PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Add support for decoys in IPv6 closes #433 and fixes #98

Browse Source
This commit is contained in:
abhishek
2016-08-17 06:09:09 +00:00
parent b5606dde91
commit 9d288db7fd
14 changed files with 206 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o Added support for decoys in IPv6. Earlier we supported decoys only in
IPv4. [Abhishek Singh]
o Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont] o Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont]
o [Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl o [Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl

48
FPEngine.cc
View File

@@ -456,6 +456,7 @@ void FPNetworkControl::probe_transmission_handler(nsock_pool nsp, nsock_event ns
FPProbe *myprobe = (FPProbe *)arg; FPProbe *myprobe = (FPProbe *)arg;
u8 *buf; u8 *buf;
size_t len; size_t len;
int result = true;
if (status == NSE_STATUS_SUCCESS) { if (status == NSE_STATUS_SUCCESS) {
switch(type) { switch(type) {
@@ -470,17 +471,33 @@ void FPNetworkControl::probe_transmission_handler(nsock_pool nsp, nsock_event ns
this->first_pcap_scheduled = true; this->first_pcap_scheduled = true;
} }
buf = myprobe->getPacketBuffer(&len);
/* Send the packet*/ /* Send the packet*/
assert(myprobe->host != NULL); for (int decoy = 0; decoy < o.numdecoys; decoy++) {
if (send_ip_packet(this->rawsd, myprobe->getEthernet(), myprobe->host->getTargetAddress(), buf, len) == -1) { /* We don't need to change address if decoys aren't specified */
myprobe->setFailed(); if (o.numdecoys > 1) {
this->cc_report_final_timeout(); result = myprobe->changeSourceAddress(&((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr) == OP_SUCCESS;
myprobe->host->fail_one_probe(); }
gh_perror("Unable to send packet in %s", __func__); /* Decoys have to be sent only if changeSourceAddress worked */
if (result) {
assert(myprobe->host != NULL);
buf = myprobe->getPacketBuffer(&len);
if (send_ip_packet(this->rawsd, myprobe->getEthernet(), myprobe->host->getTargetAddress(), buf, len) == -1) {
if (decoy == o.decoyturn) {
myprobe->setFailed();
this->cc_report_final_timeout();
myprobe->host->fail_one_probe();
gh_perror("Unable to send packet in %s", __func__);
}
}
free(buf);
}
} }
/* Reset the address to the original one if decoys were present and original Address wasn't last one */
if ( o.numdecoys != o.decoyturn+1 )
result = myprobe->changeSourceAddress(&((struct sockaddr_in6 *)&o.decoys[o.decoyturn])->sin6_addr) == OP_SUCCESS;
assert(result == true);
myprobe->setTimeSent(); myprobe->setTimeSent();
free(buf);
break; break;
default: default:
@@ -754,7 +771,7 @@ void FPHost6::fill_FPR(FingerPrintResultsIPv6 *FPR) {
FPR->incomplete = this->incomplete_fp; FPR->incomplete = this->incomplete_fp;
} }
static const IPv6Header *find_ipv6(const PacketElement *pe) { static IPv6Header *find_ipv6(const PacketElement *pe) {
while (pe != NULL && pe->protocol_id() != HEADER_TYPE_IPv6) while (pe != NULL && pe->protocol_id() != HEADER_TYPE_IPv6)
pe = pe->getNextElement(); pe = pe->getNextElement();
@@ -1744,7 +1761,7 @@ int FPHost6::build_probe_list() {
RoutingHeader *routing; RoutingHeader *routing;
HopByHopHeader *hopbyhop1, *hopbyhop2; HopByHopHeader *hopbyhop1, *hopbyhop2;
RawData *payload; RawData *payload;
unsigned int i; int i;
char payloadbuf[300]; char payloadbuf[300];
assert(this->target_host != NULL); assert(this->target_host != NULL);
@@ -2736,6 +2753,17 @@ int FPProbe::setTimed() {
return OP_SUCCESS; return OP_SUCCESS;
} }
/* Changes source address for packet element associated with current FPProbe. */
int FPProbe::changeSourceAddress(struct in6_addr *addr) {
if (!is_set())
return OP_FAILURE;
else{
IPv6Header *ip6 = find_ipv6(getPacket());
if (ip6 != NULL)
return ip6->setSourceAddress(*addr);
}
return OP_FAILURE;
}
/****************************************************************************** /******************************************************************************
* Implementation of class FPResponse. * * Implementation of class FPResponse. *

