Loading src/main.c +14 −13 Original line number Diff line number Diff line Loading @@ -277,6 +277,7 @@ transmit_thread(void *v) /*aka. scanning_thread() */ uint64_t seed = masscan->seed; uint64_t repeats = 0; /* --infinite repeats */ uint64_t *status_syn_count; uint64_t entropy = masscan->seed; LOG(1, "xmit: starting transmit thread #%u\n", parms->nic_index); Loading Loading @@ -387,14 +388,15 @@ infinite: if (src_ip_mask > 1 || src_port_mask > 1) { uint64_t ck = syn_cookie((unsigned)(i+repeats), (unsigned)((i+repeats)>>32), (unsigned)xXx, (unsigned)(xXx>>32)); (unsigned)xXx, (unsigned)(xXx>>32), entropy); port_me = src_port + (ck & src_port_mask); ip_me = src_ip + ((ck>>16) & src_ip_mask); } else { ip_me = src_ip; port_me = src_port; } cookie = syn_cookie(ip_them, port_them, ip_me, port_me); cookie = syn_cookie(ip_them, port_them, ip_me, port_me, entropy); //printf("0x%08x 0x%08x 0x%04x 0x%08x 0x%04x \n", cookie, ip_them, port_them, ip_me, port_me); /* * SEND THE PROBE Loading Loading @@ -542,6 +544,7 @@ receive_thread(void *v) struct TCP_ConnectionTable *tcpcon = 0; uint64_t *status_synack_count; uint64_t *status_tcb_count; uint64_t entropy = masscan->seed; /* some status variables */ status_synack_count = (uint64_t*)malloc(sizeof(uint64_t)); Loading Loading @@ -603,7 +606,8 @@ receive_thread(void *v) &parms->tmplset->pkts[Proto_TCP], output_report_banner, out, masscan->tcb.timeout masscan->tcb.timeout, masscan->seed ); tcpcon_set_banner_flags(tcpcon, masscan->is_capture_cert, Loading Loading @@ -716,10 +720,10 @@ receive_thread(void *v) switch (parsed.ip_protocol) { case 132: /* SCTP */ cookie = syn_cookie(ip_them, port_them | (Proto_SCTP<<16), ip_me, port_me) & 0xFFFFFFFF; cookie = syn_cookie(ip_them, port_them | (Proto_SCTP<<16), ip_me, port_me, entropy) & 0xFFFFFFFF; break; default: cookie = syn_cookie(ip_them, port_them, ip_me, port_me) & 0xFFFFFFFF; cookie = syn_cookie(ip_them, port_them, ip_me, port_me, entropy) & 0xFFFFFFFF; } /* verify: my IP address */ Loading Loading @@ -773,13 +777,13 @@ receive_thread(void *v) continue; if (parms->masscan->nmap.packet_trace) packet_trace(stdout, parms->pt_start, px, length, 0); handle_udp(out, secs, px, length, &parsed); handle_udp(out, secs, px, length, &parsed, entropy); continue; case FOUND_ICMP: handle_icmp(out, secs, px, length, &parsed); handle_icmp(out, secs, px, length, &parsed, entropy); continue; case FOUND_SCTP: handle_sctp(out, secs, px, length, cookie, &parsed); handle_sctp(out, secs, px, length, cookie, &parsed, entropy); break; case FOUND_TCP: /* fall down to below */ Loading Loading @@ -1133,7 +1137,8 @@ main_scan(struct Masscan *masscan) parms->adapter_mac, parms->router_mac, masscan->payloads, rawsock_datalink(masscan->nic[index].adapter)); rawsock_datalink(masscan->nic[index].adapter), masscan->seed); /* * Set the "source port" of everything we transmit. Loading Loading @@ -1423,10 +1428,6 @@ int main(int argc, char *argv[]) snmp_init(); x509_init(); /* Set randomization seed for SYN-cookies */ syn_set_entropy(masscan->seed); /* * Apply excludes. People ask us not to scan them, so we maintain a list Loading src/output.c +2 −2 Original line number Diff line number Diff line Loading @@ -633,7 +633,7 @@ output_report_status(struct Output *out, time_t timestamp, int status, /* If in "--interactive" mode, then print the banner to the command * line screen */ if (out->is_interactive) { if (out->is_interactive || out->format == 0) { unsigned count; count = fprintf(stdout, "Discovered %s port %u/%s on %u.%u.%u.