tcpip.cc

Ubuntu packages of security software。 相当不错的源码

/* A simple function I wrote to help in debugging, shows the important fields
   of a UDP packet*/
int readudppacket(const u8 *packet, int readdata) {

struct ip *ip = (struct ip *) packet;
struct udp_hdr *udp = (struct udp_hdr *) (packet + sizeof(struct ip));
const unsigned char *data = packet +  sizeof(struct ip) + sizeof(struct udp_hdr);
int tot_len;
struct in_addr bullshit, bullshit2;
char sourcehost[16];
int i;
int realfrag = 0;

if (!packet) {
  error("%s: packet is NULL!", __func__);
  return -1;
    }

bullshit.s_addr = ip->ip_src.s_addr; bullshit2.s_addr = ip->ip_dst.s_addr;
/* this is gay */
realfrag = htons(ntohs(ip->ip_off) & 8191 /* 2^13 - 1 */);
tot_len = htons(ip->ip_len);
strncpy(sourcehost, inet_ntoa(bullshit), 16);
i =  4 * (ntohs(ip->ip_hl)) + 8;
if (ip->ip_p== IPPROTO_UDP) {
  if (realfrag) 
    log_write(LOG_PLAIN, "Packet is fragmented, offset field: %u\n", realfrag);
  else {
    log_write(LOG_PLAIN, "UDP packet: %s:%d -> %s:%d (total: %d bytes)\n", sourcehost, 
	      ntohs(udp->uh_sport), inet_ntoa(bullshit2), 
	      ntohs(udp->uh_dport), tot_len);

    log_write(LOG_PLAIN, "ttl: %hu ", ip->ip_ttl);
  }
}
 if (readdata && i < tot_len) {
   log_write(LOG_PLAIN, "Data portion:\n");
   while(i < tot_len)  {
     log_write(LOG_PLAIN, "%2X%c", data[i], ((i+1)%16)? ' ' : '\n');
     i++;
   }
   log_write(LOG_PLAIN, "\n");
 }
 return 0;
}

int send_udp_raw_decoys( int sd, struct eth_nfo *eth, 
			 const struct in_addr *victim,
			 int ttl, u16 ipid,
			 u8* ipops, int ipoptlen,
			 u16 sport, u16 dport,
			 char *data, u16 datalen) {
  int decoy;
  
  for(decoy = 0; decoy < o.numdecoys; decoy++) 
    if (send_udp_raw(sd, eth, &o.decoys[decoy], victim,
    		     ttl, ipid, ipops, ipoptlen,
    		     sport, dport, data, datalen) == -1)
      return -1;

  return 0;
}


/* Builds a UDP packet (including an IP header) by packing the fields
   with the given information.  It allocates a new buffer to store the
   packet contents, and then returns that buffer.  The packet is not
   actually sent by this function.  Caller must delete the buffer when
   finished with the packet.  The packet length is returned in
   packetlen, which must be a valid int pointer. */
u8 *build_udp_raw(struct in_addr *source, const struct in_addr *victim,
                  int ttl, u16 ipid, u8 tos, bool df,
		  u8 *ipopt, int ipoptlen, 
 		  u16 sport, u16 dport,
 		  char *data, u16 datalen, u32 *outpacketlen) 
{
  int packetlen = sizeof(struct ip) + ipoptlen + sizeof(struct udp_hdr) + datalen;
  u8 *packet = (u8 *) safe_malloc(packetlen);
  struct ip *ip = (struct ip *) packet;
  struct udp_hdr *udp = (struct udp_hdr *) ((u8*)ip + sizeof(struct ip) + ipoptlen);
  static int myttl = 0;
  
  /* check that required fields are there and not too silly */
  assert(victim);
  assert(source);
  assert(ipoptlen%4==0);
  
  /* Time to live */
  if (ttl == -1) {
    myttl = (get_random_uint() % 23) + 37;
  } else {
    myttl = ttl;
  }
  
  udp->uh_sport = htons(sport);
  udp->uh_dport = htons(dport);
  udp->uh_sum   = 0;
  udp->uh_ulen  = htons(sizeof(struct udp_hdr) + datalen);
  
  /* We should probably copy the data over too */
  if (data)
    memcpy((u8*)udp + sizeof(struct udp_hdr), data, datalen);
  
  /* OK, now we should be able to compute a valid checksum */
#if STUPID_SOLARIS_CHECKSUM_BUG
  udp->uh_sum = sizeof(struct udp_hdr) + datalen;
#else
  udp->uh_sum = magic_tcpudp_cksum(source, victim, IPPROTO_UDP,
				   sizeof(struct udp_hdr) + datalen, (char *) udp);
#endif
  
  if ( o.badsum ) {
    --udp->uh_sum;
    if (udp->uh_sum == 0) udp->uh_sum = 0xffff; // UDP checksum=0 means no checksum
  }
  
  fill_ip_raw(ip, packetlen, ipopt, ipoptlen,
	tos, ipid, df?IP_DF:0, myttl, IPPROTO_UDP,
	source, victim);
  