1
FPEngine.h
View File

@@ -353,6 +353,7 @@ class FPProbe : public FPPacket {
int setFailed(); int setFailed();
bool isTimed() const; bool isTimed() const;
int setTimed(); int setTimed();
int changeSourceAddress(struct in6_addr *addr);
}; };

4
NmapOps.cc
View File

@@ -570,8 +570,8 @@ dialog where you can start NPF if you have administrator privileges.";
fatal("--min-rate=%g must be less than or equal to --max-rate=%g", min_packet_send_rate, max_packet_send_rate); fatal("--min-rate=%g must be less than or equal to --max-rate=%g", min_packet_send_rate, max_packet_send_rate);
} }
if (af() == AF_INET6 && (generate_random_ips|numdecoys|bouncescan|fragscan)) { if (af() == AF_INET6 && (generate_random_ips|bouncescan|fragscan)) {
fatal("Random targets, decoys, FTP bounce scan, and fragmentation are not supported with IPv6."); fatal("Random targets, FTP bounce scan, and fragmentation are not supported with IPv6.");
} }
if(ipoptions && osscan) if(ipoptions && osscan)

2
NmapOps.h
View File

@@ -313,7 +313,7 @@ class NmapOps {
int override_excludeports; int override_excludeports;
int version_intensity; int version_intensity;
struct in_addr decoys[MAX_DECOYS]; struct sockaddr_storage decoys[MAX_DECOYS];
int osscan_limit; /* Skip OS Scan if no open or no closed TCP ports */ int osscan_limit; /* Skip OS Scan if no open or no closed TCP ports */
int osscan_guess; /* Be more aggressive in guessing OS type */ int osscan_guess; /* Be more aggressive in guessing OS type */
int numdecoys; int numdecoys;

8
Target.cc
View File

@@ -353,12 +353,8 @@ void Target::setSourceSockAddr(const struct sockaddr_storage *ss, size_t ss_len)
} }
// Returns IPv4 host address or {0} if unavailable. // Returns IPv4 host address or {0} if unavailable.
struct in_addr Target::v4source() const { struct sockaddr_storage Target::source() const {
const struct in_addr *addy = v4sourceip(); return sourcesock;
struct in_addr in;
if (addy) return *addy;
in.s_addr = 0;
return in;
} }
// Returns IPv4 host address or NULL if unavailable. // Returns IPv4 host address or NULL if unavailable.

2
Target.h
View File

@@ -205,7 +205,7 @@ class Target {
/* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted
to sockaddr_storage */ to sockaddr_storage */
void setSourceSockAddr(const struct sockaddr_storage *ss, size_t ss_len); void setSourceSockAddr(const struct sockaddr_storage *ss, size_t ss_len);
struct in_addr v4source() const; struct sockaddr_storage source() const;
const struct in_addr *v4sourceip() const; const struct in_addr *v4sourceip() const;
const struct in6_addr *v6sourceip() const; const struct in6_addr *v6sourceip() const;
/* The IPv4 or IPv6 literal string for the target host */ /* The IPv4 or IPv6 literal string for the target host */

2
docs/refguide.xml
View File

@@ -3205,7 +3205,7 @@ services.</para>
which host is scanning if only one is actually up on the which host is scanning if only one is actually up on the
network. You might want to use IP addresses instead of names network. You might want to use IP addresses instead of names
(so the decoy networks don't see you in their nameserver (so the decoy networks don't see you in their nameserver
logs).</para> logs). Right now random IP address generation is only supported with IPv4</para>
<para>Decoys are used both in the initial ping scan (using <para>Decoys are used both in the initial ping scan (using
ICMP, SYN, ACK, or whatever) and during the actual port ICMP, SYN, ACK, or whatever) and during the actual port

