/* A simple function I wrote to help in debugging, shows the important fields   of a UDP packet*/int readudppacket(const u8 *packet, int readdata) {struct ip *ip = (struct ip *) packet;struct udp_hdr *udp = (struct udp_hdr *) (packet + sizeof(struct ip));const unsigned char *data = packet +  sizeof(struct ip) + sizeof(struct udp_hdr);int tot_len;struct in_addr bullshit, bullshit2;char sourcehost[16];int i;int realfrag = 0;if (!packet) {  error("%s: packet is NULL!", __func__);  return -1;    }bullshit.s_addr = ip->ip_src.s_addr; bullshit2.s_addr = ip->ip_dst.s_addr;/* this is gay */realfrag = htons(ntohs(ip->ip_off) & 8191 /* 2^13 - 1 */);tot_len = htons(ip->ip_len);strncpy(sourcehost, inet_ntoa(bullshit), 16);i =  4 * (ntohs(ip->ip_hl)) + 8;if (ip->ip_p== IPPROTO_UDP) {  if (realfrag)     log_write(LOG_PLAIN, "Packet is fragmented, offset field: %u\n", realfrag);  else {    log_write(LOG_PLAIN, "UDP packet: %s:%d -> %s:%d (total: %d bytes)\n", sourcehost, 	      ntohs(udp->uh_sport), inet_ntoa(bullshit2), 	      ntohs(udp->uh_dport), tot_len);    log_write(LOG_PLAIN, "ttl: %hu ", ip->ip_ttl);  }} if (readdata && i < tot_len) {   log_write(LOG_PLAIN, "Data portion:\n");   while(i < tot_len)  {     log_write(LOG_PLAIN, "%2X%c", data[i], ((i+1)%16)? ' ' : '\n');     i++;   }   log_write(LOG_PLAIN, "\n"); } return 0;}int send_udp_raw_decoys( int sd, struct eth_nfo *eth, 			 const struct in_addr *victim,			 int ttl, u16 ipid,			 u8* ipops, int ipoptlen,			 u16 sport, u16 dport,			 char *data, u16 datalen) {  int decoy;    for(decoy = 0; decoy < o.numdecoys; decoy++)     if (send_udp_raw(sd, eth, &o.decoys[decoy], victim,    		     ttl, ipid, ipops, ipoptlen,    		     sport, dport, data, datalen) == -1)      return -1;  return 0;}/* Builds a UDP packet (including an IP header) by packing the fields   with the given information.  It allocates a new buffer to store the   packet contents, and then returns that buffer.  The packet is not   actually sent by this function.  Caller must delete the buffer when   finished with the packet.  The packet length is returned in   packetlen, which must be a valid int pointer. */u8 *build_udp_raw(struct in_addr *source, const struct in_addr *victim,                  int ttl, u16 ipid, u8 tos, bool df,		  u8 *ipopt, int ipoptlen,  		  u16 sport, u16 dport, 		  char *data, u16 datalen, u32 *outpacketlen) {  int packetlen = sizeof(struct ip) + ipoptlen + sizeof(struct udp_hdr) + datalen;  u8 *packet = (u8 *) safe_malloc(packetlen);  struct ip *ip = (struct ip *) packet;  struct udp_hdr *udp = (struct udp_hdr *) ((u8*)ip + sizeof(struct ip) + ipoptlen);  static int myttl = 0;    /* check that required fields are there and not too silly */  assert(victim);  assert(source);  assert(ipoptlen%4==0);    /* Time to live */  if (ttl == -1) {    myttl = (get_random_uint() % 23) + 37;  } else {    myttl = ttl;  }    udp->uh_sport = htons(sport);  udp->uh_dport = htons(dport);  udp->uh_sum   = 0;  udp->uh_ulen  = htons(sizeof(struct udp_hdr) + datalen);    /* We should probably copy the data over too */  if (data)    memcpy((u8*)udp + sizeof(struct udp_hdr), data, datalen);    /* OK, now we should be able to compute a valid checksum */#if STUPID_SOLARIS_CHECKSUM_BUG  udp->uh_sum = sizeof(struct udp_hdr) + datalen;#else  udp->uh_sum = magic_tcpudp_cksum(source, victim, IPPROTO_UDP,				   sizeof(struct udp_hdr) + datalen, (char *) udp);#endif    if ( o.badsum ) {    --udp->uh_sum;    if (udp->uh_sum == 0) udp->uh_sum = 0xffff; // UDP checksum=0 means no checksum  }    fill_ip_raw(ip, packetlen, ipopt, ipoptlen,	tos, ipid, df?IP_DF:0, myttl, IPPROTO_UDP,	