21 #include "../misc/bpf_share.h"
22 #include "../misc/pcap_openvas.h"
23 #include "../misc/plugutils.h"
36 #include <arpa/inet.h>
47 #ifdef BSD_BYTE_ORDERING
51 #define FIX(n) htons (n)
52 #define UNFIX(n) ntohs (n)
64 register u_short answer;
65 register long sum = 0;
77 *(u_char *) (&odd_byte) = *(u_char *) p;
81 sum = (sum >> 16) + (sum & 0xffff);
96 struct in6_addr *dst_addr;
102 if (dst_addr == NULL || (IN6_IS_ADDR_V4MAPPED (dst_addr) != 1))
109 retc->
size =
sizeof (
struct ip) + data_len;
111 pkt = (
struct ip *) g_malloc0 (
sizeof (
struct ip) + data_len);
119 pkt->ip_len =
FIX (20 + data_len);
123 pkt->ip_off =
FIX (pkt->ip_off);
130 inet_aton (s, &pkt->ip_src);
137 inet_aton (s, &pkt->ip_dst);
139 pkt->ip_dst.s_addr = dst_addr->s6_addr32[3];
143 bcopy (data, retc->
x.
str_val + sizeof (
struct ip), data_len);
149 pkt->ip_sum =
np_in_cksum ((u_short *) pkt,
sizeof (
struct ip));
167 nasl_perror (lexic,
"get_ip_element : no valid 'ip' argument!\n");
173 nasl_perror (lexic,
"get_ip_element : no valid 'element' argument!\n");
177 if (!strcmp (element,
"ip_v"))
182 else if (!strcmp (element,
"ip_id"))
184 ret_int =
UNFIX (ip->ip_id);
187 else if (!strcmp (element,
"ip_hl"))
192 else if (!strcmp (element,
"ip_tos"))
194 ret_int = ip->ip_tos;
197 else if (!strcmp (element,
"ip_len"))
199 ret_int =
UNFIX (ip->ip_len);
202 else if (!strcmp (element,
"ip_off"))
204 ret_int =
UNFIX (ip->ip_off);
207 else if (!strcmp (element,
"ip_ttl"))
209 ret_int = ip->ip_ttl;
212 else if (!strcmp (element,
"ip_p"))
217 else if (!strcmp (element,
"ip_sum"))
219 ret_int =
UNFIX (ip->ip_sum);
230 if (!strcmp (element,
"ip_src"))
232 snprintf (ret_ascii,
sizeof (ret_ascii),
"%s", inet_ntoa (ip->ip_src));
235 else if (!strcmp (element,
"ip_dst"))
237 snprintf (ret_ascii,
sizeof (ret_ascii),
"%s", inet_ntoa (ip->ip_dst));
243 printf (
"%s : unknown element\n", element);
248 retc->
size = strlen (ret_ascii);
249 retc->
x.
str_val = g_strdup (ret_ascii);
265 nasl_perror (lexic,
"set_ip_elements: missing <ip> field\n");
269 pkt = (
struct ip *) g_malloc0 (size);
270 bcopy (o_pkt, pkt, size);
285 inet_aton (s, &pkt->ip_src);
288 if (pkt->ip_sum == 0)
289 pkt->ip_sum =
np_in_cksum ((u_short *) pkt,
sizeof (
struct ip));
307 struct ip *new_packet;
310 u_char uc_code, uc_len;
318 nasl_perror (lexic,
"Usage : insert_ip_options(ip:<ip>, code:<code>, "
319 "length:<len>, value:<value>\n");
323 pad_len = 4 - ((
sizeof (uc_code) +
sizeof (uc_len) + value_size) % 4);
327 hl = ip->ip_hl * 4 <
UNFIX (ip->ip_len) ? ip->ip_hl * 4 :
UNFIX (ip->ip_len);
328 new_packet = g_malloc0 (size + 4 + value_size + pad_len);
329 bcopy (ip, new_packet, hl);
331 uc_code = (u_char)
code;
332 uc_len = (u_char) len;
334 p = (
char *) new_packet;
335 bcopy (&uc_code, p + hl,
sizeof (uc_code));
336 bcopy (&uc_len, p + hl +
sizeof (uc_code),
sizeof (uc_len));
337 bcopy (value, p + hl +
sizeof (uc_code) +
sizeof (uc_len), value_size);
340 for (i = 0; i < pad_len; i++)
343 p + hl +
sizeof (uc_code) +
sizeof (uc_len) + value_size + i, 1);
349 + (
sizeof (uc_code) +
sizeof (uc_len) + value_size + pad_len) + hl,
353 (hl + (
sizeof (uc_code) +
sizeof (uc_len) + value_size + pad_len)) / 4;
355 FIX (size +
sizeof (uc_code) +
sizeof (uc_len) + value_size + pad_len);
356 new_packet->ip_sum = 0;
358 (u_short *) new_packet, new_packet->ip_hl * 4 >
UNFIX (new_packet->ip_len)
359 ?