130
nmap.cc
View File

@@ -501,6 +501,7 @@ public:
this->pre_host_timeout = -1; this->pre_host_timeout = -1;
this->iflist = false; this->iflist = false;
this->af = AF_UNSPEC; this->af = AF_UNSPEC;
this->decoys = false;
} }
// Pre-specified timing parameters. // Pre-specified timing parameters.
@@ -512,9 +513,9 @@ public:
int pre_max_retries; int pre_max_retries;
long pre_host_timeout; long pre_host_timeout;
char *machinefilename, *kiddiefilename, *normalfilename, *xmlfilename; char *machinefilename, *kiddiefilename, *normalfilename, *xmlfilename;
bool iflist; bool iflist, decoys;
char *exclude_spec, *exclude_file; char *exclude_spec, *exclude_file;
char *spoofSource; char *spoofSource, *decoy_arguments;
const char *spoofmac; const char *spoofmac;
int af; int af;
std::vector<std::string> verbose_out; std::vector<std::string> verbose_out;
@@ -540,7 +541,7 @@ static void test_file_name(const char *filename, const char *option) {
} }
void parse_options(int argc, char **argv) { void parse_options(int argc, char **argv) {
char *p, *q; char *p;
int arg; int arg;
long l; long l;
double d; double d;
@@ -1065,52 +1066,7 @@ void parse_options(int argc, char **argv) {
} }
break; break;
case 'D': case 'D':
p = optarg; delayed_options.decoy_arguments = optarg;
do {
q = strchr(p, ',');
if (q)
*q = '\0';
if (!strcasecmp(p, "me")) {
if (o.decoyturn != -1)
fatal("Can only use 'ME' as a decoy once.\n");
o.decoyturn = o.numdecoys++;
} else if (!strcasecmp(p, "rnd") || !strncasecmp(p, "rnd:", 4)) {
int i = 1;
/* 'rnd:' is allowed and just gives them one */
if (strlen(p) > 4)
i = atoi(&p[4]);
if (i < 1)
fatal("Bad 'rnd' decoy \"%s\"", p);
if (o.numdecoys + i >= MAX_DECOYS - 1)
fatal("You are only allowed %d decoys (if you need more redefine MAX_DECOYS in nmap.h)", MAX_DECOYS);
while (i--) {
do {
o.decoys[o.numdecoys].s_addr = get_random_u32();
} while (ip_is_reserved(&o.decoys[o.numdecoys]));
o.numdecoys++;
}
} else {
if (o.numdecoys >= MAX_DECOYS - 1)
fatal("You are only allowed %d decoys (if you need more redefine MAX_DECOYS in nmap.h)", MAX_DECOYS);
/* Try to resolve it */
struct sockaddr_in decoytemp;
size_t decoytemplen = sizeof(struct sockaddr_in);
int rc = resolve(p, 0, (sockaddr_storage*)&decoytemp, &decoytemplen, AF_INET);
if (rc != 0)
fatal("Failed to resolve decoy host \"%s\": %s", p, gai_strerror(rc));
o.decoys[o.numdecoys] = decoytemp.sin_addr;
o.numdecoys++;
}
if (q) {
*q = ',';
p = q + 1;
}
} while (q);
break; break;
case 'd': case 'd':
if (optarg && isdigit(optarg[0])) { if (optarg && isdigit(optarg[0])) {
@@ -1690,14 +1646,6 @@ void apply_delayed_options() {
error("WARNING: a IP Protocol ping scan was requested, but after excluding requested protocols, none remain. Skipping this scan type."); error("WARNING: a IP Protocol ping scan was requested, but after excluding requested protocols, none remain. Skipping this scan type.");
/* Set up our array of decoys! */
if (o.decoyturn == -1) {
o.decoyturn = (o.numdecoys == 0) ? 0 : get_random_uint() % o.numdecoys;
o.numdecoys++;
for (i = o.numdecoys - 1; i > o.decoyturn; i--)
o.decoys[i] = o.decoys[i - 1];
}
