From a290942a95fa4988aef003bd3fedd4fe49f4ed3f Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 15:50:55 -0500 Subject: [PATCH 01/12] Add support for file:path, text:string, and hex:01020304 for udp probes --- src/probe_modules/module_udp.c | 86 ++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 5 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index d7e2278..cd943c6 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -26,11 +26,86 @@ #include "probe_modules.h" #include "packet.h" -const char *udp_send_msg = "GET / HTTP/1.1\r\n\r\n"; // Must be null-terminated +char *udp_send_msg = NULL; // Must be null-terminated +int udp_send_msg_len = 0; + +const char *udp_send_msg_default = "GET / HTTP/1.1\r\n\r\n"; + static int num_ports = 1; probe_module_t module_udp; + +int udp_global_initialize(struct state_conf * zconf) { + char *args, *c; + int i; + unsigned int n; + + FILE *inp; + + udp_send_msg = strdup(udp_send_msg_default); + udp_send_msg_len = strlen(udp_send_msg); + + if (! (zconf->probe_args && strlen(zconf->probe_args) > 0)) + return(0); + + args = strdup(zconf->probe_args); + c = strchr(args, ':'); + if (! c) { + fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); + free(args); + exit(1); + } + + *c++ = 0; + + if (strcmp(args, "text") == 0) { + udp_send_msg = strdup(c); + udp_send_msg_len = strlen(udp_send_msg); + + } else if (strcmp(args, "file") == 0) { + inp = fopen(c, "rb"); + if (!inp) { + fprintf(stderr, "error: could not open the specified file\n"); + free(args); + exit(1); + } + udp_send_msg = malloc(1472); + if (! udp_send_msg) { + free(args); + exit(1); + } + udp_send_msg_len = fread(udp_send_msg, 1, 1472, inp); + fclose(inp); + + } else if (strcmp(args, "hex") == 0) { + udp_send_msg_len = strlen(c) / 2; + udp_send_msg = malloc(udp_send_msg_len); + if (! udp_send_msg) { + free(args); + exit(1); + } + + for (i=0; i < udp_send_msg_len; i++) { + sscanf(c + (i*2), "%2x", &n); + udp_send_msg[i] = (n & 0xff); + } + } else { + fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); + free(args); + exit(1); + } + + free(args); + return(0); +} + +int udp_global_cleanup(void) { + if (udp_send_msg) free(udp_send_msg); + return(0); +} + + int udp_init_perthread(void* buf, macaddr_t *src, macaddr_t *gw, __attribute__((unused)) port_h_t dst_port) { @@ -38,20 +113,20 @@ int udp_init_perthread(void* buf, macaddr_t *src, struct ethhdr *eth_header = (struct ethhdr *)buf; make_eth_header(eth_header, src, gw); struct iphdr *ip_header = (struct iphdr*)(ð_header[1]); - uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + strlen(udp_send_msg)); + uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + udp_send_msg_len); make_ip_header(ip_header, IPPROTO_UDP, len); struct udphdr *udp_header = (struct udphdr*)(&ip_header[1]); - len = sizeof(struct udphdr) + strlen(udp_send_msg); + len = sizeof(struct udphdr) + udp_send_msg_len; make_udp_header(udp_header, zconf.target_port, len); char* payload = (char*)(&udp_header[1]); module_udp.packet_length = sizeof(struct ethhdr) + sizeof(struct iphdr) - + sizeof(struct udphdr) + strlen(udp_send_msg); + + sizeof(struct udphdr) + udp_send_msg_len; assert(module_udp.packet_length <= MAX_PACKET_SIZE); - strcpy(payload, udp_send_msg); + memcpy(payload, udp_send_msg, udp_send_msg_len); num_ports = zconf.source_port_last - zconf.source_port_first + 1; @@ -217,6 +292,7 @@ probe_module_t module_udp = { .pcap_snaplen = 96, .port_args = 1, .thread_initialize = &udp_init_perthread, + .global_initialize = &udp_global_initialize, .make_packet = &udp_make_packet, .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, From 228c66e9c3eaaa34f3c1a6bb729ad4bb6e5cbed8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 15:53:33 -0500 Subject: [PATCH 02/12] Add some default udp probe files --- examples/udp-probes/citrix_1604.pkt | Bin 0 -> 30 bytes examples/udp-probes/db2disco_523.pkt | Bin 0 -> 20 bytes examples/udp-probes/digi1_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/digi2_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/digi3_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/dns_53.pkt | Bin 0 -> 30 bytes examples/udp-probes/ipmi_623.pkt | Bin 0 -> 23 bytes examples/udp-probes/mdns_5353.pkt | Bin 0 -> 46 bytes examples/udp-probes/mssql_1434.pkt | 1 + examples/udp-probes/natpmp_5351.pkt | Bin 0 -> 4 bytes examples/udp-probes/netbios_137.pkt | Bin 0 -> 50 bytes examples/udp-probes/ntp_123.pkt | Bin 0 -> 48 bytes examples/udp-probes/pca_nq_5632.pkt | 1 + examples/udp-probes/pca_st_5632.pkt | 1 + examples/udp-probes/portmap_111.pkt | Bin 0 -> 40 bytes examples/udp-probes/sentinel_5093.pkt | Bin 0 -> 6 bytes examples/udp-probes/snmp1_161.pkt | Bin 0 -> 43 bytes examples/udp-probes/snmp2_161.pkt | Bin 0 -> 40 bytes examples/udp-probes/upnp_1900.pkt | 7 +++++++ examples/udp-probes/wdbrpc_17185.pkt | Bin 0 -> 64 bytes examples/udp-probes/wsd_3702.pkt | 3 +++ 21 files changed, 13 insertions(+) create mode 100755 examples/udp-probes/citrix_1604.pkt create mode 100755 examples/udp-probes/db2disco_523.pkt create mode 100755 examples/udp-probes/digi1_2362.pkt create mode 100755 examples/udp-probes/digi2_2362.pkt create mode 100755 examples/udp-probes/digi3_2362.pkt create mode 100755 examples/udp-probes/dns_53.pkt create mode 100755 examples/udp-probes/ipmi_623.pkt create mode 100755 examples/udp-probes/mdns_5353.pkt create mode 100755 examples/udp-probes/mssql_1434.pkt create mode 100755 examples/udp-probes/natpmp_5351.pkt create mode 100755 examples/udp-probes/netbios_137.pkt create mode 100755 examples/udp-probes/ntp_123.pkt create mode 100755 examples/udp-probes/pca_nq_5632.pkt create mode 100755 examples/udp-probes/pca_st_5632.pkt create mode 100755 examples/udp-probes/portmap_111.pkt create mode 100755 examples/udp-probes/sentinel_5093.pkt create mode 100755 examples/udp-probes/snmp1_161.pkt create mode 100755 examples/udp-probes/snmp2_161.pkt create mode 100755 examples/udp-probes/upnp_1900.pkt create mode 100755 examples/udp-probes/wdbrpc_17185.pkt create mode 100755 examples/udp-probes/wsd_3702.pkt diff --git a/examples/udp-probes/citrix_1604.pkt b/examples/udp-probes/citrix_1604.pkt new file mode 100755 index 0000000000000000000000000000000000000000..acc5a73c89b17011cb32f79d5189a4ea8d87d60e GIT binary patch literal 30 Scmb1RU^HO*yW%keRsaA++ydGF literal 0 HcmV?d00001 diff --git a/examples/udp-probes/db2disco_523.pkt b/examples/udp-probes/db2disco_523.pkt new file mode 100755 index 0000000000000000000000000000000000000000..388374500e3c296faa4f114235de895e16256900 GIT binary patch literal 20 bcmZ>9GIDnfaddGBVh9fOF)%eSFkk=xG}#21 literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi1_2362.pkt b/examples/udp-probes/digi1_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..74f57b88f68d8dd24a9972ffdb95e10e3e0d53d4 GIT binary patch literal 14 RcmZ?qboXRnWMKOb1^^=v2Oj_c literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi2_2362.pkt b/examples/udp-probes/digi2_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..d962606efade4a7fe8103769fcb15c68a1a69a62 GIT binary patch literal 14 RcmZ<>^A2HPWMKOb1^^^t2Ri@& literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi3_2362.pkt b/examples/udp-probes/digi3_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..ffba12522e33d978a04cb02e9f251f8326f381c0 GIT binary patch literal 14 RcmZ>9cL`u%WMKOb1^^=;2O$6e literal 0 HcmV?d00001 diff --git a/examples/udp-probes/dns_53.pkt b/examples/udp-probes/dns_53.pkt new file mode 100755 index 0000000000000000000000000000000000000000..616e17e8c6d512a676c5c60d14091fe3ab95e32f GIT binary patch literal 30 hcmXqc&&a?4L?FN(<{A|2>F>wlffO!q)L+@VaAVMC0B6Jn%>V!Z literal 0 HcmV?d00001 diff --git a/examples/udp-probes/pca_nq_5632.pkt b/examples/udp-probes/pca_nq_5632.pkt new file mode 100755 index 0000000..8d51173 --- /dev/null +++ b/examples/udp-probes/pca_nq_5632.pkt @@ -0,0 +1 @@ +NQ \ No newline at end of file diff --git a/examples/udp-probes/pca_st_5632.pkt b/examples/udp-probes/pca_st_5632.pkt new file mode 100755 index 0000000..86aa1fa --- /dev/null +++ b/examples/udp-probes/pca_st_5632.pkt @@ -0,0 +1 @@ +ST \ No newline at end of file diff --git a/examples/udp-probes/portmap_111.pkt b/examples/udp-probes/portmap_111.pkt new file mode 100755 index 0000000000000000000000000000000000000000..9143734872757d755349c0d832798124020f9226 GIT binary patch literal 40 bcmYc-;xcD|044^;wgo^Y6A-gNgb*YENW20_ literal 0 HcmV?d00001 diff --git a/examples/udp-probes/sentinel_5093.pkt