Skip to content

Commit

Permalink
syn-cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
@robertdavidgraham
robertdavidgraham committed Aug 20, 2013
1 parent 9e1013d commit 2ab807c
Show file tree
Hide file tree
Showing 16 changed files with 503 additions and 238 deletions.
2 changes: 1 addition & 1 deletion src/main-status.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ status_print(struct Status *status, uint64_t count, uint64_t max_count)

/* Get the time. NOTE: this is CLOCK_MONOTONIC_RAW on Linux, not
* wall-clock time. */
now = port_gettime();
now = pixie_gettime();
elapsed = ((double)now - (double)status->last.clock)/(double)1000000.0;
if (elapsed == 0)
return;
Expand Down
7 changes: 3 additions & 4 deletions src/main-throttle.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ throttler_start(struct Throttler *throttler, double max_rate)
throttler->max_rate = max_rate;

for (i=0; i<sizeof(throttler->buckets)/sizeof(throttler->buckets[0]); i++) {
throttler->buckets[i].timestamp = port_gettime();
throttler->buckets[i].timestamp = pixie_gettime();
throttler->buckets[i].packet_count = 0;
}

Expand Down Expand Up @@ -69,8 +69,7 @@ throttler_next_batch(struct Throttler *throttler, uint64_t packet_count)

/* NOTE: this uses CLOCK_MONOTONIC_RAW on Linux, so the timstamp doesn't
* move forward when the machine is suspended */
timestamp = port_gettime();

timestamp = pixie_gettime();

/*
* We record that last 256 buckets, and average the rate over all of
Expand Down Expand Up @@ -115,7 +114,7 @@ throttler_next_batch(struct Throttler *throttler, uint64_t packet_count)
if (waittime > 0.1)
waittime = 0.1;

port_usleep((uint64_t)(waittime * 1000000.0));
pixie_usleep((uint64_t)(waittime * 1000000.0));

throttler->batch_size *= 0.999;
goto again;
Expand Down
32 changes: 21 additions & 11 deletions src/main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
#include "main-status.h" /* printf() regular status updates */
#include "main-throttle.h" /* rate limit */
#include "main-dedup.h" /* ignore duplicate responses */
#include "syn-cookie.h" /* for SYN-cookies on send */

#include "pixie-timer.h" /* portable time functions */
#include "pixie-threads.h" /* portable threads */
Expand Down Expand Up @@ -61,7 +62,7 @@ scanning_thread(void *v)
status_start(&status);
throttler_start(&throttler, masscan->max_rate);

timestamp_start = 1.0 * port_gettime() / 1000000.0;
timestamp_start = 1.0 * pixie_gettime() / 1000000.0;


/*
Expand Down Expand Up @@ -102,8 +103,14 @@ scanning_thread(void *v)
/* Print packet if debugging */
if (packet_trace)
tcpkt_trace(pkt_template, ip, port, timestamp_start);

/* Send the probe */
rawsock_send_probe(masscan->adapter, ip, port, pkt_template);
rawsock_send_probe(
masscan->adapter,
ip,
port,
syn_hash(ip, port),
pkt_template);


i++;
Expand Down Expand Up @@ -136,7 +143,7 @@ scanning_thread(void *v)
unsigned j;
for (j=0; j<10 && !control_c_pressed; j++) {
status_print(&status, i++, m);
port_usleep(1000000);
pixie_usleep(1000000);
}
fprintf(stderr, " \r");
}
Expand Down Expand Up @@ -461,6 +468,7 @@ main_scan(struct Masscan *masscan)
struct PreprocessedInfo parsed;
unsigned dst;
unsigned src;
unsigned seqno;

err = rawsock_recv_packet(
masscan->adapter,
Expand All @@ -483,6 +491,9 @@ main_scan(struct Masscan *masscan)
| parsed.ip_dst[2]<< 8 | parsed.ip_dst[3]<<0;
src = parsed.ip_src[0]<<24 | parsed.ip_src[1]<<16
| parsed.ip_src[2]<< 8 | parsed.ip_src[3]<<0;
seqno = px[parsed.transport_offset+8]<<24 | px[parsed.transport_offset+9]<<16
| px[parsed.transport_offset+10]<<8 | px[parsed.transport_offset+11];
seqno -= 1;

