1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310
|
/***********************************************************************/
/* global_structures.h -- Common structure definitions used by Nmap */
/* components. */
/* */
/***********************************************************************/
/* The Nmap Security Scanner is (C) 1995-2001 Insecure.Com LLC. This */
/* program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published */
/* by the Free Software Foundation; Version 2. This guarantees your */
/* right to use, modify, and redistribute this software under certain */
/* conditions. If this license is unacceptable to you, we may be */
/* willing to sell alternative licenses (contact sales@insecure.com). */
/* */
/* If you received these files with a written license agreement */
/* stating terms other than the (GPL) terms above, then that */
/* alternative license agreement takes precendence over this comment. */
/* */
/* Source is provided to this software because we believe users have */
/* a right to know exactly what a program is going to do before they */
/* run it. This also allows you to audit the software for security */
/* holes (none have been found so far). */
/* */
/* Source code also allows you to port Nmap to new platforms, fix */
/* bugs, and add new features. You are highly encouraged to send */
/* your changes to fyodor@insecure.org for possible incorporation */
/* into the main distribution. By sending these changes to Fyodor or */
/* one the insecure.org development mailing lists, it is assumed that */
/* you are offering Fyodor the unlimited, non-exclusive right to */
/* reuse, modify, and relicense the code. This is important because */
/* the inability to relicense code has caused devastating problems */
/* for other Free Software projects (such as KDE and NASM). Nmap */
/* will always be available Open Source. If you wish to specify */
/* special license conditions of your contributions, just say so */
/* when you send them. */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU */
/* General Public License for more details ( */
/* http://www.gnu.org/copyleft/gpl.html ). */
/* */
/***********************************************************************/
/* $Id: global_structures.h,v 1.35 2002/02/14 01:05:28 fyodor Exp $ */
#ifndef GLOBAL_STRUCTURES_H
#define GLOBAL_STRUCTURES_H
/* Stores "port info" which is TCP/UDP ports or RPC program ids */
struct portinfo {
unsigned long portno; /* TCP/UDP port or RPC program id or IP protocool */
short trynum;
int sd[3]; /* Socket descriptors for connect_scan */
struct timeval sent[3];
int state;
int next; /* not struct portinfo * for historical reasons */
int prev;
};
struct portinfolist {
struct portinfo *openlist;
struct portinfo *firewalled;
struct portinfo *testinglist;
};
struct udpprobeinfo {
u16 iptl;
u16 ipid;
u16 ipck;
u16 sport;
u16 dport;
u16 udpck;
u16 udplen;
u8 patternbyte;
struct in_addr target;
};
struct connectsockinfo {
fd_set fds_read;
fd_set fds_write;
fd_set fds_except;
struct portinfo *socklookup[2048]; /* index socket descriptor -> scan[]
index. No OS better give us
an SD > 2047!@#$ */
int maxsd;
};
struct firewallmodeinfo {
int active; /* is firewall mode currently active for the host? */
int nonresponsive_ports; /* # Of ports we haven't received any response from */
int responsive_ports; /* # of ports that told us whether they were open/closed/filtered/unfiltered */
};
/* The runtime statistics used to decide how fast to proced and how
many ports we can try at once */
struct scanstats {
int packet_incr;
double fallback_percent;
int numqueries_outstanding; /* How many unexpired queries are on the 'net
right now? */
double numqueries_ideal; /* How many do we WANT to be on the 'net right now? */
int max_width; /* What is the MOST we will tolerate at once */
int ports_left;
int changed; /* Has anything changed since last round? */
int alreadydecreasedqueries;
};
struct ftpinfo {
char user[64];
char pass[256]; /* methinks you're paranoid if you need this much space */
char server_name[MAXHOSTNAMELEN + 1];
struct in_addr server;
u16 port;
int sd; /* socket descriptor */
};
struct AVal {
char *attribute;
char value[128];
struct AVal *next;
};
typedef struct FingerTest {
char OS_name[256];
const char *name;
struct AVal *results;
struct FingerTest *next;
} FingerPrint;
/* Maximum number of results allowed in one of these things ... */
#define MAX_FP_RESULTS 8
struct FingerPrintResults {
double accuracy[MAX_FP_RESULTS]; /* Percentage of match (1.0 == perfect
match) in same order as pritns[] below */
FingerPrint *prints[MAX_FP_RESULTS]; /* ptrs to matching references --
highest accuracy matches first */
int num_perfect_matches; /* Number of 1.0 accuracy matches in prints[] */
int num_matches; /* Total number of matches in prints */
int overall_results; /* OSSCAN_TOOMANYMATCHES, OSSCAN_NOMATCHES,
OSSCAN_SUCCESS, etc */
};
struct timeout_info {
int srtt; /* Smoothed rtt estimate (microseconds) */