%u", Loading Loading @@ -749,7 +749,7 @@ output_report_banner(struct Output *out, time_t now, /* If in "--interactive" mode, then print the banner to the command * line screen */ if (out->is_interactive) { if (out->is_interactive || out->format == 0) { unsigned count; char banner_buffer[4096]; Loading src/proto-dns.c +5 −2 Original line number Diff line number Diff line Loading @@ -351,7 +351,10 @@ dns_set_cookie(unsigned char *px, size_t length, uint64_t cookie) * string for the banner. ***************************************************************************/ unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed) handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed, uint64_t entropy) { unsigned ip_them; unsigned ip_me; Loading @@ -366,7 +369,7 @@ handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsign ip_me = parsed->ip_dst[0]<<24 | parsed->ip_dst[1]<<16 | parsed->ip_dst[2]<< 8 | parsed->ip_dst[3]<<0; seqno = (unsigned)syn_cookie(ip_them, port_them | Templ_UDP, ip_me, port_me); seqno = (unsigned)syn_cookie(ip_them, port_them | Templ_UDP, ip_me, port_me, entropy); proto_dns_parse(dns, px, parsed->app_offset, parsed->app_offset + parsed->app_length); Loading src/proto-dns.h +1 −1 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ struct PreprocessedInfo; struct Output; unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed); unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed, uint64_t entropy); unsigned dns_set_cookie(unsigned char *px, size_t length, uint64_t seqno); Loading src/proto-icmp.c +3 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,8 @@ parse_port_unreachable(const unsigned char *px, unsigned length, void handle_icmp(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed) struct PreprocessedInfo *parsed, uint64_t entropy) { unsigned type = parsed->port_src; unsigned code = parsed->port_dst; Loading @@ -76,7 +77,7 @@ handle_icmp(struct Output *out, time_t timestamp, switch (type) { case 0: /* ICMP echo reply */ cookie = (unsigned)syn_cookie(ip_them, Templ_ICMP_echo, ip_me, 0); cookie = (unsigned)syn_cookie(ip_them, Templ_ICMP_echo, ip_me, 0, entropy); if ((cookie & 0xFFFFFFFF) != seqno_me) return; /* not my response */ Loading Loading
src/main.c +14 −13 Original line number Diff line number Diff line Loading @@ -277,6 +277,7 @@ transmit_thread(void *v) /*aka. scanning_thread() */ uint64_t seed = masscan->seed; uint64_t repeats = 0; /* --infinite repeats */ uint64_t *status_syn_count; uint64_t entropy = masscan->seed; LOG(1, "xmit: starting transmit thread #%u\n", parms->nic_index); Loading Loading @@ -387,14 +388,15 @@ infinite: if (src_ip_mask > 1 || src_port_mask > 1) { uint64_t ck = syn_cookie((unsigned)(i+repeats), (unsigned)((i+repeats)>>32), (unsigned)xXx, (unsigned)(xXx>>32)); (unsigned)xXx, (unsigned)(xXx>>32), entropy); port_me = src_port + (ck & src_port_mask); ip_me = src_ip + ((ck>>16) & src_ip_mask); } else { ip_me = src_ip; port_me = src_port; } cookie = syn_cookie(ip_them, port_them, ip_me, port_me); cookie = syn_cookie(ip_them, port_them, ip_me, port_me, entropy); //printf("0x%08x 0x%08x 0x%04x 0x%08x 0x%04x \n", cookie, ip_them, port_them, ip_me, port_me); /* * SEND THE PROBE Loading Loading @@ -542,6 +544,7 @@ receive_thread(void *v) struct TCP_ConnectionTable *tcpcon = 0; uint64_t *status_synack_count; uint64_t *status_tcb_count; uint64_t entropy = masscan->seed; /* some status variables */ status_synack_count = (uint64_t*)malloc(sizeof(uint64_t)); Loading Loading @@ -603,7 +606,8 @@ receive_thread(void *v) &parms->tmplset->pkts[Proto_TCP], output_report_banner, out, masscan->tcb.timeout masscan->tcb.timeout, masscan->seed ); tcpcon_set_banner_flags(tcpcon, masscan->is_capture_cert, Loading Loading @@ -716,10 +720,10 @@ receive_thread(void *v) switch (parsed.ip_protocol) { case 132: /* SCTP */ cookie = syn_cookie(ip_them, port_them | (Proto_SCTP<<16), ip_me, port_me) & 0xFFFFFFFF; cookie = syn_cookie(ip_them, port_them | (Proto_SCTP<<16), ip_me, port_me, entropy) & 0xFFFFFFFF; break; default: cookie = syn_cookie(ip_them, port_them, ip_me, port_me) & 0xFFFFFFFF; cookie = syn_cookie(ip_them, port_them, ip_me, port_me, entropy) & 