summaryrefslogtreecommitdiff
path: root/other/b-scan/tmp/src
diff options
context:
space:
mode:
authorRoot THC2026-02-24 12:42:47 +0000
committerRoot THC2026-02-24 12:42:47 +0000
commitc9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
treeaefc355416b561111819de159ccbd86c3004cf88 /other/b-scan/tmp/src
parent073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
initial
Diffstat (limited to 'other/b-scan/tmp/src')
-rw-r--r--other/b-scan/tmp/src/Makefile88
-rw-r--r--other/b-scan/tmp/src/arpg.c78
-rw-r--r--other/b-scan/tmp/src/bscan.c851
-rw-r--r--other/b-scan/tmp/src/cf_prse.l172
-rw-r--r--other/b-scan/tmp/src/dcd_icmp.c166
-rw-r--r--other/b-scan/tmp/src/garage.c508
-rw-r--r--other/b-scan/tmp/src/module.c214
-rw-r--r--other/b-scan/tmp/src/network_raw.c497
-rw-r--r--other/b-scan/tmp/src/restore.c263
-rw-r--r--other/b-scan/tmp/src/signal.c72
-rw-r--r--other/b-scan/tmp/src/snarf.c211
-rw-r--r--other/b-scan/tmp/src/system.c349
-rw-r--r--other/b-scan/tmp/src/test_garage.c99
-rw-r--r--other/b-scan/tmp/src/tty.c116
14 files changed, 3684 insertions, 0 deletions
diff --git a/other/b-scan/tmp/src/Makefile b/other/b-scan/tmp/src/Makefile
new file mode 100644
index 0000000..6deefc4
--- /dev/null
+++ b/other/b-scan/tmp/src/Makefile
@@ -0,0 +1,88 @@
1#
2# Makefile of (m)bscan v0.0, skyper
3# Massiv Banner Scanner
4#
5
6CC=gcc
7COPT=-Wall -ggdb -I../include -I/usr/include/pcap -static
8LEX=flex
9LEXOPT=
10OBJS=bscan.o arpg.o snarf.o network_raw.o restore.o
11OBJS2=tty.o system.o signal.o dcd_icmp.o garage.o cf_prse.o module.o
12SUPOBJ=../support/hpuxdl.o ../support/snprintf.o
13TARGET=bscan
14INDENT=indent
15INDENT_OPT=-bap -nbc -bbo -bl -bli0 -bls -ncdb -nce -cp1 -cs -di2 -ndj -nfc1 -nfca -hnl -i4 -ip5 -lp -psl -nsc -nsob
16
17# LINUX
18#######
19LOPT=-export-dynamic
20DEFS=`libnet-config --defines` -DHAVE_DLSYM -D_SVID_SOURCE #-DDEBUG
21LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
22
23# SunOS 5.7/5.8 + gcc
24#####################
25#LOPT=-export-dynamic
26#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
27#LIBS=-lpcap -ldl -lm `libnet-config --libs` -lpthread
28
29# HP-UX 11.00
30#############
31#LOPT=-Xlinker -E
32#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
33#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
34
35# HP-UX 10.20
36# HP-UX 10.20 is not supported. You need snprintf.c and
37# some hacks to use IP_HDRINCL and the kernel patches
38# to access the link_layer interface.
39#############
40#LOPT=-Xlinker -E
41#DEFS=`libnet-config --defines` -DHAVE_DLSYM -DHP10 #-DDEBUG
42#LIBS=-lpcap -ldld -lm `libnet-config --libs` -lpthread
43
44# OpenBSD
45#########
46#LOPT=
47#DEFS=`libnet-config --defines` -DHAVE_DLSYM #-DDEBUG
48#LIBS=-lpcap -lm `libnet-config --libs` -lpthread
49
50all: $(SUPOBJ) $(OBJS2) $(OBJS)
51 $(CC) $(SUPOBJ) $(OBJS) $(OBJS2) $(LOPT) $(LIBS) $(COPT) -o $(TARGET)
52
53cf_prse.o:
54 $(LEX) $(LEXOPT) -ocf_prse.c cf_prse.l
55 $(CC) $(COPT) -c cf_prse.c
56
57dcd_icmp.o: dcd_icmp.c
58 $(CC) $(COPT) -c dcd_icmp.c
59
60garage.o: garage.c
61 $(CC) $(COPT) -c garage.c
62
63module.o: module.c
64 $(CC) $(COPT) $(DEFS) -c module.c
65
66system.o: system.c
67 $(CC) $(COPT) -c system.c
68
69tty.o: tty.c
70 $(CC) $(COPT) -c tty.c
71
72signal.o: signal.c
73 $(CC) $(COPT) -c signal.c
74
75../support/hpuxdl.o: ../support/hpuxdl.c
76 $(MAKE) -C ../support
77
78../support/snprintf.o: ../support/snprintf.c
79 $(MAKE) -C ../support
80
81.c.o:
82 $(CC) $(COPT) $(DEFS) -c $<
83
84clean:
85 rm -f $(OBJS) $(OBJS2) $(TARGET) cf_prse.c core *~
86
87indent:
88 $(INDENT) $(INDENT_OPT) *.c *.h
diff --git a/other/b-scan/tmp/src/arpg.c b/other/b-scan/tmp/src/arpg.c
new file mode 100644
index 0000000..0c8a620
--- /dev/null
+++ b/other/b-scan/tmp/src/arpg.c
@@ -0,0 +1,78 @@
1/*
2 * bscan arp routine
3 */
4#include <bscan/arpg.h>
5#include <bscan/snarf.h>
6#include <libnet.h>
7
8
9
10void
11prepare_libnet (struct _libnet *lnet)
12{
13
14 if (lnet->device == NULL)
15 {
16 struct sockaddr_in sin;
17 if (libnet_select_device (&sin, &lnet->device, lnet->err_buf) == -1)
18 libnet_error (LIBNET_ERR_FATAL,
19 "libnet_select_device failed: %s\n", lnet->err_buf);
20 }
21
22 if (
23 (lnet->network =
24 libnet_open_link_interface (lnet->device, lnet->err_buf)) == NULL)
25 libnet_error (LIBNET_ERR_FATAL,
26 "libnet_open_link_interface '%s': %s\n", lnet->device,
27 lnet->err_buf);
28
29
30 lnet->packet_size = 60; /* min ethernet frame length -4 CRC */
31 if (libnet_init_packet (lnet->packet_size, &lnet->packet) == -1)
32 libnet_error (LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
33
34}
35
36/*
37 * play arp-god: sends out arp-reply
38 * return: same as libnet_write_link_layer
39 * -1 on failure or bytes written
40 */
41int
42play_arpg (struct _libnet *lnet, u_char spf_sip[4], u_char spf_smac[6],
43 u_char spf_dip[4], u_char spf_dmac[6])
44{
45 int c;
46
47#ifdef DEBUG
48 printf ("sending out arp\n");
49#endif
50 libnet_build_ethernet (spf_dmac,
51 spf_smac, ETHERTYPE_ARP, NULL, 0, lnet->packet);
52
53 libnet_build_arp (ARPHRD_ETHER, ETHERTYPE_IP, /* arp for which protocol ? */
54 6, /* hardware addr. length */
55 4, /* protocol addr. length */
56 ARPOP_REPLY, spf_smac, spf_sip, spf_dmac, spf_dip, NULL, /* packet payload */
57 0, /* length of payload */
58 lnet->packet + LIBNET_ETH_H);
59
60 c =
61 libnet_write_link_layer (lnet->network, lnet->device, lnet->packet,
62 lnet->packet_size);
63 if (c < lnet->packet_size)
64 {
65 libnet_error (LN_ERR_WARNING,
66 "libnet_write_link_layer only wrote %d bytes\n", c);
67 }
68#ifdef DEBUG
69 else
70 {
71 printf ("construction and injection completed, wrote all %d bytes\n",
72 c);
73 }
74#endif
75
76 return (c);
77}
78
diff --git a/other/b-scan/tmp/src/bscan.c b/other/b-scan/tmp/src/bscan.c
new file mode 100644
index 0000000..ed49d1b
--- /dev/null
+++ b/other/b-scan/tmp/src/bscan.c
@@ -0,0 +1,851 @@
1/*
2 * This is unpublished proprietary source code.
3 *
4 * The contents of these coded instructions, statements and computer
5 * programs may not be disclosed to third parties, copied or duplicated in
6 * any form, in whole or in part, without the prior written permission of
7 * the author.
8 * (that includes you hack.co.za and other lame kid sites who dont
9 * get the point what hacking is about. damn kids.)
10 *
11 * (C) COPYRIGHT by me, 2000
12 * All Rights Reserved
13 */
14
15
16#include <stdlib.h>
17#include <math.h>
18#include <bscan/bscan.h>
19#include <bscan/snarf.h>
20#include <bscan/tty.h>
21#include <bscan/system.h>
22#include <bscan/restore.h>
23#include <bscan/module.h>
24#include <bscan/version.h>
25#include <bscan/cf_prse.h>
26#include <sys/types.h>
27#include <signal.h>
28#include <math.h>
29#include <libnet.h>
30
31#ifdef HAVE_DLSYM
32extern const int modcount;
33extern const struct _mods mods[MAX_MODULES];
34#endif
35
36unsigned char packet[1024];
37struct _opt *opt;
38
39#define OPTS "XOVhavr:C:L:M:m:l:d:p:i:s:f:o:"
40
41static unsigned long int gennextip (void);
42static unsigned long int gennext_spreadip (void);
43static unsigned long int gennext_random (void);
44
45/*
46 * make static mac entry in arp-table.
47 * We use system() here [setting mac entry is heavily system dependent]
48 */
49int
50setarp (uint32_t ip, u_char * mac)
51{
52 char buf[128];
53 u_char *p = (u_char *) mac;
54
55 snprintf (buf, sizeof (buf) - 1,
56 "arp -s %s %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x", int_ntoa (ip),
57 p[0], p[1], p[2], p[3], p[4], p[5]);
58 /* put all your IFL fun in here ! this is the major security hole
59 you were looking for.... */
60
61 return (system (buf));
62}
63
64
65/*
66 * delete the mac entry from the arp-table.
67 * we use system() again
68 */
69int
70unsetarp (uint32_t ip)
71{
72 char buf[128];
73
74 snprintf (buf, sizeof (buf) - 1, "arp -d %s", int_ntoa (ip));
75 /* put all your IFL fun in here ! this is the major security hole
76 you were looking for.... */
77
78 return (system (buf));
79}
80
81
82static void
83usage (int code, char *fmt, ...)
84{
85 char buf[1024];
86 va_list ap;
87 u_char *p = (u_char *) opt->spf_smac;
88 int c;
89
90 printf (VERSION "\n");
91 printf (" b-scan -s <spoofed source ip> [options] <host/network> ...\n");
92 printf (" format of <host/network>:\n");
93 printf (" <host>, 10.23.0.1 or\n");
94 printf (" <start ip>-<end ip>, 10.23.0.1-10.23.255.254 or\n");
95 printf (" <start network/mask>, 10.23.0.1/16\n\n");
96 printf ("Options:\n");
97 printf (" -r <restore.bscan>\n");
98#ifdef HAVE_DLSYM
99 printf (" -L <module.so, shared library file>\n");
100#endif
101 printf (" -f <hostlist, one ip/line>\n");
102 printf (" -s <spoofed ip address on your LOCAL (!) network>\n");
103 printf (" -m <mac>, make a static arp-entry and spoof from this mac.\n");
104 printf
105 (" -M <mac>, dont make the static arpentry but spoof from this mac.\n");
106 printf (" Add the mac to your arp-table manually (arp -s ip mac),\n");
107 printf (" If no mac is given default mac is used:\n");
108 printf (" MAC : %x:%x:%x:%x:%x:%x\n", p[0], p[1], p[2], p[3], p[4],
109 p[5]);
110 printf (" -i <ethernet interface>, default eth0\n");
111 printf
112 (" -X spreadmode [non-sequential, experimental but recommended]\n");
113 printf (" -O output ip's, dont scan\n");
114 printf
115 (" -l <pps> limit packets per second, default 1000, 0 = unlimited\n");
116 printf
117 (" -d <delay> w8 delay seconds for outstanding packets, default 10\n");
118 printf (" -C <configuration file>\n");
119 printf (" -v verbose output\n\n");
120 printf ("Example:\n");
121 printf ("# bscan -s 10.1.6.6 -i eth2 -L \"modules/mod_banner.so\" -X 2.4.1.0-2.4.9.9\n");
122
123#ifdef HAVE_DLSYM
124 for (c = 0; c < modcount; c++)
125 mods[c].musage ();
126#endif
127
128 if (fmt != NULL)
129 {
130 va_start (ap, fmt);
131 vsnprintf (buf, sizeof (buf) - 1, fmt, ap);
132 va_end (ap);
133 fprintf (stderr, "ERROR: %s\n", buf);
134 }
135
136 exit (code);
137}
138
139/*
140 * read's next ip from file.