int rttvar; /* Rout trip time variance */
int timeout; /* Current timeout threshold (microseconds) */
};
struct seq_info {
int responses;
int seqclass; /* SEQ_* defines in nmap.h */
int ts_seqclass; /* TS_SEQ_* defines in nmap.h */
time_t uptime; /* time of latest system boot (or 0 if unknown ) */
int ipid_seqclass; /* IPID_SEQ_* defines in nmap.h */
u32 seqs[NUM_SEQ_SAMPLES];
u32 timestamps[NUM_SEQ_SAMPLES];
int index;
u16 ipids[NUM_SEQ_SAMPLES];
time_t lastboot; /* 0 means unknown */
};
struct targets {
/* These 4 are used for the '/mask' style of specifying target net*/
u32 netmask;
unsigned int maskformat;
struct in_addr start;
struct in_addr currentaddr;
struct in_addr end;
/* These two are for the '138.[1-7,16,91-95,200-].12.1 style */
u8 addresses[4][256];
unsigned int current[4];
u8 last[4];
int nleft; /* Number of IPs left in this structure -- set to 0 if
the fields are not valid */
};
struct hoststruct {
struct in_addr host;
struct in_addr source_ip;
char *name;
struct seq_info seq;
struct FingerPrintResults FPR;
FingerPrint *FPs[10]; /* Fingerprint data obtained from host */
int osscan_performed; /* nonzero if an osscan was performed */
int osscan_openport; /* Open port used for scannig (if one found --
otherwise -1) */
int osscan_closedport; /* Closed port used for scannig (if one found --
otherwise -1) */
int numFPs;
int goodFP;
portlist ports;
/*
unsigned int up;
unsigned int down; */
int wierd_responses; /* echo responses from other addresses, Ie a network broadcast address */
unsigned int flags; /* HOST_UP, HOST_DOWN, HOST_FIREWALLED, HOST_BROADCAST (instead of HOST_BROADCAST use wierd_responses */
struct timeout_info to;
struct timeval host_timeout;
struct firewallmodeinfo firewallmode; /* For supporting "firewall mode" speed optimisations */
int timedout; /* Nonzero if continued scanning should be aborted due to
timeout */
char device[64]; /* The device we transmit on */
};
struct hostgroup_state {
struct hoststruct *hostbatch;
int max_batch_sz; /* The size of the hostbatch[] array */
int current_batch_sz; /* The number of VALID members of hostbatch[] */
int next_batch_no; /* The index of the next hostbatch[] member to be given
back to the user */
int randomize; /* Whether each bach should be "shuffled" prior to the ping
scan (they will also be out of order when given back one
at a time to the client program */
char **target_expressions; /* An array of target expression strings, passed
to us by the client (client is also in charge
of deleting it AFTER it is done with the
hostgroup_state */
int num_expressions; /* The number of valid expressions in
target_expressions member above */
int next_expression; /* The index of the next expression we have
to handle */
struct targets current_expression; /* For batch chunking */
};
struct ops /* someone took struct options, <grrr> */ {
int debugging;
int verbose;
int randomize_hosts;
int spoofsource; /* -S used */
struct in_addr *source;
char device[64];
int interactivemode;
int host_group_sz;
int generate_random_ips; /* -iR option */
FingerPrint **reference_FPs;
u16 magic_port;
unsigned short magic_port_set; /* Was this set by user? */
u16 tcp_probe_port;
/* Scan timing/politeness issues */
int max_parallelism;
int max_rtt_timeout;
int min_rtt_timeout;
int extra_payload_length; /* These two are for --data_length op */
char *extra_payload;
unsigned long host_timeout;
int scan_delay;
int scanflags; /* if not -1, this value should dictate the TCP flags
for the core portscaning routine (eg to change a
FIN scan into a PSH scan. Sort of a hack, but can
be very useful sometimes. */
int initial_rtt_timeout;
struct in_addr resume_ip; /* The last IP in the log file if user
requested --restore . Otherwise
restore_ip.s_addr == 0. Also
target_struct_get will eventually set it
to 0. */
int isr00t;
struct in_addr decoys[MAX_DECOYS];
int osscan_limit; /* Skip OS Scan if no open or no closed TCP ports */
int osscan_guess; /* Be more aggressive in guessing OS type */
int numdecoys;
int decoyturn;
int identscan;
int osscan;
int pingtype;
int listscan;
int pingscan;
int allowall;
int ackscan;
int bouncescan;
int connectscan;
int rpcscan;
int nullscan;
int xmasscan;
int fragscan;
int synscan;
int windowscan;
int maimonscan;
int idlescan;
int finscan;
int udpscan;
int ipprotscan;
int noresolve;
int force; /* force nmap to continue on even when the outcome seems somewhat certain */
int append_output; /* Append to any output files rather than overwrite */
FILE *logfd[LOG_TYPES];
FILE *nmap_stdout; /* Nmap standard output */
};
/* The various kinds of port/protocol scans we can have
* Each element is to point to an array of port/protocol numbers
*/
struct scan_lists {
unsigned short *tcp_ports;
int tcp_count;
unsigned short *udp_ports;
int udp_count;
unsigned short *prots;
int prot_count;
};
typedef enum { ACK_SCAN, SYN_SCAN, FIN_SCAN, XMAS_SCAN, UDP_SCAN, CONNECT_SCAN, NULL_SCAN, WINDOW_SCAN, RPC_SCAN, MAIMON_SCAN, IPPROT_SCAN } stype;
#endif /*GLOBAL_STRUCTURES_H */
|