\nLicense: GPL-3.0+\n\nLicense: GPL-3.0+\n This program is free software: you can redistribute it and/or modify\n it under the terms of the GNU General Public License as published by\n the Free Software Foundation, either version 3 of the License, or\n (at your option) any later version.\n .\n This package is distributed in the hope that it will be useful,\n but WITHOUT ANY WARRANTY; without even the implied warranty of\n MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n GNU General Public License for more details.\n .\n You should have received a copy of the GNU General Public License\n along with this program. If not, see .\n .\n On Debian systems, the complete text of the GNU General\n Public License version 3 can be found in \"/usr/share/common-licenses/GPL-3\".\n"
},
{
"path": "debian/masscan.dirs",
"content": "usr/bin\n"
},
{
"path": "debian/masscan.docs",
"content": "README.md\nVULNINFO.md\ndoc/algorithm.js\ndoc/bot.html\n"
},
{
"path": "debian/masscan.install",
"content": "bin/masscan usr/bin/\n"
},
{
"path": "debian/masscan.manpages",
"content": "doc/masscan.8\n"
},
{
"path": "debian/rules",
"content": "#!/usr/bin/make -f\n# -*- makefile -*-\n# Sample debian/rules that uses debhelper.\n# This file was originally written by Joey Hess and Craig Small.\n# As a special exception, when this file is copied by dh-make into a\n# dh-make output file, you may use that output file without restriction.\n# This special exception was added by Craig Small in version 0.37 of dh-make.\n\n# Uncomment this to turn on verbose mode.\n#export DH_VERBOSE=1\n\n%:\n\tdh $@ \n\noverride_dh_auto_test:\n\t$(MAKE) regress\n"
},
{
"path": "debian/source/format",
"content": "3.0 (quilt)\n"
},
{
"path": "debian/watch",
"content": "version=3\n\n# use the github release pages\nhttps://github.com/robertdavidgraham/masscan/releases .*/(\\d\\S*)\\.(?:tgz|tbz|txz|(?:tar\\.(?:gz|bz2|xz)))\n"
},
{
"path": "doc/algorithm.js",
"content": "/*\n\n This is an implementation of the core Masscan scanning algorithm\n in JavaScript/NodeJS. The core scanning algorithm is what makes\n Masscan unique from other scanners, so it's worth highlighting\n separately in a sample program.\n\n REVIEW OF SCANNERS\n\n The most famous port-scanner is \"nmap\". However, it is a\n \"host-at-a-time\" scanner, and struggles at scanning large networks.\n\n Masscan is an asynchronous, probe-at-a-time scanner. It spews out\n probes to different ports, without caring if two probes happen to\n be send to the same host. If the user wants a list of all ports\n open on a single host, they have to post-process the masscan output\n themselves, because masscan doesn't do it.\n\n There are other asynchronous port-scanners, like scanrand, unicornscan,\n and zmap. However, they have limitations in the way they do randomization\n of their scans. They have limitations on the ranges of addresses and\n ports that they'll accept, try to store an individual memory record\n for everything scanned, or only partly randomize their scans.\n\n THE WAY MASSCAN WORKS\n\n Masscan first stores the targets as a \"list of ranges\". IP address\n ranges are stored in one structure, and port ranges are stored\n in another structure.\n\n Then, a single index variable is used to enumerate the set of all \n IP:port combinations. The scan works by simply incrementing the \n index variable from 0 to the total number of probes (the 'range').\n\n Then, before the enumeration step, the index is permuted into another\n random index within the same range, in a 1-to-1 mapping. In other\n words, the algorithm is theoretically reversable: given the output\n of the permutation function, we can obtain the original index.\n\nEXAMPLE\n\n This program can be run like the following:\n\n node patent.js 10.0.0.0-10.0.0.5 192.168.0.0/31 80,U:161\n 10.0.0.0-10.0.0.5\n 192.168.0.0-192.168.0.1\n 0.0.0.80-0.0.0.80\n 0.1.0.161-0.1.0.161\n --> 10.0.0.4 udp:161\n --> 10.0.0.0 udp:161\n --> 10.0.0.1 udp:161\n --> 10.0.0.4 tcp:80\n --> 192.168.0.1 tcp:80\n --> 10.0.0.0 tcp:80\n --> 10.0.0.2 udp:161\n --> 10.0.0.5 udp:161\n --> 192.168.0.0 tcp:80\n --> 192.168.0.0 udp:161\n --> 10.0.0.1 tcp:80\n --> 10.0.0.3 udp:161\n --> 10.0.0.2 tcp:80\n --> 10.0.0.5 tcp:80\n --> 192.168.0.1 udp:161\n --> 10.0.0.3 tcp:80\n\n What you see first is the target ranges being echoed back that it scans,\n first the IP address ranges, followed by the port ranges. The port ranges\n are in weird decimal-dot notation because they share the same code\n as for IPv4 addresses.\n\n Then we see the randomized output, where individual probes are sent to a\n random IP address and port.\n\nTransmitThread\n\n All the majic happens in the \"TransmitThread()\" function near the bottom\n of this file.\n\n We first see how the index variable 'i' is incremented from 0 to the\n total number of packets that will be sent. We then see how first this\n index is permuted to 'xXx', then this variable is separated into\n one index for the IP address and another index for the port. Then,\n those indexes are used to enumerate one of the IP addresses and\n one of the ports.\n\nBlackrock\n\n This is the permutation function. It implements an encryption algorithm\n based on DES (Data Encryption Standard). However, the use of real DES\n would impose a restricting on the range that it be an even power of 2.\n In the above example, with 14 total probes, this doesn't apply.\n Therefore, we have to change binary operators like XOR with their\n non-binary equivelents.\n\n The upshot is that we first initialize Blackrock with the range (and\n a seed/key), and then shuffle the index. The process is stateless,\n meaning that any time we shuffle the number '5' we always get the \n same result, regardless of what has happened before.\n\nTargets, RangeList, Range\n\n A Range is just a begin/end of an integer. We use this both for\n IPv4 addresses (which are just 32-bit integers) and ports\n (which are 16 bit integers).\n\n A RangeList is just an array of Ranges. In Masscan, this object\n sorts and combines ranges, making sure there are no duplicates,\n but that isn't used in this example.\n\n The RangeList object shows how an index can enumerate the \n individual addresses/ports. This is down by walking the list\n and subtracting from the index the size of each range, until\n we reach a range that is larger than the index.\n\n The Targets object just holds both the IP and port lists.\n\n*/\n\nfunction Range(begin, end) {\n if (typeof begin == 'undefined' && typeof end == 'undefined') {\n this.begin = 0xFFFFFFFF;\n this.end = 0;\n } else if (typeof end == 'undefined') {\n this.begin = begin;\n this.end = begin;\n } else {\n this.begin = begin;\n this.end = end;\n }\n\n this.toString = function () {\n return ((this.begin >> 24) & 0xFF)\n + \".\" + ((this.begin >> 16) & 0xFF)\n + \".\" + ((this.begin >> 8) & 0xFF)\n + \".\" + ((this.begin >> 0) & 0xFF)\n + \"-\" + ((this.end >> 24) & 0xFF)\n + \".\" + ((this.end >> 16) & 0xFF)\n + \".\" + ((this.end >> 8) & 0xFF)\n + \".\" + ((this.end >> 0) & 0xFF);\n }\n\n this.count = function () {\n return this.end - this.begin + 1;\n }\n this.pick = function (index) {\n return this.begin + index;\n }\n return this;\n}\n\nfunction RangeList() {\n this.list = [];\n this.total_count = 0;\n\n this.push = function (range) {\n this.list.push(range);\n this.total_count += range.count();\n }\n\n this.count = function () {\n return this.total_count;\n }\n\n this.pick = function (index) {\n for (var i in this.list) {\n var item = this.list[i];\n if (index < item.count())\n return item.pick(index);\n else\n index -= item.count();\n }\n return null;\n }\n}\n\n\nfunction Targets() {\n this.ports = new RangeList();\n this.ips = new RangeList();\n\n this.parse_ip = function (text) {\n var x = text.split(\".\");\n var result = 0;\n result |= parseInt(x[0]) << 24;\n result |= parseInt(x[1]) << 16;\n result |= parseInt(x[2]) << 8;\n result |= parseInt(x[3]) << 0;\n return result;\n }\n\n this.parse_ports = function (arg) {\n var offset = 0;\n\n if (arg.indexOf(\":\") !== -1) {\n var x = arg.split(\":\");\n if (x[0] == \"U\")\n offset = 65536;\n else if (x[0] == \"S\")\n offset = 65536 * 2;\n arg = x[1];\n }\n\n var target;\n if (arg.indexOf(\"-\") !== -1) {\n var x = arg.split(\"-\");\n target = new Range(parseInt(x[0]), parseInt(x[1]));\n } else\n target = new Range(parseInt(arg));\n\n target.begin += offset;\n target.end += offset;\n this.ports.push(target);\n }\n this.parse_args = function (argv) {\n for (var i in argv) {\n var arg = argv[i];\n\n if (arg.indexOf(\",\") !== -1) {\n var x = arg.split(\",\");\n for (var j in x)\n this.parse_ports(x[j]);\n } else if (arg.indexOf(\"/\") !== -1) {\n var x = arg.split(\"/\");\n var address = this.parse_ip(x[0]);\n var prefix = parseInt(x[1]);\n var mask = 0xFFFFFFFF << (32 - prefix);\n address = address & mask;\n var target = new Range(address, address | ~mask);\n this.ips.push(target);\n } else if (arg.indexOf(\"-\") !== -1) {\n var x = arg.split(\"-\");\n var begin = this.parse_ip(x[0]);\n var end = this.parse_ip(x[1]);\n var target = new Range(begin, end);\n this.ips.push(target);\n } else if (arg.indexOf(\".\") !== -1) {\n var target = new Range(this.parse_ip(arg));\n this.ips.push(target);\n } else {\n this.parse_ports(arg);\n }\n }\n }\n this.print = function () {\n var i;\n for (i in this.ips.list) {\n console.log(this.ips.list[i].toString());\n }\n for (i in this.ports.list) {\n console.log(this.ports.list[i].toString());\n }\n }\n return this;\n}\n\n\n\nfunction Blackrock(range, seed) {\n var split = Math.floor(Math.sqrt(range * 1.0));\n\n this.rounds = 3;\n this.seed = seed;\n this.range = range;\n this.a = split - 1;\n this.b = split + 1;\n\n while (this.a * this.b <= range)\n this.b++;\n\n /** Inner permutation function */\n this.F = function (j, R, seed) {\n var primes = [961752031, 982324657, 15485843, 961752031];\n R = ((R << (R & 0x4)) + R + seed);\n return Math.abs((((primes[j] * R + 25) ^ R) + j));\n }\n\n /** Outer feistal construction */\n this.fe = function (r, a, b, m, seed) {\n var L, R;\n var j;\n var tmp;\n\n L = m % a;\n R = Math.floor(m / a);\n\n for (j = 1; j <= r; j++) {\n if (j & 1) {\n tmp = (L + this.F(j, R, seed)) % a;\n } else {\n tmp = (L + this.F(j, R, seed)) % b;\n }\n L = R;\n R = tmp;\n }\n if (r & 1) {\n return a * L + R;\n } else {\n return a * R + L;\n }\n }\n\n /** Outer reverse feistal construction */\n this.unfe = function (r, a, b, m, seed) {\n var L, R;\n var j;\n var tmp;\n\n if (r & 1) {\n R = m % a;\n L = Math.floor(m / a);\n } else {\n L = m % a;\n R = Math.floor(m / a);\n }\n\n for (j = r; j >= 1; j--) {\n if (j & 1) {\n tmp = this.F(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = a - (tmp % a);\n if (tmp == a)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= a;\n }\n } else {\n tmp = this.F(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = b - (tmp % b);\n if (tmp == b)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= b;\n }\n }\n R = L;\n L = tmp;\n }\n return a * R + L;\n }\n\n this.shuffle = function (m) {\n var c;\n\n c = this.fe(this.rounds, this.a, this.b, m, this.seed);\n while (c >= this.range)\n c = this.fe(this.rounds, this.a, this.b, c, this.seed);\n\n return c;\n }\n\n this.unshuffle = function (m) {\n var c;\n\n c = unfe(this.rounds, this.a, this.b, m, this.seed);\n while (c >= this.range)\n c = unfe(this.rounds, this.a, this.b, c, this.seed);\n\n return c;\n }\n return this;\n}\n\nfunction TransmitThread(targets, transmit, seed) {\n var range = targets.ips.count() * targets.ports.count();\n var b = Blackrock(range, seed);\n\n for (var i = 0; i < range; i++) {\n var xXx = b.shuffle(i);\n\n var ip_index = Math.floor(xXx / targets.ports.count());\n var port_index = Math.floor(xXx % targets.ports.count());\n\n var ip = targets.ips.pick(ip_index);\n var port = targets.ports.pick(port_index);\n\n transmit(ip, port);\n }\n}\n\nfunction Transmit2Thread(targets, transmit, seed, start, stop, increment) {\n var range = targets.ips.count() * targets.ports.count();\n var b = Blackrock(range, seed);\n\n for (var i = start; i < range && i < stop; i += increment) {\n var xXx = b.shuffle(i);\n\n var ip_index = Math.floor(xXx / targets.ports.count());\n var port_index = Math.floor(xXx % targets.ports.count());\n\n var ip = targets.ips.pick(ip_index);\n var port = targets.ports.pick(port_index);\n\n transmit(ip, port);\n }\n}\n\n\nfunction transmit(ip, port) {\n var proto = \"tcp\";\n if (port > 65536 * 2) {\n proto = \"sctp\";\n port -= 65536 * 2;\n } else if (port > 65536) {\n proto = \"udp\";\n port -= 65536;\n }\n\n var ipstring = ((ip >> 24) & 0xFF)\n + \".\" + ((ip >> 16) & 0xFF)\n + \".\" + ((ip >> 8) & 0xFF)\n + \".\" + ((ip >> 0) & 0xFF)\n\n console.log(\"--> \" + ipstring + \" \" + proto + \":\" + port);\n}\n\nvar targets = new Targets();\ntargets.parse_args(process.argv.splice(2));\ntargets.print();\n\nTransmitThread(targets, transmit, 42);\n\n"
},
{
"path": "doc/bot.html",
"content": "\n\nMasscan/1.0 - fast port scanner\n\n\nMasscan/1.0 - fast port scanner
\n\nThis tool is not a web spider, but a port scanner. It'll make only one request to a website, usually for the root / webpage. It then records the Server: field from the HTTP header, the <title> from the page contents, and possibly a few other interesting fields.
\n\nThis does not follow links, it doesn't scan your web pages, but the ports on your machine.
\n\nThe source code for this tool is at https://github.com/robertdavidgraham/masscan/. This is an open source project, so that this means it's not me (Robert Graham) who is using this tool to scan your website, but likely somebody else. I can't speak for their intentions, but this tool is more useful at doing surveys of the Internet than trying to hack in (tools like 'nmap' or 'nessus' are more often used for that).
\n\n\n\n\n\n"
},
{
"path": "doc/faq/FAQ0001-slow.md",
"content": "# Why is it not as fast as I expect?\r\n\r\n## Question\r\n\r\nWhy is scanning speed only around 100,000 packets-per-second instead of a million packets-per-second?\r\n\r\n## Answer\r\n\r\nI don't know.\r\n\r\nIf you have the latest Linux distro on the latest hardware, you can sometime\r\nsee scanning speeds of 1 million packets-per-second, even when virtualized.\r\n\r\nHowever, sometimes you also see only 100,000 packets-per-second.\r\n\r\nI've spent a lot of time trying to diagnose this situation and cannot\r\nfigure out what's going on. The box I use in a colo does 500,000 packets-per-second.\r\nA relatively slow machine in my home lab does 1.2 million packets-per-second.\r\n\r\nThe speed is determined by the operating system. The amount of CPU used by `masscan`\r\nitself is insignificant.\r\n\r\nMy theory is various configuration options within the operating system that can make\r\npacket transmission very slow. Simple features that would not otherwise impact network\r\nstacks that run at lower rates become really important at high rates.\r\n\r\nOne way around this is to install `PF_RING` and dedicate a network adapter to packet\r\ntransmission completely bypassing the operating system. In that case, packet transmission\r\nrates can reach 15 million packets-per-second.\r\n"
},
{
"path": "doc/faq/FAQ0002-drops.md",
"content": "# Why are many results missing that I expect?\r\n\r\n# Question\r\n\r\nWhen I do a scan, results are missing that I know are there.\r\nThey show up when I repeat the scan, but then others are missing.\r\nThe faster I scan, the more results are missing.\r\n\r\n# Answer\r\n\r\nNetwork infrastructure does not like high rates of small packets.\r\nEven though they can handle high **bit-rates** then cannot handle\r\nhigh **packet-rates**.\r\n\r\nThis is what makes `masscan` so unique. It transmits packets at rates\r\nfar higher than other things can cope with. It often crashes networks.\r\n\r\nTherefore, the faster you transmit packets, the more it overloads network\r\nequipment, causing the packets to be dropped, causing probes to fail.\r\n\r\nAs the issue #546 below indicates, they are experiencing this at very low\r\nrates of less than 10,000 packets-per-second. That seems excessively low.\r\nI assume the actual reason is because of policy enforcement limiting traffic\r\nrates rather than overloading network equipment.\r\n\r\n\r\n\r\n# Issues\r\n\r\n- [#546 fast scan get result](https://github.com/robertdavidgraham/masscan/issues/546)\r\n\r\n"
},
{
"path": "doc/faq/FAQ0003-excludelist.md",
"content": "# How can I add my IP address to an exclude list so that people stop scanning me?\r\n\r\n# Question\r\n\r\nI hate everyone probing me all the time and want them to stop.\r\nHow can I add my IP address ranges to an exclude list?\r\n\r\n# Answer\r\n\r\nYou can't.\r\n\r\nFirst of all, nobody is going to pay attention to a sample exclude list\r\nwithin this project. Sure, I can add IP addresses to the list, but that\r\nwon't help you.\r\n\r\nSecond, there's no way I can confirm who you are. So I can't simply\r\nadd to an exclude list just because you ask.\r\n\r\nThirdly, it'll just make you more of a target, as smart hackers know to\r\nuse the exclude-list as one of their first include-lists, as it marks\r\npeople who have something to hide.\r\n\r\nFourthly, and most importantly, it's Wrong Think on how to manage your\r\nnetwork.\r\n\r\n"
},
{
"path": "doc/faq/FAQ0004-serverlogs.md",
"content": "# Why is masscan in my server logs?\r\n\r\n## Question\r\n\r\nSome example questions:\r\n* Why is `masscan` appearing in my server logs?\r\n* Why are you scanning me?\r\n* Why is my server trying to connect to this github repo?\r\n\r\n## Answer\r\n\r\nWhen `masscan` connections to a webserver, it puts a link\r\nback to this repo in the `User-Agent` field.\r\n\r\nSince lots of people run Internet-wide scans using this tool,\r\nand an Internet wide scan hits every public web server, you'll\r\nsee this appear in your web server logs several times a day.\r\n\r\nIt's the **end-to-end** principle of the Internet. Having a public\r\nwebserver on the Internet means that anybody can and will try to\r\nconnect to the web server.\r\n\r\nIt's nothing necessarily malicious. Lots of people run Internet-wide\r\nscans to gather information about the state of the Internet. Of course,\r\nsome are indeed malicious, scanning to find vulnerabilities. However,\r\neven when malicious, they probably aren't targetting you in particular,\r\nbut are instead scanning everybody.\r\n\r\n"
},
{
"path": "doc/faq/README.md",
"content": "# FAQs (frequently asked questions)\r\n\r\nThis directory contains some documents discussing frequently asked\r\nquestions\r\n\r\n - 1 - [Why is it not as fast as I expect?](FAQ0001-slow.md)\r\n - 2 - [Why are many results missing that I expect?](FAQ0002-drops.md)\r\n - 3 - [How can I add my IPs to an official exclude list, to get people to stop scanning me?](FAQ0003-excludelist.md)\r\n - 4 - [Why is this in my server logs?](FAQ0004-serverlogs.md)\r\n"
},
{
"path": "doc/howto-afl.md",
"content": "Using afl fuzzer against masscan\n================================\n\nAFL (American-Fuzzy-Lop) is an automated *fuzzer*. It takes existing\ninput to a program, then morphs that input in order to test new \ncode paths through the code. It's extremely successful at finding \nbugs as well as *vulnerabilities*.\n\nThere are two inputs to *masscan*. One is the files it reads, which\ncome in various formats. The second is input from the network, in \nresponse to network probes, which consist of various network protocols.\n\nFor AFL, there is also the issue of how *masscan* crashes. It tries to\nprint a backtrace. This causes AFL to falsely mark this as a \"hang\"\nrather than a \"crash\". To fix this, run *masscan* with the *--nobacktrace*\noption.\n\n## Fuzzing file formats ##\n\nThe *masscan* program reads the following files. You can set the fuzzer\nat each one of these to fuzz how it parses the contents.\n\n*-c *\n\n*Masscan* can read its configuration either from the command-line or from a file.\nTo create a file, run *masscan* as normal, then hit . This will save all\nit's settings, even default values, into a file. It's a good starting point for\nfuzzing.\n\n*--readscan *\n\nOne of the possible outputs of *masscan* is in a proprietary binary format. You\ncan then run *masscan* to convert to any other output format.\n\nIn other words, you can run masscan to output XML like:\n\n masscan -oX scan.xml\n \nOr, in a two step process:\n\n masscan -ob scan.mass\n \n masscan --readscan scan.mass -oX scan.xml\n \n\n*--exclude-file *\n\n*Masscan* can scan large ragnes, like *0.0.0.0/0* (the entire Internet). You may\nwant to exclude specific addresses or ranges. These are configured in the\n\"exclude file\".\n\nYou can also read ranges using *--include-file * or \n*-iL *, but as far as fuzzing, I'm pretty sure it'll \nbe the same results.\n\n*--hello-file[] *\n\nThis file is read, then dumped blindly across a TCP connection, in order\nto say \"hello\" to a service. Since there's no parsing here, I'm not sure\nyou'll find anything fuzzing this.\n\n*--nmap-payloads *\n\nThis file specifies the default payloads for UDP. It's in the same file\nformat as for *nmap*. There's some juicy parsing here that may lead\nto bugs.\n\n*--pcap-payloads *\n\nThis is the same as *--nmap-payloads*, but reads the UDP payloads from\na *libpcap* file.\n\n## Fuzzing network protocols ##\n\n*Masscan* parses several network protocols. It also must reassemble\nfragmented responses over TCP for any application protocol. Remember:\n*masscan* has it's own stack, so must parse everything that comes\nover the network.\n\nAFL has no ability to read from the network at this time. Moreover,\neven then it wouldn't work easily, since *masscan* has a network stack\nrather than just an application layer to deal with.\n\nThe trick is to first use *masscan* on a target that responds back\non a protocol, then save just the response side of the TCP connection\nto a file. Then, when running *masscan* under AFL, read in that file\nusing the option *--adapter file:*. Then, and this is \ncritical, you must hard code all the TCP stack values to match those\nof the original connection.\n\nI generated the file *masscan/data/afl-http.pcap* as an example file\nto read for fuzzing the parsing of HTTP. The command-line parameters\nto use are:\n\n bin/masscan --nobacktrace --adapter file:data/afl-http.pcap --source-ip 10.20.30.200 --source-port 6000 --source-mac 00-11-22-33-44-55 --router-mac c0-c1-c0-a0-9b-9d --seed 0 --banners -p80 74.125.196.147 --nostatus\n\nThe explanation are:\n\n *--nobacktrace*: so that AFL correctly marks crashes as crashes\n and not as hangs.\n \n *--adapter file:*: This option normally specifies the adapter,\n like *eth0* or *en1*. By putting the *file:* prefix on an adapter name,\n it'll use a file (in *libpcap* format) to use instead. In this case,\n transmits are dropped, and any packets are read from a file.\n \n *--source-ip*, *--source-port*, *--source-mac*, *--router-mac*:\n These are the hard-coded TCP/IP stack settings that must match the packets\n in the file.\n \n *--seed*: This must match the randomization seed in the packet file. Since\n everything else is hardcoded, I think the only thing this will control\n will be the sequence number of the TCP connection.\n \n *--banners*: this tell the scanner to not simply find open ports, but also\n establish a TCP connection and interact with the protocol, and report on\n the results.\n \n *-p*: The destination IP address to connect to.\n \n **: The IP address to connect to\n\nThis should produce an output like the following. If you get the\nbanner back, then you know you've successfully done everything\ncorrectly. Conversely, if you set *--seed 1*, then it won't work,\nbecause it'll reject responses that match the wrong seed.\n\n Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2016-06-06 05:19:03 GMT\n -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth\n Initiating SYN Stealth Scan\n Scanning 1 hosts [1 port/host]\n Discovered open port 80/tcp on 74.125.196.147\n Banner on port 80/tcp on 74.125.196.147: [title] Google\n Banner on port 80/tcp on 74.125.196.147: [http] HTTP/1.0 200 OK\\x0d\\x0a...\n ...\n \n(Additional output is truncated -- you get the idea).\n\nThe problem with this is that *masscan* will take about 10 seconds before it \nproduces the results. When it establishes a connection, it waits a few seconds\nfor the other side to transmit, then sends it's \"hello\", then waits many\nseconds for all output to be received. I don't know if this messes AFL up,\nwhether I need to add additional options to truncate any waiting.\n\n\n\n\n\n\n\n\n"
},
{
"path": "doc/masscan.8",
