inital public release

src/probe_modules/module_icmp_echo.c

@@ -0,0 +1,219 @@
+/*
+ * ZMap Copyright 2013 Regents of the University of Michigan 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+// probe module for performing ICMP echo request (ping) scans
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <time.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <netinet/ether.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "probe_modules.h"
+#include "packet.h"
+#include "validate.h"
+
+probe_module_t module_icmp_echo;
+
+int icmp_echo_init_perthread(void* buf, macaddr_t *src,
+		macaddr_t *gw, __attribute__((unused)) port_h_t dst_port)
+{
+	memset(buf, 0, MAX_PACKET_SIZE);
+
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	make_eth_header(eth_header, src, gw);
+
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct icmp) - 8);
+	make_ip_header(ip_header, IPPROTO_ICMP, len);
+
+	struct icmp *icmp_header = (struct icmp*)(&ip_header[1]);
+	make_icmp_header(icmp_header);
+
+	return EXIT_SUCCESS;
+}
+
+int icmp_echo_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
+				uint32_t *validation, __attribute__((unused))int probe_num)
+{
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	struct icmp *icmp_header = (struct icmp*)(&ip_header[1]);
+	uint16_t icmp_idnum = validation[2] & 0xFFFF;
+
+	ip_header->saddr = src_ip;
+	ip_header->daddr = dst_ip;
+
+	icmp_header->icmp_id = icmp_idnum;
+	icmp_header->icmp_cksum = 0;
+	icmp_header->icmp_cksum = icmp_checksum((unsigned short *) icmp_header);
+
+	ip_header->check = 0;
+	ip_header->check = ip_checksum((unsigned short *) ip_header);
+
+	return EXIT_SUCCESS;
+}
+
+void icmp_echo_print_packet(FILE *fp, void* packet)
+{
+	struct ethhdr *ethh = (struct ethhdr *) packet;
+	struct iphdr *iph = (struct iphdr *) &ethh[1];
+	struct icmp *icmp_header = (struct icmp*)(&iph[1]);
+
+	fprintf(fp, "icmp { type: %u | code: %u "
+			"| checksum: %u | id: %u | seq: %u }\n",
+			icmp_header->icmp_type,
+			icmp_header->icmp_code,
+			ntohs(icmp_header->icmp_cksum),
+			ntohs(icmp_header->icmp_id),
+			ntohs(icmp_header->icmp_seq));
+	struct in_addr *s = (struct in_addr *) &(iph->saddr);
+	struct in_addr *d = (struct in_addr *) &(iph->daddr);
+	char srcip[20];
+	char dstip[20];
+	// inet_ntoa is a const char * so we if just call it in
+	// fprintf, you'll get back wrong results since we're
+	// calling it twice.
+	strncpy(srcip, inet_ntoa(*s), 19);
+	strncpy(dstip, inet_ntoa(*d), 19);
+	fprintf(fp, "ip { saddr: %s | daddr: %s | checksum: %u }\n",
+			srcip,
+			dstip,
+			ntohl(iph->check));
+	fprintf(fp, "eth { shost: %02x:%02x:%02x:%02x:%02x:%02x | "
+			"dhost: %02x:%02x:%02x:%02x:%02x:%02x }\n",
+			(int) ((unsigned char *) ethh->h_source)[0],
+			(int) ((unsigned char *) ethh->h_source)[1],
+			(int) ((unsigned char *) ethh->h_source)[2],
+			(int) ((unsigned char *) ethh->h_source)[3],
+			(int) ((unsigned char *) ethh->h_source)[4],
+			(int) ((unsigned char *) ethh->h_source)[5],
+			(int) ((unsigned char *) ethh->h_dest)[0],
+			(int) ((unsigned char *) ethh->h_dest)[1],
+			(int) ((unsigned char *) ethh->h_dest)[2],
+			(int) ((unsigned char *) ethh->h_dest)[3],
+			(int) ((unsigned char *) ethh->h_dest)[4],
+			(int) ((unsigned char *) ethh->h_dest)[5]);
