OpenVAS Scanner  7.0.1~git
nasl_packet_forgery.c
Go to the documentation of this file.
1 /* Based on work Copyright (C) 2002 - 2004 Tenable Network Security
2  *
3  * SPDX-License-Identifier: GPL-2.0-only
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * version 2 as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
17  */
18 
19 #include "nasl_packet_forgery.h"
20 
21 #include "../misc/bpf_share.h" /* for bpf_open_live */
22 #include "../misc/pcap_openvas.h" /* for routethrough */
23 #include "../misc/plugutils.h" /* plug_get_host_ip */
24 #include "capture_packet.h"
25 #include "exec.h"
26 #include "nasl_debug.h"
27 #include "nasl_func.h"
28 #include "nasl_global_ctxt.h"
29 #include "nasl_lex_ctxt.h"
30 #include "nasl_packet_forgery_v6.h"
31 #include "nasl_raw.h"
32 #include "nasl_socket.h"
33 #include "nasl_tree.h"
34 #include "nasl_var.h"
35 
36 #include <arpa/inet.h> /* for inet_aton */
37 #include <ctype.h> /* for isprint */
38 #include <errno.h> /* for errno */
39 #include <pcap.h> /* for PCAP_ERRBUF_SIZE */
40 #include <stdlib.h> /* for rand */
41 #include <string.h> /* for bcopy */
42 #include <sys/time.h> /* for gettimeofday */
43 #include <unistd.h> /* for close */
44 
47 #ifdef BSD_BYTE_ORDERING
48 #define FIX(n) (n)
49 #define UNFIX(n) (n)
50 #else
51 #define FIX(n) htons (n)
52 #define UNFIX(n) ntohs (n)
53 #endif
54 
55 /*--------------[ cksum ]-----------------------------------------*/
56 
57 /*
58  * Checksum routine for Internet Protocol family headers (C Version)
59  * From ping examples in W.Richard Stevens "UNIX NETWORK PROGRAMMING" book.
60  */
61 static int np_in_cksum (p, n) u_short *p;
62 int n;
63 {
64  register u_short answer;
65  register long sum = 0;
66  u_short odd_byte = 0;
67 
68  while (n > 1)
69  {
70  sum += *p++;
71  n -= 2;
72  }
73 
74  /* mop up an odd byte, if necessary */
75  if (n == 1)
76  {
77  *(u_char *) (&odd_byte) = *(u_char *) p;
78  sum += odd_byte;
79  }
80 
81  sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
82  sum += (sum >> 16); /* add carry */
83  answer = (int) ~sum; /* ones-complement, truncate */
84  return answer;
85 }
86 
87 /*--------------[ IP ]--------------------------------------------*/
88 
89 tree_cell *
91 {
92  tree_cell *retc;
93  struct ip *pkt;
94  char *s;
95  struct script_infos *script_infos = lexic->script_infos;
96  struct in6_addr *dst_addr;
97  char *data;
98  int data_len;
99 
100  dst_addr = plug_get_host_ip (script_infos);
101 
102  if (dst_addr == NULL || (IN6_IS_ADDR_V4MAPPED (dst_addr) != 1))
103  return NULL;
104 
105  data = get_str_var_by_name (lexic, "data");
106  data_len = get_var_size_by_name (lexic, "data");
107 
108  retc = alloc_typed_cell (CONST_DATA);
109  retc->size = sizeof (struct ip) + data_len;
110 
111  pkt = (struct ip *) g_malloc0 (sizeof (struct ip) + data_len);
112  retc->x.str_val = (char *) pkt;
113 
114  pkt->ip_hl = get_int_var_by_name (lexic, "ip_hl", 5);
115  pkt->ip_v = get_int_var_by_name (lexic, "ip_v", 4);
116  pkt->ip_tos = get_int_var_by_name (lexic, "ip_tos", 0);
117  /* pkt->ip_len = FIX(get_int_var_by_name(lexic, "ip_len", 20 + data_len)); */
118 
119  pkt->ip_len = FIX (20 + data_len);
120 
121  pkt->ip_id = htons (get_int_var_by_name (lexic, "ip_id", rand ()));
122  pkt->ip_off = get_int_var_by_name (lexic, "ip_off", 0);
123  pkt->ip_off = FIX (pkt->ip_off);
124  pkt->ip_ttl = get_int_var_by_name (lexic, "ip_ttl", 64);
125  pkt->ip_p = get_int_var_by_name (lexic, "ip_p", 0);
126  pkt->ip_sum = htons (get_int_var_by_name (lexic, "ip_sum", 0));
127  /* source */
128  s = get_str_var_by_name (lexic, "ip_src");
129  if (s != NULL)
130  inet_aton (s, &pkt->ip_src);
131  /* else this host address? */
132 
133  /* I know that this feature looks dangerous, but anybody can edit an IP
134  * packet with the string functions */
135  s = get_str_var_by_name (lexic, "ip_dst");
136  if (s != NULL)
137  inet_aton (s, &pkt->ip_dst);
138  else
139  pkt->ip_dst.s_addr = dst_addr->s6_addr32[3];
140 
141  if (data != NULL)
142  {
143  bcopy (data, retc->x.str_val + sizeof (struct ip), data_len);
144  }
145 
146  if (!pkt->ip_sum)
147  {
148  if (get_int_var_by_name (lexic, "ip_sum", -1) < 0)
149  pkt->ip_sum = np_in_cksum ((u_short *) pkt, sizeof (struct ip));
150  }
151 
152  return retc;
153 }
154 
155 tree_cell *
157 {
158  tree_cell *retc;
159  struct ip *ip = (struct ip *) get_str_var_by_name (lexic, "ip");
160  char *element = get_str_var_by_name (lexic, "element");
161  char ret_ascii[32];
162  int ret_int = 0;
163  int flag = 0;
164 
165  if (ip == NULL)
166  {
167  nasl_perror (lexic, "get_ip_element : no valid 'ip' argument!\n");
168  return NULL;
169  }
170 
171  if (element == NULL)
172  {
173  nasl_perror (lexic, "get_ip_element : no valid 'element' argument!\n");
174  return NULL;
175  }
176 
177  if (!strcmp (element, "ip_v"))
178  {
179  ret_int = ip->ip_v;
180  flag++;
181  }
182  else if (!strcmp (element, "ip_id"))
183  {
184  ret_int = UNFIX (ip->ip_id);
185  flag++;
186  }
187  else if (!strcmp (element, "ip_hl"))
188  {
189  ret_int = ip->ip_hl;
190  flag++;
191  }
192  else if (!strcmp (element, "ip_tos"))
193  {
194  ret_int = ip->ip_tos;
195  flag++;
196  }
197  else if (!strcmp (element, "ip_len"))
198  {
199  ret_int = UNFIX (ip->ip_len);
200  flag++;
201  }
202  else if (!strcmp (element, "ip_off"))
203  {
204  ret_int = UNFIX (ip->ip_off);
205  flag++;
206  }
207  else if (!strcmp (element, "ip_ttl"))
208  {
209  ret_int = ip->ip_ttl;
210  flag++;
211  }
212  else if (!strcmp (element, "ip_p"))
213  {
214  ret_int = ip->ip_p;
215  flag++;
216  }
217  else if (!strcmp (element, "ip_sum"))
218  {
219  ret_int = UNFIX (ip->ip_sum);
220  flag++;
221  }
222 
223  if (flag != 0)
224  {
225  retc = alloc_typed_cell (CONST_INT);
226  retc->x.i_val = ret_int;
227  return retc;
228  }
229 
230  if (!strcmp (element, "ip_src"))
231  {
232  snprintf (ret_ascii, sizeof (ret_ascii), "%s", inet_ntoa (ip->ip_src));
233  flag++;
234  }
235  else if (!strcmp (element, "ip_dst"))
236  {
237  snprintf (ret_ascii, sizeof (ret_ascii), "%s", inet_ntoa (ip->ip_dst));
238  flag++;
239  }
240 
241  if (flag == 0)
242  {
243  printf ("%s : unknown element\n", element);
244  return NULL;
245  }
246 
247  retc = alloc_typed_cell (CONST_DATA);
248  retc->size = strlen (ret_ascii);
249  retc->x.str_val = g_strdup (ret_ascii);
250 
251  return retc;
252 }
253 
254 tree_cell *
256 {
257  struct ip *o_pkt = (struct ip *) get_str_var_by_name (lexic, "ip");
258  int size = get_var_size_by_name (lexic, "ip");
259  tree_cell *retc;
260  struct ip *pkt;
261  char *s;
262 
263  if (o_pkt == NULL)
264  {
265  nasl_perror (lexic, "set_ip_elements: missing <ip> field\n");
266  return NULL;
267  }
268 
269  pkt = (struct ip *) g_malloc0 (size);
270  bcopy (o_pkt, pkt, size);
271 
272  pkt->ip_hl = get_int_var_by_name (lexic, "ip_hl", pkt->ip_hl);
273  pkt->ip_v = get_int_var_by_name (lexic, "ip_v", pkt->ip_v);
