Added ND ping for local IPv6 nets, merging from /nmap-exp/weilin/nmap-nd.

2025-12-25 08:59:01 +00:00 · 2011-07-19 02:31:54 +00:00
parent 737035118a
commit 1dcf652410
16 changed files with 707 additions and 33 deletions
--- a/nselib/packet.lua
+++ b/nselib/packet.lua
@@ -120,6 +120,83 @@ IPPROTO_COMP    = 108        	--  Compression Header protocol
 IPPROTO_SCTP    = 132         	--  Stream Control Transport Protocol
 IPPROTO_UDPLITE = 136        	--  UDP-Lite (RFC 3828)

+IPPROTO_ICMPV6 = 58
+IPV6_HOPBYHOP_OPTION = 0
+IPV6_DESTINATION_OPTION = 60
+IP_PROTO_ICMPV6 = 58
+
+ICMP6_ECHO_REQUEST = 128
+ICMP6_ECHO_REPLY = 129
+MLD_LISTENER_QUERY = 130
+MLD_LISTENER_REPORT = 131
+MLD_LISTENER_REDUCTION = 132
+ND_ROUTER_SOLICIT = 133
+ND_ROUTER_ADVERT = 134
+ND_NEIGHBOR_SOLICIT = 135
+ND_NEIGHBOR_ADVERT = 136
+ND_REDIRECT = 137
+
+ND_OPT_SOURCE_LINKADDR = 1
+ND_OPT_TARGET_LINKADDR = 2
+ND_OPT_PREFIX_INFORMATION = 3
+ND_OPT_REDIRECTED_HEADER = 4
+ND_OPT_MTU = 5
+ND_OPT_RTR_ADV_INTERVAL = 7
+ND_OPT_HOME_AGENT_INFO = 8
+
+----------------------------------------------------------------------------------------------------------------
+-- Frame is a class
+Frame = {}
+
+function Frame:new(frame, force_continue)
+	local packet = nil
+	local packet_len = 0
+	if frame and #frame > 14 then
+		packet = string.sub(frame, 15, -1)
+		packet_len = #frame - 14	
+	end
+	local o = Packet:new(packet, packet_len, force_continue)
+
+	o.build_ether_frame = self.build_ether_frame
+	o.ether_parse = self.ether_parse	
+	o.frame_buf = frame
+	o:ether_parse()	
+	return o
+end
+--- Build an Ethernet frame.
+-- @param mac_dst six-byte string of the destination MAC address.
+-- @param mac_src six-byte string of the source MAC address.
+-- @param packet string of the payload.
+-- @return frame string of the Ether frame.
+function Frame:build_ether_frame(mac_dst, mac_src, packet)
+	self.mac_dst = mac_dst or self.mac_dst
+	self.mac_src = mac_src or self.mac_src
+	self.buf = packet or self.buf
+	local l3_type
+	if self.ip_v == 4 then
+		l3_type = string.char(0x08, 0x00)
+	elseif self.ip_v == 6 then
+		l3_type = string.char(0x86, 0xdd)
+	else
+		return nil, "Unknown packet."
+	end	
+	self.frame_buf = self.mac_dst..self.mac_src..l3_type..self.buf
+end
+--- Parse an Ethernet frame.
+-- @param frame string of the Ether frame.
+-- @return mac_dst six-byte string of the destination MAC address.
+-- @return mac_src six-byte string of the source MAC address.
+-- @return packet string of the payload.
+function Frame:ether_parse()
+	if not self.frame_buf then
+		return false
+	end
+	if #self.frame_buf < 14 then -- too short
+		return false
+	end	
+	self.mac_dst = string.sub(self.frame_buf, 1, 6)
+	self.mac_src = string.sub(self.frame_buf, 7, 12)
+end

 ----------------------------------------------------------------------------------------------------------------
 -- Packet is a class
@@ -136,11 +213,27 @@ Packet = {}
 -- @return A new Packet.