source, victim);    *outpacketlen = packetlen;  return packet;}int send_udp_raw( int sd, struct eth_nfo *eth,		  struct in_addr *source, const struct in_addr *victim, 		  int ttl, u16 ipid, 		  u8* ipopt, int ipoptlen, 		  u16 sport, u16 dport, 		  char *data, u16 datalen) {  unsigned int packetlen;  int res = -1;  u8 *packet = build_udp_raw(source, victim,  			     ttl, ipid, IP_TOS_DEFAULT, false,  			     ipopt, ipoptlen,  			     sport, dport,  			     data, datalen, &packetlen);  if (!packet) return -1;  res = send_ip_packet(sd, eth, packet, packetlen);  free(packet);  return res;}/* Builds an IP packet (including an IP header) by packing the fields   with the given information.  It allocates a new buffer to store the   packet contents, and then returns that buffer.  The packet is not   actually sent by this function.  Caller must delete the buffer when   finished with the packet.  The packet length is returned in   packetlen, which must be a valid int pointer. */u8 *build_ip_raw(const struct in_addr *source, const struct in_addr *victim, 		 u8 proto,		 int ttl, u16 ipid, u8 tos, bool df,		 u8 *ipopt, int ipoptlen,		 char *data, u16 datalen, 		 u32 *outpacketlen) {int packetlen = sizeof(struct ip) + ipoptlen + datalen;u8 *packet = (u8 *) safe_malloc(packetlen);struct ip *ip = (struct ip *) packet;static int myttl = 0;/* check that required fields are there and not too silly */assert(source);assert(victim);assert(ipoptlen%4==0);/* Time to live */if (ttl == -1) {	        myttl = (get_random_uint() % 23) + 37;} else {	        myttl = ttl;}  fill_ip_raw(ip, packetlen, ipopt, ipoptlen,	tos, ipid, df?IP_DF:0, myttl, proto,	source, victim); /* We should probably copy the data over too */ if (data)    memcpy((u8*)ip + sizeof(struct ip) + ipoptlen, data, datalen);  *outpacketlen = packetlen; return packet;}/* You need to call sethdrinclude(sd) on the sending sd before calling this */int send_ip_raw( int sd, struct eth_nfo *eth,		 struct in_addr *source, const struct in_addr *victim,		 u8 proto, int ttl,		 u8* ipopt, int ipoptlen,		 		 char *data, u16 datalen) {  unsigned int packetlen;  int res = -1;  u8 *packet = build_ip_raw(source, victim,    			    proto,  			    ttl, get_random_u16(), IP_TOS_DEFAULT, false,  			    ipopt, ipoptlen,  			    data, datalen, &packetlen);  if (!packet) return -1;  res = send_ip_packet(sd, eth, packet, packetlen);  free(packet);  return res;}int unblock_socket(int sd) {#ifdef WIN32u_long one = 1;if(sd != 501) // Hack related to WinIP Raw Socket support  ioctlsocket (sd, FIONBIO, &one);#elseint options;/*Unblock our socket to prevent recvfrom from blocking forever  on certain target ports. */options = O_NONBLOCK | fcntl(sd, F_GETFL);fcntl(sd, F_SETFL, options);#endif //WIN32return 1;}/* returns -1 if we can't use select() on the pcap device, 0 for timeout, and * >0 for success. If select() fails we bail out because it couldn't work with * the file descriptor we got from my_pcap_get_selectable_fd() */int pcap_select(pcap_t *p, struct timeval *timeout){	int fd, ret;	fd_set rfds;	if ((fd = my_pcap_get_selectable_fd(p)) == -1)		return -1;	FD_ZERO(&rfds);	FD_SET(fd, &rfds);	do {		errno = 0;		ret = select(fd + 1, &rfds, NULL, NULL, timeout);		if (ret == -1) {			if (errno == EINTR)				error("%s: %s", __func__, strerror(errno));			else				fatal("Your system does not support select()ing on pcap devices (%s). PLEASE REPORT THIS ALONG WITH DETAILED SYSTEM INFORMATION TO THE nmap-dev MAILING LIST!", strerror(errno));		}	} while (ret == -1);	return ret;}int pcap_select(pcap_t *p, long usecs){	struct timeval tv;	tv.tv_sec = usecs / 1000000;	tv.tv_usec = usecs % 1000000;	return pcap_select(p, &tv);}/* Read an IP packet using libpcap .  