274  pkt->ip_tos = get_int_var_by_name (lexic, "ip_tos", pkt->ip_tos);
275  pkt->ip_len =
276  FIX (get_int_var_by_name (lexic, "ip_len", UNFIX (pkt->ip_len)));
277  pkt->ip_id = htons (get_int_var_by_name (lexic, "ip_id", pkt->ip_id));
278  pkt->ip_off =
279  FIX (get_int_var_by_name (lexic, "ip_off", UNFIX (pkt->ip_off)));
280  pkt->ip_ttl = get_int_var_by_name (lexic, "ip_ttl", pkt->ip_ttl);
281  pkt->ip_p = get_int_var_by_name (lexic, "ip_p", pkt->ip_p);
282 
283  s = get_str_var_by_name (lexic, "ip_src");
284  if (s != NULL)
285  inet_aton (s, &pkt->ip_src);
286 
287  pkt->ip_sum = htons (get_int_var_by_name (lexic, "ip_sum", 0));
288  if (pkt->ip_sum == 0)
289  pkt->ip_sum = np_in_cksum ((u_short *) pkt, sizeof (struct ip));
290 
291  retc = alloc_typed_cell (CONST_DATA);
292  retc->size = size;
293  retc->x.str_val = (char *) pkt;
294 
295  return retc;
296 }
297 
298 tree_cell *
300 {
301  struct ip *ip = (struct ip *) get_str_var_by_name (lexic, "ip");
302  int code = get_int_var_by_name (lexic, "code", 0);
303  int len = get_int_var_by_name (lexic, "length", 0);
304  char *value = get_str_var_by_name (lexic, "value");
305  int value_size = get_var_size_by_name (lexic, "value");
306  tree_cell *retc;
307  struct ip *new_packet;
308  char *p;
309  int size = get_var_size_by_name (lexic, "ip");
310  u_char uc_code, uc_len;
311  int pad_len;
312  char zero = '0';
313  int i;
314  int hl;
315 
316  if (ip == NULL)
317  {
318  nasl_perror (lexic, "Usage : insert_ip_options(ip:<ip>, code:<code>, "
319  "length:<len>, value:<value>\n");
320  return NULL;
321  }
322 
323  pad_len = 4 - ((sizeof (uc_code) + sizeof (uc_len) + value_size) % 4);
324  if (pad_len == 4)
325  pad_len = 0;
326 
327  hl = ip->ip_hl * 4 < UNFIX (ip->ip_len) ? ip->ip_hl * 4 : UNFIX (ip->ip_len);
328  new_packet = g_malloc0 (size + 4 + value_size + pad_len);
329  bcopy (ip, new_packet, hl);
330 
331  uc_code = (u_char) code;
332  uc_len = (u_char) len;
333 
334  p = (char *) new_packet;
335  bcopy (&uc_code, p + hl, sizeof (uc_code));
336  bcopy (&uc_len, p + hl + sizeof (uc_code), sizeof (uc_len));
337  bcopy (value, p + hl + sizeof (uc_code) + sizeof (uc_len), value_size);
338 
339  zero = 0;
340  for (i = 0; i < pad_len; i++)
341  {
342  bcopy (&zero,
343  p + hl + sizeof (uc_code) + sizeof (uc_len) + value_size + i, 1);
344  }
345 
346  p = (char *) ip;
347  bcopy (p + hl,
348  new_packet
349  + (sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len) + hl,
350  size - hl);
351 
352  new_packet->ip_hl =
353  (hl + (sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len)) / 4;
354  new_packet->ip_len =
355  FIX (size + sizeof (uc_code) + sizeof (uc_len) + value_size + pad_len);
356  new_packet->ip_sum = 0;
357  new_packet->ip_sum = np_in_cksum (
358  (u_short *) new_packet, new_packet->ip_hl * 4 > UNFIX (new_packet->ip_len)
359  ? UNFIX (new_packet->ip_len)
360  : new_packet->ip_hl * 4);
361 
362  retc = alloc_typed_cell (CONST_DATA);
363  retc->size = size + value_size + sizeof (uc_code) + sizeof (uc_len) + pad_len;
364  retc->x.str_val = (char *) new_packet;
365 
366  return retc;
367 }
368 
369 tree_cell *
371 {
372  int i;
373 
374  for (i = 0;; i++)
375  {
376  struct ip *ip = (struct ip *) get_str_var_by_num (lexic, i);
377  if (ip == NULL)
378  break;
379  else
380  {
381  printf ("------\n");
382  printf ("\tip_hl : %d\n", ip->ip_hl);
383  printf ("\tip_v : %d\n", ip->ip_v);
384  printf ("\tip_tos: %d\n", ip->ip_tos);
385  printf ("\tip_len: %d\n", UNFIX (ip->ip_len));
386  printf ("\tip_id : %d\n", ntohs (ip->ip_id));
387  printf ("\tip_off: %d\n", UNFIX (ip->ip_off));
388  printf ("\tip_ttl: %d\n", ip->ip_ttl);
389  switch (ip->ip_p)
390  {
391  case IPPROTO_TCP:
392  printf ("\tip_p : IPPROTO_TCP (%d)\n", ip->ip_p);
393  break;
394  case IPPROTO_UDP:
395  printf ("\tip_p : IPPROTO_UDP (%d)\n", ip->ip_p);
396  break;
397  case IPPROTO_ICMP:
398  printf ("\tip_p : IPPROTO_ICMP (%d)\n", ip->ip_p);
399  break;
400  default:
401  printf ("\tip_p : %d\n", ip->ip_p);
402  break;
403  }
404  printf ("\tip_sum: 0x%x\n", ntohs (ip->ip_sum));
405  printf ("\tip_src: %s\n", inet_ntoa (ip->ip_src));
406  printf ("\tip_dst: %s\n", inet_ntoa (ip->ip_dst));
407  printf ("\n");
408  }
409  }
410 
411  return FAKE_CELL;
412 }
413 
414 /*--------------[ TCP ]--------------------------------------------*/
415 
416 struct pseudohdr
417 {
418  struct in_addr saddr;
419  struct in_addr daddr;
420  u_char zero;
421  u_char protocol;
422  u_short length;
423  struct tcphdr tcpheader;
424 };
425 
426 tree_cell *
428 {
429  tree_cell *retc;
430  char *data;
431  int len;
432  struct ip *ip, *tcp_packet;
433  struct tcphdr *tcp;
434  int ipsz;
435 
436  ip = (struct ip *) get_str_var_by_name (lexic, "ip");
437  if (ip == NULL)
438  {
439  nasl_perror (lexic,
440  "forge_tcp_packet : You must supply the 'ip' argument !");
441  return NULL;
442  }
443 
444  ipsz = get_var_size_by_name (lexic, "ip");
445  if (ipsz > ip->ip_hl * 4)
446  ipsz = ip->ip_hl * 4;
447 
448  data = get_str_var_by_name (lexic, "data");
449  len = data == NULL ? 0 : get_var_size_by_name (lexic, "data");
450 
451  retc = alloc_typed_cell (CONST_DATA);
452  tcp_packet = (struct ip *) g_malloc0 (ipsz + sizeof (struct tcphdr) + len);
453  retc->x.str_val = (char *) tcp_packet;
454 
455  bcopy (ip, tcp_packet, ipsz);
456  /* recompute the ip checksum, because the ip length changed */
457  if (UNFIX (tcp_packet->ip_len) <= tcp_packet->ip_hl * 4)
458  {
459  if (get_int_var_by_name (lexic, "update_ip_len", 1))
460  {
461  tcp_packet->ip_len =
462  FIX (tcp_packet->ip_hl * 4 + sizeof (struct tcphdr) + len);
463  tcp_packet->ip_sum = 0;
464  tcp_packet->ip_sum =
465  np_in_cksum ((u_short *) tcp_packet, sizeof (struct ip));
466  }
467  }
468  tcp = (struct tcphdr *) ((char *) tcp_packet + tcp_packet->ip_hl * 4);
469 
470  tcp->th_sport = ntohs (get_int_var_by_name (lexic, "th_sport", 0));
471  tcp->th_dport = ntohs (get_int_var_by_name (lexic, "th_dport", 0));
472  tcp->th_seq = htonl (get_int_var_by_name (lexic, "th_seq", rand ()));
473  tcp->th_ack = htonl (get_int_var_by_name (lexic, "th_ack", 0));
474  tcp->th_x2 = get_int_var_by_name (lexic, "th_x2", 0);
475  tcp->th_off = get_int_var_by_name (lexic, "th_off", 5);
476  tcp->th_flags = get_int_var_by_name (lexic, "th_flags", 0);
477  tcp->th_win = htons (get_int_var_by_name (lexic, "th_win", 0));
478  tcp->th_sum = get_int_var_by_name (lexic, "th_sum", 0);
479  tcp->th_urp = get_int_var_by_name (lexic, "th_urp", 0);
480 
481  if (data != NULL)
482  bcopy (data, (char *) tcp + sizeof (struct tcphdr), len);
483 
484  if (!tcp->th_sum)
485  {
486  struct pseudohdr pseudoheader;
487  char *tcpsumdata = g_malloc0 (sizeof (struct pseudohdr) + len + 1);
488  struct in_addr source, dest;
489 
490  source.s_addr = ip->ip_src.s_addr;
491  dest.s_addr = ip->ip_dst.s_addr;
492 
493  bzero (&pseudoheader, 12 + sizeof (struct tcphdr));
494  pseudoheader.saddr.s_addr = source.s_addr;
495  pseudoheader.daddr.s_addr = dest.s_addr;
