 < 0)
193 {
194 perror ("socket ");
195 printf ("error opening socket\n");
196 if (soc >= 0)
197 close (soc);
198 return -1;
199 }
200 }
201
202 return soc;
203}
204
215static int
216openbpf (struct in_addr dst, struct in_addr *src, int magic)
217{
218 char *iface;
219 char filter[255];
220 int bpf;
221
222 iface = routethrough (&dst, src);
223 snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
224 inet_ntoa (dst), magic);
225 bpf = bpf_open_live (iface, filter);
226 return bpf;
227}
228
229static int
230v6_openbpf (struct in6_addr *dst, struct in6_addr *src, int magic)
231{
232 char *iface;
233 char filter[255];
234 char hostname[INET6_ADDRSTRLEN];
235 int bpf;
236
237 iface = v6_routethrough (dst, src);
238
239 snprintf (filter, sizeof (filter), "tcp and src host %s and dst port %d",
240 inet_ntop (AF_INET6, dst, hostname, sizeof (hostname)), magic);
241 bpf = bpf_open_live (iface, filter);
242 if (bpf < 0)
243 printf ("bpf_open_live returned error\n");
244 return bpf;
245}
246/*----------------------------------------------------------------------------*/
247
248struct list
249{
250 unsigned short dport;
251 unsigned long when;
252 int retries;
253 struct list *prev;
254 struct list *next;
255};
256
261static struct list *
262get_packet (struct list *l, unsigned short dport)
263{
264 while (l != NULL)
265 {
266 if (l->dport == dport)
267 return l;
268 else
269 l = l->next;
270 }
271 return NULL;
272}
273
278static struct list *
279add_packet (struct list *l, unsigned short dport, unsigned long ack)
280{
281 struct list *ret;
282
283 ret = get_packet (l, dport);
284 if (ret != NULL)
285 {
286#ifdef SHOW_RETRIES
287 printf ("RETRIES FOR %d = %d\n", dport, ret->retries);
288#endif
289 ret->retries++;
290 ret->when = ack;
291 return l;
292 }
293 ret = g_malloc0 (sizeof (struct list));
294
295 ret->next = l;
296 ret->prev = NULL;
297 if (ret->next != NULL)
298 ret->next->prev = ret;
299
300 ret->dport = dport;
301 ret->when = ack;
302 ret->retries = 0;
303 return ret;
304}
305
306static struct list *
307rm_packet (struct list *l, unsigned short dport)
308{
309 struct list *ret = l;
310 struct list *p = get_packet (l, dport);
311
312 if (p == NULL)
313 return l;
314 if (p->next != NULL)
315 p->next->prev = p->prev;
316
317 if (p->prev != NULL)
318 p->prev->next = p->next;
319 else
320 ret = p->next;
321
322 g_free (p);
323 return ret;
324}
325
326static struct list *
327rm_dead_packets (struct list *l, int *retry)
328{
329 struct list *ret = l;
330 struct list *p = l;
331
332 *retry = 0;
333 while (p != NULL)
334 {
335 struct list *next = p->next;
336 if (packetdead (p->when))
337 {
338 if (p->retries < NUM_RETRIES)
339 {
340#ifdef SHOW_RETRIES
341 printf ("Will retry port %d\n", p->dport);
342#endif
343 *retry = p->dport;
344 }
345 else
346 {
347#ifdef SHOW_RTT_REMOVAL
348 printf ("Removing port %d (RTT elapsed)\n", p->dport);
349#endif
350 if (p->next != NULL)
351 p->next->prev = p->prev;
352
353 if (p->prev != NULL)
354 p->prev->next = p->next;
355 else
356 {
357 if (p->next == NULL)
358 {
359 g_free (p);
360 return NULL;
361 }
362 ret = p->next;
363 g_free (p);
364 }
365 }
366 }
367 p = next;
368 }
369 return ret;
370}
371
372/*-----------------------------------------------------------------------------*/
373
374static struct tcphdr *
375extracttcp (char *pkt, unsigned int len)
376{
377 struct ip *ip;
378 struct tcphdr *tcp;
379
380 ip = (struct ip *) pkt;
381 if (ip->ip_hl * 4 + sizeof (struct tcphdr) > len)
382 return NULL;
383
384 tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
385 return tcp;
386}
387
388static struct tcphdr *
389v6_extracttcp (char *pkt)
390{
391 struct tcphdr *tcp;
392 tcp = (struct tcphdr *) (pkt + 40);
393 return tcp;
394}
395
396static unsigned long
397extractack (char *pkt, int len, int family)
398{
399 unsigned long ret;
400 struct tcphdr *tcp;
401 if (family == AF_INET)
402 tcp = extracttcp (pkt, len);
403 else
404 tcp = v6_extracttcp (pkt);
405
406 if (tcp == NULL)
407 return -1;
408
409 ret = htonl (ntohl (tcp->th_ack) - 1);
410 return ret;
411}
412
413static unsigned short
414extractsport (char *pkt, int len, int family)
415{
416 struct tcphdr *tcp;
417
418 if (family == AF_INET)
419 tcp = extracttcp (pkt, len);
420 else
421 tcp = v6_extracttcp (pkt);
422
423 if (tcp == NULL)
424 return 0;
425
426 return ntohs (tcp->th_sport);
427}
428
429static int
430issynack (char *pkt, int len, int family)
431{
432 struct tcphdr *tcp;
433
434 if (family == AF_INET)
435 tcp = extracttcp (pkt, len);
436 else
437 tcp = v6_extracttcp (pkt);
438
439 if (tcp == NULL)
440 return 0;
441
442 return tcp->th_flags == (TH_SYN | TH_ACK);
443}
444
445static char *
446mktcp (struct in_addr src, int sport, struct in_addr dst, int dport,
447 unsigned long th_ack, unsigned char flag)
448{
449 static char pkt[sizeof (struct ip) + sizeof (struct tcphdr)];
450 struct ip *ip;
451 struct tcphdr *tcp;
452 struct pseudohdr pseudohdr;
453 char tcpsumdata[sizeof (pseudohdr)];
454
455 ip = (struct ip *) (&pkt);
456 ip->ip_hl = 5;
457 ip->ip_v = 4;
458 ip->ip_tos = 0;
459 ip->ip_len = sizeof (struct ip) + sizeof (struct tcphdr);
460 ip->ip_id = rand ();
461 ip->ip_off = 0;
462 ip->ip_ttl = 64;
463 ip->ip_p = IPPROTO_TCP;
464 ip->ip_sum = 0;
465 ip->ip_src.s_addr = src.s_addr;
466 ip->ip_dst.s_addr = dst.s_addr;
467 ip->ip_sum = in_cksum ((u_short *) pkt, sizeof (struct ip));
468
469 tcp = (struct tcphdr *) (&(pkt[sizeof (struct ip)]));
470 tcp->th_sport = htons (sport);
471 tcp->th_dport = htons (dport);
472 tcp->th_seq = th_ack;
473 tcp->th_ack = 0;
474 tcp->th_x2 = 0;
475 tcp->th_off = 5;
476 tcp->th_flags = flag;
477 tcp->th_win = 4096;
478 tcp->th_sum = 0;
479 tcp->th_urp = 0;
480
481 bzero (&pseudohdr, sizeof (pseudohdr));