  *outpacketlen = packetlen;
  return packet;
}

int send_udp_raw( int sd, struct eth_nfo *eth,
		  struct in_addr *source, const struct in_addr *victim,
 		  int ttl, u16 ipid,
 		  u8* ipopt, int ipoptlen,
 		  u16 sport, u16 dport,
 		  char *data, u16 datalen) 
{
  unsigned int packetlen;
  int res = -1;
  u8 *packet = build_udp_raw(source, victim,
  			     ttl, ipid, IP_TOS_DEFAULT, false,
  			     ipopt, ipoptlen,
  			     sport, dport,
  			     data, datalen, &packetlen);
  if (!packet) return -1;
  res = send_ip_packet(sd, eth, packet, packetlen);

  free(packet);
  return res;
}

/* Builds an IP packet (including an IP header) by packing the fields
   with the given information.  It allocates a new buffer to store the
   packet contents, and then returns that buffer.  The packet is not
   actually sent by this function.  Caller must delete the buffer when
   finished with the packet.  The packet length is returned in
   packetlen, which must be a valid int pointer. */
u8 *build_ip_raw(const struct in_addr *source, const struct in_addr *victim, 
		 u8 proto,
		 int ttl, u16 ipid, u8 tos, bool df,
		 u8 *ipopt, int ipoptlen,
		 char *data, u16 datalen, 
		 u32 *outpacketlen) 
{
int packetlen = sizeof(struct ip) + ipoptlen + datalen;
u8 *packet = (u8 *) safe_malloc(packetlen);
struct ip *ip = (struct ip *) packet;
static int myttl = 0;

/* check that required fields are there and not too silly */
assert(source);
assert(victim);
assert(ipoptlen%4==0);

/* Time to live */
if (ttl == -1) {
	        myttl = (get_random_uint() % 23) + 37;
} else {
	        myttl = ttl;
}

  fill_ip_raw(ip, packetlen, ipopt, ipoptlen,
	tos, ipid, df?IP_DF:0, myttl, proto,
	source, victim);

 /* We should probably copy the data over too */
 if (data)
    memcpy((u8*)ip + sizeof(struct ip) + ipoptlen, data, datalen);

  *outpacketlen = packetlen;
 return packet;
}


/* You need to call sethdrinclude(sd) on the sending sd before calling this */
int send_ip_raw( int sd, struct eth_nfo *eth,
		 struct in_addr *source, const struct in_addr *victim,
		 u8 proto, int ttl,
		 u8* ipopt, int ipoptlen,		 
		 char *data, u16 datalen) 
{
  unsigned int packetlen;
  int res = -1;

  u8 *packet = build_ip_raw(source, victim,
    			    proto,
  			    ttl, get_random_u16(), IP_TOS_DEFAULT, false,
  			    ipopt, ipoptlen,
  			    data, datalen, &packetlen);
  if (!packet) return -1;

  res = send_ip_packet(sd, eth, packet, packetlen);

  free(packet);
  return res;
}

int unblock_socket(int sd) {
#ifdef WIN32
u_long one = 1;
if(sd != 501) // Hack related to WinIP Raw Socket support
  ioctlsocket (sd, FIONBIO, &one);
#else
int options;
/*Unblock our socket to prevent recvfrom from blocking forever
  on certain target ports. */
options = O_NONBLOCK | fcntl(sd, F_GETFL);
fcntl(sd, F_SETFL, options);
#endif //WIN32
return 1;
}

/* returns -1 if we can't use select() on the pcap device, 0 for timeout, and
 * >0 for success. If select() fails we bail out because it couldn't work with
 * the file descriptor we got from my_pcap_get_selectable_fd()
 */
int pcap_select(pcap_t *p, struct timeval *timeout)
{
	int fd, ret;
	fd_set rfds;

	if ((fd = my_pcap_get_selectable_fd(p)) == -1)
		return -1;

	FD_ZERO(&rfds);
	FD_SET(fd, &rfds);

	do {
		errno = 0;
		ret = select(fd + 1, &rfds, NULL, NULL, timeout);
		if (ret == -1) {
			if (errno == EINTR)
				error("%s: %s", __func__, strerror(errno));
			else
				fatal("Your system does not support select()ing on pcap devices (%s). PLEASE REPORT THIS ALONG WITH DETAILED SYSTEM INFORMATION TO THE nmap-dev MAILING LIST!", strerror(errno));
		}
	} while (ret == -1);

	return ret;
}

int pcap_select(pcap_t *p, long usecs)
{
	struct timeval tv;

	tv.tv_sec = usecs / 1000000;
	tv.tv_usec = usecs % 1000000;

	return pcap_select(p, &tv);
}

/* Read an IP packet using libpcap .  We return the packet and take
   a pcap descriptor and a pointer to the packet length (which we set
   in the function. If you want a maximum length returned, you
   should specify that in pcap_open_live() */