496 
497  pseudoheader.protocol = IPPROTO_TCP;
498  pseudoheader.length = htons (sizeof (struct tcphdr) + len);
499  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
500  sizeof (struct tcphdr));
501  /* fill tcpsumdata with data to checksum */
502  bcopy ((char *) &pseudoheader, tcpsumdata, sizeof (struct pseudohdr));
503  if (data != NULL)
504  bcopy ((char *) data, tcpsumdata + sizeof (struct pseudohdr), len);
505  tcp->th_sum = np_in_cksum ((unsigned short *) tcpsumdata,
506  12 + sizeof (struct tcphdr) + len);
507  g_free (tcpsumdata);
508  }
509 
510  retc->size = ipsz + sizeof (struct tcphdr) + len;
511  return retc;
512 }
513 
514 tree_cell *
516 {
517  u_char *packet = (u_char *) get_str_var_by_name (lexic, "tcp");
518  struct ip *ip;
519  int ipsz;
520  struct tcphdr *tcp;
521  char *element;
522  int ret;
523  tree_cell *retc;
524 
525  ipsz = get_var_size_by_name (lexic, "tcp");
526 
527  if (packet == NULL)
528  {
529  nasl_perror (lexic,
530  "get_tcp_element : Error ! No valid 'tcp' argument !\n");
531  return NULL;
532  }
533 
534  ip = (struct ip *) packet;
535 
536  if (ip->ip_hl * 4 > ipsz)
537  return NULL; /* Invalid packet */
538 
539  if (UNFIX (ip->ip_len) > ipsz)
540  return NULL; /* Invalid packet */
541 
542  tcp = (struct tcphdr *) (packet + ip->ip_hl * 4);
543 
544  element = get_str_var_by_name (lexic, "element");
545  if (!element)
546  {
547  nasl_perror (lexic,
548  "get_tcp_element : Error ! No valid 'element' argument !\n");
549  return NULL;
550  }
551 
552  if (!strcmp (element, "th_sport"))
553  ret = ntohs (tcp->th_sport);
554  else if (!strcmp (element, "th_dsport"))
555  ret = ntohs (tcp->th_dport);
556  else if (!strcmp (element, "th_seq"))
557  ret = ntohl (tcp->th_seq);
558  else if (!strcmp (element, "th_ack"))
559  ret = ntohl (tcp->th_ack);
560  else if (!strcmp (element, "th_x2"))
561  ret = tcp->th_x2;
562  else if (!strcmp (element, "th_off"))
563  ret = tcp->th_off;
564  else if (!strcmp (element, "th_flags"))
565  ret = tcp->th_flags;
566  else if (!strcmp (element, "th_win"))
567  ret = ntohs (tcp->th_win);
568  else if (!strcmp (element, "th_sum"))
569  ret = tcp->th_sum;
570  else if (!strcmp (element, "th_urp"))
571  ret = tcp->th_urp;
572  else if (!strcmp (element, "data"))
573  {
574  retc = alloc_typed_cell (CONST_DATA);
575  retc->size = UNFIX (ip->ip_len) - ntohl (tcp->th_off) * 4;
576  retc->x.str_val = g_malloc0 (retc->size);
577  bcopy (tcp + ntohl (tcp->th_off) * 4, retc->x.str_val, retc->size);
578  return retc;
579  }
580  else
581  {
582  nasl_perror (lexic, "Unknown tcp field %s\n", element);
583  return NULL;
584  }
585 
586  retc = alloc_typed_cell (CONST_INT);
587  retc->x.i_val = ret;
588  return retc;
589 }
590 
591 tree_cell *
593 {
594  char *pkt = get_str_var_by_name (lexic, "tcp");
595  struct ip *ip = (struct ip *) pkt;
596  int pktsz = get_var_size_by_name (lexic, "tcp");
597  struct tcphdr *tcp;
598  tree_cell *retc;
599  char *data = get_str_var_by_name (lexic, "data");
600  int data_len = get_var_size_by_name (lexic, "data");
601  char *npkt;
602 
603  if (!ip)
604  {
605  nasl_perror (lexic,
606  "set_tcp_elements : Invalid value for the argument 'tcp'\n");
607  return NULL;
608  }
609 
610  if (ip->ip_hl * 4 > pktsz)
611  tcp =
612  (struct tcphdr *) (pkt
613  + 20); /* ip->ip_hl is bogus, we work around that */
614  else
615  tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
616 
617  if (pktsz < UNFIX (ip->ip_len))
618  return NULL;
619 
620  if (data_len == 0)
621  {
622  data_len = UNFIX (ip->ip_len) - (ip->ip_hl * 4) - (tcp->th_off * 4);
623  data = (char *) ((char *) tcp + tcp->th_off * 4);
624  }
625 
626  npkt = g_malloc0 (ip->ip_hl * 4 + tcp->th_off * 4 + data_len);
627  bcopy (pkt, npkt, UNFIX (ip->ip_len));
628 
629  ip = (struct ip *) (npkt);
630  tcp = (struct tcphdr *) (npkt + ip->ip_hl * 4);
631 
632  tcp->th_sport =
633  htons (get_int_var_by_name (lexic, "th_sport", ntohs (tcp->th_sport)));
634  tcp->th_dport =
635  htons (get_int_var_by_name (lexic, "th_dport", ntohs (tcp->th_dport)));
636  tcp->th_seq =
637  htonl (get_int_var_by_name (lexic, "th_seq", ntohl (tcp->th_seq)));
638  tcp->th_ack =
639  htonl (get_int_var_by_name (lexic, "th_ack", ntohl (tcp->th_ack)));
640  tcp->th_x2 = get_int_var_by_name (lexic, "th_x2", tcp->th_x2);
641  tcp->th_off = get_int_var_by_name (lexic, "th_off", tcp->th_off);
642  tcp->th_flags = get_int_var_by_name (lexic, "th_flags", tcp->th_flags);
643  tcp->th_win =
644  htons (get_int_var_by_name (lexic, "th_win", ntohs (tcp->th_win)));
645  tcp->th_sum = get_int_var_by_name (lexic, "th_sum", 0);
646  tcp->th_urp = get_int_var_by_name (lexic, "th_urp", tcp->th_urp);
647  bcopy (data, (char *) tcp + tcp->th_off * 4, data_len);
648 
649  if (get_int_var_by_name (lexic, "update_ip_len", 1) != 0)
650  {
651  ip->ip_len = ip->ip_hl * 4 + tcp->th_off * 4 + data_len;
652  ip->ip_sum = 0;
653  ip->ip_sum = np_in_cksum ((u_short *) pkt, ip->ip_hl * 4);
654  }
655 
656  if (tcp->th_sum == 0)
657  {
658  struct pseudohdr pseudoheader;
659  char *tcpsumdata = g_malloc0 (sizeof (struct pseudohdr) + data_len + 1);
660  struct in_addr source, dest;
661 
662  source.s_addr = ip->ip_src.s_addr;
663  dest.s_addr = ip->ip_dst.s_addr;
664 
665  bzero (&pseudoheader, sizeof (pseudoheader));
666  pseudoheader.saddr.s_addr = source.s_addr;
667  pseudoheader.daddr.s_addr = dest.s_addr;
668 
669  pseudoheader.protocol = IPPROTO_TCP;
670  pseudoheader.length = htons (sizeof (struct tcphdr) + data_len);
671  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
672  sizeof (struct tcphdr));
673  /* fill tcpsumdata with data to checksum */
674  bcopy ((char *) &pseudoheader, tcpsumdata, sizeof (struct pseudohdr));
675  bcopy ((char *) data, tcpsumdata + sizeof (struct pseudohdr), data_len);
676  tcp->th_sum = np_in_cksum ((unsigned short *) tcpsumdata,
677  sizeof (pseudoheader) + data_len);
678  g_free (tcpsumdata);
679  }
680 
681  retc = alloc_typed_cell (CONST_DATA);
682  retc->size = (ip->ip_hl * 4) + (tcp->th_off * 4) + data_len;
683  retc->x.str_val = npkt;
684  return retc;
685 }
686 
687 tree_cell *
689 {
690  int i = 0;
691  u_char *pkt;
692  while ((pkt = (u_char *) get_str_var_by_num (lexic, i++)) != NULL)
693  {
694  int a = 0;
695  struct ip *ip = (struct ip *) pkt;
696  struct tcphdr *tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);
697  unsigned int j;
698  unsigned int limit;
699  char *c;
700  limit = get_var_size_by_num (lexic, i - 1);
701  printf ("------\n");
702  printf ("\tth_sport : %d\n", ntohs (tcp->th_sport));
703  printf ("\tth_dport : %d\n", ntohs (tcp->th_dport));
704  printf ("\tth_seq : %u\n", (unsigned int) ntohl (tcp->th_seq));
705  printf ("\tth_ack : %u\n", (unsigned int) ntohl (tcp->th_ack));
706  printf ("\tth_x2 : %d\n", tcp->th_x2);
707  printf ("\tth_off : %d\n", tcp->th_off);
708  printf ("\tth_flags : ");
709  if (tcp->th_flags & TH_FIN)
710  {
711  printf ("TH_FIN");