+	fprintf(fp, "------------------------------------------------------\n");
+}
+
+response_type_t* icmp_echo_classify_packet(const u_char *packet, uint32_t len)
+{
+	(void)len;
+	struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
+	struct icmp *icmp_hdr = (struct icmp*)((char *)ip_hdr
+					+ sizeof(struct iphdr)); 
+	switch (icmp_hdr->icmp_type) {
+		case ICMP_ECHOREPLY:
+			return &(module_icmp_echo.responses[0]);
+		case ICMP_UNREACH: 
+			return &(module_icmp_echo.responses[1]);
+		case ICMP_SOURCEQUENCH:
+			return &(module_icmp_echo.responses[2]);
+		case ICMP_REDIRECT:
+			return &(module_icmp_echo.responses[3]);
+		case ICMP_TIMXCEED:
+			return &(module_icmp_echo.responses[4]);
+		default:
+			return &(module_icmp_echo.responses[5]);
+	}
+}
+
+int icmp_validate_packet(const struct iphdr *ip_hdr, uint32_t len, uint32_t *src_ip, uint32_t *validation)
+{
+	if (ip_hdr->protocol != IPPROTO_ICMP) {
+		return 0;
+	}
+	
+	if ((4*ip_hdr->ihl + sizeof(struct icmphdr)) > len) {
+		// buffer not large enough to contain expected icmp header 
+		return 0;
+	}
+	
+	struct icmphdr *icmp_h = (struct icmphdr*)((char *)ip_hdr + 4*ip_hdr->ihl);
+	uint16_t icmp_idnum = icmp_h->un.echo.id;
+
+	// ICMP validation is tricky: for some packet types, we must look inside 
+	// the payload
+	if (icmp_h->type == ICMP_TIME_EXCEEDED || icmp_h->type == ICMP_DEST_UNREACH) {
+		if ((4*ip_hdr->ihl + sizeof(struct icmphdr) +
+			sizeof(struct iphdr)) > len) {
+			return 0;
+		}
+		struct iphdr *ip_inner = (struct iphdr *)(icmp_h + 1);
+		if ((4*ip_hdr->ihl + sizeof(struct icmphdr) +
+				4*ip_inner->ihl + sizeof(struct icmphdr)) > len) {
+			return 0;
+		}
+		struct icmphdr *icmp_inner = (struct icmphdr*)((char *)ip_inner + 4 *ip_hdr->ihl);
+
+		// Regenerate validation and icmp id based off inner payload
+		icmp_idnum = icmp_inner->un.echo.id;
+		*src_ip = ip_inner->daddr;
+		validate_gen(ip_hdr->daddr, ip_inner->daddr, (uint8_t *)validation);
+	} 
+
+	// validate icmp id
+	if (icmp_idnum != (validation[2] & 0xFFFF)) {
+		return 0;
+	}
+
+	return 1;
+}
+
+static response_type_t responses[] = {
+	{
+		.name = "echoreply",
+		.is_success = 1	
+	},
+	{
+		.name = "unreach",
+		.is_success = 0
+	},
+	{
+		.name = "sourcequench",
+		.is_success = 0
+	},
+	{
+		.name = "redirect",
+		.is_success = 0
+	},
+	{
+		.name = "timxceed",
+		.is_success = 0
+	},
+	{
+		.name = "other",
+		.is_success = 0
+	}
+};
+
+probe_module_t module_icmp_echo = {
+	.name = "icmp_echoscan",
+	.packet_length = 62,
+	.pcap_filter = "icmp and icmp[0]!=8",
+	.pcap_snaplen = 96,
+	.port_args = 0,
+	.thread_initialize = &icmp_echo_init_perthread,
+	.make_packet = &icmp_echo_make_packet,
+	.print_packet = &icmp_echo_print_packet,
+	.classify_packet = &icmp_echo_classify_packet,
+	.validate_packet = &icmp_validate_packet,
+	.close = NULL,
+	.responses = responses
+};
+

src/probe_modules/module_tcp_synscan.c

@@ -0,0 +1,196 @@
+/*
+ * ZMap Copyright 2013 Regents of the University of Michigan 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+// probe module for performing TCP SYN scans 
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/ether.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "probe_modules.h"
