/*************************************************************************** * tcpip.cc -- Various functions relating to low level TCP/IP handling,    * * including sending raw packets, routing, printing packets, reading from  * * libpcap, etc.                                                           * *                                                                         * ***********************IMPORTANT NMAP LICENSE TERMS************************ *                                                                         * * The Nmap Security Scanner is (C) 1996-2008 Insecure.Com LLC. Nmap is    * * also a registered trademark of Insecure.Com LLC.  This program is free  * * software; you may redistribute and/or modify it under the terms of the  * * GNU General Public License as published by the Free Software            * * Foundation; Version 2 with the clarifications and exceptions described  * * below.  This guarantees your right to use, modify, and redistribute     * * this software under certain conditions.  If you wish to embed Nmap      * * technology into proprietary software, we sell alternative licenses      * * (contact sales@insecure.com).  Dozens of software vendors already       * * license Nmap technology such as host discovery, port scanning, OS       * * detection, and version detection.                                       * *                                                                         * * Note that the GPL places important restrictions on "derived works", yet * * it does not provide a detailed definition of that term.  To avoid       * * misunderstandings, we consider an application to constitute a           * * "derivative work" for the purpose of this license if it does any of the * * following:                                                              * * o Integrates source code from Nmap                                      * * o Reads or includes Nmap copyrighted data files, such as                * *   nmap-os-fingerprints or nmap-service-probes.                          * * o Executes Nmap and parses the results (as opposed to typical shell or  * *   execution-menu apps, which simply display raw Nmap output and so are  * *   not derivative works.)                                                *  * o Integrates/includes/aggregates Nmap into a proprietary executable     * *   installer, such as those produced by InstallShield.                   * * o Links to a library or executes a program that does any of the above   * *                                                                         * * The term "Nmap" should be taken to also include any portions or derived * * works of Nmap.  This list is not exclusive, but is just meant to        * * clarify our interpretation of derived works with some common examples.  * * These restrictions only apply when you actually redistribute Nmap.  For * * example, nothing stops you from writing and selling a proprietary       * * front-end to Nmap.  Just distribute it by itself, and point people to   * * http://insecure.org/nmap/ to download Nmap.                             * *                                                                         * * We don't consider these to be added restrictions on top of the GPL, but * * just a clarification of how we interpret "derived works" as it applies  * * to our GPL-licensed Nmap product.  This is similar to the way Linus     * * Torvalds has announced his interpretation of how "derived works"        * * applies to Linux kernel modules.  Our interpretation refers only to     * * Nmap - we don't speak for any other GPL products.                       * *                                                                         * * If you have any questions about the GPL licensing restrictions on using * * Nmap in non-GPL works, we would be happy to help.  As mentioned above,  * * we also offer alternative license to integrate Nmap into proprietary    * * applications and appliances.  These contracts have been sold to dozens  * * of software vendors, and generally include a perpetual license as well  * * as providing for priority support and updates as well as helping to     * * fund the continued development of Nmap technology.  Please email        * * sales@insecure.com for further information.                             * *                                                                         * * As a special exception to the GPL terms, Insecure.Com LLC grants        * * permission to link the code of this program with any version of the     * * OpenSSL library which is distributed under a license identical to that  * * listed in the included Copying.OpenSSL file, and distribute linked      * * combinations including the two. You must obey the GNU GPL in all        * * respects for all of the code used other than OpenSSL.  