712  a++;
713  }
714  if (tcp->th_flags & TH_SYN)
715  {
716  if (a)
717  printf ("|");
718  printf ("TH_SYN");
719  a++;
720  }
721  if (tcp->th_flags & TH_RST)
722  {
723  if (a)
724  printf ("|");
725  printf ("TH_RST");
726  a++;
727  }
728  if (tcp->th_flags & TH_PUSH)
729  {
730  if (a)
731  printf ("|");
732  printf ("TH_PUSH");
733  a++;
734  }
735  if (tcp->th_flags & TH_ACK)
736  {
737  if (a)
738  printf ("|");
739  printf ("TH_ACK");
740  a++;
741  }
742  if (tcp->th_flags & TH_URG)
743  {
744  if (a)
745  printf ("|");
746  printf ("TH_URG");
747  a++;
748  }
749  if (!a)
750  printf ("0");
751  else
752  printf (" (%d)", tcp->th_flags);
753  printf ("\n");
754  printf ("\tth_win : %d\n", ntohs (tcp->th_win));
755  printf ("\tth_sum : 0x%x\n", tcp->th_sum);
756  printf ("\tth_urp : %d\n", tcp->th_urp);
757  printf ("\tData : ");
758  c = (char *) ((char *) tcp + sizeof (struct tcphdr));
759  if (UNFIX (ip->ip_len) > (sizeof (struct ip) + sizeof (struct tcphdr)))
760  for (j = 0; j < UNFIX (ip->ip_len) - sizeof (struct ip)
761  - sizeof (struct tcphdr)
762  && j < limit;
763  j++)
764  printf ("%c", isprint (c[j]) ? c[j] : '.');
765  printf ("\n");
766 
767  printf ("\n");
768  }
769  return NULL;
770 }
771 
772 /*--------------[ UDP ]--------------------------------------------*/
774 {
775  struct in_addr saddr;
776  struct in_addr daddr;
777  char zero;
778  char proto;
779  unsigned short len;
780  struct udphdr udpheader;
781 };
782 
783 tree_cell *
785 {
786  tree_cell *retc;
787  struct ip *ip = (struct ip *) get_str_var_by_name (lexic, "ip");
788 
789  if (ip != NULL)
790  {
791  char *data = get_str_var_by_name (lexic, "data");
792  int data_len = get_var_size_by_name (lexic, "data");
793  u_char *pkt;
794  struct ip *udp_packet;
795  struct udphdr *udp;
796 
797  pkt = g_malloc0 (sizeof (struct udphdr) + ip->ip_hl * 4
798  + sizeof (struct udphdr) + data_len);
799 
800  udp_packet = (struct ip *) pkt;
801  udp = (struct udphdr *) (pkt + ip->ip_hl * 4);
802 
803  udp->uh_sport = htons (get_int_var_by_name (lexic, "uh_sport", 0));
804  udp->uh_dport = htons (get_int_var_by_name (lexic, "uh_dport", 0));
805  udp->uh_ulen = htons (get_int_var_by_name (
806  lexic, "uh_ulen", data_len + sizeof (struct udphdr)));
807 
808  /* printf("len : %d %s\n", len, data); */
809  if (data_len != 0 && data != NULL)
810  bcopy (data, (pkt + ip->ip_hl * 4 + sizeof (struct udphdr)), data_len);
811 
812  udp->uh_sum = get_int_var_by_name (lexic, "uh_sum", 0);
813  bcopy ((char *) ip, pkt, ip->ip_hl * 4);
814  if (udp->uh_sum == 0)
815  {
816  struct pseudo_udp_hdr pseudohdr;
817  struct in_addr source, dest;
818  char *udpsumdata =
819  g_malloc0 (sizeof (struct pseudo_udp_hdr) + data_len + 1);
820 
821  source.s_addr = ip->ip_src.s_addr;
822  dest.s_addr = ip->ip_dst.s_addr;
823 
824  bzero (&pseudohdr, sizeof (struct pseudo_udp_hdr));
825  pseudohdr.saddr.s_addr = source.s_addr;
826  pseudohdr.daddr.s_addr = dest.s_addr;
827 
828  pseudohdr.proto = IPPROTO_UDP;
829  pseudohdr.len = htons (sizeof (struct udphdr) + data_len);
830  bcopy ((char *) udp, (char *) &pseudohdr.udpheader,
831  sizeof (struct udphdr));
832  bcopy ((char *) &pseudohdr, udpsumdata, sizeof (pseudohdr));
833  if (data != NULL)
834  {
835  bcopy ((char *) data, udpsumdata + sizeof (pseudohdr), data_len);
836  }
837  udp->uh_sum = np_in_cksum ((unsigned short *) udpsumdata,
838  12 + sizeof (struct udphdr) + data_len);
839  g_free (udpsumdata);
840  }
841 
842  if (UNFIX (udp_packet->ip_len) <= udp_packet->ip_hl * 4)
843  {
844  int v = get_int_var_by_name (lexic, "update_ip_len", 1);
845  if (v != 0)
846  {
847  udp_packet->ip_len =
848  FIX (ntohs (udp->uh_ulen) + (udp_packet->ip_hl * 4));
849  udp_packet->ip_sum = 0;
850  udp_packet->ip_sum =
851  np_in_cksum ((u_short *) udp_packet, udp_packet->ip_hl * 4);
852  }
853  }
854 
855  retc = alloc_typed_cell (CONST_DATA);
856  retc->x.str_val = (char *) pkt;
857  retc->size = 8 + ip->ip_hl * 4 + data_len;
858  return retc;
859  }
860  else
861  printf ("Error ! You must supply the 'ip' argument !\n");
862 
863  return NULL;
864 }
865 
866 tree_cell *
868 {
869  tree_cell *retc;
870  char *udp;
871  char *element;
872  struct ip *ip;
873  unsigned int ipsz;
874  struct udphdr *udphdr;
875  int ret;
876 
877  udp = get_str_var_by_name (lexic, "udp");
878  ipsz = get_var_size_by_name (lexic, "udp");
879 
880  element = get_str_var_by_name (lexic, "element");
881  if (udp == NULL || element == NULL)
882  {
883  printf ("get_udp_element() usage :\n");
884  printf ("element = get_udp_element(udp:<udp>,element:<element>\n");
885  return NULL;
886  }
887  ip = (struct ip *) udp;
888 
889  if (ip->ip_hl * 4 + sizeof (struct udphdr) > ipsz)
890  return NULL;
891 
892  udphdr = (struct udphdr *) (udp + ip->ip_hl * 4);
893  if (!strcmp (element, "uh_sport"))
894  ret = ntohs (udphdr->uh_sport);
895  else if (!strcmp (element, "uh_dport"))
896  ret = ntohs (udphdr->uh_dport);
897  else if (!strcmp (element, "uh_ulen"))
898  ret = ntohs (udphdr->uh_ulen);
899  else if (!strcmp (element, "uh_sum"))
900  ret = ntohs (udphdr->uh_sum);
901  else if (!strcmp (element, "data"))
902  {
903  int sz;
904  retc = alloc_typed_cell (CONST_DATA);
905  sz = ntohs (udphdr->uh_ulen) - sizeof (struct udphdr);
906 
907  if (ntohs (udphdr->uh_ulen) - ip->ip_hl * 4 - sizeof (struct udphdr)
908  > ipsz)
909  sz = ipsz - ip->ip_hl * 4 - sizeof (struct udphdr);
910 
911  retc->x.str_val = g_malloc0 (sz);
912  retc->size = sz;
913  bcopy (udp + ip->ip_hl * 4 + sizeof (struct udphdr), retc->x.str_val, sz);
914  return retc;
915  }
916  else
917  {
918  printf ("%s is not a value of a udp packet\n", element);
919  return NULL;
920  }
921 
922  retc = alloc_typed_cell (CONST_INT);
923  retc->x.i_val = ret;
924  return retc;
925 }
926 
927 tree_cell *
929 {
930  struct ip *ip = (struct ip *) get_str_var_by_name (lexic, "udp");
931  unsigned int sz = get_var_size_by_name (lexic, "udp");
932  char *data = get_str_var_by_name (lexic, "data");
933  int data_len = get_var_size_by_name (lexic, "data");
934 
935  if (ip != NULL)
936  {
937  char *pkt;
938  struct udphdr *udp;
939  tree_cell *retc;
940  int old_len;
941 
942  if (ip->ip_hl * 4 + sizeof (struct udphdr) > sz)
943  return NULL;
944 
945  if (data != NULL)
946  {
947  sz = ip->ip_hl * 4 + sizeof (struct udphdr) + data_len;
948  pkt = g_malloc0 (sz);
949  bcopy (ip, pkt, ip->ip_hl * 4 + sizeof (struct udphdr));
950  }
951  else
952  {
953  pkt = g_malloc0 (sz);
954  bcopy (ip, pkt, sz);
955  }
956 
957  ip = (struct ip *) pkt;
958  if (data != NULL)
959  {
960  ip->ip_len = FIX (sz);
961  ip->ip_sum = 0;
962  ip->ip_sum = np_in_cksum ((u_short *) ip, ip->ip_hl * 4);
963  }
964  udp = (struct udphdr *) (pkt + ip->ip_hl * 4);
965 
966  udp->uh_sport =
967  htons (get_int_var_by_name (lexic, "uh_sport", ntohs (udp->uh_sport)));
968  udp->uh_dport =
969  htons (get_int_var_by_name (lexic, "uh_dport", ntohs (udp->uh_dport)));