482 pseudohdr.saddr.s_addr = src.s_addr;
483 pseudohdr.daddr.s_addr = dst.s_addr;
484 pseudohdr.protocol = IPPROTO_TCP;
485 pseudohdr.length = htons (sizeof (struct tcphdr));
486 bcopy ((char *) tcp, (char *) &pseudohdr.tcpheader, sizeof (struct tcphdr));
487 bcopy (&pseudohdr, tcpsumdata, sizeof (struct pseudohdr));
488 tcp->th_sum =
489 in_cksum ((unsigned short *) tcpsumdata, 12 + sizeof (struct tcphdr));
490
491 return pkt;
492}
493
494static char *
495mktcpv6 (int sport, int dport, unsigned long th_ack, unsigned char flag)
496{
497 static char pkt[sizeof (struct tcphdr)];
498 struct tcphdr *tcp;
499
500 tcp = (struct tcphdr *) (&(pkt[0]));
501 tcp->th_sport = htons (sport);
502 tcp->th_dport = htons (dport);
503 tcp->th_ack = htonl (rand ());
504 tcp->th_seq = th_ack;
505 tcp->th_off = 5;
506 tcp->th_flags = flag;
507 tcp->th_win = htons (5760);
508 tcp->th_urp = 0;
509 tcp->th_sum = 2;
510
511 return pkt;
512}
513/*--------------------------------------------------------------------*/
514
519static struct list *
520sendpacket (int soc, int bpf, int skip, struct in_addr dst, struct in_addr src,
521 int dport, int magic, struct list *packets, unsigned long *rtt,
522 int sniff, struct script_infos *env)
523{
524 unsigned long ack = maketime ();
525 char *pkt = mktcp (src, magic, dst, dport, ack, TH_SYN);
526 int len;
527 char *res;
528 struct sockaddr_in soca;
529 struct timeval rtt_tv = timeval (*rtt);
530 int family = AF_INET;
531
532 bzero (&soca, sizeof (soca));
533 soca.sin_family = AF_INET;
534 soca.sin_addr = dst;
535
536 rtt_tv.tv_sec *= 1000;
537 rtt_tv.tv_sec /= 8;
538
539 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
540 rtt_tv.tv_sec /= 1000;
541 if (rtt_tv.tv_sec >= 1)
542 {
543 rtt_tv.tv_sec = 1;
544 rtt_tv.tv_usec = 0;
545 }
546
547 if (dport != 0)
548 {
549 int e;
550 packets = add_packet (packets, dport, ack);
551 e = sendto (soc, pkt, sizeof (struct ip) + sizeof (struct tcphdr), 0,
552 (struct sockaddr *) &soca, sizeof (soca));
553 if (e < 0)
554 {
555 perror ("sendto ");
556 close (soc);
557 bpf_close (bpf);
558 return NULL;
559 }
560 }
561 if (sniff != 0)
562 {
563 again:
564 res = (char *) bpf_next_tv (bpf, &len, &rtt_tv);
565 if (res != NULL)
566 {
567 unsigned short sport = extractsport (res + skip, len, family);
568 int synack = issynack (res + skip, len, family);
569 unsigned int rack = extractack (res + skip, len, family);
570 if (synack)
571 {
572 char *rst;
573 scanner_add_port (env, sport, "tcp");
574 /* Send a RST to make sure the connection is closed on the remote
575 * side */
576 rst = mktcp (src, magic, dst, sport, ack + 1, TH_RST);
577 if (sendto (soc, rst, sizeof (struct ip) + sizeof (struct tcphdr),
578 0, (struct sockaddr *) &soca, sizeof (soca))
579 < 0)
580 {
581 perror ("sendto ");
582 close (soc);
583 bpf_close (bpf);
584 return NULL;
585 }
586
587 /* Adjust the rtt */
588 *rtt = compute_rtt (rack);