UNFIX (new_packet->ip_len)
360 : new_packet->ip_hl * 4);
363 retc->
size = size + value_size +
sizeof (uc_code) +
sizeof (uc_len) + pad_len;
364 retc->
x.
str_val = (
char *) new_packet;
382 printf (
"\tip_hl : %d\n", ip->ip_hl);
383 printf (
"\tip_v : %d\n", ip->ip_v);
384 printf (
"\tip_tos: %d\n", ip->ip_tos);
385 printf (
"\tip_len: %d\n",
UNFIX (ip->ip_len));
386 printf (
"\tip_id : %d\n", ntohs (ip->ip_id));
387 printf (
"\tip_off: %d\n",
UNFIX (ip->ip_off));
388 printf (
"\tip_ttl: %d\n", ip->ip_ttl);
392 printf (
"\tip_p : IPPROTO_TCP (%d)\n", ip->ip_p);
395 printf (
"\tip_p : IPPROTO_UDP (%d)\n", ip->ip_p);
398 printf (
"\tip_p : IPPROTO_ICMP (%d)\n", ip->ip_p);
401 printf (
"\tip_p : %d\n", ip->ip_p);
404 printf (
"\tip_sum: 0x%x\n", ntohs (ip->ip_sum));
405 printf (
"\tip_src: %s\n", inet_ntoa (ip->ip_src));
406 printf (
"\tip_dst: %s\n", inet_ntoa (ip->ip_dst));
418 struct in_addr
saddr;
419 struct in_addr
daddr;
432 struct ip *ip, *tcp_packet;
440 "forge_tcp_packet : You must supply the 'ip' argument !");
445 if (ipsz > ip->ip_hl * 4)
446 ipsz = ip->ip_hl * 4;
452 tcp_packet = (
struct ip *) g_malloc0 (ipsz +
sizeof (
struct tcphdr) + len);
453 retc->
x.
str_val = (
char *) tcp_packet;
455 bcopy (ip, tcp_packet, ipsz);
457 if (
UNFIX (tcp_packet->ip_len) <= tcp_packet->ip_hl * 4)
462 FIX (tcp_packet->ip_hl * 4 + sizeof (
struct tcphdr) + len);
463 tcp_packet->ip_sum = 0;
465 np_in_cksum ((u_short *) tcp_packet,
sizeof (
struct ip));
468 tcp = (
struct tcphdr *) ((
char *) tcp_packet + tcp_packet->ip_hl * 4);
482 bcopy (data, (
char *) tcp +
sizeof (
struct tcphdr), len);
487 char *tcpsumdata = g_malloc0 (
sizeof (
struct pseudohdr) + len + 1);
488 struct in_addr source, dest;
490 source.s_addr = ip->ip_src.s_addr;
491 dest.s_addr = ip->ip_dst.s_addr;
493 bzero (&pseudoheader, 12 +
sizeof (
struct tcphdr));
494 pseudoheader.