141 * returns ip in NBO
142 * returns -1 (eg. 255.255.255.255) on failure
143 */
144unsigned long int
145readnextip (void)
146{
147 char buf[64];
148
149 if (opt->ffd == NULL)
150 {
151 if ((opt->ffd = fopen (opt->hostfile, "r")) == NULL)
152 {
153 perror ("unable to open hostfile");
154 return (-1);
155 }
156 opt->target = opt->hostfile;
157 }
158 fgets (buf, sizeof (buf), opt->ffd);
159
160 return (inet_addr (buf));
161}
162
163/*
164 * get next ip in NBO from network/mask
165 * [could be random order]
166 * returns -1 [255.255.255.255] if no more ip's
167 * hint: rfc: "the first and last ip in a subnetwork are reserved"
168 */
169static unsigned long int
170gennextip (void)
171{
172
173 if (opt->ip_pos <= opt->end_ip)
174 return (htonl (opt->ip_pos++));
175
176 return (-1);
177
178}
179
180/*
181 * generate next ip in spread-mode
182 * must: ip.end_ip - ip.start_ip > 2
183 */
184static unsigned long int
185gennext_spreadip (void)
186{
187 u_long pos = opt->ip_pos;
188
189
190 if ((opt->ip_offset + 1 >= opt->ip_blklen) && (opt->ip_pos > opt->end_ip))
191 return (-1);
192
193 if ((opt->ip_pos + opt->ip_blklen > opt->end_ip)
194 && (opt->ip_offset + 1 < opt->ip_blklen))
195 opt->ip_pos = opt->start_ip + (++opt->ip_offset);
196 else
197 opt->ip_pos += opt->ip_blklen;
198
199 return (htonl (pos));
200
201}
202
203
204static unsigned long int
205gennext_random (void)
206{
207 unsigned long int ip;
208
209 if (opt->random_maxcount != 0) {
210 if (--opt->random_maxcount == 0)
211 return (-1);
212 }
213
214pitch:
215 ip = (random () & 0xffff) << 16;
216 ip |= random () & 0xffff;
217
218 if (((ip & 0xe0000000) >= 0xe0000000) || /* 224.0.0.0/3 */
219 ((ip & 0xff000000) == 0x7f000000) || /* 127.0.0.0/8 */
220 ((ip & 0xff000000) == 0x0a000000) || /* 10.0.0.0/8 */
221 ((ip & 0xffff0000) == 0xc0a80000) || /* 192.168.0.0/16 */
222 ((ip & 0xffff0000) == 0xac100000) || /* 172.16.0.0/16 */
223 (ip == 0x00000000)) /* 0.0.0.0/32 */
224 goto pitch;
225
226 return (htonl (ip));
227}
228
229
230/*
231 * process all the options and load/init modules
232 */
233void
234do_opt (int argc, char *argv[])
235{
236 extern char *optarg;
237 extern int optind; /*, opterr, optopt;*/
238 unsigned short int sp[ETH_ALEN];
239 int c;
240 char do_usage = 0;
241
242
243 while ((c = getopt (argc, argv, OPTS)) != -1)
244 {
245 switch (c)
246 {
247 case 'C': /* process conf file */
248 if (readConfFile (optarg))
249 {
250 opt->flags |= FileOpt.flags;
251 opt->limit = FileOpt.limit;
252 opt->delay = FileOpt.delay;
253 opt->nt.src = FileOpt.srcAddr;
254 opt->lnet.device = FileOpt.device;
255 for (c = 0; c < 6; c++)
256 opt->spf_smac[c] = FileOpt.mac[c];
257 }
258 else
259 fprintf (stderr, "%s is not a valid vonfig file\n", optarg);
260 break;
261 case 'L':
262 break; /* process module stuff AFTER main-opts */
263 case 'h':
264 do_usage = 1;
265 break;
266 case 'r':
267 if (read_restore (optarg) != 0)
268 {
269 fprintf (stderr, "unable to read restore file '%s'\n",
270 optarg);
271 exit (-1);
272 }
273 opt->flags |= OPT_REST;
274 break;
275 case 'l':
276 opt->limit = atoi (optarg);
277 break;
278 case 'v':
279 opt->flags |= OPT_VERB;
280 break;
281 case 'X':
282 opt->flags |= OPT_SPREADSCAN;
283 break;
284 case 'O':
285 opt->flags |= OPT_OUTONLY; /* dont scan, output ip's only */
286 break;
287 case 'm':
288 opt->flags |= OPT_SETARP;
289 sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
290 &sp[3], &sp[4], &sp[5]);
291 for (c = 0; c < 6; c++)
292 opt->spf_smac[c] = (u_char) sp[c];
293 break;
294 case 'M':
295 opt->flags &= ~OPT_SETARP;
296 sscanf (optarg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
297 &sp[3], &sp[4], &sp[5]);
298 for (c = 0; c < 6; c++)
299 opt->spf_smac[c] = (u_char) sp[c];
300 break;
301 case 'd':
302 opt->delay = atoi (optarg);
303 break;
304 case 'i':
305 opt->lnet.device = optarg;
306 break;
307 case 's':
308 opt->nt.src = inet_addr (optarg);
309 break;
310 case 'f':
311 opt->hostfile = optarg;
312 opt->flags |= OPT_HOSTFILE;
313 break;
314 case 'V':
315 printf (VERSION "\n");
316 exit (0);
317 case ':':
318 usage (0, "parameter missing", c);
319 break;
320 default:
321 break;
322 usage (0, "unknown option -%c", c);
323 }
324 }
325
326 /*
327 * init modules AFTER processing main-opts
328 */
329#ifdef HAVE_DLSYM
330 optind = 1;
331 while ((c = getopt (argc, argv, OPTS)) != -1)
332 {
333 switch (c)
334 {
335 case 'L':
336 loadinit_mod(optarg);
337 break;
338 } /* eo switch(c) */
339 } /* eo while */
340#endif
341 if (do_usage != 0)
342 usage (0, NULL);
343
344 if ((optind < argc) && (!(opt->flags & OPT_REST)))
345 opt->argvlist = &argv[optind];
346 if (opt->flags & OPT_OUTONLY)
347 opt->delay = 0;
348 if (opt->nt.src == -1)
349 usage (0, "you must specify a -s source address");
350 if ((opt->argvlist == NULL) && (opt->hostfile == NULL))
351 usage (0, "you must specify a -f hostfile or an ip-range");
352
353}
354
355/*
356 * called via SIGCHLD and w8 for the pid [to destroy last kernel structure]
357 * OBSOLETE, ###fixme
358 */
359void
360waitchld (int sig)
361{
362 int status;
363 wait (&status); /* exit status of the child */
364}
365
366void
367sig_handle_abort (int sig)
368{
369
370 if (pthread_self() != opt->bscantid)
371 return;
372
373 fprintf (stderr, "Session aborted ...one more to kill process\n");
374 signal (sig, die);
375 opt->flags |= OPT_ABRT;
376}
377
378/*
379 * generic signal driver :>
380 */
381void
382sigdriver (int sig)
383{
384
385 if (pthread_self() != opt->bscantid)
386 return;
387
388 if (sig == SIGUSR1)
389 print_scanstat (stderr);
390 if ((sig == SIGINT) || (sig == SIGQUIT)) /* ctrl-c */
391 sig_handle_abort (sig);
392}
393
394/*
395 * This function MUST be called on exit (..or use atexit():)
396 * we have threads. Doesnt matter which thread calls this
397 * function...do everything and exit() the process
398 * (kills all threads...not very gentle...but...).
399 */
400void
401die (int sig)
402{
403 int c = 0;
404
405 print_scanstat (stderr); /* print before cleanup routines...*/
406
407 if (opt->flags & OPT_ABRT)
408 if (write_restore () != 0)
409 perror ("restorefile failed");
410 if ((opt->flags & OPT_SETARP) && (unsetarp (opt->nt.src) != 0))
411 fprintf (stderr, "unable to unset arpentry. do it manually\n");
412#ifdef HAVE_DLSYM
413 while (c < modcount)
414 mods[c++].fini ();
415#endif
416
417#ifdef DEBUG
418 printf ("calling exit.\n");
419#endif
420
421 fflush (stdout);
422
423 exit (0);
424}
425
426/*
427 * reset all vars used during the scan (counters, ...)
428 * should be called before the call to make_iprange()
429 * If not...make_iprange thinks we use restore-file
430 */
431void
432reset_vars ()
433{
434 opt->target = NULL;
435 opt->ipscan_count = 0;
436 opt->bsent_count = 0;
437 opt->ip_offset = 0;
438 opt->ip_blklen = 0;
439 opt->ip_pos = 0;
440 opt->start_ip = 0;
441 opt->end_ip = 0;
442 opt->snarf.close_c = 0;
443 opt->snarf.open_c = 0;
444 opt->snarf.refused_c = 0;
445 opt->snarf.icmp_c = 0;
446}
447
448
449void
450init_vars (char **nullptr)
451{
452 srandom ((unsigned int) time (NULL));
453
454 if ((opt = calloc (1, sizeof (*opt))) == NULL)
455 {
456 perror ("calloc");
457 exit (-1);
458 }
459 memset (opt, 0, sizeof (struct _opt));
460
461 opt->bscantid = 0;
462 opt->snarftid = 0;
463 opt->packet = packet;
464 opt->pkg_maxlen = sizeof (packet);
465 opt->pkg_len = 0;
466 opt->scan_start.tv_sec = 0;
467 opt->iptotscan_count = 0;
468 opt->scan_start.tv_usec = 0;
469 opt->hostfile = NULL;
470 opt->limit = 1000;
471 opt->flags = OPT_SETARP;
472 opt->ffd = NULL;
473 opt->argvlist = nullptr;
474 opt->lnet.device = NULL; /* done by libnet and libpcap */
475 memcpy (opt->spf_smac, SPF_SMAC, 6);
476 opt->nt.src = -1;
477 opt->nt.dst = -1;
478 opt->delay = 10;
479 opt->lnet.device = NULL;
480 reset_vars ();
481
482 signal (SIGINT, sigdriver);
483 signal (SIGQUIT, sigdriver);
484 signal (SIGTERM, die); /* also called by client */
485 signal (SIGCHLD, SIG_IGN);
486 signal (SIGUSR1, sigdriver);
487}
488
489void
490print_opt ()
491{
492 u_char *p = (u_char *) opt->spf_smac;
493
494 fprintf (stderr, "Pid : %d\n", getpid());
495 fprintf (stderr, "Interface : %s\n", opt->lnet.device);
496 fprintf (stderr, "Source IP : %s\n", int_ntoa (opt->nt.src));
497 fprintf (stderr, "Source MAC : %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
498 p[0], p[1], p[2], p[3], p[4], p[5]);
499 fprintf (stderr, "pps : %u\n", opt->limit);
500}
501
502/*
503 * print scanstatistics on filedes
504 */
505void
506print_scanstat (FILE * fd)
507{
508 char perc = 100;
509 struct timeval tv2;
510 time_t timep;
511 struct tm mytm;
512
513 gettimeofday (&tv2, NULL);
514 time_diff (&opt->scan_start, &tv2);
515 if (tv2.tv_sec == 0)
516 tv2.tv_sec = 1;
517 timep = tv2.tv_sec;
518 gmtime_r (&timep, &mytm);
519
520 if ((opt->end_ip - opt->start_ip) != 0)
521 perc =
522 (((float)
523 opt->ipscan_count / (float) (opt->end_ip -
524 opt->start_ip)) * 100);
525
526 fprintf (fd,
527 "%2.2d:%2.2d:%2.2d:%2.2d %s %3d%% p/s: %6d [o:%lu r:%lu c:%lu i:%lu]\n",
528 mytm.tm_yday, mytm.tm_hour, mytm.tm_min, mytm.tm_sec,
529 opt->target, perc, (int) (opt->iptotscan_count / tv2.tv_sec),
530 opt->snarf.open_c, opt->snarf.refused_c, opt->snarf.close_c,
531 opt->snarf.icmp_c);
532
533}
534
535
536/*
537 * calculate beginning and end of ip-range
538 * set start_ip and end_ip and target
539 */
540void
541make_iprange (u_long * network, u_long * netmask, u_long * start_ip,
542 u_long * end_ip, char *str)
543{
544 char buf[64];
545 char *ptr;
546
547 opt->target = str;
548 strncpy (buf, str, sizeof (buf));
549 buf[sizeof (buf) - 1] = '\0';
550 opt->getnextip = NULL;
551 *start_ip = 0;
552
553 if (strncmp (buf, "random", 6) == 0) {
554 opt->getnextip = (void *) gennext_random;
555 if (strchr (buf, ':') != NULL) {
556 sscanf (strchr (buf, ':') + 1, "%lu", &opt->random_maxcount);
557 } else {
558 opt->random_maxcount = 0;
559 }
560 return;
561 }
562
563 /* a.b.c.d/e */
564 if (strchr (buf, '/') != NULL)
565 {
566 *netmask = 0xffffffff; /* for the lamers who forget the /<netmask> */
567
568 if ((ptr = (char *) strrchr (buf, '/')) != NULL)
569 *netmask = 0xffffffff << (32 - atoi (ptr + 1));
570
571 if ((ptr = (char *) strchr (buf, '/')) != NULL)
572 *ptr = '\0';
573
574 *network = (ntohl (inet_addr (buf)) & *netmask);
575 *start_ip = (*network & *netmask) + 1;
576 *end_ip = (*network | ~*netmask) - 1;
577 if (*netmask >= 0xfffffffe)
578 (*start_ip)--;
579 if (*netmask == 0xffffffff)
580 (*end_ip)++;
581 }
582
583 /* a.b.c.d - w.x.y.z */
584 if ((*start_ip == 0) && ((ptr = (char *) strrchr (buf, '-')) != NULL))
585 {
586 *end_ip = ntohl (inet_addr (ptr + 1));
587 *ptr = '\0';
588 *start_ip = ntohl (inet_addr (buf));
589 }
590
591 /* a.b.c.d */
592 if (*start_ip == 0)
593 {
594 *end_ip = ntohl (inet_addr (buf));
595 *start_ip = ntohl (inet_addr (buf));
596 }
597
598 if (opt->ip_pos == 0) /* if != 0 we use restore-file */
599 opt->ip_pos = *start_ip;
600
601 /* initialize getnextip-funtion and spread scan variables */
602 if ((opt->flags & OPT_SPREADSCAN) && (opt->end_ip - opt->start_ip > 2))
603 {
604 init_spreadscan (opt->end_ip - opt->start_ip);
605 opt->getnextip = (void *) gennext_spreadip;
606 }
607 else
608 {
609 opt->getnextip = (void *) gennextip;
610 }
611
612}
613
614/*
615 * initialize offset for spread-scan
616 * call make_iprange before
617 *
618 * most networks are /24. dont let ip_blklen get to big
619 */
620void
621init_spreadscan (u_long diff)
622{
623 opt->ip_blklen = (u_long) sqrt (diff);
624
625 if (opt->ip_blklen > 100) /* range is 100^2 large */
626 opt->ip_blklen = 257 + opt->ip_blklen * 0.2; /* use a prime# here */
627
628}
629
630
631/*
632 * output the ip's only. dont scan.
633 */
634void
635do_outonly ()
636{
637 uint32_t ip;
638
639 while ((ip = (*opt->getnextip) ()) != -1)
640 {
641 opt->ipscan_count++;
642 printf ("%s\n", int_ntoa (ip));
643 }
644
645}
646
647
648/*
649 * process a scanrange from argv
650 * Return -1 if abort
651 */
652int
653process_iprange ()
654{
655 int c = 0;
656 int ret;
657#ifdef HAVE_DLSYM
658 int mc = 0;
659#endif
660
661 while ((opt->nt.dst = (*opt->getnextip) ()) != -1)
662 {
663 memset (opt->packet, 0, opt->pkg_maxlen);
664
665 opt->pkg_len = 0;
666
667 if (opt->flags & OPT_VERB)
668 fprintf (stderr, "scanning %s:%d\n",
669 int_ntoa (opt->nt.dst), ntohs (opt->nt.dport));
670
671#ifdef HAVE_DLSYM
672 for (mc = 0; mc < modcount; mc++)
673 {
674 ret = mods[mc].callmdl (MOD_FIRSTPKG, opt);
675 if (ret == RMOD_SKIP)
676 continue;
677 if (ret == RMOD_ABRT)
678 {
679 fprintf(stderr, "oops: callmdl returned RMOD_ABRT\n");
680 return(-1);
681 }
682#endif
683
684 opt->bsent_count +=
685 send_ipv4 (opt->sox, opt->packet + ETH_SIZE, opt->pkg_len);
686 opt->iptotscan_count++;
687 opt->ipscan_count++; /* linear ipscan-offset */
688
689 if (opt->ipscan_count % opt->limit == 0) /* every second */
690 {
691 if ((c = tty_getchar ()) != -1)
692 print_scanstat (stderr);
693 if (opt->flags & OPT_ABRT)
694 return (-1); /* sig_abort_handler called */
695 }
696
697 /* do floodprotection */
698 while (opt->limit > 0)
699 {
700 /*
701 * forgett about the initial value of tv.tv_usec...