589 if (ntohl (*rtt) >= (1 << 28))
590 *rtt = 1 << 28;
591 }
592 packets = rm_packet (packets, sport);
593 rtt_tv.tv_sec = 0;
594 rtt_tv.tv_usec = 0;
595 goto again;
596 }
597 }
598 return packets;
599}
600
601static struct list *
602v6_sendpacket (int soc, int bpf, int skip, struct in6_addr *dst, int dport,
603 int magic, struct list *packets, unsigned long *rtt, int sniff,
604 struct script_infos *env)
605{
606 unsigned long ack = maketime ();
607 char *pkt = mktcpv6 (magic, dport, ack, TH_SYN);
608 int len;
609 char *res;
610 struct sockaddr_in6 soca;
611 struct timeval rtt_tv = timeval (*rtt);
612
613 bzero (&soca, sizeof (soca));
614 soca.sin6_family = AF_INET6;
615 memcpy (&soca.sin6_addr, dst, sizeof (struct in6_addr));
616 rtt_tv.tv_sec *= 1000;
617 rtt_tv.tv_sec /= 8;
618
619 rtt_tv.tv_usec += (rtt_tv.tv_sec % 1000) * 1000;
620 rtt_tv.tv_sec /= 1000;
621 if (rtt_tv.tv_sec >= 1)
622 {
623 rtt_tv.tv_sec = 1;
624 rtt_tv.tv_usec = 0;
625 }
626
627 if (dport != 0)
628 {
629 int e;
630 packets = add_packet (packets, dport, ack);
631 e = sendto (soc, pkt, sizeof (struct tcphdr), 0,
632 (struct sockaddr *) &soca, sizeof (soca));
633 if (e < 0)
634 {
635 g_message ("sendto error in v6_sendpacket");
636 perror ("sendto ");
637 close (soc);
638 bpf_close (bpf);
639 return NULL;
640 }
641 }
642 if (sniff != 0)
643 {
644 res = (char *) bpf_next (bpf, &len);
645 if (res != NULL)
646 {
647 unsigned short sport = extractsport (res + skip, len, AF_INET6);
648 int synack = issynack (res + skip, len, AF_INET6);
649 if (synack)
650 {
651 char *rst;
652 scanner_add_port (env, sport, "tcp");
653 /* Send a RST to make sure the connection is closed on the remote
654 * side */
655 rst = mktcpv6 (magic, sport, ack + 1, TH_RST);
656 if (sendto (soc, rst, sizeof (struct tcphdr), 0,
657 (struct sockaddr *) &soca, sizeof (soca))
658 < 0)
659 {
660 perror ("sendto ");
661 close (soc);
662 bpf_close (bpf);
663 return NULL;
664 }
665 }
666 packets = rm_packet (packets, sport);
667 }
668 }
669 return packets;
670}
671
675static int
676scan (struct script_infos *env, char *portrange, struct in6_addr *dst6,
677 unsigned long rtt)
678{
679 int num;
680 int soc;
681 int bpf;
682 struct in_addr src;
683 struct in_addr dst;
684 struct in6_addr src6;
685 int magic = 4441 + (rand () % 1200);
686 int skip;
687 int i;
688 struct list *packets = NULL;
689 int retry;
690 unsigned short *ports;
691 int family;
692
693 dst.s_addr = 0;
694
695 if (IN6_IS_ADDR_V4MAPPED (dst6))
696 {
697 family = AF_INET;
698 dst.s_addr = dst6->s6_addr32[3];
699 soc = rawsocket (AF_INET);
700 }
701 else
702 {
703 family = AF_INET6;
704 soc = rawsocket (AF_INET6);
705 }
706
707 ports = (unsigned short *) getpts (portrange, &num);
708
709 if (soc < 0)
710 {
711 printf ("error opening raw socket\n");
712 return -1;
713 }
714
715 if (family == AF_INET)
716 bpf = openbpf (dst, &src, magic);
