PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity

Formatting in scan_engine.cc.

Browse Source 
astyle -a -p -H -s2 -m2 scan_engine.cc

With some manual correction.
This commit is contained in:
david
2012-05-31 07:14:05 +00:00
parent a1bae1bb5f
commit c923483956
1 changed files with 1519 additions and 1422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

353
scan_engine.cc
View File

@@ -247,19 +247,27 @@ public:
}
/* not reached */
}
u16 ipid() const { return probes.IP.ipid; }
u16 ipid() const {
return probes.IP.ipid;
}
u32 tcpseq() const; // TCP sequence number if protocol is TCP
u32 sctpvtag() const; // SCTP vtag if protocol is SCTP
/* Number, such as IPPROTO_TCP, IPPROTO_UDP, etc. */
u8 protocol() const { return mypspec.proto; }
ConnectProbe *CP() { return probes.CP; } // if type == UP_CONNECT
u8 protocol() const {
return mypspec.proto;
}
ConnectProbe *CP() {
return probes.CP; // if type == UP_CONNECT
}
// Arpprobe removed because not used.
// ArpProbe *AP() { return probes.AP; } // if UP_ARP
// Returns the protocol number, such as IPPROTO_TCP, or IPPROTO_UDP, by
// reading the appropriate fields of the probespec.
/* Get general details about the probe */
const probespec *pspec() const { return &mypspec; }
const probespec *pspec() const {
return &mypspec;
}
/* Returns true if the given tryno and pingseq match those within this
probe. */
@@ -279,7 +287,9 @@ public:
struct timeval sent;
/* Time the previous probe was sent, if this is a retransmit (tryno > 0) */
struct timeval prevSent;
bool isPing() { return pingseq > 0; }
bool isPing() {
return pingseq > 0;
}
private:
probespec mypspec; /* Filled in by the appropriate set* function */
@@ -478,7 +488,9 @@ public:
necessary. Note that probes on probe_bench are not included
in this value. */
unsigned int num_probes_waiting_retransmit;
unsigned int num_probes_outstanding() { return probes_outstanding.size(); }
unsigned int num_probes_outstanding() {
return probes_outstanding.size();
}
/* The bench is a stock of probes (compacted into just the
probespec) that have met the current maximum tryno, and are on
@@ -546,7 +558,8 @@ public:
u8 ret = nxtpseq;
if (inc) {
nxtpseq++;
if (nxtpseq == 0) nxtpseq++;
if (nxtpseq == 0)
nxtpseq++;
}
return ret;
}
@@ -572,7 +585,9 @@ private:
class UltraScanInfo {
public:
UltraScanInfo();
UltraScanInfo(vector<Target *> &Targets, struct scan_lists *pts, stype scantype) { Init(Targets, pts, scantype); }
UltraScanInfo(vector<Target *> &Targets, struct scan_lists *pts, stype scantype) {
Init(Targets, pts, scantype);
}
~UltraScanInfo();
/* Must call Init if you create object with default constructor */
void Init(vector<Target *> &Targets, struct scan_lists *pts, stype scantp);
@@ -622,13 +637,19 @@ public:
double getCompletionFraction();
unsigned int numIncompleteHosts() { return incompleteHosts.size(); }
unsigned int numIncompleteHosts() {
return incompleteHosts.size();
}
/* Call this instead of checking for numIncompleteHosts() == 0 because it
avoids a potential traversal of the list to find the size. */
bool incompleteHostsEmpty() { return incompleteHosts.empty(); }
bool incompleteHostsEmpty() {
return incompleteHosts.empty();
}
bool numIncompleteHostsLessThan(unsigned int n);
unsigned int numInitialHosts() { return numInitialTargets; }
unsigned int numInitialHosts() {
return numInitialTargets;
}
void log_overall_rates(int logt) {
log_write(logt, "Overall sending rates: %.2f packets / s", send_rate_meter.getOverallPacketRate(&now));
@@ -691,21 +712,29 @@ static char *probespec2ascii(const probespec *pspec, char *buf, unsigned int buf