"content": ".\\\" generated with Ronn/v0.7.3\r\n.\\\" http://github.com/rtomayko/ronn/tree/0.7.3\r\n.\r\n.TH \"MASSCAN\" \"8\" \"January 2014\" \"\" \"\"\r\n.\r\n.SH \"NAME\"\r\n\\fBmasscan\\fR \\- Fast scan of the Internet\r\n.\r\n.SH \"SYNOPSIS\"\r\nmasscan [\\fIoptions\\fR] [... \\-p \\fIPORT\\fR[,\\fIPORT\\fR...]]\r\n.\r\n.SH \"DESCRIPTION\"\r\n\\fBmasscan\\fR is an Internet\\-scale port scanner, useful for large scale surveys of the Internet, or of internal networks\\. While the default transmit rate is only 100 packets/second, it can optional go as fast as 25 million packets/second, a rate sufficient to scan the Internet in 3 minutes for one port\\.\r\n.\r\n.SH \"OPTIONS\"\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\fR: anything on the command\\-line not prefixed with a \\'\\-\\' is assumed to be an IP address or range\\. There are three valid formats\\. The first is a single IPv4 address like \"192\\.168\\.0\\.1\"\\. The second is a range like \"10\\.0\\.0\\.1\\-10\\.0\\.0\\.100\"\\. The third is a CIDR address, like \"0\\.0\\.0\\.0/0\"\\. At least one target must be specified\\. Multiple targets can be specified\\. This can be specified as multiple options separated by space, or can be separated by a comma as a single option, such as \\fB10\\.0\\.0\\.0/8,192\\.168\\.0\\.1\\fR\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-range \\fR: the same as target range spec described above, except as a named parameter instead of an unnamed one\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-p PORT[,PORT...]\\fR, \\fB\\-\\-ports PORT[,PORT...]\\fR: specifies the port(s) to be scanned\\. A single port can be specified, like \\fB\\-p80\\fR\\. A range of ports can be specified, like \\fB\\-p 20\\-25\\fR\\. A list of ports/ranges can be specified, like \\fB\\-p80,20\\-25\\fR\\. UDP ports can also be specified, like \\fB\\-\\-ports U:161,U:1024\\-1100\\fR\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-banners\\fR: specifies that banners should be grabbed, like HTTP server versions, HTML title fields, and so forth\\. Only a few protocols are supported\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-rate RATE\\fR: specifies the desired rate for transmitting packets\\. This can be very small numbers, like \\fB0\\.1\\fR for transmitting packets at rates of one every 10 seconds, for very large numbers like 10000000, which attempts to transmit at 10 million packets/second\\. In my experience, Windows and can do 250 thousand packets per second, and latest versions of Linux can do 2\\.5 million packets per second\\. The PF_RING driver is needed to get to 25 million packets/second\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-c FILE\\fR, \\fB\\-\\-conf FILE\\fR: reads in a configuration file\\. The format of the configuration file is described below\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-resume FILE\\fR: the same as \\fB\\-\\-conf\\fR, except that a few options are automatically set, such as \\fB\\-\\-append\\-output\\fR\\. The format of the configuration file is described below\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-echo\\fR: don\\'t run, but instead dump the current configuration to a file\\. This file can then be used with the \\fB\\-c\\fR option\\. The format of this output is described below under \\'CONFIGURATION FILE\\'\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-e IFNAME\\fR, \\fB\\-\\-adapter IFNAME\\fR: use the named raw network interface, such as \"eth0\" or \"dna1\"\\. If not specified, the first network interface found with a default gateway will be used\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-adapter\\-ip IP\\fR: send packets using this IP address\\. If not specified, then the first IP address bound to the network interface will be used\\. Instead of a single IP address, a range may be specified\\. NOTE: The size of the range must be an even power of 2, such as 1, 2, 4, 8, 16, 1024 etc\\. addresses\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-adapter\\-port PORT\\fR: send packets using this port number as the source\\. If not specified, a random port will be chosen in the range 40000 through 60000\\. This port should be filtered by the host firewall (like iptables) to prevent the host network stack from interfering with arriving packets\\. Instead of a single port, a range can be specified, like \\fB40000\\-40003\\fR\\. NOTE: The size of the range must be an even power of 2, such as the example above that has a total of 4 addresses\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-adapter\\-mac MAC\\fR: send packets using this as the source MAC address\\. If not specified, then the first MAC address bound to the network interface will be used\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-router\\-mac MAC\\fR: send packets to this MAC address as the destination\\. If not specified, then the gateway address of the network interface will be ARPed\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-ping\\fR: indicates that the scan should include an ICMP echo request\\. This may be included with TCP and UDP scanning\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-exclude \\fR: blacklist an IP address or range, preventing it from being scanned\\. This overrides any target specification, guaranteeing that this address/range won\\'t be scanned\\. This has the same format as the normal target specification\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-excludefile FILE\\fR: reads in a list of exclude ranges, in the same target format described above\\. These ranges override any targets, preventing them from being scanned\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-append\\-output\\fR: causes output to append to the file, rather than overwriting the file\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-iflist\\fR: list the available network interfaces, and then exits\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-retries NUM\\fR: the number of retries to send, at 1 second intervals\\. Note that since this scanner is stateless, retries are sent regardless if replies have already been received\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-nmap\\fR: print help about nmap\\-compatibility alternatives for these options\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-pcap\\-payloads FILE\\fR: read packets from a libpcap file containing packets and extract the UDP payloads, and associate those payloads with the destination port\\. These payloads will then be used when sending UDP packets with the matching destination port\\. Only one payload will be remembered per port\\. Similar to \\fB\\-\\-nmap\\-payloads\\fR\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-nmap\\-payloads FILE\\fR: read in a file in the same format as the nmap file \\fBnmap\\-payloads\\fR\\. This contains UDP payload, so that we can send useful UDP packets instead of empty ones\\. Similar to \\fB\\-\\-pcap\\-payloads\\fR\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-http\\-user\\-agent USER_AGENT\\fR: replaces the existing user\\-agent field with the indicated value when doing HTTP requests\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-open\\-only\\fR: report only open ports, not closed ports\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-pcap FILE\\fR: saves received packets (but not transmitted packets) to the libpcap\\-format file\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-packet\\-trace\\fR: prints a summary of those packets sent and received\\. This is useful at low rates, like a few packets per second, but will overwhelm the terminal at high rates\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-pfring\\fR: force the use of the PF_RING driver\\. The program will exit if PF_RING DNA drvers are not available\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-resume\\-index INDEX\\fR: the point in the scan at when it was paused\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-resume\\-count NUM\\fR: the maximum number of probes to send before exiting\\. This is useful with the \\fB\\-\\-resume\\-index\\fR to chop up a scan and split it among multiple instances, though the \\fB\\-\\-shards\\fR option might be better\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-shards X/Y\\fR: splits the scan among instances\\. \\fBx\\fR is the id for this scan, while \\fBy\\fR is the total number of instances\\. For example, \\fB\\-\\-shards 1/2\\fR tells an instance to send every other packet, starting with index 0\\. Likewise, \\fB\\-\\-shards 2/2\\fR sends every other packet, but starting with index 1, so that it doesn\\'t overlap with the first example\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-rotate TIME\\fR: rotates the output file, renaming it with the current timestamp, moving it to a separate directory\\. The time is specified in number of seconds, like \"3600\" for an hour\\. Or, units of time can be specified, such as \"hourly\", or \"6hours\", or \"10min\"\\. Times are aligned on an even boundary, so if \"daily\" is specified, then the file will be rotated every day at midnight\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-rotate\\-offset TIME\\fR: an offset in the time\\. This is to accommodate timezones\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-rotate\\-dir DIR\\fR: when rotating the file, this specifies which directory to move the file to\\. A useful directory is \\fB/var/log/masscan\\fR\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-seed INT\\fR: an integer that seeds the random number generator\\. Using a different seed will cause packets to be sent in a different random order\\. Instead of an integer, the string \\fBtime\\fR can be specified, which seeds using the local timestamp, automatically generating a differnet random order of scans\\. If no seed specified, \\fBtime\\fR is the default\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-regress\\fR: run a regression test, returns \\'0\\' on success and \\'1\\' on failure\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-ttl NUM\\fR: specifies the TTL of outgoing packets, defaults to 255\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-wait SECONDS\\fR: specifies the number of seconds after transmit is done to wait for receiving packets before exiting the program\\. The default is 10 seconds\\. The string \\fBforever\\fR can be specified to never terminate\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-offline\\fR: don\\'t actually transmit packets\\. This is useful with a low rate and \\fB\\-\\-packet\\-trace\\fR to look at what packets might\\'ve been transmitted\\. Or, it\\'s useful with \\fB\\-\\-rate 100000000\\fR in order to benchmark how fast transmit would work (assuming a zero\\-overhead driver)\\. PF_RING is about 20% slower than the benchmark result from offline mode\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-sL\\fR: this doesn\\'t do a scan, but instead creates a list of random addresses\\. This is useful for importing into other tools\\. The options \\fB\\-\\-shard\\fR, \\fB\\-\\-resume\\-index\\fR, and \\fB\\-\\-resume\\-count\\fR can be useful with this feature\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-interactive\\fR: show the results in realtime on the console\\. It has no effect if used with \\-\\-output\\-format or \\-\\-output\\-filename\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-output\\-format FMT\\fR: indicates the format of the output file, which can be \\fBxml\\fR, \\fBbinary\\fR, \\fBgrepable\\fR, \\fBlist\\fR, or \\fBJSON\\fR\\. The option \\fB\\-\\-output\\-filename\\fR must be specified\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-output\\-filename FILE\\fR: the file which to save results to\\. If the parameter \\fB\\-\\-output\\-format\\fR is not specified, then the default of \\fBxml\\fR will be used\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-oB FILE\\fR: sets the output format to binary and saves the output in the given filename\\. This is equivelent to using the \\fB\\-\\-output\\-format\\fR and \\fB\\-\\-output\\-filename\\fR parameters\\. The option \\fB\\-\\-readscan\\fR can then be used to read the binary file\\. Binary files are much smaller than their XML equivelents, but require a separate step to convert back into XML or another readable format\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-oX FILE\\fR: sets the output format to XML and saves the output in the given filename\\. This is equivelent to using the \\fB\\-\\-output\\-format xml\\fR and \\fB\\-\\-output\\-filename\\fR parameters\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-oG FILE\\fR: sets the output format to grepable and saves the output in the given filename\\. This is equivelent to using the \\-\\-output\\-format grepable and \\-\\-output\\-filename parameters\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-oJ FILE\\fR: sets the output format to JSON and saves the output in the given filename\\. This is equivelent to using the \\-\\-output\\-format json and \\-\\-output\\-filename parameters\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-oL FILE\\fR: sets the output format to a simple list format and saves the output in the given filename\\. This is equivelent to using the \\-\\-output\\-format list and \\-\\-output\\-filename parameters\\.