702 * This is called 'optimizing algorithms'. The usec does
703 * not count if you scan >>10seconds...
704 */
705 gettimeofday (&opt->tv2, NULL);
706 opt->sec = (opt->tv2.tv_sec - opt->scan_start.tv_sec)
707 - (opt->scan_start.tv_usec - opt->tv2.tv_usec) / 1000000.0;
708 if ((opt->iptotscan_count / opt->sec) >= opt->limit)
709 usleep (10); /* should give up timeslice */
710 else
711 break;
712 }
713#ifdef HAVE_DLSYM
714 } /* modcount-loop */
715#endif
716 }
717 return (0);
718}
719
720void *
721p_doit(void *arg)
722{
723 printf("first thread here\n");
724 sleep(100);
725 return NULL;
726}
727
728
729int
730main (int argc, char *argv[])
731{
732 struct sockaddr_in saddr;
733 struct timeval tv;
734 int size;
735 int pstatus; /* pthread error status */
736#ifdef IP_HDRINCL
737 const int on = 1;
738#endif
739
740 init_vars (&argv[argc]); /* before do_opt */
741
742 do_opt (argc, argv);
743 tty_init ();
744
745 if (opt->flags & OPT_SETARP)
746 if (setarp (opt->nt.src, opt->spf_smac) != 0)
747 {
748 fprintf (stderr, "unable to set arpentry. do it manually\n");
749 exit (1);
750 }
751
752 init_network_raw ();
753 prepare_libnet (&opt->lnet); /* used by arpg.c and maybe by bscan.c */
754
755 memset (&saddr, 0, sizeof (saddr));
756
757 if ((opt->sox = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
758 {
759 fprintf (stderr, "error creating socket\n");
760 exit (1);
761 }
762#ifdef IP_HDRINCL
763 if (setsockopt (opt->sox, IPPROTO_IP, IP_HDRINCL, &on, sizeof (on)) < 0)
764 {
765 fprintf (stderr, "error setsockopt\n");
766 exit (1);
767 }
768#endif
769
770 size = 160 * 1024; /* OK if setsockopt fails */
771 setsockopt (opt->sox, SOL_SOCKET, SO_SNDBUF, &size, sizeof (size));
772
773 opt->flags |= OPT_W8SEMA;
774 opt->bscantid = pthread_self();
775 pstatus = pthread_create(&opt->snarftid, NULL, &do_snarf, opt->lnet.device);
776 if (pstatus != 0)
777 err_abort(pstatus, "pthread_create");
778
779 while (opt->flags & OPT_W8SEMA)
780 usleep(50);
781
782 print_opt ();
783
784 if (opt->scan_start.tv_sec == 0)
785 gettimeofday (&opt->scan_start, NULL);
786
787 while ((*opt->argvlist != NULL) || (opt->flags & OPT_HOSTFILE))
788 {
789 if (!(opt->flags & OPT_REST))
790 reset_vars (); /* reset all counting variables */
791
792 if (!(opt->flags & OPT_HOSTFILE))
793 {
794 make_iprange (&opt->network, &opt->netmask, &opt->start_ip,
795 &opt->end_ip, *opt->argvlist++);
796 }
797 else
798 {
799 opt->getnextip = (void *) readnextip;
800 if (opt->flags & OPT_REST)
801 {
802 int c = 0;
803
804 fprintf (stderr, "restore: skipping %lu in '%s'\n",
805 opt->ipscan_count, opt->hostfile);
806 while (c++ < opt->ipscan_count)
807 if ((*opt->getnextip) () == -1)
808 break;
809 }
810 }
811
812 opt->flags &= ~OPT_REST; /* 2nd.. init not by restorefile */
813
814 if ((opt->getnextip == NULL) || (opt->nt.src == 0)
815 || (opt->nt.src == -1))
816 usage (0, "no ip/range given or nonparseable range, skip");
817 if (opt->flags & OPT_OUTONLY)
818 {
819 do_outonly ();
820 continue;
821 }
822
823 if (process_iprange () == -1)
824 {
825 print_scanstat (stderr);
826 break; /* abort scan ! */
827 }
828
829 if (opt->flags & OPT_HOSTFILE)
830 break; /* process only ONE hostfile */
831
832 if (*opt->argvlist != NULL)
833 print_scanstat (stderr);
834 }
835
836 gettimeofday (&tv, NULL);
837 time_diff (&opt->scan_start, &tv);
838 opt->sec = tv.tv_sec + tv.tv_usec / 1000000.0;
839 fprintf (stderr, "scanned %lu ip's in %.3f seconds\n", opt->iptotscan_count,
840 opt->sec);
841 if (opt->delay > 0)
842 {
843 fprintf (stderr, "waiting %d sec for outstanding packets...\n",
844 opt->delay);
845 signal (SIGINT, die); /* if waiting exit immediatly on INTR */
846 sleep (opt->delay);
847 }
848
849 die (0);
850 return (0);
851}
diff --git a/other/b-scan/tmp/src/cf_prse.l b/other/b-scan/tmp/src/cf_prse.l
new file mode 100644
index 0000000..592bf7a
--- /dev/null
+++ b/other/b-scan/tmp/src/cf_prse.l
@@ -0,0 +1,172 @@
1VOID_LINE "b-scan:"
2LOCAL_IP "SourceAddress"
3STATIC_MAC "StaticSpoofedMacAddress"
4SPOOF_MAC "MacAddress"
5INTERFACE "Interface"
6SPREADMODE "SpreadScan"
7PACKETS_PS "PacketsPerSecond"
8PATIENCY "MaxWaitDelay"
9VERBOSE "Verbose"
10LOAD_MOD "addModule"
11
12%{
13/*
14 * options with a "bool" are allowed to take "yes", "1" and "true"
15 * and the negated counterparts (case insensitive) as argument.
16 * all others take their argument as supplyed on the command line.
17 *
18 *
19 * VOID_LINE lines beginning with this string will be passed directly to stderr
20 * LOCAL_IP -s option
21 * STATIC_MAC -m bool
22 * SPOOF_MAC -M
23 * INTERFACE -i
24 * SPREADMODE -X bool
25 * PACKETS_PS -l
26 * PATIENCY -d
27 * VERBOSE -v bool
28 * MODULE -L
29 */
30%}
31
32
33%{
34#include <bscan/cf_prse.h>
35#include <bscan/module.h>
36#include <string.h>
37#include <stdlib.h>
38#include <sys/socket.h>
39#include <netinet/in.h>
40#include <arpa/inet.h>
41
42
43/* defines from bscan.h. why not include? because it sucks! using libnet-config for pff! */
44#define OPT_VERB 0x1
45#define OPT_SETARP 0x4
46#define OPT_SPREADSCAN 0x8
47
48
49char *
50getArg (char *s)
51{
52 int x = strlen (s);
53
54 while (s[x] != ' ' && s[x] != '\t')
55 --x;
56 return (s + x + 1);
57}
58
59
60int
61evaluateBoolArg (char *s)
62{
63 s = getArg (s);
64
65 if (!strcasecmp (s, "yes") || !strcasecmp (s, "true") || !strcasecmp (s, "1"))
66 return (1);
67 else if (!strcasecmp (s, "no") || !strcasecmp (s, "false") || !strcasecmp (s, "0"))
68 return (0);
69 else
70 return (-1);
71}
72
73
74void
75set_s_opt (char *s)
76{
77 s = getArg (s);
78 FileOpt.srcAddr = inet_addr (s);
79}
80
81
82void
83set_m_opt (char *s)
84{
85 s = getArg (s);
86 if (evaluateBoolArg (s))
87 FileOpt.flags |= OPT_SETARP;
88}
89
90
91void set_M_opt (char *s)
92{
93 s = getArg (s);
94 sscanf (s, "%hx:%hx:%hx:%hx:%hx:%hx", &FileOpt.mac[0], &FileOpt.mac[1],
95 &FileOpt.mac[2], &FileOpt.mac[3], &FileOpt.mac[4], &FileOpt.mac[5]);
96}
97
98
99void set_i_opt (char *s)
100{
101 s = getArg (s);
102 FileOpt.device = (char *) malloc (strlen (s) + 1);
103 memset (FileOpt.device, 0, strlen (s) + 1);
104 memcpy (FileOpt.device, s, strlen (s));
105}
106
107void set_X_opt (char *s)
108{
109 s = getArg (s);
110 if (evaluateBoolArg (s))
111 FileOpt.flags |= OPT_SPREADSCAN;
112}
113
114
115void set_l_opt (char *s)
116{
117 s = getArg (s);
118 FileOpt.limit = atoi (s);
119}
120
121
122void set_d_opt (char *s)
123{
124 s = getArg (s);
125 FileOpt.delay = atoi (s);
126}
127
128
129void set_v_opt (char *s)
130{
131 s = getArg (s);
132 if (evaluateBoolArg (s))
133 FileOpt.flags |= OPT_VERB;
134}
135
136void set_L_opt (char *s)
137{
138 s = s + strlen ("addModule") + 1;
139 while (*s == ' ' || *s == '\t')
140 s++;
141 loadinit_mod (s);
142}
143
144%}
145%%
146
147^{VOID_LINE}[\t !-?a-zA-Z0-9]* fprintf (stderr, "%s\n", yytext);
148^{LOCAL_IP}[\t .0-9]* set_s_opt (yytext);
149^{STATIC_MAC}[\t a-zA-Z0-9]* set_m_opt (yytext);
150^{SPOOF_MAC}[\t :a-fA-F0-9]* set_M_opt (yytext);
151^{INTERFACE}[\t a-zA-Z0-9]* set_i_opt (yytext);
152^{SPREADMODE}[\t a-zA-Z0-9]* set_X_opt (yytext);
153^{PACKETS_PS}[\t a-zA-Z0-9]* set_l_opt (yytext);
154^{PATIENCY}[\t a-zA-Z0-9]* set_d_opt (yytext);
155^{VERBOSE}[\t a-zA-Z0-9]* set_v_opt (yytext);
156^{LOAD_MOD}[\t !-?\-_.:,;a-zA-Z0-9]* set_L_opt (yytext);
157
158[\n\t a-zA-Z0-9]
159.
160
161%%
162
163int yywrap () { return (1);}
164
165int
166readConfFile (char *s)
167{
168 if ((yyin = fopen (s, "r")) == NULL)
169 return 0;
170 yylex ();
171 return 1;
172}
diff --git a/other/b-scan/tmp/src/dcd_icmp.c b/other/b-scan/tmp/src/dcd_icmp.c
new file mode 100644
index 0000000..c627a56
--- /dev/null
+++ b/other/b-scan/tmp/src/dcd_icmp.c
@@ -0,0 +1,166 @@
1/* bscan - icmp decoder
2 *
3 * based on information from
4 * RFC792 - INTERNET CONTROL MESSAGE PROTOCOL
5 * RFC950 - Internet Standard Subnetting Procedure
6 * ??? "ICMP Usage in Scanning" (ICMP_Scanning_v2.5.pdf)
7 */
8
9#include <stdio.h>
10#include <bscan/dcd_icmp.h>
11
12static char * icmp_echo_reply[] = {
13 "ICMP ECHOREPLY",
14 NULL
15};
16
17static char * icmp_unreach[] = {
18 "ICMP UNREACH network unreachable",
19 "ICMP UNREACH host unreachable",
20 "ICMP UNREACH protocol unreachable",
21 "ICMP UNREACH port unreachable",
22 "ICMP UNREACH fragmentation needed but don't-fragment bit set",
23 "ICMP UNREACH source route failed",
24 "ICMP UNREACH destination network unknown",
25 "ICMP UNREACH destination host unknown",
26 "ICMP UNREACH source host isolated",
27 "ICMP UNREACH destination network administratively prohibited",
28 "ICMP UNREACH destination host administratively prohibited",
29 "ICMP UNREACH network unreachable for TOS",
30 "ICMP UNREACH host unreachable for TOS",
31 "ICMP UNREACH communication administratively prohibited by filtering",
32 "ICMP UNREACH host precedence violation",
33 "ICMP UNREACH precedence cutoff in effect",
34 NULL
35};
36
37static char * icmp_quench[] = {
38 "ICMP QUENCH",
39 NULL
40};
41
42static char * icmp_redirect[] = {
43 "ICMP REDIRECT Redirect datagrams for the Network",
44 "ICMP REDIRECT Redirect datagrams for the Host",
45 "ICMP REDIRECT Redirect datagrams for the Type of Service and Network",
46 "ICMP REDIRECT Redirect datagrams for the Type of Service and Host",
47 NULL
48};
49
50static char * icmp_alternate[] = {
51 "ICMP ALTERNATEHOSTADDRESS",
52 NULL
53};
54
55static char * icmp_echo[] = {
56 "ICMP ECHO",
57 NULL
58};
59
60static char * icmp_routerad[] = {
61 "ICMP ROUTERADVERTISEMENT",
62 NULL
63};
64
65static char * icmp_routersel[] = {
66 "ICMP ROUTERSELECTION",
67 NULL
68};
69
70static char * icmp_timeexceed[] = {
71 "ICMP TIMEEXCEED time to live exceeded in transit",
72 "ICMP TIMEEXCEED fragment reassembly time exceeded",
73 NULL
74};
75
76static char * icmp_parprob[] = {
77 "ICMP PARAMETER pointer indicates the error",
78 "ICMP PARAMETER missing a required option",
79 "ICMP PARAMETER bad length",
80 NULL
81};
82
83static char * icmp_timestamp[] = {
84 "ICMP TIMESTAMP",
85 NULL
86};
87
88static char * icmp_timestamp_reply[] = {
89 "ICMP TIMESTAMPREPLY",
90 NULL
91};
92
93static char * icmp_information[] = {
94 "ICMP INFORMATION",
95 NULL
96};
97
98static char * icmp_information_reply[] = {
99 "ICMP INFORMATIONREPLY",
100 NULL
101};
102
103static char * icmp_addressmask[] = {
104 "ICMP ADDRESSMASK",
105 NULL
106};
107
108static char * icmp_addressmask_reply[] = {
109 "ICMP ADDRESSMASKREPLY",
110 NULL
111};
112
113static char * icmp_ERR[] = {
114 "ICMP invalid code",
115 NULL
116};
117
118struct icmp_typeelem {
119 int count;
120 char ** tab;
121};
122
123struct icmp_typeelem icmp_tab[] = {
124 { 1, icmp_echo_reply }, /* 0 Echo Reply */
125 { 0, icmp_ERR }, /* 1 UNUSED */
126 { 0, icmp_ERR }, /* 2 UNUSED */
127 { 16, icmp_unreach }, /* 3 Destination Unreachable */
128 { 1, icmp_quench }, /* 4 Source Quench */
129 { 4, icmp_redirect }, /* 5 Redirect */
130 { 1, icmp_alternate }, /* 6 Alternate Host Address */
131 { 0, icmp_ERR }, /* 7 UNUSED */
132 { 1, icmp_echo }, /* 8 Echo */
133 { 1, icmp_routerad }, /* 9 Router Advertisement */
134 { 1, icmp_routersel }, /* 10 Router Selection */
135 { 2, icmp_timeexceed }, /* 11 Time Exceeded */
136 { 3, icmp_parprob }, /* 12 Parameter Problem */
137 { 1, icmp_timestamp }, /* 13 Timestamp */
138 { 1, icmp_timestamp_reply }, /* 14 Timestamp Reply */
139 { 1, icmp_information }, /* 15 Information Request */
140 { 1, icmp_information_reply }, /* 16 Information Request */
141 { 1, icmp_addressmask }, /* 17 RFC950: Address Mask Request */
142 { 1, icmp_addressmask_reply }, /* 18 RFC950: Address Mask Reply */
143 { 0, NULL }, /* EOList */
144};
145
146int icmp_type_max = (sizeof (icmp_tab) / sizeof (struct icmp_typeelem)) - 1;
147
148const char *
149icmp_str (int type, int code)
150{
151 struct icmp_typeelem * it;
152
153 if (type < 0 || type >= icmp_type_max)
154 return ("ICMP invalid type");
155
156 it = &icmp_tab[type];
157 if (it->count == 0)
158 return (it->tab[0]);
159
160 if (code < 0 || code >= it->count)
161 return ("ICMP invalid code");
162
163 return (it->tab[code]);
164}
165
166
diff --git a/other/b-scan/tmp/src/garage.c b/other/b-scan/tmp/src/garage.c
new file mode 100644
index 0000000..4beba2d
--- /dev/null
+++ b/other/b-scan/tmp/src/garage.c
@@ -0,0 +1,508 @@
1/* bscan - garage.c - per IP storage functions
2 *
3 * by scut / teso
4 * by skyper / teso
5 *
6 * this module implements a per-IP storage method to allow other modules
7 * to store state information about hosts (ie for TCP fingerprinting or
8 * stateful protocols).