 function Packet:new(packet, packet_len, force_continue)
 	local o = setmetatable({}, {__index = Packet})
+	if not packet then
+		return o
+	end
 	o.buf		= packet
 	o.packet_len	= packet_len
-	if not o:ip_parse(force_continue) then
+	o.ip_v = bit.rshift(string.byte(o.buf), 4)
+	if o.ip_v == 4 and not o:ip_parse(force_continue) then
+		return nil
+	elseif o.ip_v == 6 and not o:ip6_parse(force_continue) then
 		return nil
 	end
+	
+	if o.ip_v == 6 then
+		while o.ip6_nhdr ~= IPPROTO_TCP and o.ip6_nhdr ~= IPPROTO_UDP and o.ip6_nhdr ~= IPPROTO_ICMPV6 do
+			if not o:ipv6_ext_header_parse(force_continue) then
+				return nil
+			end
+		end
+		o.ip_p = o.ip6_nhdr
+	end
+	
 	if o.ip_p == IPPROTO_TCP then
 		if not o:tcp_parse(force_continue) then
 			stdnse.print_debug("Error while parsing TCP packet\n")
@@ -153,9 +246,151 @@ function Packet:new(packet, packet_len, force_continue)
 		if not o:icmp_parse(force_continue) then
 			stdnse.print_debug("Error while parsing ICMP packet\n")
 		end
+	elseif o.ip_p == IPPROTO_ICMPV6 then
+		if not o:icmpv6_parse(force_continue) then
+			stdnse.print_debug("Error while parsing ICMPv6 packet\n")
+		end
 	end
 	return o
 end
+--- Build an IPv6 packet.
+-- @param src 16-byte string of the source IPv6 address.
+-- @param dsr 16-byte string of the destination IPv6 address.
+-- @param nx_hdr integer that represents next header.
+-- @param h_limit integer that represents hop limit.
+-- @param t_class integer that represents traffic class.
+-- @param f_label integer that represents flow label.
+function Packet:build_ipv6_packet(src, dst, nx_hdr, payload, h_limit, t_class, f_label)
+	self.ip_v = 6
+	self.ip6_src = src or self.ip6_src
+	self.ip6_dst = dst or self.ip6_dst
+	self.ip6_nhdr = nx_hdr or self.ip6_nhdr
+	self.l4_packet = payload or self.l4_packet
+	self.ip6_tc = t_class or self.ip6_tc or 1
+	self.ip6_fl = f_label or self.ip6_fl or 1
+	self.ip6_hlimit = h_limit or self.ip6_hlimit or 255
+	
+	local ver_tc_fl = bit.lshift(bit.band(self.ip_v, 0xF), 28) + 
+	                  bit.lshift(bit.band(self.ip6_tc, 0xFF), 20) + 
+	                  bit.band(self.ip6_fl, 0xFFFFF)
+	
+	self.buf = 
+		set_u32("....",0,ver_tc_fl) ..
+		set_u16("..",0,#(self.exheader or "")+#(self.l4_packet or "")) ..--string.char(0x00,0x10) .. --payload length
+		string.char(self.ip6_nxt_hdr) .. --next header
+		string.char(self.ip6_hlimit) .. --hop limit
+		self.ip6_src .. --Source
+		self.ip6_dst ..--dest
+		(self.exheader or "")..
+		(self.l4_packet or "")
+end
+--- Build an IPv6 invalid extension header.
+-- @param exheader integer that represents extension header's type
+function Packet:build_invalid_extension_header(exheader_type)
+	local ex_invalid_opt = string.char(0x80,0x01,0xfe,0x18,0xfe,0x18,0xfe,0x18,0x0,0x0,0x0,0x0,0x0,0x0)
+	local ext_header =
+		string.char(self.ip6_nxt_hdr) .. --next header
+		string.char(#ex_invalid_opt/16) .. --length (16bytes)
+		ex_invalid_opt
+	self.exheader = ext_header..(self.exheader or "")
+	self.ip6_nxt_hdr = exheader_type
+end
+--- Count IPv6 checksum.
+-- @return the checksum.
