portscanner.cc

xprobe package sources code

		u_short dport;
	} shainput;	


	send_delay = copts->get_send_delay();

	memset(&shainput, 0, sizeof(shainput));
	shainput.src.s_addr = local.s_addr;
	shainput.dst.s_addr = remote.s_addr;
	tcpp.set_src(inet_ntoa(local));
	tcpp.set_flags(TH_SYN);
	tcpp.set_ack(0);
    tcpp.set_win(5840);
	tcpp.set_ttl(64);
	srand(time(NULL));

	udpp.set_src(inet_ntoa(local));
	udpp.set_ttl(64);
	udpp.set_id(rand());

	
    for (k=0; k < udpport.size(); k++) {
        while(!udpport[k].get_next(&dport)) {
		       if (send_delay.microsec()) usleep(send_delay.microsec());
			udpp.set_id(rand());
			udpp.set_dstport(dport);
			/* XXX: bug in libusi++ */
			udpp.set_udpsum(0);
			shainput.sport = 0;
			shainput.dport = udpp.get_dstport();
			sha.get_digest(digest,(const u_char *) &shainput, sizeof(shainput));
			// XXX: shouldn't be messing w/ int's on that level
			memcpy(&sport, digest, sizeof(sport));
			udpp.set_srcport(sport);
			udpp.sendpack("");
		}
    }


	
    for (k=0; k < tcpport.size(); k++) {
        while(!tcpport[k].get_next(&dport)) {
            if (send_delay.microsec()) usleep(send_delay.microsec());
			tcpp.set_id(rand());
			tcpp.set_tcpsum(0); // recalc tcp checksum
			tcpp.set_srcport(rand() + 1024);
			tcpp.set_dstport(dport);
			shainput.sport = tcpp.get_srcport();
			shainput.dport = tcpp.get_dstport();
			sha.get_digest(digest,(const u_char *) &shainput, sizeof(shainput));
			// XXX: shouldn't be messing w/ int's on that level
			memcpy(&seq, digest, sizeof(seq));
			tcpp.set_seq(seq);
			tcpp.sendpack("");
		}
    }
	exit (OK);
}

int Portscanner::receive_packets(Target *tg) {
    unsigned int tcpportnum = 0, udpportnum = 0, k;

    for (k=0; k < tcpport.size(); k++) 
                tcpportnum += tcpport[k].size();

    for (k=0; k < udpport.size(); k++) 
                udpportnum += udpport[k].size();
 
	int ret, done=0;
    //XXX: Modify timeout here
    Xprobe::Timeval timeout = (double)(tg->get_rtt() * 2 + (((double)copts->get_send_delay() + 0.01) * 
			    (tcpportnum + udpportnum)));
    Xprobe::Timeval tv;
	unsigned int seq;
    unsigned short sport;
	struct in_addr remote=tg->get_addr(), local=tg->get_interface_addr();
	Xprobe::Timeval start;
	char payload[1024];
	unsigned char digest[20];
	IP sn(inet_ntoa(local), IPPROTO_IP);
    struct ip *iph;
    struct tcphdr *tcph;
    struct udphdr *udph;
    struct usipp::icmphdr *icmph;
	SHA1 sha;
	struct _shainput {
		struct in_addr src;
		struct in_addr dst;
		u_short sport;
		u_short dport;
	} shainput;

	memset(&shainput, 0, sizeof(shainput));
	sn.init_device(tg->get_interface(), 0, 1500);
	tv = tg->get_rtt();
	sn.timeout(tv);
	start = Xprobe::Timeval::gettimeofday();

    /* libUSI needs a major redesign. So hard to demultiplex packets of
     * different protocol
     */
	while (!done) {
		ret = sn.sniffpack(payload, sizeof(payload));
		if (!sn.timeout()) {
            if (sn.get_proto() == IPPROTO_TCP) {
                /* should be objects iph and tcph respectively */
                tcph = (struct tcphdr *)(payload);

                shainput.src.s_addr = sn.get_dst();
                shainput.dst.s_addr = sn.get_src();
                /* should be Object TCP and method get->tcph here, do it in
                 * C way for now */
                shainput.sport = ntohs(tcph->th_dport);
                shainput.dport = ntohs(tcph->th_sport);
                sha.get_digest(digest,(const u_char *) &shainput, sizeof(shainput));
                memcpy(&seq, digest, sizeof(seq));
                if (seq == ntohl(tcph->th_ack) - 1) {
                    /* should be an object too */
                    if ((tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
                        tcp_ports.insert(pair<int, char>(ntohs(tcph->th_sport), XPROBE_TARGETP_OPEN));
                        tcpopen++;
                    } else if (tcph->th_flags & TH_RST) {
                        tcp_ports.insert(pair<int, char>(ntohs(tcph->th_sport), XPROBE_TARGETP_CLOSED));
                        tcpclosed++;
                    }
                }
            } else if (sn.get_proto() == IPPROTO_ICMP) {
                /* should be objects iph and tcph respectively */
                //iph = (struct ip *)payload;
                icmph = (struct usipp::icmphdr *)((char *)payload);