char *f;
switch (pspec->type) {
case PS_TCP:
if (!pspec->pd.tcp.flags) Strncpy(flagbuf, "(none)", sizeof(flagbuf));
else {
if (!pspec->pd.tcp.flags) {
Strncpy(flagbuf, "(none)", sizeof(flagbuf));
} else {
f = flagbuf;
if (pspec->pd.tcp.flags & TH_SYN) *f++ = 'S';
if (pspec->pd.tcp.flags & TH_FIN) *f++ = 'F';
if (pspec->pd.tcp.flags & TH_RST) *f++ = 'R';
if (pspec->pd.tcp.flags & TH_PUSH) *f++ = 'P';
if (pspec->pd.tcp.flags & TH_ACK) *f++ = 'A';
if (pspec->pd.tcp.flags & TH_URG) *f++ = 'U';
if (pspec->pd.tcp.flags & TH_ECE) *f++ = 'E'; /* rfc 2481/3168 */
if (pspec->pd.tcp.flags & TH_CWR) *f++ = 'C'; /* rfc 2481/3168 */
if (pspec->pd.tcp.flags & TH_SYN)
*f++ = 'S';
if (pspec->pd.tcp.flags & TH_FIN)
*f++ = 'F';
if (pspec->pd.tcp.flags & TH_RST)
*f++ = 'R';
if (pspec->pd.tcp.flags & TH_PUSH)
*f++ = 'P';
if (pspec->pd.tcp.flags & TH_ACK)
*f++ = 'A';
if (pspec->pd.tcp.flags & TH_URG)
*f++ = 'U';
if (pspec->pd.tcp.flags & TH_ECE)
*f++ = 'E'; /* rfc 2481/3168 */
if (pspec->pd.tcp.flags & TH_CWR)
*f++ = 'C'; /* rfc 2481/3168 */
*f++ = '\0';
}
Snprintf(buf, bufsz, "tcp to port %hu; flags: %s", pspec->pd.tcp.dport,
flagbuf);
Snprintf(buf, bufsz, "tcp to port %hu; flags: %s", pspec->pd.tcp.dport, flagbuf);
break;
case PS_UDP:
Snprintf(buf, bufsz, "udp to port %hu", pspec->pd.udp.dport);
@@ -756,7 +785,8 @@ ConnectProbe::ConnectProbe() {
}
ConnectProbe::~ConnectProbe() {
if (sd > 0) close(sd);
if (sd > 0)
close(sd);
sd = -1;
}
@@ -1198,7 +1228,8 @@ bool HostScanStats::sendOK(struct timeval *when) {
long tdiff;
if (target->timedOut(&USI->now) || completed()) {
if (when) *when = USI->now;
if (when)
*when = USI->now;
return false;
}
@@ -1226,7 +1257,9 @@ bool HostScanStats::sendOK(struct timeval *when) {
if (sdn.delayms) {
if (TIMEVAL_MSEC_SUBTRACT(USI->now, lastprobe_sent) < (int) sdn.delayms) {
if (when) { TIMEVAL_MSEC_ADD(*when, lastprobe_sent, sdn.delayms); }
if (when) {
TIMEVAL_MSEC_ADD(*when, lastprobe_sent, sdn.delayms);
}
return false;
}
}
@@ -1234,7 +1267,8 @@ bool HostScanStats::sendOK(struct timeval *when) {
getTiming(&tmng);
if (tmng.cwnd >= num_probes_active + .5 &&
(freshPortsLeft() || num_probes_waiting_retransmit || !retry_stack.empty())) {
if (when) *when = USI->now;
if (when)
*when = USI->now;
return true;
}
@@ -1324,7 +1358,8 @@ unsigned int HostScanStats::allowedTryno(bool *capped, bool *mayincrease) {
/* TODO: This should perhaps differ by scan type. */
maxval = MAX(1, max_successful_tryno + 1);
if (maxval > (unsigned int) USI->perf.tryno_cap) {
if (capped) *capped = true;
if (capped)
*capped = true;
maxval = USI->perf.tryno_cap;
tryno_mayincrease = false; /* It never exceeds the cap */
} else if (capped) *capped = false;
@@ -1368,9 +1403,17 @@ UltraScanInfo::~UltraScanInfo() {
}
delete gstats;
delete SPM;
if (rawsd >= 0) { close(rawsd); rawsd = -1; }
if (pd) { pcap_close(pd); pd = NULL; }
if (ethsd) { ethsd = NULL; /* NO need to eth_close it due to caching */ }
if (rawsd >= 0) {
close(rawsd);
rawsd = -1;
}
if (pd) {
pcap_close(pd);
pd = NULL;
}
if (ethsd) {
ethsd = NULL; /* NO need to eth_close it due to caching */
}
}
/* Returns true if this scan is a "raw" scan. A raw scan is ont that requires a
@@ -1602,8 +1645,7 @@ void UltraScanInfo::Init(vector<Target *> &Targets, struct scan_lists *pts, styp
/* Return the total number of probes that may be sent to each host. This never
changes after initialization. */
unsigned int UltraScanInfo::numProbesPerHost()
{
unsigned int UltraScanInfo::numProbesPerHost() {
unsigned int numprobes = 0;
if (tcp_scan) {