+function Packet:count_ipv6_pseudoheader_cksum()
+	local pseudoheader = self.ip6_src .. self.ip6_dst .. set_u16("..",0,#self.l4_packet) .. string.char(0x0,0x0,0x0) .. string.char(self.ip6_nxt_hdr)
+	local ck_content = pseudoheader .. self.l4_packet
+	return in_cksum(ck_content)
+end
+--- Set ICMPv6 checksum.
+function Packet:set_icmp6_cksum(check_sum)	
+	self.l4_packet = set_u16(self.l4_packet, 2, check_sum)
+end
+--- Build an ICMPv6 header.
+-- @param icmpv6_type integer that represent ICMPv6 type.
+-- @param icmpv6_code integer that represent ICMPv6 code.
+-- @param icmpv6_payload string of the payload
+-- @param ip6_src 16-byte string of the source IPv6 address.
+-- @param ip6_dst 16-byte string of the destination IPv6 address.
+function Packet:build_icmpv6_header(icmpv6_type, icmpv6_code, icmpv6_payload, ip6_src, ip6_dst)
+	self.ip6_nxt_hdr = IPPROTO_ICMPV6
+	self.icmpv6_type = icmpv6_type or self.icmpv6_type
+	self.icmpv6_code = icmpv6_code or self.icmpv6_code
+	self.icmpv6_payload	 = icmpv6_payload or self.icmpv6_payload
+	self.ip6_src = ip6_src or self.ip6_src
+	self.ip6_dst = ip6_dst or self.ip6_dst
+	
+	self.l4_packet = 
+		string.char(self.icmpv6_type,self.icmpv6_code) ..
+		string.char(0x00,0x00) .. --checksum
+		(self.icmpv6_payload or "")	
+	local check_sum = self:count_ipv6_pseudoheader_cksum()
+	self:set_icmp6_cksum(check_sum)
+end
+--- Build an ICMPv6 Echo Request frame.
+-- @param mac_src six-byte string of source MAC address.
+-- @param mac_dst sis-byte string of destination MAC address.
+-- @param ip6_src 16-byte string of source IPv6 address.
+-- @param ip6_dst 16-byte string of destinatiion IPv6 address.
+-- @param id integer that represents Echo ID.
+-- @param sequence integer that represents Echo sequence.
+-- @param data string of Echo data.
+-- @param tc integer that represents traffic class of IPv6 packet.
+-- @param fl integer that represents flow label of IPv6 packet.
+-- @param hop-limit integer that represents hop limit of IPv6 packet.
+function Packet:build_icmpv6_echo_request(id, sequence, data, mac_src, mac_dst, ip6_src, ip6_dst, tc, fl, hop_limit)
+	self.mac_src = mac_src or self.mac_src
+	self.mac_dst = mac_dst or self.mac_dst
+	
+	self.ip6_src = ip6_src or self.ip6_src
+	self.ip6_dst = ip6_dst or self.ip6_dst
+	self.traffic_class = tc or 1
+	self.flow_label = fl or 1
+	self.ip6_hlimit = hop_limit or 255
+	
+	self.icmpv6_type = ICMP6_ECHO_REQUEST
+	self.icmpv6_code = 0
+	
+	self.echo_id = id or self.echo_id or 0xdead
+	self.echo_seq = sequence or self.echo_seq or 0xbeef
+	self.echo_data = data or self.echo_data or ""
+	
+	self.icmpv6_payload = set_u16("..",0,self.echo_id) .. set_u16("..",0,self.echo_seq) .. self.echo_data
+end
+--- Set an ICMPv6 option message.
+function Packet:set_icmpv6_option(opt_type,msg)
+	return string.char(opt_type, (#msg+2)/8) .. msg
+end
+--- Build an Router Advertisement frame.
+-- @param mac_src six-byte string of the source MAC address.
+-- @param prefix 16-byte string of IPv6 address.
+-- @param prefix_len integer that represents the length of the prefix.
+-- @param valid_time integer that represents the valid time of the prefix.
+-- @param preferred_time integer that represents the preferred time of the prefix.
+function Packet:build_router_advert(mac_src,prefix,prefix_len,valid_time,preferred_time)
+	self.ip6_src = mac_to_lladdr(mac_src)
+	self.ip6_dst = ipv6tobin("ff02::1")
+	self.mac_src = mac_src
+	self.mac_dst = mactobin("33:33:00:00:00:01")
+	
+	local ra_msg = string.char(0x0, --cur hop limit
+												0x08, --flags
+												0x00,0x00, --router lifetime
+												0x00,0x00,0x00,0x00, --reachable time
+												0x00,0x00,0x00,0x00) --retrans timer
+	local prefix_option_msg = string.char(prefix_len,
+																	0xc0) .. --flags: Onlink, Auto
+												packet.set_u32("....",0,valid_time) ..
+												packet.set_u32("....",0,preferred_time) ..
+												string.char(0,0,0,0) .. --unknown
+												prefix
+	local icmpv6_prefix_option = self:set_icmpv6_option(ND_OPT_PREFIX_INFORMATION,prefix_option_msg)
+	local icmpv6_src_link_option = self:set_icmpv6_option(ND_OPT_SOURCE_LINKADDR,mac_src)	
+	self.icmpv6_payload = ra_msg .. icmpv6_prefix_option .. icmpv6_src_link_option
+	
+	self.icmpv6_type = ND_ROUTER_ADVERT
+	self.icmpv6_code = 0
+end

 -- Helpers

@@ -171,6 +406,73 @@ function iptobin(str)
        end
 	return ret
 end
+function inet6_pton_simple(str)	
+	local addr_hex = ""
+	if str==nil then
+		return addr_hex
+	end
+	local unit16	
+	for unit16 in string.gmatch(str, "%x+") do
+		local h8 = string.sub(unit16,-4,-3)
+  		local l8 = string.sub(unit16,-2,-1)
+  		local unit8
+  		for _,unit8 in pairs({h8,l8}) do
+  			if (unit8 == "") then
+				addr_hex = addr_hex .. string.char(0x00)
+			else
+				addr_hex = addr_hex .. string.char("0x"..unit8)
+			end   			
+  		end
+	end
+	return addr_hex
+end
+--- Convert an IPv6 address string (like <code>"fe80:21::1"</code>) to a raw
+-- string 16 bytes long.
+-- @param str  IPv6 address string.
+-- @return 16-byte string.
+function ipv6tobin(str)
+	if not str then
+		return nil
+	end
+	local check_str = string.gsub(str,":","f")	
+	if string.match(check_str,"[%X]") then
+		return nil,"Invalid IPv6 address: unknown character."	
+	end		
+	local i,j
+	i,j = string.find(str,"::")
+	if not i then
+		return inet6_pton_simple(str)
+	end		
+	local lpart
+	local rpart
+	lpart = string.match(str,"([%x:]-)::")
+	rpart = string.match(str,"::([%x:]+)")
+	local lpart_hex = inet6_pton_simple(lpart)
+	local rpart_hex = inet6_pton_simple(rpart)	
+	if (#lpart_hex+#rpart_hex~=16) then
+		local filler_num = 16 - #lpart_hex - #rpart_hex
+		local i
+		for i=1,filler_num do
+			lpart_hex = lpart_hex .. string.char(0x00)
+		end
+	end	
+	return lpart_hex .. rpart_hex
+end
+--- Convert a MAC address string (like <code>"00:23:ae:5d:3b:10"</code>) to 
+-- a raw six-byte long.
+-- @param str MAC address string.
+-- @return Six-byte string.
+function mactobin(str)
+	if not str then
+		return mactobin("00:00:00:00:00:00")
+	end
+	local unit8
+	local addr_hex = ""
+	for unit8 in string.gmatch(str,"%x+") do
+		addr_hex = addr_hex .. string.char("0x"..unit8)
+	end
+	return addr_hex
+end
 --- Convert a four-byte raw string to a dotted-quad IP address string.
 -- @param raw_ip_addr Four-byte string.
 -- @return IP address string.
@@ -180,6 +482,27 @@ function toip(raw_ip_addr)
 	end
 	return string.format("%i.%i.%i.%i", string.byte(raw_ip_addr,1,4))
 end
+--- Convert a 16-byte raw string to an IPv6 address string.
+-- @param raw_ipv6_addr  16-byte string.
