📄 tcpip.cc
字号:
pf.*/int resolve(char *hostname, struct sockaddr_storage *ss, size_t *sslen, int pf) { struct addrinfo hints; struct addrinfo *result; int rc; assert(ss); assert(sslen); memset(&hints, 0, sizeof(hints)); hints.ai_family = pf; rc = getaddrinfo(hostname, NULL, &hints, &result); if (rc != 0) return 0; assert(result->ai_addrlen > 0 && result->ai_addrlen <= (int) sizeof(struct sockaddr_storage)); *sslen = result->ai_addrlen; memcpy(ss, result->ai_addr, *sslen); freeaddrinfo(result); return 1;}int islocalhost(const struct in_addr * const addr) {char dev[128]; /* If it is 0.0.0.0 or starts with 127 then it is probably localhost */ if ((addr->s_addr & htonl(0xFF000000)) == htonl(0x7F000000)) return 1; if (!addr->s_addr) return 1; /* If it is the same addy as a local interface, then it is probably localhost */ if (ipaddr2devname(dev, addr) != -1) return 1; /* OK, so to a first approximation, this addy is probably not localhost */ return 0;}int isipprivate(const struct in_addr * const addr) { char *ipc; unsigned char i1, i2; if(!addr) return 0; ipc = (char *) &(addr->s_addr); i1 = ipc[0]; i2 = ipc[1]; /* 10.0.0.0/8 */ if (i1 == 10) return 1; /* 172.16.0.0/12 */ if (i1 == 172 && i2 >= 16 && i2 <= 31) return 1; /* 192.168.0.0/16 */ if (i1 == 192 && i2 == 168) return 1; return 0;}#ifdef WIN32/* Convert a dnet interface name into the long pcap style. This also caches the datato speed things up. Fills out pcapdev (up to pcapdevlen) and returns true if it finds anything.Otherwise returns false. This is only necessary on Windows.*/bool DnetName2PcapName(const char *dnetdev, char *pcapdev, int pcapdevlen) { static struct NameCorrelationCache { char dnetd[64]; char pcapd[128]; } *NCC = NULL; static int NCCsz = 0; static int NCCcapacity = 0; int i; char tmpdev[128]; // Init the cache if not done yet if (!NCC) { NCCcapacity = 5; NCC = (struct NameCorrelationCache *) safe_zalloc(NCCcapacity * sizeof(*NCC)); NCCsz = 0; } // First check if the name is already in the cache for(i=0; i < NCCsz; i++) { if (strcmp(NCC[i].dnetd, dnetdev) == 0) { Strncpy(pcapdev, NCC[i].pcapd, pcapdevlen); return true; } } // OK, so it isn't in the cache. Let's ask dnet for it./* Converts a dnet interface name (ifname) to its pcap equivalent, which is stored inpcapdev (up to a length of pcapdevlen). Returns 0 and fills in pcapdev if successful. */ if (intf_get_pcap_devname(dnetdev, tmpdev, sizeof(tmpdev)) != 0) return false; // We've got it. Let's add it to the cache if (NCCsz >= NCCcapacity) { NCCcapacity <<= 2; NCC = (struct NameCorrelationCache *) safe_realloc(NCC, NCCcapacity * sizeof(*NCC)); } Strncpy(NCC[NCCsz].dnetd, dnetdev, sizeof(NCC[0].dnetd)); Strncpy(NCC[NCCsz].pcapd, tmpdev, sizeof(NCC[0].pcapd)); NCCsz++; Strncpy(pcapdev, tmpdev, pcapdevlen); return true;}#endifpcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc, int to_ms) { char err0r[PCAP_ERRBUF_SIZE]; pcap_t *pt; char pcapdev[128]; int failed = 0; assert(device != NULL);#ifdef WIN32/* Nmap normally uses device names obtained through dnet for interfaces, but Pcap has its ownnaming system. So the conversion is done here */ if (!DnetName2PcapName(device, pcapdev, sizeof(pcapdev))) { /* Oh crap -- couldn't find the corresponding dev apparently. Let's just go with what we have then ... */ Strncpy(pcapdev, device, sizeof(pcapdev)); }#else Strncpy(pcapdev, device, sizeof(pcapdev));#endif do { pt = pcap_open_live(pcapdev, snaplen, promisc, to_ms, err0r); if (!pt) { failed++; if (failed >= 3) {fatal("Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error: %s\nThere are several