@@ -1706,7 +1748,8 @@ bool UltraScanInfo::sendOK(struct timeval *when) {
if (TIMEVAL_MSEC_SUBTRACT(lowhtime, now) < 0)
lowhtime = now;
if (when) *when = lowhtime;
if (when)
*when = lowhtime;
return (TIMEVAL_MSEC_SUBTRACT(lowhtime, now) == 0) ? true : false;
}
@@ -1837,7 +1880,8 @@ int UltraScanInfo::removeCompletedHosts() {
log_write(LOG_PLAIN, "Changing global ping host to %s.\n", hss->target->targetipstr());
gstats->pinghost = hss;
}
if (timedout) gstats->num_hosts_timedout++;
if (timedout)
gstats->num_hosts_timedout++;
hss->target->stopTimeOutClock(&now);
}
}
@@ -1864,7 +1908,8 @@ int determineScanGroupSize(int hosts_scanned_so_far,
groupsize = MAX(1024 / (ports->tcp_count ? ports->tcp_count : 1), 64);
if (ports->tcp_count > 1000 && o.timing_level <= 4) {
int quickgroupsz = 4;
if (o.timing_level == 4) quickgroupsz = 8;
if (o.timing_level == 4)
quickgroupsz = 8;
if (hosts_scanned_so_far == 0)
groupsize = quickgroupsz; // Give quick results for the very first batch
else if (hosts_scanned_so_far == quickgroupsz &&
@@ -1922,13 +1967,27 @@ static int get_next_target_probe(UltraScanInfo *USI, HostScanStats *hss,
pspec->pd.tcp.flags = o.scanflags;
else {
switch (USI->scantype) {
case SYN_SCAN: pspec->pd.tcp.flags = TH_SYN; break;
case ACK_SCAN: pspec->pd.tcp.flags = TH_ACK; break;
case XMAS_SCAN: pspec->pd.tcp.flags = TH_FIN|TH_URG|TH_PUSH; break;
case NULL_SCAN: pspec->pd.tcp.flags = 0; break;
case FIN_SCAN: pspec->pd.tcp.flags = TH_FIN; break;
case MAIMON_SCAN: pspec->pd.tcp.flags = TH_FIN|TH_ACK; break;
case WINDOW_SCAN: pspec->pd.tcp.flags = TH_ACK; break;
case SYN_SCAN:
pspec->pd.tcp.flags = TH_SYN;
break;
case ACK_SCAN:
pspec->pd.tcp.flags = TH_ACK;
break;
case XMAS_SCAN:
pspec->pd.tcp.flags = TH_FIN | TH_URG | TH_PUSH;
break;
case NULL_SCAN:
pspec->pd.tcp.flags = 0;
break;
case FIN_SCAN:
pspec->pd.tcp.flags = TH_FIN;
break;
case MAIMON_SCAN:
pspec->pd.tcp.flags = TH_FIN | TH_ACK;
break;
case WINDOW_SCAN:
pspec->pd.tcp.flags = TH_ACK;
break;
default:
assert(0);
break;
@@ -2087,10 +2146,12 @@ int HostScanStats::freshPortsLeft() {
return 0;
return USI->ports->prot_count - next_portidx;
} else if (USI->ping_scan_arp) {
if (sent_arp) return 0;
if (sent_arp)
return 0;
return 1;
} else if (USI->ping_scan_nd) {
if (sent_arp) return 0;
if (sent_arp)
return 0;
return 1;
} else if (USI->ping_scan) {
unsigned int num_probes = 0;
@@ -2656,7 +2717,8 @@ void HostScanStats::boostScanDelay() {
/* Dismiss all probe attempts on bench -- hosts are marked down and ports will
be set to whatever the default port state is for the scan. */
void HostScanStats::dismissBench() {
if (probe_bench.empty()) return;
if (probe_bench.empty())
return;
while (!probe_bench.empty()) {
if (USI->ping_scan)
ultrascan_host_pspec_update(USI, this, &probe_bench.back(), HOST_DOWN);
@@ -2670,7 +2732,8 @@ void HostScanStats::dismissBench() {
/* Move all members of bench to retry_stack for probe retransmission */
void HostScanStats::retransmitBench() {
if (probe_bench.empty()) return;
if (probe_bench.empty())
return;
/* Move all contents of probe_bench to the end of retry_stack, updating retry_stack_tries accordingly */
retry_stack.insert(retry_stack.end(), probe_bench.begin(), probe_bench.end());
@@ -2937,7 +3000,8 @@ static UltraProbe *sendConnectScanProbe(UltraScanInfo *USI, HostScanStats *hss,
CP = probe->CP();
/* Initiate the connection */
CP->sd = socket(o.af(), SOCK_STREAM, IPPROTO_TCP);
if (CP->sd == -1) pfatal("Socket creation in %s", __func__);
if (CP->sd == -1)
pfatal("Socket creation in %s", __func__);
unblock_socket(CP->sd);