/* We need to find what interface to route through if: /* We need to find what interface to route through if:
* --None have been specified AND * --None have been specified AND
* --We are root and doing tcp ping OR * --We are root and doing tcp ping OR
@@ -1725,6 +1673,68 @@ void apply_delayed_options() {
} }
o.exclude_spec = delayed_options.exclude_spec; o.exclude_spec = delayed_options.exclude_spec;
if (delayed_options.decoy_arguments) {
char *p = delayed_options.decoy_arguments, *q;
do {
q = strchr(p, ',');
if (q)
*q = '\0';
if (!strcasecmp(p, "me")) {
if (o.decoyturn != -1)
fatal("Can only use 'ME' as a decoy once.\n");
o.decoyturn = o.numdecoys++;
} else if (!strcasecmp(p, "rnd") || !strncasecmp(p, "rnd:", 4)) {
if (delayed_options.af == AF_INET6)
fatal("Random decoys can only be used with IPv4");
int i = 1;
/* 'rnd:' is allowed and just gives them one */
if (strlen(p) > 4)
i = atoi(&p[4]);
if (i < 1)
fatal("Bad 'rnd' decoy \"%s\"", p);
if (o.numdecoys + i >= MAX_DECOYS - 1)
fatal("You are only allowed %d decoys (if you need more redefine MAX_DECOYS in nmap.h)", MAX_DECOYS);
while (i--) {
do {
((struct sockaddr_in *)&o.decoys[o.numdecoys])->sin_addr.s_addr = get_random_u32();
} while (ip_is_reserved(&((struct sockaddr_in *)&o.decoys[o.numdecoys])->sin_addr));
o.numdecoys++;
}
} else {
if (o.numdecoys >= MAX_DECOYS - 1)
fatal("You are only allowed %d decoys (if you need more redefine MAX_DECOYS in nmap.h)", MAX_DECOYS);
/* Try to resolve it */
struct sockaddr_storage decoytemp;
size_t decoytemplen = sizeof(struct sockaddr_storage);
int rc;
if (delayed_options.af == AF_INET6){
rc = resolve(p, 0, (sockaddr_storage*)&decoytemp, &decoytemplen, AF_INET6);
}
else
rc = resolve(p, 0, (sockaddr_storage*)&decoytemp, &decoytemplen, AF_INET);
if (rc != 0)
fatal("Failed to resolve decoy host \"%s\": %s", p, gai_strerror(rc));
o.decoys[o.numdecoys] = decoytemp;
o.numdecoys++;
}
if (q) {
*q = ',';
p = q + 1;
}
} while (q);
}
/* Set up host address also in array of decoys! */
if (o.decoyturn == -1) {
o.decoyturn = (o.numdecoys == 0) ? 0 : get_random_uint() % o.numdecoys;
o.numdecoys++;
for (i = o.numdecoys - 1; i > o.decoyturn; i--)
o.decoys[i] = o.decoys[i - 1];
}
} }
int nmap_main(int argc, char *argv[]) { int nmap_main(int argc, char *argv[]) {
@@ -2061,7 +2071,7 @@ int nmap_main(int argc, char *argv[]) {
o.numhosts_up--; o.numhosts_up--;
break; break;
} }
o.decoys[o.decoyturn] = currenths->v4source(); o.decoys[o.decoyturn] = currenths->source();
} }
Targets.push_back(currenths); Targets.push_back(currenths);
} }
@@ -2074,8 +2084,8 @@ int nmap_main(int argc, char *argv[]) {
// Our source must be set in decoy list because nexthost() call can // Our source must be set in decoy list because nexthost() call can
// change it (that issue really should be fixed when possible) // change it (that issue really should be fixed when possible)
if (o.af() == AF_INET && o.RawScan()) if (o.RawScan())
o.decoys[o.decoyturn] = Targets[0]->v4source(); o.decoys[o.decoyturn] = Targets[0]->source();
/* I now have the group for scanning in the Targets vector */ /* I now have the group for scanning in the Targets vector */