+#include "packet.h"
+
+probe_module_t module_tcp_synscan;
+uint32_t num_ports = 1;
+
+int synscan_init_perthread(void* buf, macaddr_t *src,
+		macaddr_t *gw, port_h_t dst_port)
+{
+	memset(buf, 0, MAX_PACKET_SIZE);
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	make_eth_header(eth_header, src, gw);
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr));
+	make_ip_header(ip_header, IPPROTO_TCP, len);
+	struct tcphdr *tcp_header = (struct tcphdr*)(&ip_header[1]);
+	make_tcp_header(tcp_header, dst_port);
+	num_ports = zconf.source_port_last - zconf.source_port_first + 1;
+	return EXIT_SUCCESS;
+}
+
+int synscan_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
+		uint32_t *validation, int probe_num)
+{
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	struct tcphdr *tcp_header = (struct tcphdr*)(&ip_header[1]);
+	uint16_t src_port = zconf.source_port_first 
+					+ ((validation[1] + probe_num) % num_ports);
+	uint32_t tcp_seq = validation[0];
+	
+
+	ip_header->saddr = src_ip;
+	ip_header->daddr = dst_ip;
+
+	tcp_header->source = htons(src_port);
+	tcp_header->seq = tcp_seq;
+	tcp_header->check = 0;
+	tcp_header->check = tcp_checksum(sizeof(struct tcphdr),
+			ip_header->saddr, ip_header->daddr, tcp_header);
+
+	ip_header->check = 0;
+	ip_header->check = ip_checksum((unsigned short *) ip_header);
+
+	return EXIT_SUCCESS;
+}
+
+void synscan_print_packet(FILE *fp, void* packet)
+{
+	struct ethhdr *ethh = (struct ethhdr *) packet;
+	struct iphdr *iph = (struct iphdr *) &ethh[1];
+	struct tcphdr *tcph = (struct tcphdr *) &iph[1];
+	fprintf(fp, "tcp { source: %u | dest: %u | seq: %u | checksum: %u }\n",
+			ntohs(tcph->source),
+			ntohs(tcph->dest),
+			ntohl(tcph->seq),
+			ntohl(tcph->check));
+	struct in_addr *s = (struct in_addr *) &(iph->saddr);
+	struct in_addr *d = (struct in_addr *) &(iph->daddr);
+	char srcip[20];
+	char dstip[20];
+	// inet_ntoa is a const char * so we if just call it in
+	// fprintf, you'll get back wrong results since we're
+	// calling it twice.
+	strncpy(srcip, inet_ntoa(*s), 19);
+	strncpy(dstip, inet_ntoa(*d), 19);
+	fprintf(fp, "ip { saddr: %s | daddr: %s | checksum: %u }\n",
+			srcip,
+			dstip,
+			ntohl(iph->check));
+	fprintf(fp, "eth { shost: %02x:%02x:%02x:%02x:%02x:%02x | "
+			"dhost: %02x:%02x:%02x:%02x:%02x:%02x }\n",
+			(int) ((unsigned char *) ethh->h_source)[0],
+			(int) ((unsigned char *) ethh->h_source)[1],
+			(int) ((unsigned char *) ethh->h_source)[2],
+			(int) ((unsigned char *) ethh->h_source)[3],
+			(int) ((unsigned char *) ethh->h_source)[4],
+			(int) ((unsigned char *) ethh->h_source)[5],
+			(int) ((unsigned char *) ethh->h_dest)[0],
+			(int) ((unsigned char *) ethh->h_dest)[1],
+			(int) ((unsigned char *) ethh->h_dest)[2],
+			(int) ((unsigned char *) ethh->h_dest)[3],
+			(int) ((unsigned char *) ethh->h_dest)[4],
+			(int) ((unsigned char *) ethh->h_dest)[5]);
+	fprintf(fp, "------------------------------------------------------\n");
+}
+
+response_type_t* synscan_classify_packet(const u_char *packet, uint32_t len)
+{
+	(void)len;
+	struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
+	struct tcphdr *tcp = (struct tcphdr*)((char *)ip_hdr 
+					+ (sizeof(struct iphdr)));
+	if (tcp->rst) { // RST packet