saddr.s_addr = source.s_addr;
495 pseudoheader.
daddr.s_addr = dest.s_addr;
497 pseudoheader.
protocol = IPPROTO_TCP;
498 pseudoheader.
length = htons (
sizeof (
struct tcphdr) + len);
499 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
500 sizeof (
struct tcphdr));
502 bcopy ((
char *) &pseudoheader, tcpsumdata,
sizeof (
struct pseudohdr));
504 bcopy ((
char *) data, tcpsumdata +
sizeof (
struct pseudohdr), len);
505 tcp->th_sum =
np_in_cksum ((
unsigned short *) tcpsumdata,
506 12 +
sizeof (
struct tcphdr) + len);
510 retc->
size = ipsz +
sizeof (
struct tcphdr) + len;
530 "get_tcp_element : Error ! No valid 'tcp' argument !\n");
534 ip = (
struct ip *) packet;
536 if (ip->ip_hl * 4 > ipsz)
539 if (
UNFIX (ip->ip_len) > ipsz)
542 tcp = (
struct tcphdr *) (packet + ip->ip_hl * 4);
548 "get_tcp_element : Error ! No valid 'element' argument !\n");
552 if (!strcmp (element,
"th_sport"))
553 ret = ntohs (tcp->th_sport);
554 else if (!strcmp (element,
"th_dsport"))
555 ret = ntohs (tcp->th_dport);
556 else if (!strcmp (element,
"th_seq"))
557 ret = ntohl (tcp->th_seq);
558 else if (!strcmp (element,
"th_ack"))
559 ret = ntohl (tcp->th_ack);
560 else if (!strcmp (element,
"th_x2"))
562 else if (!strcmp (element,
"th_off"))
564 else if (!strcmp (element,
"th_flags"))
566 else if (!strcmp (element,
"th_win"))
567 ret = ntohs (tcp->th_win);
568 else if (!strcmp (element,
"th_sum"))
570 else if (!strcmp (element,
"th_urp"))
572 else if (!strcmp (element,
"data"))
575 retc->
size =
UNFIX (ip->ip_len) - ntohl (tcp->th_off) * 4;
577 bcopy (tcp + ntohl (tcp->th_off) * 4, retc->
x.
str_val, retc->
size);
582 nasl_perror (lexic,
"Unknown tcp field %s\n", element);
595 struct ip *ip = (
struct ip *) pkt;
606 "set_tcp_elements : Invalid value for the argument 'tcp'\n");
610 if (ip->ip_hl * 4 > pktsz)
612 (
struct tcphdr *) (pkt
615 tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
617 if (pktsz <
UNFIX (ip->ip_len))
622 data_len =
UNFIX (ip->ip_len) - (ip->ip_hl * 4) - (tcp->th_off * 4);
623 data = (
char *) ((
char *) tcp + tcp->th_off * 4);
626 npkt = g_malloc0 (ip->ip_hl * 4 + tcp->th_off * 4 + data_len);
627 bcopy (pkt, npkt,
UNFIX (ip->ip_len));
629 ip = (
struct ip *) (npkt);
630 tcp = (
struct tcphdr *) (npkt + ip->ip_hl * 4);
647 bcopy (data, (
char *) tcp + tcp->th_off * 4, data_len);
651 ip->ip_len = ip->ip_hl * 4 + tcp->th_off * 4 + data_len;
653 ip->ip_sum =
np_in_cksum ((u_short *) pkt, ip->ip_hl * 4);
656 if (tcp->th_sum == 0)
659 char *tcpsumdata = g_malloc0 (
sizeof (
struct pseudohdr) + data_len + 1);
660 struct in_addr source, dest;
662 source.s_addr = ip->ip_src.s_addr;
663 dest.s_addr = ip->ip_dst.s_addr;
665 bzero (&pseudoheader,
sizeof (pseudoheader));
666 pseudoheader.
saddr.s_addr = source.s_addr;
667 pseudoheader.
