PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-02 21:09:00 +00:00
Code Issues Projects Releases Wiki Activity

Convert ospf.lua from bin.lua to string.pack/unpack

Browse Source
This commit is contained in:
dmiller
2017-03-14 02:51:05 +00:00
parent 84a824c2cf
commit 32b1d1711e
1 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
nselib/ospf.lua
View File

@@ -8,8 +8,6 @@
-- @author Emiliano Ticci <emiticci@gmail.com>
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
local bin = require "bin"
local bit = require "bit"
local math = require "math"
local stdnse = require "stdnse"
local string = require "string"
@@ -52,25 +50,23 @@ OSPF = {
parse = function(data)
local header = OSPF.Header:new()
local pos
pos, header.ver, header.type, header.length = bin.unpack(">CCS", data)
header.ver, header.type, header.length, pos = string.unpack(">BBI2", data)
assert( header.ver == 2, "Invalid OSPF version detected")
pos, header.router_id, header.area_id, header.chksum, header.auth_type
= bin.unpack(">IISS", data, pos)
header.router_id, header.area_id, header.chksum, header.auth_type, pos
= string.unpack(">I4 I4 I2 I2", data, pos)
-- No authentication
if header.auth_type == 0x00 then
header.auth_data.password = nil
-- Clear text password
elseif header.auth_type == 0x01 then
pos, header.auth_data.password = bin.unpack(">A8", data, pos)
header.auth_data.password, pos = string.unpack("c8", data, pos)
-- MD5 hash authentication
elseif header.auth_type == 0x02 then
local _
_, header.auth_data.keyid = bin.unpack(">C", data, pos+2)
_, header.auth_data.length = bin.unpack(">C", data, pos+3)
_, header.auth_data.seq = bin.unpack(">I", data, pos+4)
_, header.auth_data.hash = bin.unpack(">H"..header.auth_data.length, data, header.length+1)
header.auth_data.keyid, header.auth_data.length, header.auth_data.seq = string.unpack(">BB I4", data, pos+2)
local hash = stdnse.tohex(string.sub(data, header.length+1, header.length+1+header.auth_data.length))
header.auth_data.hash = hash
else
-- Shouldn't happen
stdnse.debug1("Unknown authentication type " .. header.auth_type)
@@ -101,15 +97,20 @@ OSPF = {
__tostring = function(self)
local auth
if self.auth_type == 0x00 then
auth = bin.pack(">L", 0x00)
auth = string.rep("\0", 8)
elseif self.auth_type == 0x01 then
auth = bin.pack(">A", self.auth_data.password)
auth = self.auth_data.password
elseif self.auth_type == 0x02 then
auth = bin.pack(">SCCI", 0, self.auth_data.keyid, self.auth_data.length, self.auth_data.seq)
auth = string.pack(">I2 BB I4", 0, self.auth_data.keyid, self.auth_data.length, self.auth_data.seq)
end
local hdr = bin.pack(">CCS", self.ver, self.type, self.length )
.. bin.pack(">IISS", ipOps.todword(self.router_id), self.area_id, self.chksum, self.auth_type)
.. auth
local hdr = string.pack(">BB I2 I4 I4 I2 I2",
self.ver, self.type,
self.length,
ipOps.todword(self.router_id),
self.area_id,
self.chksum,
self.auth_type
) .. auth
return hdr
end,
@@ -165,22 +166,26 @@ OSPF = {
__tostring = function(self)
self.neighbors = self.neighbors or {}
local function tostr()
local data = bin.pack(">ISCCIII", ipOps.todword(self.netmask), self.interval, self.options, self.prio, self.router_dead_interval, ipOps.todword(self.DR), ipOps.todword(self.BDR))
local data = {
string.pack(">I4 I2 BB I4 I4 I4",
ipOps.todword(self.netmask),
self.interval,
self.options, self.prio,
self.router_dead_interval,
ipOps.todword(self.DR),
ipOps.todword(self.BDR))
}
for _, n in ipairs(self.neighbors) do
data = data .. bin.pack(">I", ipOps.todword(n))
data[#data+1] = string.pack(">I4", ipOps.todword(n))
end
data = table.concat(data)
self.header:setLength(#data)
if self.header.auth_data.hash then
