diff --git a/src/probe_modules/module_tcp_synscan.c b/src/probe_modules/module_tcp_synscan.c index 44bce1b..ce59bcc 100644 --- a/src/probe_modules/module_tcp_synscan.c +++ b/src/probe_modules/module_tcp_synscan.c @@ -26,7 +26,13 @@ #include "packet.h" probe_module_t module_tcp_synscan; -uint32_t num_ports = 1; +static uint32_t num_ports; + +int synscan_global_initialize(struct state_conf *state) +{ + num_ports = state->source_port_last - state->source_port_first + 1; + return EXIT_SUCCESS; +} int synscan_init_perthread(void* buf, macaddr_t *src, macaddr_t *gw, port_h_t dst_port) @@ -39,7 +45,6 @@ int synscan_init_perthread(void* buf, macaddr_t *src, make_ip_header(ip_header, IPPROTO_TCP, len); struct tcphdr *tcp_header = (struct tcphdr*)(&ip_header[1]); make_tcp_header(tcp_header, dst_port); - num_ports = zconf.source_port_last - zconf.source_port_first + 1; return EXIT_SUCCESS; } @@ -49,15 +54,13 @@ int synscan_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip, struct ethhdr *eth_header = (struct ethhdr *)buf; struct iphdr *ip_header = (struct iphdr*)(ð_header[1]); struct tcphdr *tcp_header = (struct tcphdr*)(&ip_header[1]); - uint16_t src_port = zconf.source_port_first - + ((validation[1] + probe_num) % num_ports); uint32_t tcp_seq = validation[0]; - ip_header->saddr = src_ip; ip_header->daddr = dst_ip; - tcp_header->source = htons(src_port); + tcp_header->source = htons(get_src_port(num_ports, + probe_num, validation)); tcp_header->seq = tcp_seq; tcp_header->check = 0; tcp_header->check = tcp_checksum(sizeof(struct tcphdr), @@ -121,19 +124,7 @@ response_type_t* synscan_classify_packet(const u_char *packet, uint32_t len) return &(module_tcp_synscan.responses[0]); } } -// Returns 0 if dst_port is outside the expected valid range, non-zero otherwise -static inline int check_dst_port(uint16_t port, uint32_t *validation) -{ - if (port > zconf.source_port_last - || port < zconf.source_port_first) { - return EXIT_FAILURE; - } - int32_t to_validate = port - zconf.source_port_first; - int32_t min = validation[1] % num_ports; - int32_t max = (validation[1] + zconf.packet_streams - 1) % num_ports; - return (((max - min) % num_ports) >= ((to_validate - min) % num_ports)); -} int synscan_validate_packet(const struct iphdr *ip_hdr, uint32_t len, __attribute__((unused))uint32_t *src_ip, uint32_t *validation) @@ -156,7 +147,7 @@ int synscan_validate_packet(const struct iphdr *ip_hdr, uint32_t len, } // validate destination port - if (!check_dst_port(ntohs(dport), validation)) { + if (!check_dst_port(ntohs(dport), num_ports, validation)) { return 0; } @@ -185,6 +176,7 @@ probe_module_t module_tcp_synscan = { .pcap_filter = "tcp && tcp[13] & 4 != 0 || tcp[13] == 18", .pcap_snaplen = 96, .port_args = 1, + .global_initialize = &synscan_global_initialize, .thread_initialize = &synscan_init_perthread, .make_packet = &synscan_make_packet, .print_packet = &synscan_print_packet, diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 9c27026..be02adb 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -34,25 +34,26 @@ int udp_send_msg_len = 0; const char *udp_send_msg_default = "GET / HTTP/1.1\r\nHost: www\r\n\r\n"; -static int num_ports = 1; +static int num_ports; probe_module_t module_udp; - -int udp_global_initialize(struct state_conf * zconf) { +int udp_global_initialize(struct state_conf *conf) { char *args, *c; int i; unsigned int n; FILE *inp; + num_ports = conf->source_port_last - conf->source_port_first + 1; + udp_send_msg = strdup(udp_send_msg_default); udp_send_msg_len = strlen(udp_send_msg); - if (! (zconf->probe_args && strlen(zconf->probe_args) > 0)) + if (!