Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add insert_tcp_options() nasl function #618

Merged
merged 13 commits into from
Nov 16, 2020
Merged

Add insert_tcp_options() nasl function #618

merged 13 commits into from
Nov 16, 2020

Conversation

jjnicola
Copy link
Member

@jjnicola jjnicola commented Nov 6, 2020
edited
Loading

What:
This add support for inserting MSS, Wscale, sack permit and timestamp
tcp options.

Why:
It was not supported and was required.

How:
Run the nasl script below, and check with tcpdump or wireshark that the options are set as expected.

openvas-nasl -X -d -i /<install-prefix>/var/lib/openvas/plugins -t <IPV4 or IPv6 to test the funcs> this_script.nasl

if(description) {
  script_oid("1.2.3");
  exit(0);
}

include("misc_func.inc");

myhost = this_host();
port = 22022;
srcport= 35000;
dstip = get_host_ip();
filter = string("tcp and src ", dstip, " and dst ", myhost, " and dst port ", srcport, " and src port ", port);

ip = forge_ip_packet(ip_v   : 4,
                     ip_hl  : 5,
                     ip_tos : 0,
                     ip_len : 20,
                     ip_id  : rand(),
                     ip_p   : IPPROTO_TCP,
                     ip_ttl : 255,
                     ip_off : 0,
                     ip_src : myhost,
                     ip_dst: dstip);


tcp = forge_tcp_packet(ip       : ip,
                       th_ack   : 0,
                       th_dport : port,
                       th_flags : TH_SYN,
                       #th_seq   : tcp_seq + 1024,
                       th_sport : srcport,
                       th_x2    : 0,
                       th_off   : 5,
                       th_win   : 1024,
                       th_urp   : 0,
                       data:"Hola mundo");

display("TCP options:");
display("TCPOPT_SACK_PERMITTED: ", TCPOPT_SACK_PERMITTED);
display("TCPOPT_MAXSEG: ", TCPOPT_MAXSEG);        
display("TCPOPT_WINDOW: ", TCPOPT_WINDOW);        
display("TCPOPT_TIMESTAMP: ", TCPOPT_TIMESTAMP);    

tcp = insert_tcp_options(tcp:tcp,
                                TCPOPT_MAXSEG, 1024,
                                TCPOPT_WINDOW, 14 ,
                                TCPOPT_SACK_PERMITTED,
                                TCPOPT_TIMESTAMP, 123456, 987654);

r = send_packet(tcp, pcap_active:TRUE, pcap_filter:filter);

## IPv6 Check
IP6_v = 0x06;
IP6_P = IPPROTO_TCP;
IP6_HLIM = 0x40;

ip6_packet = forge_ipv6_packet( ip6_v:IP6_v,
                                ip6_p:IP6_P,
                                ip6_hlim:IP6_HLIM,
                                ip6_src:myhost,
                                ip6_dst:dstip );
                                
tcp6 = forge_tcp_v6_packet(ip6 : ip6_packet,
                           th_dport : port,
                           th_flags : TH_SYN,
                           th_sport : srcport,
                           th_x2    : 0,
                           th_win   : 1024,
                           data: "hola mundo");

tcp6 = insert_tcp_v6_options(tcp:tcp6, TCPOPT_WINDOW, 14, TCPOPT_MAXSEG, 1500, TCPOPT_TIMESTAMP, 123456, 2100000);

r = send_v6packet(tcp6, pcap_active:TRUE, pcap_filter:filter);

Checklist:

@jjnicola jjnicola force-pushed the tcp-option branch 2 times, most recently from 09698e6 to cf93025 Compare November 6, 2020 12:20
@jjnicola
Add insert_tcp_options() nasl function
0835d11 
This add support for inserting MSS, Wscale, sack permit and timestamp
tcp options.
@jjnicola
Add insert_tcp_v6_options() nasl function
94dfb74
@jjnicola
Update changelog
c16583b
@jjnicola jjnicola marked this pull request as ready for review November 6, 2020 14:50
@jjnicola jjnicola mentioned this pull request Nov 9, 2020
Merged
2 tasks
cfi-gb
cfi-gb suggested changes Nov 10, 2020
View reviewed changes
nasl/nasl_packet_forgery.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery_v6.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery_v6.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery_v6.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery.c Outdated Show resolved Hide resolved
nasl/nasl_packet_forgery_v6.c Outdated Show resolved Hide resolved
ArnoStiefvater
ArnoStiefvater reviewed Nov 10, 2020
View reviewed changes
nasl/nasl_packet_forgery.c Outdated
if (ip->ip_hl * 4 > pktsz)
tcp =
(struct tcphdr *) (pkt
+ 20); /* ip->ip_hl is bogus, we work around that */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The formatting is bad here. Maybe put the comment above the line so the formatter does not do this.

nasl/nasl_packet_forgery.c Outdated
tcp = (struct tcphdr *) (pkt + ip->ip_hl * 4);

if (pktsz < UNFIX (ip->ip_len))
return NULL;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

opts need to be freed here I guess.

nasl/nasl_packet_forgery.c Outdated
source.s_addr = ip->ip_src.s_addr;
dest.s_addr = ip->ip_dst.s_addr;

bzero (&pseudoheader, sizeof (pseudoheader));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bzero and bcopy are deprecated. memset and memcpy should be used instead.

ArnoStiefvater
ArnoStiefvater approved these changes Nov 16, 2020
View reviewed changes
Copy link
Member

@ArnoStiefvater ArnoStiefvater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested with the supplied scripts and tcpdump. Everything works as expected.

@cfi-gb
Copy link
Member

cfi-gb commented Nov 16, 2020

Reviewed the fixes to my review and approved them (only them, not the whole code changes here which i can't approve).

@jjnicola jjnicola merged commit 9bdb4de into greenbone:master Nov 16, 2020
@jjnicola jjnicola deleted the tcp-option branch November 16, 2020 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfi-gb cfi-gb cfi-gb approved these changes

@ArnoStiefvater ArnoStiefvater ArnoStiefvater approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jjnicola @cfi-gb @ArnoStiefvater