[Openvas-commits] r6023 - in trunk/openvas-libraries: . misc nasl
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Dec 1 12:49:56 CET 2009
Author: chandra
Date: 2009-12-01 12:49:52 +0100 (Tue, 01 Dec 2009)
New Revision: 6023
Modified:
trunk/openvas-libraries/ChangeLog
trunk/openvas-libraries/misc/ids_send.c
trunk/openvas-libraries/nasl/nasl_host.c
Log:
IPv6 enabling ids_send
Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog 2009-12-01 11:01:39 UTC (rev 6022)
+++ trunk/openvas-libraries/ChangeLog 2009-12-01 11:49:52 UTC (rev 6023)
@@ -1,3 +1,11 @@
+2009-12-01 Chandrashekhar B <bchandra at secpod.com>
+
+ * misc/ids_send.c (ids_open_sock_tcp): IPv6 enable.
+ (ids_send): IPv6 enable.
+ (injectv6): Added new.
+
+ * nasl/nasl_host.c (nasl_this_host): Used proper variable name.
+
2009-11-25 Michael Wiegand <michael.wiegand at intevation.de>
* nasl/nasl_cmd_exec.c (nasl_get_tmp_dir): Use the glib g_get_tmp_dir
Modified: trunk/openvas-libraries/misc/ids_send.c
===================================================================
--- trunk/openvas-libraries/misc/ids_send.c 2009-12-01 11:01:39 UTC (rev 6022)
+++ trunk/openvas-libraries/misc/ids_send.c 2009-12-01 11:49:52 UTC (rev 6023)
@@ -99,6 +99,21 @@
};
+struct ipv6_header{
+ union {
+ struct ip6_hdrctl {
+ uint32_t ip6_un1_flow; /* 24 bits of flow-ID */
+ uint16_t ip6_un1_plen; /* payload length */
+ uint8_t ip6_un1_nxt; /* next header */
+ uint8_t ip6_un1_hlim; /* hop limit */
+ } ip6_un1;
+ uint8_t ip6_un2_vfc; /* 4 bits version, 4 bits priority */
+ } ip6_ctlun;
+ struct in6_addr ip6_src; /* source address */
+ struct in6_addr ip6_dst; /* destination address */
+} ;
+
+
/*
* our own definition of the tcp flags
*/
@@ -118,7 +133,6 @@
};
-
/*
* This function returns the TTL we should use when forging our own
* IP packets. If <method & OPENVAS_CNX_IDS_EVASION_SHORT_TTL>, then
@@ -387,7 +401,95 @@
close(soc);
return 0;
}
-
+
+
+static int injectv6(orig_packet, packet_len, method, flags, data, data_len)
+ char * orig_packet;
+ int packet_len;
+ int method;
+ int flags;
+ char * data;
+ int data_len;
+{
+ int soc;
+ char * packet;
+ struct ipv6_header * ip6, * old_ip6;
+ struct tcp_packet * tcp, * old_tcp;
+ int tot_len = sizeof(struct ipv6_header) + sizeof(struct tcp_packet) + data_len;
+ int i;
+ struct sockaddr_in6 sockaddr6;
+
+ if(packet_len < sizeof(struct ipv6_header) + sizeof(struct tcp_packet))
+ return -1;
+
+ old_ip6 = (struct ipv6_header*)orig_packet;
+ old_tcp = (struct tcp_packet*)(orig_packet + 40);
+
+ soc = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
+ if(soc < 0)
+ return -1;
+
+ packet = emalloc(tot_len);
+
+ /*
+ * Copy data, if any
+ */
+ for(i = 0; i < data_len; i++){
+ packet[i+sizeof(struct ipv6_header)] = data[i];
+ }
+
+ ip6 = (struct ipv6_header*)packet;
+ tcp = (struct tcp_packet*)(packet + sizeof(struct ipv6_header));
+
+ /*
+ * for the sake of code shortness, we copy the header of the
+ * received packet into the packet we forge, and we'll change
+ * some stuff in it.