9 *
10 * 2000/12/31 version 1.0.1 - scut
11 * - added CIDR helper functions
12 * - added mg_cidr_getmask function to convert CIDR/netmask
13 * notation
14 * - added mg_cidr_maskcount to count max possible hosts in a mask
15 * - added mg_cidr_count function to count hosts in garage that
16 * match a mask
17 * - added ip based counter to the garage structure, this costs
18 * only few cycles when working with elements, but repays for
19 * the mg_count and some of the mg_cidr_* functions
20 * - changed mg_count to take advantage of the garage counter
21 * - added mg_cidr_match function
22 * - workaround for some size-dependant misoptimizations of gcc
23 *
24 * 2000/12/31 version 1.0.0 - scut
25 * - support for storage, retrieval and max-keep counter
26 * with automatic deallocation
27 */
28
29#include <sys/types.h>
30#include <stdio.h>
31#include <stdlib.h>
32#include <string.h>
33#include <bscan/garage.h>
34
35
36/* memory layout:
37 *
38 * each per-ip data is stored in a linked list element. the linked list
39 * can (theoretically) contain up to 2^16 elements, if the entire IP space
40 * is scanned at once.
41 *
42 * up to 2^16 of this linked lists can exist, hence 2^16*2^16 = 2^32 = whole
43 * IPv4 space. to access the correct linked list we calculate a hash value,
44 * to directly read from a one dimensional table of linked list root pointers.
45 *
46 * unsigned long int ip;
47 *
48 * h = ((ip >> 16) + ip) 0xffff)
49 *
50 * the linked list indexed by this two hash values is sorted in ascending
51 * order by the IP as unsigned long int.
52 */
53
54#define MG_H(ip) ((((ip) >> 16) + (ip)) & 0xffff)
55
56
57#ifdef DEBUG
58unsigned long long int tackall = 0;
59unsigned long long int tackc = 0;
60#endif
61
62#if 0
63/* unused code
64 */
65static unsigned long int
66mg_count_slot (ip_list *list);
67#endif
68
69
70/* XXX/FIXME/TODO: shouldn't be here
71 */
72void *
73xcalloc (unsigned int factor, unsigned int size)
74{
75 void * foo = calloc (factor, size);
76
77 if (foo == NULL) {
78 perror ("xcalloc");
79
80 exit (EXIT_FAILURE);
81 }
82
83 return (foo);
84}
85
86
87/* destroy the ip_list element given in `slot'
88 */
89static void
90mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *));
91
92
93garage_hdlr *
94mg_init (char *name, unsigned long int max_hosts_in_list,
95 void (* cleaner)(ip_list *))
96{
97 garage_hdlr * new = xcalloc (1, sizeof (garage_hdlr));
98
99 new->name = name;
100 new->garage = xcalloc (256 * 256, sizeof (ip_list *));
101 new->cleaner = cleaner;
102 new->ip_count = 0;
103
104 if (max_hosts_in_list == 0) {
105 new->timeout_tbl = NULL;
106 new->timeout_max = 0;
107 new->timeout_idx = 0;
108 } else {
109 new->timeout_tbl = xcalloc (max_hosts_in_list,
110 sizeof (unsigned long int));
111 new->timeout_max = max_hosts_in_list;
112 new->timeout_idx = 0;
113 }
114
115 memset (new->garage, '\x00', 256 * 256 * sizeof (ip_list *));
116 if (new->timeout_tbl != NULL)
117 memset (new->timeout_tbl, '\x00', max_hosts_in_list *
118 sizeof (unsigned long int));
119
120 return (new);
121}
122
123
124void
125mg_destroy (garage_hdlr *g, int do_handler)
126{
127 int h;
128
129
130#ifdef DEBUG
131 printf ("tackcount = %Lu\n", tackc);
132 printf ("tackall = %Lu\n", tackall);
133 printf ("tackmedian = %2.3f\n", (float) ((float) tackall / (float) tackc));
134#endif
135
136 for (h = 0 ; h < (256 * 256) ; ++h) {
137 if (g->garage[h] != NULL) {
138 /* the IP list structure for the IP will be free'd
139 * by mg_clean, too, so we don't have to do that
140 * manually
141 */
142 mg_destroy_slot (g, g->garage[h], (do_handler == 0) ?
143 NULL : g->cleaner);
144 g->garage[h] = NULL;
145 }
146 }
147
148 free (g->garage);
149 if (g->timeout_tbl == NULL)
150 free (g->timeout_tbl);
151
152 /* g->name is not to be free'd */
153
154 free (g);
155}
156
157
158static void
159mg_destroy_slot (garage_hdlr *g, ip_list *slot, void (* cleaner)(ip_list *))
160{
161 ip_list * next;
162
163 do {
164 next = slot->next;
165 mg_clean (g, slot->ip, cleaner);
166 slot = next;
167 } while (slot != NULL);
168
169 return;
170}
171
172
173void
174mg_write (garage_hdlr *g, unsigned long int ip, void *data, size_t data_len,
175 int data_free)
176{
177 ip_list * il;
178 ip_elem * new = xcalloc (1, sizeof (ip_elem));
179
180
181 new->next = NULL;
182 new->data_free = data_free;
183 new->data_len = data_len;
184 new->data = data;
185
186
187 il = g->garage[MG_H (ip)];
188 if (il == NULL) {
189 il = xcalloc (1, sizeof (ip_list));
190 il->next = NULL;
191 il->ip = ip;
192 il->data = new;
193
194 g->garage[MG_H (ip)] = il;
195 g->ip_count += 1;
196 } else {
197 ip_list ** cw = &g->garage[MG_H (ip)];
198
199 while (il != NULL && ip > il->ip) {
200 cw = &il->next;
201 il = il->next;
202 }
203
204 if (il != NULL && ip == il->ip) {
205 new->next = il->data;
206 il->data = new;
207 } else {
208 ip_list * il_tmp = xcalloc (1, sizeof (ip_list));
209
210 il_tmp->next = il;
211 *cw = il_tmp;
212 il = il_tmp;
213
214 il->ip = ip;
215 il->data = new;
216
217 g->ip_count += 1;
218 }
219 }
220
221 if (g->timeout_tbl != NULL) {
222#ifdef DEBUG
223 printf ("tbl = 0x%08lx tbl_idx = %5lu tbl_max = %5lu tbl_count = %8lu\n",
224 (unsigned long int) g->timeout_tbl,
225 (unsigned long int) g->timeout_idx,
226 (unsigned long int) g->timeout_max,
227 (unsigned long int) mg_count (g));
228 printf ("g->timeout_tbl[g->timeout_idx] = %lu\n", g->timeout_tbl[g->timeout_idx]);
229 printf ("condition = %s\n", (g->timeout_tbl[g->timeout_idx] != 0) ? "true" : "false");
230#endif
231
232 if (g->timeout_tbl[g->timeout_idx] != 0)
233 mg_clean (g, g->timeout_tbl[g->timeout_idx], NULL);
234
235 g->timeout_tbl[g->timeout_idx] = il->ip;
236#ifdef DEBUG
237 printf ("g->timeout_idx = %5ld g->timeout_max = %5ld\n\n",
238 g->timeout_idx, g->timeout_max);
239#endif
240 g->timeout_idx = (g->timeout_idx + 1) % g->timeout_max;
241 }
242}
243
244
245ip_elem *
246mg_read (garage_hdlr *g, unsigned long int ip)
247{
248#ifdef DEBUG
249 int tackcount = 0;
250#endif
251 ip_list * il = g->garage[MG_H (ip)];
252
253 /* no list for this hash value -> no IP stored
254 */
255 if (il == NULL)
256 return (NULL);
257
258 /* walk the list
259 */
260 do {
261 if (il->ip == ip)
262#ifdef DEBUG
263 {
264 printf ("tackcount = %d\n", tackcount);
265 tackall += tackcount;
266 tackc += 1;
267#endif
268 return (il->data);
269#ifdef DEBUG
270 } else {
271 tackcount += 1;
272 }
273#endif
274
275 il = il->next;
276
277 } while (il != NULL && il->ip <= ip);
278
279 return (NULL);
280}
281
282
283void
284mg_clean (garage_hdlr *g, unsigned long int ip, void (* cleaner)(ip_list *))
285{
286 ip_elem * iel;
287 ip_elem * iel_tmp;
288
289 ip_list ** cw = &g->garage[MG_H (ip)];
290 ip_list * il;
291
292
293 il = *cw;
294
295 /* walk the list
296 */
297 while (il != NULL && il->ip < ip) {
298 cw = &il->next;
299 il = il->next;
300 }
301
302 if (il == NULL || il->ip != ip)
303 return;
304
305 *cw = il->next;
306
307 /* if a cleaner has been given, or there is a default cleaner in the
308 * garage, then run it
309 */
310 if (cleaner != NULL) {
311 cleaner (il);
312 } else if (g->cleaner != NULL) {
313 g->cleaner (il);
314 }
315
316 iel = il->data;
317 while (iel != NULL) {
318 iel_tmp = iel;
319 if (iel->data_free)
320 free (iel->data);
321
322 iel = iel->next;
323 free (iel_tmp);
324 }
325
326 g->ip_count -= 1;
327
328 free (il);
329
330 return;
331}
332
333
334void
335mg_show (garage_hdlr *g)
336{
337 int h1, h2;
338 int count;
339
340 char display[] = ".123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
341
342 printf ("=== garage = %s === elements in garage = %lu\n", g->name, mg_count (g));
343 printf ("0_________0_________0_________0_________0_________0_________0_________\n");
344
345 for (h1 = 0 ; h1 < 256 ; ++h1) {
346 count = 0;
347 for (h2 = 0 ; h2 < 256 ; ++h2) {
348 if (g->garage[h1 * 256 + h2] != NULL)
349 count += 1;
350 }
351
352 printf ("%c", count >= (sizeof (display) - 1) ? '>' : display[count]);
353 if ((h1 + 1) % 70 == 0) {
354 printf ("\n");
355 printf ("0_________0_________0_________0_________0_________0_________0_________\n");
356 }
357 }
358 printf ("\n");
359
360}
361
362
363unsigned long int
364mg_count (garage_hdlr *g)
365{
366 return (g->ip_count);
367}
368
369
370#if 0
371/* unused code
372 */
373static unsigned long int
374mg_count_slot (ip_list *list)
375{
376 unsigned long int count = 0;
377
378 do {
379 count += 1;
380 list = list->next;
381 } while (list != NULL);
382
383 return (count);
384}
385#endif
386
387
388int
389mg_ip_isin (garage_hdlr *g, unsigned long int ip)
390{
391 ip_list * il = g->garage[MG_H (ip)];
392
393 if (il == NULL)
394 return (0);
395
396 while (il != NULL && ip < il->ip) {
397 il = il->next;
398 }
399
400 if (il != NULL && ip == il->ip)
401 return (1);
402
403 return (0);
404}
405
406
407
408/* CIDR routines
409 *
410 * XXX: maybe move some basic CIDR routines to an extra file for maintance
411 * XXX: beta code, please test
412 */
413
414unsigned long int
415mg_cidr_getmask (unsigned long int mask)
416{
417 /* work around to dumb gcc 'optimizations' (ie compiler bug)
418 */
419 if (mask == 0)
420 return (0);
421
422 if (mask > 32) {
423 return (mask);
424 } else {
425 unsigned long int nm = 0xffffffff;
426
427 /* clear zero bits
428 */
429 mask = 32 - mask;
430 nm >>= mask;
431 nm <<= mask;
432
433 return (nm);
434 }
435}
436
437
438unsigned long int
439mg_cidr_maskcount (unsigned long int mask)
440{
441 return ((~mg_cidr_getmask (mask)) + 1);
442}
443
444
445int
446mg_cidr_match (unsigned long int ip1, unsigned long int ip2,
447 unsigned long int mask)
448{
449 mask = mg_cidr_getmask (mask);
450 ip1 &= mask;
451 ip2 &= mask;
452
453 return (ip1 == ip2);
454}
455
456
457unsigned long int
458mg_cidr_count (garage_hdlr *g, unsigned long int ip, unsigned long int mask)
459{
460 unsigned long int count = 0;
461 unsigned long int ip_start,
462 ip_end;
463
464
465 ip_start = ip & mg_cidr_getmask (mask);
466 ip_end = ip_start + mg_cidr_maskcount (mask);
467
468 /* workaround for /0 cidr mask (if sizeof (unsigned long int) == 4)
469 * it will make ip_end = 0, so we have to catch this case)
470 */
471 if (ip_end == 0)
472 return (mg_count (g));
473
474 if ((ip_end - ip_start) >= mg_count (g)) {
475 /* since there are less elements then the ip range contains,
476 * we go for a count-matching-elements-by-scanning-through-
477 * the-entire-array like technique
478 */
479 unsigned long int h;
480 ip_list * il;
481
482 for (h = 0 ; h < (256 * 256) ; ++h) {
483 if (g->garage[h] != NULL) {
484 il = g->garage[h];
485
486 do {
487 if (mg_cidr_match (il->ip, ip, mask))
488 count += 1;
489
490 il = il->next;
491 } while (il != NULL);
492 }
493 }
494 } else {
495 /* there are more elements in the garage then this range
496 * contains, so scam this range only
497 */
498 do {
499 count += mg_ip_isin (g, ip_start);
500
501 ip_start += 1;
502 } while (ip_start < ip_end);
503 }
504
505 return (count);
506}
507
508
diff --git a/other/b-scan/tmp/src/module.c b/other/b-scan/tmp/src/module.c
new file mode 100644
index 0000000..1748914
--- /dev/null
+++ b/other/b-scan/tmp/src/module.c
@@ -0,0 +1,214 @@
1#include <stdio.h>
2#include <stdlib.h>
3#include <dlfcn.h>
4#include <string.h>
5#include <bscan/module.h>
6#include <bscan/system.h>
7
8struct _mods mods[MAX_MODULES];
9/* modstructures not initialized */
10int modcount = -1;
11
12/*
13#ifdef HAVE_DLSYM
14#define MAKE_DLSYM(x, y) mods[modcount].##x = dlsym(handle, ##y);\
15 if ((error = dlerror()) != NULL) {\
16 fprintf(stderr, ##y":%s\n", error); return(1); }
17#endif
18*/
19
20/* I think this is more correct, and also gets rid of some compile warnings.
