1 /*************************************************************************** 2 * Nping.h -- This file contains general defines and constants used * 3 * throughout Nping's code. * 4 * * 5 ***********************IMPORTANT NMAP LICENSE TERMS************************ 6 * * 7 * The Nmap Security Scanner is (C) 1996-2020 Insecure.Com LLC ("The Nmap * 8 * Project"). Nmap is also a registered trademark of the Nmap Project. * 9 * * 10 * This program is distributed under the terms of the Nmap Public Source * 11 * License (NPSL). The exact license text applying to a particular Nmap * 12 * release or source code control revision is contained in the LICENSE * 13 * file distributed with that version of Nmap or source code control * 14 * revision. More Nmap copyright/legal information is available from * 15 * https://nmap.org/book/man-legal.html, and further information on the * 16 * NPSL license itself can be found at https://nmap.org/npsl. This header * 17 * summarizes some key points from the Nmap license, but is no substitute * 18 * for the actual license text. * 19 * * 20 * Nmap is generally free for end users to download and use themselves, * 21 * including commercial use. It is available from https://nmap.org. * 22 * * 23 * The Nmap license generally prohibits companies from using and * 24 * redistributing Nmap in commercial products, but we sell a special Nmap * 25 * OEM Edition with a more permissive license and special features for * 26 * this purpose. See https://nmap.org/oem * 27 * * 28 * If you have received a written Nmap license agreement or contract * 29 * stating terms other than these (such as an Nmap OEM license), you may * 30 * choose to use and redistribute Nmap under those terms instead. * 31 * * 32 * The official Nmap Windows builds include the Npcap software * 33 * (https://npcap.org) for packet capture and transmission. It is under * 34 * separate license terms which forbid redistribution without special * 35 * permission. So the official Nmap Windows builds may not be * 36 * redistributed without special permission (such as an Nmap OEM * 37 * license). * 38 * * 39 * Source is provided to this software because we believe users have a * 40 * right to know exactly what a program is going to do before they run it. * 41 * This also allows you to audit the software for security holes. * 42 * * 43 * Source code also allows you to port Nmap to new platforms, fix bugs, * 44 * and add new features. You are highly encouraged to submit your * 45 * changes as a Github PR or by email to the dev@nmap.org mailing list * 46 * for possible incorporation into the main distribution. Unless you * 47 * specify otherwise, it is understood that you are offering us very * 48 * broad rights to use your submissions as described in the Nmap Public * 49 * Source License Contributor Agreement. This is important because we * 50 * fund the project by selling licenses with various terms, and also * 51 * because the inability to relicense code has caused devastating * 52 * problems for other Free Software projects (such as KDE and NASM). * 53 * * 54 * The free version of Nmap is distributed in the hope that it will be * 55 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * 56 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties, * 57 * indemnification and commercial support are all available through the * 58 * Npcap OEM program--see https://nmap.org/oem. * 59 * * 60 ***************************************************************************/ 61 62 #ifndef NPING_H 63 #define NPING_H 1 64 65 /* Common library requirements and definitions *******************************/ 66 #include <stdio.h> 67 #include <math.h> 68 #include <assert.h> 69 #include <nbase.h> 70 #include <fcntl.h> 71 #include <stdarg.h> 72 #include <errno.h> 73 #include <ctype.h> 74 #include <sys/types.h> 75 #include <sys/stat.h> 76 77 #include "../libnetutil/netutil.h" 78 #include "../libnetutil/npacket.h" 79 80 #ifdef HAVE_CONFIG_H 81 #include "nping_config.h" 82 #else 83 #ifdef WIN32 84 #include "nping_winconfig.h" 85 #endif /* WIN32 */ 86 #endif /* HAVE_CONFIG_H */ 87 88 #ifndef WIN32 89 #include <sysexits.h> 90 #endif 91 92 #if HAVE_UNISTD_H 93 #include <unistd.h> 94 #endif 95 96 #ifdef STDC_HEADERS 97 #include <stdlib.h> 98 #else 99 void *malloc(); 100 void *realloc(); 101 #endif 102 103 #if STDC_HEADERS || HAVE_STRING_H 104 #include <string.h> 105 #if !STDC_HEADERS && HAVE_MEMORY_H 106 #include <memory.h> 107 #endif 108 #endif 109 110 #if HAVE_STRINGS_H 111 #include <strings.h> 112 #endif 113 114 #ifdef HAVE_BSTRING_H 115 #include <bstring.h> 116 #endif 117 118 #ifndef WIN32 119 #include <sys/wait.h> 120 #endif /* !WIN32 */ 121 122 #if HAVE_SYS_SOCKET_H 123 #include <sys/socket.h> 124 #endif 125 126 #if HAVE_NETINET_IN_H 127 #include <netinet/in.h> 128 #endif 129 130 #if HAVE_NETDB_H 131 #include <netdb.h> 132 #endif 133 134 #if TIME_WITH_SYS_TIME 135 #include <sys/time.h> 136 #include <time.h> 137 #else 138 #if HAVE_SYS_TIME_H 139 #include <sys/time.h> 140 #else 141 #include <time.h> 142 # endif 143 #endif 144 145 #ifdef HAVE_PWD_H 146 #include <pwd.h> 147 #endif 148 149 #if HAVE_ARPA_INET_H 150 #include <arpa/inet.h> 151 #endif 152 153 #if HAVE_SYS_RESOURCE_H 154 #include <sys/resource.h> 155 #endif 156 157 /* Keep assert() defined for security reasons */ 158 #undef NDEBUG 159 160 #define MAXLINE 255 161 162 /* CONSTANT DEFINES *********************************************************** 163 * @warning It's better not to play with these, because the code may make * 164 * SOME assumptions like "defined value A is an integer greater than defined * 165 * value B" or "value C is an odd integer greater than 0", etc. */ 166 167 /* VERBOSITY LEVELS */ 168 /* These are the defines for Nping's internal verbosity levels. Every time 169 * you write code for Nping and you have to print something to the terminal, 170 * you'll have to choose a verbosity level. You choose a level so your message 171 * gets printed only when the user has requested messages from that level to be 172 * printed. For example, we have some calls to output functions that print out 173 * things like "%d target IPs resolved". We don't want that message to always 174 * get printed during Nping's execution. We only want it out when the user 175 * has increase the verbosity. 176 * 177 * So the thing here is that there are two things that should be taken 178 * into account: 179 * 1. The current verbosity level that user has supplied from the command line 180 * 2. The verbosity level that we supply in our print calls ( nping_print(), 181 * nping_warning(), etc...) 182 * 183 * Fortunately Nping output functions already take care of checking the 184 * current verbosity level, so programmers only have to decide which level 185 * should they specify in their output calls. If you are a programmer and 186 * you are using nping_print(), nping_warning() or nping_fatal() calls in Nping's code, 187 * you have to ask yourself: Do I want to print extra information that 188 * shouldn't be printed by default? Or am I printing important stuff like 189 * errors, etc, that should almost always be printed out? 190 * 191 * In the first case, you will call the output function using a verbosity 192 * level of VB_0 or higher. Calls that specify VB_0 are printed by default 193 * as VB_0 is the base verbosity level. Calls that specify VB_1 get printed 194 * only when the user has incremented verbosity level by at least one using 195 * option "-v". Same with VB_2 for which the users needs to have specified 196 * either "-v2" or "-v -v". 197 * 198 * In the other case, where you are printing errors etc, you have supply 199 * levels like QT_1, QT_2, QT_3 or QT_4. Those are called quiet levels. 