Nmap Development mailing list archives
Re: [NSE] Raw sockets support
From: castorpilot <castorpilot () gmail com>
Date: Mon, 11 Dec 2006 20:02:37 +0000
Hi, I had also thought about Raw sockets, since it would be a good feature to add to NSE, but had encountered pretty much the same problems when it comes to writting a non_blocking implementation. At the time, I had written a quick and dirty wrapper for libnet and a sniffer, which I still use from time to time, but which does not scale at all. Writing support for libdnet should not be a problem, by reusing functions in tcpip.cc, but as you said, listening will not be easy. I am not good with Lua, but could coroutine do the job ? Or are they not thread enough ? Fred
Hi! I was thinking about raw sockets in Diman's NSE. Unfortunately there are some architectural problems. As for today NSE is using only NSOCK and only function that is blocking in NSE is "nsock_loop". In case of adding raw sockets we'll have to add support for: - creating raw packets (libdnet?) - capturing packets (libpcap) We would need to listen to both nsock and pcap descriptors. And here the problem comes. How to listen in the same time for two blocking mechanisms nsock_loop and pcap_dispatch. Solutions I can think about: - modify nsock and support listening to pcap in nsock_loop (I personally don't like this solution. I think that nsock shouldn't be changed if possible.) - run two threads of nmap. in one thread listen to nsock in other listen to pcap. (probably there will be huge compatibility problems with threads and synchronization) - set some custom flags on pcap descriptor and when packet comes signal SIGIO will be triggered. In signal handler do something to get out from nsock_loop function. (this solution is also very os-dependant and some changes to nsock will be needed) - check for pcap events after nsock_loop() leaves after some time. (some packets can be lost while nsock_loop() is working) - extract socket descriptors from nsock and run select() on them and on pcap by hand. (there will be complications with NSE_TYPE_TIMER events) Anyone has idea? Cheers!! Marek Majkowski _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Raw sockets support majek04 (Dec 11)
- Re: [NSE] Raw sockets support castorpilot (Dec 11)
- Re: [NSE] Raw sockets support Diman Todorov (Dec 11)
- Re: [NSE] Raw sockets support majek04 (Dec 12)
- Re: [NSE] Raw sockets support majek04 (Dec 15)
- Re: [NSE] Raw sockets support Fyodor (Dec 15)
- Re: [NSE] Raw sockets support Diman Todorov (Dec 11)
- Re: [NSE] Raw sockets support castorpilot (Dec 11)