\r\n.\r\n.IP \"\\(bu\" 4\r\n\\fB\\-\\-readscan FILE\\fR: reads the files created by the \\fB\\-oB\\fR option from a scan, then outputs them in one of the other formats, depending on command\\-line parameters\\. In other words, it can take the binary version of the output and convert it to an XML or JSON format\\.\r\n.\r\n.IP \"\" 0\r\n.\r\n.SH \"CONFIGURATION FILE FORMAT\"\r\nThe configuration file uses the same parameter names as on the commandline, but without the \\fB\\-\\-\\fR prefix, and with an \\fB=\\fR sign between the name and the value\\. An example configuration file might be:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# targets\r\nrange = 10\\.0\\.0\\.0/8,192\\.168\\.0\\.0/16\r\nrange = 172\\.16\\.0\\.0/14\r\nports = 20\\-25,80,U:53\r\nping = true\r\n\r\n# adapter\r\nadapter = eth0\r\nadapter\\-ip = 192\\.168\\.0\\.1\r\nrouter\\-mac = 66\\-55\\-44\\-33\\-22\\-11\r\n\r\n# other\r\nexclude\\-file = /etc/masscan/exludes\\.txt\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nBy default, the program will read default configuration from the file \\fB/etc/masscan/masscan\\.conf\\fR\\. This is useful for system\\-specific settings, such as the \\fB\\-\\-adapter\\-xxx\\fR options\\. This is also useful for excluded IP addresses, so that you can scan the entire Internet, while skipping dangerous addresses, like those owned by the DoD, and not make an accidental mistake\\.\r\n.\r\n.SH \"CONTROL\\-C BEHAVIOR\"\r\nWhen the user presses \\fIctrl\\-c\\fR, the scan will stop, and the current state of the scan will be saved in the file \\'paused\\.conf\\'\\. The scan can be resumed with the \\fB\\-\\-resume\\fR option:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan \\-\\-resume paused\\.conf\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nThe program will not exit immediately, but will wait a default of 10 seconds to receive results from the Internet and save the results before exiting completely\\. This time can be changed with the \\fB\\-\\-wait\\fR option\\.\r\n.\r\n.SH \"SIMPLE EXAMPLES\"\r\nThe following example scans all private networks for webservers, and prints all open ports that were found\\.\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 10\\.0\\.0\\.0/8 192\\.168\\.0\\.0/16 172\\.16\\.0\\.0/12 \\-p80 \\-\\-open\\-only\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nThe following example scans the entire Internet for DNS servers, grabbing their versions, then saves the results in an XML file\\.\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 0\\.0\\.0\\.0/0 \\-\\-excludefile no\\-dod\\.txt \\-pU:53 \\-\\-banners \\-\\-output\\-filename dns\\.xml\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nYou should be able to import the XML into databases and such\\.\r\n.\r\n.P\r\nThe following example reads a binary scan results file called bin\\-test\\.scan and prints results to console\\.\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan \\-\\-readscan bin\\-test\\.scan\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nThe following example reads a binary scan results file called bin\\-test\\.scan and creates an XML output file called bin\\-test\\.xml\\.\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan \\-\\-readscan bin\\-test\\.scan \\-oX bin\\-test\\.xml\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.SH \"ADVANCED EXAMPLES\"\r\nLet\\'s say that you want to scan the entire Internet and spread the scan across three machines\\. Masscan would be launched on all three machines using the following command\\-lines:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-shard 1/3\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-shard 2/3\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-shard 3/3\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nAn alternative is with the \"resume\" feature\\. A scan has an internal index that goes from zero to the number of ports times then number of IP addresses\\. The following example shows splitting up a scan into chunks of a 1000 items each:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-resume\\-index 0 \\-\\-resume\\-count 1000\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-resume\\-index 1000 \\-\\-resume\\-count 1000\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-resume\\-index 2000 \\-\\-resume\\-count 1000\r\n# masscan 0\\.0\\.0\\.0/0 \\-p0\\-65535 \\-\\-resume\\-index 3000 \\-\\-resume\\-count 1000\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nA script can use this to split smaller tasks across many other machines, such as Amazon EC2 instances\\. As each instance completes a job, the script might send a request to a central coordinating server for more work\\.\r\n.\r\n.SH \"SPURIOUS RESETS\"\r\nWhen scanning TCP using the default IP address of your adapter, the built\\-in stack will generate RST packets\\. This will prevent banner grabbing\\. There are are two ways to solve this\\. The first way is to create a firewall rule to block that port from being seen by the stack\\. How this works is dependent on the operating system, but on Linux this looks something like:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# iptables \\-A INPUT \\-p tcp \\-i eth0 \\-\\-dport 61234 \\-j DROP\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nThen, when scanning, that same port must be used as the source:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 10\\.0\\.0\\.0/8 \\-p80 \\-\\-banners \\-\\-adapter\\-port 61234\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nAn alternative is to \"spoof\" a different IP address\\. This IP address must be within the range of the local network, but must not otherwise be in use by either your own computer or another computer on the network\\. An example of this would look like:\r\n.\r\n.IP \"\" 4\r\n.\r\n.nf\r\n\r\n# masscan 10\\.0\\.0\\.0/8 \\-p80 \\-\\-banners \\-\\-adapter\\-ip 192\\.168\\.1\\.101\r\n.\r\n.fi\r\n.\r\n.IP \"\" 0\r\n.\r\n.P\r\nSetting your source IP address this way is the preferred way of running this scanner\\.\r\n.\r\n.SH \"ABUSE COMPLAINTS\"\r\nThis scanner is designed for large\\-scale surveys, of either an organization, or of the Internet as a whole\\. This scanning will be noticed by those monitoring their logs, which will generate complaints\\.\r\n.\r\n.P\r\nIf you are scanning your own organization, this may lead to you being fired\\. Never scan outside your local subnet without getting permission from your boss, with a clear written declaration of why you are scanning\\.\r\n.\r\n.P\r\nThe same applies to scanning the Internet from your employer\\. This is another good way to get fired, as your IT department gets flooded with complaints as to why your organization is hacking them\\.\r\n.\r\n.P\r\nWhen scanning on your own, such as your home Internet or ISP, this will likely cause them to cancel your account due to the abuse complaints\\.\r\n.\r\n.P\r\nOne solution is to work with your ISP, to be clear about precisely what we are doing, to prove to them that we are researching the Internet, not \"hacking\" it\\. We have our ISP send the abuse complaints directly to us\\. For anyone that asks, we add them to our \"\\-\\-excludefile\", blacklisting them so that we won\\'t scan them again\\. While interacting with such people, some instead add us to their whitelist, so that their firewalls won\\'t log us anymore (they\\'ll still block us, of course, they just won\\'t log that fact to avoid filling up their logs with our scans)\\.\r\n.\r\n.P\r\nUltimately, I don\\'t know if it\\'s possible to completely solve this problem\\. Despite the Internet being a public, end\\-to\\-end network, you are still \"guilty until proven innocent\" when you do a scan\\.\r\n.\r\n.SH \"COMPATIBILITY\"\r\nWhile not listed in this document, a lot of parameters compatible with \\fBnmap\\fR will also work\\.\r\n.\r\n.SH \"SEE ALSO\"\r\nnmap(8), pcap(3)\r\n.\r\n.SH \"AUTHORS\"\r\nThis tool was written by Robert Graham\\. The source code is available at https://github\\.com/robertdavidgraham/masscan\\.\r\n"
},
{
"path": "doc/masscan.8.markdown",
"content": "masscan(8) -- Fast scan of the Internet\n=======================================\n\n## SYNOPSIS\n\nmasscan \\[options\\] \\[... -p PORT\\[,PORT...\\]\\]\n\n## DESCRIPTION\n\n**masscan** is an Internet-scale port scanner, useful for large scale surveys\nof the Internet, or of internal networks. While the default transmit rate\nis only 100 packets/second, it can optionally go as fast as 25 million\npackets/second, a rate sufficient to scan the Internet in 3 minutes for\none port.\n\n## OPTIONS\n\n * ``: anything on the command-line not prefixed with a '-' is\n assumed to be an IP address or range. There are three valid formats.\n\tThe first is a single IP address like `192.168.0.1` or `2001:db8::1`. The second\n\tis a range like `10.0.0.1-10.0.0.100`. The third is a CIDR address,\n\tlike `0.0.0.0/0` or `2001:db8::/90`. At least one target must be specified. Multiple \n\ttargets can be specified. This can be specified as multiple options\n\tseparated by space, or can be separated by a comma as a single option,\n\tsuch as `10.0.0.0/8,192.168.0.1,2001:db8::1`.\n\n * `--range `: the same as target range spec described above,\n except as a named parameter instead of an unnamed one.\n\n * `-p PORT[,PORT..]`, `--ports PORT[,PORT...]`: specifies the port(s) to be scanned. A \n single port can be specified, like `-p80`. A range of ports can be \n specified, like `-p 20-25`. A list of ports/ranges can be specified, like\n\t`-p80,20-25`. UDP ports can also be specified, like\n\t`--ports U:161,U:1024-1100`.\n\n * `--banners`: specifies that banners should be grabbed after establishing\n\ta TCP connection. Protocols supported include HTTP, FTP, IMAP4, memcached,\n\tPOP3, SMTP, SSH, SSL, SMB, Telnet, RDP, and VNC.\n\n * `--rate RATE`: specifies the desired rate for transmitting\n packets. This can be very small numbers, like `0.1` for transmitting \n packets at rates of one every 10 seconds, for very large numbers like \n 10000000, which attempts to transmit at 10 million packets/second. In my\n experience, Windows and can do 250 thousand packets per second, and latest\n versions of Linux can do 2.5 million packets per second. The PF_RING driver\n is needed to get to 25 million packets/second.