33
osscan2.cc
View File

@@ -494,20 +494,23 @@ static void begin_sniffer(HostOsScan *HOS, std::vector<Target *> &Targets) {
if (HOS->pd == NULL) if (HOS->pd == NULL)
fatal("%s", PCAP_OPEN_ERRMSG); fatal("%s", PCAP_OPEN_ERRMSG);
struct sockaddr_storage ss = Targets[0]->source();
/* Build the final BPF filter */ /* Build the final BPF filter */
if (doIndividual) if (ss.ss_family == AF_INET) {
len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s and (icmp or (tcp and (%s", if (doIndividual)
inet_ntoa(Targets[0]->v4source()), dst_hosts); len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s and (icmp or (tcp and (%s",
else inet_ntoa(((struct sockaddr_in *)&ss)->sin_addr), dst_hosts);
len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s and (icmp or tcp)", else
inet_ntoa(Targets[0]->v4source())); len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s and (icmp or tcp)",
if (len < 0 || len >= (int) sizeof(pcap_filter)) inet_ntoa(((struct sockaddr_in *)&ss)->sin_addr));
fatal("ran out of space in pcap filter"); if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("ran out of space in pcap filter");
/* Compile and apply the filter to the pcap descriptor */ /* Compile and apply the filter to the pcap descriptor */
if (o.debugging) if (o.debugging)
log_write(LOG_PLAIN, "Packet capture filter (device %s): %s\n", Targets[0]->deviceFullName(), pcap_filter); log_write(LOG_PLAIN, "Packet capture filter (device %s): %s\n", Targets[0]->deviceFullName(), pcap_filter);
set_pcap_filter(Targets[0]->deviceFullName(), HOS->pd, pcap_filter); set_pcap_filter(Targets[0]->deviceFullName(), HOS->pd, pcap_filter);
}
return; return;
} }
@@ -2192,7 +2195,7 @@ int HostOsScan::send_icmp_echo_probe(HostOsScanStats *hss,
ethptr = hss->fill_eth_nfo(&eth, ethsd); ethptr = hss->fill_eth_nfo(&eth, ethsd);
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
packet = build_icmp_raw(&o.decoys[decoy], hss->target->v4hostip(), packet = build_icmp_raw(&((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, hss->target->v4hostip(),
o.ttl, get_random_u16(), tos, df, NULL, 0, seq, id, o.ttl, get_random_u16(), tos, df, NULL, 0, seq, id,
ICMP_ECHO, pcode, NULL, datalen, &packetlen); ICMP_ECHO, pcode, NULL, datalen, &packetlen);
if (!packet) if (!packet)
@@ -2245,7 +2248,9 @@ int HostOsScan::send_closedudp_probe(HostOsScanStats *hss,
} }
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
source = &o.decoys[decoy]; if (o.decoys[decoy].ss_family == AF_INET6)
return 1;
source = &((struct sockaddr_in *)&o.decoys[decoy])->sin_addr;
memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr)); memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr));

