Can set TCP header options on command line, --tcpmss, --tcpsackon, --…

…tcp-tsecho, and so forth. The --tcp-mss is now enabled by default, use to remove it form the header.
robertdavidgraham · Nov 8, 2023 · 4f89257 · 4f89257
1 parent 66c5159
commit 4f89257
Show file tree

Hide file tree

Showing 9 changed files with 2,113 additions and 45 deletions.
diff --git a/src/main-conf.c b/src/main-conf.c
diff --git a/src/main.c b/src/main.c
@@ -1302,7 +1302,8 @@ main_scan(struct Masscan *masscan)
                     masscan->payloads.udp,
                     masscan->payloads.oproto,
                     stack_if_datalink(masscan->nic[index].adapter),
-                    masscan->seed);
+                    masscan->seed,
+                    masscan->templ_opts);
 
         /*
          * Set the "source port" of everything we transmit.

diff --git a/src/masscan.h b/src/masscan.h
@@ -16,6 +16,7 @@
 struct Adapter;
 struct TemplateSet;
 struct Banner1;
+struct TemplateOptions;
 
 /**
  * This is the "operation" to be performed by masscan, which is almost always
@@ -204,7 +205,11 @@ struct Masscan
     unsigned is_hello_http:1;    /* --hello=http, use HTTP on all ports */
     unsigned is_scripting:1;    /* whether scripting is needed */
     unsigned is_capture_servername:1; /* --capture servername */
-
+
+    /** Packet template options, such as whether we should add a TCP MSS
+     * value, or remove it from the packet */
+    struct TemplateOptions *templ_opts;
+
     /**
      * Wait forever for responses, instead of the default 10 seconds
      */

diff --git a/src/templ-opts.h b/src/templ-opts.h
@@ -0,0 +1,66 @@
+#ifndef TEMPL_OPTS_H
+#define TEMPL_OPTS_H
+#include "massip-addr.h"
+
+/**
+ * This tells us whether we should add, remove, or leave default
+ * a field in the packet headers.
+ * FIXME: not all of these are supported
+ */
+typedef enum {Default, Add, Remove} addremove_t;
+
+struct TemplateOptions {
+    struct {
+        addremove_t is_badsum:4; /* intentionally bad checksum */
+        addremove_t is_tsecho:4; /* enable timestamp echo */
+        addremove_t is_tsreply:4; /* enable timestamp echo */
+        addremove_t is_flags:4;
+        addremove_t is_ackno:4;
+        addremove_t is_seqno:4;
+        addremove_t is_win:4;
+        addremove_t is_mss:4;
+        addremove_t is_sackok:4;
+        addremove_t is_wscale:4;
+        unsigned flags;
+        unsigned ackno;
+        unsigned seqno;
+        unsigned win;
+        unsigned mss;
+        unsigned sackok;
+        unsigned wscale;
+        unsigned tsecho;
+        unsigned tsreply;
+    } tcp;
+
+    struct {
+        addremove_t is_badsum:4; /* intentionally bad checksum */
+    } udp;
+
+    struct {
+        addremove_t is_sender_mac:4;
+        addremove_t is_sender_ip:4;
+        addremove_t is_target_mac:4;
+        addremove_t is_target_ip:4;
+        macaddress_t sender_mac;
+        ipaddress sender_ip;
+        macaddress_t target_mac;
+        ipaddress target_ip;
+    } arp;
+
+    struct {
+        addremove_t is_badsum:4; /* intentionally bad checksum */
+        addremove_t is_tos:4;
+        addremove_t is_ipid:4;
+        addremove_t is_df:4;
+        addremove_t is_mf:4;
+        addremove_t is_ttl:4;
+
+        unsigned tos;
+        unsigned ipid;
+        unsigned ttl;
+
+    } ipv4;
+};
+
+#endif
+
diff --git a/src/templ-pkt.c b/src/templ-pkt.c
@@ -8,6 +8,8 @@
     appropriate changes.
 */
 #include "templ-pkt.h"
+#include "templ-tcp-hdr.h"
+#include "templ-opts.h"
 #include "massip-port.h"
 #include "proto-preprocess.h"
 #include "proto-sctp.h"
@@ -31,7 +33,7 @@ static unsigned char default_tcp_template[] =
     "\x08\x00"      /* Ethernet type: IPv4 */
     "\x45"          /* IP type */
     "\x00"
-    "\x00\x28"      /* total length = 40 bytes */
+    "\x00\x2c"      /* total length = 40 bytes */
     "\x00\x00"      /* identification */
     "\x00\x00"      /* fragmentation flags */
     "\xFF\x06"      /* TTL=255, proto=TCP */
@@ -43,12 +45,12 @@ static unsigned char default_tcp_template[] =
     "\0\0"          /* destination port */
     "\0\0\0\0"      /* sequence number */
     "\0\0\0\0"      /* ACK number */
-    "\x50"          /* header length */
+    "\x60"          /* header length */
     "\x02"          /* SYN */
-    "\x04\x0"        /* window fixed to 1024 */
+    "\x04\x01"      /* window fixed to 1024 */
     "\xFF\xFF"      /* checksum */
     "\x00\x00"      /* urgent pointer */
-    "\x02\x04\x05\xb4"  /* added options [mss 1460] */
+      "\x02\x04\x05\xb4"  /* opt [mss 1460] h/t @IvreRocks */
 ;
 
 static unsigned char default_udp_template[] =
@@ -1227,7 +1229,7 @@ _template_init(
     unsigned char *px;
     struct PreprocessedInfo parsed;
     unsigned x;
-
+    
     /*
      * Create the new template structure:
      * - zero it out
@@ -1378,24 +1380,32 @@ template_packet_init(
     struct PayloadsUDP *udp_payloads,
     struct PayloadsUDP *oproto_payloads,
     int data_link,
-    uint64_t entropy)
+    uint64_t entropy,
+    const struct TemplateOptions *templ_opts)
 {
+    unsigned char *buf;
+    size_t length;
     templset->count = 0;
     templset->entropy = entropy;
 
-    /* [SCTP] */
-    _template_init(&templset->pkts[Proto_SCTP],
+
+    /* [TCP] */
+    length = sizeof(default_tcp_template)-1;
+    buf = malloc(length);
+    memcpy(buf, default_tcp_template, length);
+    templ_tcp_apply_options(&buf, &length, templ_opts); /* mss, sack, wscale */
+    _template_init(&templset->pkts[Proto_TCP],
                    source_mac, router_mac_ipv4, router_mac_ipv6,
-                   default_sctp_template,
-                   sizeof(default_sctp_template)-1,
+                   buf, length,
                    data_link);
     templset->count++;
+    free(buf);
 
-    /* [TCP] */
-    _template_init(&templset->pkts[Proto_TCP],
+    /* [SCTP] */
+    _template_init(&templset->pkts[Proto_SCTP],
                    source_mac, router_mac_ipv4, router_mac_ipv6,
-                   default_tcp_template,
-                   sizeof(default_tcp_template)-1,
+                   default_sctp_template,
+                   sizeof(default_sctp_template)-1,
                    data_link);
     templset->count++;
 
@@ -1515,6 +1525,14 @@ template_selftest(void)
 {
     struct TemplateSet tmplset[1];
     int failures = 0;
+    struct TemplateOptions templ_opts = {{0}};
+
+    /* Test the module that edits TCP headers */
+    if (templ_tcp_selftest()) {
+        fprintf(stderr, "[-] templ-tcp-hdr: selftest failed\n");
+        return 1;
+    }
+
 
     memset(tmplset, 0, sizeof(tmplset[0]));
     template_packet_init(
@@ -1525,7 +1543,8 @@ template_selftest(void)
             0,  /* UDP payloads = empty */
             0,  /* Oproto payloads = empty */
             1,  /* Ethernet */
-            0   /* no entropy */
+            0,   /* no entropy */
+            &templ_opts
             );
     failures += tmplset->pkts[Proto_TCP].proto  != Proto_TCP;
     failures += tmplset->pkts[Proto_UDP].proto  != Proto_UDP;

diff --git a/src/templ-pkt.h b/src/templ-pkt.h
@@ -5,6 +5,7 @@
 #include "massip-addr.h"
 struct PayloadsUDP;
 struct MassVulnCheck;
+struct TemplateOptions;
 
 /**
  * Does a regression test of this module.
@@ -83,6 +84,8 @@ struct TemplateSet
 
 struct TemplateSet templ_copy(const struct TemplateSet *templ);
 
+
+
 /**
  * Initialize the "template" packets. As we spew out probes, we simply make
  * minor adjustments to the template, such as changing the target IP
@@ -115,7 +118,8 @@ template_packet_init(
     struct PayloadsUDP *udp_payloads,
     struct PayloadsUDP *oproto_payloads,
     int data_link,
-    uint64_t entropy);
+    uint64_t entropy,
+    const struct TemplateOptions *templ_opts);
 
 /**
  * Sets the target/destination IP address of the packet, the destination port