Nsock unconnected sockets

[David Fifield <david () bamsoftware com>]

On Mon, Aug 16, 2010 at 03:33:59PM -0600, David Fifield wrote:
> On Sun, Aug 15, 2010 at 10:40:58PM +0200, Patrik Karlsson wrote:
> > So I looked into this a bit more as I was curios to test some new ideas out. 
> > I managed to make the setbroadcast call and have my NSE code send
> > broadcasts out.
> > However, I ran into some trouble as all UDP sockets are connected to
> > the destination address.
>
> I investigated this last year, and determined that the problem was that
> in Nsock, there is no way to create a socket without also connecting it.
> The underlying call to socket isn't made until nsock_connect_internal is
> called, which is later than when nsi_new is called. I posted an example
> that works in Python but not in NSE here:
>
> http://seclists.org/nmap-dev/2009/q4/105
>
> Normally you would do new_socket, bind, receive. This doesn't work in
> NSE because when you do the receive you don't have a real socket yet;
> creating a socket by doing a connect first somehow prevents the receive
> from working.

Patrik Karlsson and I have been working on a solution to this in a
branch. The main change is the addition of a new function, nmap.setup,
that allows creating an unconnected UDP socket. With such a socket you
can receive packets from multiple addresses, and from the broadcast
address. It is used like this:

sock = nmap.new_socket()
s:setup("udp")
s:sendto("1.2.3.4", 80, "Hello world")
s:sendto("5.6.7.8", 80, "Hello world")

sock = nmap.new_socket()
s:bind(nil, 67)
s:setup("udp")
status, data = s:receive()
status, _, _, remote, remotep = s:get_info()
return string.format("\"%s\" from %s:%d", data, remote, remotep)

In other words, you use "setup" everywhere you would use "connect" for a
connected socket. The second argument to setup is the address family.
If omitted, it defaults to whatever Nmap is using; i.e., "ipv4" normally
but "ipv6" if the -6 option is used.

We've made the dhcp-discover script work without using pcap to read
replies. Patrik is also enhancing scripts to work with broadcast and
multicast sends and receives. For example, dns-service-discovery is
capable of running as a prerule and and adding the hosts that respond to
a single multicast packet.

svn co --username="guest" --password="" svn://svn.insecure.org/nmap-exp/david/nmap-unconnected

Some questions:

1. What do you think of the names nsock_setup_udp and sock:setup? The
   way to understand how it works is to know that "setup" is what you
   use instead of "connect" when you want an unconnected socket. Is
   there a name other than "setup" that conveys that better?

2. What do you think of the NSE API,
   s:setup("udp")
   s:setup("udp", "ipv4")
   s:setup("udp", "ipv6")
   We have a precedent for using "udp" as a protocol identifier. I think
   that the strings "ipv4" and "ipv6" are better than constants like
   nmap.AF_INET and nmap.AF_INET6. Another possibility would be "in" and
   "in6" but I think the ones I've chosen are easier to remember.

I'd like to merge this before too long and then update the scripts that
can make use of it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/