(conf->probe_args && strlen(conf->probe_args) > 0)) return(0); - args = strdup(zconf->probe_args); + args = strdup(conf->probe_args); if (! args) exit(1); c = strchr(args, ':'); @@ -154,23 +155,23 @@ int udp_init_perthread(void* buf, macaddr_t *src, memcpy(payload, udp_send_msg, udp_send_msg_len); - num_ports = zconf.source_port_last - zconf.source_port_first + 1; - return EXIT_SUCCESS; } + + + int udp_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip, uint32_t *validation, int probe_num) { struct ethhdr *eth_header = (struct ethhdr *)buf; struct iphdr *ip_header = (struct iphdr*)(ð_header[1]); struct udphdr *udp_header = (struct udphdr*)(&ip_header[1]); - uint16_t src_port = zconf.source_port_first - + ((validation[1] + probe_num) % num_ports); ip_header->saddr = src_ip; ip_header->daddr = dst_ip; - udp_header->source = src_port; + udp_header->source = get_src_port(num_ports, probe_num, + validation); ip_header->check = 0; ip_header->check = ip_checksum((unsigned short *) ip_header); @@ -218,7 +219,6 @@ void udp_print_packet(FILE *fp, void* packet) fprintf(fp, "------------------------------------------------------\n"); } - response_type_t* udp_classify_packet(const u_char *packet, uint32_t len) { (void)len; @@ -232,20 +232,6 @@ response_type_t* udp_classify_packet(const u_char *packet, uint32_t len) } } -// Returns 0 if dst_port is outside the expected valid range, non-zero otherwise -static inline int check_dst_port(uint16_t port, uint32_t *validation) -{ - if (port > zconf.source_port_last - || port < zconf.source_port_first) { - return EXIT_FAILURE; - } - int32_t to_validate = port - zconf.source_port_first; - int32_t min = validation[1] % num_ports; - int32_t max = (validation[1] + zconf.packet_streams - 1) % num_ports; - - return (((max - min) % num_ports) >= ((to_validate - min) % num_ports)); -} - int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len, __attribute__((unused))uint32_t *src_ip, uint32_t *validation) { @@ -290,7 +276,7 @@ int udp_validate_packet(const struct iphdr *ip_hdr, uint32_t len, if (dport != zconf.target_port) { return 0; } - if (!check_dst_port(sport, validation)) { + if (!check_dst_port(sport, num_ports, validation)) { return 0; } return 1; diff --git a/src/probe_modules/packet.h b/src/probe_modules/packet.h index 20f50c2..2acb3b0 100644 --- a/src/probe_modules/packet.h +++ b/src/probe_modules/packet.h @@ -79,4 +79,25 @@ static __attribute__((unused)) uint16_t tcp_checksum(unsigned short len_tcp, return (unsigned short) (~sum); } +// Returns 0 if dst_port is outside the expected valid range, non-zero otherwise +static __attribute__((unused)) inline int check_dst_port(uint16_t port, + int num_ports, uint32_t *validation) +{ + if (port > zconf.source_port_last + || port < zconf.source_port_first) { + return -1; + } + int32_t to_validate = port - zconf.source_port_first; + int32_t min = validation[1] % num_ports; + int32_t max = (validation[1] + zconf.packet_streams - 1) % num_ports; + + return (((max - min) % num_ports) >= ((to_validate - min) % num_ports)); +} + +static __attribute__((unused)) inline uint16_t get_src_port(int num_ports, + int probe_num, uint32_t *validation) +{ + return zconf.source_port_first + ((validation[1] + probe_num) % num_ports); +} + #endif