Re: [NSE API] Separate Dnet Objects?

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Marek,

majek04 wrote:
> Yes. Both pcap and sockets, use nsock library. The socket object
> contains of very similar fields, like nsock descriptor or timeout.
> So it was rather obvious to use the same object.
>
> On the other hand dnet doesn't share any fields with sockets.
> Dnet only needs to have dnet ethernet descriptor.
> (which is cached, but that's a different story).

I know that the dnet module's implementation is very different than that
of the connect() and pcap modules, but I'm thinking from a script
writer's perspective.  If it's not inefficient or too much trouble to
do, I still think that sending and receiving should share the same
socket object.  Is this just a bad idea?

> The next thing is ip_send method that I created on dnet object.
> http://ai.pjwstk.edu.pl/~majek/private/nmap/nse-pcap-u2/partial/nsepcap-sendip.diff
>
> Maybe there should be the same interface for sending ip packets as for sending
> ethernet frames?
>
> What do you think about something like:
> nmap.send_packet(packet_data, layer)
> // layer values: 2->ethernet, 3->ip

I think that it is different enough setting up the data for the packets
that a different function call for sending the two makes sense,
especially since you have to setup the interface and specify the layer
you want to send on anyway.  However, having a layer-independent sending
function would be cool.

There can be ethernet_open()/ip_open() and ethernet_close()/ip_close()
functions.  Then a sending function can be layer-neutral.  This would
allow for switching between ethernet frame and IP packets.  I don't know
how great of a packet-parser would be needed to really (and
unmistakably) differentiate between the frames and IP packets.
Obviously checking the IP version number as you do in your patch is a start.

I'm fixing to run out the door for class, so I don't have time to see if
any checking is done on ethernet frames, etc. (I've never used libdnet
so I don't know if it does some parsing or leaves it to the user or what).

> > If not, is it too late to
> >  change this?  Only promiscuous.nse appears to require the dnet
> >  functionality, so that's the only script that would need changing.
> >  Maybe an NSE student can do this this summer.
>
> No, it's not too late. I can change it.
>
> Marek Majkowski

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR/Dl8/9K37xXYl36AQJQ/A//VQoz9ibr6huka99tJX9gZHAtAiYNxHvJ
N78r4tIzeEeDKMmhAc7pq2q9tuEVDkfiuBOQpfNQ7lpdRG6JZLZjncU2Aw5PQCJ5
dSChxV/sSOb3Jv3wVhQ+ycPkVq8foMBc8Nmew2K+vlueuXClRBH7/nvITDObxJ+2
9C76Uplk+aH5lMRL3bPmJoZmPp2UOr0NtiUYWaONkjIHM/9su8LQ7NB4cSk8YGqv
MVk2YxdzcTkDqaDzA3AY8nImhi4qskFgLaBsFcbe+WyqgYOzZcBwuNWCZexmI6OG
xQoyb0f212kMcTv9TXoYg891z4i8QkHQKm6FpiZhewpG7AcQF3gkTvwnhC7QbOGE
jwy8YbU+dKw2rQGG0NLbislgHjttRvHQIJzKvtpuK3DPPyAaNf43qeTrKRsF3Q3T
GnABIiv0YzMt08gCe2slkuRAU2r4qpURmBE+VGfpiH1DifP6uj+hALfc5+5VyOMe
yHvkrUkzYv1eTB1WzQua+v8yKMDd2PR0hHg5wIUKP0x/HpoZC1HlCqU+HcDh1+TY
Y5MZIdPSLwpOnYVjCfTZWf1DLThI3qaiZ8dFtKIvDdmTlfhOL2MXNvJY8ed6b3ar
v2DxzhFQnRaoaJIRqdr7w1IfZy3rvA9kQCIPW9/TDPir+SwgzbTvlfPRuG0KfpnN
xuB1tKeFyGA=
=GdJT
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org