daddr.s_addr = dest.s_addr;
669 pseudoheader.
protocol = IPPROTO_TCP;
670 pseudoheader.
length = htons (
sizeof (
struct tcphdr) + data_len);
671 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
672 sizeof (
struct tcphdr));
674 bcopy ((
char *) &pseudoheader, tcpsumdata,
sizeof (
struct pseudohdr));
675 bcopy ((
char *) data, tcpsumdata +
sizeof (
struct pseudohdr), data_len);
676 tcp->th_sum =
np_in_cksum ((
unsigned short *) tcpsumdata,
677 sizeof (pseudoheader) + data_len);
682 retc->
size = (ip->ip_hl * 4) + (tcp->th_off * 4) + data_len;
695 struct ip *ip = (
struct ip *) pkt;
696 struct tcphdr *tcp = (
struct tcphdr *) (pkt + ip->ip_hl * 4);
702 printf (
"\tth_sport : %d\n", ntohs (tcp->th_sport));
703 printf (
"\tth_dport : %d\n", ntohs (tcp->th_dport));
704 printf (
"\tth_seq : %u\n", (
unsigned int) ntohl (tcp->th_seq));
705 printf (
"\tth_ack : %u\n", (
unsigned int) ntohl (tcp->th_ack));
706 printf (
"\tth_x2 : %d\n", tcp->th_x2);
707 printf (
"\tth_off : %d\n", tcp->th_off);
708 printf (
"\tth_flags : ");
709 if (tcp->th_flags & TH_FIN)
714 if (tcp->th_flags & TH_SYN)
721 if (tcp->th_flags & TH_RST)
728 if (tcp->th_flags & TH_PUSH)
735 if (tcp->th_flags & TH_ACK)
742 if (tcp->th_flags & TH_URG)
752 printf (
" (%d)", tcp->th_flags);
754 printf (
"\tth_win : %d\n", ntohs (tcp->th_win));
755 printf (
"\tth_sum : 0x%x\n", tcp->th_sum);
756 printf (
"\tth_urp : %d\n", tcp->th_urp);
757 printf (
"\tData : ");
758 c = (
char *) ((
char *) tcp +
sizeof (
struct tcphdr));
759 if (
UNFIX (ip->ip_len) > (sizeof (
struct ip) +
sizeof (
struct tcphdr)))
760 for (j = 0; j <
UNFIX (ip->ip_len) -
sizeof (
struct ip)
761 - sizeof (struct tcphdr)
764 printf (
"%c", isprint (c[j]) ? c[j] :
'.');
794 struct ip *udp_packet;
797 pkt = g_malloc0 (
sizeof (
struct udphdr) + ip->ip_hl * 4
798 + sizeof (
struct udphdr) + data_len);
800 udp_packet = (
struct ip *) pkt;
801 udp = (
struct udphdr *) (pkt + ip->ip_hl * 4);
806 lexic,
"uh_ulen", data_len +
sizeof (
struct udphdr)));
809 if (data_len != 0 && data != NULL)
810 bcopy (data, (pkt + ip->ip_hl * 4 + sizeof (
struct udphdr)), data_len);
813 bcopy ((
char *) ip, pkt, ip->ip_hl * 4);
814 if (udp->uh_sum == 0)
817 struct in_addr source, dest;
821 source.s_addr = ip->ip_src.s_addr;
822 dest.s_addr = ip->ip_dst.s_addr;
829 pseudohdr.len = htons (
sizeof (
struct udphdr) + data_len);
830 bcopy ((
char *) udp, (
char *) &
pseudohdr.udpheader,
831 sizeof (
struct udphdr));
835 bcopy ((
char *) data, udpsumdata +
sizeof (
pseudohdr), data_len);
837 udp->uh_sum =
np_in_cksum ((
unsigned short *) udpsumdata,
838 12 +
sizeof (
struct udphdr) + data_len);
842 if (
UNFIX (udp_packet->ip_len) <= udp_packet->ip_hl * 4)
848 FIX (ntohs (udp->uh_ulen) + (udp_packet->ip_hl * 4));
849 udp_packet->ip_sum = 0;
851 np_in_cksum ((u_short *) udp_packet, udp_packet->ip_hl * 4);
857 retc->
size = 8 + ip->ip_hl * 4 + data_len;
861 printf (
"Error ! You must supply the 'ip' argument !\n");
874 struct udphdr *udphdr;
881 if (udp == NULL || element == NULL)
883 printf (
"get_udp_element() usage :\n");
884 printf (
"element = get_udp_element(udp:<udp>,element:<element>\n");
887 ip = (
struct ip *) udp;
889 if (ip->ip_hl * 4 + sizeof (
struct udphdr) > ipsz)
892 udphdr = (
struct udphdr *) (udp + ip->ip_hl * 4);
893 if (!strcmp (element,
"uh_sport"))
894 ret = ntohs (udphdr->uh_sport);
895 else if (!strcmp (element,
"uh_dport"))
896 ret = ntohs (udphdr->uh_dport);
897 else if (!strcmp (element,
"uh_ulen"))
898 ret = ntohs (udphdr->uh_ulen);
899 else if (!strcmp (element,
"uh_sum"))
900 ret = ntohs (udphdr->uh_sum);
901 else if (!strcmp (element,
"data"))
905 sz = ntohs (udphdr->uh_ulen) -
sizeof (
struct udphdr);
907 if (ntohs (udphdr->uh_ulen) - ip->ip_hl * 4 - sizeof (
struct udphdr)
909 sz = ipsz - ip->ip_hl * 4 -
sizeof (
struct udphdr);
913 bcopy (udp + ip->ip_hl * 4 + sizeof (
struct udphdr), retc->
x.
str_val, sz);
918 printf (
"%s is not a value of a udp packet\n", element);
942 if (ip->ip_hl * 4 + sizeof (
struct udphdr) > sz)
947 sz = ip->ip_hl * 4 +
sizeof (
struct udphdr) + data_len;
948 pkt = g_malloc0 (sz);
949 bcopy (ip, pkt, ip->ip_hl * 4 + sizeof (
struct udphdr));
953 pkt = g_malloc0 (sz);
957 ip = (
struct ip *) pkt;
960 ip->ip_len =
FIX (sz);
962 ip->ip_sum =
np_in_cksum ((u_short *) ip, ip->ip_hl * 4);
964 udp = (
struct udphdr *) (pkt + ip->ip_hl * 4);
970 old_len = ntohs (udp->uh_ulen);
977 bcopy (data, pkt + ip->ip_hl * 4 + sizeof (
struct udphdr), data_len);
978 udp->uh_ulen = htons (
sizeof (
struct udphdr) + data_len);
981 if (udp->uh_sum == 0)
984 struct in_addr source, dest;
985 int len = old_len -
sizeof (
struct udphdr);
996 ptr = (
char *) udp +
sizeof (
struct udphdr);
999 udpsumdata = g_malloc0 (
sizeof (
struct pseudo_udp_hdr) + len + 1);
1001 source.s_addr = ip->ip_src.s_addr;
1002 dest.s_addr = ip->ip_dst.s_addr;
1009 pseudohdr.len = htons (
sizeof (
struct udphdr) + len);
1010 bcopy ((
char *) udp, (
char *) &
pseudohdr.udpheader,
1011 sizeof (
struct udphdr));
1015 bcopy ((
char *) ptr, udpsumdata +
sizeof (
pseudohdr), len);
1017 udp->uh_sum =
np_in_cksum ((
unsigned short *) udpsumdata,
1018 12 +
sizeof (
struct udphdr) + len);
1019 g_free (udpsumdata);
1027 printf (
"Error ! You must supply the 'udp' argument !\n");
1039 struct udphdr *udp = (
struct udphdr *) (pkt +
sizeof (
struct ip));
1043 printf (
"------\n");
1044 printf (
"\tuh_sport : %d\n", ntohs (udp->uh_sport));
