adding UDP module back in with field set usage
This commit is contained in:
Zakir Durumeric
parent
d1eeff167d
commit
8cd541d039
@ -30,7 +30,7 @@ EXTRALDFLAGS= $(LDHARDENING)
|
||||
CFLAGS+=$(INCLUDE) $(EXTRACFLAGS)
|
||||
LDFLAGS+=$(EXTRALDFLAGS)
|
||||
|
||||
probemodules=module_tcp_synscan.o module_icmp_echo.o #module_udp.o #ADD YOUR PROBE MODULE HERE
|
||||
probemodules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR PROBE MODULE HERE
|
||||
outputmodules= module_csv.o #ADD YOUR OUTPUT MODULE HERE
|
||||
|
||||
objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o packet.o probe_modules.o ${probemodules} ${outputmodules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o fieldset.o
|
||||
|
||||
@ -50,6 +50,11 @@ static inline void fs_add_word(fieldset_t *fs, const char *name, int type,
|
||||
f->free_ = free_;
|
||||
}
|
||||
|
||||
void fs_add_null(fieldset_t *fs, const char *name)
|
||||
{
|
||||
fs_add_word(fs, name, FS_NULL, 0, 0, NULL);
|
||||
}
|
||||
|
||||
void fs_add_string(fieldset_t *fs, const char *name, char *value, int free_)
|
||||
{
|
||||
fs_add_word(fs, name, FS_STRING, free_, strlen(value), (void*) value);
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
#define FS_STRING 0
|
||||
#define FS_UINT64 1
|
||||
#define FS_BINARY 2
|
||||
#define FS_NULL 3
|
||||
|
||||
// definition of a field that's provided by a probe module
|
||||
// these are used so that users can ask at the command-line
|
||||
@ -82,6 +83,8 @@ void fs_add_binary(fieldset_t *fs, const char *name, size_t len,
|
||||
|
||||
uint64_t fs_get_uint64_by_index(fieldset_t *fs, int index);
|
||||
|
||||
void fs_add_null(fieldset_t *fs, const char *name);
|
||||
|
||||
void fs_free(fieldset_t *fs);
|
||||
|
||||
void fs_generate_fieldset_translation(translation_t *t,
|
||||
|
||||
@ -83,6 +83,8 @@ int csv_process(fieldset_t *fs)
|
||||
fprintf(file, "%lu", (uint64_t) f->value);
|
||||
} else if (f->type == FS_BINARY) {
|
||||
hex_encode(file, (unsigned char*) f->value, f->len);
|
||||
} else if (f->type == FS_NULL) {
|
||||
// do nothing
|
||||
} else {
|
||||
log_fatal("csv", "received unknown output type");
|
||||
}
|
||||
|
||||
@ -156,6 +156,8 @@ int json_output_file_ip(fieldset_t *fs)
|
||||
} else if (f->type == FS_BINARY) {
|
||||
json_output_file_store_data(obj,
|
||||
(const u_char*) f->value, f->len);
|
||||
} else if (f->type == FS_NULL) {
|
||||
// do nothing
|
||||
} else {
|
||||
log_fatal("csv", "received unknown output type");
|
||||
}
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
*/
|
||||
|
||||
/* send module for performing TCP SYN scans */
|
||||
/* send module for performing arbitrary UDP scans */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
@ -18,6 +18,7 @@
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ether.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
@ -28,6 +29,7 @@
|
||||
#include "logger.h"
|
||||
|
||||
#define MAX_UDP_PAYLOAD_LEN 1472
|
||||
#define UNUSED __attribute__((unused))
|
||||
|
||||
char *udp_send_msg = NULL;
|
||||
int udp_send_msg_len = 0;
|
||||
@ -171,7 +173,6 @@ int udp_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
|
||||
ip_header->daddr = dst_ip;
|
||||
udp_header->source = get_src_port(num_ports, probe_num,
|
||||
validation);
|
||||
|
||||
ip_header->check = 0;
|
||||
ip_header->check = ip_checksum((unsigned short *) ip_header);
|
||||
|
||||
@ -192,16 +193,32 @@ void udp_print_packet(FILE *fp, void* packet)
|
||||
fprintf(fp, "------------------------------------------------------\n");
|
||||
}
|
||||
|
||||
response_type_t* udp_classify_packet(const u_char *packet, uint32_t len)
|
||||
void udp_process_packet(const u_char *packet, UNUSED uint32_t len, fieldset_t *fs)
|
||||
{
|
||||
(void)len;
|
||||
struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
|
||||
if (ip_hdr->protocol == IPPROTO_UDP) {
|
||||
return &(module_udp.responses[0]);
|
||||
struct udphdr *udp = (struct udphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
|
||||
fs_add_string(fs, "classification", (char*) "udp", 0);
|
||||
fs_add_uint64(fs, "is_success", 1);
|
||||
fs_add_uint64(fs, "sport", ntohs(udp->source));
|
||||
fs_add_uint64(fs, "dport", ntohs(udp->dest));
|
||||
fs_add_null(fs, "icmp_type");
|
||||
fs_add_null(fs, "icmp_code");
|
||||
} else if (ip_hdr->protocol == IPPROTO_ICMP) {
|
||||
return &(module_udp.responses[1]);
|
||||
struct icmphdr *icmp = (struct icmphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
|
||||
fs_add_string(fs, "classification", (char*) "icmp-unreach", 0);
|
||||
fs_add_uint64(fs, "is_success", 0);
|
||||
fs_add_null(fs, "sport");
|
||||
fs_add_null(fs, "dport");
|
||||
fs_add_uint64(fs, "icmp_type", ntohs(icmp->type));
|
||||
fs_add_uint64(fs, "icmp_code", ntohs(icmp->code));
|
||||
} else {
|
||||
return &(module_udp.responses[2]);
|
||||
fs_add_string(fs, "classification", (char*) "other", 0);
|
||||
fs_add_uint64(fs, "is_success", 0);
|
||||
fs_add_null(fs, "sport");
|
||||
fs_add_null(fs, "dport");
|
||||
fs_add_null(fs, "icmp_type");
|
||||
fs_add_null(fs, "icmp_code");
|
||||
}
|
||||
}
|
||||
|
||||
@ -255,19 +272,13 @@ int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static response_type_t responses[] = {
|
||||
{
|
||||
.is_success = 1,
|
||||
.name = "data"
|
||||
},
|
||||
{
|
||||
.is_success = 0,
|
||||
.name = "port-unreach"
|
||||
},
|
||||
{
|
||||
.is_success = 0,
|
||||
.name = "invalid"
|
||||
}
|
||||
static fielddef_t fields[] = {
|
||||
{.name = "classification", .type="string", .desc = "packet classification"},
|
||||
{.name = "success", .type="int", .desc = "is response considered success"},
|
||||
{.name = "sport", .type = "int", .desc = "UDP source port"},
|
||||
{.name = "dport", .type = "int", .desc = "UDP destination port"},
|
||||
{.name = "icmp_type", .type = "int", .desc = "icmp message type"},
|
||||
{.name = "icmp_code", .type = "int", .desc = "icmp message sub type code"}
|
||||
};
|
||||
|
||||
probe_module_t module_udp = {
|
||||
@ -281,8 +292,9 @@ probe_module_t module_udp = {
|
||||
.make_packet = &udp_make_packet,
|
||||
.print_packet = &udp_print_packet,
|
||||
.validate_packet = &udp_validate_packet,
|
||||
.classify_packet = &udp_classify_packet,
|
||||
.process_packet = &udp_process_packet,
|
||||
.close = &udp_global_cleanup,
|
||||
.responses = responses
|
||||
.fields = fields,
|
||||
.numfields = 6
|
||||
};
|
||||
|
||||
|
||||
@ -24,13 +24,13 @@
|
||||
|
||||
extern probe_module_t module_tcp_synscan;
|
||||
extern probe_module_t module_icmp_echo;
|
||||
//extern probe_module_t module_udp;
|
||||
extern probe_module_t module_udp;
|
||||
// ADD YOUR MODULE HERE
|
||||
|
||||
probe_module_t* probe_modules[] = {
|
||||
&module_tcp_synscan,
|
||||
&module_icmp_echo,
|
||||
// &module_udp
|
||||
&module_udp
|
||||
// ADD YOUR MODULE HERE
|
||||
};
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user