[Autosec-devel] sonar/plugins rfc793.c,1.51,1.52 rfc793.h,1.30,1.31
Brought to you by:
red0x
Menu
▾
▴
[Autosec-devel] sonar/plugins rfc793.c,1.51,1.52 rfc793.h,1.30,1.31
|
From: red0x <re...@us...> - 2004-05-05 08:00:42
|
Update of /cvsroot/autosec/sonar/plugins In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10046/plugins Modified Files: rfc793.c rfc793.h Log Message: Removed the bloody thread (which was causing so many problems) from the ack scan Index: rfc793.h =================================================================== RCS file: /cvsroot/autosec/sonar/plugins/rfc793.h,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** rfc793.h 13 Apr 2004 03:42:07 -0000 1.30 --- rfc793.h 5 May 2004 08:00:32 -0000 1.31 *************** *** 92,157 **** #define TCP_SIZE sizeof(struct tcphdr) ! ! /** ! * @struct _fakehead ! * pseudo TCP header for calculating the chksum ! */ struct _fakehead { uint32_t saddr; uint32_t daddr; uint8_t zero; uint8_t protocol; uint16_t tot_len; }; ! /** ! * @struct net_tuple ! * leet net tuple */ struct net_tuple { uint32_t src; unsigned short int sport; uint32_t dst; unsigned short int dport; }; ! struct tcp_timestamp ! { ! uint8_t kind; /* TCPOPT_TIMESTAMP */ ! uint8_t len; /* 10 */ ! uint32_t tsval; /* my timestamp */ ! uint32_t tsecho; /* server's timestamp */ ! }; ! ! struct recv_t ! { ! // / socket to listen on (must already be open) ! int socket, errs; ! // / number of hosts and ports we pinged ! uint32_t hosts; ! uint32_t ports; ! // / set the number of responses ! uint32_t responses; ! // / start time ! clock_t start; ! // / max wait time (timeout function) ! clock_t max; ! }; ! struct rfc_options { unsigned char ttl; ! int debug, bcast, srcPrt; char *prog; }; - // put your prototypes here - // make them static and make sure their linkage is "C" void *plugin_init(void *in_data); - //static target_t *randomize(target_t * in); - - #endif // _RFC793_H_ --- 92,159 ---- #define TCP_SIZE sizeof(struct tcphdr) ! // return codes from recv_thread ! #define RFC_FILTERED 11 ! #define RFC_UNFILT 12 ! #define RFC_UNREACH -11 ! #define RFC_NORESP -12 ! /*! \struct _fakehead ! \brief pseudo TCP header for calculating the chksum ! ! Create this header when calculating the TCP checksum ! */ struct _fakehead { + //! Source address (network byte order) uint32_t saddr; + //! Destination address (network byte order) uint32_t daddr; + //! always zero uint8_t zero; + //! protocol number uint8_t protocol; + //! total length of packet uint16_t tot_len; }; ! /*! \struct net_tuple ! \brief leet net tuple ! ! Source and destination addresses (with port numbers) as a net-tuple. ! All values are network byte order */ struct net_tuple { + //! Source address uint32_t src; + //! Source port unsigned short int sport; + //! Destination address uint32_t dst; + //! Destination port unsigned short int dport; }; ! /*! \struct rfc_options ! \brief Options local to the rfc793 (ACK scan) plugin ! ! This a structure that is local to rfc793.* and the ! ack scan plugin. It contains the ack scan plugin's ! local options ! */ struct rfc_options { + //! Time to live for outgoing packets unsigned char ttl; ! //! debug mode (undocumented) ! int debug, ! //! Broadcast mode ! bcast, ! //! Source port ! srcPrt; ! //! Program command line to run if host is online char *prog; }; void *plugin_init(void *in_data); #endif // _RFC793_H_ Index: rfc793.c =================================================================== RCS file: /cvsroot/autosec/sonar/plugins/rfc793.c,v retrieving revision 1.51 retrieving revision 1.52 diff -C2 -d -r1.51 -r1.52 *** rfc793.c 24 Apr 2004 06:51:28 -0000 1.51 --- rfc793.c 5 May 2004 08:00:30 -0000 1.52 *************** *** 368,373 **** { unsigned int counter = 0, i; ! int timeout; ! unsigned int old_hosts = 0, ports = 0; assert(targets != NULL); --- 368,375 ---- { unsigned int counter = 0, i; ! int