0xFFFFFFFF; } /* verify: my IP address */ Loading Loading @@ -773,13 +777,13 @@ receive_thread(void *v) continue; if (parms->masscan->nmap.packet_trace) packet_trace(stdout, parms->pt_start, px, length, 0); handle_udp(out, secs, px, length, &parsed); handle_udp(out, secs, px, length, &parsed, entropy); continue; case FOUND_ICMP: handle_icmp(out, secs, px, length, &parsed); handle_icmp(out, secs, px, length, &parsed, entropy); continue; case FOUND_SCTP: handle_sctp(out, secs, px, length, cookie, &parsed); handle_sctp(out, secs, px, length, cookie, &parsed, entropy); break; case FOUND_TCP: /* fall down to below */ Loading Loading @@ -1133,7 +1137,8 @@ main_scan(struct Masscan *masscan) parms->adapter_mac, parms->router_mac, masscan->payloads, rawsock_datalink(masscan->nic[index].adapter)); rawsock_datalink(masscan->nic[index].adapter), masscan->seed); /* * Set the "source port" of everything we transmit. Loading Loading @@ -1423,10 +1428,6 @@ int main(int argc, char *argv[]) snmp_init(); x509_init(); /* Set randomization seed for SYN-cookies */ syn_set_entropy(masscan->seed); /* * Apply excludes. People ask us not to scan them, so we maintain a list Loading
src/output.c +2 −2 Original line number Diff line number Diff line Loading @@ -633,7 +633,7 @@ output_report_status(struct Output *out, time_t timestamp, int status, /* If in "--interactive" mode, then print the banner to the command * line screen */ if (out->is_interactive) { if (out->is_interactive || out->format == 0) { unsigned count; count = fprintf(stdout, "Discovered %s port %u/%s on %u.%u.%u.%u", Loading Loading @@ -749,7 +749,7 @@ output_report_banner(struct Output *out, time_t now, /* If in "--interactive" mode, then print the banner to the command * line screen */ if (out->is_interactive) { if (out->is_interactive || out->format == 0) { unsigned count; char banner_buffer[4096]; Loading
src/proto-dns.c +5 −2 Original line number Diff line number Diff line Loading @@ -351,7 +351,10 @@ dns_set_cookie(unsigned char *px, size_t length, uint64_t cookie) * string for the banner. ***************************************************************************/ unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed) handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed, uint64_t entropy) { unsigned ip_them; unsigned ip_me; Loading @@ -366,7 +369,7 @@ handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsign ip_me = parsed->ip_dst[0]<<24 | parsed->ip_dst[1]<<16 | parsed->ip_dst[2]<< 8 | parsed->ip_dst[3]<<0; seqno = (unsigned)syn_cookie(ip_them, port_them | Templ_UDP, ip_me, port_me); seqno = (unsigned)syn_cookie(ip_them, port_them | Templ_UDP, ip_me, port_me, entropy); proto_dns_parse(dns, px, parsed->app_offset, parsed->app_offset + parsed->app_length); Loading
src/proto-dns.h +1 −1 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ struct PreprocessedInfo; struct Output; unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed); unsigned handle_dns(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed, uint64_t entropy); unsigned dns_set_cookie(unsigned char *px, size_t length, uint64_t seqno); Loading
src/proto-icmp.c +3 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,8 @@ parse_port_unreachable(const unsigned char *px, unsigned length, void handle_icmp(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed) struct PreprocessedInfo *parsed, uint64_t entropy) { unsigned type = parsed->port_src; unsigned code = parsed->port_dst; Loading @@ -76,7 +77,7 @@ handle_icmp(struct Output *out, time_t timestamp, switch (type) { case 0: /* ICMP echo reply */ cookie = (unsigned)syn_cookie(ip_them, Templ_ICMP_echo, ip_me, 0); cookie = (unsigned)syn_cookie(ip_them, Templ_ICMP_echo, ip_me, 0, entropy); if ((cookie & 0xFFFFFFFF) != seqno_me) return; /* not my response */ Loading