b/examples/udp-probes/sentinel_5093.pkt new file mode 100755 index 0000000000000000000000000000000000000000..158b3a9dd9dcfc088b7fa278d91ac48eb8605ea3 GIT binary patch literal 6 KcmbR90LWy7VyG~L`u{&v2*|R5$}zzt0r6V})Bpeg literal 0 HcmV?d00001 diff --git a/examples/udp-probes/wsd_3702.pkt b/examples/udp-probes/wsd_3702.pkt new file mode 100755 index 0000000..87704a5 --- /dev/null +++ b/examples/udp-probes/wsd_3702.pkt @@ -0,0 +1,3 @@ + + +urn:schemas-xmlsoap-org:ws:2005:04:discoveryhttp://schemas.xmlsoap.org/ws/2005/04/discovery/Probeurn:uuid:ce04dad0-5d2c-4026-9146-1aabfc1e4111wsdp:Device From 4fef9f0be8c176d49e934bec1dfd18c52cd91c91 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 16:10:37 -0500 Subject: [PATCH 03/12] Bump the snaplen size to full frames --- src/probe_modules/module_udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index cd943c6..717c038 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -287,9 +287,9 @@ static response_type_t responses[] = { probe_module_t module_udp = { .name = "udp", - .packet_length = 96, + .packet_length = 1, .pcap_filter = "udp || icmp", - .pcap_snaplen = 96, + .pcap_snaplen = 1500, .port_args = 1, .thread_initialize = &udp_init_perthread, .global_initialize = &udp_global_initialize, From b8246abf06b4fd1c989c8eb1ee11eadd569e855d Mon Sep 17 00:00:00 2001 From: Eric Wustrow Date: Fri, 16 Aug 2013 17:43:02 -0400 Subject: [PATCH 04/12] Add simple length checks on UDP payload; use logger --- src/probe_modules/module_udp.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index cd943c6..213e2d5 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -25,6 +25,9 @@ #include "probe_modules.h" #include "packet.h" +#include "logger.h" + +#define MAX_UDP_PAYLOAD_LEN 1472 char *udp_send_msg = NULL; // Must be null-terminated int udp_send_msg_len = 0; @@ -52,8 +55,9 @@ int udp_global_initialize(struct state_conf * zconf) { args = strdup(zconf->probe_args); c = strchr(args, ':'); if (! c) { - fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); free(args); + free(udp_send_msg); + log_fatal("udp", "unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)"); exit(1); } @@ -66,16 +70,19 @@ int udp_global_initialize(struct state_conf * zconf) { } else if (strcmp(args, "file") == 0) { inp = fopen(c, "rb"); if (!inp) { - fprintf(stderr, "error: could not open the specified file\n"); free(args); + free(udp_send_msg); + log_fatal("udp", "could not open UDP data file '%s'\n", c); exit(1); } - udp_send_msg = malloc(1472); + udp_send_msg = malloc(MAX_UDP_PAYLOAD_LEN); if (! udp_send_msg) { free(args); + free(udp_send_msg); + log_fatal("udp", "failed to malloc payload buffer"); exit(1); } - udp_send_msg_len = fread(udp_send_msg, 1, 1472, inp); + udp_send_msg_len = fread(udp_send_msg, 1, MAX_UDP_PAYLOAD_LEN, inp); fclose(inp); } else if (strcmp(args, "hex") == 0) { @@ -83,19 +90,27 @@ int udp_global_initialize(struct state_conf * zconf) { udp_send_msg = malloc(udp_send_msg_len); if (! udp_send_msg) { free(args); + free(udp_send_msg); + log_fatal("udp", "failed to malloc payload buffer"); exit(1); } for (i=0; i < udp_send_msg_len; i++) { - sscanf(c + (i*2), "%2x", &n); + if (sscanf(c + (i*2), "%2x", &n) != 1) { + free(args); + free(udp_send_msg); + log_fatal("udp", "non-hex character: '%c'", c[i*2]); + exit(1); + } udp_send_msg[i] = (n & 0xff); } } else { - fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); + log_fatal("udp", "unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)"); free(args); - exit(1); + exit(1); } + assert(udp_send_msg_len < MAX_UDP_PAYLOAD_LEN); free(args); return(0); } From 75de805f41eb8be7e319f0880705eb201b699e19 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 22:15:43 -0500 Subject: [PATCH 05/12] Add README --- examples/udp-probes/README | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 examples/udp-probes/README diff --git a/examples/udp-probes/README b/examples/udp-probes/README new file mode 100644 index 0000000..21318a5 --- /dev/null +++ b/examples/udp-probes/README @@ -0,0 +1,44 @@ + +UDP Data Probes +====== + +This directory contains a set of data files that can be used with the UDP probe module. + + +USING: +----- + +$ zmap -M udp -p 137 --probe-args=file:examples/udp-probes/netbios_137.pkt + + +PROBES: +----- + +citrix_1604.pkt This probe triggers a response from Citrix application discovery services on UDP port 1604 +db2disco_523.pkt This probe triggers a response from IBM DB2 discovery services on UDP port 523 +digi1_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (default magic) +digi2_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (devkit magic) +digi3_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (oem magic) +dns_53.pkt This probe queries for the DNS vendor and version using the BIND version TXT record over UDP port 53 +ipmi_623.pkt This probe triggers a Get Channel Authentication reply from IPMI endpoints on UDP port 623 +mdns_5353.pkt This probe triggers a response from mDNS/Avahi/Bonjour discovery services on UDP port 5353 +mssql_1434.pkt This probe triggers a response from Microsoft SQL Server discovery services on UDP port 1434 +natpmp_5351.pkt This probe triggers a response from NATPMP-enabled devices on UDP port 5351 +netbios_137.pkt This probe triggers a status reply from NetBIOS services on UDP port 137 +ntp_123.pkt This probe triggers a response from NTP servies on UDP port 123 +pca_nq_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (network query) +pca_st_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (status) +portmap_111.pkt This probe triggers a response from SunRPC portmapper services on UDP port 111 +sentinel_5093.pkt This probe triggers a response from the Sentinel license manager service on UDP port 5093 +snmp1_161.pkt This probe queries for the system description field of SNMP v1 services using community string public over UDP port 161 +snmp2_161.pkt This probe queries for the system description field of aNMP v2 services using community string public over UDP port 161 +upnp_1900.pkt This probe triggers a response from UPnP SSDP services on UDP port 1900 +wdbrpc_17185.pkt This probe triggers a response from VxWorks WDBRPC services on UDP port 17185 +wsd_3702.pkt This probe triggers a response from WSD/DPWS services on UDP port 3702 + +NOTES: +----- + +Most of these probes return useful data in the response. Parsing this data requires capturing the raw output +and decoding this using a protocol-specific dissector. In most cases, Wireshark is capable of decoding these +replies. \ No newline at end of file From cfdbe3bbc2b433d33abf53b534c1249af4f5ddba Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 22:16:29 -0500 Subject: [PATCH 06/12] Make the error messages consistent --- src/probe_modules/module_udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 717c038..aaa6151 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -52,7 +52,7 @@ int udp_global_initialize(struct state_conf * zconf) { args = strdup(zconf->probe_args); c = strchr(args, ':'); if (! c) { - fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); + fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); free(args); exit(1); } From 0b7ab2cac8d0d9f00d0ef41a161ed00b7882952d Mon Sep 17 00:00:00 2001 From: Eric Wustrow Date: Sat, 17 Aug 2013 01:38:04 -0400 Subject: [PATCH 07/12] use the close callback for cleanup --- src/probe_modules/module_udp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index f6c7eb5..cbba0e9 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -115,7 +115,9 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); } -int udp_global_cleanup(void) { +int udp_global_cleanup(__attribute__((unused)) struct state_conf *zconf, + __attribute__((unused)) struct state_send *zsend, + __attribute__((unused)) struct state_recv *zrecv) { if (udp_send_msg) free(udp_send_msg); return(0); } @@ -312,7 +314,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = NULL, + .close = udp_global_cleanup, .responses = responses }; From 8aac1ccc52ae0fd53addce6f2acbda2c6c2e638a Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 10:20:17 -0500 Subject: [PATCH 08/12] Make oom check consistent, check and correct overlong payload size --- src/probe_modules/module_udp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index aaa6151..1f3be62 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -50,6 +50,8 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); args = strdup(zconf->probe_args); + if (! args) exit(1) + c = strchr(args, ':'); if (! c) { fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); @@ -96,6 +98,11 @@ int udp_global_initialize(struct state_conf * zconf) { exit(1); } + if (udp_send_msg_len > 1472) { + fprintf(stderr, "warning: reducing UDP payload to 1472 bytes (from %d) to fit on the wire\n", udp_send_msg_len); + udp_send_msg_len = 1472; + } + free(args); return(0); } From 2e6261720f8dd1b9a0cbb8e3d8a6ea4b81897f96 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 10:38:57 -0500 Subject: [PATCH 09/12] This is the last commit needed to build with REDIS --- src/output_modules/output_modules.