If you modify    * * this file, you may extend this exception to your version of the file,   * * but you are not obligated to do so.                                     * *                                                                         * * If you received these files with a written license agreement or         * * contract stating terms other than the terms above, then that            * * alternative license agreement takes precedence over these comments.     * *                                                                         * * Source is provided to this software because we believe users have a     * * right to know exactly what a program is going to do before they run it. * * This also allows you to audit the software for security holes (none     * * have been found so far).                                                * *                                                                         * * Source code also allows you to port Nmap to new platforms, fix bugs,    * * and add new features.  You are highly encouraged to send your changes   * * to fyodor@insecure.org for possible incorporation into the main         * * distribution.  By sending these changes to Fyodor or one the            * * Insecure.Org development mailing lists, it is assumed that you are      * * offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right * * to reuse, modify, and relicense the code.  Nmap will always be          * * available Open Source, but this is important because the inability to   * * relicense code has caused devastating problems for other Free Software  * * projects (such as KDE and NASM).  We also occasionally relicense the    * * code to third parties as discussed above.  If you wish to specify       * * special license conditions of your contributions, just say so when you  * * send them.                                                              * *                                                                         * * This program is distributed in the hope that it will be useful, but     * * WITHOUT ANY WARRANTY; without even the implied warranty of              * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU       * * General Public License for more details at                              * * http://www.gnu.org/copyleft/gpl.html , or in the COPYING file included  * * with Nmap.                                                              * *                                                                         * ***************************************************************************//* $Id: tcpip.cc 6633 2007-12-22 06:32:03Z fyodor $ */#ifdef WIN32#include "nmap_winconfig.h"#endif#include "portreasons.h"#include <dnet.h>#include "tcpip.h"#include "NmapOps.h"#include "Target.h"#include "utils.h"#if HAVE_SYS_TIME_H#include <sys/time.h>#endif#if HAVE_SYS_RESOURCE_H#include <sys/resource.h>#endif#if HAVE_UNISTD_H/* #include <sys/unistd.h> */#include <unistd.h>#endif#if HAVE_NET_IF_H#ifndef NET_IF_H  /* why doesn't OpenBSD do this? */#include <net/if.h>#define NET_IF_H#endif#endif#if HAVE_NETINET_IF_ETHER_H#ifndef NETINET_IF_ETHER_H#include <netinet/if_ether.h>#define NETINET_IF_ETHER_H#endif /* NETINET_IF_ETHER_H */#endif /* HAVE_NETINET_IF_ETHER_H */extern NmapOps o;#ifdef WIN32#include "pcap-int.h"void nmapwin_init();void nmapwin_cleanup();void nmapwin_list_interfaces();int if2nameindex(int ifi);#endifstatic PacketCounter PktCt;/* These two are for eth_open_cached() and eth_close_cached() */static char etht_cache_device_name[64];static eth_t *etht_cache_device = NULL;void sethdrinclude(int sd) {#ifdef IP_HDRINCLint one = 1;setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (const char *) &one, sizeof(one));#endif}void set_ttl(int sd, int ttl){#ifdef IP_TTL	if (sd == -1)		return;	setsockopt(sd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof ttl);#endif}// Takes a protocol number like IPPROTO_TCP, IPPROTO_UDP, or// IPPROTO_IP and returns a ascii representation (or "unknown" if it// doesn't recognize the number).  If uppercase is true, the returned// value will be in all uppercase letters.  You can skip this// parameter to use lowercase.const char *proto2ascii(u8 proto, bool uppercase) {  switch(proto) {  case IPPROTO_TCP:    return uppercase? "TCP" : "tcp"; break;  case IPPROTO_UDP:    return uppercase? "UDP" : "udp"; break;  case IPPROTO_IP:    return uppercase? "IP" : "ip"; break;  default:    return uppercase? "UNKNOWN" : "unknown";  }  return NULL; // Unreached}static char *ll2shortascii(unsigned long long bytes, char *buf, int buflen) {  if (buflen < 2 || !buf) fatal("Bogus parameter passed to %s", __func__);  if (bytes > 1000000) {    Snprintf(buf, buflen, "%.3fMB", bytes / 1000000.0);  } else if (bytes > 10000) {    Snprintf(buf, buflen, "%.3fKB", bytes / 1000.0);  } else Snprintf(buf, buflen, "%uB", (unsigned int) bytes);      return buf;}/* Fill buf (up to buflen -- truncate if necessary but always   terminate) with a short representation of the packet stats.   