init_socket(CP->sd);
set_ttl(CP->sd, o.ttl);
@@ -2956,7 +3020,8 @@ static UltraProbe *sendConnectScanProbe(UltraScanInfo *USI, HostScanStats *hss,
hss->probeSent(0);
rc = connect(CP->sd, (struct sockaddr *)&sock, socklen);
gettimeofday(&USI->now, NULL);
if (rc == -1) connect_errno = socket_errno();
if (rc == -1)
connect_errno = socket_errno();
PacketTrace::traceConnect(IPPROTO_TCP, (sockaddr *) &sock, socklen, rc,
connect_errno, &USI->now);
/* This counts as probe being sent, so update structures */
@@ -3146,8 +3211,7 @@ static UltraProbe *sendNDScanProbe(UltraScanInfo *USI, HostScanStats *hss,
destination addresses and protocol. src and dst must be of the same address
family. Returns NULL on error. */
static u8 *build_protoscan_packet(const struct sockaddr_storage *src,
const struct sockaddr_storage *dst, u8 proto, u16 sport, u32 *packetlen)
{
const struct sockaddr_storage *dst, u8 proto, u16 sport, u32 *packetlen) {
u16 icmp_ident, ipid;
u8 *packet;
@@ -3191,8 +3255,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src,
sport, o.magic_port,
o.extra_payload, o.extra_payload_length, packetlen);
break;
case IPPROTO_SCTP:
{
case IPPROTO_SCTP: {
struct sctp_chunkhdr_init chunk;
sctp_pack_chunkhdr_init(&chunk, SCTP_INIT, 0, sizeof(chunk),
@@ -3235,8 +3298,7 @@ static u8 *build_protoscan_packet(const struct sockaddr_storage *src,
sport, o.magic_port,
o.extra_payload, o.extra_payload_length, packetlen);
break;
case IPPROTO_SCTP:
{
case IPPROTO_SCTP: {
struct sctp_chunkhdr_init chunk;
sctp_pack_chunkhdr_init(&chunk, SCTP_INIT, 0, sizeof(chunk),
get_random_u32() /*itag*/, 32768, 10, 2048, get_random_u32() /*itsn*/);
@@ -3703,20 +3765,15 @@ static void retransmitProbe(UltraScanInfo *USI, HostScanStats *hss,
UltraProbe *newProbe = NULL;
if (probe->type == UltraProbe::UP_IP) {
if (USI->prot_scan || USI->ptech.rawprotoscan)
newProbe = sendIPScanProbe(USI, hss, probe->pspec(),
probe->tryno + 1, 0);
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1, 0);
else if (probe->protocol() == IPPROTO_TCP) {
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1,
0);
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1, 0);
} else if (probe->protocol() == IPPROTO_UDP) {
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1,
0);
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1, 0);
} else if (probe->protocol() == IPPROTO_SCTP) {
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1,
0);
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1, 0);
} else if (probe->protocol() == IPPROTO_ICMP || probe->protocol() == IPPROTO_ICMPV6) {
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1,
0);
newProbe = sendIPScanProbe(USI, hss, probe->pspec(), probe->tryno + 1, 0);
} else {
assert(0);
}
@@ -3814,7 +3871,8 @@ static void doAnyOutstandingRetransmits(UltraScanInfo *USI) {
gettimeofday(&USI->now, NULL);
if (o.debugging) {
long tv_diff = TIMEVAL_MSEC_SUBTRACT(USI->now, tv_start);
if (tv_diff > 30) log_write(LOG_PLAIN, "%s took %lims\n", __func__, tv_diff);
if (tv_diff > 30)
log_write(LOG_PLAIN, "%s took %lims\n", __func__, tv_diff);
}
}
@@ -3893,7 +3951,8 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) {
do {
timeleft = TIMEVAL_MSEC_SUBTRACT(*stime, USI->now);
if (timeleft < 0) timeleft = 0;
if (timeleft < 0)
timeleft = 0;
fds_rtmp = USI->gstats->CSI->fds_read;
fds_wtmp = USI->gstats->CSI->fds_write;
fds_xtmp = USI->gstats->CSI->fds_except;
@@ -3904,8 +3963,7 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) {
selectres = select(CSI->maxValidSD + 1, &fds_rtmp, &fds_wtmp,
&fds_xtmp, &timeout);