data = data .. self.header.auth_data.hash
end
return tostring(self.header) .. data
return tostring(self.header) .. data .. (self.header.auth_data.hash or "")
end
local data = tostr()
if have_ssl and self.header.auth_type == 0x02 then
while string.len(self.header.auth_data.key) < 16 do
self.header.auth_data.key = self.header.auth_data.key .. "\0"
end
self.header.auth_data.hash = openssl.md5(data .. bin.pack(">A", self.header.auth_data.key))
self.header.auth_data.key = self.header.auth_data.key .. string.rep("\0", 16 - #self.header.auth_data.key)
self.header.auth_data.hash = openssl.md5(data .. self.header.auth_data.key)
else
self.header.chksum = packet.in_cksum(data:sub(1,16) .. data:sub(25))
end
@@ -192,9 +197,9 @@ OSPF = {
local pos = OSPF.Header.size + 1
hello.header = OSPF.Header.parse(data)
assert( #data >= hello.header.length, "OSPF packet too short")
pos, hello.netmask, hello.interval, hello.options, hello.prio,
hello.netmask, hello.interval, hello.options, hello.prio,
hello.router_dead_interval, hello.DR,
hello.BDR = bin.unpack(">ISCCIII", data, pos)
hello.BDR, pos = string.unpack(">I4 I2 BB I4 I4 I4", data, pos)
hello.netmask = ipOps.fromdword(hello.netmask)
hello.DR = ipOps.fromdword(hello.DR)
@@ -210,7 +215,7 @@ OSPF = {
hello.neighbors = {}
for i=1, neighbor_count do
pos, neighbor = bin.unpack(">I", data, pos)
neighbor, pos = string.unpack(">I4", data, pos)
neighbor = ipOps.fromdword(neighbor)
table.insert(hello.neighbors, neighbor)
end
@@ -241,10 +246,13 @@ OSPF = {
parse = function(data)
local lsa_h = OSPF.LSA.Header:new()
local pos = 1
pos, lsa_h.age, lsa_h.options, lsa_h.type, lsa_h.id, lsa_h.adv_router, lsa_h.sequence, lsa_h.checksum, lsa_h.length = bin.unpack(">SCCIIH4H2S", data, pos)
lsa_h.age, lsa_h.options, lsa_h.type, lsa_h.id, lsa_h.adv_router,
lsa_h.sequence, lsa_h.checksum, lsa_h.length, pos = string.unpack(">I2 BB I4 I4 c4 c2 I2", data, pos)
lsa_h.id = ipOps.fromdword(lsa_h.id)
lsa_h.adv_router = ipOps.fromdword(lsa_h.adv_router)
lsa_h.sequence = stdnse.tohex(lsa_h.sequence)
lsa_h.checksum = stdnse.tohex(lsa_h.checksum)
return lsa_h
end,
@@ -267,7 +275,8 @@ OSPF = {
parse = function(data)
local lsa_link = OSPF.LSA.Link:new()
local pos = 1
pos, lsa_link.id, lsa_link.data, lsa_link.type, lsa_link.num_metrics, lsa_link.metric = bin.unpack(">IICCS", data, pos)
lsa_link.id, lsa_link.data, lsa_link.type,
lsa_link.num_metrics, lsa_link.metric, pos = string.unpack(">I4 I4 BB I2", data, pos)
lsa_link.id = ipOps.fromdword(lsa_link.id)
lsa_link.data = ipOps.fromdword(lsa_link.data)
return lsa_link
@@ -291,7 +300,7 @@ OSPF = {
local router = OSPF.LSA.Router:new()
local pos = OSPF.LSA.Header.size + 1
router.header = OSPF.LSA.Header.parse(data)
pos, router.flags, router.num_links = bin.unpack(">CxS", data, pos)
router.flags, router.num_links, pos = string.unpack(">B x I2", data, pos)
while ( pos < router.header.length ) do
table.insert(router.links, OSPF.LSA.Link.parse(data:sub(pos, pos + 12)))
@@ -322,10 +331,10 @@ OSPF = {
local pos = OSPF.LSA.Header.size + 1
as_ext.header = OSPF.LSA.Header.parse(data)
pos, as_ext.netmask, as_ext.metric, as_ext.fw_address, as_ext.ext_tag = bin.unpack(">IIII", data, pos)
as_ext.netmask, as_ext.metric, as_ext.fw_address, as_ext.ext_tag, pos = string.unpack(">I4 I4 I4 I4", data, pos)
as_ext.netmask = ipOps.fromdword(as_ext.netmask)
as_ext.ext_type = 1 + bit.rshift(bit.band(as_ext.metric, 0xFF000000), 31)
as_ext.metric = bit.band(as_ext.metric, 0x00FFFFFF)
as_ext.ext_type = 1 + ((as_ext.metric & 0xFF000000) >> 31)
as_ext.metric = as_ext.metric & 0x00FFFFFF
as_ext.fw_address = ipOps.fromdword(as_ext.fw_address)
return as_ext