timeout, n, j; ! unsigned int num_responses = 0, num_targets = 0, num_hosts = 0, num_ports = 0; ! unsigned int filt = 0, unfilt = 0, unreach = 0, k = 0; ! int result = 0; assert(targets != NULL); *************** *** 386,389 **** --- 388,393 ---- while(targets != NULL && counter < mthis->num_targets) { + num_hosts++; + j = 1; for(i = 0; i < 65536; i++) { *************** *** 391,394 **** --- 395,400 ---- if(targets->ports[i] == PORT_SCAN) { + num_targets++; + num_ports++; targets->ports[i] = PORT_SCANNING; /* scan this one port */ *************** *** 398,409 **** return PLUGIN_ERROR; } ! /* try to receive, but if we get interrupted, its a timeout */ ! recv_thread(targets, my_socket, err_socket, timeout); ! if(errno == EINTR) ! { ! /* we timed out */ ! /* XXX: print an error */ ! ; ! } } } --- 404,443 ---- return PLUGIN_ERROR; } ! k = 0; ! while(k++ <= targets->extra_hosts) ! { ! /* try to receive, but if we get interrupted, its a timeout */ ! n = recv_thread(targets, my_socket, err_socket, timeout); ! switch(n) ! { ! case RFC_NORESP: ! break; ! case RFC_FILTERED: ! filt++;num_responses++; ! break; ! case RFC_UNFILT: ! unfilt++;num_responses++; ! break; ! case RFC_UNREACH: ! if(j == 1) ! { ! unreach++; ! j = 0; ! } ! num_responses++; ! break; ! case PLUGIN_ERROR: ! if(mthis->opts.iVerbose > 1) ! mthis->err_ptrs->err_msg("Error in recv_thread\n"); ! break; ! } ! ! if(errno == EINTR) ! { ! /* we timed out */ ! if(mthis->opts.iVerbose > 1) ! mthis->err_ptrs->err_msg("ACK Scan: Network Timeout"); ! } ! } } } *************** *** 413,419 **** usleep(mthis->opts.iHostDelay * 1000); counter++; ! old_hosts = 0; ! ports = 0; ! targets = targets->next; } --- 447,451 ---- usleep(mthis->opts.iHostDelay * 1000); counter++; ! targets = targets->next; } *************** *** 424,427 **** --- 456,480 ---- usleep(mthis->opts.iPostDelay * 1000); } + + if(mthis->opts.iVerbose > 2) + { + result = num_targets - num_responses; + if(result > 0) + mthis->output("no response(s) from %d hosts\n", result); + if(result < 0 && num_ports == 1) + mthis->output("subnet broadcast detected: extra response(s) from " + "%d hosts\n", ~result + 1); + mthis->message("ACK Scan complete:\n"); + mthis->message(" Scanned %d hosts/ %d ports, %d hosts online, %d " + "filtered, %d unfiltered, %d hosts unreachable\n", + num_hosts, + num_ports, + num_hosts - unreach, filt, unfilt, unreach); + } + if(mthis->opts.iVerbose <= 1 && unfilt && mthis->opts.iVerbose > 0) + mthis-> + output + ("\tThe remaining %d ports that were in state \'unfiltered\' were\n\tnot printed, if you want to see them, use '-v2'\n", + unfilt); return PLUGIN_OK; } *************** *** 448,452 **** // was my_ports meant for something? if not it's not doing anything // useful ! // int my_ports[65547]; uint32_t addr, one = 1; --- 501,505 ---- // was my_ports meant for something? if not it's not doing anything // useful ! int my_ports[65547]; uint32_t addr, one = 1; *************** *** 462,467 **** gethostname(name, 255); ai = mthis->resolve(name, NULL, PF_INET, 0); ! // XXX: delete? ! // memcpy(my_ports, target->ports, 65537 * sizeof(int)); for(j = 0; j <= target->extra_hosts; j++) { --- 515,519 ---- gethostname(name, 255); ai = mthis->resolve(name, NULL, PF_INET, 0); ! memcpy(my_ports, target->ports, 65537 * sizeof(int)); for(j = 0; j <= target->extra_hosts; j++) { *************** *** 521,525 **** } ! nt.dport = -1; for(i = 0; i < 65536; i++) { --- 573,577 ---- } ! //nt.dport = -1; for(i = 0; i < 65536; i++) { *************** *** 552,558 **** target->stats.packets_sent++; free(packet); ! // XXX: delete? ! /* fresh copy of port list */ ! // memcpy(target->ports, my_ports, 65537 * sizeof(int)); } --- 604,608 ---- target->stats.packets_sent++; free(packet); ! memcpy(target->ports, my_ports, 65537 * sizeof(int)); } *************** *** 568,572 **** struct tcphdr *tcp = NULL; unsigned short iphdrlen; - unsigned