err = socket_errno();
}
else {
} else {
/* Apparently Windows returns an WSAEINVAL if you select without watching any SDs. Lame. We'll usleep instead in that case */
usleep(timeleft * 1000);
selectres = 0;
@@ -3936,11 +3994,13 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) {
hostI = completedHostI++;
host = *hostI;
if (host->num_probes_active == 0) continue;
if (host->num_probes_active == 0)
continue;
nextProbeI = probeI = host->probes_outstanding.end();
listsz = host->num_probes_outstanding();
if (listsz) nextProbeI--;
if (listsz)
nextProbeI--;
for (probenum = 0; probenum < listsz && numGoodSD < selectres; probenum++) {
probeI = nextProbeI;
if (probeI != host->probes_outstanding.begin())
@@ -4279,7 +4339,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
struct ip *ip_tmp;
to_usec = TIMEVAL_SUBTRACT(*stime, USI->now);
if (to_usec < 2000) to_usec = 2000;
if (to_usec < 2000)
to_usec = 2000;
ip_tmp = (struct ip *) readip_pcap(USI->pd, &bytes, to_usec, &rcvdtime, &linkhdr, true);
gettimeofday(&USI->now, NULL);
if (!ip_tmp && TIMEVAL_SUBTRACT(*stime, USI->now) < 0) {
@@ -4338,7 +4399,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
struct tcp_hdr *tcp = (struct tcp_hdr *) data;
/* Now ensure this host is even in the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
setTargetMACIfAvailable(hss->target, &linkhdr, &hdr.src, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -4385,7 +4447,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* Now ensure this host is even in the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
setTargetMACIfAvailable(hss->target, &linkhdr, &hdr.src, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -4485,7 +4548,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* ensure this packet relates to a packet to the host
we are scanning ... */
hss = USI->findHost(&encaps_hdr.dst);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -4564,7 +4628,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
break;
}
current_reason = icmp_to_reason(hdr.proto, icmp->icmp_type, icmp->icmp_code);
if (newstate == PORT_UNKNOWN) break;
if (newstate == PORT_UNKNOWN)
break;
goodone = true;
}
}
@@ -4607,7 +4672,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* ensure this packet relates to a packet to the host
we are scanning ... */
hss = USI->findHost(&encaps_hdr.dst);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -4728,7 +4794,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* Search for this host on the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
ss_len = sizeof(target_src);
@@ -4826,7 +4893,8 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
hss->target->ports.setStateReason(IPPROTO_ICMP, IPPROTO_IP, icmp_to_reason(hdr.proto, icmp->icmp_type, icmp->icmp_code),
hdr.ttl, &reason_sip);
}
if (!goodone) goodone = true;
if (!goodone)
goodone = true;
break;
}
}
@@ -4875,7 +4943,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
do {
to_usec = TIMEVAL_SUBTRACT(*stime, USI->now);
if (to_usec < 2000) to_usec = 2000;
if (to_usec < 2000)
to_usec = 2000;
ip_tmp = (struct ip *) readip_pcap(USI->pd, &bytes, to_usec, &rcvdtime,
&linkhdr, true);
gettimeofday(&USI->now, NULL);
@@ -4917,11 +4986,12 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* Echo reply, Timestamp reply, or Address Mask Reply. RFCs 792 and 950. */
/* ICMPv6 Echo reply */
if (USI->ptech.rawicmpscan && ((hdr.proto == IPPROTO_ICMP && (ping->type
== 0 || ping->type == 14 || ping->type == 18)) || (hdr.proto
== IPPROTO_ICMPV6 && ping->type == 129))) {
if (USI->ptech.rawicmpscan