\n\n * `-c FILE`, `--conf FILE`: reads in a configuration file. \n If not specified, then will read from `/etc/masscan/masscan.conf` by default.\n\tThe format is described below under 'CONFIGURATION FILE'.\n\n * `--resume FILE`: the same as `--conf`, except that a few options\n are automatically set, such as `--append-output`. The format of the \n\tconfiguration file is described below. The purpose is to resume a scan\n\tsaved in `paused.conf` that was interupted with [ctrl-c].\n\n * `--echo`: don't run, but instead dump the current configuration to a file.\n This file can then be used with the `-c` option. The format of this\n\toutput is described below under 'CONFIGURATION FILE'.\n\n * `-e IFNAME`, `--adapter IFNAME`: use the named raw network interface,\n\tsuch as \"eth0\" or \"dna1\". If not specified, the first network interface\n\tfound with a default gateway will be used.\n\n * `--adapter-ip IP`, `--source-ip IP`: send packets using this IP address. If not\n specified, then the first IP address bound to the network interface\n\twill be used. Instead of a single IP address, a range may be specified.\n\tNOTE: The size of the range must be an even power of 2, such as 1, 2, 4,\n\t8, 16, 1024 etc. addresses.\n\n * `--adapter-port PORT`: send packets using this port number as the\n source. If not specified, a random port will be chosen in the range 40000\n\tthrough 60000. This port should be filtered by the host firewall (like\n\tiptables) to prevent the host network stack from interfering with arriving\n\tpackets. Instead of a single port, a range can be specified, like\n\t`40000-40003`. NOTE: The size of the range must be an even power of 2,\n\tsuch as the example above that has a total of 4 addresses.\n\n * `--adapter-mac MAC`: send packets using this as the source MAC\n address. If not specified, then the first MAC address bound to the network\n\tinterface will be used.\n \n * `--adapter-vlan VLANID`: send packets using this 802.1q VLAN ID\n\n * `--router-mac MAC`: send packets to this MAC address as the\n destination. If not specified, then the gateway address of the network\n\tinterface will be ARPed.\n\n * `--ping`: indicates that the scan should include an ICMP echo request.\n This may be included with TCP and UDP scanning.\n\n * `--exclude `: blacklist an IP address or range, preventing it\n from being scanned. This overrides any target specification, guaranteeing\n\tthat this address/range won't be scanned. This has the same format\n\tas the normal target specification.\n\n * `--excludefile FILE`: reads in a list of exclude ranges, in the same\n target format described above. These ranges override any targets,\n\tpreventing them from being scanned.\n\n * `-iL FILE`, `--includefile FILE`: reads in a list of ranges to scan, in the same\n target format described above for IP addresses and ranges. This file can contain\n\tmillions of addresses and ranges.\n\n * `--append-output`: causes output to append to the file, rather than\n overwriting the file. Useful for when resumeing scans (see `--resume`).\n\n * `--iflist`: list the available network interfaces, and then exits. The\n `-e IFNAME` can then be used with one of the listed adapters.\n\n * `--retries `: the number of retries to send, at 1 second intervals. Note\n that since this scanner is stateless, retries are sent regardless if\n\treplies have already been received.\n\n * `--nmap`: print help about nmap-compatibility alternatives for these\n options.\n\n * `--pcap-payloads FILE`: read packets from a libpcap file containing packets\n and extract the UDP payloads, and associate those payloads with the\n\tdestination port. These payloads will then be used when sending UDP\n\tpackets with the matching destination port. Only one payload will\n\tbe remembered per port. Similar to `--nmap-payloads`.\n\n * `--nmap-payloads FILE`: read in a file in the same format as \n the nmap file `nmap-payloads`. This contains UDP payload, so that we\n\tcan send useful UDP packets instead of empty ones. Similar to\n\t`--pcap-payloads`.\n\n * `--http-* HEADER`: replaces the existing field in the HTTP header\n with a new one. Fields that can be replaced are `--http-method`, `--http-url`,\n\t `--http-version`,`--http-host`, and `--http-user-agent`.\n\t Example: `--http-user-agent Keurig K575 Coffee Maker`. See also `--http-field` and `--http-cookie`.\n\n * `--http-field NAME:VALUE`: replaces the existing HTTP header field,\n or inserts a new one if the field doesn't exist, given as a `name:value` pair. \n\tCannot be used to replace the fields in the request-line (method, url, version).\n\tExample: `--http-field Accept:image/gif`.\n \n * `--http-field-remove NAME`: removes the first field from the header that matches\n (may be needed multiple times for fields like `Cookie` that can exist multiple times)\n\n * `--http-cookie VALUE`: adds a `Cookie:` field to the HTTP header, even\n if other cookie fields exist. The other `--http-*` options replace existing\n\tfields in the HTTP header, this one adds more even if some already exist.\n\n * `--http-payload STR`: adds a payload string after the header; this will\n automatically add a `--http-field Content-Length:LEN` field to match the length of the string,\n but the user will have to add their own `--http-field Content-Type:TYPE` field to match\n the string. Presumably, the user will also change the method to something like\n `--http-method POST`. Common conntent types would be `application/x-www-form-urlencoded`,\n `application/json`, or `text/xml`.\n\n\n * `--show [open|closed]`: tells which port status to display, such\n as 'open' for those ports that respond with a SYN-ACK on TCP, or\n\t'closed' for those ports that repsond with RST. The default is\n\tonly to display 'open' ports.\n\n * `--noshow [open|closed]`: disables a port status to display, such\n as to no longer display 'open' ports.\n\n * `--pcap FILE`: saves received packets (but not transmitted\n packets) to the libpcap-format file.\n\n * `--packet-trace`: prints a summary of those packets sent and received.\n This is useful at low rates, like a few packets per second, but will\n\toverwhelm the terminal at high rates.\n\n * `--pfring`: force the use of the PF_RING driver. The program will exit\n if PF_RING DNA drvers are not available.\n\n * `--resume-index INDEX`: the point in the scan at when it was paused.\n\n * `--resume-count NUM`: the maximum number of probes to send before exiting.\n This is useful with the `--resume-index` to chop up a scan and split\n\tit among multiple instances, though the `--shards` option might be \n\tbetter.\n\n * `--shards X/Y`: splits the scan among instances. `x` is the id \n\t for this scan, while `y` is the total number of instances. For example,\n\t `--shards 1/2` tells an instance to send every other packet, starting\n\t with index 0. Likewise, `--shards 2/2` sends every other packet, but\n\t starting with index 1, so that it doesn't overlap with the first example.\n\n * `--rotate TIME`: rotates the output file, renaming it with the \n current timestamp, moving it to a separate directory. The time is\n\tspecified in number of seconds, like \"3600\" for an hour. Or, units\n\tof time can be specified, such as \"hourly\", or \"6hours\", or \"10min\".\n\tTimes are aligned on an even boundary, so if \"daily\" is specified,\n\tthen the file will be rotated every day at midnight.\n\n * `--rotate-offset TIME`: an offset in the time. This is to accomodate\n timezones.\n\n * `--rotate-size SIZE`: rotates the output file when it exceeds the\n given size. Typical suffixes can be applied (k,m,g,t) for kilo, mega,\n\tgiga, tera.\n\n * `--rotate-dir DIR`: when rotating the file, this specifies which\n directory to move the file to. A useful directory is `/var/log/masscan`.\n\n * `--seed INT`: an integer that seeds the random number generator.\n Using a different seed will cause packets to be sent in a different\n\trandom order. Instead of an integer, the string `time` can be specified,\n\twhich seeds using the local timestamp, automatically generating a \n\tdifferent random order of scans. If no seed specified, `time` is the\n\tdefault.\n\n * `--regress`: run a regression test, returns '0' on success and '1' on\n failure.\n\t\n * `--ttl NUM`: specifies the TTL of outgoing packets, defaults to 255.\n \n * `--wait SECONDS`: specifies the number of seconds after transmit is\n done to wait for receiving packets before exiting the program. The default\n\tis 10 seconds. The string `forever` can be specified to never terminate.\n\t\n * `--offline`: don't actually transmit packets. This is useful with\n a low rate and `--packet-trace` to look at what packets might've been\n\ttransmitted. Or, it's useful with `--rate 100000000` in order to \n\tbenchmark how fast transmit would work (assuming a zero-overhead\n\tdriver). PF_RING is about 20% slower than the benchmark result from\n\toffline mode.\n\n * `-sL`: this doesn't do a scan, but instead creates a list of random\n addresses. This is useful for importing into other tools. The options\n\t`--shard`, `--resume-index`, and `--resume-count` can be useful with\n\tthis feature.\n \n * `--interactive`: show the results in realtime on the console. It has \n no effect if used with --output-format or --output-filename.\t\t\n \n * `--output-format FMT`: indicates the format of the output file, which\n can be `xml`, `binary`, `grepable`, `list`, or `JSON`. The \n\toption `--output-filename` must be specified.\n\n * `--output-filename FILE`: the file which to save results to. If\n the parameter `--output-format` is not specified, then the default of \n\t`xml` will be used.\n\t\t \n * `-oB FILE`: sets the output format to binary and saves the output in\n the given filename. This is equivalent to using the `--output-format` and\n `--output-filename` parameters. The option `--readscan` can then be used to\n read the binary file. Binary files are mush smaller than their XML\n equivalents, but require a separate step to convert back into XML or\n another readable format.\n\t\n * `-oX FILE`: sets the output format to XML and saves the output in the\n given filename. This is equivalent to using the `--output-format xml` and\n `--output-filename` parameters.\n\t\n * `-oG FILE`: sets the output format to grepable and saves the output \n\t in the given filename. This is equivalent to using the --output-format grepable \n\t and --output-filename parameters.\n \n * `-oJ FILE`: sets the output format to JSON and saves the output in \n\t the given filename. This is equivalent to using the --output-format json \n\t and --output-filename parameters.\n \n * `-oL FILE`: sets the output format to a simple list format and saves \n\t the output in the given filename. This is equivalent to using \n\t the --output-format list and --output-filename parameters.\n\n * `--readscan FILE`: reads the files created by the `-oB` option\n from a scan, then outputs them in one of the other formats, depending\n on command-line parameters. In other words, it can take the binary\n version of the output and convert it to an XML or JSON format. When this option\n is given, defaults from `/etc/masscan/masscan.conf` will not be read.\n\n * `--connection-timeout SECS`: when doing banner checks, this specifies the\n maximum number of seconds that a TCP connection can be held open. The default\n is 30 seconds. Increase this time if banners are incomplete. For example,\n we have to increase the timeout when downloading all the SSL certs from\n the Internet, because some sites take that long to deliver all the certs\n in the chain. However, beware that when this is set to a large value, it'll\n consume a lot of memory on fast scans. While the code may handle millions of \n open TCP connections, you may not have enough memory for that.