/* to_usec is the timeout period in microseconds -- use 0 to skip the
   test and -1 to block forever.  Note that we don't interrupt pcap, so
   low values (and 0) degenerate to the timeout specified 
   in pcap_open_live()
 */
/* If rcvdtime is non-null and a packet is returned, rcvd will be
   filled with the time that packet was captured from the wire by
   pcap.  If linknfo is not NULL, linknfo->headerlen and
   linknfo->header will be filled with the appropriate values. */
char *readip_pcap(pcap_t *pd, unsigned int *len, long to_usec, 
		  struct timeval *rcvdtime, struct link_header *linknfo) {
unsigned int offset = 0;
struct pcap_pkthdr head;
char *p;
int datalink;
int timedout = 0;
struct timeval tv_start, tv_end;
static char *alignedbuf = NULL;
static unsigned int alignedbufsz=0;
static int warning = 0;

if (linknfo) { memset(linknfo, 0, sizeof(*linknfo)); }

if (!pd) fatal("NULL packet device passed to %s", __func__);

 if (to_usec < 0) {
   if (!warning) {
     warning = 1;
     error("WARNING: Negative timeout value (%lu) passed to %s() -- using 0", to_usec, __func__);
   }
   to_usec = 0;
 }

/* New packet capture device, need to recompute offset */
 if ( (datalink = pcap_datalink(pd)) < 0)
   fatal("Cannot obtain datalink information: %s", pcap_geterr(pd));

 /* NOTE: IF A NEW OFFSET EVER EXCEEDS THE CURRENT MAX (24), ADJUST
    MAX_LINK_HEADERSZ in tcpip.h */
 switch(datalink) {
 case DLT_EN10MB: offset = 14; break;
 case DLT_IEEE802: offset = 22; break;
#ifdef __amigaos__
 case DLT_MIAMI: offset = 16; break;
#endif
#ifdef DLT_LOOP
 case DLT_LOOP:
#endif
 case DLT_NULL: offset = 4; break;
 case DLT_SLIP:
#ifdef DLT_SLIP_BSDOS
 case DLT_SLIP_BSDOS:
#endif
#if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX)
   offset = 16;
#else
   offset = 24; /* Anyone use this??? */
#endif
   break;
 case DLT_PPP: 
#ifdef DLT_PPP_BSDOS
 case DLT_PPP_BSDOS:
#endif
#ifdef DLT_PPP_SERIAL
 case DLT_PPP_SERIAL:
#endif
#ifdef DLT_PPP_ETHER
 case DLT_PPP_ETHER:
#endif
#if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX)
   offset = 4;
#else
#ifdef SOLARIS
   offset = 8;
#else
   offset = 24; /* Anyone use this? */
#endif /* ifdef solaris */
#endif /* if freebsd || openbsd || netbsd || bsdi */
   break;
 case DLT_RAW: offset = 0; break;
 case DLT_FDDI: offset = 21; break;
#ifdef DLT_ENC
 case DLT_ENC: offset = 12; break;
#endif /* DLT_ENC */
#ifdef DLT_LINUX_SLL
 case DLT_LINUX_SLL: offset = 16; break;
#endif
 default:
   p = (char *) pcap_next(pd, &head);
   if (head.caplen == 0) {
     /* Lets sleep a brief time and try again to increase the chance of seeing
	a real packet ... */
     usleep(500000);
     p = (char *) pcap_next(pd, &head);
   }
   if (head.caplen > 100000) {
     fatal("FATAL: %s: bogus caplen from libpcap (%d) on interface type %d", __func__, head.caplen, datalink);
   } 
   error("FATAL:  Unknown datalink type (%d). Caplen: %d; Packet:", datalink, head.caplen);
   lamont_hdump(p, head.caplen);
   exit(1);
 }

 if (to_usec > 0) {
   gettimeofday(&tv_start, NULL);
 }

 do {
#ifdef WIN32
   gettimeofday(&tv_end, NULL);
   long to_left = MAX(1, (to_usec - TIMEVAL_SUBTRACT(tv_end, tv_start)) / 1000);
   // Set the timeout (BUGBUG: this is cheating)
   PacketSetReadTimeout(pd->adapter, to_left);
#endif

   p = NULL;

   if (pcap_select(pd, to_usec) == 0)
     timedout = 1;
   else
     p = (char *) pcap_next(pd, &head);

   if (p) {
     if (head.caplen <= offset) {
       *len = 0;
       return NULL;
     }
     if