+-- @return IPv6 address string.
+function toipv6(raw_ipv6_addr)
+	if not raw_ipv6_addr then
+		return "?::?"
+	end
+	return string.format("%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", 
+										string.byte(raw_ipv6_addr,1,16))
+end
+--- Generate the link-local IPv6 address from the MAC address.
+-- @param mac  MAC address string.
+-- @return Link-local IPv6 address string.
+function mac_to_lladdr(mac)
+	if not mac then
+		return "?::?"
+	end
+	local interfier = string.char(bit.bor(string.byte(mac,1),0x02))..string.sub(mac,2,3)..string.char(0xff,0xfe)..string.sub(mac,4,6)
+	local ll_prefix = ipv6tobin("fe80::")
+	return string.sub(ll_prefix,1,8)..interfier
+end
 --- Get an 8-bit integer at a 0-based byte offset in the packet.
 -- @param index Offset.
 -- @return An 8-bit integer.
@@ -269,6 +592,38 @@ function Packet:ip_parse(force_continue)
 	self.ip_data_offset	= self.ip_offset + self.ip_hl*4
 	return true
 end
+--- Parse an IPv6 packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:ip6_parse(force_continue)
+	self.ip6_offset = 0
+	if #self.buf < 40 then 	-- too short
+		return false
+	end
+	self.ip_v		= bit.rshift(bit.band(self:u8(self.ip6_offset + 0), 0xF0), 4)
+	if self.ip_v ~= 6 then 	-- not ipv6
+		return false
+	end
+	self.ip6 = true
+	self.ip6_tc	= bit.rshift(bit.band(self:u16(self.ip6_offset + 0), 0x0FF0), 4)
+	self.ip6_fl	= bit.band(self:u8(self.ip6_offset + 1), 0x0F)*65536 + self:u16(self.ip6_offset + 2)
+	self.ip6_plen	= self:u16(self.ip6_offset + 4)
+	self.ip6_nhdr	= self:u8(self.ip6_offset + 6)
+	self.ip6_hlimt	= self:u8(self.ip6_offset + 7)
+	self.ip6_src = self:raw(self.ip6_offset + 8, 16)
+	self.ip6_dst = self:raw(self.ip6_offset + 24, 16)
+	self.ip6_data_offset = 40
+	return true
+end
+--- Pare an IPv6 extension header. Just jump over it at the moment.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:ipv6_ext_header_parse(force_continue)	
+	local ext_hdr_len = self.u8(self.ip6_data_offset + 1)
+	ext_hdr_len = ext_hdr_len*8 + 8
+	self.ip6_data_offset = self.ip6_data_offset + ext_hdr_len
+	self.ip6_nhdr = self.u8(self.ip6_data_offset)	
+end
 --- Set the header length field.
 function Packet:ip_set_hl(len)
 	self:set_u8(self.ip_offset + 0, bit.bor(bit.lshift(self.ip_v, 4), bit.band(len, 0x0F)))
@@ -420,6 +775,25 @@ function Packet:icmp_tostring()
 	return self:ip_tostring() .. " ICMP(" .. self.icmp_payload:tostring() .. ")"
 end

+----------------------------------------------------------------------------------------------------------------
+--- Parse an ICMPv6 packet header.
+-- @param force_continue Ignored.
+-- @return Whether the parsing succeeded.
+function Packet:icmpv6_parse(force_continue)
+	self.icmpv6_offset	= self.ip6_data_offset
+	if #self.buf < self.icmpv6_offset + 8 then -- let's say 8 bytes minimum
+		return false
+	end
+	self.icmpv6 = true
+	self.icmpv6_type		= self:u8(self.icmpv6_offset + 0)
+	self.icmpv6_code		= self:u8(self.icmpv6_offset + 1)
+	
+	if self.icmpv6_type == ND_NEIGHBOR_SOLICIT then
+		self.ns_target = self:raw(self.icmpv6_offset + 8, 16)	
+	end
+	return true
+end
+
 ----------------------------------------------------------------------------------------------------------------
 -- Parse a TCP packet header.
 -- @param force_continue Whether a short packet causes parsing to fail.