717 else
718 bpf = v6_openbpf (dst6, &src6, magic);
719 if (bpf < 0)
720 {
721 close (soc);
722 return -1;
723 }
724 skip = get_datalink_size (bpf_datalink (bpf));
725
727 for (i = 0; i < num; i += 2)
728 {
729 if (family == AF_INET)
730 packets = sendpacket (soc, bpf, skip, dst, src, ports[i], magic,
731 packets, &rtt, 0, env);
732 else
733 packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i], magic, packets,
734 &rtt, 0, env);
735 if (i + 1 < num)
736 {
737 g_debug ("=====>> Sniffing %u\n", ports[i + 1]);
738 if (family == AF_INET)
739 packets = sendpacket (soc, bpf, skip, dst, src, ports[i + 1], magic,
740 packets, &rtt, 1, env);
741 else
742 packets = v6_sendpacket (soc, bpf, skip, dst6, ports[i + 1], magic,
743 packets, &rtt, 1, env);
744 }
745 }
746
748 if (family == AF_INET)
749 {
750 while (packets != NULL)
751 {
752 i = 0;
753 retry = 0;
754 packets = rm_dead_packets (packets, &retry);
755 while (retry != 0 && i < 2)
756 {
757 packets = sendpacket (soc, bpf, skip, dst, src, retry, magic,
758 packets, &rtt, 0, env);
759 packets = rm_dead_packets (packets, &retry);
760 i++;
761 }
762 packets = sendpacket (soc, bpf, skip, dst, src, retry, magic, packets,
763 &rtt, 1, env);
764 }
765 }
766
767 close (soc);
768 bpf_close (bpf);
769 if (ports != NULL)
770 g_free (ports);
771 if (num >= 65535)
772 plug_set_key (env, "Host/full_scan", ARG_INT, (void *) 1);
773
774 return 0;
775}
776
777tree_cell *
778plugin_run_synscan (lex_ctxt *lexic)
779{
780 struct script_infos *env = lexic->script_infos;
781 unsigned long rtt;
782 struct in6_addr *dst6 = plug_get_host_ip (env);
783 struct in_addr *dst;
784 struct in_addr inaddr;
785
786 inaddr.s_addr = dst6->s6_addr32[3];
787 dst = &inaddr;
788
789 if (islocalhost (dst))
790 return NULL;
791
792 rtt = htonl (1 << 28);
793
794 const char *range = prefs_get ("port_range");
795 scan (env, (char *) range, dst6, rtt);
796 plug_set_key (env, "Host/scanned", ARG_INT, (void *) 1);
797 plug_set_key (env, "Host/scanners/synscan", ARG_INT, (void *) 1);
798 return NULL;
799}
bpf_open_live
int bpf_open_live(char *iface, char *filter)
Definition bpf_share.c:39
bpf_datalink
int bpf_datalink(int bpf)
Definition bpf_share.c:158
bpf_next_tv
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
Definition bpf_share.c:119
bpf_close
void bpf_close(int bpf)
Definition bpf_share.c:164
bpf_next
u_char * bpf_next(int bpf, int *caplen)
Definition bpf_share.c:150
bpf_share.h
Header file for module bpf_share.
nasl_builtin_plugins.h
Header file for built-in plugins.
mktcp
static char * mktcp(struct in_addr src, int sport, struct in_addr dst, int dport, unsigned long th_ack, unsigned char flag)
Definition nasl_builtin_synscan.c:446
add_packet
static struct list * add_packet(struct list *l, unsigned short dport, unsigned long ack)
If no packet with dport is in list, prepends a "packet" to the.