200 * They are called quiet levels from a user point of view but they are 201 * verbose to us, programmers, because calls that supply QT_X levels almost 202 * always get printed. This is because base verbosity is VB_0 and that 203 * includes all QT_X levels. So you have to be careful with those. QT_ levels 204 * should only be used to print important stuff like fatal errors, warnings, 205 * and some basic running time information. Level QT_4 is the quiet-est one 206 * and nothing is ever printed out. 207 * 208 * Check the comments after each level definition to see how they should be 209 * used. Here are some examples: 210 * 211 * nping_fatal(QT_3,"createIPv4(): NULL pointer supplied."); 212 * nping_print(DBG_2,"Resolving specified targets..."); 213 * nping_print(VB_0, "Raw packets sent: %llu ", this->stats.getSentPackets() ); 214 * 215 * */ 216 217 /* Less verbosity */ 218 #define QT_4 0 /**< No output at all */ 219 #define QT_3 1 /**< Fatal error messages, help info, version number */ 220 #define QT_2 2 /**< Warnings and very limited output(just some statistics) */ 221 #define QT_1 3 /**< Start and timing information but no sent/recv packets */ 222 223 /* Base level (QT_0 is provided for consistency but should not be used) */ 224 #define QT_0 4 /**< Normal info (sent/recv packets, statistics...) (DEFAULT */ 225 #define VB_0 4 /**< Normal info (sent/recv packets, statistics...) (DEFAULT)*/ 226 227 /* More verbosity */ 228 #define VB_1 5 /**< Detailed information about times, flags, etc. */ 229 #define VB_2 6 /**< Very detailed information about packets, */ 230 #define VB_3 7 /**< Reserved for future use */ 231 #define VB_4 8 /**< Reserved for future use */ 232 233 234 235 /* DEBUGGING LEVELS */ 236 #define DBG_0 30 /**< No debug information at all (DEFAULT) */ 237 #define DBG_1 31 /**< Very important or high level debug information */ 238 #define DBG_2 32 /**< Important or medium level debug information */ 239 #define DBG_3 33 /**< Regular and low level debug information */ 240 #define DBG_4 34 /**< Messages only a real Nping freak would want to see */ 241 #define DBG_5 35 /**< Enables Nsock (and other libs) basic tracing */ 242 #define DBG_6 36 /**< Enables full Nsock (and other libs) tracing */ 243 #define DBG_7 37 /**< Reserved for future use */ 244 #define DBG_8 38 /**< Reserved for future use */ 245 #define DBG_9 39 /**< Reserved for future use */ 246 247 248 #define MAX_IP_PACKET_LEN 65535 /**< Max len of an IP datagram */ 249 #define MAX_UDP_PAYLOAD_LEN 65507 /**< Check comments in UDPHeader::setSum() */ 250 251 #define MAX_DEV_LEN 128 /**< Max network interface name length */ 252 253 #define NO_NEWLINE 0x8000 /**< Used in nping_fatal(), nping_warning() and nping_print() */ 254 255 /** Bit count for number parsing functions */ 256 #define RANGE_8_BITS 8 257 #define RANGE_16_BITS 16 258 #define RANGE_32_BITS 32 259 #define RANGE_64_BITS 64 260 261 /* Crypto Lengths */ 262 #define CIPHER_BLOCK_SIZE (128/8) 263 #define CIPHER_KEY_LEN (128/8) 264 #define MAC_KEY_LEN (128/8) 265 266 /* General tunable defines **************************************************/ 267 #define NPING_NAME "Nping" 268 #define NPING_URL "https://nmap.org/nping" 269 #define NPING_VERSION "0.7.91" 270 271 272 #define DEFAULT_VERBOSITY VB_0 273 #define DEFAULT_DEBUGGING DBG_0 274 275 276 /**< Default number of probes that are sent to each target */ 277 #define DEFAULT_PACKET_COUNT 5 278 279 /* When doing traceroute, the number of packets sent to each host must be 280 * higher because 5 is probably not enough to reach the average target on the 281 * Internet. The following paper suggests that internet hosts are no more than 282 * 30 hops apart, so setting the packet count to 48 when --traceroute is set 283 * seems like a safe choice. 284 * Cheng, J., Haining, W. and Kang, GS. (2006). Hop-Count Filtering: An 285 * Effective Defense Against Spoofed DDoS Traffic. Australian Telecommu- 286 * nication Networks & Applications Conference (ATNAC). Australia. 