/* verify: my IP address */
if (adapter_ip != dst)
Expand All @@ -499,16 +510,14 @@ main_scan(struct Masscan *masscan)
if (parsed.found != FOUND_TCP)
continue;

/* verify: my IP address */
dst = parsed.ip_dst[0]<<24 | parsed.ip_dst[1]<<16
| parsed.ip_dst[2]<< 8 | parsed.ip_dst[3]<<0;
if (adapter_ip != dst)
continue;

/* verify: my port number */
if (adapter_port != parsed.port_dst)
continue;

if (syn_hash(src, parsed.port_src) != seqno) {
LOG(1, "bad packet: ackno=0x%08x expected=0x%08x\n", seqno, syn_hash(src, parsed.port_src));
}

/* verify: ignore duplicates */
if (dedup_is_duplicate(dedup, src, parsed.port_src))
continue;
Expand Down Expand Up @@ -592,7 +601,8 @@ int main(int argc, char *argv[])
* for Windows and PF_RING. */
rawsock_init();


/* Set randomization seed for SYN-cookies */
syn_set_entropy();

/*
* Apply excludes
Expand Down Expand Up @@ -668,7 +678,7 @@ int main(int argc, char *argv[])
x += randlcg_selftest();
x += tcpkt_selftest();
x += ranges_selftest();
x += port_time_selftest();
x += pixie_time_selftest();

if (x != 0) {
/* one of the selftests failed, so return error */
Expand Down
56 changes: 44 additions & 12 deletions src/pixie-timer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ clock_gettime(int X, struct timeval *tv)


uint64_t
port_gettime()
pixie_gettime()
{
//struct timeval tv;
//clock_gettime(0, &tv);
Expand All @@ -106,9 +106,19 @@ port_gettime()

//return (uint64_t)tv.tv_sec * 1000000UL + tv.tv_usec;
}
uint64_t
pixie_nanotime()
{
uint64_t time1 = 0, freq = 0;
double seconds;
QueryPerformanceCounter((LARGE_INTEGER *) &time1);
QueryPerformanceFrequency((LARGE_INTEGER *)&freq);
seconds = (double)time1/(double)freq;
return (uint64_t)(seconds * 1000000000.0);
}

void
port_usleep(uint64_t waitTime)
pixie_usleep(uint64_t waitTime)
{
/*
uint64_t time1 = 0, time2 = 0, freq = 0;
Expand All @@ -123,16 +133,16 @@ port_usleep(uint64_t waitTime)

uint64_t start;

start = port_gettime();
start = pixie_gettime();

while (port_gettime() - start < waitTime)
while (pixie_gettime() - start < waitTime)
;
}
#elif defined(CLOCK_MONOTONIC)
#include <unistd.h>

void
port_usleep(uint64_t microseconds)
pixie_usleep(uint64_t microseconds)
{
struct timespec ts;
struct timespec remaining;
Expand All @@ -151,7 +161,7 @@ port_usleep(uint64_t microseconds)
//usleep(microseconds);
}
uint64_t
port_gettime()
pixie_gettime()
{
int x;
struct timespec tv;
Expand All @@ -167,30 +177,52 @@ port_gettime()

return tv.tv_sec * 1000000 + tv.tv_nsec/1000;
}
uint64_t
pixie_nanotime()
{
int x;
struct timespec tv;

