/* If it is the same addy as a local interface, then it is     probably localhost */  if (ipaddr2devname(dev, addr) != -1)    return 1;  /* OK, so to a first approximation, this addy is probably not     localhost */  return 0;}int isipprivate(const struct in_addr * const addr) {  char *ipc;  unsigned char i1, i2;    if(!addr) return 0;    ipc = (char *) &(addr->s_addr);  i1 = ipc[0];  i2 = ipc[1];  /* 10.0.0.0/8 */  if (i1 == 10)	return 1;  /* 172.16.0.0/12 */  if (i1 == 172 && i2 >= 16 && i2 <= 31)    return 1;  /* 192.168.0.0/16 */  if (i1 == 192 && i2 == 168)	return 1;  return 0;}#ifdef WIN32/* Convert a dnet interface name into the long pcap style.  This also caches the datato speed things up.  Fills out pcapdev (up to pcapdevlen) and returns true if it finds anything.Otherwise returns false.  This is only necessary on Windows.*/bool DnetName2PcapName(const char *dnetdev, char *pcapdev, int pcapdevlen) {	static struct NameCorrelationCache {		char dnetd[64];		char pcapd[128];	} *NCC = NULL;	static int NCCsz = 0;	static int NCCcapacity = 0;	int i;	char tmpdev[128];  	// Init the cache if not done yet	if (!NCC) {		NCCcapacity = 5;		NCC = (struct NameCorrelationCache *) safe_zalloc(NCCcapacity * sizeof(*NCC));		NCCsz = 0;    }  	// First check if the name is already in the cache	for(i=0; i < NCCsz; i++) {		if (strcmp(NCC[i].dnetd, dnetdev) == 0) {			Strncpy(pcapdev, NCC[i].pcapd, pcapdevlen);			return true;		}	}	  	// OK, so it isn't in the cache.  Let's ask dnet for it./* Converts a dnet interface name (ifname) to its pcap equivalent, which is stored inpcapdev (up to a length of pcapdevlen).  Returns 0 and fills in pcapdev if successful. */	if (intf_get_pcap_devname(dnetdev, tmpdev, sizeof(tmpdev)) != 0)		return false;  	// We've got it.  Let's add it to the cache	if (NCCsz >= NCCcapacity) {		NCCcapacity <<= 2;		NCC = (struct NameCorrelationCache *) safe_realloc(NCC, NCCcapacity * sizeof(*NCC));	}	Strncpy(NCC[NCCsz].dnetd, dnetdev, sizeof(NCC[0].dnetd));	Strncpy(NCC[NCCsz].pcapd, tmpdev, sizeof(NCC[0].pcapd));	NCCsz++;	Strncpy(pcapdev, tmpdev, pcapdevlen);	return true;}#endifpcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc, 			  int to_ms) {  char err0r[PCAP_ERRBUF_SIZE];  pcap_t *pt;  char pcapdev[128];  int failed = 0;#ifdef WIN32/* Nmap normally uses device names obtained through dnet for interfaces, but Pcap has its ownnaming system.  So the conversion is done here */  if (!DnetName2PcapName(device, pcapdev, sizeof(pcapdev))) {       /* Oh crap -- couldn't find the corresponding dev apparently.  Let's just go with what we have then ... */       Strncpy(pcapdev, device, sizeof(pcapdev));  }#else  Strncpy(pcapdev, device, sizeof(pcapdev));#endif  do {    pt = pcap_open_live(pcapdev, snaplen, promisc, to_ms, err0r);    if (!pt) {      failed++;      if (failed >= 3) {fatal("Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error: %s\nThere are several possible reasons for this, depending on your operating system:\n"          "LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n"          "*BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n"          "*WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n"          "SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use \"-P0 -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r);      } else {	error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s.  Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed));	      }      sleep((int) pow(5.0, failed));    }  } while (!pt);#ifdef WIN32  /* We want any responses back ASAP */   pcap_setmintocopy(pt, 1);#endif  return pt;}/* Standard BSD internet checksum routine */unsigned short in_cksum(u16 *ptr,int nbytes) {register u32 sum;u16 oddbyte;register u16 answer;/* * Our algorithm is simple, using a 32-bit accumulator (sum), * we add sequential 16-bit words to it, and at the end, fold back * all the carry bits from the top 16 bits into the lower 16 bits. */sum = 0;while (nbytes > 1)  {sum += *ptr++;nbytes -= 2;}/* mop up an odd byte, if necessary */if (nbytes == 1) {oddbyte = 0;            /* make sure top half is zero */*((u_char *) &oddbyte) = *(u_char *)ptr;   /* one byte only */sum += oddbyte;}/* * Add back carry outs from top 16 bits to low 16 bits. */sum  = (sum >> 16) + (sum & 0xffff);    /* add high-16 to low-16 */sum += (sum >> 16);                     /* add carry */answer = ~sum;          /* ones-complement, then truncate to 16 bits */return(answer);}/* LEGACY resolve() function that only supports IPv4 -- see IPv6 version   above.  Tries to resolve given hostname and stores   result in ip .  returns 0 if hostname cannot   be resolved */int resolve(char *hostname, struct in_addr *ip) {  struct hostent *h;  if (!hostname || !*hostname)    fatal("NULL or zero-length hostname passed to resolve()");  if (inet_pton(AF_INET, hostname, ip))    return 1; /* damn, that was easy ;) */  if ((h = gethostbyname(hostname))) {    memcpy(ip, h->h_addr_list[0], sizeof(struct in_addr));    return 1;  }  return 0;}/* A simple function that caches the eth_t from dnet for one device,   to avoid opening, closing, and re-opening it thousands of tims.  If   you give a different device, this function will close the first   one.  Thus this should never be used by programs that need to deal   with multiple devices at once.  In addition, you MUST NEVER   eth_close() A DEVICE OBTAINED FROM THIS FUNCTION.  Instead, you can   call eth_close_cached() to close whichever device (if any) is   cached.  Returns NULL if it fails to open the device. */eth_t *eth_open_cached(const char *device) {  if (!device) fatal("eth_open_cached() called with NULL device name!");  if (!*device) fatal("eth_open_cached() called with empty device name!");  if (strcmp(device, etht_cache_device_name) == 0) {    /* Yay, we have it cached. */    return etht_cache_device;  }  if (*etht_cache_device_name) {    eth_close(etht_cache_device);    etht_cache_device_name[0] = '\0';    etht_cache_device = NULL;  }  etht_cache_device = eth_open(device);  if (etht_cache_device)    Strncpy(etht_cache_device_name, device, sizeof(etht_cache_device_name));  return etht_cache_device;}/* See the description for eth_open_cached */void eth_close_cached() {  if (etht_cache_device) {    eth_close(etht_cache_device);    etht_cache_device = NULL;    etht_cache_device_name[0] = '\0';  }  return;}// fill ip header. no error check.// This function is also changing what's needed from host to network order.static inline int fill_ip_raw(	struct ip *ip, int packetlen, u8* ipopt, int ipoptlen,	int ip_tos, int ip_id, int ip_off, int ip_ttl, int ip_p,	const struct in_addr *ip_src, const struct in_addr *ip_dst){  ip->ip_v   = 4;  ip->ip_hl  = 5 + (ipoptlen/4);  ip->ip_tos = ip_tos;  ip->ip_len = htons(packetlen);  ip->ip_id  = htons(ip_id);  ip->ip_off = htons(ip_off);  ip->ip_ttl = ip_ttl;  ip->ip_p   = ip_p;  ip->ip_src.s_addr = ip_src->s_addr;  ip->ip_dst.s_addr = ip_dst->s_addr;  if (ipoptlen)    memcpy((u8*)ip + sizeof(struct ip), ipopt, ipoptlen);      // ip options source routing hack:  if(ipoptlen && o.ipopt_firsthop && o.ipopt_lasthop) {    u8* ipo = (u8*)ip + sizeof(struct ip);    struct in_addr *newdst = (struct in_addr *) &ipo[o.ipopt_firsthop];    struct in_addr *olddst = (struct in_addr *) &ipo[o.ipopt_lasthop];    // our destination is somewhere else :)    ip->ip_dst.s_addr = newdst->s_addr;        // and last hop should be destination    olddst->s_addr    = ip_dst->s_addr;  }     #if HAVE_IP_IP_SUM  ip->ip_sum = 0;  ip->ip_sum = in_cksum((unsigned short *)ip, sizeof(struct ip) + ipoptlen);  #endif  return(sizeof(struct ip) + ipoptlen);}int