Nmap Development mailing list archives

Re: payload file prototype

From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Feb 2010 19:49:20 -0700

On Sun, Feb 14, 2010 at 08:07:41PM -0500, Jay Fink wrote:

So back to the initializing part, now that I read up on what std::map
does it makes more sense. We have:

struct proto_port {
  u8 proto;
 u16 port;
};

is our key pair that will actually be a single key to map::std.
Following might be what the global map looks like:

typedef map<void, char *> allPayloads;
allPayloads Payload;

lets say we were ready to insert a payload into the map, lets say we
found the following (not a real example) in our initialization loop:

udp 2234 "\x00\x01"

our parsing loop passes it to:
tmp_payload = "\x00\x01";
tmp_proto_port.proto = 17;
tmp_proto_pport.port = 2234;
Payload.insert(pair<vopid, char*)(tmp_proto_port, tmp_payload));


Okay, that looks right, but instead of a char * you want a struct
containing a char * (so that it can also contain a source port and
anything else that may be set for the payload). Instead of that insert
call, it's easier to do this:

Payload[tmp_proto_port] = tmp_payload;

I'm taking massive liberties with the types and passing. The only
difficulty I see is lookups, the documentation I read says that
looking for or comparing keys uses the bare value in the key pair,
which is fine, a simple loop could handle digging into the proto_port
struct and get a match like the psuedo code points out.


I don't know what you mean by the bare value and a loop. You might have
to do some things like defining operator< on proto_port to make it fit
the interface of std::map. Once you've done that, lookup is something
like

        std::map<struct proto_port, struct payload>::iterator it;
        it = Payload.find(tmp_proto_port);
        if (it == Payload.end())
                return NULL;
        else
                return &*it;

See for example hop_cache_lookup in traceroute.cc. Also look at HopIdent
for the operator< overloading.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: payload file prototype, (continued)
- - Re: payload file prototype Jay Fink (Jan 29)
  - Re: payload file prototype Jay Fink (Jan 31)
    - Re: payload file prototype David Fifield (Feb 01)
    - Re: payload file prototype Jay Fink (Feb 01)
    - Re: payload file prototype Jay Fink (Feb 04)
- Re: payload file prototype David Fifield (Feb 09)
  - Re: payload file prototype Jay Fink (Feb 11)
    - Re: payload file prototype David Fifield (Feb 12)
    - Re: payload file prototype Jay Fink (Feb 12)
    - Re: payload file prototype Jay Fink (Feb 14)
    - Re: payload file prototype David Fifield (Feb 15)
    - Re: payload file prototype Jay Fink (Feb 16)
    - Re: payload file prototype Jay Fink (Feb 18)
    - Re: payload file prototype David Fifield (Feb 19)