+ */
+ memcpy(ip6, old_ip6, sizeof(struct ipv6_header));
+
+ ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = old_ip6->ip6_ctlun.ip6_un1.ip6_un1_flow;
+ ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = data_len;
+ ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = old_ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
+ ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = which_ttl(method, old_ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim);
+ memcpy(&ip6->ip6_src, &old_ip6->ip6_dst, sizeof(struct in6_addr));
+ memcpy(&ip6->ip6_dst, &old_ip6->ip6_src, sizeof(struct in6_addr));
+
+ memcpy(tcp, old_tcp, sizeof(struct tcp_packet));
+ tcp->th_flags = flags;
+ if((flags & TCP_FLAG_RST) && (method & OPENVAS_CNX_IDS_EVASION_FAKE_RST))
+ tcp->th_ack = htonl(ntohl(old_tcp->th_seq) + 1);
+ else
+ tcp->th_ack = old_tcp->th_seq;
+
+ tcp->th_seq = old_tcp->th_ack;
+ tcp->th_sport = old_tcp->th_dport;
+ tcp->th_dport = old_tcp->th_sport;
+ tcp->th_off = 5;
+ tcp->th_sum = 0;
+ if(method & OPENVAS_CNX_IDS_EVASION_SHORT_TTL)
+ tcp_cksum(packet, data_len);
+ else
+ tcp->th_sum = rand(); /* bad checksum - packet will be dropped */
+
+
+ /*
+ * Sending the packet now
+ */
+ bzero(&sockaddr6, sizeof(sockaddr6));
+ sockaddr6.sin6_family = AF_INET6;
+ sockaddr6.sin6_addr = ip6->ip6_dst;
+
+ if(sendto(soc, packet, tot_len, 0, (struct sockaddr*)&sockaddr6, sizeof(sockaddr6)) < 0)
+ {
+ perror("openvas-libraries : libopenvas : ids_send.c : inject() : sendto() ");
+ }
+ efree(&packet);
+ close(soc);
+ return 0;
+}
+
+
int
ids_send(fd, buf0, n, method)
int fd;
@@ -395,111 +497,143 @@
int n;
int method;
{
- struct in_addr dst, src;
- struct sockaddr_in sockaddr;
- char * iface;
- char filter[255];
- char * src_host, * dst_host;
- int port;
- int ret = 0;
- int len;
- char * buf = (char*)buf0;
- unsigned int sz = sizeof(sockaddr);
- int e;
- unsigned char * packet;
- int bpf;
-
- bzero(&sockaddr, sizeof(sockaddr));
- if(getpeername(fd, (struct sockaddr*)&sockaddr, &sz) < 0)
- {
- perror("getpeername() ");
- }
- port = ntohs(sockaddr.sin_port);
- dst.s_addr = sockaddr.sin_addr.s_addr;
- bzero(&src, sizeof(src));
- iface = routethrough(&dst, &src);
-
-
- src_host = estrdup(inet_ntoa(src));
- dst_host = estrdup(inet_ntoa(dst));
-
- snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)",
- dst_host,
- src_host,
- port);
- efree(&src_host);
- efree(&dst_host);
-
- bpf = bpf_open_live(iface, filter);
+ struct in_addr dst, src;
+ struct in6_addr dst6, src6;
+ struct sockaddr_in6 sockaddr6;
+ struct sockaddr_in *saddr;
+ struct sockaddr *sa;
+ char * iface;
+ char filter[255];
+ char * src_host, * dst_host;
+ int port;
+ int ret = 0;
+ int len;
+ char * buf = (char*)buf0;
+ unsigned int sz = sizeof(sockaddr6);
+ int e;
+ unsigned char * packet;
+ int bpf;
+ char hostname[INET6_ADDRSTRLEN];
+ int family;
+
+ bzero(&sockaddr6, sizeof(sockaddr6));
+ if(getpeername(fd, (struct sockaddr*)&sockaddr6, &sz) < 0)
+ {
+ perror("getpeername() ");
+ }
+ sa = (struct sockaddr *)&sockaddr6;
+ if(sa->sa_family == AF_INET)
+ {
+ family = AF_INET;
+ saddr = (struct sockaddr_in *)&sockaddr6;
+ port = ntohs(saddr->sin_port);
+ dst.s_addr = saddr->sin_addr.s_addr;
+ src.s_addr = 0;
+ iface = routethrough(&dst, &src);
+
+ src_host = estrdup(inet_ntoa(src));
+ dst_host = estrdup(inet_ntoa(dst));
+
+ snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)",
+ dst_host,
+ src_host,
+ port);
+ efree(&src_host);
+ efree(&dst_host);
+ }
+ else
+ {
+ family = AF_INET6;
+ port = ntohs(sockaddr6.sin6_port);
+ memcpy(&dst6,&sockaddr6.sin6_addr,sizeof(struct in6_addr));
+ bzero(&src6, sizeof(src6));
+ iface = v6_routethrough(&dst6, &src6);
+
+ src_host = estrdup(inet_ntop(AF_INET6,&src6, hostname, sizeof(hostname)));
+ dst_host = estrdup(inet_ntop(AF_INET6,&dst6, hostname,sizeof(hostname)));
+ snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)",
+ dst_host,
+ src_host,
+ port);
+ efree(&src_host);
+ efree(&dst_host);
+ }
+
+ bpf = bpf_open_live(iface, filter);
if(bpf >= 0)
{
- e = send(fd, buf+ret, 1, 0);
- packet = bpf_next(bpf, &len);
- if(e < 0)
- return -1;
- else
- ret+=e;
- /*
- * We can start to send stuff now
- */
- while(ret < n)
- {
- if(packet)
- {
- char *pkt_ip;
- int num_before = (rand() / 1000) % 3;
- int num_after = (rand() / 1000) % 3;
- int i;
-
- if(!num_before && !num_after)
- {
- if(rand() % 2)num_before = 1;
- else num_after = 1;
- }
- pkt_ip = (char*)(packet + get_datalink_size(bpf_datalink(bpf)));
-
- /*
- * send bogus data before
- */
- for(i=0;i<num_before;i++)
- {
- int j;
- char data[10];
- for(j=0;j<10;j++)data[j]=rand();
- inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
- }
- e = send(fd, buf+ret, 1, 0);
- packet = bpf_next(bpf, &len);
- /*
- * send bogus data after
- */
- for(i=0;i<num_after;i++)
- {
- int j;
- char data[10];
- for(j=0;j<10;j++)data[j]=rand();
- inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
- }
- }
- else
- {
- e = send(fd, buf+ret, 1, 0);
- packet = bpf_next(bpf, &len);
- }
- if(e < 0)
- return -1;
- else
- ret+=e;
- }
- bpf_close(bpf);
- return ret;
- }
+ e = send(fd, buf+ret, 1, 0);
+ packet = bpf_next(bpf, &len);
+ if(e < 0)
+ return -1;
+ else
+ ret+=e;
+ /*
+ * We can start to send stuff now
+ */
+ while(ret < n)
+ {
+ if(packet)
+ {
+ char *pkt_ip;
+ int num_before = (rand() / 1000) % 3;
+ int num_after = (rand() / 1000) % 3;
+ int i;
+
+ if(!num_before && !num_after)
+ {
+ if(rand() % 2)num_before = 1;
+ else num_after = 1;
+ }
+ pkt_ip = (char*)(packet + get_datalink_size(bpf_datalink(bpf)));
+
+ /*
+ * send bogus data before
+ */
+ for(i=0;i<num_before;i++)
+ {
+ int j;
+ char data[10];
+ for(j=0;j<10;j++)data[j]=rand();
+ if(family == AF_INET)
+ inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
+ else
+ injectv6(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
+
+ }
+ e = send(fd, buf+ret, 1, 0);
+ packet = bpf_next(bpf, &len);