287 * <http://portal.acm.org/citation.cfm?id=948109.948116> 288 */ 289 #define TRACEROUTE_PACKET_COUNT 48 290 291 #define DEFAULT_DELAY 1000 /**< Milliseconds between each probe */ 292 293 /** Milliseconds Nping waits for replies after all probes have been sent */ 294 #define DEFAULT_WAIT_AFTER_PROBES 1000 295 296 #define DEFAULT_IP_TTL 64 /**< Default IP Time To Live */ 297 #define DEFAULT_IP_TOS 0 /**< Default IP Type of Service */ 298 299 #define DEFAULT_IPv6_TTL 64 /**< Default IPv6 Hop Limit */ 300 #define DEFAULT_IPv6_TRAFFIC_CLASS 0x00 /**< Default IPv6 Traffic Class */ 301 302 303 #define DEFAULT_TCP_TARGET_PORT 80 /**< Default TCP target port */ 304 #define DEFAULT_UDP_TARGET_PORT 40125 /**< Default UDP target port */ 305 #define DEFAULT_UDP_SOURCE_PORT 53 /**< Default UDP source port */ 306 #define DEFAULT_TCP_WINDOW_SIZE 1480 /**< Default TCP Window size */ 307 308 /**< MTU used when user just supplies option -f but no MTU value */ 309 #define DEFAULT_MTU_FOR_FRAGMENTATION 72 310 311 #define DEFAULT_ICMP_TYPE 8 /**< Default ICMP message: Echo Request */ 312 #define DEFAULT_ICMP_CODE 0 /**< Default ICMP code: 0 (standard) */ 313 314 #define DEFAULT_ICMPv6_TYPE 128 /**< Default ICMPv6 message: Echo Request */ 315 #define DEFAULT_ICMPv6_CODE 0 /**< Default ICMPv6 code: 0 (standard) */ 316 317 #define DEFAULT_ARP_OP 1 /**< Default ARP operation: OP_ARP_REQUEST */ 318 319 /* WARNING: This is the max length for UDP and TCP payloads. Whatever you set 320 * here, it cannot exceed the worst case: 321 * 65535 bytes - IPv6Header with options - TCP Header with options. */ 322 #define MAX_PAYLOAD_ALLOWED 65400 323 324 /* I've tested this on a GNU/Linux 2.6.24 and I've seen that if the length 325 * of the whole IP packet is more than 16436 when using loopback interface or 326 * more than 1500 when using a normal network interface, the kernel complains 327 * and says "Message too long". This is obviously caused by the configured 328 * MTU. So the thing is that although we allow users to specify payloads up to 329 * MAX_PAYLOAD_ALLOWED bytes, when we generate random payloads, we set our 330 * on limit on 1500-20-20=1460 bytes. Let's be conservative and consider that 331 * IP packet has 40bytes of options and TCP has 20. So max length should be 332 * 1500-60-40 = 1400. */ 333 #define MAX_RANDOM_PAYLOAD 1400 334 #define MAX_RECOMMENDED_PAYLOAD 1400 335 336 337 /* Cached hosts in resolveChached() and gethostbynameCached() */ 338 #define MAX_CACHED_HOSTS 512 339 #define MAX_CACHED_HOSTNAME_LEN 512 340 341 /* (9929 because is prime as has not been assigned by IANA yet) */ 342 #define DEFAULT_ECHO_PORT 9929 343 344 /* The echo server tries to zero any application layer data before echoing 345 * network packets. However, sometimes we may not be able to successfully 346 * parse a given packet (decide whether the packet contains application data 347 * or not), so this define specifies the amount of bytes of a packet that the 348 * server does not zero in such case. 40 bytes allows IPv4+TCP, an IPv6 header, 349 * an IPv4+UDP+12payload bytes, etc. In the case of UDP, the first 12 data bytes 350 * would be leaked. However, we should be able to parse simple IPv4-UDP packets 351 * without problem, so it should never happen. We expect to use this constant 352 * when received packets are really weird (eg. tunneled traffic, protocols we 353 * don't understand, etc. The 40 bytes are a compromise between dropping the 354 * packet but provide total protection against data leakage due to attacks to 355 * the echo server, and providing some flexibility at the risk of leaking 356 * a few bytes if an attacker is able to trick the echo server into echoing 357 * packets that were not originated by him. */ 358 #define PAYLOAD_ECHO_BYTES_IN_DOUBT 40 359 360 #define NSOCK_INFINITE -1 361 362 /* Prototypes for nping.cc shared functions */ 363 char *getBPFFilterString(); 364 365 #endif 366