21 * hope this doesn't break anything. -typo */
22#ifdef HAVE_DLSYM
23#define MAKE_DLSYM(x, y) mods[modcount].x = dlsym(handle, y);\
24 if ((error = dlerror()) != NULL) {\
25 fprintf(stderr, y":%s\n", error); return(1); }
26#endif
27
28/* SunOS 4.1.3 support */
29#ifndef RTLD_NOW
30#define RTLD_NOW 0x00001
31#endif
32/* OpenBSD support */
33#ifndef RTLD_GLOBAL
34#define RTLD_GLOBAL 0x00000
35#endif
36
37/* we really hate theo for this shit of dl* work */
38#if defined(__OpenBSD__)
39# if !(defined(__mips) || defined(__powerpc))
40# define DLSYM_AOUT 1
41# else
42# define DLSYM_AOUT 0
43# endif
44#endif
45#if DLSYM_AOUT == 1
46# define DLSYM_UNDERSCORE "_"
47#else
48# define DLSYM_UNDERSCORE /**/
49#endif
50
51
52/*
53 * init the module structures. NOT the modules!
54 */
55void
56init_modules ()
57{
58 int c = 0;
59
60 while (c < MAX_MODULES)
61 {
62 mods[c].init = NULL;
63 mods[c].fini = NULL;
64 mods[c].musage = NULL;
65 mods[c].modname = NULL;
66 mods[c].modid = 0;
67 mods[c].modarg = NULL;
68 mods[c++].callmdl = NULL;
69 }
70 modcount = 0;
71}
72
73
74/*
75 * Load a module
76 * Return 0 on success, != 0 on error [no space left, EACCESS, ...]
77 */
78int
79add_module (char *fname, char *modarg)
80{
81#ifdef HAVE_DLSYM
82 void *handle;
83 char *error;
84
85 if (modcount == -1)
86 init_modules ();
87
88 if (modcount >= MAX_MODULES)
89 return (2); /* array to small! */
90
91 handle = dlopen (fname, RTLD_NOW | RTLD_GLOBAL);
92
93 if ((error = dlerror ()) != NULL)
94 {
95 fprintf (stderr, "%s\n", error);
96 return (1);
97 }
98
99 MAKE_DLSYM (init, DLSYM_UNDERSCORE"init");
100 MAKE_DLSYM (fini, DLSYM_UNDERSCORE"fini");
101 MAKE_DLSYM (musage, DLSYM_UNDERSCORE"musage");
102 MAKE_DLSYM (callmdl, DLSYM_UNDERSCORE"callmdl");
103
104 mods[modcount].modid = modcount;
105 mods[modcount].modarg = modarg; /* not encoded arg */
106
107 modcount++;
108
109#endif
110 return 0;
111}
112
113/*
114 * split a 'space seperated string' into many arguements
115 * decode esc-sequences
116 */
117void
118split_margs (const char *moptarg, char ***margvp, int *margcp)
119{
120 char *ptr, *opt;
121 int off;
122 char ch, ch2;
123
124 if (margcp == NULL)
125 return;
126
127 if (margvp == NULL)
128 return;
129
130 if (moptarg == NULL)
131 return;
132
133 moptarg = strdup(moptarg);
134
135 /*
136 * convert " modname -a arg1 -b arg2" to
137 * "modname -a arg1 -b arg2"
138 */
139 opt = (char *) calloc (1, strlen (moptarg) + 1);
140 off = 0;
141 ch2 = ' ';
142 ptr = (char *) moptarg;
143 while ((ch = *ptr++) != '\0')
144 {
145 if ((ch == ' ') && (ch2 == ' '))
146 continue;
147 opt[off++] = ch;
148 ch2 = ch;
149 }
150 if (ch2 == ' ')
151 opt[off - 1] = '\0';
152
153 /*
154 * split argument-string into char *argv[] array
155 */
156 *margcp = 0;
157 while ((ptr = strchr (opt, ' ')) != NULL)
158 {
159 *ptr++ = '\0';
160
161 (*margvp) = realloc (*margvp, ((*margcp) + 1) * sizeof (char *));
162
163 ctoreal(opt, opt); /* decode esc-sequences */
164 *(*margvp + *margcp) = opt;
165 (*margcp)++;
166 opt = ptr;
167 }
168 (*margvp) = realloc (*margvp, ((*margcp) + 2) * sizeof (char *));
169 ctoreal(opt, opt);
170 *(*margvp + (*margcp)++) = opt;
171 *(*margvp + (*margcp)) = NULL; /* terminate the array */
172
173}
174
175/*
176 * load and init the module.
177 * this function can exit
178 * return 0 on success
179 */
180int
181loadinit_mod(char *optar)
182{
183 char **margv = NULL;
184 int margc = 0;
185 extern int optind;
186 extern struct _opt *opt;
187
188 split_margs (optar, &margv, &margc);
189 if (add_module (margv[0], optar) == 0)
190 {
191 int oldoptind = optind;
192 int m = modcount - 1;
193 optind = 1;
194
195 if (mods[m].init ((char **) &mods[m].modname, margc, margv, opt) != 0)
196 {
197 fprintf (stderr, "- [%d]: '%s' init FAILED\n",
198 mods[m].modid, margv[0]);
199 mods[m].musage ();
200 exit (-1);
201 } else
202 fprintf (stderr, "+ [%d]: '%s' initialized\n",
203 mods[m].modid, mods[m].modname);
204 optind = oldoptind; /* restore old optind value */
205 } else
206 {
207 fprintf (stderr, "+ [-]; '%s' failed\n", optar);
208 exit (-1);
209 }
210
211 return(0);
212}
213
214
diff --git a/other/b-scan/tmp/src/network_raw.c b/other/b-scan/tmp/src/network_raw.c
new file mode 100644
index 0000000..1b87eaa
--- /dev/null
+++ b/other/b-scan/tmp/src/network_raw.c
@@ -0,0 +1,497 @@
1/*
2 * raw network routines
3 * libnet based (not yet ..but maybe in the future :>
4 */
5
6#include <stdio.h>
7#include <stdarg.h>
8#include <stdlib.h>
9#include <sys/types.h>
10#include <sys/socket.h>
11#include <sys/wait.h>
12#ifndef __FAVOR_BSD
13#define __FAVOR_BSD
14#endif
15#ifndef __USE_BSD
16#define __USE_BSD
17#endif
18#ifndef __BSD_SOURCE
19#define __BSD_SOURCE
20#endif
21#include <libnet.h>
22#include <bscan/network_raw.h>
23
24static int netraw_lrand = 0;
25#define LAME_RANDOM (netraw_lrand = (netraw_lrand + (netraw_lrand>>1)))
26
27/*
28 * init all the network_raw stuff
29 * return 0 on success, -1 on error
30 */
31int
32init_network_raw ()
33{
34 /* seeded by init_vars/bscan.c */
35 netraw_lrand = 1 + (int) (65335.0 * rand () / (RAND_MAX + 1.0));
36 return (0);
37}
38
39/*
40 * calc. checksum WITH carry flag.
41 * call cksum = CKSUM_CARRY(sum);
42 * we calculate only the initial checksum here.
43 * we can use the result for all further packets
44 */
45int
46in_cksum (unsigned short *addr, int len)
47{
48 int nleft = len;
49 int sum = 0;
50 u_short *w = addr;
51 u_short answer = 0;
52
53 while (nleft > 1)
54 {
55 sum += *w++;
56 nleft -= 2;
57 }
58
59 if (nleft == 1) /* padding */
60 {
61 *(u_char *) (&answer) = *(u_char *) w;
62 sum += answer;
63 }
64
65 return (sum);
66}
67
68
69/*
70 * add ICMP_ECHO or ICMP_TSTAMP
71 * len = len of payload
72 * add ICMP-header to pkt
73 */
74void
75add_icmpping (unsigned char *pkt, int len, int which)
76{
77 struct icmp *icmp = (struct icmp *) pkt;
78 int sum;
79 struct timeval tv;
80 memset (icmp, 0, sizeof (*icmp)); /* sizeof(*icmp) = 28 */
81
82 if (which == ICMP_ECHO)
83 {
84 icmp->icmp_type = ICMP_ECHO;
85 }
86 else if (which == ICMP_TSTAMP)
87 {
88 if (len < 13)
89 printf ("packet too small for timestamp request, lets blast the packets out anyway\n");
90 icmp->icmp_type = ICMP_TSTAMP;
91 }
92 else
93 printf ("Your kung-fu is bad!\n");
94
95 icmp->icmp_hun.ih_idseq.icd_id = LAME_RANDOM;
96 gettimeofday (&tv, NULL);
97 memcpy (icmp->icmp_dun.id_data, &tv, sizeof (tv));
98
99 sum = in_cksum ((u_short *) icmp, ICMP_SIZE + len);
100 icmp->icmp_cksum = CKSUM_CARRY (sum);
101}
102
103
104/*
105 * add udp-header [no checksum]
106 * len = len of payload
107 */
108void
109add_udphdr(unsigned char *pkt, struct net_tuple *nt, int len)
110{
111 struct udphdr udp;
112
113 memset(&udp, 0, sizeof(udp));
114 udp.uh_sport = nt->sport;
115 udp.uh_dport = nt->dport;
116 udp.uh_ulen = htons(len + UDP_SIZE);
117 udp.uh_sum = 0; /* no checksum !*/
118 memcpy(pkt, &udp, sizeof(udp));
119}
120
121
122/*
123 * len = len of payload
124 */
125void
126add_tcphdr (unsigned char *pkt, struct net_tuple *nt, uint8_t flags, int len,
127 tcp_seq * seq, tcp_seq * ack)
128{
129 struct tcphdr tcp;
130 struct tcphdr *tcpptr;
131 struct _fakehead fakehead;
132 int sum;
133
134 memset (&tcp, 0, sizeof (tcp));
135 memset (&fakehead, 0, sizeof (fakehead));
136 tcp.th_dport = nt->dport;
137 tcp.th_sport = nt->sport;
138 fakehead.saddr = nt->src;
139 fakehead.daddr = nt->dst;
140 fakehead.zero = 0;
141 fakehead.protocol = IPPROTO_TCP;
142 fakehead.tot_len = htons (TCP_SIZE + len);
143 sum = in_cksum ((u_short *) & fakehead, sizeof (fakehead));
144 tcp.th_off = TCP_SIZE >> 2;
145 if (seq != NULL)
146 tcp.th_seq = *seq;
147 else
148 tcp.th_seq = LAME_RANDOM;
149 if (ack != NULL)
150 tcp.th_ack = *ack;
151 tcp.th_flags |= flags; /* ADD the flags */
152 tcp.th_win = htons (0x3fff);
153 memcpy (pkt, &tcp, sizeof (tcp));
154 sum += in_cksum ((u_short *) pkt, sizeof (tcp) + len);
155 tcpptr = (struct tcphdr *)pkt;
156 tcpptr->th_sum = CKSUM_CARRY (sum);
157}
158
159
160/*
161 * add's ipv4-header of 20 bytes without any options
162 * - IPPROTO_TCP and 40 bytes total length
163 */
164void
165add_iphdr (unsigned char *pkt, uint8_t ip_p, struct net_tuple *nt, int len)
166{
167 struct ip ip;
168 memset (&ip, 0, IP_SIZE);
169 ip.ip_hl = sizeof (ip) >> 2;
170 ip.ip_v = 4;
171 /*ip->tos = 0; */
172 ip.ip_len = htons (len + IP_SIZE); /* htons ? */
173 /*ip->id = 0; done by kernel */
174 /*ip->frag_off = 0; */
175 ip.ip_ttl = 0xff;
176 ip.ip_p = ip_p;
177 /*.ip->check = 0; done by kernel */
178 ip.ip_src.s_addr = nt->src;
179 ip.ip_dst.s_addr = nt->dst;
180 memcpy (pkt, &ip, sizeof (ip));
181}
182
183/*
184 * send out ipv4-packet
185 * with data 'pkt' of length 'len'
186 * returns the number of characters sent, or -1 if an error occured
187 */
188int
189send_ipv4 (int sox, u_char * pkt, size_t len)
190{
191 struct sockaddr_in to;
192 to.sin_family = AF_INET;
193 memcpy (&to.sin_addr.s_addr, (pkt + 4 * 4), sizeof (u_long));
194 return (sendto (sox, pkt, len, 0, (struct sockaddr *) &to, sizeof (to)));
195}
196
197
198/*
199 * small/lame tcp userland stack
200 * give 'best' tcp-answer to a tcp-packet
201 * return 0 on success
202 * payload + len are optional
203 */
204int
205answer_tcp (int sox, struct ip *ip, struct tcphdr *tcp, uint8_t flags,
206 u_char * payload, uint len)
207{
208 static u_char *outpkt = NULL;
209 static int msize = 0;
210 struct net_tuple nt;
211 tcp_seq outack;
212
213 if (TCP_SIZE + IP_SIZE + len > msize)
214 {
215 outpkt = realloc (outpkt, TCP_SIZE + IP_SIZE + len);
216 msize = TCP_SIZE + IP_SIZE + len;
217 }
218
219 if (outpkt == NULL)
220 return (-1);
221 if (ip == NULL)
222 return (-1);
223 if (tcp == NULL)
224 return (-1);
225
226 memset (outpkt, 0, TCP_SIZE + IP_SIZE + len);
227
228 nt.sport = tcp->th_dport;
229 nt.dport = tcp->th_sport;
230 nt.src = ip->ip_dst.s_addr;
231 nt.dst = ip->ip_src.s_addr;
232
233 if (payload != NULL)
234 memcpy (outpkt + TCP_SIZE + IP_SIZE, payload, len);
235
236 outack = ntohl (tcp->th_seq) + ntohs (ip->ip_len) - (tcp->th_off << 2) -
237 (ip->ip_hl << 2);
238 if (tcp->th_flags & (TH_SYN | TH_FIN))
239 outack++;
240
241 outack = htonl (outack);
242 add_tcphdr (outpkt + IP_SIZE, &nt, flags, len, &tcp->th_ack, &outack);
243
244 add_iphdr (outpkt, IPPROTO_TCP, &nt, TCP_SIZE + len);
245
246 send_ipv4 (sox, outpkt, IP_SIZE + TCP_SIZE + len);
247
248 return (0);
249}
250
251
252/*
253 * return 0 if ip-header is valid [length only]
254 * len = length from the begin of the ip-header [20 for normal ip header]
255 */
256int
257vrfy_ip (struct ip *ip, uint32_t len, u_short * ip_options)
258{
259 u_short _ip_options;
260
261 if (len < sizeof (*ip))
262 return (-1);
263
264 _ip_options = ip->ip_hl << 2;
265 if (_ip_options > len)
266 return (-1);
267
268 if (_ip_options > 0xefff)
269 return -1;
270
271 if (_ip_options < sizeof (*ip))
272 _ip_options = 0;
273 else
274 _ip_options -= sizeof (*ip);
275
276 *ip_options = _ip_options;
277 return (0);
278}
279
280
281/*
282 * len = len of tcp-header + tcp_options + tcp_data (from wire).
