Re: Raw IP NSE Functionality (Was Re: [NSE] Raw ethernet frame questions ...)

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/11/2010 04:53 PM, Kris Katterjohn wrote:
> Alright, I like to think my branch is essentially complete.  So here we go:
>
> * ip_open(), ip_send() and ip_close() methods for sending packets starting
> with an IPv4 header
>
> * Works with arbitrary (non-Target) hosts using various routing functions and
> sends over raw socket or ethernet if preferred and is available
>
> * Fallback: if ethernet is preferred but no (ethernet) route can be found, the
> raw socket is used instead.  If an ethernet route is found but an error occurs
> then we pass an error to the script.  Keeping in mind your suggestion, I feel
> this is similar to how eth vs raw decisions are made elsewhere, even though
> those parts use Target information while this is done itself.
>
> * Errors are passed to the script for use with try() exception handling
>
> * Tested on Linux and Windows; kx also verified on Windows earlier
>
> * Docs added to scripting.xml (similar to ethernet_* methods' docs)
>
> * IP ID sequence script with optional probeport arg; recently done up with
> NSEDoc (although my NSEDoc-fu is weak as I don't recall ever using it)

On 02/12/2010 07:37 PM, Kris Katterjohn wrote:
> OK, I have one more thing to add to the list: nmap.is_privileged().  This
> gives the script the boolean value of o.isr00t.  This makes it easy to tell,
> for instance, in ipidseq's hostrule if the raw socket open will fail instead
> of having to try in action and return an error if not.


Has anybody tested this branch and run into any problems?

Checking out the branch, building Nmap and running the IP ID script on a host
is all it takes for a basic run through.  Under most OS's, using with and
without --send-eth tests the sending of ethernet frames (or not), or the
fallback functionality for using a raw socket for going over, say, a
point-to-point link even if you specify --send-eth.

As previously mentioned: I've tested on Linux and Windows, kx tested on
Windows (and Linux in VM I believe) using earlier revisions (not newer ones?),
and Patrick said it looked good.  So: if there are no objections or problems,
I'd like to merge over to trunk this week (before the weekend).  If Fyodor or
David wants to give me the go-ahead before then, then cool ;)

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLetZ2AAoJEEQxgFs5kUfuypwQAIA3Z2lT5T6mBOvRR5m/guPq
Odw7C/EbSeVyMFmiTxMpbQxEK00Ydo6nPMFXfN1bYeqlnuTMXGN/qgbvl01gJF0s
yeFDe4SR0XpWRMDxF6oymmBJRGbBLgcNG/eUV9O0d4gsnZXJo1RpfPWpQ8pBqC3q
fNd9WGQJB2hZ45KoDAxPbMR6Tj+Hph3nWenhDKrpBOI7M7OLY7YAlKRsP5ulETe7
yrSrmz0ITOuRX9YvVaByM+5JoB0XiZIdkiA9FwoxGE1aVdTS6QX4B+WWk5IXpxdh
soPe7KUWNQFFLDhjeKyk2yMFkDBnPGF5qELF9wWSrru0uVKR7+lzt7rb02UccX+W
trkIaN9ozbJtEvdysoJCowPmkM/tRwgmscEd2QRUkZ4Gn1V5qzDIIwkH8oc5EO9M
JPzX2vbaKsRA8R4jLb0IBb4vInQ4kHmBoSpiAmhCaKjsL0B8dhAo9pT3rRLYjRUc
PirLRsBa/p25cPIQXf9rq8FJzpl1lxnzsbBTPUQaSgLsiqmiTNz87jFxx4gHrLY3
ojVeLo9Qp/IqpuinS88DV+m1NXbBr9QLtcUBJvNp2EyxNJSIykN4UWHEorVfi2md
Yy3JmlcUDIhZiJ8o0pUBJa2nSZ6MazO7/P3rydydIPE8rYaH0GFU5X/552TnhJfu
QE4JlKitpzKqfK/EUCQC
=0UQG
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/