1045 printf (
"\tuh_dport : %d\n", ntohs (udp->uh_dport));
1046 printf (
"\tuh_sum : 0x%x\n", udp->uh_sum);
1047 printf (
"\tuh_ulen : %d\n", ntohs (udp->uh_ulen));
1048 printf (
"\tdata : ");
1050 if (udp->uh_ulen > sizeof (
struct udphdr))
1051 for (j =
sizeof (
struct udphdr);
1052 j < (ntohs (udp->uh_ulen)) && j < limit; j++)
1053 printf (
"%c", isprint (c[j]) ? c[j] :
'.');
1083 if (t == 13 || t == 14)
1084 len += 3 *
sizeof (time_t);
1086 if (ip->ip_hl * 4 > ip_sz)
1089 pkt = g_malloc0 (
sizeof (
struct icmp) + ip_sz + len);
1090 ip_icmp = (
struct ip *) pkt;
1092 bcopy (ip, ip_icmp, ip_sz);
1093 if (
UNFIX (ip_icmp->ip_len) <= (ip_icmp->ip_hl * 4))
1097 ip_icmp->ip_len =
FIX (ip->ip_hl * 4 + 8 + len);
1098 ip_icmp->ip_sum = 0;
1103 p = (
char *) (pkt + (ip->ip_hl * 4));
1104 icmp = (
struct icmp *) p;
1107 icmp->icmp_type = t;
1112 bcopy (data, &(p[8]), len);
1115 icmp->icmp_cksum =
np_in_cksum ((u_short *) icmp, len + 8);
1121 retc->
size = ip_sz + len + 8;
1124 nasl_perror (lexic,
"forge_icmp_packet: missing 'ip' parameter\n");
1139 struct ip *ip = (
struct ip *) p;
1142 icmp = (
struct icmp *) (p + ip->ip_hl * 4);
1147 if (!strcmp (elem,
"icmp_id"))
1148 value = ntohs (icmp->icmp_id);
1149 else if (!strcmp (elem,
"icmp_code"))
1150 value = icmp->icmp_code;
1151 else if (!strcmp (elem,
"icmp_type"))
1152 value = icmp->icmp_type;
1153 else if (!strcmp (elem,
"icmp_seq"))
1154 value = ntohs (icmp->icmp_seq);
1155 else if (!strcmp (elem,
"icmp_cksum"))
1156 value = ntohs (icmp->icmp_cksum);
1157 else if (!strcmp (elem,
"data"))
1164 g_memdup (&(p[ip->ip_hl * 4 + 8]), retc->
size + 1);
1202 u_char *pkt = g_malloc0 (
sizeof (
struct igmp) + ip->ip_hl * 4 + len);
1203 struct ip *ip_igmp = (
struct ip *) pkt;
1210 bcopy (ip, ip_igmp, ipsz);
1212 if (
UNFIX (ip_igmp->ip_len) <= ip_igmp->ip_hl * 4)
1218 FIX (ip->ip_hl * 4 + sizeof (
struct igmp) + len);
1219 ip_igmp->ip_sum = 0;
1224 p = (
char *) (pkt + ip_igmp->ip_hl * 4);
1239 char *p = (
char *) (pkt + ip->ip_hl * 4 + sizeof (
struct igmp));
1240 bcopy (p, data, len);
1244 retc->
size = ip->ip_hl * 4 +
sizeof (
struct igmp) + len;
1258 if (IN6_IS_ADDR_V4MAPPED (dst) != 1)
1264 u_char packet[
sizeof (
struct ip) + sizeof (struct tcphdr)];
1266 struct ip *ip = (
struct ip *) packet;
1267 struct tcphdr *tcp = (
struct tcphdr *) (packet +
sizeof (
struct ip));
1269 struct sockaddr_in soca;
1278 #define rnd_tcp_port() (rand () % 65535 + 1024)
1279 int sports[] = {0, 0, 0, 0, 0, 1023, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1280 0, 0, 0, 0, 0, 53, 0, 0, 20, 0, 25, 0, 0, 0};
1281 int ports[] = {139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025,
1282 25, 111, 1028, 9100, 1029, 79, 497, 548, 5000, 1917,