127
scan_engine_raw.cc
View File

@@ -1314,7 +1314,7 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
if (hss->target->af() == AF_INET) { if (hss->target->af() == AF_INET) {
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
packet = build_tcp_raw(&o.decoys[decoy], hss->target->v4hostip(), packet = build_tcp_raw(&((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, hss->target->v4hostip(),
o.ttl, ipid, IP_TOS_DEFAULT, false, o.ttl, ipid, IP_TOS_DEFAULT, false,
o.ipoptions, o.ipoptionslen, o.ipoptions, o.ipoptionslen,
sport, pspec->pd.tcp.dport, sport, pspec->pd.tcp.dport,
@@ -1331,24 +1331,21 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
free(packet); free(packet);
} }
} else if (hss->target->af() == AF_INET6) { } else if (hss->target->af() == AF_INET6) {
struct sockaddr_storage source; for (decoy = 0; decoy < o.numdecoys; decoy++) {
struct sockaddr_in6 *sin6; packet = build_tcp_raw_ipv6(&((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr, hss->target->v6hostip(),
size_t source_len;
source_len = sizeof(source);
hss->target->SourceSockAddr(&source, &source_len);
sin6 = (struct sockaddr_in6 *) &source;
packet = build_tcp_raw_ipv6(&sin6->sin6_addr, hss->target->v6hostip(),
0, 0, o.ttl, sport, pspec->pd.tcp.dport, 0, 0, o.ttl, sport, pspec->pd.tcp.dport,
seq, ack, 0, pspec->pd.tcp.flags, 0, 0, seq, ack, 0, pspec->pd.tcp.flags, 0, 0,
tcpops, tcpopslen, tcpops, tcpopslen,
o.extra_payload, o.extra_payload_length, o.extra_payload, o.extra_payload_length,
&packetlen); &packetlen);
probe->setIP(packet, packetlen, pspec); if (decoy == o.decoyturn) {
probe->sent = USI->now; probe->setIP(packet, packetlen, pspec);
hss->probeSent(packetlen); probe->sent = USI->now;
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen); }
free(packet); hss->probeSent(packetlen);
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen);
free(packet);
}
} }
} else if (pspec->type == PS_UDP) { } else if (pspec->type == PS_UDP) {
const char *payload; const char *payload;
@@ -1358,7 +1355,7 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
if (hss->target->af() == AF_INET) { if (hss->target->af() == AF_INET) {
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
packet = build_udp_raw(&o.decoys[decoy], hss->target->v4hostip(), packet = build_udp_raw(&((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, hss->target->v4hostip(),
o.ttl, ipid, IP_TOS_DEFAULT, false, o.ttl, ipid, IP_TOS_DEFAULT, false,
o.ipoptions, o.ipoptionslen, o.ipoptions, o.ipoptionslen,
sport, pspec->pd.udp.dport, sport, pspec->pd.udp.dport,
@@ -1373,22 +1370,19 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
free(packet); free(packet);
} }
} else if (hss->target->af() == AF_INET6) { } else if (hss->target->af() == AF_INET6) {
struct sockaddr_storage source; for (decoy = 0; decoy < o.numdecoys; decoy++) {
struct sockaddr_in6 *sin6; packet = build_udp_raw_ipv6(&((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr, hss->target->v6hostip(),
size_t source_len;
source_len = sizeof(source);
hss->target->SourceSockAddr(&source, &source_len);
sin6 = (struct sockaddr_in6 *) &source;
packet = build_udp_raw_ipv6(&sin6->sin6_addr, hss->target->v6hostip(),
0, 0, o.ttl, sport, pspec->pd.tcp.dport, 0, 0, o.ttl, sport, pspec->pd.tcp.dport,
(char *) payload, payload_length, (char *) payload, payload_length,
&packetlen); &packetlen);
probe->setIP(packet, packetlen, pspec); if (decoy == o.decoyturn) {
probe->sent = USI->now; probe->setIP(packet, packetlen, pspec);
hss->probeSent(packetlen); probe->sent = USI->now;
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen); }
free(packet); hss->probeSent(packetlen);
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen);
free(packet);
}
} }
} else if (pspec->type == PS_SCTP) { } else if (pspec->type == PS_SCTP) {
switch (pspec->pd.sctp.chunktype) { switch (pspec->pd.sctp.chunktype) {
@@ -1414,7 +1408,7 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
} }
if (hss->target->af() == AF_INET) { if (hss->target->af() == AF_INET) {
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
packet = build_sctp_raw(&o.decoys[decoy], hss->target->v4hostip(), packet = build_sctp_raw(&((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, hss->target->v4hostip(),
o.ttl, ipid, IP_TOS_DEFAULT, false, o.ttl, ipid, IP_TOS_DEFAULT, false,
o.ipoptions, o.ipoptionslen, o.ipoptions, o.ipoptionslen,
sport, pspec->pd.sctp.dport, sport, pspec->pd.sctp.dport,
@@ -1430,23 +1424,20 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
free(packet); free(packet);
} }
} else if (hss->target->af() == AF_INET6) { } else if (hss->target->af() == AF_INET6) {
struct sockaddr_storage source; for (decoy = 0; decoy < o.numdecoys; decoy++) {