970  old_len = ntohs (udp->uh_ulen);
971  udp->uh_ulen =
972  htons (get_int_var_by_name (lexic, "uh_ulen", ntohs (udp->uh_ulen)));
973  udp->uh_sum = get_int_var_by_name (lexic, "uh_sum", 0);
974 
975  if (data != NULL)
976  {
977  bcopy (data, pkt + ip->ip_hl * 4 + sizeof (struct udphdr), data_len);
978  udp->uh_ulen = htons (sizeof (struct udphdr) + data_len);
979  }
980 
981  if (udp->uh_sum == 0)
982  {
983  struct pseudo_udp_hdr pseudohdr;
984  struct in_addr source, dest;
985  int len = old_len - sizeof (struct udphdr);
986  char *udpsumdata;
987  char *ptr = NULL;
988 
989  if (data != NULL)
990  {
991  len = data_len;
992  }
993 
994  if (len > 0)
995  {
996  ptr = (char *) udp + sizeof (struct udphdr);
997  }
998 
999  udpsumdata = g_malloc0 (sizeof (struct pseudo_udp_hdr) + len + 1);
1000 
1001  source.s_addr = ip->ip_src.s_addr;
1002  dest.s_addr = ip->ip_dst.s_addr;
1003 
1004  bzero (&pseudohdr, sizeof (struct pseudo_udp_hdr));
1005  pseudohdr.saddr.s_addr = source.s_addr;
1006  pseudohdr.daddr.s_addr = dest.s_addr;
1007 
1008  pseudohdr.proto = IPPROTO_UDP;
1009  pseudohdr.len = htons (sizeof (struct udphdr) + len);
1010  bcopy ((char *) udp, (char *) &pseudohdr.udpheader,
1011  sizeof (struct udphdr));
1012  bcopy ((char *) &pseudohdr, udpsumdata, sizeof (pseudohdr));
1013  if (ptr != NULL)
1014  {
1015  bcopy ((char *) ptr, udpsumdata + sizeof (pseudohdr), len);
1016  }
1017  udp->uh_sum = np_in_cksum ((unsigned short *) udpsumdata,
1018  12 + sizeof (struct udphdr) + len);
1019  g_free (udpsumdata);
1020  }
1021  retc = alloc_typed_cell (CONST_DATA);
1022  retc->size = sz;
1023  retc->x.str_val = pkt;
1024  return retc;
1025  }
1026  else
1027  printf ("Error ! You must supply the 'udp' argument !\n");
1028 
1029  return NULL;
1030 }
1031 
1032 tree_cell *
1034 {
1035  int i = 0;
1036  u_char *pkt;
1037  while ((pkt = (u_char *) get_str_var_by_num (lexic, i++)) != NULL)
1038  {
1039  struct udphdr *udp = (struct udphdr *) (pkt + sizeof (struct ip));
1040  unsigned int j;
1041  char *c;
1042  unsigned int limit = get_var_size_by_num (lexic, i - 1);
1043  printf ("------\n");
1044  printf ("\tuh_sport : %d\n", ntohs (udp->uh_sport));
1045  printf ("\tuh_dport : %d\n", ntohs (udp->uh_dport));
1046  printf ("\tuh_sum : 0x%x\n", udp->uh_sum);
1047  printf ("\tuh_ulen : %d\n", ntohs (udp->uh_ulen));
1048  printf ("\tdata : ");
1049  c = (char *) udp;
1050  if (udp->uh_ulen > sizeof (struct udphdr))
1051  for (j = sizeof (struct udphdr);
1052  j < (ntohs (udp->uh_ulen)) && j < limit; j++)
1053  printf ("%c", isprint (c[j]) ? c[j] : '.');
1054 
1055  printf ("\n");
1056  }
1057  return NULL;
1058 }
1059 
1060 /*--------------[ ICMP ]--------------------------------------------*/
1061 
1062 tree_cell *
1064 {
1065  tree_cell *retc = NULL;
1066  struct ip *ip;
1067  struct ip *ip_icmp;
1068  int ip_sz;
1069  struct icmp *icmp;
1070  char *data, *p;
1071  int len;
1072  u_char *pkt;
1073  int t;
1074 
1075  ip = (struct ip *) get_str_var_by_name (lexic, "ip");
1076  ip_sz = get_var_size_by_name (lexic, "ip");
1077  if (ip != NULL)
1078  {
1079  data = get_str_var_by_name (lexic, "data");
1080  len = data == NULL ? 0 : get_var_size_by_name (lexic, "data");
1081 
1082  t = get_int_var_by_name (lexic, "icmp_type", 0);
1083  if (t == 13 || t == 14)
1084  len += 3 * sizeof (time_t);
1085 
1086  if (ip->ip_hl * 4 > ip_sz)
1087  return NULL;
1088 
1089  pkt = g_malloc0 (sizeof (struct icmp) + ip_sz + len);
1090  ip_icmp = (struct ip *) pkt;
1091 
1092  bcopy (ip, ip_icmp, ip_sz);
1093  if (UNFIX (ip_icmp->ip_len) <= (ip_icmp->ip_hl * 4))
1094  {
1095  if (get_int_var_by_name (lexic, "update_ip_len", 1) != 0)
1096  {
1097  ip_icmp->ip_len = FIX (ip->ip_hl * 4 + 8 + len);
1098  ip_icmp->ip_sum = 0;
1099  ip_icmp->ip_sum =
1100  np_in_cksum ((u_short *) ip_icmp, ip->ip_hl * 4);
1101  }
1102  }
1103  p = (char *) (pkt + (ip->ip_hl * 4));
1104  icmp = (struct icmp *) p;
1105 
1106  icmp->icmp_code = get_int_var_by_name (lexic, "icmp_code", 0);
1107  icmp->icmp_type = t;
1108  icmp->icmp_seq = htons (get_int_var_by_name (lexic, "icmp_seq", 0));
1109  icmp->icmp_id = htons (get_int_var_by_name (lexic, "icmp_id", 0));
1110 
1111  if (data != NULL)
1112  bcopy (data, &(p[8]), len);
1113 
1114  if (get_int_var_by_name (lexic, "icmp_cksum", -1) == -1)
1115  icmp->icmp_cksum = np_in_cksum ((u_short *) icmp, len + 8);
1116  else
1117  icmp->icmp_cksum = htons (get_int_var_by_name (lexic, "icmp_cksum", 0));
1118 
1119  retc = alloc_typed_cell (CONST_DATA);
1120  retc->x.str_val = (char *) pkt;
1121  retc->size = ip_sz + len + 8;
1122  }
1123  else
1124  nasl_perror (lexic, "forge_icmp_packet: missing 'ip' parameter\n");
1125 
1126  return retc;
1127 }
1128 
1129 tree_cell *
1131 {
1132  struct icmp *icmp;
1133  char *p;
1134 
1135  if ((p = get_str_var_by_name (lexic, "icmp")) != NULL)
1136  {
1137  char *elem = get_str_var_by_name (lexic, "element");
1138  int value;
1139  struct ip *ip = (struct ip *) p;
1140  tree_cell *retc;
1141 
1142  icmp = (struct icmp *) (p + ip->ip_hl * 4);
1143 
1144  if (elem == NULL)
1145  return NULL;
1146 
1147  if (!strcmp (elem, "icmp_id"))
1148  value = ntohs (icmp->icmp_id);
1149  else if (!strcmp (elem, "icmp_code"))
1150  value = icmp->icmp_code;
1151  else if (!strcmp (elem, "icmp_type"))
1152  value = icmp->icmp_type;
1153  else if (!strcmp (elem, "icmp_seq"))
1154  value = ntohs (icmp->icmp_seq);
1155  else if (!strcmp (elem, "icmp_cksum"))
1156  value = ntohs (icmp->icmp_cksum);
1157  else if (!strcmp (elem, "data"))
1158  {
1159  retc = alloc_typed_cell (CONST_DATA);
1160  retc->size =
1161  get_var_size_by_name (lexic, "icmp") - (ip->ip_hl * 4) - 8;
1162  if (retc->size > 0)
1163  retc->x.str_val =
1164  g_memdup (&(p[ip->ip_hl * 4 + 8]), retc->size + 1);
1165  else
1166  {
1167  retc->x.str_val = NULL;
1168  retc->size = 0;
1169  }
1170  return retc;
1171  }
1172  else
1173  return NULL;
1174 
1175  retc = alloc_typed_cell (CONST_INT);
1176  retc->x.i_val = value;
1177  return retc;
1178  }
1179 
1180  return NULL;
1181 }
1182 
1183 /*--------------[ IGMP ]--------------------------------------------*/
1184 
1185 struct igmp
1186 {
1187  unsigned char type;
1188  unsigned char code;
1189  unsigned short cksum;
1190  struct in_addr group;
1191 };
1192 
1193 tree_cell *
1195 {
1196  struct ip *ip = (struct ip *) get_str_var_by_name (lexic, "ip");
1197 
1198  if (ip != NULL)
1199  {
1200  char *data = get_str_var_by_name (lexic, "data");
1201  int len = data ? get_var_size_by_name (lexic, "data") : 0;
1202  u_char *pkt = g_malloc0 (sizeof (struct igmp) + ip->ip_hl * 4 + len);
1203  struct ip *ip_igmp = (struct ip *) pkt;
1204  struct igmp *igmp;
1205  char *p;
1206  char *grp;
1207  tree_cell *retc;
1208  int ipsz = get_var_size_by_name (lexic, "ip");
1209 
1210  bcopy (ip, ip_igmp, ipsz);
1211 
1212  if (UNFIX (ip_igmp->ip_len) <= ip_igmp->ip_hl * 4)
1213  {
1214  int v = get_int_var_by_name (lexic, "update_ip_len", 1);