+			return &(module_tcp_synscan.responses[1]);
+	} else { // SYNACK packet
+			return &(module_tcp_synscan.responses[0]);
+	}
+}
+// Returns 0 if dst_port is outside the expected valid range, non-zero otherwise
+static inline int check_dst_port(uint16_t port, uint32_t *validation)
+{
+	if (port > zconf.source_port_last 
+					|| port < zconf.source_port_first) {
+		return EXIT_FAILURE;
+	}
+	int32_t to_validate = port - zconf.source_port_first;
+	int32_t min = validation[1] % num_ports;
+	int32_t max = (validation[1] + zconf.packet_streams - 1) % num_ports;
+
+	return (((max - min) % num_ports) >= ((to_validate - min) % num_ports));
+}
+
+int synscan_validate_packet(const struct iphdr *ip_hdr, uint32_t len, 
+				__attribute__((unused))uint32_t *src_ip, uint32_t *validation)
+{
+	if (ip_hdr->protocol != IPPROTO_TCP) {
+		return 0;
+	}
+
+	if ((4*ip_hdr->ihl + sizeof(struct tcphdr)) > len) {
+		// buffer not large enough to contain expected tcp header 
+		return 0;
+	}
+	struct tcphdr *tcp = (struct tcphdr*)((char *)ip_hdr + 4*ip_hdr->ihl);
+	uint16_t sport = tcp->source;
+	uint16_t dport = tcp->dest;
+
+	// validate source port
+	if (ntohs(sport) != zconf.target_port) {
+		return 0;
+	}
+
+	// validate destination port
+	if (!check_dst_port(ntohs(dport), validation)) {
+		return 0;
+	}
+
+	// validate tcp acknowledgement number
+	if (htonl(tcp->ack_seq) != htonl(validation[0])+1) {
+		return 0;
+	}
+	
+	return 1;
+}
+
+static response_type_t responses[] = {
+	{
+		.is_success = 1,	
+		.name = "synack"
+	},
+	{
+		.is_success = 0,
+		.name = "rst"
+	}
+};
+
+probe_module_t module_tcp_synscan = {
+	.name = "tcp_synscan",
+	.packet_length = 54,
+	.pcap_filter = "tcp && tcp[13] & 4 != 0 || tcp[13] == 18",
+	.pcap_snaplen = 96,
+	.port_args = 1,
+	.thread_initialize = &synscan_init_perthread,
+	.make_packet = &synscan_make_packet,
+	.print_packet = &synscan_print_packet,
+	.classify_packet = &synscan_classify_packet,
+	.validate_packet = &synscan_validate_packet,
+	.close = NULL,
+	.responses = responses,
+};
+

src/probe_modules/module_udp.c

@@ -0,0 +1,227 @@
+/*
+ * ZMap Copyright 2013 Regents of the University of Michigan 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+/* send module for performing TCP SYN scans */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <string.h>
+#include <assert.h>
+
+#include <netinet/udp.h>
+#include <netinet/ip.h>
+#include <netinet/ether.h>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "probe_modules.h"
+#include "packet.h"
+
+const char *udp_send_msg = "GET / HTTP/1.1\r\n\r\n"; // Must be null-terminated
+static int num_ports = 1;
+
+probe_module_t module_udp;
+
+int udp_init_perthread(void* buf, macaddr_t *src,
+		macaddr_t *gw, __attribute__((unused)) port_h_t dst_port)
+{
+	memset(buf, 0, MAX_PACKET_SIZE);
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	make_eth_header(eth_header, src, gw);
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + strlen(udp_send_msg));
+	make_ip_header(ip_header, IPPROTO_UDP, len);
+
+	struct udphdr *udp_header = (struct udphdr*)(&ip_header[1]);
+	len = sizeof(struct udphdr) + strlen(udp_send_msg);
+	make_udp_header(udp_header, zconf.target_port, len);
+
+	char* payload = (char*)(&udp_header[1]);
+