struct sockaddr_in6 *sin6; packet = build_sctp_raw_ipv6(&((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr, hss->target->v6hostip(),
size_t source_len;
source_len = sizeof(source);
hss->target->SourceSockAddr(&source, &source_len);
sin6 = (struct sockaddr_in6 *) &source;
packet = build_sctp_raw_ipv6(&sin6->sin6_addr, hss->target->v6hostip(),
0, 0, o.ttl, sport, pspec->pd.sctp.dport, 0, 0, o.ttl, sport, pspec->pd.sctp.dport,
vtag, chunk, chunklen, vtag, chunk, chunklen,
o.extra_payload, o.extra_payload_length, o.extra_payload, o.extra_payload_length,
&packetlen); &packetlen);
probe->setIP(packet, packetlen, pspec); if (decoy == o.decoyturn) {
probe->sent = USI->now; probe->setIP(packet, packetlen, pspec);
hss->probeSent(packetlen); probe->sent = USI->now;
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen); }
free(packet); hss->probeSent(packetlen);
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen);
free(packet);
}
} }
free(chunk); free(chunk);
} else if (pspec->type == PS_PROTO) { } else if (pspec->type == PS_PROTO) {
@@ -1458,7 +1449,7 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
sin->sin_family = AF_INET; sin->sin_family = AF_INET;
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
sin->sin_addr = o.decoys[decoy]; sin->sin_addr = ((struct sockaddr_in *)&o.decoys[decoy])->sin_addr;
packet = build_protoscan_packet(&ss, hss->target->TargetSockAddr(), packet = build_protoscan_packet(&ss, hss->target->TargetSockAddr(),
pspec->proto, sport, &packetlen); pspec->proto, sport, &packetlen);
assert(packet != NULL); assert(packet != NULL);
@@ -1471,18 +1462,29 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
free(packet); free(packet);
} }
} else if (hss->target->af() == AF_INET6) { } else if (hss->target->af() == AF_INET6) {
packet = build_protoscan_packet(hss->target->SourceSockAddr(), hss->target->TargetSockAddr(), struct sockaddr_storage ss;
struct sockaddr_in6 *sin6;
sin6 = (struct sockaddr_in6 *) &ss;
sin6->sin6_family = AF_INET6;
for (decoy = 0; decoy < o.numdecoys; decoy++) {
sin6->sin6_addr = ((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr;
packet = build_protoscan_packet(&ss, hss->target->TargetSockAddr(),
pspec->proto, sport, &packetlen); pspec->proto, sport, &packetlen);
assert(packet != NULL); assert(packet != NULL);
probe->setIP(packet, packetlen, pspec); if (decoy == o.decoyturn) {
probe->sent = USI->now; probe->setIP(packet, packetlen, pspec);
hss->probeSent(packetlen); probe->sent = USI->now;
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen); }
free(packet); hss->probeSent(packetlen);
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen);
free(packet);
}
} }
} else if (pspec->type == PS_ICMP) { } else if (pspec->type == PS_ICMP) {
for (decoy = 0; decoy < o.numdecoys; decoy++) { for (decoy = 0; decoy < o.numdecoys; decoy++) {
packet = build_icmp_raw(&o.decoys[decoy], hss->target->v4hostip(), packet = build_icmp_raw(&((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, hss->target->v4hostip(),
o.ttl, ipid, IP_TOS_DEFAULT, false, o.ttl, ipid, IP_TOS_DEFAULT, false,
o.ipoptions, o.ipoptionslen, o.ipoptions, o.ipoptionslen,
0, icmp_ident, pspec->pd.icmp.type, pspec->pd.icmp.code, 0, icmp_ident, pspec->pd.icmp.type, pspec->pd.icmp.code,
@@ -1497,23 +1499,20 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss,
free(packet); free(packet);
} }
} else if (pspec->type == PS_ICMPV6) { } else if (pspec->type == PS_ICMPV6) {
struct sockaddr_storage source; for (decoy =0; decoy < o.numdecoys; decoy++) {
struct sockaddr_in6 *sin6; packet = build_icmpv6_raw(&((struct sockaddr_in6 *)&o.decoys[decoy])->sin6_addr, hss->target->v6hostip(),
size_t source_len;
source_len = sizeof(source);
hss->target->SourceSockAddr(&source, &source_len);
sin6 = (struct sockaddr_in6 *) &source;
packet = build_icmpv6_raw(&sin6->sin6_addr, hss->target->v6hostip(),
0, 0, o.ttl, 0, icmp_ident, pspec->pd.icmpv6.type, 0, 0, o.ttl, 0, icmp_ident, pspec->pd.icmpv6.type,
pspec->pd.icmpv6.code, o.extra_payload, pspec->pd.icmpv6.code, o.extra_payload,
o.extra_payload_length, o.extra_payload_length,
&packetlen); &packetlen);
probe->setIP(packet, packetlen, pspec); if (decoy == o.decoyturn) {
probe->sent = USI->now; probe->setIP(packet, packetlen, pspec);
hss->probeSent(packetlen); probe->sent = USI->now;
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen); }
free(packet); hss->probeSent(packetlen);
send_ip_packet(USI->rawsd, ethptr, hss->target->TargetSockAddr(), packet, packetlen);
free(packet);
}
} else assert(0); } else assert(0);
/* Now that the probe has been sent, add it to the Queue for this host */ /* Now that the probe has been sent, add it to the Queue for this host */