We return the packet and take   a pcap descriptor and a pointer to the packet length (which we set   in the function. If you want a maximum length returned, you   should specify that in pcap_open_live() *//* to_usec is the timeout period in microseconds -- use 0 to skip the   test and -1 to block forever.  Note that we don't interrupt pcap, so   low values (and 0) degenerate to the timeout specified    in pcap_open_live() *//* If rcvdtime is non-null and a packet is returned, rcvd will be   filled with the time that packet was captured from the wire by   pcap.  If linknfo is not NULL, linknfo->headerlen and   linknfo->header will be filled with the appropriate values. */char *readip_pcap(pcap_t *pd, unsigned int *len, long to_usec, 		  struct timeval *rcvdtime, struct link_header *linknfo) {unsigned int offset = 0;struct pcap_pkthdr head;char *p;int datalink;int timedout = 0;struct timeval tv_start, tv_end;static char *alignedbuf = NULL;static unsigned int alignedbufsz=0;static int warning = 0;if (linknfo) { memset(linknfo, 0, sizeof(*linknfo)); }if (!pd) fatal("NULL packet device passed to %s", __func__); if (to_usec < 0) {   if (!warning) {     warning = 1;     error("WARNING: Negative timeout value (%lu) passed to %s() -- using 0", to_usec, __func__);   }   to_usec = 0; }/* New packet capture device, need to recompute offset */ if ( (datalink = pcap_datalink(pd)) < 0)   fatal("Cannot obtain datalink information: %s", pcap_geterr(pd)); /* NOTE: IF A NEW OFFSET EVER EXCEEDS THE CURRENT MAX (24), ADJUST    MAX_LINK_HEADERSZ in tcpip.h */ switch(datalink) { case DLT_EN10MB: offset = 14; break; case DLT_IEEE802: offset = 22; break;#ifdef __amigaos__ case DLT_MIAMI: offset = 16; break;#endif#ifdef DLT_LOOP case DLT_LOOP:#endif case DLT_NULL: offset = 4; break; case DLT_SLIP:#ifdef DLT_SLIP_BSDOS case DLT_SLIP_BSDOS:#endif#if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX)   offset = 16;#else   offset = 24; /* Anyone use this??? */#endif   break; case DLT_PPP: #ifdef DLT_PPP_BSDOS case DLT_PPP_BSDOS:#endif#ifdef DLT_PPP_SERIAL case DLT_PPP_SERIAL:#endif#ifdef DLT_PPP_ETHER case DLT_PPP_ETHER:#endif#if (FREEBSD || OPENBSD || NETBSD || BSDI || MACOSX)   offset = 4;#else#ifdef SOLARIS   offset = 8;#else   offset = 24; /* Anyone use this? */#endif /* ifdef solaris */#endif /* if freebsd || openbsd || netbsd || bsdi */   break; case DLT_RAW: offset = 0; break; case DLT_FDDI: offset = 21; break;#ifdef DLT_ENC case DLT_ENC: offset = 12; break;#endif /* DLT_ENC */#ifdef DLT_LINUX_SLL case DLT_LINUX_SLL: offset = 16; break;#endif default:   p = (char *) pcap_next(pd, &head);   if (head.caplen == 0) {     /* Lets sleep a brief time and try again to increase the chance of seeing	a real packet ... */     usleep(500000);     p = (char *) pcap_next(pd, &head);   }   if (head.caplen > 100000) {     fatal("FATAL: %s: bogus caplen from libpcap (%d) on interface type %d", __func__, head.caplen, datalink);   }    error("FATAL:  Unknown datalink type (%d). Caplen: %d; Packet:", datalink, head.caplen);   lamont_hdump(p, head.caplen);   exit(1); } if (to_usec > 0) {   gettimeofday(&tv_start, NULL); } do {#ifdef WIN32   gettimeofday(&tv_end, NULL);   long to_left = MAX(1, (to_usec - TIMEVAL_SUBTRACT(tv_end, tv_start)) / 1000);   // Set the timeout (BUGBUG: this is cheating)   PacketSetReadTimeout(pd->adapter, to_left);#endif   p = NULL;   if (pcap_select(pd, to_usec) == 0)     timedout = 1;   else     p = (char *) pcap_next(pd, &head);   if (p) {     if (head.caplen <= offset) {       *len = 0;       return NULL;     }     if