+	module_udp.packet_length = sizeof(struct ethhdr) + sizeof(struct iphdr) 
+				+ sizeof(struct udphdr) + strlen(udp_send_msg);
+	assert(module_udp.packet_length <= MAX_PACKET_SIZE);
+
+	strcpy(payload, udp_send_msg);
+
+	num_ports = zconf.source_port_last - zconf.source_port_first + 1;
+
+	return EXIT_SUCCESS;
+}
+
+int udp_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip, 
+		uint32_t *validation, int probe_num)
+{
+	struct ethhdr *eth_header = (struct ethhdr *)buf;
+	struct iphdr *ip_header = (struct iphdr*)(&eth_header[1]);
+	struct udphdr *udp_header = (struct udphdr*)(&ip_header[1]);
+	uint16_t src_port = zconf.source_port_first
+					+ ((validation[1] + probe_num) % num_ports);
+
+	ip_header->saddr = src_ip;
+	ip_header->daddr = dst_ip;
+	udp_header->source = src_port;
+
+	ip_header->check = 0;
+	ip_header->check = ip_checksum((unsigned short *) ip_header);
+
+	return EXIT_SUCCESS;
+}
+
+void udp_print_packet(FILE *fp, void* packet)
+{
+	struct ethhdr *ethh = (struct ethhdr *) packet;
+	struct iphdr *iph = (struct iphdr *) &ethh[1];
+	struct udphdr *udph  = (struct udphdr*)(&iph[1]);
+	fprintf(fp, "udp { source: %u | dest: %u | checksum: %u }\n",
+			ntohs(udph->source),
+			ntohs(udph->dest),
+			ntohl(udph->check));
+	//ip_header = (struct iphdr*)(&eth_header[1])
+	struct in_addr *s = (struct in_addr *) &(iph->saddr);
+	struct in_addr *d = (struct in_addr *) &(iph->daddr);
+	char srcip[20];
+	char dstip[20];
+	// inet_ntoa is a const char * so we if just call it in
+	// fprintf, you'll get back wrong results since we're
+	// calling it twice.
+	strncpy(srcip, inet_ntoa(*s), 19);
+	strncpy(dstip, inet_ntoa(*d), 19);
+	fprintf(fp, "ip { saddr: %s | daddr: %s | checksum: %u }\n",
+			srcip,
+			dstip,
+			ntohl(iph->check));
+	fprintf(fp, "eth { shost: %02x:%02x:%02x:%02x:%02x:%02x | "
+			"dhost: %02x:%02x:%02x:%02x:%02x:%02x }\n",
+			(int) ((unsigned char *) ethh->h_source)[0],
+			(int) ((unsigned char *) ethh->h_source)[1],
+			(int) ((unsigned char *) ethh->h_source)[2],
+			(int) ((unsigned char *) ethh->h_source)[3],
+			(int) ((unsigned char *) ethh->h_source)[4],
+			(int) ((unsigned char *) ethh->h_source)[5],
+			(int) ((unsigned char *) ethh->h_dest)[0],
+			(int) ((unsigned char *) ethh->h_dest)[1],
+			(int) ((unsigned char *) ethh->h_dest)[2],
+			(int) ((unsigned char *) ethh->h_dest)[3],
+			(int) ((unsigned char *) ethh->h_dest)[4],
+			(int) ((unsigned char *) ethh->h_dest)[5]);
+	fprintf(fp, "------------------------------------------------------\n");
+}
+
+
+response_type_t* udp_classify_packet(const u_char *packet, uint32_t len)
+{
+	(void)len;
+	struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
+	if (ip_hdr->protocol == IPPROTO_UDP) {
+		return &(module_udp.responses[0]);
+	} else if (ip_hdr->protocol == IPPROTO_ICMP) {
+		return &(module_udp.responses[1]);
+	} else {
+		return &(module_udp.responses[2]);
+	}
+}
+
+// Returns 0 if dst_port is outside the expected valid range, non-zero otherwise
+static inline int check_dst_port(uint16_t port, uint32_t *validation)
+{
+	if (port > zconf.source_port_last 
+					|| port < zconf.source_port_first) {
+		return EXIT_FAILURE;
+	}
+	int32_t to_validate = port - zconf.source_port_first;
+	int32_t min = validation[1] % num_ports;