Returns buf.  Aborts if there is a problem. */char *getFinalPacketStats(char *buf, int buflen) {  char sendbytesasc[16], recvbytesasc[16];  if (buflen <= 10 || !buf)    fatal("%s called with woefully inadequate parameters", __func__);  Snprintf(buf, buflen, #if WIN32	  "Raw packets sent: %I64u (%s) | Rcvd: %I64u (%s)",#else	  "Raw packets sent: %llu (%s) | Rcvd: %llu (%s)",#endif	   PktCt.sendPackets,	   ll2shortascii(PktCt.sendBytes, sendbytesasc, sizeof(sendbytesasc)),	   PktCt.recvPackets,	   ll2shortascii(PktCt.recvBytes, recvbytesasc, sizeof(recvbytesasc)));  return buf;}  /* Takes an ARP PACKET (including ethernet header) and prints it if     packet tracing is enabled.  'frame' must point to the 14-byte     ethernet header (e.g. starting with destination addr). The     direction must be PacketTrace::SENT or PacketTrace::RCVD .     Optional 'now' argument makes this function slightly more     efficient by avoiding a gettimeofday() call. */void PacketTrace::traceArp(pdirection pdir, const u8 *frame, u32 len,			struct timeval *now) {  struct timeval tv;  char arpdesc[128];  char who_has[INET_ADDRSTRLEN], tell[INET_ADDRSTRLEN];      if (pdir == SENT) {    PktCt.sendPackets++;    PktCt.sendBytes += len;  } else {    PktCt.recvPackets++;    PktCt.recvBytes += len;  }  if (!o.packetTrace()) return;  if (now)    tv = *now;  else gettimeofday(&tv, NULL);  if (len < 42) {    error("Packet tracer: Arp packets must be at least 42 bytes long.  Should be exactly that length excl. ethernet padding.");    return;  }  if (frame[21] == 1) /* arp REQUEST */ {    inet_ntop(AF_INET, frame+38, who_has, sizeof(who_has));    inet_ntop(AF_INET, frame+28, tell, sizeof(tell));    Snprintf(arpdesc, sizeof(arpdesc), "who-has %s tell %s", who_has, tell);  } else { /* ARP REPLY */    inet_ntop(AF_INET, frame+28, who_has, sizeof(who_has));    Snprintf(arpdesc, sizeof(arpdesc), 	     "reply %s is-at %02X:%02X:%02X:%02X:%02X:%02X", who_has, 	     frame[22], frame[23], frame[24], frame[25], frame[26], frame[27]);  }  log_write(LOG_STDOUT|LOG_NORMAL, "%s (%.4fs) ARP %s\n", (pdir == SENT)? "SENT" : "RCVD",  o.TimeSinceStartMS(&tv) / 1000.0, arpdesc);  return;}/* Get an ASCII information about a tcp option which is pointed by   optp, with a length of len. The result is stored in the result   buffer. The result may look like "<mss 1452,sackOK,timestamp   45848914 0,nop,wscale 7>" */static void tcppacketoptinfo(u8 *optp, int len, char *result, int bufsize) {  assert(optp);  assert(result);  char *p, ch;  u8 *q;  int opcode;  u16 tmpshort;  u32 tmpword1, tmpword2;  p = result; *p = '\0';  q = optp;  ch = '<';    while(len > 0 && bufsize > 2) {	Snprintf(p, bufsize, "%c", ch);	bufsize--;	p++;    opcode=*q++;	    if (!opcode) { /* End of List */	  	  Snprintf(p, bufsize, "eol");	  bufsize -= strlen(p);	  p += strlen(p);	        len--;	      } else if (opcode == 1) { /* No Op */	  	  Snprintf(p, bufsize, "nop");	  bufsize -= strlen(p);	  p += strlen(p);	        len--;	      } else if (opcode == 2) { /* MSS */	        if(len<4)        break; /* MSS has 4 bytes */	        q++;      memcpy(&tmpshort, q, 2);	  	  Snprintf(p, bufsize, "mss %u", ntohs(tmpshort));	  bufsize -= strlen(p);	  p += strlen(p);      q += 2;      len -= 4;	      } else if (opcode == 3) { /* Window Scale */	        if(len<3)        break; /* Window Scale option has 3 bytes */	        q++;	  Snprintf(p, bufsize, "wscale %u", *q);	  bufsize -= strlen(p);	  p += strlen(p); 	        q++;      len -= 3;	      } else if (opcode == 4) { /* SACK permitted */	        if(len<2)        break; /* SACK permitted option has 2 bytes */	  	  Snprintf(p, bufsize, "sackOK");	  bufsize -= strlen(p);	  p += strlen(p); 	        q++;      len -= 2;	      } else if (opcode == 5) { /* SACK */	  	  int sackoptlen = *q;	  if(len < sackoptlen)		break;	  	  q++;	  	  if((sackoptlen-2) % 8 != 0) {		Snprintf(p, bufsize, "malformed sack");		bufsize -= strlen(p);		p += strlen(p); 	  } else {		Snprintf(p, bufsize, "sack %d ", (sackoptlen-2)/8);		bufsize -= strlen(p);		p += strlen(p);		for(int i = 0; i < sackoptlen - 2; i += 8) {		  memcpy(&tmpword1, q + i, 4);		  memcpy(&tmpword2, q + i + 4, 4);		  Snprintf(p, bufsize, "{%u:%u}", tmpword1, tmpword2);		  bufsize -= strlen(p);		  p += strlen(p);		}	  }	  q += sackoptlen-2;	  len -= sackoptlen;	  	} else if (opcode == 8) { /* Timestamp */      if(len<10)        break; /* Timestamp option has 10 bytes */      q++;      memcpy(&tmpword1, q, 4);      memcpy(&tmpword2, q+4, 4);	  Snprintf(p, bufsize, "timestamp %u %u", ntohl(tmpword1), ntohl(tmpword2));	  bufsize -= strlen(p);	  p += strlen(p);	  q += 8;	  len -= 10;	      }	ch = ',';