1283 53, 161, 9001, 65535, 443, 113, 993, 8080};
1284 struct in_addr inaddr;
1286 if (dst == NULL || (IN6_IS_ADDR_V4MAPPED (dst) != 1))
1288 inaddr.s_addr = dst->s6_addr32[3];
1289 for (i = 0; i <
sizeof (sports) /
sizeof (
int); i++)
1295 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1298 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (
char *) &opt,
sizeof (opt)) < 0)
1299 perror (
"setsockopt ");
1306 src.s_addr = dst->s6_addr32[3];
1309 bzero (&src,
sizeof (src));
1313 snprintf (filter,
sizeof (filter),
"ip and src host %s", inet_ntoa (inaddr));
1320 for (i = 0; i <
sizeof (sports) /
sizeof (
int) && !flag; i++)
1322 bzero (packet,
sizeof (packet));
1325 ip->ip_off =
FIX (0);
1327 ip->ip_len =
FIX (40);
1329 ip->ip_p = IPPROTO_TCP;
1330 ip->ip_id = rand ();
1333 ip->ip_dst = inaddr;
1338 tcp->th_sport = port ? htons (
rnd_tcp_port ()) : htons (sports[i]);
1339 tcp->th_flags = TH_SYN;
1340 tcp->th_dport = port ? htons (port) : htons (ports[i]);
1341 tcp->th_seq = rand ();
1351 struct in_addr source, dest;
1353 source.s_addr = ip->ip_src.s_addr;
1354 dest.s_addr = ip->ip_dst.s_addr;
1356 bzero (&pseudoheader, 12 +
sizeof (
struct tcphdr));
1357 pseudoheader.
saddr.s_addr = source.s_addr;
1358 pseudoheader.
daddr.s_addr = dest.s_addr;
1361 pseudoheader.
length = htons (
sizeof (
struct tcphdr));
1362 bcopy ((
char *) tcp, (
char *) &pseudoheader.
tcpheader,
1363 sizeof (
struct tcphdr));
1364 tcp->th_sum =
np_in_cksum ((
unsigned short *) &pseudoheader,
1365 12 +
sizeof (
struct tcphdr));
1368 bzero (&soca,
sizeof (soca));
1369 soca.sin_family = AF_INET;
1370 soca.sin_addr = ip->ip_dst;
1371 if (sendto (soc, (
const void *) ip, 40, 0, (
struct sockaddr *) &soca,
1374 g_warning (
"sendto: %s", strerror (errno));
1376 tv.tv_usec = 100000;
1399 struct sockaddr_in sockaddr;
1401 struct ip *sip = NULL;
1402 int vi = 0, b, len = 0;
1411 struct in_addr inaddr;
1413 if (dstip == NULL || (IN6_IS_ADDR_V4MAPPED (dstip) != 1))
1415 inaddr.s_addr = dstip->s6_addr32[3];
1416 soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1419 if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (
char *) &i,
sizeof (i)) < 0)
1420 perror (
"setsockopt ");
1427 if ((
unsigned int) sz <
sizeof (
struct ip))
1429 nasl_perror (lexic,
"send_packet(): packet is too short!\n");
1433 sip = (
struct ip *) ip;
1434 if (use_pcap != 0 && bpf < 0)
1437 bzero (&sockaddr,
sizeof (
struct sockaddr_in));
1438 sockaddr.sin_family = AF_INET;
1439 sockaddr.sin_addr = sip->ip_dst;
1440 if (sockaddr.sin_addr.s_addr != inaddr.s_addr)
1442 char txt1[64], txt2[64];
1443 strncpy (txt1, inet_ntoa (sockaddr.sin_addr), sizeof (txt1));
1444 txt1[
sizeof (txt1) - 1] =
'\0';
1445 strncpy (txt2, inet_ntoa (inaddr),