1215  if (v != 0)
1216  {
1217  ip_igmp->ip_len =
1218  FIX (ip->ip_hl * 4 + sizeof (struct igmp) + len);
1219  ip_igmp->ip_sum = 0;
1220  ip_igmp->ip_sum =
1221  np_in_cksum ((u_short *) ip_igmp, ip->ip_hl * 4);
1222  }
1223  }
1224  p = (char *) (pkt + ip_igmp->ip_hl * 4);
1225  igmp = (struct igmp *) p;
1226 
1227  igmp->code = get_int_var_by_name (lexic, "code", 0);
1228  igmp->type = get_int_var_by_name (lexic, "type", 0);
1229  grp = get_str_var_by_name (lexic, "group");
1230 
1231  if (grp != NULL)
1232  {
1233  inet_aton (grp, &igmp->group);
1234  }
1235 
1236  igmp->cksum = np_in_cksum ((u_short *) igmp, sizeof (struct igmp));
1237  if (data != NULL)
1238  {
1239  char *p = (char *) (pkt + ip->ip_hl * 4 + sizeof (struct igmp));
1240  bcopy (p, data, len);
1241  }
1242  retc = alloc_typed_cell (CONST_DATA);
1243  retc->x.str_val = (char *) pkt;
1244  retc->size = ip->ip_hl * 4 + sizeof (struct igmp) + len;
1245  return retc;
1246  }
1247 
1248  return NULL;
1249 }
1250 
1251 /*---------------------------------------------------------------------------*/
1252 
1253 tree_cell *
1255 {
1256  struct script_infos *script_infos = lexic->script_infos;
1257  struct in6_addr *dst = plug_get_host_ip (script_infos);
1258  if (IN6_IS_ADDR_V4MAPPED (dst) != 1)
1259  {
1260  tree_cell *retc = nasl_tcp_v6_ping (lexic);
1261  return retc;
1262  }
1263  int port;
1264  u_char packet[sizeof (struct ip) + sizeof (struct tcphdr)];
1265  int soc;
1266  struct ip *ip = (struct ip *) packet;
1267  struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof (struct ip));
1268  struct in_addr src;
1269  struct sockaddr_in soca;
1270  int flag = 0;
1271  unsigned int i = 0;
1272  int bpf;
1273  char filter[255];
1274  tree_cell *retc;
1275  int opt = 1;
1276  struct timeval tv;
1277  int len;
1278 #define rnd_tcp_port() (rand () % 65535 + 1024)
1279  int sports[] = {0, 0, 0, 0, 0, 1023, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1280  0, 0, 0, 0, 0, 53, 0, 0, 20, 0, 25, 0, 0, 0};
1281  int ports[] = {139, 135, 445, 80, 22, 515, 23, 21, 6000, 1025,
1282  25, 111, 1028, 9100, 1029, 79, 497, 548, 5000, 1917,
1283  53, 161, 9001, 65535, 443, 113, 993, 8080};
1284  struct in_addr inaddr;
1285 
1286  if (dst == NULL || (IN6_IS_ADDR_V4MAPPED (dst) != 1))
1287  return NULL;
1288  inaddr.s_addr = dst->s6_addr32[3];
1289  for (i = 0; i < sizeof (sports) / sizeof (int); i++)
1290  {
1291  if (sports[i] == 0)
1292  sports[i] = rnd_tcp_port ();
1293  }
1294 
1295  soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1296  if (soc < 0)
1297  return NULL;
1298  if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (char *) &opt, sizeof (opt)) < 0)
1299  perror ("setsockopt ");
1300 
1301  port = get_int_var_by_name (lexic, "port", -1);
1302  if (port == -1)
1304 
1305  if (islocalhost (&inaddr) > 0)
1306  src.s_addr = dst->s6_addr32[3];
1307  else
1308  {
1309  bzero (&src, sizeof (src));
1310  routethrough (&inaddr, &src);
1311  }
1312 
1313  snprintf (filter, sizeof (filter), "ip and src host %s", inet_ntoa (inaddr));
1314  bpf = init_capture_device (inaddr, src, filter);
1315 
1316  if (islocalhost (&inaddr) != 0)
1317  flag++;
1318  else
1319  {
1320  for (i = 0; i < sizeof (sports) / sizeof (int) && !flag; i++)
1321  {
1322  bzero (packet, sizeof (packet));
1323  /* IP */
1324  ip->ip_hl = 5;
1325  ip->ip_off = FIX (0);
1326  ip->ip_v = 4;
1327  ip->ip_len = FIX (40);
1328  ip->ip_tos = 0;
1329  ip->ip_p = IPPROTO_TCP;
1330  ip->ip_id = rand ();
1331  ip->ip_ttl = 0x40;
1332  ip->ip_src = src;
1333  ip->ip_dst = inaddr;
1334  ip->ip_sum = 0;
1335  ip->ip_sum = np_in_cksum ((u_short *) ip, 20);
1336 
1337  /* TCP */
1338  tcp->th_sport = port ? htons (rnd_tcp_port ()) : htons (sports[i]);
1339  tcp->th_flags = TH_SYN;
1340  tcp->th_dport = port ? htons (port) : htons (ports[i]);
1341  tcp->th_seq = rand ();
1342  tcp->th_ack = 0;
1343  tcp->th_x2 = 0;
1344  tcp->th_off = 5;
1345  tcp->th_win = 2048;
1346  tcp->th_urp = 0;
1347  tcp->th_sum = 0;
1348 
1349  /* CKsum */
1350  {
1351  struct in_addr source, dest;
1352  struct pseudohdr pseudoheader;
1353  source.s_addr = ip->ip_src.s_addr;
1354  dest.s_addr = ip->ip_dst.s_addr;
1355 
1356  bzero (&pseudoheader, 12 + sizeof (struct tcphdr));
1357  pseudoheader.saddr.s_addr = source.s_addr;
1358  pseudoheader.daddr.s_addr = dest.s_addr;
1359 
1360  pseudoheader.protocol = 6;
1361  pseudoheader.length = htons (sizeof (struct tcphdr));
1362  bcopy ((char *) tcp, (char *) &pseudoheader.tcpheader,
1363  sizeof (struct tcphdr));
1364  tcp->th_sum = np_in_cksum ((unsigned short *) &pseudoheader,
1365  12 + sizeof (struct tcphdr));
1366  }
1367 
1368  bzero (&soca, sizeof (soca));
1369  soca.sin_family = AF_INET;
1370  soca.sin_addr = ip->ip_dst;
1371  if (sendto (soc, (const void *) ip, 40, 0, (struct sockaddr *) &soca,
1372  sizeof (soca))
1373  < 0)
1374  g_warning ("sendto: %s", strerror (errno));
1375  tv.tv_sec = 0;
1376  tv.tv_usec = 100000;
1377  if (bpf >= 0 && bpf_next_tv (bpf, &len, &tv))
1378  flag++;
1379  }
1380  }
1381 
1382  retc = alloc_typed_cell (CONST_INT);
1383  retc->x.i_val = flag;
1384  if (bpf >= 0)
1385  bpf_close (bpf);
1386  close (soc);
1387  return retc;
1388 }
1389 
1390 /*---------------------------------------------------------------------------*/
1391 
1392 tree_cell *
1394 {
1395  tree_cell *retc = FAKE_CELL;
1396  int bpf = -1;
1397  u_char *answer;
1398  int answer_sz;
1399  struct sockaddr_in sockaddr;
1400  char *ip = NULL;
1401  struct ip *sip = NULL;
1402  int vi = 0, b, len = 0;
1403  int soc;
1404  int use_pcap = get_int_var_by_name (lexic, "pcap_active", 1);
1405  int to = get_int_var_by_name (lexic, "pcap_timeout", 5);
1406  char *filter = get_str_var_by_name (lexic, "pcap_filter");
1407  int dfl_len = get_int_var_by_name (lexic, "length", -1);
1408  int i = 1;
1409  struct script_infos *script_infos = lexic->script_infos;
1410  struct in6_addr *dstip = plug_get_host_ip (script_infos);
1411  struct in_addr inaddr;
1412 
1413  if (dstip == NULL || (IN6_IS_ADDR_V4MAPPED (dstip) != 1))
1414  return NULL;
1415  inaddr.s_addr = dstip->s6_addr32[3];
1416  soc = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
1417  if (soc < 0)
1418  return NULL;
1419  if (setsockopt (soc, IPPROTO_IP, IP_HDRINCL, (char *) &i, sizeof (i)) < 0)
1420  perror ("setsockopt ");
1421 
1422  while ((ip = get_str_var_by_num (lexic, vi)) != NULL)
1423  {
1424  int sz = get_var_size_by_num (lexic, vi);
1425  vi++;
1426 
1427  if ((unsigned int) sz < sizeof (struct ip))
1428  {
1429  nasl_perror (lexic, "send_packet(): packet is too short!\n");
1430  continue;
1431  }
1432 
1433  sip = (struct ip *) ip;
1434  if (use_pcap != 0 && bpf < 0)
1435  bpf = init_capture_device (sip->ip_dst, sip->ip_src, filter);
1436 
1437  bzero (&sockaddr, sizeof (struct sockaddr_in));
1438  sockaddr.sin_family = AF_INET;
1439  sockaddr.sin_addr = sip->ip_dst;
1440  if (sockaddr.sin_addr.s_addr != inaddr.s_addr)
1441  {
1442  char txt1[64], txt2[64];