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/output_modules/output_modules.c b/src/output_modules/output_modules.c index 438902c..49032a8 100644 --- a/src/output_modules/output_modules.c +++ b/src/output_modules/output_modules.c @@ -18,7 +18,6 @@ extern output_module_t module_extended_file; #ifdef REDIS extern output_module_t module_redis; -extern output_module_t module_ssldbfeed; #endif @@ -27,7 +26,6 @@ output_module_t* output_modules[] = { &module_extended_file, #ifdef REDIS &module_redis, - &module_ssldbfeed, #endif // ADD YOUR MODULE HERE }; From 98f96410db1fc3b61541402de56beee741e09330 Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Sat, 17 Aug 2013 14:50:07 -0400 Subject: [PATCH 10/12] Clean up and add memory requirements. --- INSTALL | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/INSTALL b/INSTALL index 6b3167a..a873db9 100644 --- a/INSTALL +++ b/INSTALL @@ -1,17 +1,23 @@ -ZMap is designed to run on GNU/Linux systems and can be built with -most recent versions of gcc. ZMap requires GMP, a free library for -arbitrary precision arithmetic, gengetopt, and libpcap. Currently -ZMap only supports 64-bit systems. +SYSTEM REQUIREMENTS -These packages can be installed on Debian-based systems by running: +ZMap is designed to run on GNU/Linux systems and can be built with +most recent versions of gcc. Currently, ZMap only supports 64-bit +systems. Running it requires at least 600 MB of free memory. + +BUILDING AND INSTALLING ZMAP + +ZMap requires GMP, a free library for arbitrary precision arithmetic, +gengetopt, and libpcap. These packages can be installed on +Debian-based systems by running: sudo apt-get install libgmp3-dev gengetopt libpcap-dev - + or on RHEL- and Fedora-based systems by running: sudo yum install gmp gmp-devel gengetopt libpcap-devel -Once these prerequisites have been installed, ZMap can be installed by running: +Once these prerequisites have been installed, ZMap can be installed + by running: cd src make @@ -23,4 +29,3 @@ followed by: Redis support is not enabled by default. If you are want to use ZMap with Redis, you will first need to install Hiredis. Then, rebuild ZMap with the command "make REDIS=true". - From ed47f926f5454aede508dccc89b25e524c2a5b07 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 14:06:34 -0500 Subject: [PATCH 11/12] Free memory on close --- src/probe_modules/module_udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 1f3be62..024cd70 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -304,7 +304,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = NULL, + .close = udp_global_cleanup, .responses = responses }; From 15036cfe8312f7abc5a8353455805550817236c8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 14:11:58 -0500 Subject: [PATCH 12/12] Proper cleanup and typo fixes --- src/probe_modules/module_udp.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 024cd70..ce83c93 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -50,7 +50,7 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); args = strdup(zconf->probe_args); - if (! args) exit(1) + if (! args) exit(1); c = strchr(args, ':'); if (! c) { @@ -107,8 +107,13 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); } -int udp_global_cleanup(void) { +int udp_cleanup(struct state_conf *zconf, struct state_send *send_state, struct state_recv *recv_state) { + assert(zconf); + assert(send_state); + assert(recv_state); + if (udp_send_msg) free(udp_send_msg); + udp_send_msg = NULL; return(0); } @@ -304,7 +309,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = udp_global_cleanup, + .close = &udp_cleanup, .responses = responses };