+	int32_t max = (validation[1] + zconf.packet_streams - 1) % num_ports;
+
+	return (((max - min) % num_ports) >= ((to_validate - min) % num_ports));
+}
+
+int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len, 
+		__attribute__((unused))uint32_t *src_ip, uint32_t *validation)
+{
+	uint16_t dport, sport;
+	if (ip_hdr->protocol == IPPROTO_UDP) {
+		if ((4*ip_hdr->ihl + sizeof(struct udphdr)) > len) {
+			// buffer not large enough to contain expected udp header 
+			return 0;
+		}
+		struct udphdr *udp = (struct udphdr*)((char *)ip_hdr + 4*ip_hdr->ihl);
+
+		sport = ntohs(udp->dest);
+		dport = ntohs(udp->source);
+	} else if (ip_hdr->protocol == IPPROTO_ICMP) {
+		// UDP can return ICMP Destination unreach
+		// IP( ICMP( IP( UDP ) ) ) for a destination unreach
+		uint32_t min_len = 4*ip_hdr->ihl + sizeof(struct icmphdr)
+				+ sizeof(struct iphdr) + sizeof(struct udphdr);
+		if (len < min_len) {
+			// Not enough information for us to validate
+			return 0;
+		}
+
+		struct icmphdr *icmp = (struct icmphdr*)((char *)ip_hdr + 4*ip_hdr->ihl);
+		if (icmp->type != ICMP_DEST_UNREACH) {
+			return 0;
+		}
+		
+		struct iphdr *ip_inner = (struct iphdr*)&icmp[1];
+		// Now we know the actual inner ip length, we should recheck the buffer
+		if (len < 4*ip_inner->ihl - sizeof(struct iphdr) + min_len) {
+			return 0;
+		}
+		// This is the packet we sent
+		struct udphdr *udp = (struct udphdr *)((char*)ip_inner + 4*ip_inner->ihl);
+
+		sport = ntohs(udp->source);
+		dport = ntohs(udp->dest);	
+	} else {
+		return 0;
+	}
+	if (dport != zconf.target_port) {
+		return 0;
+	}
+	if (!check_dst_port(sport, validation)) {
+		return 0;
+	}
+	return 1;
+}
+
+static response_type_t responses[] = {
+	{
+		.is_success = 1,
+		.name = "data"
+	},
+	{
+		.is_success = 0,
+		.name = "port-unreach"
+	},
+	{
+		.is_success = 0,
+		.name = "invalid"
+	}
+};
+
+probe_module_t module_udp = {
+	.name = "udp",
+	.packet_length = 96,
+	.pcap_filter = "udp || icmp",
+	.pcap_snaplen = 96,
+	.port_args = 1,
+	.thread_initialize = &udp_init_perthread,
+	.make_packet = &udp_make_packet,
+	.print_packet = &udp_print_packet,
+	.validate_packet = &udp_validate_packet,
+	.classify_packet = &udp_classify_packet,
+	.close = NULL,
+	.responses = responses
+};
+

src/probe_modules/packet.c

@@ -0,0 +1,89 @@
+/*
+ * ZMap Copyright 2013 Regents of the University of Michigan 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include "packet.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <netinet/ether.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <netinet/ip_icmp.h>
+
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#include "state.h"
+
+void print_macaddr(struct ifreq* i)
+{
+	printf("Device %s -> Ethernet %02x:%02x:%02x:%02x:%02x:%02x\n",
+			i->ifr_name,
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[0],
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[1],
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[2],
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[3],
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[4],
+			(int) ((unsigned char *) &i->ifr_hwaddr.sa_data)[5]);
+}
+
+void make_eth_header(struct ethhdr *ethh, macaddr_t *src, macaddr_t *dst)
+{
+	memcpy(ethh->h_source, src, ETH_ALEN);