&& ((hdr.proto == IPPROTO_ICMP && (ping->type == 0 || ping->type == 14 || ping->type == 18))
|| (hdr.proto == IPPROTO_ICMPV6 && ping->type == 129))) {
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
setTargetMACIfAvailable(hss->target, &linkhdr, &hdr.src, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -5022,7 +5092,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
}
hss = USI->findHost(&encaps_hdr.dst);
if (!hss) continue; // Not referring to a host that interests us
if (!hss)
continue; // Not referring to a host that interests us
setTargetMACIfAvailable(hss->target, &linkhdr, &encaps_hdr.dst, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -5104,7 +5175,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* I don't want anything to do with timing this. */
adjust_timing = false;
} else if (hdr.proto == IPPROTO_ICMP && ping->type == 4) {
if (o.debugging) log_write(LOG_STDOUT, "Got ICMP source quench\n");
if (o.debugging)
log_write(LOG_STDOUT, "Got ICMP source quench\n");
usleep(50000);
} else if (hdr.proto == IPPROTO_ICMPV6 && ping->type == 4) {
if (o.debugging)
@@ -5128,7 +5200,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
continue;
/* Now ensure this host is even in the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
setTargetMACIfAvailable(hss->target, &linkhdr, &hdr.src, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -5165,7 +5238,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
struct udp_hdr *udp = (struct udp_hdr *) data;
/* Search for this host on the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
goodone = false;
@@ -5214,7 +5288,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
(struct dnet_sctp_chunkhdr *) ((u8 *) sctp + 12);
/* Search for this host on the incomplete list */
hss = USI->findHost(&hdr.src);
if (!hss) continue; // Not from a host that interests us
if (!hss)
continue; // Not from a host that interests us
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
goodone = false;
@@ -5263,7 +5338,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
/* Check for a protocol reply */
if (!goodone && USI->ptech.rawprotoscan) {
hss = USI->findHost(&hdr.src);
if (!hss) continue;
if (!hss)
continue;
setTargetMACIfAvailable(hss->target, &linkhdr, &hdr.src, 0);
probeI = hss->probes_outstanding.end();
listsz = hss->num_probes_outstanding();
@@ -5434,8 +5510,11 @@ static void begin_sniffer(UltraScanInfo *USI, vector<Target *> &Targets) {
pcap_filter += inet_ntop_ez(&source, sizeof(source));
pcap_filter += " and (icmp or icmp6 or tcp or udp or sctp)";
}
}else assert(0);
if (o.debugging) log_write(LOG_PLAIN, "Packet capture filter (device %s): %s\n", Targets[0]->deviceFullName(), pcap_filter.c_str());
} else {
assert(0);
}
if (o.debugging)
log_write(LOG_PLAIN, "Packet capture filter (device %s): %s\n", Targets[0]->deviceFullName(), pcap_filter.c_str());
set_pcap_filter(Targets[0]->deviceFullName(), USI->pd, pcap_filter.c_str());
/* pcap_setnonblock(USI->pd, 1, NULL); */
return;
@@ -5572,7 +5651,8 @@ static void processData(UltraScanInfo *USI) {
gettimeofday(&USI->now, NULL);
if (o.debugging) {
long tv_diff = TIMEVAL_MSEC_SUBTRACT(USI->now, tv_start);
if (tv_diff > 30) log_write(LOG_PLAIN, "%s took %lims\n", __func__, tv_diff);
if (tv_diff > 30)
log_write(LOG_PLAIN, "%s took %lims\n", __func__, tv_diff);
}
}
@@ -5711,7 +5791,8 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
unsigned short portno, p1, p2;
int timedout;
if (! numports) return; /* nothing to scan for */
if (numports == 0)
return; /* nothing to scan for */