possible reasons for this, depending on your operating system:\n" "LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n" "*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n" "*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n" "SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-PN -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r); } else { error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed)); } sleep((int) pow(5.0, failed)); } } while (!pt);#ifdef WIN32 /* We want any responses back ASAP */ pcap_setmintocopy(pt, 1);#endif return pt;}/* Standard BSD internet checksum routine */unsigned short in_cksum(u16 *ptr,int nbytes) {register u32 sum;u16 oddbyte;register u16 answer;/* * Our algorithm is simple, using a 32-bit accumulator (sum), * we add sequential 16-bit words to it, and at the end, fold back * all the carry bits from the top 16 bits into the lower 16 bits. */sum = 0;while (nbytes > 1) {sum += *ptr++;nbytes -= 2;}/* mop up an odd byte, if necessary */if (nbytes == 1) {oddbyte = 0; /* make sure top half is zero */*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */sum += oddbyte;}/* * Add back carry outs from top 16 bits to low 16 bits. */sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */sum += (sum >> 16); /* add carry */answer = ~sum; /* ones-complement, then truncate to 16 bits */return(answer);}/* for computing TCP/UDP checksums, see TCP/IP Illustrated p. 145 */unsigned short magic_tcpudp_cksum(const struct in_addr *src, const struct in_addr *dst, u8 proto, u16 len, char *hstart){ struct pseudo { struct in_addr src; struct in_addr dst; u8 zero; u8 proto; u16 length; } *hdr = (struct pseudo *) (hstart - sizeof(struct pseudo)); hdr->src = *src; hdr->dst = *dst; hdr->zero = 0; hdr->proto = proto; hdr->length = htons(len); return in_cksum((unsigned short *) hdr, len + sizeof(struct pseudo));}/* LEGACY resolve() function that only supports IPv4 -- see IPv6 version above. Tries to resolve given hostname and stores result in ip . returns 0 if hostname cannot be resolved */int resolve(char *hostname, struct in_addr *ip) { struct hostent *h; if (!hostname || !*hostname) fatal("NULL or zero-length hostname passed to %s()", __func__); if (inet_pton(AF_INET, hostname, ip)) return 1; /* damn, that was easy ;) */ if ((h = gethostbyname(hostname))) { memcpy(ip, h->h_addr_list[0], sizeof(struct in_addr)); return 1; } return 0;}/* A simple function that caches the eth_t from dnet for one device, to avoid opening, closing, and re-opening it thousands of tims. If you give a different device, this function will close the first one. Thus this should never be used by programs that need to deal with multiple devices at once. In addition, you MUST NEVER eth_close() A DEVICE OBTAINED FROM THIS FUNCTION. Instead, you can call eth_close_cached() to close whichever device (if any) is cached. Returns NULL if it fails to open the device. */eth_t *eth_open_cached(const char *device) { if (!device) fatal("%s() called with NULL device name!", __func__); if (!*device) fatal("%s() called with empty device name!", __func__); if (strcmp(device, etht_cache_device_name) == 0) { /* Yay, we have it cached. */ return etht_cache_device; } if (*etht_cache_device_name) { eth_close(etht_cache_device); etht_cache_device_name[0] = '\0'; etht_cache_device = NULL; } etht_cache_device = eth_open(device); if (etht_cache_device) Strncpy(etht_cache_device_name, device, sizeof(etht_cache_device_name)); return etht_cache_device;}/* See the description for eth_open_cached */void eth_close_cached() { if (etht_cache_device) { eth_close(etht_cache_device); etht_cache_device = NULL; etht_cache_device_name[0] = '\0'; } return;}// fill ip header. no error check.