+	memcpy(ethh->h_dest, dst, ETH_ALEN);
+	ethh->h_proto = htons(ETH_P_IP);
+}
+
+void make_ip_header(struct iphdr *iph, uint8_t protocol, uint16_t len)
+{	   
+	iph->ihl = 5; // Internet Header Length
+	iph->version = 4; // IPv4
+	iph->tos = 0; // Type of Service
+	iph->tot_len = len; 
+	iph->id = htons(54321); // identification number
+	iph->frag_off = 0; //fragmentation falg
+	iph->ttl = MAXTTL; // time to live (TTL)
+	iph->protocol = protocol; // upper layer protocol => TCP
+	// we set the checksum = 0 for now because that's
+	// what it needs to be when we run the IP checksum
+	iph->check = 0;
+}
+
+void make_icmp_header(struct icmp *buf)
+{
+	buf->icmp_type = ICMP_ECHO;
+	buf->icmp_code = 0;
+	buf->icmp_seq = 0;
+}
+
+void make_tcp_header(struct tcphdr *tcp_header, port_h_t dest_port)
+{
+    tcp_header->seq = random();
+    tcp_header->ack_seq = 0;
+    tcp_header->res2 = 0;
+    tcp_header->doff = 5; // data offset 
+    tcp_header->syn = 1;
+    tcp_header->window = htons(65535); // largest possible window
+    tcp_header->check = 0;
+    tcp_header->urg_ptr = 0;
+    tcp_header->dest = htons(dest_port);
+}
+
+void make_udp_header(struct udphdr *udp_header, port_h_t dest_port,
+				uint16_t len)
+{
+	udp_header->dest = htons(dest_port);
+	udp_header->len = htons(len);
+	// checksum ignored in IPv4 if 0
+	udp_header->check = 0;
+}
+

src/probe_modules/packet.h

@@ -0,0 +1,82 @@
+#include "state.h"
+
+#include <netinet/ether.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/ip_icmp.h>
+#include <netinet/udp.h>
+
+#ifndef HEADER_ZMAP_PACKET_H
+#define HEADER_ZMAP_PACKET_H
+
+#define MAX_PACKET_SIZE 4096
+
+typedef unsigned short __attribute__((__may_alias__)) alias_unsigned_short;
+
+void make_eth_header(struct ethhdr *ethh, macaddr_t *src, macaddr_t *dst);
+
+void make_ip_header(struct iphdr *iph, uint8_t, uint16_t);
+void make_tcp_header(struct tcphdr*, port_h_t);
+void make_icmp_header(struct icmp *);
+void make_udp_header(struct udphdr *udp_header, port_h_t dest_port,
+				uint16_t len);
+
+static inline unsigned short in_checksum(unsigned short *ip_pkt, int len)
+{
+	unsigned long sum = 0;
+	for (int nwords = len/2; nwords > 0; nwords--) {
+		sum += *ip_pkt++;
+	}
+	sum = (sum >> 16) + (sum & 0xffff);
+	sum += (sum >> 16);
+	return (unsigned short) (~sum);
+}
+
+__attribute__((unused)) static inline unsigned short ip_checksum(
+                unsigned short *buf)
+{
+	return in_checksum(buf, (int) sizeof(struct iphdr));
+}
+
+__attribute__((unused)) static inline unsigned short icmp_checksum(
+                unsigned short *buf)
+{
+	return in_checksum(buf, (int) sizeof(struct icmp));
+}
+
+static __attribute__((unused)) uint16_t tcp_checksum(unsigned short len_tcp,
+		uint32_t saddr, uint32_t daddr, struct tcphdr *tcp_pkt)
+{
+	alias_unsigned_short *src_addr = (alias_unsigned_short *) &saddr;
+	alias_unsigned_short *dest_addr = (alias_unsigned_short *) &daddr;
+
+	unsigned char prot_tcp = 6;
+	unsigned long sum = 0;
+	int nleft = len_tcp;
+	unsigned short *w;
+
+	w = (unsigned short *) tcp_pkt;
+	// calculate the checksum for the tcp header and tcp data
+	while(nleft > 1) {
+		sum += *w++;
+		nleft -= 2;
+	}
+	// if nleft is 1 there ist still on byte left.