Snprintf(targetstr, 20, "%d,%d,%d,%d,", UC(t[0]), UC(t[1]), UC(t[2]), UC(t[3]));
@@ -5731,7 +5812,8 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
p1 = ((unsigned char *) &portno)[0];
p2 = ((unsigned char *) &portno)[1];
Snprintf(command, 512, "PORT %s%i,%i\r\n", targetstr, p1, p2);
if (o.debugging) log_write(LOG_STDOUT, "Attempting command: %s", command);
if (o.debugging)
log_write(LOG_STDOUT, "Attempting command: %s", command);
if (send(sd, command, strlen(command), 0) < 0 ) {
gh_perror("send in %s", __func__);
if (retriesleft) {
@@ -5740,11 +5822,11 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
retriesleft--;
close(sd);
ftp->sd = ftp_anon_connect(ftp);
if (ftp->sd < 0) return;
if (ftp->sd < 0)
return;
sd = ftp->sd;
i--;
}
else {
} else {
error("Our socket descriptor is dead and we are out of retries. Giving up.");
close(sd);
ftp->sd = -1;
@@ -5752,26 +5834,24 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
}
} else { /* Our send is good */
res = recvtime(sd, recvbuf, 2048, 15, NULL);
if (res <= 0)
if (res <= 0) {
perror("recv problem from FTP bounce server");
else { /* our recv is good */
} else { /* our recv is good */
recvbuf[res] = '\0';
if (o.debugging) log_write(LOG_STDOUT, "result of port query on port %i: %s",
if (o.debugging)
log_write(LOG_STDOUT, "result of port query on port %i: %s",
portarray[i], recvbuf);
if (recvbuf[0] == '5') {
if (portarray[i] > 1023) {
fatal("Your FTP bounce server sucks, it won't let us feed bogus ports!");
}
else {
} else {
error("Your FTP bounce server doesn't allow privileged ports, skipping them.");
while (i < numports && portarray[i] < 1024) i++;
if (!portarray[i]) {
fatal("And you didn't want to scan any unpriviliged ports. Giving up.");
}
}
}
else /* Not an error message */
} else { /* Not an error message */
if (send(sd, "LIST\r\n", 6, 0) > 0 ) {
res = recvtime(sd, recvbuf, 2048, 12, &timedout);
if (res < 0) {
@@ -5782,7 +5862,8 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
else target->ports.setPortState(portarray[i], IPPROTO_TCP, PORT_CLOSED);
} else {
recvbuf[res] = '\0';
if (o.debugging) log_write(LOG_STDOUT, "result of LIST: %s", recvbuf);
if (o.debugging)
log_write(LOG_STDOUT, "result of LIST: %s", recvbuf);
if (!strncmp(recvbuf, "500", 3)) {
/* fuck, we are not aligned properly */
if (o.verbose || o.debugging)
@@ -5798,9 +5879,9 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
else {
recvbuf[res] = '\0';
if (res > 0) {
if (o.debugging) log_write(LOG_STDOUT, "nxt line: %s", recvbuf);
if (recvbuf[0] == '4' && recvbuf[1] == '2' &&
recvbuf[2] == '6') {
if (o.debugging)
log_write(LOG_STDOUT, "nxt line: %s", recvbuf);
if (recvbuf[0] == '4' && recvbuf[1] == '2' && recvbuf[2] == '6') {
target->ports.forgetPort(portarray[i], IPPROTO_TCP);
if (o.debugging || o.verbose)
log_write(LOG_STDOUT, "Changed my mind about port %i\n", portarray[i]);
@@ -5817,6 +5898,7 @@ void bounce_scan(Target *target, u16 *portarray, int numports,
}
}
}
}
if (o.debugging || o.verbose)
log_write(LOG_STDOUT, "Scanned %d ports in %ld seconds via the Bounce scan.\n",
@@ -5923,8 +6005,10 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
scan[j].trynum = 0;
scan[j].prev = j - 1;
scan[j].sd[0] = scan[j].sd[1] = scan[j].sd[2] = -1;
if (j < rsi.rpc_number -1 ) scan[j].next = j+1;
else scan[j].next = -1;
if (j < rsi.rpc_number - 1 )
scan[j].next = j + 1;
else
scan[j].next = -1;
}
current = pil.testinglist = &scan[0];
rsi.rpc_current_port = NULL;
@@ -5966,7 +6050,8 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
break; // Good - an RPC port for us to scan.
