diff -Nraup nmap-4.22SOC4/nse_nsock.cc nmap-4.22SOC4-patched/nse_nsock.cc --- nmap-4.22SOC4/nse_nsock.cc 2007-08-16 12:51:27.000000000 +0200 +++ nmap-4.22SOC4-patched/nse_nsock.cc 2007-08-18 05:13:27.023300579 +0200 @@ -16,6 +16,7 @@ #include "utils.h" #include "tcpip.h" +#include "Target.h" #if HAVE_OPENSSL #include @@ -34,6 +35,9 @@ #define DEFAULT_TIMEOUT 30000 + +/* current_hosts from nse_main, indexed by target ip (as string)*/ +extern std::map current_hosts; extern NmapOps o; // defined in nse_main.cc but also declared here @@ -999,7 +1050,7 @@ char* ncap_request_do_callback(nsock_eve /* get string from top of the stack*/ size_t testdatasz; const char* testdata = lua_tolstring(l, -1, &testdatasz); - // lua_pop(l, 1);/* just in case [nope, it's not needed]*/ + lua_pop(l, 1); /* must exist. if not stack _can_ be shifted (while doing two pcap_registers on two different pcaps in the same time)*/ char *key = strdup(hex((char*)testdata, testdatasz)); return key; @@ -1162,11 +1213,13 @@ int ncap_restore_lua(ncap_request *nr){ static int l_dnet_open_ethernet(lua_State* l); static int l_dnet_close_ethernet(lua_State* l); static int l_dnet_send_ethernet(lua_State* l); +static int l_dnet_send_ip(lua_State* l); static luaL_reg l_dnet [] = { {"ethernet_open", l_dnet_open_ethernet}, {"ethernet_close", l_dnet_close_ethernet}, {"ethernet_send", l_dnet_send_ethernet}, + {"ip_send", l_dnet_send_ip}, {NULL, NULL} }; @@ -1239,6 +1292,8 @@ eth_t *ldnet_eth_open_cached(const char dem->references++; return dem->eth; } + if(o.scriptTrace()) + log_write(LOG_STDOUT, "SCRIPT ENGINE: dnet:open_ethernet(%s)\n", device); dem = (dnet_eth_map *)safe_zalloc(sizeof(dnet_eth_map)); dem->eth = eth_open(device); @@ -1259,6 +1314,8 @@ void ldnet_eth_close_cached(const char * dnet_eth_cache.erase(key); eth_close(dem->eth); free(dem); + if(o.scriptTrace()) + log_write(LOG_STDOUT, "SCRIPT ENGINE: dnet:close_ethernet(%s)\n", device); } return; } @@ -1301,7 +1358,68 @@ static int l_dnet_send_ethernet(lua_Stat luaL_argerror(l, 1, "dnet is not valid opened ethernet interface"); return 0; } - eth_send(udata->eth, packet, packetsz); + if(o.scriptTrace()) + log_write(LOG_STDOUT, "SCRIPT ENGINE: send_ethernet %s\n", nse_hexify((const void*)packet, packetsz)); + int ret = eth_send(udata->eth, packet, packetsz); + lua_pushnumber(l, ret); + return 1; +} + +static int l_dnet_send_ip(lua_State* l){ + size_t packetsz = 0; + const char* packet = luaL_checklstring(l, 1, &packetsz); + + static int raw_socket; + if(!raw_socket){ + if(o.scriptTrace()) + log_write(LOG_STDOUT, "SCRIPT ENGINE: dnet:ip_open()\n"); + /* Init our raw socket */ + if ((raw_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0 ){ + luaL_argerror(l, 1, "Can't open libdnet:ip_open() raw socket! (are you root?)"); + return 0; + //pfatal("socket troubles in %s", __func__); + } + unblock_socket(raw_socket); + broadcast_socket(raw_socket); + #ifndef WIN32 + sethdrinclude(raw_socket); + #endif + } + if(o.scriptTrace()) + log_write(LOG_STDOUT, "SCRIPT ENGINE: send_ip %s\n", nse_hexify((const void*)packet, packetsz)); + + if(packetsz < 20){ + luaL_argerror(l, 1, "ip packet is too small (less than 20 bytes)"); + return 0; + } + if((packet[0] & 0xF0) >> 4 != 4){ + luaL_argerror(l, 1, "ip verion is not 4?"); + return 0; + } + + char buf[20]; + Snprintf(buf, sizeof(buf), "%u.%u.%u.%u", (unsigned char)packet[16],(unsigned char)packet[17], + (unsigned char)packet[18],(unsigned char)packet[19]); + + std::string key = buf; + Target *target = current_hosts[key]; + if(!target){ + luaL_argerror(l, 1, "target not found in map"); + return 0; + } + + if ((o.sendpref & PACKET_SEND_ETH) && target->ifType() == devt_ethernet) { + + struct eth_nfo eth; + memcpy(eth.srcmac, target->SrcMACAddress(), 6); + memcpy(eth.dstmac, target->NextHopMACAddress(), 6); + //strncpy(eth.devname, target->deviceName(), 16); + eth.devname[0]='\0'; + eth.ethsd = eth_open_cached(target->deviceName()); + + send_ip_packet(raw_socket, ð, (u8*)packet, packetsz); + }else + send_ip_packet(raw_socket, NULL, (u8*)packet, packetsz); return 0; }