                if (icmph->type == ICMP_DEST_UNREACH &&
                        icmph->code == ICMP_PORT_UNREACH) {
                    // THIS IS LAME SHIT.. fix later!
                    iph = (struct ip *)((char *)icmph +  sizeof(struct usipp::icmphdr));
                    udph = (struct udphdr *)((char *)iph + sizeof(struct ip));     

                    shainput.src.s_addr = sn.get_dst();
                    shainput.dst.s_addr = sn.get_src();
                    shainput.dport = ntohs(udph->dest);
                    shainput.sport = 0;
                    sha.get_digest(digest,(const u_char *) &shainput, sizeof(shainput));
                    memcpy(&sport, digest, sizeof(sport));
                    if (sport == ntohs(udph->source)) {
                        udp_ports.insert(pair<int, char>(ntohs(udph->dest), XPROBE_TARGETP_CLOSED));
                        udpclosed++;
                    }
                }
            } else if (sn.get_proto() == IPPROTO_UDP) {
                /* should be objects iph and tcph respectively */
                udph = (struct udphdr *)(payload);

                shainput.src.s_addr = sn.get_dst();
                shainput.dst.s_addr = sn.get_src();
                shainput.dport = ntohs(udph->source);
                shainput.sport = 0;
                sha.get_digest(digest,(const u_char *) &shainput, sizeof(shainput));
                memcpy(&sport, digest, sizeof(sport));
                if (sport == ntohs(udph->dest)) {
	                udp_ports.insert(pair<int, char>(ntohs(udph->source), XPROBE_TARGETP_OPEN));
                    udpopen++;
                }

            }
                
		}
//		if (done_sending && start == 0)
//			start = time(NULL);
        if (tcpportnum != 0 && (unsigned)(tcpopen + tcpclosed) == tcpportnum) // all responses received
            done = 1;
        if (tcpportnum == 0 && (unsigned)(udpopen + udpclosed) == udpportnum) // all responses received
            done = 1;
		if (done_sending) {
			if (((double)Xprobe::Timeval::gettimeofday()-(double)start) > (double)timeout)
				done=1;
			//printf("tcp open: %d closed %d portnum %d\n", tcpopen, tcpclosed, portnum);
			//printf("exit by timeout %.2f - %.2f = %.2f > %.2f\n",
			//(double)Xprobe::Timeval::gettimeofday(),
			//(double)start,
			//(double)Xprobe::Timeval::gettimeofday() - (double)start,
		       	//(double)timeout);
		}
	}
	return OK;
}

char Portscanner::get_ignore_state(int proto) {
	char retval = 0;

    switch(proto) {
        case IPPROTO_TCP:
			if (!tcpopen && !tcpclosed && !tcpfiltered)
				return 255;
            if (tcpopen > tcpclosed) {
                retval = XPROBE_TARGETP_OPEN;
                if (tcpfiltered > tcpopen) {
                    retval = XPROBE_TARGETP_FILTERED;
                }
            } else if (tcpclosed > tcpfiltered){
                retval = XPROBE_TARGETP_CLOSED;
            } else {
                retval = XPROBE_TARGETP_FILTERED;
            }
            break;
        case IPPROTO_UDP:
			if (!udpopen && !udpclosed && !udpfiltered)
				return 255;
             if (udpopen > udpclosed) {
                retval = XPROBE_TARGETP_OPEN;
                if (udpfiltered > udpopen) {
                    retval = XPROBE_TARGETP_FILTERED;
                }
            } else if (udpclosed > udpfiltered){
                retval = XPROBE_TARGETP_CLOSED;
            } else {
                retval = XPROBE_TARGETP_FILTERED;
            }
             break;
    }
	return retval;

}

/* initialization function */

int portscan_mod_init(Xprobe_Module_Hdlr *pt, char *nm) {

    Portscanner *port_scan= new Portscanner;

    port_scan->set_name(nm);
    xprobe_mdebug(XPROBE_DEBUG_MODULES, "Initializing the portscanning module\n");
    pt->register_module(port_scan);

return OK;
}