sizeof (txt2));
1446 txt2[
sizeof (txt2) - 1] =
'\0';
1448 "send_packet: malicious or buggy script is trying to "
1449 "send packet to %s instead of designated target %s\n",
1457 sip->ip_dst = inaddr;
1458 sip->ip_sum =
np_in_cksum ((u_short *) sip,
sizeof (
struct ip));
1462 if (dfl_len > 0 && dfl_len < sz)
1467 b = sendto (soc, (u_char *) ip, len, 0, (
struct sockaddr *) &sockaddr,
1470 if (b >= 0 && use_pcap != 0 && bpf >= 0)
1475 while (answer != NULL
1476 && (!memcmp (answer, (
char *) ip,
sizeof (
struct ip))))
1489 retc->
size = answer_sz;
1507 static char errbuf[PCAP_ERRBUF_SIZE];
1509 struct ip *ret = NULL;
1510 struct ip6_hdr *ret6 = NULL;
1516 struct in_addr inaddr;
1522 int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1523 if (interface == NULL)
1528 bzero (&src,
sizeof (src));
1529 inaddr.s_addr = dst->s6_addr32[3];
1534 struct in6_addr src;
1535 bzero (&src,
sizeof (src));
1538 if (interface == NULL)
1539 interface = pcap_lookupdev (errbuf);
1542 if (interface != NULL)
1548 nasl_perror (lexic,
"pcap_next: Could not get a bpf\n");
1558 gettimeofday (&then, NULL);
1561 packet = (
char *)
bpf_next (bpf, &len);
1568 gettimeofday (&now, NULL);
1569 if (now.tv_sec - then.tv_sec >= timeout)
1581 ip = (
struct ip *) (packet + dl_len);
1582 sz =
UNFIX (ip->ip_len);
1583 ret = g_malloc0 (sz);
1585 is_ip = (ip->ip_v == 4);
1589 bcopy (ip, ret, sz);
1594 bcopy (ip, ret, sz);
1600 ip = (
struct ip6_hdr *) (packet + dl_len);
1601 sz =
UNFIX (ip->ip6_plen);
1602 ret6 = g_malloc0 (sz);
1604 is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1607 bcopy (ip, ret6, sz);
1612 bcopy (ip, ret6, sz);
1638 static char errbuf[PCAP_ERRBUF_SIZE];
1640 struct ip *ret = NULL;
1641 struct ip6_hdr *ret6 = NULL;
1647 struct in_addr inaddr;
1652 int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1653 if (interface == NULL)
1658 bzero (&src,
sizeof (src));
1659 inaddr.s_addr = dst->s6_addr32[3];
1664 struct in6_addr src;
1665 bzero (&src,
sizeof (src));
1668 if (interface == NULL)
1669 interface = pcap_lookupdev (errbuf);
1672 if (interface != NULL)
1677 nasl_perror (lexic,
"pcap_next: Could not get a bpf\n");
1690 gettimeofday (&then, NULL);
1693 packet = (
char *)
bpf_next (bpf, &len);
1700 gettimeofday (&now, NULL);
1701 if (now.tv_sec - then.tv_sec >= timeout)
1711 ip = (
struct ip *) (packet + dl_len);
1712 sz =
UNFIX (ip->ip_len);
1713 ret = g_malloc0 (sz);
1715 is_ip = (ip->ip_v == 4);
1718 bcopy (ip, ret, sz);
1723 bcopy (ip, ret, sz);
1729 ip = (
struct ip6_hdr *) (packet + dl_len);
1730 sz =
UNFIX (ip->ip6_plen);
1731 ret6 = g_malloc0 (sz);
1732 is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1735 bcopy (ip, ret6, sz);
1740 bcopy (ip, ret6, sz);