Nmap Development mailing list archives
Re: Status Report #16 of 17
From: "Luis M." <luis.mgarc () gmail com>
Date: Tue, 11 Aug 2009 18:36:09 +0100
Hi Jack, Thanks a lot for looking into the problem. However, the thing is a bit complicated. On one hand we have to allow ICMP packets from any host to pass the BPF filter because we may get a destination unreachable message from any box in the network. On the other hand, we want to keep per-IP statistics and these probably include having stats from all the hosts that send replies (we probably want to do reverse DNS resolution for hosts that were not our original targets) . If i got it right, your patch tries to determine the destination address that the original IP datagram had. That is a good idea but I don't think we should count dest unreachable msgs sent by other hosts as if we had received them from our target. That would give us the false idea that the target is actually replying to our probes. What I think we should do (and I'm telling you because I'd like to know your opinion on that) is have a separate target array so whenever we receive an ICMP error message from a host different than our original targets, we add an entry for it and update it's packet count. Does this make sense? Also, we could use your getIcmpDestAddrFromPacket() function to add new information to the newly created host like which destination was it that was unreachable, etc. (Well, I'll have to modify your code to include ipv6 support and add stricter bound checks as IPv4 headers may have options so we cannot always get the original dest IP from offset pkt+44). Please let me know what you think. Again, thanks for your help. Regards, Luis. Jack Grahl wrote:
Regarding detecting the right ICMP packets. The following patch worked for me, but with one problem. When printing stats at the end, every ICMP packet, not just the relevant ones, was included in the RCVD stats for all targets combined, although the individual host stats were correct. This is because addRecvPacket is called in line 1613 just above the part I changed, regardless of the packet. I'm not sure how best to fix that, IF this is right solution. Jack --- nping/nping.cc 2009-08-11 00:00:33.000000000 +0100 +++ nping-build/nping.cc 2009-08-09 11:54:14.000000000 +0100 @@ -174,6 +174,7 @@ int do_safe_checks(); void test_stuff(); struct sockaddr_storage *getSrcSockAddrFromPacket(u8 *pkt, size_t pktLen); +struct sockaddr_storage *getIcmpDestAddrFromPacket(u8 *pkt, size_t pktLen); u16 *getSrcPortFromPacket(u8 *pkt, size_t pktLen); u8 *getTCPheaderLocation(u8 *pkt, size_t pktLen); @@ -1619,7 +1620,11 @@ trg->setProbeRecvTCP(*prt, 0); } }else if (o.getMode()==ICMP){ + if(trg != NULL){ trg->setProbeRecvICMP(0, 0); + }else if (trg=o.targets.findTarget( getIcmpDestAddrFromPacket((u8*)packet, packetlen))){ + trg->setProbeRecvICMP(0, 0); + } } break; @@ -1857,6 +1862,25 @@ } /* End of getSrcSockAddrFromPacket() */ +/** @warning Returns pointer to an internal static buffer */ +struct sockaddr_storage *getIcmpDestAddrFromPacket(u8 *pkt, size_t pktLen){ + +static struct sockaddr_storage ss; +struct sockaddr_in *s_ip4=(struct sockaddr_in *)&ss; +struct ip *i4=(struct ip*)pkt; +memset(&ss, 0, sizeof(struct sockaddr_storage)); + + if(pkt==NULL || pktLen < 48) + return NULL; + + s_ip4->sin_family=AF_INET; + memcpy(&(s_ip4->sin_addr.s_addr), pkt+44, 4); + + return &ss; + _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Status Report #16 of 17 Luis M. (Aug 10)
- Re: Status Report #16 of 17 Jack Grahl (Aug 10)
- Re: Status Report #16 of 17 Luis M. (Aug 11)
- Re: Status Report #16 of 17 Jack Grahl (Aug 12)
- Re: Status Report #16 of 17 Luis M. (Aug 11)
- <Possible follow-ups>
- Status Report #16 of 17 J Marlow (Aug 10)
- Re: Status Report #16 of 17 ithilgore (Aug 10)
- Re: Status Report #16 of 17 Joao Correa (Aug 10)
- Re: Status Report #16 of 17 Patrick Donnelly (Aug 10)
- Re: Status Report #16 of 17 venkat sanaka (Aug 11)
- Re: Status Report #16 of 17 Jack Grahl (Aug 10)