Merge branch 'master' of github.com:zmap/zmap

This commit is contained in:
Zakir Durumeric 2013-09-02 12:50:21 -04:00
commit b606544591
12 changed files with 123 additions and 37 deletions

View File

@ -68,6 +68,12 @@ install: zmap
$(INSTALLDATA) ./zmap.1 $(mandir) $(INSTALLDATA) ./zmap.1 $(mandir)
@echo "\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************" @echo "\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************"
uninstall:
test -f $(oldmanfile) && rm -f $(oldmanfile) && mandb -f $(oldmanfile) || /bin/true # remove old man page if it's there
test -f $(mandir)/zmap.1 && rm -f $(mandir)/zmap.1 && mandb -f $(mandir)/zmap.1 || /bin/true # remove current man page if it's there
rm -f $(bindir)/zmap
clean: clean:
-rm -f $(objects) $(redis_objects) $(TARGETS) -rm -f $(objects) $(redis_objects) $(TARGETS)

View File

@ -131,11 +131,23 @@ int get_hw_addr(struct in_addr *gw_ip, char *iface, unsigned char *hw_mac)
while (RTA_OK(rt_attr, rt_len)) { while (RTA_OK(rt_attr, rt_len)) {
switch (rt_attr->rta_type) { switch (rt_attr->rta_type) {
case NDA_LLADDR: case NDA_LLADDR:
assert(RTA_PAYLOAD(rt_attr) == IFHWADDRLEN); if (RTA_PAYLOAD(rt_attr) != IFHWADDRLEN) {
// could be using a VPN
log_fatal("get_gateway", "Unexpected hardware address length (%d).\n\n" \
" If you are using a VPN, supply the --vpn flag (and provide an interface via -i)",
RTA_PAYLOAD(rt_attr));
exit(1);
}
memcpy(mac, RTA_DATA(rt_attr), IFHWADDRLEN); memcpy(mac, RTA_DATA(rt_attr), IFHWADDRLEN);
break; break;
case NDA_DST: case NDA_DST:
assert(RTA_PAYLOAD(rt_attr) == sizeof(dst_ip)); if (RTA_PAYLOAD(rt_attr) != sizeof(dst_ip)) {
// could be using a VPN
log_fatal("get_gateway", "Unexpected IP address length (%d).\n" \
" If you are using a VPN, supply the --vpn flag (and provide an interface via -i)",
RTA_PAYLOAD(rt_attr));
exit(1);
}
memcpy(&dst_ip, RTA_DATA(rt_attr), sizeof(dst_ip)); memcpy(&dst_ip, RTA_DATA(rt_attr), sizeof(dst_ip));
if (memcmp(&dst_ip, gw_ip, sizeof(dst_ip)) == 0) { if (memcmp(&dst_ip, gw_ip, sizeof(dst_ip)) == 0) {
correct_ip = 1; correct_ip = 1;

View File

@ -159,7 +159,7 @@ int json_output_file_ip(fieldset_t *fs)
} else if (f->type == FS_NULL) { } else if (f->type == FS_NULL) {
// do nothing // do nothing
} else { } else {
log_fatal("csv", "received unknown output type"); log_fatal("json", "received unknown output type");
} }
} }

View File

@ -59,6 +59,8 @@ static inline void set_ip(uint32_t ip)
ip_seen[ip >> 6] |= (uint64_t)1 << (ip & 0x3F); ip_seen[ip >> 6] |= (uint64_t)1 << (ip & 0x3F);
} }
static u_char fake_eth_hdr[65535];
void packet_cb(u_char __attribute__((__unused__)) *user, void packet_cb(u_char __attribute__((__unused__)) *user,
const struct pcap_pkthdr *p, const u_char *bytes) const struct pcap_pkthdr *p, const u_char *bytes)
{ {
@ -74,12 +76,12 @@ void packet_cb(u_char __attribute__((__unused__)) *user,
// length of entire packet captured by libpcap // length of entire packet captured by libpcap
uint32_t buflen = (uint32_t) p->caplen; uint32_t buflen = (uint32_t) p->caplen;
if ((sizeof(struct iphdr) + sizeof(struct ethhdr)) > buflen) { if ((sizeof(struct iphdr) + (zconf.send_ip_pkts ? 0 : sizeof(struct ethhdr))) > buflen) {
// buffer not large enough to contain ethernet // buffer not large enough to contain ethernet
// and ip headers. further action would overrun buf // and ip headers. further action would overrun buf
return; return;
} }
struct iphdr *ip_hdr = (struct iphdr *)&bytes[sizeof(struct ethhdr)]; struct iphdr *ip_hdr = (struct iphdr *)&bytes[(zconf.send_ip_pkts ? 0 : sizeof(struct ethhdr))];
uint32_t src_ip = ip_hdr->saddr; uint32_t src_ip = ip_hdr->saddr;
@ -88,7 +90,7 @@ void packet_cb(u_char __attribute__((__unused__)) *user,
// and we must calculate off potential payload message instead // and we must calculate off potential payload message instead
validate_gen(ip_hdr->daddr, ip_hdr->saddr, (uint8_t *)validation); validate_gen(ip_hdr->daddr, ip_hdr->saddr, (uint8_t *)validation);
if (!zconf.probe_module->validate_packet(ip_hdr, buflen - sizeof(struct ethhdr), if (!zconf.probe_module->validate_packet(ip_hdr, buflen - (zconf.send_ip_pkts ? 0 : sizeof(struct ethhdr)),
&src_ip, validation)) { &src_ip, validation)) {
return; return;
} }
@ -97,6 +99,18 @@ void packet_cb(u_char __attribute__((__unused__)) *user,
fieldset_t *fs = fs_new_fieldset(); fieldset_t *fs = fs_new_fieldset();
fs_add_ip_fields(fs, ip_hdr); fs_add_ip_fields(fs, ip_hdr);
// HACK:
// probe modules (for whatever reason) expect the full ethernet frame
// in process_packet. For VPN, we only get back an IP frame.
// Here, we fake an ethernet frame (which is initialized to
// have ETH_P_IP proto and 00s for dest/src).
if (zconf.send_ip_pkts) {
if (buflen > sizeof(fake_eth_hdr)) {
buflen = sizeof(fake_eth_hdr);
}
memcpy(&fake_eth_hdr[sizeof(struct ethhdr)], bytes, buflen);
bytes = fake_eth_hdr;
}
zconf.probe_module->process_packet(bytes, buflen, fs); zconf.probe_module->process_packet(bytes, buflen, fs);
fs_add_system_fields(fs, is_repeat, zsend.complete); fs_add_system_fields(fs, is_repeat, zsend.complete);
int success_index = zconf.fsconf.success_index; int success_index = zconf.fsconf.success_index;
@ -115,7 +129,6 @@ void packet_cb(u_char __attribute__((__unused__)) *user,
zrecv.cooldown_unique++; zrecv.cooldown_unique++;
} }
} }
} else { } else {
zrecv.failure_total++; zrecv.failure_total++;
} }
@ -184,6 +197,11 @@ int recv_run(pthread_mutex_t *recv_ready_mutex)
log_fatal("recv", "couldn't install filter"); log_fatal("recv", "couldn't install filter");
} }
} }
if (zconf.send_ip_pkts) {
struct ethhdr *eth = (struct ethhdr *)fake_eth_hdr;
memset(fake_eth_hdr, 0, sizeof(fake_eth_hdr));
eth->h_proto = htons(ETH_P_IP);
}
log_debug("recv", "receiver ready"); log_debug("recv", "receiver ready");
if (zconf.filter_duplicates) { if (zconf.filter_duplicates) {
log_debug("recv", "duplicate responses will be excluded from output"); log_debug("recv", "duplicate responses will be excluded from output");

View File

@ -288,7 +288,7 @@ int send_run(int sock)
zconf.probe_module->print_packet(stdout, buf); zconf.probe_module->print_packet(stdout, buf);
} else { } else {
int l = zconf.probe_module->packet_length; int l = zconf.probe_module->packet_length;
int rc = sendto(sock, buf, int rc = sendto(sock, buf + zconf.send_ip_pkts*sizeof(struct ethhdr),
l, 0, l, 0,
(struct sockaddr *)&sockaddr, (struct sockaddr *)&sockaddr,
sizeof(struct sockaddr_ll)); sizeof(struct sockaddr_ll));

View File

@ -14,7 +14,7 @@
struct state_conf zconf = { struct state_conf zconf = {
.log_level = LOG_INFO, .log_level = LOG_INFO,
.source_port_first = 32768, // (these are the default .source_port_first = 32768, // (these are the default
.source_port_last = 61000, // ephemeral range on Linux) .source_port_last = 61000, // ephemeral range on Linux)
.output_filename = NULL, .output_filename = NULL,
.blacklist_filename = NULL, .blacklist_filename = NULL,
.whitelist_filename = NULL, .whitelist_filename = NULL,
@ -36,6 +36,7 @@ struct state_conf zconf = {
.probe_args = NULL, .probe_args = NULL,
.gw_mac = {0}, .gw_mac = {0},
.gw_mac_set = 0, .gw_mac_set = 0,
.send_ip_pkts = 0,
.source_ip_first = NULL, .source_ip_first = NULL,
.source_ip_last = NULL, .source_ip_last = NULL,
.raw_output_fields = NULL, .raw_output_fields = NULL,

View File

@ -70,7 +70,8 @@ struct state_conf {
char *probe_args; char *probe_args;
char *output_args; char *output_args;
macaddr_t gw_mac[IFHWADDRLEN]; macaddr_t gw_mac[IFHWADDRLEN];
int gw_mac_set; int gw_mac_set;
int send_ip_pkts;
char *source_ip_first; char *source_ip_first;
char *source_ip_last; char *source_ip_last;
char *output_filename; char *output_filename;

View File

@ -84,6 +84,12 @@ Ethernet address.
.TP .TP
.B \-i, --interface=name .B \-i, --interface=name
Specify network interface to use. Specify network interface to use.
.TP
.B \-X, --vpn
If using ZMap through a VPN, use this option. Instead of sending
raw Ethernet frames, ZMap will send IP packets. When using this
option, it is generally also necessary to provide the interface
(through the -i flag).
.SS "Advanced options" .SS "Advanced options"
.TP .TP

View File

@ -16,10 +16,12 @@
#include <sched.h> #include <sched.h>
#include <errno.h> #include <errno.h>
#include <pwd.h>
#include <net/if.h> #include <net/if.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <sys/types.h>
#include <pcap/pcap.h> #include <pcap/pcap.h>
@ -106,6 +108,17 @@ static void* start_recv(__attribute__((unused)) void *arg)
return NULL; return NULL;
} }
static void drop_privs()
{
struct passwd *pw;
if ((pw = getpwnam("nobody")) != NULL) {
if (setuid(pw->pw_uid) == 0) {
return; // success
}
}
log_fatal("zmap", "Couldn't change UID to 'nobody'");
}
static void *start_mon(__attribute__((unused)) void *arg) static void *start_mon(__attribute__((unused)) void *arg)
{ {
set_cpu(); set_cpu();
@ -261,6 +274,8 @@ static void start_zmap(void)
} }
} }
drop_privs();
// wait for completion // wait for completion
for (int i=0; i < zconf.senders; i++) { for (int i=0; i < zconf.senders; i++) {
int r = pthread_join(tsend[i], NULL); int r = pthread_join(tsend[i], NULL);
@ -382,6 +397,11 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
if (args.vpn_given) {
zconf.send_ip_pkts = 1;
zconf.gw_mac_set = 1;
memset(zconf.gw_mac, 0, IFHWADDRLEN);
}
if (cmdline_parser_required(&args, CMDLINE_PARSER_PACKAGE) != 0) { if (cmdline_parser_required(&args, CMDLINE_PARSER_PACKAGE) != 0) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }

View File

@ -54,9 +54,10 @@ const char *gengetopt_args_info_help[] = {
" -S, --source-ip=ip|range Source address(es) for scan packets", " -S, --source-ip=ip|range Source address(es) for scan packets",
" -G, --gateway-mac=addr Specify gateway MAC address", " -G, --gateway-mac=addr Specify gateway MAC address",
" -i, --interface=name Specify network interface to use", " -i, --interface=name Specify network interface to use",
" -X, --vpn Sends IP packets instead of Ethernet (for VPNs)",
"\nAdvanced options:", "\nAdvanced options:",
" -M, --probe-module=name Select probe module (default=`tcp_synscan')", " -M, --probe-module=name Select probe module (default=`tcp_synscan')",
" -O, --output-module=name Select output module (default=`csv')", " -O, --output-module=name Select output module (default=`simple_file')",
" --probe-args=args Arguments to pass to probe module", " --probe-args=args Arguments to pass to probe module",
" --output-args=args Arguments to pass to output module", " --output-args=args Arguments to pass to output module",
" --list-output-modules List available output modules", " --list-output-modules List available output modules",
@ -137,6 +138,7 @@ void clear_given (struct gengetopt_args_info *args_info)
args_info->source_ip_given = 0 ; args_info->source_ip_given = 0 ;
args_info->gateway_mac_given = 0 ; args_info->gateway_mac_given = 0 ;
args_info->interface_given = 0 ; args_info->interface_given = 0 ;
args_info->vpn_given = 0 ;
args_info->probe_module_given = 0 ; args_info->probe_module_given = 0 ;
args_info->output_module_given = 0 ; args_info->output_module_given = 0 ;
args_info->probe_args_given = 0 ; args_info->probe_args_given = 0 ;
@ -189,7 +191,7 @@ void clear_args (struct gengetopt_args_info *args_info)
args_info->interface_orig = NULL; args_info->interface_orig = NULL;
args_info->probe_module_arg = gengetopt_strdup ("tcp_synscan"); args_info->probe_module_arg = gengetopt_strdup ("tcp_synscan");
args_info->probe_module_orig = NULL; args_info->probe_module_orig = NULL;
args_info->output_module_arg = gengetopt_strdup ("csv"); args_info->output_module_arg = gengetopt_strdup ("simple_file");
args_info->output_module_orig = NULL; args_info->output_module_orig = NULL;
args_info->probe_args_arg = NULL; args_info->probe_args_arg = NULL;
args_info->probe_args_orig = NULL; args_info->probe_args_orig = NULL;
@ -226,19 +228,20 @@ void init_args_info(struct gengetopt_args_info *args_info)
args_info->source_ip_help = gengetopt_args_info_help[19] ; args_info->source_ip_help = gengetopt_args_info_help[19] ;
args_info->gateway_mac_help = gengetopt_args_info_help[20] ; args_info->gateway_mac_help = gengetopt_args_info_help[20] ;
args_info->interface_help = gengetopt_args_info_help[21] ; args_info->interface_help = gengetopt_args_info_help[21] ;
args_info->probe_module_help = gengetopt_args_info_help[23] ; args_info->vpn_help = gengetopt_args_info_help[22] ;
args_info->output_module_help = gengetopt_args_info_help[24] ; args_info->probe_module_help = gengetopt_args_info_help[24] ;
args_info->probe_args_help = gengetopt_args_info_help[25] ; args_info->output_module_help = gengetopt_args_info_help[25] ;
args_info->output_args_help = gengetopt_args_info_help[26] ; args_info->probe_args_help = gengetopt_args_info_help[26] ;
args_info->list_output_modules_help = gengetopt_args_info_help[27] ; args_info->output_args_help = gengetopt_args_info_help[27] ;
args_info->list_probe_modules_help = gengetopt_args_info_help[28] ; args_info->list_output_modules_help = gengetopt_args_info_help[28] ;
args_info->list_output_fields_help = gengetopt_args_info_help[29] ; args_info->list_probe_modules_help = gengetopt_args_info_help[29] ;
args_info->config_help = gengetopt_args_info_help[31] ; args_info->list_output_fields_help = gengetopt_args_info_help[30] ;
args_info->quiet_help = gengetopt_args_info_help[32] ; args_info->config_help = gengetopt_args_info_help[32] ;
args_info->summary_help = gengetopt_args_info_help[33] ; args_info->quiet_help = gengetopt_args_info_help[33] ;
args_info->verbosity_help = gengetopt_args_info_help[34] ; args_info->summary_help = gengetopt_args_info_help[34] ;
args_info->help_help = gengetopt_args_info_help[35] ; args_info->verbosity_help = gengetopt_args_info_help[35] ;
args_info->version_help = gengetopt_args_info_help[36] ; args_info->help_help = gengetopt_args_info_help[36] ;
args_info->version_help = gengetopt_args_info_help[37] ;
} }
@ -426,6 +429,8 @@ cmdline_parser_dump(FILE *outfile, struct gengetopt_args_info *args_info)
write_into_file(outfile, "gateway-mac", args_info->gateway_mac_orig, 0); write_into_file(outfile, "gateway-mac", args_info->gateway_mac_orig, 0);
if (args_info->interface_given) if (args_info->interface_given)
write_into_file(outfile, "interface", args_info->interface_orig, 0); write_into_file(outfile, "interface", args_info->interface_orig, 0);
if (args_info->vpn_given)
write_into_file(outfile, "vpn", 0, 0 );
if (args_info->probe_module_given) if (args_info->probe_module_given)
write_into_file(outfile, "probe-module", args_info->probe_module_orig, 0); write_into_file(outfile, "probe-module", args_info->probe_module_orig, 0);
if (args_info->output_module_given) if (args_info->output_module_given)
@ -721,6 +726,7 @@ cmdline_parser_internal (
{ "source-ip", 1, NULL, 'S' }, { "source-ip", 1, NULL, 'S' },
{ "gateway-mac", 1, NULL, 'G' }, { "gateway-mac", 1, NULL, 'G' },
{ "interface", 1, NULL, 'i' }, { "interface", 1, NULL, 'i' },
{ "vpn", 0, NULL, 'X' },
{ "probe-module", 1, NULL, 'M' }, { "probe-module", 1, NULL, 'M' },
{ "output-module", 1, NULL, 'O' }, { "output-module", 1, NULL, 'O' },
{ "probe-args", 1, NULL, 0 }, { "probe-args", 1, NULL, 0 },
@ -737,7 +743,7 @@ cmdline_parser_internal (
{ 0, 0, 0, 0 } { 0, 0, 0, 0 }
}; };
c = getopt_long (argc, argv, "p:o:b:w:f:n:N:t:r:B:c:e:T:P:ds:S:G:i:M:O:C:qgv:hV", long_options, &option_index); c = getopt_long (argc, argv, "p:o:b:w:f:n:N:t:r:B:c:e:T:P:ds:S:G:i:XM:O:C:qgv:hV", long_options, &option_index);
if (c == -1) break; /* Exit from `while (1)' loop. */ if (c == -1) break; /* Exit from `while (1)' loop. */
@ -970,6 +976,18 @@ cmdline_parser_internal (
additional_error)) additional_error))
goto failure; goto failure;
break;
case 'X': /* Sends IP packets instead of Ethernet (for VPNs). */
if (update_arg( 0 ,
0 , &(args_info->vpn_given),
&(local_args_info.vpn_given), optarg, 0, 0, ARG_NO,
check_ambiguity, override, 0, 0,
"vpn", 'X',
additional_error))
goto failure;
break; break;
case 'M': /* Select probe module. */ case 'M': /* Select probe module. */

View File

@ -75,6 +75,8 @@ option "gateway-mac" G "Specify gateway MAC address"
option "interface" i "Specify network interface to use" option "interface" i "Specify network interface to use"
typestr="name" typestr="name"
optional string optional string
option "vpn" X "Sends IP packets instead of Ethernet (for VPNs)"
optional
section "Advanced options" section "Advanced options"

View File

@ -92,6 +92,7 @@ struct gengetopt_args_info
char * interface_arg; /**< @brief Specify network interface to use. */ char * interface_arg; /**< @brief Specify network interface to use. */
char * interface_orig; /**< @brief Specify network interface to use original value given at command line. */ char * interface_orig; /**< @brief Specify network interface to use original value given at command line. */
const char *interface_help; /**< @brief Specify network interface to use help description. */ const char *interface_help; /**< @brief Specify network interface to use help description. */
const char *vpn_help; /**< @brief Sends IP packets instead of Ethernet (for VPNs) help description. */
char * probe_module_arg; /**< @brief Select probe module (default='tcp_synscan'). */ char * probe_module_arg; /**< @brief Select probe module (default='tcp_synscan'). */
char * probe_module_orig; /**< @brief Select probe module original value given at command line. */ char * probe_module_orig; /**< @brief Select probe module original value given at command line. */
const char *probe_module_help; /**< @brief Select probe module help description. */ const char *probe_module_help; /**< @brief Select probe module help description. */
@ -137,6 +138,7 @@ struct gengetopt_args_info
unsigned int source_ip_given ; /**< @brief Whether source-ip was given. */ unsigned int source_ip_given ; /**< @brief Whether source-ip was given. */
unsigned int gateway_mac_given ; /**< @brief Whether gateway-mac was given. */ unsigned int gateway_mac_given ; /**< @brief Whether gateway-mac was given. */
unsigned int interface_given ; /**< @brief Whether interface was given. */ unsigned int interface_given ; /**< @brief Whether interface was given. */
unsigned int vpn_given ; /**< @brief Whether vpn was given. */
unsigned int probe_module_given ; /**< @brief Whether probe-module was given. */ unsigned int probe_module_given ; /**< @brief Whether probe-module was given. */
unsigned int output_module_given ; /**< @brief Whether output-module was given. */ unsigned int output_module_given ; /**< @brief Whether output-module was given. */
unsigned int probe_args_given ; /**< @brief Whether probe-args was given. */ unsigned int probe_args_given ; /**< @brief Whether probe-args was given. */