Definition nasl_builtin_synscan.c:279
NUM_RETRIES
#define NUM_RETRIES
Definition nasl_builtin_synscan.c:37
v6_openbpf
static int v6_openbpf(struct in6_addr *dst, struct in6_addr *src, int magic)
Definition nasl_builtin_synscan.c:230
plugin_run_synscan
tree_cell * plugin_run_synscan(lex_ctxt *lexic)
Definition nasl_builtin_synscan.c:778
extractack
static unsigned long extractack(char *pkt, int len, int family)
Definition nasl_builtin_synscan.c:397
rm_packet
static struct list * rm_packet(struct list *l, unsigned short dport)
Definition nasl_builtin_synscan.c:307
scan
static int scan(struct script_infos *env, char *portrange, struct in6_addr *dst6, unsigned long rtt)
Definition nasl_builtin_synscan.c:676
issynack
static int issynack(char *pkt, int len, int family)
Definition nasl_builtin_synscan.c:430
sendpacket
static struct list * sendpacket(int soc, int bpf, int skip, struct in_addr dst, struct in_addr src, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition nasl_builtin_synscan.c:520
v6_sendpacket
static struct list * v6_sendpacket(int soc, int bpf, int skip, struct in6_addr *dst, int dport, int magic, struct list *packets, unsigned long *rtt, int sniff, struct script_infos *env)
Definition nasl_builtin_synscan.c:602
extracttcp
static struct tcphdr * extracttcp(char *pkt, unsigned int len)
Definition nasl_builtin_synscan.c:375
packetdead
static int packetdead(unsigned long then)
Definition nasl_builtin_synscan.c:142
maketime
static unsigned long maketime(void)
Definition nasl_builtin_synscan.c:81
compute_rtt
static unsigned long compute_rtt(unsigned long then)
Definition nasl_builtin_synscan.c:121
get_packet
static struct list * get_packet(struct list *l, unsigned short dport)
Definition nasl_builtin_synscan.c:262
openbpf
static int openbpf(struct in_addr dst, struct in_addr *src, int magic)
Opens a packet filter, grabs packets from dst to port magic.
Definition nasl_builtin_synscan.c:216
in_cksum
static int in_cksum(u_short *p, int n)
Definition nasl_builtin_synscan.c:56
rawsocket
static int rawsocket(int family)
Opens and returns a raw socket.
Definition nasl_builtin_synscan.c:161
v6_extracttcp
static struct tcphdr * v6_extracttcp(char *pkt)
Definition nasl_builtin_synscan.c:389
rm_dead_packets
static struct list * rm_dead_packets(struct list *l, int *retry)
Definition nasl_builtin_synscan.c:327
extractsport
static unsigned short extractsport(char *pkt, int len, int family)
Definition nasl_builtin_synscan.c:414
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
mktcpv6
static char * mktcpv6(int sport, int dport, unsigned long th_ack, unsigned char flag)
Definition nasl_builtin_synscan.c:495
val
const char * val
Definition nasl_init.c:441
nasl_lex_ctxt.h
lex_ctxt
struct struct_lex_ctxt lex_ctxt
len
uint8_t len
Definition nasl_packet_forgery.c:1
tree_cell
struct TC tree_cell
getpts
unsigned short * getpts(char *origexpr, int *len)
Converts a string like "-100,200-1024,3000-4000,60000-" into an array.
Definition network.c:2296
network.h
Header file for module network.
islocalhost
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition pcap.c:271
routethrough
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:1070
v6_routethrough
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition pcap.c:851
get_datalink_size
int get_datalink_size(int datalink)
Definition pcap.c:298
pcap_openvas.h
Header file for module pcap.
hostname
const char * hostname
Definition pluginlaunch.c:68
scanner_add_port
void scanner_add_port(struct script_infos *args, int port, char *proto)
Definition plugutils.c:1151
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition plugutils.c:1060
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition plugutils.c:371
plugutils.h
Header file for module plugutils.
ARG_INT
#define ARG_INT
Definition plugutils.h:20
list::next
struct list * next
Definition nasl_builtin_synscan.c:254
list::dport
unsigned short dport
Definition nasl_builtin_synscan.c:250
list::prev
struct list * prev
Definition nasl_builtin_synscan.c:253
list::when
unsigned long when
Definition nasl_builtin_synscan.c:251
pseudohdr::saddr
struct in_addr saddr
Definition nasl_builtin_synscan.c:47
pseudohdr::daddr
struct in_addr daddr
Definition nasl_builtin_synscan.c:48
pseudohdr::tcpheader
struct tcphdr tcpheader
Definition nasl_builtin_synscan.c:52
script_infos
Definition scanneraux.h:29
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition nasl_lex_ctxt.h:33