+ /*
+ * send bogus data after
+ */
+ for(i=0;i<num_after;i++)
+ {
+ int j;
+ char data[10];
+ for(j=0;j<10;j++)data[j]=rand();
+ if(family == AF_INET)
+ inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
+ else
+ injectv6(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_ACK|TCP_FLAG_PUSH, data, (rand()%9)+1);
+ }
+ }
+ else
+ {
+ e = send(fd, buf+ret, 1, 0);
+ packet = bpf_next(bpf, &len);
+ }
+ if(e < 0)
+ return -1;
+ else
+ ret+=e;
+ }
+ bpf_close(bpf);
+ return ret;
+ }
else return send(fd, buf, n, 0);
}
-
-
int ids_open_sock_tcp(args, port, method, timeout)
struct arglist * args;
int port;
@@ -507,32 +641,49 @@
int timeout;
{
int bpf;
- struct in_addr *dst, src;
+ struct in_addr dst, src;
+ struct in6_addr *dst6, *src6;
char * iface;
char filter[255];
char * src_host, * dst_host;
int ret = 0;
int len;
+ char hostname[INET6_ADDRSTRLEN];
+ int family;
- dst = plug_get_host_ip(args);
- if(!dst)
+ dst6 = plug_get_host_ip(args);
+ if(!dst6)
{
fprintf(stderr, "Error - no address associated with name\n");
return -1;
}
- iface = routethrough(dst, &src);
+ if(IN6_IS_ADDR_V4MAPPED(dst6))
+ {
+ family = AF_INET;
+ dst.s_addr = dst6->s6_addr32[3];
+ src.s_addr = 0;
+ iface = routethrough(&dst, &src);
+ src_host = estrdup(inet_ntoa(src));
+ dst_host = estrdup(inet_ntoa(dst));
+ }
+ else
+ {
+ family = AF_INET6;
+ iface = v6_routethrough(dst6, src6);
+ src_host = estrdup(inet_ntop(AF_INET6,src6, hostname, sizeof(hostname)));
+ dst_host = estrdup(inet_ntop(AF_INET6,dst6, hostname,sizeof(hostname)));
+ }
- src_host = estrdup(inet_ntoa(src));
- dst_host = estrdup(inet_ntoa(*dst));
snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)",
- dst_host, src_host, port);
-
+ dst_host, src_host, port);
+
efree(&src_host);
- efree(&dst_host);
-
+ efree(&dst_host);
+
+
bpf = bpf_open_live(iface, filter);
if(bpf >= 0)
- {
+ {
ret = open_sock_tcp(args, port, timeout);
if(ret >= 0)
{
@@ -541,8 +692,11 @@
{
char *pkt_ip;
pkt_ip = (char*)(packet + get_datalink_size(bpf_datalink(bpf)));
-
- inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0);
+
+ if(family == AF_INET)
+ inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0);
+ else
+ injectv6(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0);
}
}
bpf_close(bpf);
Modified: trunk/openvas-libraries/nasl/nasl_host.c
===================================================================
--- trunk/openvas-libraries/nasl/nasl_host.c 2009-12-01 11:01:39 UTC (rev 6022)
+++ trunk/openvas-libraries/nasl/nasl_host.c 2009-12-01 11:49:52 UTC (rev 6023)
@@ -184,7 +184,6 @@
char hostname[255];
char * ret;
struct in6_addr * ia = plug_get_host_ip(script_infos);
- struct in_addr src;
struct in6_addr in6addr;
struct in_addr inaddr;
struct in6_addr src6;
@@ -222,7 +221,7 @@
(void)v6_routethrough(ia, &src6);
}
- if(!IN6_ARE_ADDR_EQUAL(&src, &in6addr_any))
+ if(!IN6_ARE_ADDR_EQUAL(&src6, &in6addr_any))
{
char * ret;
More information about the Openvas-commits
mailing list