adding UDP module back in with field set usage
This commit is contained in:
parent
d1eeff167d
commit
8cd541d039
@ -30,7 +30,7 @@ EXTRALDFLAGS= $(LDHARDENING)
|
|||||||
CFLAGS+=$(INCLUDE) $(EXTRACFLAGS)
|
CFLAGS+=$(INCLUDE) $(EXTRACFLAGS)
|
||||||
LDFLAGS+=$(EXTRALDFLAGS)
|
LDFLAGS+=$(EXTRALDFLAGS)
|
||||||
|
|
||||||
probemodules=module_tcp_synscan.o module_icmp_echo.o #module_udp.o #ADD YOUR PROBE MODULE HERE
|
probemodules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR PROBE MODULE HERE
|
||||||
outputmodules= module_csv.o #ADD YOUR OUTPUT MODULE HERE
|
outputmodules= module_csv.o #ADD YOUR OUTPUT MODULE HERE
|
||||||
|
|
||||||
objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o packet.o probe_modules.o ${probemodules} ${outputmodules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o fieldset.o
|
objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o packet.o probe_modules.o ${probemodules} ${outputmodules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o fieldset.o
|
||||||
|
@ -50,6 +50,11 @@ static inline void fs_add_word(fieldset_t *fs, const char *name, int type,
|
|||||||
f->free_ = free_;
|
f->free_ = free_;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void fs_add_null(fieldset_t *fs, const char *name)
|
||||||
|
{
|
||||||
|
fs_add_word(fs, name, FS_NULL, 0, 0, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
void fs_add_string(fieldset_t *fs, const char *name, char *value, int free_)
|
void fs_add_string(fieldset_t *fs, const char *name, char *value, int free_)
|
||||||
{
|
{
|
||||||
fs_add_word(fs, name, FS_STRING, free_, strlen(value), (void*) value);
|
fs_add_word(fs, name, FS_STRING, free_, strlen(value), (void*) value);
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
#define FS_STRING 0
|
#define FS_STRING 0
|
||||||
#define FS_UINT64 1
|
#define FS_UINT64 1
|
||||||
#define FS_BINARY 2
|
#define FS_BINARY 2
|
||||||
|
#define FS_NULL 3
|
||||||
|
|
||||||
// definition of a field that's provided by a probe module
|
// definition of a field that's provided by a probe module
|
||||||
// these are used so that users can ask at the command-line
|
// these are used so that users can ask at the command-line
|
||||||
@ -82,6 +83,8 @@ void fs_add_binary(fieldset_t *fs, const char *name, size_t len,
|
|||||||
|
|
||||||
uint64_t fs_get_uint64_by_index(fieldset_t *fs, int index);
|
uint64_t fs_get_uint64_by_index(fieldset_t *fs, int index);
|
||||||
|
|
||||||
|
void fs_add_null(fieldset_t *fs, const char *name);
|
||||||
|
|
||||||
void fs_free(fieldset_t *fs);
|
void fs_free(fieldset_t *fs);
|
||||||
|
|
||||||
void fs_generate_fieldset_translation(translation_t *t,
|
void fs_generate_fieldset_translation(translation_t *t,
|
||||||
|
@ -83,6 +83,8 @@ int csv_process(fieldset_t *fs)
|
|||||||
fprintf(file, "%lu", (uint64_t) f->value);
|
fprintf(file, "%lu", (uint64_t) f->value);
|
||||||
} else if (f->type == FS_BINARY) {
|
} else if (f->type == FS_BINARY) {
|
||||||
hex_encode(file, (unsigned char*) f->value, f->len);
|
hex_encode(file, (unsigned char*) f->value, f->len);
|
||||||
|
} else if (f->type == FS_NULL) {
|
||||||
|
// do nothing
|
||||||
} else {
|
} else {
|
||||||
log_fatal("csv", "received unknown output type");
|
log_fatal("csv", "received unknown output type");
|
||||||
}
|
}
|
||||||
|
@ -156,6 +156,8 @@ int json_output_file_ip(fieldset_t *fs)
|
|||||||
} else if (f->type == FS_BINARY) {
|
} else if (f->type == FS_BINARY) {
|
||||||
json_output_file_store_data(obj,
|
json_output_file_store_data(obj,
|
||||||
(const u_char*) f->value, f->len);
|
(const u_char*) f->value, f->len);
|
||||||
|
} else if (f->type == FS_NULL) {
|
||||||
|
// do nothing
|
||||||
} else {
|
} else {
|
||||||
log_fatal("csv", "received unknown output type");
|
log_fatal("csv", "received unknown output type");
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* send module for performing TCP SYN scans */
|
/* send module for performing arbitrary UDP scans */
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -18,6 +18,7 @@
|
|||||||
#include <netinet/udp.h>
|
#include <netinet/udp.h>
|
||||||
#include <netinet/ip.h>
|
#include <netinet/ip.h>
|
||||||
#include <netinet/ether.h>
|
#include <netinet/ether.h>
|
||||||
|
#include <netinet/ip_icmp.h>
|
||||||
|
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
@ -28,6 +29,7 @@
|
|||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
|
||||||
#define MAX_UDP_PAYLOAD_LEN 1472
|
#define MAX_UDP_PAYLOAD_LEN 1472
|
||||||
|
#define UNUSED __attribute__((unused))
|
||||||
|
|
||||||
char *udp_send_msg = NULL;
|
char *udp_send_msg = NULL;
|
||||||
int udp_send_msg_len = 0;
|
int udp_send_msg_len = 0;
|
||||||
@ -171,7 +173,6 @@ int udp_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
|
|||||||
ip_header->daddr = dst_ip;
|
ip_header->daddr = dst_ip;
|
||||||
udp_header->source = get_src_port(num_ports, probe_num,
|
udp_header->source = get_src_port(num_ports, probe_num,
|
||||||
validation);
|
validation);
|
||||||
|
|
||||||
ip_header->check = 0;
|
ip_header->check = 0;
|
||||||
ip_header->check = ip_checksum((unsigned short *) ip_header);
|
ip_header->check = ip_checksum((unsigned short *) ip_header);
|
||||||
|
|
||||||
@ -192,16 +193,32 @@ void udp_print_packet(FILE *fp, void* packet)
|
|||||||
fprintf(fp, "------------------------------------------------------\n");
|
fprintf(fp, "------------------------------------------------------\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
response_type_t* udp_classify_packet(const u_char *packet, uint32_t len)
|
void udp_process_packet(const u_char *packet, UNUSED uint32_t len, fieldset_t *fs)
|
||||||
{
|
{
|
||||||
(void)len;
|
|
||||||
struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
|
struct iphdr *ip_hdr = (struct iphdr *)&packet[sizeof(struct ethhdr)];
|
||||||
if (ip_hdr->protocol == IPPROTO_UDP) {
|
if (ip_hdr->protocol == IPPROTO_UDP) {
|
||||||
return &(module_udp.responses[0]);
|
struct udphdr *udp = (struct udphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
|
||||||
|
fs_add_string(fs, "classification", (char*) "udp", 0);
|
||||||
|
fs_add_uint64(fs, "is_success", 1);
|
||||||
|
fs_add_uint64(fs, "sport", ntohs(udp->source));
|
||||||
|
fs_add_uint64(fs, "dport", ntohs(udp->dest));
|
||||||
|
fs_add_null(fs, "icmp_type");
|
||||||
|
fs_add_null(fs, "icmp_code");
|
||||||
} else if (ip_hdr->protocol == IPPROTO_ICMP) {
|
} else if (ip_hdr->protocol == IPPROTO_ICMP) {
|
||||||
return &(module_udp.responses[1]);
|
struct icmphdr *icmp = (struct icmphdr *)((char *)ip_hdr + ip_hdr->ihl * 4);
|
||||||
|
fs_add_string(fs, "classification", (char*) "icmp-unreach", 0);
|
||||||
|
fs_add_uint64(fs, "is_success", 0);
|
||||||
|
fs_add_null(fs, "sport");
|
||||||
|
fs_add_null(fs, "dport");
|
||||||
|
fs_add_uint64(fs, "icmp_type", ntohs(icmp->type));
|
||||||
|
fs_add_uint64(fs, "icmp_code", ntohs(icmp->code));
|
||||||
} else {
|
} else {
|
||||||
return &(module_udp.responses[2]);
|
fs_add_string(fs, "classification", (char*) "other", 0);
|
||||||
|
fs_add_uint64(fs, "is_success", 0);
|
||||||
|
fs_add_null(fs, "sport");
|
||||||
|
fs_add_null(fs, "dport");
|
||||||
|
fs_add_null(fs, "icmp_type");
|
||||||
|
fs_add_null(fs, "icmp_code");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -255,19 +272,13 @@ int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static response_type_t responses[] = {
|
static fielddef_t fields[] = {
|
||||||
{
|
{.name = "classification", .type="string", .desc = "packet classification"},
|
||||||
.is_success = 1,
|
{.name = "success", .type="int", .desc = "is response considered success"},
|
||||||
.name = "data"
|
{.name = "sport", .type = "int", .desc = "UDP source port"},
|
||||||
},
|
{.name = "dport", .type = "int", .desc = "UDP destination port"},
|
||||||
{
|
{.name = "icmp_type", .type = "int", .desc = "icmp message type"},
|
||||||
.is_success = 0,
|
{.name = "icmp_code", .type = "int", .desc = "icmp message sub type code"}
|
||||||
.name = "port-unreach"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
.is_success = 0,
|
|
||||||
.name = "invalid"
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
probe_module_t module_udp = {
|
probe_module_t module_udp = {
|
||||||
@ -281,8 +292,9 @@ probe_module_t module_udp = {
|
|||||||
.make_packet = &udp_make_packet,
|
.make_packet = &udp_make_packet,
|
||||||
.print_packet = &udp_print_packet,
|
.print_packet = &udp_print_packet,
|
||||||
.validate_packet = &udp_validate_packet,
|
.validate_packet = &udp_validate_packet,
|
||||||
.classify_packet = &udp_classify_packet,
|
.process_packet = &udp_process_packet,
|
||||||
.close = &udp_global_cleanup,
|
.close = &udp_global_cleanup,
|
||||||
.responses = responses
|
.fields = fields,
|
||||||
|
.numfields = 6
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -24,13 +24,13 @@
|
|||||||
|
|
||||||
extern probe_module_t module_tcp_synscan;
|
extern probe_module_t module_tcp_synscan;
|
||||||
extern probe_module_t module_icmp_echo;
|
extern probe_module_t module_icmp_echo;
|
||||||
//extern probe_module_t module_udp;
|
extern probe_module_t module_udp;
|
||||||
// ADD YOUR MODULE HERE
|
// ADD YOUR MODULE HERE
|
||||||
|
|
||||||
probe_module_t* probe_modules[] = {
|
probe_module_t* probe_modules[] = {
|
||||||
&module_tcp_synscan,
|
&module_tcp_synscan,
|
||||||
&module_icmp_echo,
|
&module_icmp_echo,
|
||||||
// &module_udp
|
&module_udp
|
||||||
// ADD YOUR MODULE HERE
|
// ADD YOUR MODULE HERE
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user