283 * returns 0 if tcp-header is valid [length check only]
284 * returns options
285 * != 0 if something went wrong [header size etc]
286 */
287int
288vrfy_tcp (struct tcphdr *tcp, uint32_t plen, u_short * tcp_options)
289{
290 u_short _tcp_options;
291
292 if (plen < sizeof (*tcp))
293 return (-1);
294
295 _tcp_options = tcp->th_off << 2;
296 if (_tcp_options > plen)
297 return (-1);
298 if (_tcp_options > 0xefff) /* this is quite to large for me */
299 return -1;
300
301 if (_tcp_options <= sizeof (*tcp))
302 _tcp_options = 0;
303 else
304 _tcp_options -= sizeof (*tcp);
305
306 *tcp_options = _tcp_options;
307
308 return (0);
309}
310
311int
312vrfy_udp (struct udphdr *udp, uint32_t len)
313{
314
315 if (len < sizeof(*udp))
316 return (-1);
317
318 return (0);
319}
320
321/*
322 * decode NetworkVirtualTerminal Data
323 * data = the raw (nvt)-input
324 * len = length of 'data'
325 * ans = the nvt-answer (IAC don't)
326 * anslen = the calculated anser length
327 * res = the decoded nvt data (login: prompt etc)
328 * reslen = the calculates decoded data length
329 * All parameters must be given (NULL is not allowed)
330 * and initialized
331 * return -1 on failure
332 * return 0 on success
333 * rfc-will: anslen, reslen < len
334 */
335#define IACFOUND 0x01
336#define DOFOUND 0x02
337#define UNKNOWNOPT 0x04
338#define SUBNEGO 0x08
339#define CRFOUND 0x10
340
341#define NVT_SE 0xf0
342#define NVT_SB 0xfa
343#define NVT_WILL 0xfb
344#define NVT_WONT 0xfc
345#define NVT_DO 0xfd
346#define NVT_DONT 0xfe
347#define IAC 0xff
348
349int
350decode_nvt(u_char *data, uint len, u_char *ans, uint *anslen,
351 u_char *res, uint *reslen)
352{
353 u_char *ptr = data;
354 u_char *ansptr = ans;
355 u_char *resptr = res;
356 u_char flags = 0;
357 int i = 0;
358 u_char c;
359
360 if ( (data == NULL) || (ans == NULL) || (res == NULL))
361 return(0);
362
363 *anslen = 0;
364 *reslen = 0;
365
366 while (1)
367 {
368 if (i++ >= len)
369 break;
370 c = *ptr++;
371
372 if (flags & UNKNOWNOPT)
373 {
374 flags = 0;
375 continue;
376 }
377
378 if (flags & IACFOUND)
379 {
380 if (c == IAC) /* IAC IAC */
381 {
382 *resptr++ = IAC;
383 flags = 0; /* reset */
384 continue;
385 }
386
387 if (flags & SUBNEGO)
388 {
389 if (c == NVT_SE) /* subnegotiation end */
390 flags = 0;
391 continue;
392 }
393
394 if (flags & DOFOUND)
395 {
396/* 3com switch test if (c == 0x03)
397 {
398 *ansptr++ = IAC;
399 *ansptr++ = NVT_DO;
400 *ansptr++ = 0x03;
401 *ansptr++ = IAC;
402 *ansptr++ = NVT_WILL;
403 *ansptr++ = 0x18;
404 *ansptr++ = IAC;
405 *ansptr++ = NVT_WILL;
406 *ansptr++ = 0x1f;
407 *ansptr++ = IAC;
408 *ansptr++ = NVT_WILL;
409 *ansptr++ = 0x20;
410 *ansptr++ = IAC;
411 *ansptr++ = NVT_WILL;
412 *ansptr++ = 0x21;
413 *ansptr++ = IAC;
414 *ansptr++ = NVT_WILL;
415 *ansptr++ = 0x22;
416 *ansptr++ = IAC;
417 *ansptr++ = NVT_WILL;
418 *ansptr++ = 0x27;
419 *ansptr++ = IAC;
420 *ansptr++ = NVT_DO;
421 *ansptr++ = 0x05;
422 *ansptr++ = IAC;
423 *ansptr++ = NVT_WILL;
424 *ansptr++ = 0x23;
425 *anslen = *anslen + 24;
426
427 }
428*/
429 *ansptr++ = IAC;
430 *ansptr++ = NVT_WONT; /* me is dump - im a kid */
431 *ansptr++ = c;
432 *anslen = *anslen + 3;
433 flags = 0;
434 continue;
435 }
436
437 if (c == NVT_SB) /* subnegotiation */
438 {
439 flags = SUBNEGO;
440 continue;
441 }
442
443 if (c == NVT_DO) /* DO ... */
444 {
445 flags |= DOFOUND;
446 continue;
447 } else {
448 flags = ~(IACFOUND | DOFOUND);
449 flags |= UNKNOWNOPT; /* skip next */
450 continue;
451 }
452
453 }
454
455 if (flags & SUBNEGO)
456 continue;
457
458 if (c == IAC)
459 {
460 flags = IACFOUND; /* just IAC */
461 continue;
462 }
463
464 if (flags & CRFOUND)
465 {
466 if (c == '\0')
467 {
468 flags &= ~CRFOUND;
469 *res++ = '\r';
470 *reslen = *reslen + 1;
471 continue;
472 }
473 if (c == '\n')
474 {
475 flags &= ~CRFOUND;
476 *res++ = '\n';
477 *reslen = *reslen + 1;
478 continue;
479 }
480 }
481
482 if (c == '\r')
483 {
484 flags |= CRFOUND;
485 continue;
486 }
487
488 *res++ = c;
489 *reslen = *reslen + 1;
490
491 }
492
493 return(0);
494}
495
496
497
diff --git a/other/b-scan/tmp/src/restore.c b/other/b-scan/tmp/src/restore.c
new file mode 100644
index 0000000..45edbb8
--- /dev/null
+++ b/other/b-scan/tmp/src/restore.c
@@ -0,0 +1,263 @@
1/*
2 * bscan, restore.c
3 * this is the buggies part of the entire scanner :>
4 * many buffer overflows in here
5 */
6#include <bscan/bscan.h>
7#include <bscan/system.h>
8#include <bscan/module.h>
9#include <string.h>
10
11
12extern struct _opt *opt;
13
14#define RESTORE_FILE "restore.bscan"
15
16#define R_ARGVLIST "argvlist"
17#define R_MODARG "modarg"
18#define R_LIMIT "limit"
19#define R_FLAGS "flags"
20#define R_DELAY "delay"
21#define R_PSCANSTAT "pscanstat"
22#define R_IPSCAN_COUNT "ipscan_count"
23#define R_IPTOTSCAN_C "iptotscan_count"
24#define R_BSENT_COUNT "bsent_count"
25#define R_IP_OFFSET "ip_offset"
26#define R_IP_BLKLEN "ip_blklen"
27#define R_IP_POS "ip_pos"
28#define R_SCAN_TIME "scan_time"
29#define R_SPF_SIP "spf_sip"
30#define R_SPF_SMAC "spf_smac"
31#define R_SNARFICMP_C "snarf.icmp_c"
32#define R_SNARFCLOSE_C "snarf.close_c"
33#define R_SNARFOPEN_C "snarf.open_c"
34#define R_SNARFREFUSED_C "snarf.refused_c"
35#define R_IDEV "lnet.device"
36#define R_HOSTFILE "hostfile"
37
38
39/*
40 * save everything that is required to restore/restart an inter session
41 */
42int
43write_restore ()
44{
45 u_char *p = (u_char *) opt->spf_smac;
46 FILE *fptr;
47 char **myargv = opt->argvlist;
48 struct timeval tv;
49#ifdef HAVE_DLSYM
50 int c=0;
51 extern const int modcount;
52 extern const struct _mods mods[MAX_MODULES];
53#endif
54
55 if (opt->flags & OPT_VERB)
56 fprintf (stderr, "Writing restore file '%s'\n", RESTORE_FILE);
57
58 if ((fptr = fopen (RESTORE_FILE, "w+")) == NULL)
59 return (-1);
60
61 fprintf (fptr, "# bscan restore file. This is an automatic generated\n");
62 fprintf (fptr, "# file. Don't edit.\n");
63 fprintf (fptr, "#\n");
64
65 fprintf (fptr, R_ARGVLIST ": ");
66 if ((opt->target != NULL) && !(opt->flags & OPT_HOSTFILE))
67 fprintf (fptr, "\"%s\" ", opt->target);
68 while (*myargv != NULL)
69 fprintf (fptr, "\"%s\" ", *myargv++);
70 fprintf (fptr, "\n");
71
72#ifdef HAVE_DLSYM
73 for (c = 0; c < modcount; c++)
74 fprintf(fptr, R_MODARG ": %s\n", mods[c].modarg);
75#endif
76
77 fprintf (fptr, R_LIMIT ": %u\n", opt->limit);
78 fprintf (fptr, R_DELAY ": %u\n", opt->delay);
79 fprintf (fptr, R_PSCANSTAT ": %u\n", opt->pscanstat);
80 fprintf (fptr, R_IPSCAN_COUNT ": %lu\n", opt->ipscan_count);
81 fprintf (fptr, R_IPTOTSCAN_C ": %lu\n", opt->iptotscan_count);
82 fprintf (fptr, R_BSENT_COUNT ": %lu\n", opt->bsent_count);
83 fprintf (fptr, R_IP_OFFSET ": %lu\n", opt->ip_offset);
84 fprintf (fptr, R_IP_BLKLEN ": %lu\n", opt->ip_blklen);
85 fprintf (fptr, R_IP_POS ": %lu\n", opt->ip_pos);
86 fprintf (fptr, R_FLAGS ": %4.4x\n", opt->flags);
87 memcpy(&tv, &opt->tv2, sizeof(tv));
88 time_diff (&opt->scan_start, &tv);
89 fprintf (fptr, R_SCAN_TIME ": %ld\n", (long)tv.tv_sec);
90 fprintf (fptr, R_SPF_SIP ": %s\n", int_ntoa (opt->nt.src));
91 fprintf (fptr, R_SPF_SMAC ": %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
92 p[0], p[1], p[2], p[3], p[4], p[5]);
93 fprintf (fptr, R_SNARFICMP_C ": %lu\n", opt->snarf.icmp_c);
94 fprintf (fptr, R_SNARFCLOSE_C ": %lu\n", opt->snarf.close_c);
95 fprintf (fptr, R_SNARFOPEN_C ": %lu\n", opt->snarf.open_c);
96 fprintf (fptr, R_SNARFREFUSED_C ": %lu\n", opt->snarf.refused_c);
97 if (opt->lnet.device != NULL)
98 fprintf (fptr, R_IDEV ": %s\n", opt->lnet.device);
99 else
100 fprintf (fptr, R_IDEV ": \n");
101
102 if (opt->hostfile != NULL)
103 fprintf (fptr, R_HOSTFILE ": %s\n", opt->hostfile);
104 else
105 fprintf (fptr, R_HOSTFILE ": \n");
106
107 fclose (fptr);
108
109 return (0);
110}
111
112int
113restore_processtag (char *tag, char *arg)
114{
115 char *ptr = arg;
116 int c = 0;
117
118 if ((arg == NULL) || (tag == NULL))
119 return (-1);
120
121 if (!strcmp (R_ARGVLIST, tag))
122 if (strlen (arg) > 0)
123 {
124 int toggle = 0;
125 while (*ptr != '\0')
126 if (*ptr++ == '"')
127 c++;
128 ptr = arg;
129 c = c / 2;
130 if (c <= 0)
131 return (-1); /* this should not happen */
132 if ((opt->argvlist = malloc ((c + 1) * sizeof (char *))) == NULL)
133 return (-1);
134 for (toggle = 0; toggle < c + 1; toggle++)
135 opt->argvlist[toggle] = NULL;
136
137 toggle = 0;
138 ptr = arg;
139 c = 0;
140 while (*ptr != '\0')
141 if (*ptr++ == '"')
142 {
143 *(ptr - 1) = '\0';
144 if (toggle++ == 1)
145 {
146 toggle = 0;
147 continue;
148 }
149 opt->argvlist[c++] = ptr;
150 }
151
152 /* strings are ready + \0 terminated here */
153
154 for (toggle = 0; toggle < c; toggle++)
155 opt->argvlist[toggle] = strdup (opt->argvlist[toggle]);
156
157 return (0);
158 }
159
160 if (!strcmp (R_MODARG, tag))
161 loadinit_mod(arg);
162
163 if (!strcmp (R_DELAY, tag))
164 opt->delay = atoi (arg);
165 if (!strcmp (R_LIMIT, tag))
166 opt->limit = atoi (arg);
167 if (!strcmp (R_PSCANSTAT, tag))
168 opt->pscanstat = atoi (arg);
169 if (!strcmp (R_IPSCAN_COUNT, tag))
170 opt->ipscan_count = strtoul (arg, NULL, 10);
171 if (!strcmp (R_IPTOTSCAN_C, tag))
172 opt->iptotscan_count = strtoul (arg, NULL, 10);
173 if (!strcmp (R_BSENT_COUNT, tag))
174 opt->bsent_count = strtoul (arg, NULL, 10);
175 if (!strcmp (R_IP_OFFSET, tag))
176 opt->ip_offset = strtoul (arg, NULL, 10);
177 if (!strcmp (R_IP_BLKLEN, tag))
178 opt->ip_blklen = strtoul (arg, NULL, 10);
179 if (!strcmp (R_IP_POS, tag))
180 opt->ip_pos = strtoul (arg, NULL, 10);
181 if (!strcmp (R_SCAN_TIME, tag))