4
targets.cc
View File

@@ -571,7 +571,7 @@ static Target *setup_target(const HostGroupState *hs,
#endif #endif
t->setSourceSockAddr(&rnfo.srcaddr, sizeof(rnfo.srcaddr)); t->setSourceSockAddr(&rnfo.srcaddr, sizeof(rnfo.srcaddr));
if (hs->current_batch_sz == 0) /* Because later ones can have different src addy and be cut off group */ if (hs->current_batch_sz == 0) /* Because later ones can have different src addy and be cut off group */
o.decoys[o.decoyturn] = t->v4source(); o.decoys[o.decoyturn] = t->source();
t->setDeviceNames(rnfo.ii.devname, rnfo.ii.devfullname); t->setDeviceNames(rnfo.ii.devname, rnfo.ii.devfullname);
t->setMTU(rnfo.ii.mtu); t->setMTU(rnfo.ii.mtu);
// printf("Target %s %s directly connected, goes through local iface %s, which %s ethernet\n", t->NameIP(), t->directlyConnected()? "IS" : "IS NOT", t->deviceName(), (t->ifType() == devt_ethernet)? "IS" : "IS NOT"); // printf("Target %s %s directly connected, goes through local iface %s, which %s ethernet\n", t->NameIP(), t->directlyConnected()? "IS" : "IS NOT", t->deviceName(), (t->ifType() == devt_ethernet)? "IS" : "IS NOT");
@@ -660,7 +660,7 @@ static void refresh_hostbatch(HostGroupState *hs, const addrset *exclude_group,
break; break;
} }
o.decoys[o.decoyturn] = t->v4source(); o.decoys[o.decoyturn] = t->source();
hs->hostbatch[hs->current_batch_sz++] = t; hs->hostbatch[hs->current_batch_sz++] = t;
} }

4
tcpip.cc
View File

@@ -839,7 +839,7 @@ int send_tcp_raw_decoys(int sd, const struct eth_nfo *eth,
for (decoy = 0; decoy < o.numdecoys; decoy++) for (decoy = 0; decoy < o.numdecoys; decoy++)
if (send_tcp_raw(sd, eth, if (send_tcp_raw(sd, eth,
&o.decoys[decoy], victim, &((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, victim,
ttl, df, ttl, df,
ipopt, ipoptlen, ipopt, ipoptlen,
sport, dport, sport, dport,
@@ -956,7 +956,7 @@ int send_udp_raw_decoys(int sd, const struct eth_nfo *eth,
int decoy; int decoy;
for (decoy = 0; decoy < o.numdecoys; decoy++) for (decoy = 0; decoy < o.numdecoys; decoy++)
if (send_udp_raw(sd, eth, &o.decoys[decoy], victim, if (send_udp_raw(sd, eth, &((struct sockaddr_in *)&o.decoys[decoy])->sin_addr, victim,
ttl, ipid, ipops, ipoptlen, ttl, ipid, ipops, ipoptlen,
sport, dport, data, datalen) == -1) sport, dport, data, datalen) == -1)
return -1; return -1;

11
traceroute.cc
View File

@@ -673,16 +673,7 @@ void Probe::send(int rawsd, eth_t *ethsd, struct timeval *now) {
host->target->SourceSockAddr(&source, &source_len); host->target->SourceSockAddr(&source, &source_len);
sent_time = get_now(now); sent_time = get_now(now);
} else { } else {
if (o.af() == AF_INET) { source = o.decoys[decoy];
struct sockaddr_in *sin;
sin = (struct sockaddr_in *) &source;
sin->sin_family = AF_INET;
sin->sin_addr = o.decoys[decoy];
} else {
/* Decoys are IPv4-only. */
continue;
}
} }
packet = this->build_packet(&source, &packetlen); packet = this->build_packet(&source, &packetlen);