}
if (!rsi.rpc_current_port) /* Woop! Done! */ break;
if (!rsi.rpc_current_port)
break; /* Woop! Done! */
/* Reinit our testinglist so we try each RPC prog */
pil.testinglist = &scan[0];
@@ -5984,8 +6069,7 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
SPM = new ScanProgressMeter(scanname);
}
while(pil.testinglist != NULL) /* While we have live queries or more ports to scan */
{
while (pil.testinglist != NULL) { /* While we have live queries or more ports to scan */
if (keyWasPressed()) {
// We can print out some status here if we want
@@ -6013,17 +6097,20 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
rsi.rpc_status = RPC_STATUS_NOT_RPC;
ss.numqueries_outstanding = 0;
break;
}
else {
} else {
/* I think I am going to slow down a little */
target->to.rttvar = MIN(2000000, (int) (target->to.rttvar * 1.2));
}
if (o.debugging > 2) { log_write(LOG_STDOUT, "Moving port or prog %lu to the potentially firewalled list\n", (unsigned long) current->portno); }
if (o.debugging > 2) {
log_write(LOG_STDOUT, "Moving port or prog %lu to the potentially firewalled list\n", (unsigned long) current->portno);
}
current->state = PORT_FILTERED; /* For various reasons */
/* First delete from old list */
if (current->next > -1) scan[current->next].prev = current->prev;
if (current->prev > -1) scan[current->prev].next = current->next;
if (current->next > -1)
scan[current->next].prev = current->prev;
if (current->prev > -1)
scan[current->prev].next = current->next;
if (current == pil.testinglist)
pil.testinglist = (current->next >= 0) ? &scan[current->next] : NULL;
current->next = -1;
@@ -6032,8 +6119,10 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
ss.numqueries_outstanding--;
} else { /* timeout ... we've got to resend */
if (o.scan_delay) enforce_scan_delay(NULL);
if (o.debugging > 2) { log_write(LOG_STDOUT, "Timeout, resending to portno/progno %lu\n", current->portno); }
if (o.scan_delay)
enforce_scan_delay(NULL);
if (o.debugging > 2)
log_write(LOG_STDOUT, "Timeout, resending to portno/progno %lu\n", current->portno);
current->trynum++;
gettimeofday(&current->sent[current->trynum], NULL);
now = current->sent[current->trynum];
@@ -6046,7 +6135,8 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
break;
}
if (senddelay) usleep(senddelay);
if (senddelay)
usleep(senddelay);
}
}
} else {
@@ -6055,8 +6145,10 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
/* current->state == PORT_FRESH */
/* OK, now we have gone through our list of in-transit queries, so now
we try to send off new queries if we can ... */
if (ss.numqueries_outstanding >= (int) ss.numqueries_ideal) break;
if (o.scan_delay) enforce_scan_delay(NULL);
if (ss.numqueries_outstanding >= (int) ss.numqueries_ideal)
break;
if (o.scan_delay)
enforce_scan_delay(NULL);
if (o.debugging > 2)
log_write(LOG_STDOUT, "Sending initial query to port/prog %lu\n", current->portno);
/* Otherwise lets send a packet! */
@@ -6073,10 +6165,14 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
rsi.rpc_status = RPC_STATUS_NOT_RPC;
break;
}
if (senddelay) usleep(senddelay);
if (senddelay)
usleep(senddelay);
}
}
if (o.debugging > 1) log_write(LOG_STDOUT, "Ideal number of queries: %d outstanding: %d max %d ports_left %d timeout %d senddelay: %dus\n", (int) ss.numqueries_ideal, ss.numqueries_outstanding, ss.max_width, ss.ports_left, target->to.timeout, senddelay);
if (o.debugging > 1) {
log_write(LOG_STDOUT, "Ideal number of queries: %d outstanding: %d max %d ports_left %d timeout %d senddelay: %dus\n",
(int) ss.numqueries_ideal, ss.numqueries_outstanding, ss.max_width, ss.ports_left, target->to.timeout, senddelay);
}
/* Now that we have sent the packets we wait for responses */
ss.alreadydecreasedqueries = 0;
@@ -6112,7 +6208,8 @@ void pos_scan(Target *target, u16 *portarray, int numports, stype scantype) {
scan[j].state = PORT_FRESH;
scan[j].trynum = 0;
scan[j].prev = j - 1;
if (j < rsi.rpc_number -1 ) scan[j].next = j+1;
if (j < rsi.rpc_number - 1)
scan[j].next = j + 1;
else scan[j].next = -1;
}
current = pil.testinglist = &scan[0];