1443  strncpy (txt1, inet_ntoa (sockaddr.sin_addr), sizeof (txt1));
1444  txt1[sizeof (txt1) - 1] = '\0';
1445  strncpy (txt2, inet_ntoa (inaddr), sizeof (txt2));
1446  txt2[sizeof (txt2) - 1] = '\0';
1447  nasl_perror (lexic,
1448  "send_packet: malicious or buggy script is trying to "
1449  "send packet to %s instead of designated target %s\n",
1450  txt1, txt2);
1451 #if 1
1452  if (bpf >= 0)
1453  bpf_close (bpf);
1454  close (soc);
1455  return NULL;
1456 #else
1457  sip->ip_dst = inaddr;
1458  sip->ip_sum = np_in_cksum ((u_short *) sip, sizeof (struct ip));
1459 #endif
1460  }
1461 
1462  if (dfl_len > 0 && dfl_len < sz)
1463  len = dfl_len;
1464  else
1465  len = sz;
1466 
1467  b = sendto (soc, (u_char *) ip, len, 0, (struct sockaddr *) &sockaddr,
1468  sizeof (sockaddr));
1469  /* if(b < 0) perror("sendto "); */
1470  if (b >= 0 && use_pcap != 0 && bpf >= 0)
1471  {
1472  if (islocalhost (&sip->ip_dst))
1473  {
1474  answer = (u_char *) capture_next_packet (bpf, to, &answer_sz);
1475  while (answer != NULL
1476  && (!memcmp (answer, (char *) ip, sizeof (struct ip))))
1477  {
1478  g_free (answer);
1479  answer = (u_char *) capture_next_packet (bpf, to, &answer_sz);
1480  }
1481  }
1482  else
1483  answer = (u_char *) capture_next_packet (bpf, to, &answer_sz);
1484 
1485  if (answer)
1486  {
1487  retc = alloc_typed_cell (CONST_DATA);
1488  retc->x.str_val = (char *) answer;
1489  retc->size = answer_sz;
1490  break;
1491  }
1492  }
1493  }
1494  if (bpf >= 0)
1495  bpf_close (bpf);
1496  close (soc);
1497  return retc;
1498 }
1499 
1500 /*---------------------------------------------------------------------------*/
1501 
1502 tree_cell *
1504 {
1505  char *interface = get_str_var_by_name (lexic, "interface");
1506  int bpf = -1;
1507  static char errbuf[PCAP_ERRBUF_SIZE];
1508  int is_ip = 0;
1509  struct ip *ret = NULL;
1510  struct ip6_hdr *ret6 = NULL;
1511  char *filter = get_str_var_by_name (lexic, "pcap_filter");
1512  int timeout = get_int_var_by_name (lexic, "timeout", 5);
1513  tree_cell *retc;
1514  int sz;
1515  struct in6_addr *dst = plug_get_host_ip (lexic->script_infos);
1516  struct in_addr inaddr;
1517 
1518  if (dst == NULL)
1519  {
1520  return NULL;
1521  }
1522  int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1523  if (interface == NULL)
1524  {
1525  if (v4_addr)
1526  {
1527  struct in_addr src;
1528  bzero (&src, sizeof (src));
1529  inaddr.s_addr = dst->s6_addr32[3];
1530  interface = routethrough (&inaddr, &src);
1531  }
1532  else
1533  {
1534  struct in6_addr src;
1535  bzero (&src, sizeof (src));
1536  interface = v6_routethrough (dst, &src);
1537  }
1538  if (interface == NULL)
1539  interface = pcap_lookupdev (errbuf);
1540  }
1541 
1542  if (interface != NULL)
1543  {
1544  bpf = bpf_open_live (interface, filter);
1545  }
1546  if (bpf < 0)
1547  {
1548  nasl_perror (lexic, "pcap_next: Could not get a bpf\n");
1549  return NULL;
1550  }
1551  else
1552  {
1553  int len;
1554  int dl_len = get_datalink_size (bpf_datalink (bpf));
1555  char *packet;
1556  struct timeval then, now;
1557 
1558  gettimeofday (&then, NULL);
1559  for (;;)
1560  {
1561  packet = (char *) bpf_next (bpf, &len);
1562 
1563  if (packet != NULL)
1564  break;
1565 
1566  if (timeout != 0)
1567  {
1568  gettimeofday (&now, NULL);
1569  if (now.tv_sec - then.tv_sec >= timeout)
1570  {
1571  break;
1572  }
1573  }
1574  }
1575 
1576  if (packet)
1577  {
1578  if (v4_addr)
1579  {
1580  struct ip *ip;
1581  ip = (struct ip *) (packet + dl_len);
1582  sz = UNFIX (ip->ip_len);
1583  ret = g_malloc0 (sz);
1584 
1585  is_ip = (ip->ip_v == 4);
1586 
1587  if (is_ip)
1588  {
1589  bcopy (ip, ret, sz);
1590  }
1591  else
1592  {
1593  sz = len - dl_len;
1594  bcopy (ip, ret, sz);
1595  }
1596  }
1597  else
1598  {
1599  struct ip6_hdr *ip;
1600  ip = (struct ip6_hdr *) (packet + dl_len);
1601  sz = UNFIX (ip->ip6_plen);
1602  ret6 = g_malloc0 (sz);
1603 
1604  is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1605  if (is_ip)
1606  {
1607  bcopy (ip, ret6, sz);
1608  }
1609  else
1610  {
1611  sz = len - dl_len;
1612  bcopy (ip, ret6, sz);
1613  }
1614  }
1615  }
1616  else
1617  {
1618  bpf_close (bpf);
1619  return NULL;
1620  }
1621  }
1622  bpf_close (bpf);
1623  retc = alloc_typed_cell (CONST_DATA);
1624  if (v4_addr)
1625  retc->x.str_val = (char *) ret;
1626  else
1627  retc->x.str_val = (char *) ret6;
1628  retc->size = sz;
1629 
1630  return retc;
1631 }
1632 
1633 tree_cell *
1635 {
1636  char *interface = get_str_var_by_name (lexic, "interface");
1637  int bpf = -1;
1638  static char errbuf[PCAP_ERRBUF_SIZE];
1639  int is_ip = 0;
1640  struct ip *ret = NULL;
1641  struct ip6_hdr *ret6 = NULL;
1642  char *filter = get_str_var_by_name (lexic, "pcap_filter");
1643  int timeout = get_int_var_by_name (lexic, "timeout", 5);
1644  tree_cell *retc;
1645  int sz;
1646  struct in6_addr *dst = plug_get_host_ip (lexic->script_infos);
1647  struct in_addr inaddr;
1648 
1649  if (dst == NULL)
1650  return NULL;
1651 
1652  int v4_addr = IN6_IS_ADDR_V4MAPPED (dst);
1653  if (interface == NULL)
1654  {
1655  if (v4_addr)
1656  {
1657  struct in_addr src;
1658  bzero (&src, sizeof (src));
1659  inaddr.s_addr = dst->s6_addr32[3];
1660  interface = routethrough (&inaddr, &src);
1661  }
1662  else
1663  {
1664  struct in6_addr src;
1665  bzero (&src, sizeof (src));
1666  interface = v6_routethrough (dst, &src);
1667  }
1668  if (interface == NULL)
1669  interface = pcap_lookupdev (errbuf);
1670  }
1671 
1672  if (interface != NULL)
1673  bpf = bpf_open_live (interface, filter);
1674 
1675  if (bpf < 0)
1676  {
1677  nasl_perror (lexic, "pcap_next: Could not get a bpf\n");
1678  return NULL;
1679  }
1680  else
1681  {
1682  int len;
1683  int dl_len = get_datalink_size (bpf_datalink (bpf));
1684  char *packet;
1685  struct timeval then, now;
1686 
1687  retc = nasl_send (lexic);
1688  g_free (retc);
1689 
1690  gettimeofday (&then, NULL);
1691  for (;;)
1692  {
1693  packet = (char *) bpf_next (bpf, &len);
1694 
1695  if (packet != NULL)
1696  break;
1697 
1698  if (timeout != 0)
1699  {
1700  gettimeofday (&now, NULL);
1701  if (now.tv_sec - then.tv_sec >= timeout)
1702  break;
1703  }
1704  }
1705 
1706  if (packet)
1707  {
1708  if (v4_addr)
1709  {
1710  struct ip *ip;
1711  ip = (struct ip *) (packet + dl_len);
1712  sz = UNFIX (ip->ip_len);
1713  ret = g_malloc0 (sz);
1714 
1715  is_ip = (ip->ip_v == 4);
1716  if (is_ip)
1717  {
1718  bcopy (ip, ret, sz);
1719  }
1720  else
1721  {
1722  sz = len - dl_len;
1723  bcopy (ip, ret, sz);
1724  }
1725  }
1726  else
1727  {
1728  struct ip6_hdr *ip;
1729  ip = (struct ip6_hdr *) (packet + dl_len);
1730  sz = UNFIX (ip->ip6_plen);
1731  ret6 = g_malloc0 (sz);
1732  is_ip = ((ip->ip6_flow & 0x3ffff) == 96);
1733  if (is_ip)
1734  {
1735  bcopy (ip, ret6, sz);
1736  }
1737  else
1738  {
1739  sz = len - dl_len;
1740  bcopy (ip, ret6, sz);
1741  }
1742  }
1743  }
1744  else
1745  {