@@ -368,19 +377,14 @@ OSPF = {
if ( self.more ) then flags = flags + 2 end
if ( self.master) then flags= flags + 1 end
local data = bin.pack(">SCCI", self.mtu, self.options, flags, self.sequence)
local data = string.pack(">I2 BB I4", self.mtu, self.options, flags, self.sequence)
self.header:setLength(#data)
if self.header.auth_data.hash then
data = data .. self.header.auth_data.hash
end
return tostring(self.header) .. data
return tostring(self.header) .. data .. (self.header.auth_data.hash or "")
end
local data = tostr()
if have_ssl and self.header.auth_type == 0x02 then
while string.len(self.header.auth_data.key) < 16 do
self.header.auth_data.key = self.header.auth_data.key .. "\0"
end
self.header.auth_data.hash = openssl.md5(data .. bin.pack(">A", self.header.auth_data.key))
self.header.auth_data.key = self.header.auth_data.key .. string.rep("\0", 16 - #self.header.auth_data.key)
self.header.auth_data.hash = openssl.md5(data .. self.header.auth_data.key)
else
self.header.chksum = packet.in_cksum(data:sub(1,16) .. data:sub(25))
end
@@ -394,11 +398,11 @@ OSPF = {
assert( #data >= desc.header.length, "OSPF packet too short")
local flags = 0
pos, desc.mtu, desc.options, flags, desc.sequence = bin.unpack(">SCCI", data, pos)
desc.mtu, desc.options, flags, desc.sequence, pos = string.unpack(">I2 BB I4", data, pos)
desc.init = ( bit.band(flags, 4) == 4 )
desc.more = ( bit.band(flags, 2) == 2 )
desc.master = ( bit.band(flags, 1) == 1 )
desc.init = (flags & 4) == 4
desc.more = (flags & 2) == 2
desc.master = (flags & 1) == 1
while ( pos < desc.header.length ) do
table.insert(desc.lsa_headers, OSPF.LSA.Header.parse(data:sub(pos, pos + 20)))
@@ -440,22 +444,17 @@ OSPF = {
__tostring = function(self)
local function tostr()
local data = ""
local data = {}
for _, req in ipairs(self.ls_requests) do
data = data .. bin.pack(">III", req.type, ipOps.todword(req.id), ipOps.todword(req.adv_router))
data[#data+1] = string.pack(">I4 I4 I4", req.type, ipOps.todword(req.id), ipOps.todword(req.adv_router))
end
self.header:setLength(#data)
if self.header.auth_data.hash then
data = data .. self.header.auth_data.hash
end
return tostring(self.header) .. data
return tostring(self.header) .. data .. (self.header.auth_data.hash or "")
end
local data = tostr()
if have_ssl and self.header.auth_type == 0x02 then
while string.len(self.header.auth_data.key) < 16 do
self.header.auth_data.key = self.header.auth_data.key .. "\0"
end
self.header.auth_data.hash = openssl.md5(data .. bin.pack(">A", self.header.auth_data.key))
self.header.auth_data.key = self.header.auth_data.key .. string.rep("\0", 16 - #self.header.auth_data.key)
self.header.auth_data.hash = openssl.md5(data .. self.header.auth_data.key)
else
self.header.chksum = packet.in_cksum(data:sub(1,16) .. data:sub(25))
end
@@ -470,7 +469,7 @@ OSPF = {
while ( pos < #data ) do
local req = {}
pos, req.type, req.id, req.adv_router = bin.unpack(">III", data, pos)
req.type, req.id, req.adv_router, pos = string.unpack(">I4 I4 I4", data, pos)
table.insert(ls_req.ls_requests, req)
end
@@ -496,7 +495,7 @@ OSPF = {
lsu.header = OSPF.Header.parse(data)
assert( #data >= lsu.header.length, "OSPF packet too short")
pos, lsu.num_lsas = bin.unpack(">I", data, pos)
lsu.num_lsas, pos = string.unpack(">I4", data, pos)
while ( pos < lsu.header.length ) do
local lsa = OSPF.LSA.parse(data:sub(pos))
@@ -515,7 +514,7 @@ OSPF = {
Response = {
parse = function(data)
local pos, ver, ospf_type = bin.unpack("CC", data)
local ver, ospf_type, pos = string.unpack("BB", data)
if ( ospf_type == OSPF.Message.HELLO ) then
return OSPF.Hello.parse( data )
elseif( ospf_type == OSPF.Message.DB_DESCRIPTION ) then