Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Receiving broadcasts in Nsock

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 17 Aug 2010 00:24:52 +0200

On 16 aug 2010, at 23.33, David Fifield wrote:


On Sun, Aug 15, 2010 at 10:40:58PM +0200, Patrik Karlsson wrote:


On 13 aug 2010, at 17.40, Daniel Miller wrote:


On 08/12/2010 04:02 PM, Ron wrote:

On Thu, 12 Aug 2010 22:52:38 +0200 Patrik Karlsson<patrik () cqure net>
wrote:


About broadcast in NSE, do you need to do something to set
SO_BROADCAST on the socket or is this taken care of?


I'm *guessing* that's the issue, and I remember talking about
enabling SO_BROADCAST on the list in the past. I don't think NSE
has the ability to enable SO_BROADCAST, but I could be wrong.


SO_BROADCAST support was added to nsock, but is off by default. From
nsock/include/nsock.h:

 /* Turns on or off broadcast support on new sockets. Default is off
     (0, false) set in nsp_new(). Any non-zero (true) value sets
     SO_BROADCAST on all new sockets (value of optval will be used
 directly
     in the setsockopt() call */
 void nsp_setbroadcast(nsock_pool nsp, int optval);

nsp_new() is called for NSE in nse_nsock.cc in luaopen_nsock(). To
enable broadcast, a call to nsp_setbroadcast() must be made after
that call.


So I looked into this a bit more as I was curios to test some new ideas out. 
I managed to make the setbroadcast call and have my NSE code send
broadcasts out.
However, I ran into some trouble as all UDP sockets are connected to
the destination address.


I investigated this last year, and determined that the problem was that
in Nsock, there is no way to create a socket without also connecting it.
The underlying call to socket isn't made until nsock_connect_internal is
called, which is later than when nsi_new is called. I posted an example
that works in Python but not in NSE here:

http://seclists.org/nmap-dev/2009/q4/105

Normally you would do new_socket, bind, receive. This doesn't work in
NSE because when you do the receive you don't have a real socket yet;
creating a socket by doing a connect first somehow prevents the receive
from working.

My recommendation then was to create a real socket at the time of
nsi_new.


The man page for connect says:
"The parameter socket is a socket. If it is of type SOCK_DGRAM, this
call specifies the peer with which the socket is to be associated;
this address is that to which datagrams are to be sent, and the only
address from which data-grams are to be received."

As far as I can tell this makes it difficult to receive any response
at all to a broadcast request.
I made a quick test re-connecting the socket with the address family
AF_UNSPEC immediately after the send was issued.

"Datagram sockets may dissolve the association by connecting to an
invalid address, such as a null address or an address with the address
family set to AF_UNSPEC (the error EAFNOSUPPORT will be harmlessly
returned)."

This allowed the socket to receive the response from one of the
clients responding to the broadcast request.


Can you show how you did this? It's a clever idea.


I changed the send to a sendto and it now works on linux as well.
The problem with copying the peer data from recvfrom is that the next send will go to the wrong host.
This currently is not a problem for me in my testing, ones it becomes a problem I might fix that to ;)

Here's a new patch.




David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: nsock-broadcast-2.patch
Description: 



//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: