From 520c6b1b6afed1eef0b926666cfb340e2b39264b Mon Sep 17 00:00:00 2001 From: Piotr Duszynski <2052966+drk1wi@users.noreply.github.com> Date: Tue, 29 Aug 2023 10:37:53 +0200 Subject: [PATCH 1/5] Update connection.cpp a small fix to address a potential bypass via 'Closed connection' --- src/connection.cpp | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/connection.cpp b/src/connection.cpp index c4a1685..4294420 100644 --- a/src/connection.cpp +++ b/src/connection.cpp @@ -38,6 +38,7 @@ #include #include #include +#include #include #include "Threads.h" #include "connection.h" @@ -127,15 +128,24 @@ void* process_connection(void *arg) select_return = select(threads[tid].clients[i], &read_mask, (fd_set *)0, (fd_set *)0, &tv); - if(select_return <= 0) /* [timeout=0, -1= ERROR] is returned */ - { - n=1; - } - else - { - buffer_size=configuration->mapPort2Buffer(original_port); - n = recv(threads[tid].clients[i],buffer,buffer_size, 0); - } + if (select_return < 0) /* [timeout=0, -1= ERROR] is returned */ + { + n = -1; + } + else { + n = 0; + int data_to_be_read_size = 0; + + if (ioctl(threads[tid].clients[i], FIONREAD, &data_to_be_read_size) < 0) { + perror("ioctl failed"); + } + + if (data_to_be_read_size > 0) { + buffer_size = data_to_be_read_size; + n = recv(threads[tid].clients[i], buffer, buffer_size, 0); + } + + } } // deal with different recv buffer size @@ -306,4 +316,4 @@ void* process_connection(void *arg) } return 0; -} \ No newline at end of file +} From 6da8e25869420f171a52c6c54b932eb9434c404e Mon Sep 17 00:00:00 2001 From: Piotr Duszynski <2052966+drk1wi@users.noreply.github.com> Date: Tue, 29 Aug 2023 10:37:53 +0200 Subject: [PATCH 2/5] Update connection.cpp a small fix to address a potential bypass via 'Closed connection' --- src/connection.cpp | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/src/connection.cpp b/src/connection.cpp index 4294420..0e6e2c2 100644 --- a/src/connection.cpp +++ b/src/connection.cpp @@ -128,24 +128,15 @@ void* process_connection(void *arg) select_return = select(threads[tid].clients[i], &read_mask, (fd_set *)0, (fd_set *)0, &tv); - if (select_return < 0) /* [timeout=0, -1= ERROR] is returned */ - { - n = -1; - } - else { - n = 0; - int data_to_be_read_size = 0; - - if (ioctl(threads[tid].clients[i], FIONREAD, &data_to_be_read_size) < 0) { - perror("ioctl failed"); - } - - if (data_to_be_read_size > 0) { - buffer_size = data_to_be_read_size; - n = recv(threads[tid].clients[i], buffer, buffer_size, 0); - } - - } + if(select_return <= 0) /* [timeout=0, -1= ERROR] is returned */ + { + n=1; + } + else + { + buffer_size=configuration->mapPort2Buffer(original_port); + n = recv(threads[tid].clients[i],buffer,buffer_size, 0); + } } // deal with different recv buffer size From 1decde66c79817bbb87e65c71161d5cb90fbece3 Mon Sep 17 00:00:00 2001 From: Piotr Duszynski <2052966+drk1wi@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:11:06 +0200 Subject: [PATCH 3/5] Update connection.cpp --- src/connection.cpp | 117 +++++++-------------------------------------- 1 file changed, 18 insertions(+), 99 deletions(-) diff --git a/src/connection.cpp b/src/connection.cpp index 0e6e2c2..5bf3fa8 100644 --- a/src/connection.cpp +++ b/src/connection.cpp @@ -128,117 +128,36 @@ void* process_connection(void *arg) select_return = select(threads[tid].clients[i], &read_mask, (fd_set *)0, (fd_set *)0, &tv); - if(select_return <= 0) /* [timeout=0, -1= ERROR] is returned */ + if(select_return < 0) /* [timeout=0, -1= ERROR] is returned */ { - n=1; + n=-1; } else { - buffer_size=configuration->mapPort2Buffer(original_port); - n = recv(threads[tid].clients[i],buffer,buffer_size, 0); + n = 0; + int data_to_be_read_size = 0; + + if (ioctl(threads[tid].clients[i], FIONREAD, &data_to_be_read_size) < 0) { + perror("ioctl failed"); + } + + if (data_to_be_read_size > 0) { + buffer_size = data_to_be_read_size; + n = recv(threads[tid].clients[i], buffer, buffer_size, 0); + } } } - // deal with different recv buffer size - if(n == 0){ - - #ifdef OSX - original_port = ntohs(peer_sockaddr.sin_port); - #else - - if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr,(socklen_t*) (socklen_t*) &peer_sockaddr_len )){ - perror("Getsockopt failed: Have you set up your IPTABLES rules correctly ?"); - goto close_socket; - } - else - original_port = ntohs(peer_sockaddr.sin_port); - get_ipstr(threads[tid].clients[i], ipstr); - - #endif - - //LOG - msg=(char*)malloc(MAX_LOG_MSG_LEN); - memset(msg,0,MAX_LOG_MSG_LEN); - snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,ipstr,original_port);//" port:%d src_ip%s\n", original_port,; - Utils::log_write(configuration,msg); - free(msg); - // - - close_socket: - if(configuration->getConfigValue(OPT_DEBUG)) - fprintf(stdout,"Thread nr. %d : client %d closed connection\n",tid, threads[tid].clients[i]); - - //shutdown(threads[tid].clients[i],SHUT_WR); - close(threads[tid].clients[i]); - - pthread_mutex_lock(&new_connection_mutex); - threads[tid].clients[i] = 0; - threads[tid].client_count--; - pthread_mutex_unlock(&new_connection_mutex); - } - else if(n < 0){ - - - if(errno == EAGAIN) - { - continue; // Nmap NULL probe (no data) -> skip && go to another socket (client) - } - else if(errno == 104) // Client terminted connection -> get rid of the socket now! - {} - else - fprintf(stdout,"errno: %d\n", errno); - - #ifdef OSX - - - original_port = ntohs(peer_sockaddr.sin_port); - - #else - - if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr,(socklen_t*) &peer_sockaddr_len )){ - perror("Getsockopt failed"); - goto close_socket2; - } - else - original_port = ntohs(peer_sockaddr.sin_port); - get_ipstr(threads[tid].clients[i], ipstr); - #endif - - //LOG - msg =(char*)malloc(MAX_LOG_MSG_LEN); - memset(msg,0,MAX_LOG_MSG_LEN); - snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,ipstr,original_port);//" port:%d src_ip%s\n", original_port,; - Utils::log_write(configuration,msg); - free(msg); - // - - close_socket2: - close(threads[tid].clients[i]); - - pthread_mutex_lock(&new_connection_mutex); - threads[tid].clients[i] = 0; - threads[tid].client_count--; - pthread_mutex_unlock(&new_connection_mutex); - - } - else - { - - #ifdef OSX - // BSD - original_port = ntohs(peer_sockaddr.sin_port); - // - #else // Linux if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, (socklen_t*) &peer_sockaddr_len )) perror("Getsockopt failed"); - get_ipstr(threads[tid].clients[i], ipstr); - original_port = ntohs(peer_sockaddr.sin_port); - // - #endif + get_ipstr(threads[tid].clients[i], ipstr); + original_port = ntohs(peer_sockaddr.sin_port); + + //LOG char* msg=(char*)malloc(MAX_LOG_MSG_LEN); @@ -296,7 +215,7 @@ void* process_connection(void *arg) threads[tid].client_count--; pthread_mutex_unlock(&new_connection_mutex); - } + } From af6cd4d79edc49b12120912d9529709fb7bcc806 Mon Sep 17 00:00:00 2001 From: Piotr Duszynski <2052966+drk1wi@users.noreply.github.com> Date: Sat, 2 Sep 2023 11:41:40 +0200 Subject: [PATCH 4/5] Update connection.cpp --- src/connection.cpp | 217 +++++++++++++++++++++++++-------------------- 1 file changed, 119 insertions(+), 98 deletions(-) diff --git a/src/connection.cpp b/src/connection.cpp index 5bf3fa8..d263b3c 100644 --- a/src/connection.cpp +++ b/src/connection.cpp @@ -115,108 +115,129 @@ void* process_connection(void *arg) if(threads[tid].clients[i] != 0) { - - timestamp = time(NULL); - - if(configuration->getConfigValue(OPT_NOT_NMAP_SCANNER)) - n = 1; // just reply... - else - { - nonblock(threads[tid].clients[i]); - FD_ZERO(&read_mask); - FD_SET(threads[tid].clients[i], &read_mask); - - select_return = select(threads[tid].clients[i], &read_mask, (fd_set *)0, (fd_set *)0, &tv); - - if(select_return < 0) /* [timeout=0, -1= ERROR] is returned */ - { - n=-1; - } - else - { - n = 0; - int data_to_be_read_size = 0; - - if (ioctl(threads[tid].clients[i], FIONREAD, &data_to_be_read_size) < 0) { - perror("ioctl failed"); - } - - if (data_to_be_read_size > 0) { - buffer_size = data_to_be_read_size; - n = recv(threads[tid].clients[i], buffer, buffer_size, 0); - } - } - } - - - // Linux - if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, (socklen_t*) &peer_sockaddr_len )) - perror("Getsockopt failed"); + timestamp = time(NULL); + nonblock(threads[tid].clients[i]); + FD_ZERO(&read_mask); + FD_SET(threads[tid].clients[i], &read_mask); + select_return = select(threads[tid].clients[i], &read_mask, (fd_set *) nullptr, (fd_set *) nullptr, + &tv); - get_ipstr(threads[tid].clients[i], ipstr); - original_port = ntohs(peer_sockaddr.sin_port); - - - - //LOG - char* msg=(char*)malloc(MAX_LOG_MSG_LEN); - memset(msg,0,MAX_LOG_MSG_LEN); - snprintf(msg,MAX_LOG_MSG_LEN,"%d # Service_probe # SIGNATURE_SEND # source_ip:%s # dst_port:%d \n",(int)timestamp,ipstr,original_port);//" port:%d src_ip%s\n", original_port,; - Utils::log_write(configuration,msg); - free(msg); - // - - if(configuration->getConfigValue(OPT_DEBUG)) - { - fprintf(stdout,"\n---\nThread nr.%d for port %d \n", tid,original_port); - } - - std::vector vectsignature=configuration->mapPort2Signature(original_port); - - int buffertosendsize=vectsignature.size(); - char* buffertosend= (char*)malloc(buffertosendsize); - - for(int j=0; jgetConfigValue(OPT_DEBUG)) - { - - - fprintf(stdout,"signature sent -> "); - for(int t=0;t 0) { + buffer_size = data_to_be_read_size; + n = recv(threads[tid].clients[i], buffer, buffer_size, 0); + } + + } + + + + int error_code; + socklen_t error_code_size = sizeof(error_code); + getsockopt(threads[tid].clients[i], SOL_SOCKET, SO_ERROR, &error_code, &error_code_size); + + if (error_code) { + + if (getsockopt(threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr *) &peer_sockaddr, + (socklen_t *) (socklen_t *) &peer_sockaddr_len)) { + perror("Getsockopt failed: Have you set up your IPTABLES rules correctly ?"); + goto close_socket; + } else + original_port = ntohs(peer_sockaddr.sin_port); + + get_ipstr(threads[tid].clients[i], threads[tid].client_src_ip[i], ipstr); + + close_socket: + if (configuration->getConfigValue(OPT_DEBUG)) + fprintf(stdout, "Thread nr. %d : client %d closed connection\n", tid, threads[tid].clients[i]); + + close(threads[tid].clients[i]); + + fingerp.addTimedOutConnection(threads[tid].client_src_ip[i], original_port); + + pthread_mutex_lock(&new_connection_mutex); + threads[tid].clients[i] = 0; + threads[tid].client_count--; + pthread_mutex_unlock(&new_connection_mutex); + + } else { + + + // Linux + if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, (socklen_t*) &peer_sockaddr_len )) + perror("Getsockopt failed"); + + get_ipstr(threads[tid].clients[i], ipstr); + original_port = ntohs(peer_sockaddr.sin_port); + // + + //LOG + char* msg=(char*)malloc(MAX_LOG_MSG_LEN); + memset(msg,0,MAX_LOG_MSG_LEN); + snprintf(msg,MAX_LOG_MSG_LEN,"%d # Service_probe # SIGNATURE_SEND # source_ip:%s # dst_port:%d \n",(int)timestamp,ipstr,original_port);//" port:%d src_ip%s\n", original_port,; + Utils::log_write(configuration,msg); + free(msg); + // + + if(configuration->getConfigValue(OPT_DEBUG)) + { + fprintf(stdout,"\n---\nThread nr.%d for port %d \n", tid,original_port); + } + + std::vector vectsignature=configuration->mapPort2Signature(original_port); + + int buffertosendsize=vectsignature.size(); + char* buffertosend= (char*)malloc(buffertosendsize); + + for(int j=0; jgetConfigValue(OPT_DEBUG)) + { + + + fprintf(stdout,"signature sent -> "); + for(int t=0;t Date: Sat, 2 Sep 2023 11:45:06 +0200 Subject: [PATCH 5/5] Update connection.cpp --- src/connection.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/connection.cpp b/src/connection.cpp index d263b3c..132e05e 100644 --- a/src/connection.cpp +++ b/src/connection.cpp @@ -157,7 +157,6 @@ void* process_connection(void *arg) } else original_port = ntohs(peer_sockaddr.sin_port); - get_ipstr(threads[tid].clients[i], threads[tid].client_src_ip[i], ipstr); close_socket: if (configuration->getConfigValue(OPT_DEBUG)) @@ -165,8 +164,6 @@ void* process_connection(void *arg) close(threads[tid].clients[i]); - fingerp.addTimedOutConnection(threads[tid].client_src_ip[i], original_port); - pthread_mutex_lock(&new_connection_mutex); threads[tid].clients[i] = 0; threads[tid].client_count--;