+	// We add a padding byte (0xFF) to build a 16bit word
+	if (nleft > 0) {
+		sum += *w & ntohs(0xFF00);
+	}
+	// add the pseudo header
+	sum += src_addr[0];
+	sum += src_addr[1];
+	sum += dest_addr[0];
+	sum += dest_addr[1];
+	sum += htons(len_tcp);
+	sum += htons(prot_tcp);
+	sum = (sum >> 16) + (sum & 0xFFFF);
+	sum += (sum >> 16);
+	// Take the one's complement of sum
+	return (unsigned short) (~sum);
+}
+
+#endif

src/probe_modules/probe_modules.c

@@ -0,0 +1,42 @@
+/*
+ * ZMap Copyright 2013 Regents of the University of Michigan 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "probe_modules.h"
+
+extern probe_module_t module_tcp_synscan;
+extern probe_module_t module_icmp_echo;
+extern probe_module_t module_udp;
+// ADD YOUR MODULE HERE
+
+probe_module_t* probe_modules[] = {
+	&module_tcp_synscan,
+	&module_icmp_echo,
+	&module_udp
+	// ADD YOUR MODULE HERE
+};
+
+
+probe_module_t* get_probe_module_by_name(const char* name)
+{
+	for (int i=0; i < (int) (sizeof(probe_modules)/sizeof(probe_modules[0])); i++) {
+		if (!strcmp(probe_modules[i]->name, name)) {
+			return probe_modules[i];
+		}
+	}
+	return NULL;
+}
+
+void print_probe_modules(void)
+{
+	for (int i=0; i < (int) (sizeof(probe_modules)/sizeof(probe_modules[0])); i++) {
+		printf("%s\n", probe_modules[i]->name);
+	}
+}

src/probe_modules/probe_modules.h

@@ -0,0 +1,45 @@
+#include "../state.h"
+
+#ifndef HEADER_PROBE_MODULES_H
+#define HEADER_PROBE_MODULES_H
+
+typedef struct probe_response_type {
+		const uint8_t is_success;
+		const char *name;
+} response_type_t;
+
+typedef int (*probe_global_init_cb)(struct state_conf *);
+typedef int (*probe_thread_init_cb)(void* packetbuf, macaddr_t* src_mac, macaddr_t* gw_mac, port_n_t src_port);
+typedef int (*probe_make_packet_cb)(void* packetbuf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
+			uint32_t *validation, int probe_num);
+typedef void (*probe_print_packet_cb)(FILE *, void* packetbuf);
+typedef int (*probe_close_cb)(struct state_conf*,  struct state_send*, struct state_recv*);
+typedef response_type_t* (*probe_classify_packet_cb)(const u_char* packetbuf, uint32_t len);
+typedef int (*probe_validate_packet_cb)(const struct iphdr *ip_hdr, uint32_t len, uint32_t *src_ip, uint32_t *validation);
+
+typedef struct probe_module {
+	const char *name;
+	size_t packet_length;
+	const char *pcap_filter;
+	size_t pcap_snaplen;
+
+	// Should ZMap complain if the user hasn't specified valid
+	// source and target port numbers?
+	uint8_t port_args;
+
+	response_type_t *responses;
+
+	probe_global_init_cb global_initialize;
+	probe_thread_init_cb thread_initialize;
+	probe_make_packet_cb make_packet;
+	probe_print_packet_cb print_packet;
+	probe_validate_packet_cb validate_packet;
+	probe_classify_packet_cb classify_packet;
+	probe_close_cb close;
+
+} probe_module_t;
+
+probe_module_t* get_probe_module_by_name(const char*);
+void print_probe_modules(void);
+
+#endif // HEADER_PROBE_MODULES_H