182 { /* doing the date trick ..we had a scannerdowntime.. */
183 gettimeofday (&opt->scan_start, NULL);
184 opt->scan_start.tv_sec =
185 opt->scan_start.tv_sec - strtoul (arg, NULL, 10);
186 }
187 if (!strcmp (R_SPF_SIP, tag))
188 opt->nt.src = inet_addr (arg);
189 if (!strcmp (R_SPF_SMAC, tag))
190 {
191 unsigned short int sp[6];
192 sscanf (arg, "%hx:%hx:%hx:%hx:%hx:%hx", &sp[0], &sp[1], &sp[2],
193 &sp[3], &sp[4], &sp[5]);
194 for (c = 0; c < 6; c++)
195 opt->spf_smac[c] = (u_char) sp[c];
196
197 }
198 if (!strcmp (R_FLAGS, tag))
199 {
200 sscanf (arg, "%hx", &opt->flags);
201 opt->flags &= ~OPT_ABRT;
202 opt->flags &= ~OPT_REST;
203 }
204 if (!strcmp (R_SNARFICMP_C, tag))
205 opt->snarf.icmp_c = strtoul (arg, NULL, 10);
206 if (!strcmp (R_SNARFCLOSE_C, tag))
207 opt->snarf.close_c = strtoul (arg, NULL, 10);
208 if (!strcmp (R_SNARFOPEN_C, tag))
209 opt->snarf.open_c = strtoul (arg, NULL, 10);
210 if (!strcmp (R_SNARFREFUSED_C, tag))
211 opt->snarf.refused_c = strtoul (arg, NULL, 10);
212 if (!strcmp (R_IDEV, tag))
213 if (strlen (arg) > 0)
214 opt->lnet.device = strdup (arg);
215 if (!strcmp (R_HOSTFILE, tag))
216 if (strlen (arg) > 0)
217 opt->hostfile = strdup (arg);
218
219 return (0);
220}
221
222
223/*
224 * read restore-file
225 * return 0 on success, -1 on failure
226 * sscanf is exploitable. have fun. What kind of stupid admin
227 * who set a +s on this programm. harhar
228 */
229int
230read_restore (char *filename)
231{
232 FILE *fptr;
233 char buf[1024];
234 char tag[1024], arg[1024];
235
236 if (opt->flags & OPT_VERB)
237 fprintf (stderr, "Reading restore file '%s'.\n", filename);
238
239 if ((fptr = fopen (filename, "rb")) == NULL)
240 {
241 printf ("OPEN FAILED\n");
242 return (-1);
243 }
244
245 while (fgets (buf, sizeof (buf), fptr) != NULL)
246 {
247 if (strchr (buf, '#') != NULL)
248 continue;
249
250 tag[0] = arg[0] = '\0';
251 sscanf (buf, "%[^: ]%*[: \t]%[^#\n]%*[\n]", tag, arg);
252
253 if (restore_processtag (tag, arg) == -1)
254 {
255 fprintf (stderr, "error while processing restore file with '%s:%s' \n ", tag, arg);
256 exit (-1);
257 }
258
259 }
260
261 fclose (fptr);
262 return (0);
263}
diff --git a/other/b-scan/tmp/src/signal.c b/other/b-scan/tmp/src/signal.c
new file mode 100644
index 0000000..a2af01f
--- /dev/null
+++ b/other/b-scan/tmp/src/signal.c
@@ -0,0 +1,72 @@
1#include <signal.h>
2#include <bscan/signal.h>
3
4/*
5 * add the signals that you want to be set to default-action
6 */
7int
8do_sig_setall (sighandler_t action)
9{
10#ifdef SIGHUP
11 signal (SIGHUP, action);
12#endif
13#ifdef SIGINT
14 signal (SIGINT, action);
15#endif
16#ifdef SIGQUIT
17 signal (SIGQUIT, action);
18#endif
19#ifdef SIGABRT
20 signal (SIGABRT, action);
21#endif
22#ifdef SIGPIPE
23 signal (SIGPIPE, action);
24#endif
25#ifdef SIGALRM
26 signal (SIGALRM, action);
27#endif
28#ifdef SIGTERM
29 signal (SIGTERM, action);
30#endif
31#ifdef SIGUSR1
32 signal (SIGUSR1, action);
33#endif
34#ifdef SIGUSR1
35 signal (SIGUSR1, action);
36#endif
37#ifdef SIGCHLD
38 signal (SIGCHLD, action);
39#endif
40#ifdef SIGCOMT
41 signal (SIGCOMT, action);
42#endif
43#ifdef SIGSTOP
44 signal (SIGSTOP, action);
45#endif
46#ifdef SIGTSTP
47 signal (SIGTSTP, action);
48#endif
49#ifdef SIGTTIM
50 signal (SIGTTIM, action);
51#endif
52#ifdef SIGTTOU
53 signal (SIGTTOU, action);
54#endif
55
56 return (0);
57}
58
59/*
60 * sig-ctl function.
61 * atm only SIG_DFL implemented....
62 */
63int
64sigctl (int flags, sighandler_t action)
65{
66 int ret = 0;
67
68 if (flags & SIG_SETALL)
69 ret = do_sig_setall (action);
70
71 return (ret);
72}
diff --git a/other/b-scan/tmp/src/snarf.c b/other/b-scan/tmp/src/snarf.c
new file mode 100644
index 0000000..fce8b9e
--- /dev/null
+++ b/other/b-scan/tmp/src/snarf.c
@@ -0,0 +1,211 @@
1#include <stdlib.h>
2
3#include <sys/types.h>
4#include <sys/socket.h>
5#ifndef __FAVOR_BSD
6#define __FAVOR_BSD
7#endif
8#ifndef __USE_BSD
9#define __USE_BSD
10#endif
11#ifndef __BSD_SOURCE
12#define __BSD_SOURCE
13#endif
14
15#include <pcap.h>
16#include <bscan/bscan.h>
17#include <bscan/snarf.h>
18#include <bscan/module.h>
19#include <bscan/signal.h>
20
21pcap_t *ip_socket;
22
23/*
24 * some global variables (modules need access etc)
25 */
26int dlt_len;
27u_char *align_buf = NULL;
28unsigned short ip_options = 0;
29struct ip *ip;
30struct Ether_header *eth;
31u_int pcaplen, plen;
32struct timeval *pts;
33
34extern struct _opt *opt;
35#ifdef HAVE_DLSYM
36extern const int modcount;
37extern const struct _mods mods[MAX_MODULES];
38#endif
39
40
41/*
42 * answer on arp-request.
43 */
44static void
45handle_arp (struct pcap_pkthdr *p, struct Ether_header *eth,
46 struct Arphdr *arp)
47{
48 u_long *ipdummy = (u_long *) arp->ar_tip;
49
50 if (ntohs (arp->ar_op) != ARPOP_REQUEST)
51 return;
52
53#ifdef DEBUG
54 printf ("ARPG request for %s\n", int_ntoa ((u_long) * ipdummy));
55#endif
56 if (*ipdummy == opt->nt.src)
57 play_arpg (&opt->lnet, arp->ar_tip, (u_char *) opt->spf_smac,
58 (u_char *) arp->ar_sip, eth->ether_shost);
59}
60
61
62/*
63 * called by libpcap
64 */
65static void
66filter_packet (u_char * u, struct pcap_pkthdr *p, u_char * packet)
67{
68 int c;
69 static u_char *align_eth = NULL;
70
71 if (p->len < (dlt_len + sizeof (struct Arphdr)))
72 return;
73 if (align_buf == NULL)
74 align_buf = (u_char *) malloc (2048);
75 if (align_eth == NULL)
76 align_eth = (u_char *) malloc (42);
77
78 memcpy ((char *) align_buf, (char *) (packet + dlt_len), p->caplen);
79 memcpy ((char *) align_eth, (char *) packet, 42);
80 eth = (struct Ether_header *) (align_eth);
81 ip = (struct ip *) (align_buf);
82
83 if (ntohs (eth->ether_type) == ETHERTYPE_ARP)
84 {
85 handle_arp (p, eth, (struct Arphdr *) (align_buf));
86 return;
87 }
88
89
90 if (ntohs (eth->ether_type) != ETHERTYPE_IP)
91 return;
92 if (vrfy_ip (ip, p->len - dlt_len, &ip_options) != 0)
93 return;
94 if (ip->ip_dst.s_addr != opt->nt.src)
95 return;
96 if (p->len < (dlt_len + sizeof (*ip) + ip_options))
97 return;
98
99 /* here only 'my-ip' packets */
100
101/* module entry point TWO */
102/* packet is verifite, belongs to us + valid size */
103/* return of module tell us if we should procced as usual or not */
104/* DROP is valid here ! */
105
106 plen = p->len;
107 pcaplen = p->caplen;
108 pts = &p->ts;
109
110#ifdef HAVE_DLSYM
111 c = 0;
112 while (c < modcount)
113 mods[c++].callmdl (MOD_RCV, opt);
114#endif
115
116}
117
118/*
119 * init pcap network stuff
120 * only called once on startup.
121 * -1 = error
122 * 0 = success
123 */
124int
125pcap_init_net (char *iface, int promisc, char *filter, int *dltlen)
126{
127 char errbuf[PCAP_ERRBUF_SIZE];
128 struct bpf_program prog;
129 bpf_u_int32 network, netmask;
130
131 if (iface == NULL)
132 {
133 iface = pcap_lookupdev (errbuf);
134 if (iface == NULL)
135 {
136 fprintf (stderr, "pcap_lookupdev: %s\n", errbuf);
137 return (-1);
138 }
139 }
140 if (pcap_lookupnet (iface, &network, &netmask, errbuf) < 0)
141 {
142 fprintf (stderr, "pcap_lookupnet: %s\n", errbuf);
143 return (-1);
144 }
145 ip_socket = pcap_open_live (iface, 1024, promisc, 1024, errbuf);
146 if (ip_socket == NULL)
147 {
148 fprintf (stderr, "pcap_open_live: %s\n", errbuf);
149 return (-1);
150 }
151 switch (pcap_datalink (ip_socket))
152 {
153 case DLT_EN10MB:
154 *dltlen = 14;
155 break;
156 case DLT_SLIP:
157 *dltlen = 16;
158 break;
159 default:
160 *dltlen = 4;
161 break;
162 }
163 if (pcap_compile (ip_socket, &prog, filter, 1, netmask) < 0)
164 {
165 fprintf (stderr, "pcap_compile: %s\n", errbuf);
166 return (-1);
167 }
168 if (pcap_setfilter (ip_socket, &prog) < 0)
169 {
170 fprintf (stderr, "pcap_setfilter: %s\n", errbuf);
171 return (-1);
172 }
173
174 return 0;
175}
176
177
178/*
179 * called by main-thread.
180 * doing all the snarf, arp-reply, tcp-stack stuff from here
181 */
182void *
183do_snarf (void *iface)
184{
185/* sigctl (SIG_SETALL, SIG_DFL);
186 signal (SIGINT, SIG_IGN);
187*/
188
189 pcap_init_net (iface, 1, PCAP_FILTER, &dlt_len);
190
191 /* the parent thread should at least w8 until we are ready to rumble */
192 opt->flags &= ~OPT_W8SEMA;
193
194 while (1)
195 pcap_loop (ip_socket, -1, (pcap_handler) filter_packet, NULL);
196
197 undo_snarf(); /*### fixme, somewhere else */
198
199 pthread_exit(NULL); /* no return values needed */
200 return NULL;
201}
202
203/*
204 * close everything that was initialized with do_snarf
205 */
206void
207undo_snarf ()
208{
209 pcap_close (ip_socket);
210}
211
diff --git a/other/b-scan/tmp/src/system.c b/other/b-scan/tmp/src/system.c
new file mode 100644
index 0000000..a3ccc94
--- /dev/null
+++ b/other/b-scan/tmp/src/system.c
@@ -0,0 +1,349 @@
1#include <sys/types.h>
2#include <sys/ipc.h>
3#include <sys/shm.h>
4#include <sys/mman.h>
5#include <sys/time.h>
6#include <stdio.h>
7#include <unistd.h>
8#include <stdlib.h>
9#include <string.h>
10#include <ctype.h>
11#include <fcntl.h>
12#include <time.h>
13
14#ifndef SHMMNI
15#define SHMMNI 100
16#endif
17
18#define MAXSHM 4 /* its bscan. we need <4 shm's */
19
20static int shm_id = -1; /* last used id */
21static int shm_c = -1; /* shm_alloc counter */
22
23static struct _shm
24{
25 int id;
26 void *ptr;
27}
28shm[MAXSHM];
29
30
31/*
32 * uhm. hard job for the process coz the process
33 * does not get the shm_id. uhm. i should make a static traking list
34 * of all shared memory segments (addr <-> id mapping maybe ?)
35 * on the other hand...since an attachment count is maintained for
36 * the shared memory segment the segment gets removed when the last
37 * process using the segment terminates or detaches it.
