1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192
|
#ifndef TCP_PACKET_H
#define TCP_PACKET_H
#include <stdio.h>
#include <stdint.h>
#include "massip-addr.h"
struct PayloadsUDP;
struct MassVulnCheck;
/**
* Does a regression test of this module.
* @return
* 1 on failure
* 0 on success
*/
int template_selftest(void);
enum TemplateProtocol {
Proto_TCP,
Proto_UDP,
Proto_SCTP,
Proto_ICMP_ping,
Proto_ICMP_timestamp,
Proto_ARP,
Proto_Oproto,
Proto_VulnCheck,
//Proto_IP,
//Proto_Custom,
Proto_Count
};
struct TemplatePayload {
unsigned length;
unsigned checksum;
unsigned char buf[1500];
};
unsigned
udp_checksum2(const unsigned char *px, unsigned offset_ip,
unsigned offset_tcp, size_t tcp_length);
/**
* Describes a packet template. The scan packets we transmit are based on a
* a template containing most of the data, and we fill in just the necessary
* bits, like the destination IP address and port
*/
struct TemplatePacket {
struct {
unsigned length;
unsigned offset_ip;
unsigned offset_tcp;
unsigned offset_app;
unsigned char *packet;
unsigned checksum_ip;
unsigned checksum_tcp;
unsigned ip_id;
} ipv4;
struct {
unsigned length;
unsigned offset_ip;
unsigned offset_tcp;
unsigned offset_app;
unsigned char *packet;
unsigned checksum_ip;
unsigned checksum_tcp;
unsigned ip_id;
} ipv6;
enum TemplateProtocol proto;
struct PayloadsUDP *payloads;
};
/**
* We can run multiple types of scans (TCP, UDP, vulns, etc.) at the same
* time. Therefore, instead of one packet prototype for all scans, we have
* a set of prototypes/templates.
*/
struct TemplateSet
{
unsigned count;
struct MassVulnCheck *vulncheck;
uint64_t entropy;
struct TemplatePacket pkts[Proto_Count];
};
struct TemplateSet templ_copy(const struct TemplateSet *templ);
/**
* Initialize the "template" packets. As we spew out probes, we simply make
* minor adjustments to the template, such as changing the target IP
* address or port number
*
* @param templset
* The template we are creating.
* @param source_ip
* Our own IP address that we send packets from. The caller will have
* retrieved this automatically from the network interface/adapter, or
* the user will have set this with --source-ip parameter.
* @param source_mac
* Our own MAC address. Gotten automatically from the network adapter,
* or on the commandline with --source-mac parameter
* @param router_mac
* The MAC address of the local router/gateway, which will be placed in
* the Ethernet destination address field. This is gotten by ARPing
* the local router, or by --router-mac configuration parameter.
* @param data_link
* The OSI layer 2 protocol, as defined in <pcap.h> standard.
* 1 = Ethernet
* 12 = Raw IP (no data link)
*/
void
template_packet_init(
struct TemplateSet *templset,
macaddress_t source_mac,
macaddress_t router_mac_ipv4,
macaddress_t router_mac_ipv6,
struct PayloadsUDP *udp_payloads,
struct PayloadsUDP *oproto_payloads,
int data_link,
uint64_t entropy);
/**
* Sets the target/destination IP address of the packet, the destination port
* number, and other bits of interest about the packet, such as a unique
* sequence number. The template can contain things like IP or TCP options
* with specific values. The program contains several built-in templates,
* but they can also be read from a file.
*
* @param templset
* A template created by "template_packet_init()" and further modified
* by various configuration parameters.
* @param ip
* The target/destination IPv4 address.
* @param port
* The TCP port number, or port number from another protocol that will
* be shifted into the appropriate range. We actually build six base
* templates, one for each of these six protocols.
* [ 0.. 65535] = TCP port number
* [ 65536..131071] = UDP port number
* [131072..196607] = SCTP port number
* [ 196608 ] = ICMP
* [ 196609 ] = ARP
* [ 196610 ] = IP
* [ more ] = custom
* @param seqno
* On TCP, this will be the desired sequence number, which the caller
* will create from SYN-cookies. Other protocols may use this in a
* different manner. For example, if the UDP port is 161, then
* this will be the transaction ID of the SNMP request template.
*/
void
template_set_target_ipv4(
struct TemplateSet *templset,
ipv4address ip_them, unsigned port_them,
ipv4address ip_me, unsigned port_me,
unsigned seqno,
unsigned char *px, size_t sizeof_px, size_t *r_length);
void
template_set_target_ipv6(
struct TemplateSet *templset,
ipv6address ip_them, unsigned port_them,
ipv6address ip_me, unsigned port_me,
unsigned seqno,
unsigned char *px, size_t sizeof_px, size_t *r_length);
/**
* Create a TCP packet containing a payload, based on the original
* template used for the SYN
*/
size_t
tcp_create_packet(
struct TemplatePacket *pkt,
ipaddress ip_them, unsigned port_them,
ipaddress ip_me, unsigned port_me,
unsigned seqno, unsigned ackno,
unsigned flags,
const unsigned char *payload, size_t payload_length,
unsigned char *px, size_t px_length);
/**
* Set's the TCP "window" field. The purpose is to cause the recipient
* to fragment data on the response, thus evading IDS that triggers on
* out going packets
*/
void
tcp_set_window(unsigned char *px, size_t px_length, unsigned window);
void template_set_ttl(struct TemplateSet *tmplset, unsigned ttl);
void template_set_vlan(struct TemplateSet *tmplset, unsigned vlan);
#endif
|