#ifdef CLOCK_MONOTONIC_RAW
x = clock_gettime(CLOCK_MONOTONIC_RAW, &tv);
#else
x = clock_gettime(CLOCK_MONOTONIC, &tv);
#endif
if (x != 0) {
printf("clock_gettime() err %d\n", errno);
}

return tv.tv_sec * 1000000000 + tv.tv_nsec;
}
#elif defined(__MACH__) /* works for Apple */
#include <unistd.h>
#include <mach/mach_time.h>

void port_usleep(uint64_t microseconds)
void pixie_usleep(uint64_t microseconds)
{
usleep(microseconds);
}
uint64_t
port_gettime()
pixie_gettime()
{
return mach_absolute_time()/1000;
}
uint64_t
pixie_nanotime()
{
return mach_absolute_time();
}
#endif

int port_time_selftest()
int pixie_time_selftest()
{
static const uint64_t duration = 123456;
uint64_t start, stop, elapsed;


start = port_gettime();
port_usleep(duration);
stop = port_gettime();
start = pixie_gettime();
pixie_usleep(duration);
stop = pixie_gettime();
elapsed = stop - start;

if (elapsed < 0.9*duration || 1.1*duration < elapsed) {
Expand Down
15 changes: 10 additions & 5 deletions src/pixie-timer.h
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,23 @@
#ifndef PORT_TIMER_H
#define PORT_TIMER_H
#ifndef TIMER_H
#define PIXIE_TIMER_H
#include <stdint.h>

/**
* The current time, in microseconds
*/
uint64_t port_gettime();
uint64_t pixie_gettime();

/**
* The current time, in nanoseconds
*/
uint64_t pixie_nanotime();

/**
* Wait the specified number of microseconds
*/
void port_usleep(uint64_t usec);
void pixie_usleep(uint64_t usec);

int port_time_selftest();
int pixie_time_selftest();



Expand Down
8 changes: 8 additions & 0 deletions src/proto-preprocess.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ preprocess_frame(const unsigned char *px, unsigned length, unsigned link_type, s
unsigned fragment_offset;
unsigned total_length;

info->ip_offset = offset;
VERIFY_REMAINING(20, FOUND_IPV4);

/* Check version */
Expand All @@ -108,11 +109,13 @@ preprocess_frame(const unsigned char *px, unsigned length, unsigned link_type, s
return 0; /* weird corruption */
length = offset + total_length; /* reduce the max length */


/* Save off pseudo header for checksum calculation */
info->ip_version = (px[offset]>>4)&0xF;
info->ip_src = px+offset+12;
info->ip_dst = px+offset+16;
info->ip_protocol = px[offset+9];
info->ip_length = total_length;
if (info->ip_version != 4)
return 0;

Expand All @@ -128,9 +131,13 @@ preprocess_frame(const unsigned char *px, unsigned length, unsigned link_type, s

parse_tcp:
{
unsigned tcp_length;
VERIFY_REMAINING(20, FOUND_TCP);
tcp_length = px[offset + 12]>>2;
VERIFY_REMAINING(tcp_length, FOUND_TCP);
info->port_src = ex16be(px+offset+0);
info->port_dst = ex16be(px+offset+2);
info->app_offset = offset + tcp_length;

return 1;
}
Expand All @@ -142,6 +149,7 @@ preprocess_frame(const unsigned char *px, unsigned length, unsigned link_type, s
info->port_src = ex16be(px+offset+0);
info->port_dst = ex16be(px+offset+2);
offset += 8;
info->app_offset = offset;

if (info->port_dst == 53 || info->port_src == 53) {
goto parse_dns;
Expand Down
3 changes: 3 additions & 0 deletions src/proto-preprocess.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,15 @@ struct PreprocessedInfo {
unsigned ip_offset; /* 14 for normal Ethernet */
unsigned ip_version; /* 4 or 6 */
unsigned ip_protocol; /* 6 for TCP, 11 for UDP */
unsigned ip_length; /* length of total packet */
const unsigned char *ip_src;
const unsigned char *ip_dst;
unsigned transport_offset; /* 34 for normal Ethernet */
unsigned port_src;
unsigned port_dst;

unsigned app_offset; /* start of TCP payload */

int found;
int found_offset;
};
Expand Down
Loading

0 comments on commit 2ab807c

Please sign in to comment.