1 /**********************************************************************
2  * Copyright (C) (2004) (Jack Louis) <jack@dyadsecurity.com>          *
3  *                                                                    *
4  * This program is free software; you can redistribute it and/or      *
5  * modify it under the terms of the GNU General Public License        *
6  * as published by the Free Software Foundation; either               *
7  * version 2 of the License, or (at your option) any later            *
8  * version.                                                           *
9  *                                                                    *
10  * This program is distributed in the hope that it will be useful,    *
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of     *
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the      *
13  * GNU General Public License for more details.                       *
14  *                                                                    *
15  * You should have received a copy of the GNU General Public License  *
16  * along with this program; if not, write to the Free Software        *
17  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.          *
18  **********************************************************************/
19 #ifndef _SCAN_EXPORTS_H
20 # define _SCAN_EXPORTS_H
21 
22 #ifndef TH_FIN
23 #define TH_FIN	0x01	/* finished send data */
24 #endif
25 #ifndef TH_SYN
26 #define TH_SYN	0x02	/* synchronize sequence numbers */
27 #endif
28 #ifndef TH_RST
29 #define TH_RST	0x04	/* reset the connection */
30 #endif
31 #ifndef TH_PUSH
32 #define TH_PUSH	0x08	/* push data to the app layer */
33 #define TH_PSH  0x08	/* its too irritating to not have this */
34 #endif
35 #ifndef TH_ACK
36 #define TH_ACK	0x10	/* acknowledge */
37 #endif
38 #ifndef TH_URG
39 #define TH_URG	0x20	/* urgent! */
40 #endif
41 #ifndef TH_ECE
42 #define TH_ECE	0x40
43 #endif
44 #ifndef TH_CWR
45 #define TH_CWR	0x80
46 #endif
47 
48 #define MODE_TCPSCAN	1
49 #define MODE_UDPSCAN	2
50 #define MODE_IDLESCAN	4
51 #define MODE_ARPSCAN	8
52 
53 #define REPORT_BADNETWORK_CKSUM		1
54 #define REPORT_BADTRANSPORT_CKSUM	2
55 
56 #define OD_TYPE_OS	1
57 #define OD_TYPE_BANNER	2
58 
59 #define REPORT_TYPE_IP		1
60 #define REPORT_TYPE_ARP		2
61 
62 #define IP_REPORT_MAGIC		0xd2d1
63 #define ARP_REPORT_MAGIC	0xd9d8
64 
65 typedef struct output_data_t {
66 	uint8_t type;
67 	union {
68 		char *os;
69 		char *banner;
70 	} t_u;
71 } output_data_t;
72 
73 typedef struct _PACKED_ ip_report_t {
74 	uint16_t magic;			/* extra checking										*/
75 	uint16_t sport;			/* from our senders `local' port								*/
76 	uint16_t dport;			/* the `target' machines listening port (or not listening)					*/
77 	uint8_t proto;			/* what ip protocol it was that we got back							*/
78 	uint16_t type;			/* for icmp this is type , for tcp it is the header flags on the packet, udp doesnt use this	*/
79 	uint16_t subtype;		/* for icmp this is the code, for tcp and udp it is not used					*/
80 	uint32_t host_addr;		/* our target machine										*/
81 	uint32_t trace_addr;		/* if we sent to the target where did the packet come back from?				*/
82 	uint8_t ttl;			/* the raw ttl on the packet from the wire (not that we sent)					*/
83 	struct timeval recv_time; 	/* the secs and usecs that we pulled the packet off the wire at					*/
84 	void *od_q;			/* list of arbitrary data linked to this "packet" used in output mode (output_data_t list)	*/
85 	uint16_t flags;			/* had bad network or transport crc								*/
86 	/* XXX this is too tcp specific for ip reporting */
87 	uint32_t mseq;			/* tcp only											*/
88 	uint32_t tseq;			/* tcp only											*/
89 	uint16_t window_size;		/* tcp only											*/
90 	uint16_t doff;			/* is there a packet following this report structure? if so (not 0) how many bytes is it	*/
91 } ip_report_t;
92 
93 typedef struct _PACKED_ arp_report_t {
94 	uint16_t magic;			/* extra checking										*/
95 	uint8_t hwaddr[6];
96 	uint32_t ipaddr;
97 	struct timeval recv_time;
98 	void *od_q;
99 	uint16_t flags;
100 	uint16_t doff;
101 } arp_report_t;
102 
103 typedef struct seo_t {
104 	uint16_t fingerprint;		/* what fingerprint was the sender run with			*/
105 	uint8_t tos;			/* what is the ip tos on the senders packets			*/
106 	uint8_t ttl;			/* what is the ip ttl on the senders packets			*/
107 	uint16_t ip_off;		/* what is the ip frag field on the senders packets		*/
108 	uint8_t tcphdrflgs;		/* what tcp flags did the sender use				*/
109 	int32_t src_port;		/* what src port did the sender send from? (-1 for random)	*/
110 } seo_t;
111 
112 #ifndef SCANSETTINGS
113 #define SCANSETTINGS void
114 #endif
115 
116 /* prototypes for common.h used in getconfig.c */
117 
118 int get_scanopts(seo_t *);
119 void scan_setprivdefaults();
120 /* returns -1 on error, otherwise returns what the scan mode is */
121 int scan_setmode(const char *);
122 int scan_settcpflags(int );
123 /* should all return -1 on error */
124 int scan_setttl(int );
125 int scan_settos(int );
126 int scan_setbroken(const char *);
127 int scan_setfingerprint(int );
128 int scan_setsrcp(int);
129 int scan_setrecvtimeout(int );
130 
131 void send_mode(void);
132 void recv_mode(void);
133 void init_mode(void);
134 void run_mode(void);
135 
136 int add_payload(uint16_t /* port */, int32_t /* local port */ , const uint8_t * /* payload */, uint32_t /* payload_size */,
137 int (* /* create payload */)(uint8_t **, uint32_t *), uint16_t /* payload flags */);
138 
139 int get_payload(uint16_t /*index*/, uint16_t /*port*/, uint8_t ** /*data*/, uint32_t * /*payload_s*/, int32_t * /*local_port*/,
140 int (** /*create payload */)(uint8_t **, uint32_t *), uint16_t /* payload_flags */);
141 
142 #endif
143