38 * hmm. Seems the following function is completly useless....:>
39 * Hey. why are you reading my comments ? write me: anonymous@segfault.net!
40 */
41int
42shmfree (int shm_id)
43{
44 if (shm_id < 0)
45 return (-1);
46 return (shmctl (shm_id, IPC_RMID, 0));
47}
48
49/*
50 * kill ALL shm's
51 * uhm. this is brutal. but shm is risky. you can bring
52 * down ANY system if you waste all shm's. Shm's dont get
53 * freed on process-exit !!! syslog will fail, inetd will fail, ..
54 * any program that tries to alloc shared memory...nono good :>
55 * root can use 'ipcrm shm <id>' do free the shm's.
56 * that's why we use this brutal "killall"-method.
57 * something else: killall-method is realy BRUTAL. believe me!
58 * If you have other functions registered on exit (atexit)
59 * and you try to reference to a shm within these function...you are lost
60 * Unexpected things will happen....
61 */
62void
63shmkillall ()
64{
65 int c;
66
67 for (c = 0; c < shm_c; c++)
68 shmfree (shm[c].id);
69}
70
71/*
72 * allocate shared memory (poor but fast IPC)
73 * the value returned is a pointer to the allocated
74 * memory, which is suitably aligned for any kind of
75 * variable, or NULL if the request fails.
76 *
77 * TODO: on SVR4 use open("/dev/zero", O_RDWR); and mmap trick for speedup
78 */
79void *
80shmalloc (int flag, size_t length)
81{
82 void *shm_addr;
83 int c = 0;
84
85 if (shm_c == -1) /* init all the internal shm stuff */
86 {
87 atexit (shmkillall);
88 shm_c = 0;
89 }
90
91 if (shm_c >= MAXSHM)
92 return (NULL); /* no space left in list. no bscan ?? */
93
94 if (flag == 0)
95 flag = (IPC_CREAT | IPC_EXCL | SHM_R | SHM_W);
96
97 while (c < SHMMNI) /* brute force a NEW shared memory section */
98 if ((shm_id = shmget (getpid () + c++, length, flag)) != -1)
99 break;
100 else
101 return (NULL);
102
103 if ((shm_addr = shmat (shm_id, NULL, 0)) == NULL)
104 return (NULL);
105
106 shm[shm_c].id = shm_id;
107 shm[shm_c].ptr = shm_addr;
108 shm_c++; /* increase shm-counter */
109
110 return (shm_addr);
111}
112
113#ifdef WITH_NANOSLEEP
114/* add lib '-lrt' */
115/*
116 * nanosec must be in the range 0 to 999 999 999
117 * ..we dont care about signals here...
118 */
119void
120do_nanosleep (time_t sec, long nsec)
121{
122 struct timespec mynano;
123 mynano.tv_sec = sec;
124 mynano.tv_nsec = nsec;
125 nanosleep (&mynano, NULL);
126}
127#endif
128
129
130/*
131 * xchange data p1 <-> p2 of length len
132 */
133void
134xchange (void *p1, void *p2, int len)
135{
136 unsigned char buf[len];
137
138 memcpy (buf, p1, len);
139 memcpy (p1, p2, len);
140 memcpy (p2, buf, len);
141}
142
143/*
144 * calculate time-difference now - in
145 * and return diff in 'now'
146 */
147void
148time_diff (struct timeval *in, struct timeval *now)
149{
150 if ((now->tv_usec -= in->tv_usec) < 0)
151 {
152 now->tv_sec--;
153 now->tv_usec += 1000000;
154 }
155 now->tv_sec -= in->tv_sec;
156}
157
158/*
159 * converts a 'esc-sequenced' string to normal string
160 * return string in dst.
161 * returns 0 on success
162 * todo: \ddd decoding
163 */
164int
165ctoreal(char *src, char *dst)
166{
167 char c;
168
169 if ((src == NULL) || (dst == NULL))
170 {
171 dst = NULL;
172 return(0); /* yes, its ok. */
173 }
174
175 while (*src != '\0')
176 if (*src == '\\')
177 {
178 switch((c = *++src))
179 {
180 case 'n':
181 *dst++ = '\n';
182 break;
183 case 'r':
184 *dst++ = '\r';
185 break;
186 case 't':
187 *dst++ = '\t';
188 break;
189 case '\\':
190 *dst++ = '\\';
191 break;
192 case 's':
193 *dst++ = ' ';
194 break;
195 default:
196 *dst++ = c;
197 /* printf("unknown escape sequence 0x%2.2x\n", c);*/
198 break;
199 }
200 src++;
201 } else
202 {
203 *dst++ = *src++;
204 }
205 *dst = '\0';
206 return(0);
207}
208
209
210/*
211 * parse data, format data and print to fd (only prinatable chars)
212 * supress \r, nonprintable -> '_';
213 * output line by line [\n] with 'prefix' before each line.
214 * prefix is a 0-terminated string
215 */
216void
217save_write(FILE *fd, char *prefix, unsigned char *data, int data_len)
218{
219 int c;
220 unsigned char *ptr = data;
221 unsigned char *startptr = data;
222 const char trans[] =
223 "................................ !\"#$%&'()*+,-./0123456789"
224 ":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
225 "nopqrstuvwxyz{|}~...................................."
226 "....................................................."
227 "........................................";
228
229
230 if (prefix == NULL)
231 prefix = "";
232
233 for (c = 0; c < data_len; c++)
234 {
235 if (*data == '\r') /* i dont like these */
236 {
237 data++;
238 continue;
239 }
240 if (*data == '\n')
241 {
242 *ptr = '\0';
243 fprintf (fd, "%s%s\n", prefix, startptr);
244 startptr = ++data;
245 ptr = startptr;
246 continue;
247 }
248
249 *ptr++ = trans[*data++];
250
251 }
252
253 if (ptr != startptr)
254 {
255 *ptr = '\0';
256 fprintf (fd, "%s%s\n", prefix, startptr);
257 }
258
259}
260
261/*
262 * check if data contains any non-printable chars [except \n]
263 * return 0 if yes,,,,1 if not.
264 */
265int
266isprintdata(char *ptr, int len)
267{
268 char c;
269
270 while(len-- > 0)
271 {
272 c = *ptr++;
273 if (c == '\n')
274 continue;
275 if (!isprint((int)c))
276 return(0);
277 }
278
279 return(1);
280}
281
282/*
283 * convert some data into hex string
284 * We DO 0 terminate the string.
285 * dest = destination
286 * destlen = max. length of dest (size of allocated memory)
287 * data = (non)printable input data
288 * len = input data len
289 * return 0 on success, 1 if data does not fit into dest, -1 on error
290 */
291int
292dat2hexstr(unsigned char *dest, unsigned int destlen, unsigned char *data,
293 unsigned int len)
294{
295 unsigned int i = 0;
296 unsigned int slen = 0;
297 unsigned char *ptr = dest;
298 unsigned char c;
299 char hex[] = "0123456789ABCDEF";
300
301 memset(dest, '\0', destlen);
302
303 while (i++ < len)
304 {
305 c = *data++;
306 if (slen + 3 < destlen)
307 {
308 *dest++ = hex[c / 16];
309 *dest++ = hex[c % 16];
310 *dest++ = ' ';
311 slen += 3;
312 ptr += 3;
313 } else {
314 return(1);
315 }
316 }
317
318 return(0);
319}
320
321
322/* dat2strip
323 *
324 * print the data at `data', which is `len' bytes long to the char
325 * array `dest', which is `destlen' characters long. filter out any
326 * non-printables. NUL terminate the dest array in every case.
327 *
328 * return the number of characters written
329 */
330
331int
332dat2strip(unsigned char *dest, unsigned int destlen, unsigned char *data,
333 unsigned int len)
334{
335 unsigned char *dp;
336
337 for (dp = dest ; dp - dest < destlen && len > 0 ; --len, ++data, ++dp) {
338 if (isprint (*data))
339 *dp = *data;
340 }
341
342 if (dp - dest < destlen)
343 *dp = '\0';
344 dest[destlen - 1] = '\0';
345
346 return (dp - dest);
347}
348
349
diff --git a/other/b-scan/tmp/src/test_garage.c b/other/b-scan/tmp/src/test_garage.c
new file mode 100644
index 0000000..06acf61
--- /dev/null
+++ b/other/b-scan/tmp/src/test_garage.c
@@ -0,0 +1,99 @@
1/* test_garage.c - test program for the garage module
2 *
3 * by scut / teso
4 */
5
6#include <stdio.h>
7#include <string.h>
8#include <stdlib.h>
9#include <time.h>
10#include <garage.h>
11
12
13void
14cleaner_t (ip_list *il);
15
16int
17main (int argc, char *argv[])
18{
19 int data_len;
20 unsigned char * data;
21 unsigned long int ip,
22 gip = 0;
23 unsigned long int ips;
24 garage_hdlr * hdl;
25 unsigned long int maxkeep;
26
27 printf ("mg_cidr_getmask (20) = 0x%08lx\n", mg_cidr_getmask (20));
28 printf ("mg_cidr_getmask (0xffffffc0) = 0x%08lx\n", mg_cidr_getmask (0xffffffc0));
29
30 if (argc < 2 || sscanf (argv[1], "%lu", &ips) != 1) {
31 printf ("usage: %s <number-of-ips> [maxkeep]\n\n", argv[0]);
32
33 exit (EXIT_FAILURE);
34 }
35 if (argc == 3 && sscanf (argv[2], "%lu", &maxkeep) != 1)
36 exit (EXIT_FAILURE);
37
38 srand (time (NULL));
39 hdl = mg_init ("footest", maxkeep, cleaner_t);
40
41 printf ("mg_cidr_getmask (0) = 0x%08lx\n", mg_cidr_getmask (0));
42
43 mg_write (hdl, 2048, "foobar", 7, 0);
44 mg_write (hdl, 2050, "foobar", 7, 0);
45 mg_write (hdl, 101911, "foobar", 7, 0);
46 mg_write (hdl, 28914191, "foobar", 7, 0);
47 printf ("mg_cidr_count (hdl, 2048, 32) = %lu\n", mg_cidr_count (hdl, 2048, 32));
48 printf ("mg_cidr_count (hdl, 2048, 31) = %lu\n", mg_cidr_count (hdl, 2048, 31));
49 printf ("mg_cidr_count (hdl, 2048, 30) = %lu\n", mg_cidr_count (hdl, 2048, 30));
50 printf ("mg_cidr_count (hdl, 2048, 13) = %lu\n", mg_cidr_count (hdl, 2048, 13));
51 printf ("mg_cidr_count (hdl, 2048, 0) = %lu\n", mg_cidr_count (hdl, 2048, 0));
52
53
54 ip = 123;
55 mg_write (hdl, ip, "foo", 4, 0);
56 mg_read (hdl, ip);
57 mg_clean (hdl, ip, NULL);
58
59 do {
60 ip = rand ();
61
62 data_len = rand () % 64;
63 data_len += 1; /* avoid allocating zero bytes */
64 data = malloc (data_len);
65 memset (data, '\x73', data_len);
66 data[data_len - 1] = '\0';
67
68 mg_write (hdl, ip, (void *) data, data_len, 1);
69 if (ips % 137 == 0)
70 gip = ip;
71
72 if (ips % 139 == 0)
73 (void) mg_read (hdl, gip);
74
75 ips -= 1;
76 if (ips % 5000 == 0)
77 mg_show (hdl);
78
79 } while (ips > 0);
80
81 mg_show (hdl);
82 mg_destroy (hdl, 0);
83
84 exit (EXIT_SUCCESS);
85}
86
87
88void
89cleaner_t (ip_list *il)
90{
91 if ((rand () % 20000) == 0)
92 printf ("cleaner_t: il = 0x%08lx IP = 0x%08lx\n",
93 (unsigned long int) il,
94 il->ip);
95
96 return;
97}
98
99
diff --git a/other/b-scan/tmp/src/tty.c b/other/b-scan/tmp/src/tty.c
new file mode 100644
index 0000000..5c99b7f
--- /dev/null
+++ b/other/b-scan/tmp/src/tty.c
@@ -0,0 +1,116 @@
1/*
2 * most of this stuff is ripped from solar's excelent john-1.6 source
3 */
4#include <sys/types.h>
5#include <sys/stat.h>
6#include <fcntl.h>
7
8#include <unistd.h>
9#include <stdlib.h>
10#include <termios.h>
11
12static int tty_fd = 0;
13static int tty_buf = -1;
14static struct termios saved_ti;
15
16
17/*
18 * Reads a character, returns -1 if no data available or on error.
19 */
20int
21tty_getchar ()
22{
23 int c;
24
25 /*
26 * process buffer first
27 */
28 if (tty_buf != -1)
29 {
30 c = tty_buf;
31 tty_buf = -1;
32 return (c);
33 }
34
35 if (tty_fd)
36 {
37 c = 0;
38 if (read (tty_fd, &c, 1) > 0)
39 return c;
40 }
41
42 return (-1);
43}
44
45/*
46 * check if someone pressed a key
47 * Actually we do a read on the fd and store the result in a buffer
48 * todo: check with ioctl if data is pending
49 * return 1 is data is pending, 0 if not
50 */
51int
52tty_ischar ()
53{
54 if (tty_buf != -1)
55 return (1);
56
57 if ((tty_buf = tty_getchar ()) != -1)
58 return (1);
59
60 return (0);
61}
62
63
64/*
65 * Restores the terminal parameters and closes the file descriptor.
66 */
67void
68tty_done ()
69{
70 int fd;
71
72 if (!tty_fd)
73 return;
74
75 fd = tty_fd;
76 tty_fd = 0;
77 tcsetattr (fd, TCSANOW, &saved_ti);
78
79 close (fd);
80}
81
82
83/*
84 * Initializes the terminal for unbuffered non-blocking input. Also registers
85 * tty_done() via atexit().
86 */
87void
88tty_init ()
89{
90 int fd;
91 struct termios ti;
92
93 if (tty_fd)
94 return;
95
96 if ((fd = open ("/dev/tty", O_RDONLY | O_NONBLOCK)) < 0)
97 return;
98
99 if (tcgetpgrp (fd) != getpid ())
100 {
101 close (fd);
102 return;
103 }
104
105 tcgetattr (fd, &ti);
106 saved_ti = ti;
107 ti.c_lflag &= ~(ICANON | ECHO);
108 ti.c_cc[VINTR] = 3; /* CTRL-C is INTR */
109 ti.c_cc[VMIN] = 1;
110 ti.c_cc[VTIME] = 0;
111 tcsetattr (fd, TCSANOW, &ti);
112
113 tty_fd = fd;
114
115 atexit (tty_done);
116}