long unreach = 0, filt = 0, unfilt = 0; struct timeval tv; int bread, ret; --- 618,621 ---- *************** *** 576,583 **** struct sockaddr_in from; static struct addrinfo *ai = NULL; - unsigned long num_res = 0; /* number of results */ int psuedo = false; target_t *my_host; - int responses = 0; assert(my_socket != -1 && my_socket != 0); --- 625,630 ---- *************** *** 585,595 **** assert(mthis->resolve != NULL); while(1) { /* dont do anything up here, or we'll eat CPU */ - tv.tv_usec = 0; - tv.tv_sec = timeout; my_host = NULL; ! FD_ZERO(&rfds); FD_SET(my_socket, &rfds); --- 632,643 ---- assert(mthis->resolve != NULL); + while(1) { /* dont do anything up here, or we'll eat CPU */ my_host = NULL; ! tv.tv_usec = 0; ! tv.tv_sec = timeout; ! FD_ZERO(&rfds); FD_SET(my_socket, &rfds); *************** *** 605,611 **** } if(ret == 0) /* timeout */ ! { ! return PLUGIN_NORESP; ! } if(psuedo == true) { --- 653,657 ---- } if(ret == 0) /* timeout */ ! return RFC_NORESP; if(psuedo == true) { *************** *** 670,673 **** --- 716,720 ---- if((my_host = mthis->find_target(mthis, ai)) == NULL) { + /* not from one of our targets, so ignore it */ continue; } *************** *** 702,706 **** //mthis->foobar(char*string_to_expand, tcp->th_sport, my_host); - num_res++; if(mthis->opts.iVerbose > 1) mthis-> --- 749,752 ---- *************** *** 727,737 **** } ! responses++; ! unfilt++; ! break; ! //continue; } ! ! continue; } --- 773,779 ---- } ! return RFC_UNFILT; } ! /* non-rst packet, keep looking */ continue; } *************** *** 768,774 **** if(icmphdr->icmp_type != ICMP_DEST_UNREACH) { - if(mthis->opts.iVerbose > 1) - mthis->message("bad ICMP response from host, abnormal " - "behavior\n"); continue; // return PLUGIN_OK; // Parse non-unreachable ICMP returns --- 810,813 ---- *************** *** 802,809 **** if((my_host = mthis->find_target(mthis, ai)) == NULL) { continue; } - responses++; switch (icmphdr->icmp_code) { --- 841,848 ---- if((my_host = mthis->find_target(mthis, ai)) == NULL) { + /* not one of our targets, keep looking */ continue; } switch (icmphdr->icmp_code) { *************** *** 830,834 **** my_host->stats.packets_recvd++; - num_res++; if(mthis->opts.iVerbose > 0) mthis->message("%s[%s]:%d\tonline & filtered: range: " --- 869,872 ---- *************** *** 839,844 **** triptime, iphdr->ip_ttl, ntohs(iphdr->ip_len)); ! filt++; ! break; case ICMP_UNREACH_HOST: assert(ai != NULL); --- 877,881 ---- triptime, iphdr->ip_ttl, ntohs(iphdr->ip_len)); ! return RFC_FILTERED; case ICMP_UNREACH_HOST: assert(ai != NULL); *************** *** 849,854 **** triptime, iphdr->ip_ttl, ntohs(iphdr->ip_len)); ! unreach++; ! break; default: assert(ai != NULL); --- 886,890 ---- triptime, iphdr->ip_ttl, ntohs(iphdr->ip_len)); ! return RFC_UNREACH; default: assert(ai != NULL); *************** *** 858,890 **** inet_ntoa(from.sin_addr), unreach_codes(icmphdr->icmp_code)); ! unreach++; ! break; } ! break; ! //continue; } } ! ! if(mthis->opts.iVerbose > 2) ! { ! /* result = rec->hosts - rec->responses; ! if(result > 0) ! mthis->output("no response(s) from %d hosts\n", result); ! if(result < 0 && rec->ports == 1) ! mthis->output("subnet broadcast detected: extra response(s) from " ! "%d hosts\n", ~result + 1); ! mthis->message("ACK Scan complete:\n"); ! mthis->message(" Scanned %d hosts/ %d ports, %d hosts online, %d " ! "filtered, %d unfiltered, %d hosts unreachable\n", ! rec->hosts, ! rec->ports, ! rec->responses - unreach, filt, unfilt, unreach);*/ ! } ! if(mthis->opts.iVerbose <= 1 && unfilt && mthis->opts.iVerbose > 0) ! mthis-> ! output ! ("\tThe remaining %d ports that were in state \'unfiltered\' were\n\tnot printed, if you want to see them, use '-v2'\n", ! unfilt); ! return 1; } --- 894,904 ---- inet_ntoa(from.sin_addr), unreach_codes(icmphdr->icmp_code)); ! return RFC_UNREACH; } ! return RFC_FILTERED; } } ! ! return RFC_NORESP; } |