// This function is also changing what's needed from host to network order.static inline int fill_ip_raw( struct ip *ip, int packetlen, u8* ipopt, int ipoptlen, int ip_tos, int ip_id, int ip_off, int ip_ttl, int ip_p, const struct in_addr *ip_src, const struct in_addr *ip_dst){ ip->ip_v = 4; ip->ip_hl = 5 + (ipoptlen/4); ip->ip_tos = ip_tos; ip->ip_len = htons(packetlen); ip->ip_id = htons(ip_id); ip->ip_off = htons(ip_off); ip->ip_ttl = ip_ttl; ip->ip_p = ip_p; ip->ip_src.s_addr = ip_src->s_addr; ip->ip_dst.s_addr = ip_dst->s_addr; if (ipoptlen) memcpy((u8*)ip + sizeof(struct ip), ipopt, ipoptlen); // ip options source routing hack: if(ipoptlen && o.ipopt_firsthop && o.ipopt_lasthop) { u8* ipo = (u8*)ip + sizeof(struct ip); struct in_addr *newdst = (struct in_addr *) &ipo[o.ipopt_firsthop]; struct in_addr *olddst = (struct in_addr *) &ipo[o.ipopt_lasthop]; // our destination is somewhere else :) ip->ip_dst.s_addr = newdst->s_addr; // and last hop should be destination olddst->s_addr = ip_dst->s_addr; } #if HAVE_IP_IP_SUM ip->ip_sum = 0; ip->ip_sum = in_cksum((unsigned short *)ip, sizeof(struct ip) + ipoptlen); #endif return(sizeof(struct ip) + ipoptlen);}int send_tcp_raw_decoys( int sd, struct eth_nfo *eth, const struct in_addr *victim, int ttl, bool df, u8* ipopt, int ipoptlen, u16 sport, u16 dport, u32 seq, u32 ack, u8 reserved, u8 flags, u16 window, u16 urp, u8 *options, int optlen, char *data, u16 datalen) { int decoy; for(decoy = 0; decoy < o.numdecoys; decoy++) if (send_tcp_raw(sd, eth, &o.decoys[decoy], victim, ttl, df, ipopt, ipoptlen, sport, dport, seq, ack, reserved, flags, window, urp, options, optlen, data, datalen) == -1) return -1; return 0;}/* Builds a TCP packet (including an IP header) by packing the fields with the given information. It allocates a new buffer to store the packet contents, and then returns that buffer. The packet is not actually sent by this function. Caller must delete the buffer when finished with the packet. The packet length is returned in packetlen, which must be a valid int pointer. */u8 *build_tcp_raw(const struct in_addr *source, const struct in_addr *victim, int ttl, u16 ipid, u8 tos, bool df, u8 *ipopt, int ipoptlen, u16 sport, u16 dport, u32 seq, u32 ack, u8 reserved, u8 flags, u16 window, u16 urp, u8 *tcpopt, int tcpoptlen, char *data, u16 datalen, u32 *outpacketlen) {int packetlen = sizeof(struct ip) + ipoptlen + sizeof(struct tcp_hdr) + tcpoptlen + datalen;u8 *packet = (u8 *) safe_malloc(packetlen);struct ip *ip = (struct ip *) packet;struct tcp_hdr *tcp = (struct tcp_hdr *) ((u8*)ip + sizeof(struct ip) + ipoptlen);static int myttl = 0;assert(victim);assert(source);assert(ipoptlen%4==0);if (tcpoptlen % 4) fatal("%s() called with an option length argument of %d which is illegal because it is not divisible by 4. Just add \\0 padding to the end.", __func__, tcpoptlen);/* Time to live */if (ttl == -1) { myttl = (get_random_uint() % 23) + 37;} else { myttl = ttl;}/* Fill tcp header */memset(tcp, 0, sizeof(struct tcp_hdr));tcp->th_sport = htons(sport);tcp->th_dport = htons(dport);if (seq) { tcp->th_seq = htonl(seq);} else if (flags & TH_SYN) { get_random_bytes(&(tcp->th_seq), 4);}if (ack) tcp->th_ack = htonl(ack);/*else if (flags & TH_ACK) tcp->th_ack = rand() + rand();*/if (reserved) tcp->th_x2 = reserved & 0x0F;tcp->th_off = 5 + (tcpoptlen /4) /*words*/;tcp->th_flags = flags;if (window)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -