From 8cd541d03932055842a7f1e909562f15fc2d4c57 Mon Sep 17 00:00:00 2001
From: Zakir Durumeric <zakird@gmail.com>
Date: Fri, 30 Aug 2013 02:55:39 -0400
Subject: [PATCH] adding UDP module back in with field set usage

---
 src/Makefile                      |  2 +-
 src/fieldset.c                    |  5 +++
 src/fieldset.h                    |  3 ++
 src/output_modules/module_csv.c   |  2 ++
 src/output_modules/module_json.c  |  2 ++
 src/probe_modules/module_udp.c    | 56 +++++++++++++++++++------------
 src/probe_modules/probe_modules.c |  4 +--
 7 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index 4ad3b50..234b107 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -30,7 +30,7 @@ EXTRALDFLAGS= $(LDHARDENING)
 CFLAGS+=$(INCLUDE) $(EXTRACFLAGS)
 LDFLAGS+=$(EXTRALDFLAGS)
 
-probemodules=module_tcp_synscan.o module_icmp_echo.o #module_udp.o #ADD YOUR PROBE MODULE HERE
+probemodules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR PROBE MODULE HERE
 outputmodules= module_csv.o #ADD YOUR OUTPUT MODULE HERE
 
 objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o packet.o probe_modules.o ${probemodules} ${outputmodules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o fieldset.o
diff --git a/src/fieldset.c b/src/fieldset.c
index d8a7f08..34c9fdf 100644
--- a/src/fieldset.c
+++ b/src/fieldset.c
@@ -50,6 +50,11 @@ static inline void fs_add_word(fieldset_t *fs, const char *name, int type,
 	f->free_ = free_;
 }
 
+void fs_add_null(fieldset_t *fs, const char *name)
+{
+	fs_add_word(fs, name, FS_NULL, 0, 0, NULL);
+}
+
 void fs_add_string(fieldset_t *fs, const char *name, char *value, int free_)
 {
 	fs_add_word(fs, name, FS_STRING, free_, strlen(value), (void*) value);
diff --git a/src/fieldset.h b/src/fieldset.h
index 7e20d15..9d49ba3 100644
--- a/src/fieldset.h
+++ b/src/fieldset.h
@@ -20,6 +20,7 @@
 #define FS_STRING 0
 #define FS_UINT64 1
 #define FS_BINARY 2
+#define FS_NULL 3
 
 // definition of a field that's provided by a probe module
 // these are used so that users can ask at the command-line
@@ -82,6 +83,8 @@ void fs_add_binary(fieldset_t *fs, const char *name, size_t len,
 
 uint64_t fs_get_uint64_by_index(fieldset_t *fs, int index);
 
+void fs_add_null(fieldset_t *fs, const char *name);
+
 void fs_free(fieldset_t *fs);
 
 void fs_generate_fieldset_translation(translation_t *t, 
diff --git a/src/output_modules/module_csv.c b/src/output_modules/module_csv.c
index 151a0f9..b15094f 100644
--- a/src/output_modules/module_csv.c
+++ b/src/output_modules/module_csv.c
@@ -83,6 +83,8 @@ int csv_process(fieldset_t *fs)
 			fprintf(file, "%lu", (uint64_t) f->value); 
 		} else if (f->type == FS_BINARY) {
 			hex_encode(file, (unsigned char*) f->value, f->len);
+		} else if (f->type == FS_NULL) {
+			// do nothing
 		} else {
 			log_fatal("csv", "received unknown output type");
 		}
diff --git a/src/output_modules/module_json.c b/src/output_modules/module_json.c
index da31ea5..dd5b352 100644
--- a/src/output_modules/module_json.c
+++ b/src/output_modules/module_json.c
@@ -156,6 +156,8 @@ int json_output_file_ip(fieldset_t *fs)
 		} else if (f->type == FS_BINARY) {
 			json_output_file_store_data(obj,
 					(const u_char*) f->value, f->len); 
+		} else if (f->type == FS_NULL) {
+			// do nothing
 		} else {
 			log_fatal("csv", "received unknown output type");
 		}
diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c
index e048b64..61a92d0 100644
--- a/src/probe_modules/module_udp.c
+++ b/src/probe_modules/module_udp.c
@@ -6,7 +6,7 @@
  * of the License at http://www.apache.org/licenses/LICENSE-2.0
  */
 
-/* send module for performing TCP SYN scans */
+/* send module for performing arbitrary UDP scans */
 
 #include <stdlib.h>
 #include <stdio.h>
@@ -18,6 +18,7 @@
 #include <netinet/udp.h>
 #include <netinet/ip.h>
 #include <netinet/ether.h>
+#include <netinet/ip_icmp.h>
 
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -28,6 +29,7 @@
 #include "logger.h"
 
 #define MAX_UDP_PAYLOAD_LEN 1472
+#define UNUSED __attribute__((unused))
 
 char *udp_send_msg = NULL;
 int udp_send_msg_len = 0;
@@ -171,7 +173,6 @@ int udp_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
 	ip_header->daddr = dst_ip;
 	udp_header->source = get_src_port(num_ports, probe_num,
 					validation);
-
 	ip_header->check = 0;
 	ip_header->check = ip_checksum((unsigned short *) ip_header);
 
@@ -192,16 +193,32 @@ void udp_print_packet(FILE *fp, void* packet)
 	fprintf(fp, "------------------------------------------------------\n");
 }
 
-response_type_t* udp_classify_packet(const u_char *packet, uint32_t len)
+void udp_process_packet(const u_char *packet, UNUSED uint32_t len, fieldset_t *fs)
 {
-	(void)len;
 	struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
 	if (ip_hdr->protocol == IPPROTO_UDP) {
-		return &(module_udp.responses[0]);
+		struct udphdr *udp = (struct udphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
+		fs_add_string(fs, "classification", (char*) "udp", 0);
+		fs_add_uint64(fs, "is_success", 1);
+		fs_add_uint64(fs, "sport", ntohs(udp->source));
+		fs_add_uint64(fs, "dport", ntohs(udp->dest));
+		fs_add_null(fs, "icmp_type");
+		fs_add_null(fs, "icmp_code");
 	} else if (ip_hdr->protocol == IPPROTO_ICMP) {
-		return &(module_udp.responses[1]);
+		struct icmphdr *icmp = (struct icmphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
+		fs_add_string(fs, "classification", (char*) "icmp-unreach", 0);
+		fs_add_uint64(fs, "is_success", 0);
+		fs_add_null(fs, "sport");
+		fs_add_null(fs, "dport");
+		fs_add_uint64(fs, "icmp_type", ntohs(icmp->type));
+		fs_add_uint64(fs, "icmp_code", ntohs(icmp->code));
 	} else {
-		return &(module_udp.responses[2]);
+		fs_add_string(fs, "classification", (char*) "other", 0);
+		fs_add_uint64(fs, "is_success", 0);
+		fs_add_null(fs, "sport");
+		fs_add_null(fs, "dport");
+		fs_add_null(fs, "icmp_type");
+		fs_add_null(fs, "icmp_code");
 	}
 }
 
@@ -255,19 +272,13 @@ int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len,
 	return 1;
 }
 
-static response_type_t responses[] = {
-	{
-		.is_success = 1,
-		.name = "data"
-	},
-	{
-		.is_success = 0,
-		.name = "port-unreach"
-	},
-	{
-		.is_success = 0,
-		.name = "invalid"
-	}
+static fielddef_t fields[] = {
+	{.name = "classification", .type="string", .desc = "packet classification"},
+	{.name = "success", .type="int", .desc = "is response considered success"},
+	{.name = "sport",  .type = "int", .desc = "UDP source port"},
+	{.name = "dport",  .type = "int", .desc = "UDP destination port"},
+	{.name = "icmp_type", .type = "int", .desc = "icmp message type"},
+	{.name = "icmp_code", .type = "int", .desc = "icmp message sub type code"}
 };
 
 probe_module_t module_udp = {
@@ -281,8 +292,9 @@ probe_module_t module_udp = {
 	.make_packet = &udp_make_packet,
 	.print_packet = &udp_print_packet,
 	.validate_packet = &udp_validate_packet,
-	.classify_packet = &udp_classify_packet,
+	.process_packet = &udp_process_packet,
 	.close = &udp_global_cleanup,
-	.responses = responses
+	.fields = fields,
+	.numfields = 6 
 };
 
diff --git a/src/probe_modules/probe_modules.c b/src/probe_modules/probe_modules.c
index c05072f..b12b9cf 100644
--- a/src/probe_modules/probe_modules.c
+++ b/src/probe_modules/probe_modules.c
@@ -24,13 +24,13 @@
 
 extern probe_module_t module_tcp_synscan;
 extern probe_module_t module_icmp_echo;
-//extern probe_module_t module_udp;
+extern probe_module_t module_udp;
 // ADD YOUR MODULE HERE
 
 probe_module_t* probe_modules[] = {
 	&module_tcp_synscan,
 	&module_icmp_echo,
-//	&module_udp
+	&module_udp
 	// ADD YOUR MODULE HERE
 };