send_tcp_raw_decoys( int sd, struct eth_nfo *eth, 			 const struct in_addr *victim,			 int ttl, bool df,			 u8* ipopt, int ipoptlen,			 u16 sport, u16 dport,			 u32 seq, u32 ack, u8 reserved, u8 flags, u16 window, u16 urp,			 u8 *options, int optlen,			 char *data, u16 datalen) {  int decoy;  for(decoy = 0; decoy < o.numdecoys; decoy++)     if (send_tcp_raw(sd, eth,    		&o.decoys[decoy], victim,    		ttl, df,    		ipopt, ipoptlen,    		sport, dport, 		seq, ack, reserved, flags, window, urp,		options, optlen,		data, datalen) == -1)      return -1;  return 0;}/* Builds a TCP packet (including an IP header) by packing the fields   with the given information.  It allocates a new buffer to store the   packet contents, and then returns that buffer.  The packet is not   actually sent by this function.  Caller must delete the buffer when   finished with the packet.  The packet length is returned in   packetlen, which must be a valid int pointer. */u8 *build_tcp_raw(const struct in_addr *source, const struct in_addr *victim,                  int ttl, u16 ipid, u8 tos, bool df,		  u8 *ipopt, int ipoptlen, 		  u16 sport, u16 dport,		  u32 seq, u32 ack, u8 reserved, u8 flags, u16 window, u16 urp,		  u8 *tcpopt, int tcpoptlen,		  char *data, u16 datalen, u32 *outpacketlen) {struct pseudo_header {   /*for computing TCP checksum, see TCP/IP Illustrated p. 145 */  u32 s_addy;  u32 d_addr;  u8 zer0;  u8 protocol;  u16 length;};int packetlen = sizeof(struct ip) + ipoptlen + 	sizeof(struct tcphdr) + tcpoptlen + datalen;u8 *packet = (u8 *) safe_malloc(packetlen);struct ip *ip = (struct ip *) packet;struct tcphdr *tcp = (struct tcphdr *) ((u8*)ip + sizeof(struct ip) + ipoptlen);struct pseudo_header *pseudo = 	(struct pseudo_header *) ((u8*)tcp - sizeof(struct pseudo_header));static int myttl = 0;assert(victim);assert(source);assert(ipoptlen%4==0);if (tcpoptlen % 4)  fatal("build_tcp_raw() called with an option length argument of %d which is illegal because it is not divisible by 4. Just add \\0 padding to the end.", tcpoptlen);/* Time to live */if (ttl == -1) {  myttl = (get_random_uint() % 23) + 37;} else {  myttl = ttl;}pseudo->s_addy = source->s_addr;pseudo->d_addr = victim->s_addr;pseudo->zer0	= 0;pseudo->protocol = IPPROTO_TCP;pseudo->length	= htons(sizeof(struct tcphdr) + tcpoptlen + datalen);/* Fill tcp header */memset(tcp, 0, sizeof(struct tcphdr));tcp->th_sport = htons(sport);tcp->th_dport = htons(dport);if (seq) {  tcp->th_seq = htonl(seq);} else if (flags & TH_SYN) {  get_random_bytes(&(tcp->th_seq), 4);}if (ack)  tcp->th_ack = htonl(ack);/*else if (flags & TH_ACK)  tcp->th_ack = rand() + rand();*/if (reserved)  tcp->th_x2 = reserved & 0x0F;tcp->th_off = 5 + (tcpoptlen /4) /*words*/;tcp->th_flags = flags;if (window)  tcp->th_win = htons(window);else tcp->th_win = htons(1024 * (myttl % 4 + 1)); /* Who cares *//* Urgend pointer */if (urp)  tcp->th_urp = htons(urp);/* And the options */if (tcpoptlen)  memcpy((u8*)tcp + sizeof(struct tcphdr), tcpopt, tcpoptlen);/* We should probably copy the data over too */if (data && datalen)  memcpy((u8*)tcp + sizeof(struct tcphdr) + tcpoptlen, data, datalen);#if STUPID_SOLARIS_CHECKSUM_BUGtcp->th_sum = sizeof(struct tcphdr) + tcpoptlen + datalen; #elsetcp->th_sum = in_cksum((unsigned short *)pseudo, sizeof(struct tcphdr) + 		       tcpoptlen + sizeof(struct pseudo_header) + datalen);#endifif ( o.badsum )  --tcp->th_sum;  fill_ip_raw(ip, packetlen, ipopt, ipoptlen,  	tos, ipid, df?IP_DF:0, myttl, IPPROTO_TCP,  	source, victim);  *outpacketlen = packetlen; return packet;}/* You need to call sethdrinclude(sd) on the sending sd before calling this */int send_tcp_raw( int sd, struct eth_nfo *eth,		  const struct in_addr *source, const struct in_addr *victim,		  int ttl, bool df,		  u8* ipops, int ipoptlen,		  u16 sport, u16 dport,