1746  bpf_close (bpf);
1747  return NULL;
1748  }
1749  }
1750  bpf_close (bpf);
1751  retc = alloc_typed_cell (CONST_DATA);
1752  if (v4_addr)
1753  retc->x.str_val = (char *) ret;
1754  else
1755  retc->x.str_val = (char *) ret6;
1756  retc->size = sz;
1757 
1758  return retc;
1759 }
nasl_pcap_next
tree_cell * nasl_pcap_next(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1503
pseudohdr::saddr
struct in_addr saddr
Definition: nasl_builtin_synscan.c:58
script_infos
Definition: scanneraux.h:43
pseudo_udp_hdr::udpheader
struct udphdr udpheader
Definition: nasl_packet_forgery.c:780
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:93
nasl_send_capture
tree_cell * nasl_send_capture(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1634
get_var_size_by_name
int get_var_size_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1147
igmp::cksum
unsigned short cksum
Definition: nasl_packet_forgery.c:1189
nasl_tcp_ping
tree_cell * nasl_tcp_ping(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1254
plug_get_host_ip
struct in6_addr * plug_get_host_ip(struct script_infos *args)
Definition: plugutils.c:285
pseudohdr::tcpheader
struct tcphdr tcpheader
Definition: nasl_builtin_synscan.c:63
np_in_cksum
static int np_in_cksum(u_short *p, int n)
Definition: nasl_packet_forgery.c:61
bpf_open_live
int bpf_open_live(char *iface, char *filter)
Definition: bpf_share.c:52
TC::str_val
char * str_val
Definition: nasl_tree.h:112
capture_packet.h
FIX
#define FIX(n)
Definition: nasl_packet_forgery.c:51
pseudo_udp_hdr::len
unsigned short len
Definition: nasl_packet_forgery.c:779
pseudo_udp_hdr::proto
char proto
Definition: nasl_packet_forgery.c:778
pseudo_udp_hdr::zero
char zero
Definition: nasl_packet_forgery.c:777
timeval
struct timeval timeval(unsigned long val)
Definition: nasl_builtin_synscan.c:105
pseudo_udp_hdr
Definition: nasl_packet_forgery.c:773
v6_routethrough
char * v6_routethrough(struct in6_addr *dest, struct in6_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:789
FAKE_CELL
#define FAKE_CELL
Definition: nasl_tree.h:119
TC::x
union TC::@2 x
set_tcp_elements
tree_cell * set_tcp_elements(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:592
pseudohdr::daddr
struct in_addr daddr
Definition: nasl_builtin_synscan.c:59
get_str_var_by_name
char * get_str_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1127
rnd_tcp_port
#define rnd_tcp_port()
bpf_close
void bpf_close(int bpf)
Definition: bpf_share.c:157
exec.h
dump_udp_packet
tree_cell * dump_udp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1033
pseudo_udp_hdr::saddr
struct in_addr saddr
Definition: nasl_packet_forgery.c:775
insert_ip_options
tree_cell * insert_ip_options(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:299
get_ip_element
tree_cell * get_ip_element(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:156
pseudohdr::protocol
u_char protocol
Definition: nasl_builtin_synscan.c:61
get_icmp_element
tree_cell * get_icmp_element(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1130
plug_get_host_open_port
unsigned int plug_get_host_open_port(struct script_infos *desc)
Definition: plugutils.c:817
init_capture_device
int init_capture_device(struct in_addr src, struct in_addr dest, char *filter)
Set up the pcap filter, and select the correct interface.
Definition: capture_packet.c:44
nasl_debug.h
forge_tcp_packet
tree_cell * forge_tcp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:427
forge_igmp_packet
tree_cell * forge_igmp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1194
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:120
bpf_next_tv
u_char * bpf_next_tv(int bpf, int *caplen, struct timeval *tv)
Definition: bpf_share.c:112
get_udp_element
tree_cell * get_udp_element(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:867
TC::size
int size
Definition: nasl_tree.h:109
nasl_lex_ctxt.h
forge_icmp_packet
tree_cell * forge_icmp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1063
get_int_var_by_name
long int get_int_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1113
igmp::group
struct in_addr group
Definition: nasl_packet_forgery.c:1190
pseudohdr::length
u_short length
Definition: nasl_builtin_synscan.c:62
islocalhost
int islocalhost(struct in_addr *addr)
Tests whether a packet sent to IP is LIKELY to route through the kernel localhost interface.
Definition: pcap.c:268
igmp
Definition: nasl_packet_forgery.c:1185
nasl_packet_forgery_v6.h
nasl_send_packet
tree_cell * nasl_send_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:1393
forge_udp_packet
tree_cell * forge_udp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:784
nasl_func.h
get_str_var_by_num
char * get_str_var_by_num(lex_ctxt *, int)
Definition: nasl_var.c:1120
pseudohdr::zero
u_char zero
Definition: nasl_builtin_synscan.c:60
bpf_datalink
int bpf_datalink(int bpf)
Definition: bpf_share.c:151
get_tcp_element
tree_cell * get_tcp_element(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:515
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:41
capture_next_packet
struct ip * capture_next_packet(int bpf, int timeout, int *sz)
Definition: capture_packet.c:86
pseudo_udp_hdr::daddr
struct in_addr daddr
Definition: nasl_packet_forgery.c:776
pseudohdr
Definition: nasl_builtin_synscan.c:56
TC
Definition: nasl_tree.h:104
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:33
get_datalink_size
int get_datalink_size(int datalink)
Definition: pcap.c:295
nasl_var.h
nasl_packet_forgery.h
set_udp_elements
tree_cell * set_udp_elements(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:928
dump_tcp_packet
tree_cell * dump_tcp_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:688
nasl_raw.h
nasl_tcp_v6_ping
tree_cell * nasl_tcp_v6_ping(lex_ctxt *lexic)
Performs TCP Connect to test if host is alive.
Definition: nasl_packet_forgery_v6.c:1504
forge_ip_packet
tree_cell * forge_ip_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:90
nasl_global_ctxt.h
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:90
get_var_size_by_num
int get_var_size_by_num(lex_ctxt *, int)
Definition: nasl_var.c:1154
nasl_send
tree_cell * nasl_send(lex_ctxt *lexic)
Definition: nasl_socket.c:861
bpf_next
u_char * bpf_next(int bpf, int *caplen)
Definition: bpf_share.c:143
dump_ip_packet
tree_cell * dump_ip_packet(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:370
UNFIX
#define UNFIX(n)
Definition: nasl_packet_forgery.c:52
nasl_socket.h
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:40
set_ip_elements
tree_cell * set_ip_elements(lex_ctxt *lexic)
Definition: nasl_packet_forgery.c:255
routethrough
char * routethrough(struct in_addr *dest, struct in_addr *source)
An awesome function to determine what interface a packet to a given destination should be routed thro...
Definition: pcap.c:975
code
#define code
nasl_tree.h
igmp::code
unsigned char code
Definition: nasl_packet_forgery.c:1188
igmp::type
unsigned char type
Definition: nasl_packet_forgery.c:1187
TC::i_val
long int i_val
Definition: nasl_tree.h:113