\n\n * `--hello-file[PORT] FILE`: send the contents of the file once the \n TCP connection has been established with the given port. Requires that\n `--banners` also be set. Heuristics will be performed on the reponse in\n an attempt to discover what protocol, so HTTP responses will be parsed\n differently than other protocols.\n\n * `--hello-string[PORT] BASE64`: same as `--hello-file` except that the\n contents of the BASE64 encoded string are decoded, then used as the hello\n string that greets the server.\n\n * `--capture TYPE` or `--nocapture TYPE`: when doing banners (`--banner`), this\n determines what to capture from the banners. By default, only the TITLE field from\n\tHTML documents is captured, to get the entire document, use `--capture html`.\n\tBy default, the entire certificate from SSL is captured, to disable this, use\n\t`--nocapture cert`. Currently, only the values `html` and `cert` are currently\n\tsupported for this option, but many more will be added in the future.\n \n\n## CONFIGURATION FILE FORMAT\n\nThe configuration file uses the same parameter names as on the\ncommandline, but without the `--` prefix, and with an `=` sign\nbetween the name and the value. An example configuration file\nmight be:\n\n\t# targets\n\trange = 10.0.0.0/8,192.168.0.0/16\n\trange = 172.16.0.0/12\n\tports = 20-25,80,U:53\n\tping = true\n\n\t# adapter\n\tadapter = eth0\n\tadapter-ip = 192.168.0.1\n\trouter-mac = 66-55-44-33-22-11\n\n\t# other\n\texclude-file = /etc/masscan/exludes.txt\n\nBy default, the program will read default configuration from the file\n`/etc/masscan/masscan.conf`. This is useful for system-specific settings,\nsuch as the `--adapter-xxx` options. This is also useful for \nexcluded IP addresses, so that you can scan the entire Internet,\nwhile skipping dangerous addresses, like those owned by the DoD, \nand not make an accidental mistake.\n\n\n## CONTROL-C BEHAVIOR\n\nWhen the user presses , the scan will stop, and the current \nstate of the scan will be saved in the file 'paused.conf'. The scan\ncan be resumed with the `--resume` option:\n\n\t# masscan --resume paused.conf\n\nThe program will not exit immediately, but will wait a default of 10\nseconds to receive results from the Internet and save the results before\nexiting completely. This time can be changed with the `--wait` option.\n\n## USER-MODE STACK\n\nMasscan has a user-mode TCP/IP stack that co-exists with the operating-system's\nstack. Normally, this works fine but sometimes can cause problems, especially\nwith the `--banners` option that establishes a TCP/IP connection. In some\ncases, all the stack's parameters will have to be specified separately:\n\n --adapter-port PORT\n --adapter-ip IP\n --adapter-mac MAC\n --adapter-vlan VLANID\n --router-mac MAC\n\nIf the user-mode stack shares the same IP address as the operating-system,\nthen the kernel will send RST packets during a scan. This can cause\nunnecessary traffic during a simple port scan, and will terminate TCP\nconnections when doing a `--banners` scan. To prevent, this, the built-in\nfirewall should be used to filter the source ports. On Linux, this can be done\nby doing something like:\n\n # iptables -A INPUT -i eth0 -p tcp --dport 44444 -j DROP\n \nThis will prevent the Linux kernel from processing incoming packets to port\n44444, but `masscan` will still see the packets. Set the maching parameter\nof `--adapter-port 44444` to force `masscan` to use that port instead of\na random port.\n \n\n## SIMPLE EXAMPLES\n\nThe following example scans all private networks for webservers, and prints\nall open ports that were found.\n\n\t# masscan 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 -p80 --open-only\n\nThe following example scans the entire Internet for DNS servers, grabbing\ntheir versions, then saves the results in an XML file.\n\n\t# masscan 0.0.0.0/0 --excludefile no-dod.txt -pU:53 --banners --output-filename dns.xml\n\nYou should be able to import the XML into databases and such.\n\nThe following example reads a binary scan results file called bin-test.scan and prints\nresults to console.\n\n\t# masscan --readscan bin-test.scan\n\t\nThe following example reads a binary scan results file called bin-test.scan and creates\nan XML output file called bin-test.xml.\n\n\t# masscan --readscan bin-test.scan -oX bin-test.xml\n\n## ADVANCED EXAMPLES\n\nLet's say that you want to scan the entire Internet and spread the scan\nacross three machines. Masscan would be launched on all three machines\nusing the following command-lines:\n\n\t# masscan 0.0.0.0/0 -p0-65535 --shard 1/3\n\t# masscan 0.0.0.0/0 -p0-65535 --shard 2/3\n\t# masscan 0.0.0.0/0 -p0-65535 --shard 3/3\n\nAn alternative is with the \"resume\" feature. A scan has an internal index that\ngoes from zero to the number of ports times the number of IP addresses. The\nfollowing example shows splitting up a scan into chunks of a 1000 items each:\n\n\t# masscan 0.0.0.0/0 -p0-65535 --resume-index 0 --resume-count 1000\n\t# masscan 0.0.0.0/0 -p0-65535 --resume-index 1000 --resume-count 1000\n\t# masscan 0.0.0.0/0 -p0-65535 --resume-index 2000 --resume-count 1000\n\t# masscan 0.0.0.0/0 -p0-65535 --resume-index 3000 --resume-count 1000\n\nA script can use this to split smaller tasks across many other machines,\nsuch as Amazon EC2 instances. As each instance completes a job, the\nscript might send a request to a central coordinating server for more \nwork.\n\n \n## SPURIOUS RESETS\n\nWhen scanning TCP using the default IP address of your adapter, the built-in\nstack will generate RST packets. This will prevent banner grabbing. There are\nare two ways to solve this. The first way is to create a firewall rule\nto block that port from being seen by the stack. How this works is dependent\non the operating system, but on Linux this looks something like:\n\n # iptables -A INPUT -p tcp -i eth0 --dport 61234 -j DROP\n\nThen, when scanning, that same port must be used as the source:\n\n # masscan 10.0.0.0/8 -p80 --banners --adapter-port 61234\n \nAn alternative is to \"spoof\" a different IP address. This IP address must be\nwithin the range of the local network, but must not otherwise be in use by\neither your own computer or another computer on the network. An example of this\nwould look like:\n\n # masscan 10.0.0.0/8 -p80 --banners --adapter-ip 192.168.1.101\n\nSetting your source IP address this way is the preferred way of running this\nscanner.\n\n\n## ABUSE COMPLAINTS\n\nThis scanner is designed for large-scale surveys, of either an organization,\nor of the Internet as a whole. This scanning will be noticed by those \nmonitoring their logs, which will generate complaints.\n\nIf you are scanning your own organization, this may lead to you being fired.\nNever scan outside your local subnet without getting permission from your boss,\nwith a clear written declaration of why you are scanning.\n\nThe same applies to scanning the Internet from your employer. This is another\ngood way to get fired, as your IT department gets flooded with complaints as\nto why your organization is hacking them.\n\nWhen scanning on your own, such as your home Internet or ISP, this will likely\ncause them to cancel your account due to the abuse complaints.\n\nOne solution is to work with your ISP, to be clear about precisely what we are\ndoing, to prove to them that we are researching the Internet, not \"hacking\" it.\nWe have our ISP send the abuse complaints directly to us. For anyone that asks,\nwe add them to our \"--excludefile\", blacklisting them so that we won't scan\nthem again. While interacting with such people, some instead add us to their\nwhitelist, so that their firewalls won't log us anymore (they'll still block\nus, of course, they just won't log that fact to avoid filling up their logs\nwith our scans).\n\nUltimately, I don't know if it's possible to completely solve this problem.\nDespite the Internet being a public, end-to-end network, you are still\n\"guilty until proven innocent\" when you do a scan.\n\n\n## COMPATIBILITY\n\nWhile not listed in this document, a lot of parameters compatible with\n`nmap` will also work. It runs on macOS, Linux, and Windows. It's compiled\nin fairly portable C language. It supports IPv4 and IPv6.\n\n## SEE ALSO\n\nnmap(8), pcap(3)\n\n## AUTHORS\n\nThis tool was written by Robert Graham. The source code is available at\nhttps://github.com/robertdavidgraham/masscan.\n"
},
{
"path": "src/crypto-base64.c",
"content": "#include \"crypto-base64.h\"\n#include \n#include \n#include \n#include \n#include \n\n/*****************************************************************************\n *****************************************************************************/\nsize_t\nbase64_encode(void *vdst, size_t sizeof_dst, \n const void *vsrc, size_t sizeof_src)\n{\n static const char *b64 =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"\n \"abcdefghijklmnopqrstuvwxyz\"\n \"0123456789\"\n \"+/\";\n size_t i = 0;\n size_t d = 0;\n unsigned char *dst = (unsigned char *)vdst;\n const unsigned char *src = (const unsigned char *)vsrc;\n\n /* encode every 3 bytes of source into 4 bytes of destination text */\n while (i + 3 <= sizeof_src) {\n unsigned n;\n \n /* make sure there is enough space */\n if (d + 4 > sizeof_dst)\n return d;\n\n /* convert the chars */\n n = src[i]<<16 | src[i+1]<<8 | src[i+2];\n dst[d+0] = b64[ (n>>18) & 0x3F ];\n dst[d+1] = b64[ (n>>12) & 0x3F ];\n dst[d+2] = b64[ (n>> 6) & 0x3F ];\n dst[d+3] = b64[ (n>> 0) & 0x3F ];\n\n i += 3;\n d += 4;\n }\n\n /* If the source text isn't an even multiple of 3 characters, then we'll\n * have to append a '=' or '==' to the output to compensate */\n if (i + 2 <= sizeof_src && d + 4 <= sizeof_dst) {\n unsigned n = src[i]<<16 | src[i+1]<<8;\n dst[d+0] = b64[ (n>>18) & 0x3F ];\n dst[d+1] = b64[ (n>>12) & 0x3F ];\n dst[d+2] = b64[ (n>> 6) & 0x3F ];\n dst[d+3] = '=';\n d += 4;\n } else if (i + 1 <= sizeof_src && d + 4 <= sizeof_dst) {\n unsigned n = src[i]<<16;\n dst[d+0] = b64[ (n>>18) & 0x3F ];\n dst[d+1] = b64[ (n>>12) & 0x3F ];\n dst[d+2] = '=';\n dst[d+3] = '=';\n d += 4;\n }\n\n return d;\n}\n\n\n/*****************************************************************************\n *****************************************************************************/\nsize_t\nbase64_decode(void *vdst, size_t sizeof_dst, \n const void *vsrc, size_t sizeof_src)\n{\n\tstatic const unsigned char rstr[] = {\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF,\t62,\t\t0xFF, 0xFF, 0xFF,\t63,\n\t\t52,\t\t53,\t\t54,\t\t55,\t\t56,\t\t57,\t\t58,\t\t59,\t\t\n 60,\t\t61,\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0,\t\t1,\t\t2,\t\t3,\t\t4,\t\t5,\t\t6,\t\t\n 7,\t\t8,\t\t9,\t\t10,\t\t11,\t\t12,\t\t13,\t\t14,\n\t\t15,\t\t16,\t\t17,\t\t18,\t\t19,\t\t20,\t\t21,\t\t22,\t\t\n 23,\t\t24,\t\t25,\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF,\t26,\t\t27,\t\t28,\t\t29,\t\t30,\t\t31,\t\t32,\t\t\n 33,\t\t34,\t\t35,\t\t36,\t\t37,\t\t38,\t\t39,\t\t40,\n\t\t41,\t\t42,\t\t43,\t\t44,\t\t45,\t\t46,\t\t47,\t\t48,\t\t\n 49,\t\t50,\t\t51,\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t\t0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n\t};\n size_t i = 0;\n size_t d = 0;\n unsigned char *dst = (unsigned char *)vdst;\n const unsigned char *src = (const unsigned char *)vsrc;\n\n\n\twhile (i < sizeof_src) {\n unsigned b;\n\t\tunsigned c=0;\n\n\t\t/* byte#1 */\n\t\twhile (i 64)\n\t\t\ti++;\n\t\tif (src[i] == '=' || i++ >= sizeof_src)\n\t\t\tbreak;\n\t\tb = (c << 2) & 0xfc;\n\t\n\t\twhile (i 64)\n\t\t\ti++;\n\t\tif (src[i] == '=' || i++ >= sizeof_src)\n\t\t\tbreak;\n\t\tb |= (c>>4) & 0x03;\n\t\tif (d=sizeof_src)\n\t\t\tbreak;\n\n\t\t/* byte#2 */\n\t\tb = (c<<4) & 0xF0;\n\t\twhile (i 64)\n\t\t\t;\n\t\tif (src[i] == '=' || i++ >= sizeof_src)\n\t\t\tbreak;\n\t\tb |= (c>>2) & 0x0F;\n\t\tif (d=sizeof_src)\n\t\t\tbreak;\n\n\t\t/* byte#3*/\n\t\tb = (c<<6) & 0xC0;\n\t\twhile (i 64)\n\t\t\t;\n\t\tif (src[i] == '=' || i++ >= sizeof_src)\n\t\t\tbreak;\n\t\tb |= c;\n\t\tif (d=sizeof_src)\n\t\t\tbreak;\n\t}\n\n\tif (d>16 & 0x7fff;\n}\n\n/*****************************************************************************\n *****************************************************************************/\nint\nbase64_selftest(void)\n{\n char buf[100];\n char buf2[100];\n char buf3[100];\n size_t buf_len;\n size_t buf2_len;\n unsigned i;\n unsigned seed = (unsigned)time(0);\n\n buf_len = base64_encode(buf, sizeof(buf), \"hello\", 5);\n buf2_len = base64_decode(buf2, sizeof(buf2), buf, buf_len);\n if (buf2_len != 5 && memcmp(buf2, \"hello\", 5) != 0) {\n fprintf(stderr, \"base64: selftest failed\\n\");\n return 1;\n }\n\n /*\n * Generate a bunch of random strings, encode them, then decode them,\n * making sure the final result matches the original string\n */\n for (i=0; i<100; i++) {\n unsigned j;\n size_t buf3_len;\n\n /* create a string of random bytes */\n buf_len = r_rand(&seed) % 50;\n for (j=0; j\n\nsize_t base64_decode(void *dst, size_t sizeof_dst, const void *src, size_t sizeof_src);\nsize_t base64_encode(void *dst, size_t sizeof_dst, const void *src, size_t sizeof_src);\n\nint base64_selftest(void);\n\n#endif\n"
},
{
"path": "src/crypto-blackrock.c",
"content": "/*\n BlackRock cipher\n\n (h/t Marsh Ray @marshray for this idea)\n\n This is a randomization/reshuffling function based on a crypto\n \"Feistel network\" as described in the paper:\n\n 'Ciphers with Arbitrary Finite Domains'\n by John Black and Phillip Rogaway\n http://www.cs.ucdavis.edu/~rogaway/papers/subset.pdf\n\n This is a crypto-like construction that encrypts an arbitrary sized\n range. Given a number in the range [0..9999], it'll produce a mapping\n to a distinct different number in the same range (and back again).\n In other words, it randomizes the order of numbers in a sequence.\n\n For example, it can be used to randomize the sequence [0..9]:\n\n 0 -> 6\n 1 -> 4\n 2 -> 8\n 3 -> 1\n 4 -> 9\n 5 -> 3\n 6 -> 0\n 7 -> 5\n 8 -> 2\n 9 -> 7\n\n As you can see on the right hand side, the numbers are in random\n order, and they don't repeat.\n\n This is create for port scanning. We can take an index variable\n and increment it during a scan, then use this function to\n randomize it, yet be assured that we've probed every IP and port\n within the range.\n\n The cryptographic strength of this construction depends upon the\n number of rounds, and the exact nature of the inner \"READ()\" function.\n Because it's a Feistel network, that \"READ()\" function can be almost\n anything.\n\n We don't care about cryptographic strength, just speed, so we are\n using a trivial READ() function.\n\n This is a class of \"format-preserving encryption\". There are\n probably better constructions than what I'm using.\n*/\n#include \"crypto-blackrock.h\"\n#include \"pixie-timer.h\"\n#include \"util-malloc.h\"\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#if defined(_MSC_VER)\n#define inline _inline\n#endif\n\n/***************************************************************************\n * It's an s-box. You gotta have an s-box\n ***************************************************************************/\nconst unsigned char sbox[256] = {\n0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,\n0x57, 0xdd, 0x8c, 0xf2, 0x29, 0x5a, 0x08, 0x9f,\n0x49, 0x34, 0xce, 0x99, 0x9e, 0xbf, 0x0f, 0x81,\n0xd4, 0x2f, 0x92, 0x3f, 0x95, 0xf5, 0x23, 0x00,\n0x0d, 0x3e, 0xa8, 0x90, 0x98, 0xdd, 0x20, 0x00,\n0x03, 0x69, 0x0a, 0xca, 0xba, 0x12, 0x08, 0x41,\n0x6e, 0xb9, 0x86, 0xe4, 0x50, 0xf0, 0x84, 0xe2,\n0xb3, 0xb3, 0xc8, 0xb5, 0xb2, 0x2d, 0x18, 0x70,\n\n0x0a, 0xd7, 0x92, 0x90, 0x9e, 0x1e, 0x0c, 0x1f,\n0x08, 0xe8, 0x06, 0xfd, 0x85, 0x2f, 0xaa, 0x5d,\n0xcf, 0xf9, 0xe3, 0x55, 0xb9, 0xfe, 0xa6, 0x7f,\n0x44, 0x3b, 0x4a, 0x4f, 0xc9, 0x2f, 0xd2, 0xd3,\n0x8e, 0xdc, 0xae, 0xba, 0x4f, 0x02, 0xb4, 0x76,\n0xba, 0x64, 0x2d, 0x07, 0x9e, 0x08, 0xec, 0xbd,\n0x52, 0x29, 0x07, 0xbb, 0x9f, 0xb5, 0x58, 0x6f,\n0x07, 0x55, 0xb0, 0x34, 0x74, 0x9f, 0x05, 0xb2,\n\n0xdf, 0xa9, 0xc6, 0x2a, 0xa3, 0x5d, 0xff, 0x10,\n0x40, 0xb3, 0xb7, 0xb4, 0x63, 0x6e, 0xf4, 0x3e,\n0xee, 0xf6, 0x49, 0x52, 0xe3, 0x11, 0xb3, 0xf1,\n0xfb, 0x60, 0x48, 0xa1, 0xa4, 0x19, 0x7a, 0x2e,\n0x90, 0x28, 0x90, 0x8d, 0x5e, 0x8c, 0x8c, 0xc4,\n0xf2, 0x4a, 0xf6, 0xb2, 0x19, 0x83, 0xea, 0xed,\n0x6d, 0xba, 0xfe, 0xd8, 0xb6, 0xa3, 0x5a, 0xb4,\n0x48, 0xfa, 0xbe, 0x5c, 0x69, 0xac, 0x3c, 0x8f,\n\n0x63, 0xaf, 0xa4, 0x42, 0x25, 0x50, 0xab, 0x65,\n0x80, 0x65, 0xb9, 0xfb, 0xc7, 0xf2, 0x2d, 0x5c,\n0xe3, 0x4c, 0xa4, 0xa6, 0x8e, 0x07, 0x9c, 0xeb,\n0x41, 0x93, 0x65, 0x44, 0x4a, 0x86, 0xc1, 0xf6,\n0x2c, 0x97, 0xfd, 0xf4, 0x6c, 0xdc, 0xe1, 0xe0,\n0x28, 0xd9, 0x89, 0x7b, 0x09, 0xe2, 0xa0, 0x38,\n0x74, 0x4a, 0xa6, 0x5e, 0xd2, 0xe2, 0x4d, 0xf3,\n0xf4, 0xc6, 0xbc, 0xa2, 0x51, 0x58, 0xe8, 0xae,\n};\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nblackrock_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds)\n{\n double foo = sqrt(range * 1.0);\n\n /* This algorithm gets very non-random at small numbers, so I'm going\n * to try to fix some constants here to make it work. It doesn't have\n * to be good, since it's kinda pointless having ranges this small */\n switch (range) {\n case 0:\n br->a = 0;\n br->b = 0;\n break;\n case 1:\n br->a = 1;\n br->b = 1;\n break;\n case 2:\n br->a = 1;\n br->b = 2;\n break;\n case 3:\n br->a = 2;\n br->b = 2;\n break;\n case 4:\n case 5:\n case 6:\n br->a = 2;\n br->b = 3;\n break;\n case 7:\n case 8:\n br->a = 3;\n br->b = 3;\n break;\n default:\n br->range = range;\n br->a = (uint64_t)(foo - 2);\n br->b = (uint64_t)(foo + 3);\n break;\n }\n\n while (br->a * br->b <= range)\n br->b++;\n\n br->rounds = rounds;\n br->seed = seed;\n br->range = range;\n}\n\n\n/***************************************************************************\n * The inner round/mixer function. In DES, it's a series of S-box lookups,\n * which \n ***************************************************************************/\nstatic inline uint64_t\nREAD(uint64_t r, uint64_t R, uint64_t seed)\n{\n uint64_t r0, r1, r2, r3;\n\n#define GETBYTE(R,n) ((((R)>>(n*8))^seed^r)&0xFF)\n\n R ^= (seed << r) ^ (seed >> (64 - r));\n\n r0 = sbox[GETBYTE(R,0)]<< 0 | sbox[GETBYTE(R,1)]<< 8;\n r1 = (sbox[GETBYTE(R,2)]<<16UL | sbox[GETBYTE(R,3)]<<24UL)&0x0ffffFFFFUL;\n r2 = sbox[GETBYTE(R,4)]<< 0 | sbox[GETBYTE(R,5)]<< 8;\n r3 = (sbox[GETBYTE(R,6)]<<16UL | sbox[GETBYTE(R,7)]<<24UL)&0x0ffffFFFFUL;\n\n R = r0 ^ r1 ^ r2<<23UL ^ r3<<33UL;\n\n return R;\n}\n\n\n/***************************************************************************\n *\n * NOTE:\n * the names in this function are cryptic in order to match as closely\n * as possible the pseudocode in the following paper:\n * http://www.cs.ucdavis.edu/~rogaway/papers/subset.pdf\n * Read that paper in order to understand this code.\n ***************************************************************************/\nstatic inline uint64_t\nENCRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)\n{\n uint64_t L, R;\n unsigned j;\n uint64_t tmp;\n\n L = m % a;\n R = m / a;\n\n for (j=1; j<=r; j++) {\n if (j & 1) {\n tmp = (L + READ(j, R, seed)) % a;\n } else {\n tmp = (L + READ(j, R, seed)) % b;\n }\n L = R;\n R = tmp;\n }\n if (r & 1) {\n return a * L + R;\n } else {\n return a * R + L;\n }\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic inline uint64_t\nUNENCRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)\n{\n uint64_t L, R;\n unsigned j;\n uint64_t tmp;\n\n if (r & 1) {\n R = m % a;\n L = m / a;\n } else {\n L = m % a;\n R = m / a;\n }\n\n for (j=r; j>=1; j--) {\n if (j & 1) {\n tmp = READ(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = a - (tmp%a);\n if (tmp == a)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= a;\n }\n } else {\n tmp = READ(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = b - (tmp%b);\n if (tmp == b)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= b;\n }\n }\n R = L;\n L = tmp;\n }\n return a * R + L;\n}\n\n/***************************************************************************\n ***************************************************************************/\nuint64_t\nblackrock_shuffle(const struct BlackRock *br, uint64_t m)\n{\n uint64_t c;\n\n c = ENCRYPT(br->rounds, br->a, br->b, m, br->seed);\n while (c >= br->range)\n c = ENCRYPT(br->rounds, br->a, br->b, c, br->seed);\n\n return c;\n}\n\n/***************************************************************************\n ***************************************************************************/\nuint64_t\nblackrock_unshuffle(const struct BlackRock *br, uint64_t m)\n{\n uint64_t c;\n\n c = UNENCRYPT(br->rounds, br->a, br->b, m, br->seed);\n while (c >= br->range)\n c = UNENCRYPT(br->rounds, br->a, br->b, c, br->seed);\n\n return c;\n}\n\n\n/***************************************************************************\n * This function called only during selftest/regression-test.\n ***************************************************************************/\nstatic unsigned\nblackrock_verify(struct BlackRock *br, uint64_t max)\n{\n unsigned char *list;\n uint64_t i;\n unsigned is_success = 1;\n uint64_t range = br->range;\n\n /* Allocate a list of 1-byte counters */\n list = CALLOC(1, (size_t)((range\n\nstruct BlackRock {\n uint64_t range;\n uint64_t a;\n uint64_t b;\n uint64_t seed;\n unsigned rounds;\n uint64_t a_bits;\n uint64_t a_mask;\n uint64_t b_bits;\n uint64_t b_mask;\n};\n\n/**\n * Initializes a structure for shuffling numbers within\n * a range.\n *\n * @param range\n * The size of the range of numbers needing to be\n * shuffled/randomized.\n */\nvoid\nblackrock_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds);\nvoid\nblackrock2_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds);\n\n/**\n * Given a number within a range, produce a different number with\n * the same range. There is a 1-to-1 mapping between the two,\n * so when linearly incrementing through the range, the output\n * of this function won't repeat. In other words, encrypt the index variable.\n * @param br\n * The randomization parameters created with 'blackrock_init()'\n * @param index\n * An input within the specified range. We call it an 'index' variable\n * because that's how we intend to use this function, shuffling a\n * monotonically increasing index variable, but in truth, any sort\n * of integer can be used. This must be within the 'range' specified\n * during the call to blackrock_init(), or the results are undefined.\n * @return\n * A one-to-one matching index that's in the same range.\n */\nuint64_t\nblackrock_shuffle(const struct BlackRock *br, uint64_t index);\nuint64_t\nblackrock2_shuffle(const struct BlackRock *br, uint64_t index);\n\n/**\n * The reverse of the shuffle function above: given the shuffled/encrypted\n * integer, return the original index value before the shuffling/encryption.\n */\nuint64_t\nblackrock_unshuffle(const struct BlackRock *br, uint64_t m);\nuint64_t\nblackrock2_unshuffle(const struct BlackRock *br, uint64_t m);\n\n\n/**\n * Do a regression test.\n * @return\n * 0 of the regression test succeeds or non-zero if it fails\n */\nint\nblackrock_selftest(void);\nint\nblackrock2_selftest(void);\n\n/**\n * Do a benchmark of this module regression test.\n */\nvoid\nblackrock_benchmark(unsigned rounds);\nvoid\nblackrock2_benchmark(unsigned rounds);\n\n#endif\n"
},
{
"path": "src/crypto-blackrock2.c",
"content": "#include \"crypto-blackrock.h\"\n#include \"pixie-timer.h\"\n#include \"unusedparm.h\"\n#include \"util-malloc.h\"\n#include \"util-safefunc.h\"\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#if defined(_MSC_VER)\n#define inline _inline\n#endif\n\n/*\n * Expanded DES S-boxes\n */\nstatic const uint32_t SB1[64] =\n{\n 0x01010400, 0x00000000, 0x00010000, 0x01010404,\n 0x01010004, 0x00010404, 0x00000004, 0x00010000,\n 0x00000400, 0x01010400, 0x01010404, 0x00000400,\n 0x01000404, 0x01010004, 0x01000000, 0x00000004,\n 0x00000404, 0x01000400, 0x01000400, 0x00010400,\n 0x00010400, 0x01010000, 0x01010000, 0x01000404,\n 0x00010004, 0x01000004, 0x01000004, 0x00010004,\n 0x00000000, 0x00000404, 0x00010404, 0x01000000,\n 0x00010000, 0x01010404, 0x00000004, 0x01010000,\n 0x01010400, 0x01000000, 0x01000000, 0x00000400,\n 0x01010004, 0x00010000, 0x00010400, 0x01000004,\n 0x00000400, 0x00000004, 0x01000404, 0x00010404,\n 0x01010404, 0x00010004, 0x01010000, 0x01000404,\n 0x01000004, 0x00000404, 0x00010404, 0x01010400,\n 0x00000404, 0x01000400, 0x01000400, 0x00000000,\n 0x00010004, 0x00010400, 0x00000000, 0x01010004\n};\n\nstatic const uint32_t SB2[64] =\n{\n 0x80108020, 0x80008000, 0x00008000, 0x00108020,\n 0x00100000, 0x00000020, 0x80100020, 0x80008020,\n 0x80000020, 0x80108020, 0x80108000, 0x80000000,\n 0x80008000, 0x00100000, 0x00000020, 0x80100020,\n 0x00108000, 0x00100020, 0x80008020, 0x00000000,\n 0x80000000, 0x00008000, 0x00108020, 0x80100000,\n 0x00100020, 0x80000020, 0x00000000, 0x00108000,\n 0x00008020, 0x80108000, 0x80100000, 0x00008020,\n 0x00000000, 0x00108020, 0x80100020, 0x00100000,\n 0x80008020, 0x80100000, 0x80108000, 0x00008000,\n 0x80100000, 0x80008000, 0x00000020, 0x80108020,\n 0x00108020, 0x00000020, 0x00008000, 0x80000000,\n 0x00008020, 0x80108000, 0x00100000, 0x80000020,\n 0x00100020, 0x80008020, 0x80000020, 0x00100020,\n 0x00108000, 0x00000000, 0x80008000, 0x00008020,\n 0x80000000, 0x80100020, 0x80108020, 0x00108000\n};\n\nstatic const uint32_t SB3[64] =\n{\n 0x00000208, 0x08020200, 0x00000000, 0x08020008,\n 0x08000200, 0x00000000, 0x00020208, 0x08000200,\n 0x00020008, 0x08000008, 0x08000008, 0x00020000,\n 0x08020208, 0x00020008, 0x08020000, 0x00000208,\n 0x08000000, 0x00000008, 0x08020200, 0x00000200,\n 0x00020200, 0x08020000, 0x08020008, 0x00020208,\n 0x08000208, 0x00020200, 0x00020000, 0x08000208,\n 0x00000008, 0x08020208, 0x00000200, 0x08000000,\n 0x08020200, 0x08000000, 0x00020008, 0x00000208,\n 0x00020000, 0x08020200, 0x08000200, 0x00000000,\n 0x00000200, 0x00020008, 0x08020208, 0x08000200,\n 0x08000008, 0x00000200, 0x00000000, 0x08020008,\n 0x08000208, 0x00020000, 0x08000000, 0x08020208,\n 0x00000008, 0x00020208, 0x00020200, 0x08000008,\n 0x08020000, 0x08000208, 0x00000208, 0x08020000,\n 0x00020208, 0x00000008, 0x08020008, 0x00020200\n};\n\nstatic const uint32_t SB4[64] =\n{\n 0x00802001, 0x00002081, 0x00002081, 0x00000080,\n 0x00802080, 0x00800081, 0x00800001, 0x00002001,\n 0x00000000, 0x00802000, 0x00802000, 0x00802081,\n 0x00000081, 0x00000000, 0x00800080, 0x00800001,\n 0x00000001, 0x00002000, 0x00800000, 0x00802001,\n 0x00000080, 0x00800000, 0x00002001, 0x00002080,\n 0x00800081, 0x00000001, 0x00002080, 0x00800080,\n 0x00002000, 0x00802080, 0x00802081, 0x00000081,\n 0x00800080, 0x00800001, 0x00802000, 0x00802081,\n 0x00000081, 0x00000000, 0x00000000, 0x00802000,\n 0x00002080, 0x00800080, 0x00800081, 0x00000001,\n 0x00802001, 0x00002081, 0x00002081, 0x00000080,\n 0x00802081, 0x00000081, 0x00000001, 0x00002000,\n 0x00800001, 0x00002001, 0x00802080, 0x00800081,\n 0x00002001, 0x00002080, 0x00800000, 0x00802001,\n 0x00000080, 0x00800000, 0x00002000, 0x00802080\n};\n\nstatic const uint32_t SB5[64] =\n{\n 0x00000100, 0x02080100, 0x02080000, 0x42000100,\n 0x00080000, 0x00000100, 0x40000000, 0x02080000,\n 0x40080100, 0x00080000, 0x02000100, 0x40080100,\n 0x42000100, 0x42080000, 0x00080100, 0x40000000,\n 0x02000000, 0x40080000, 0x40080000, 0x00000000,\n 0x40000100, 0x42080100, 0x42080100, 0x02000100,\n 0x42080000, 0x40000100, 0x00000000, 0x42000000,\n 0x02080100, 0x02000000, 0x42000000, 0x00080100,\n 0x00080000, 0x42000100, 0x00000100, 0x02000000,\n 0x40000000, 0x02080000, 0x42000100, 0x40080100,\n 0x02000100, 0x40000000, 0x42080000, 0x02080100,\n 0x40080100, 0x00000100, 0x02000000, 0x42080000,\n 0x42080100, 0x00080100, 0x42000000, 0x42080100,\n 0x02080000, 0x00000000, 0x40080000, 0x42000000,\n 0x00080100, 0x02000100, 0x40000100, 0x00080000,\n 0x00000000, 0x40080000, 0x02080100, 0x40000100\n};\n\nstatic const uint32_t SB6[64] =\n{\n 0x20000010, 0x20400000, 0x00004000, 0x20404010,\n 0x20400000, 0x00000010, 0x20404010, 0x00400000,\n 0x20004000, 0x00404010, 0x00400000, 0x20000010,\n 0x00400010, 0x20004000, 0x20000000, 0x00004010,\n 0x00000000, 0x00400010, 0x20004010, 0x00004000,\n 0x00404000, 0x20004010, 0x00000010, 0x20400010,\n 0x20400010, 0x00000000, 0x00404010, 0x20404000,\n 0x00004010, 0x00404000, 0x20404000, 0x20000000,\n 0x20004000, 0x00000010, 0x20400010, 0x00404000,\n 0x20404010, 0x00400000, 0x00004010, 0x20000010,\n 0x00400000, 0x20004000, 0x20000000, 0x00004010,\n 0x20000010, 0x20404010, 0x00404000, 0x20400000,\n 0x00404010, 0x20404000, 0x00000000, 0x20400010,\n 0x00000010, 0x00004000, 0x20400000, 0x00404010,\n 0x00004000, 0x00400010, 0x20004010, 0x00000000,\n 0x20404000, 0x20000000, 0x00400010, 0x20004010\n};\n\nstatic const uint32_t SB7[64] =\n{\n 0x00200000, 0x04200002, 0x04000802, 0x00000000,\n 0x00000800, 0x04000802, 0x00200802, 0x04200800,\n 0x04200802, 0x00200000, 0x00000000, 0x04000002,\n 0x00000002, 0x04000000, 0x04200002, 0x00000802,\n 0x04000800, 0x00200802, 0x00200002, 0x04000800,\n 0x04000002, 0x04200000, 0x04200800, 0x00200002,\n 0x04200000, 0x00000800, 0x00000802, 0x04200802,\n 0x00200800, 0x00000002, 0x04000000, 0x00200800,\n 0x04000000, 0x00200800, 0x00200000, 0x04000802,\n 0x04000802, 0x04200002, 0x04200002, 0x00000002,\n 0x00200002, 0x04000000, 0x04000800, 0x00200000,\n 0x04200800, 0x00000802, 0x00200802, 0x04200800,\n 0x00000802, 0x04000002, 0x04200802, 0x04200000,\n 0x00200800, 0x00000000, 0x00000002, 0x04200802,\n 0x00000000, 0x00200802, 0x04200000, 0x00000800,\n 0x04000002, 0x04000800, 0x00000800, 0x00200002\n};\n\nstatic const uint32_t SB8[64] =\n{\n 0x10001040, 0x00001000, 0x00040000, 0x10041040,\n 0x10000000, 0x10001040, 0x00000040, 0x10000000,\n 0x00040040, 0x10040000, 0x10041040, 0x00041000,\n 0x10041000, 0x00041040, 0x00001000, 0x00000040,\n 0x10040000, 0x10000040, 0x10001000, 0x00001040,\n 0x00041000, 0x00040040, 0x10040040, 0x10041000,\n 0x00001040, 0x00000000, 0x00000000, 0x10040040,\n 0x10000040, 0x10001000, 0x00041040, 0x00040000,\n 0x00041040, 0x00040000, 0x10041000, 0x00001000,\n 0x00000040, 0x10040040, 0x00001000, 0x00041040,\n 0x10001000, 0x00000040, 0x10000040, 0x10040000,\n 0x10040040, 0x10000000, 0x00040000, 0x10001040,\n 0x00000000, 0x10041040, 0x00040040, 0x10000040,\n 0x10040000, 0x10001000, 0x10001040, 0x00000000,\n 0x10041040, 0x00041000, 0x00041000, 0x00001040,\n 0x00001040, 0x00040040, 0x10000000, 0x10041000\n};\n/***************************************************************************\n * It's an s-box. You gotta have an s-box\n ***************************************************************************/\nconst unsigned char sbox2[] = {\n0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,\n0x57, 0xdd, 0x8c, 0xf2, 0x29, 0x5a, 0x08, 0x9f,\n0x49, 0x34, 0xce, 0x99, 0x9e, 0xbf, 0x0f, 0x81,\n0xd4, 0x2f, 0x92, 0x3f, 0x95, 0xf5, 0x23, 0x00,\n0x0d, 0x3e, 0xa8, 0x90, 0x98, 0xdd, 0x20, 0x00,\n0x03, 0x69, 0x0a, 0xca, 0xba, 0x12, 0x08, 0x41,\n0x6e, 0xb9, 0x86, 0xe4, 0x50, 0xf0, 0x84, 0xe2,\n0xb3, 0xb3, 0xc8, 0xb5, 0xb2, 0x2d, 0x18, 0x70,\n\n0x0a, 0xd7, 0x92, 0x90, 0x9e, 0x1e, 0x0c, 0x1f,\n0x08, 0xe8, 0x06, 0xfd, 0x85, 0x2f, 0xaa, 0x5d,\n0xcf, 0xf9, 0xe3, 0x55, 0xb9, 0xfe, 0xa6, 0x7f,\n0x44, 0x3b, 0x4a, 0x4f, 0xc9, 0x2f, 0xd2, 0xd3,\n0x8e, 0xdc, 0xae, 0xba, 0x4f, 0x02, 0xb4, 0x76,\n0xba, 0x64, 0x2d, 0x07, 0x9e, 0x08, 0xec, 0xbd,\n0x52, 0x29, 0x07, 0xbb, 0x9f, 0xb5, 0x58, 0x6f,\n0x07, 0x55, 0xb0, 0x34, 0x74, 0x9f, 0x05, 0xb2,\n\n0xdf, 0xa9, 0xc6, 0x2a, 0xa3, 0x5d, 0xff, 0x10,\n0x40, 0xb3, 0xb7, 0xb4, 0x63, 0x6e, 0xf4, 0x3e,\n0xee, 0xf6, 0x49, 0x52, 0xe3, 0x11, 0xb3, 0xf1,\n0xfb, 0x60, 0x48, 0xa1, 0xa4, 0x19, 0x7a, 0x2e,\n0x90, 0x28, 0x90, 0x8d, 0x5e, 0x8c, 0x8c, 0xc4,\n0xf2, 0x4a, 0xf6, 0xb2, 0x19, 0x83, 0xea, 0xed,\n0x6d, 0xba, 0xfe, 0xd8, 0xb6, 0xa3, 0x5a, 0xb4,\n0x48, 0xfa, 0xbe, 0x5c, 0x69, 0xac, 0x3c, 0x8f,\n\n0x63, 0xaf, 0xa4, 0x42, 0x25, 0x50, 0xab, 0x65,\n0x80, 0x65, 0xb9, 0xfb, 0xc7, 0xf2, 0x2d, 0x5c,\n0xe3, 0x4c, 0xa4, 0xa6, 0x8e, 0x07, 0x9c, 0xeb,\n0x41, 0x93, 0x65, 0x44, 0x4a, 0x86, 0xc1, 0xf6,\n0x2c, 0x97, 0xfd, 0xf4, 0x6c, 0xdc, 0xe1, 0xe0,\n0x28, 0xd9, 0x89, 0x7b, 0x09, 0xe2, 0xa0, 0x38,\n0x74, 0x4a, 0xa6, 0x5e, 0xd2, 0xe2, 0x4d, 0xf3,\n0xf4, 0xc6, 0xbc, 0xa2, 0x51, 0x58, 0xe8, 0xae,\n\n0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,\n};\n\n\n/****************************************************************************\n * Given a number, figure out the nearest power-of-two (16,32,64,128,etc.)\n * that can hold that number. We do this so that we can convert multiplies\n * into shifts.\n ****************************************************************************/\nstatic uint64_t\nnext_power_of_two(uint64_t num)\n{\n uint64_t power_of_two = 1;\n\n num++;\n\n while ((uint64_t)(1ULL << power_of_two) < num)\n power_of_two++;\n\n return (1ULL << power_of_two);\n}\nstatic uint64_t\nbit_count(uint64_t num)\n{\n uint64_t bits = 0;\n\n while ((num >> bits) > 1)\n bits++;\n\n return bits;\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nblackrock2_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds)\n{\n uint64_t a;\n uint64_t b;\n\n a = next_power_of_two(\n (uint64_t)sqrt(range * 1.0)\n );\n b = next_power_of_two(range/a);\n\n //printf(\"a=%llu b=%llu seed = 0x%llu\\n\", a, b, seed);\n\n br->range = range;\n\n br->a = a;\n br->a_bits = bit_count(br->a);\n br->a_mask = br->a - 1ULL;\n\n br->b = b;\n br->b_bits = bit_count(br->b);\n br->b_mask = br->b - 1ULL;\n\n //printf(\"a: 0x%llx / %llu\\n\", br->a_mask, br->a_bits);\n //printf(\"b: 0x%llx / %llu\\n\", br->b_mask, br->b_bits);\n\n br->rounds = rounds;\n br->seed = seed;\n br->range = range;\n}\n\n\n/***************************************************************************\n * The inner round/mixer function. In DES, it's a series of S-box lookups,\n * which \n ***************************************************************************/\nstatic inline uint64_t\nROUND(uint64_t r, uint64_t R, uint64_t seed)\n{\n#define GETBYTE(R,n) ((uint64_t)(((((R)>>(n*8ULL)))&0xFFULL)))\n#if 0 \n uint64_t r0, r1, r2, r3;\n#endif\n uint64_t T, Y;\n\n T = R ^ ((seed>>r) | (seed<<(64-r)));\n\n\n if (r & 1) {\n Y = SB8[ (T ) & 0x3F ] ^ \\\n SB6[ (T >> 8) & 0x3F ] ^ \\\n SB4[ (T >> 16) & 0x3F ] ^ \\\n SB2[ (T >> 24) & 0x3F ]; \\\n } else {\n Y = SB7[ (T ) & 0x3F ] ^ \\\n SB5[ (T >> 8) & 0x3F ] ^ \\\n SB3[ (T >> 16) & 0x3F ] ^ \\\n SB1[ (T >> 24) & 0x3F ]; \n }\n return Y;\n#if 0\n r0 = sbox2[GETBYTE(R,0)]<< 6 | sbox2[GETBYTE(R,1)]<< 0;\n r1 = sbox2[GETBYTE(R,2)]<< 6 | sbox2[GETBYTE(R,5)]<< 0;\n r2 = sbox2[GETBYTE(R,4)]<< 6 | sbox2[GETBYTE(R,5)]<< 0;\n r3 = sbox2[GETBYTE(R,6)]<< 6 | sbox2[GETBYTE(R,7)]<< 0;\n\n R = r0 ^ (r1<<12) * (r2 << 24) ^ (r3 << 36) * r;\n\n return R;\n /*return((uint64_t)sbox2[GETBYTE(R,7ULL)]<< 0ULL)\n | ((uint64_t)sbox2[GETBYTE(R,6ULL)]<< 8ULL)\n | ((uint64_t)sbox2[GETBYTE(R,5ULL)]<<16ULL)\n | ((uint64_t)sbox2[GETBYTE(R,4ULL)]<<24ULL)\n | ((uint64_t)sbox2[GETBYTE(R,3ULL)]<<32ULL)\n | ((uint64_t)sbox2[GETBYTE(R,2ULL)]<<40ULL)\n | ((uint64_t)sbox2[GETBYTE(R,1ULL)]<<48ULL)\n | ((uint64_t)sbox2[GETBYTE(R,0ULL)]<<56ULL)\n ;*/\n return R;\n#endif\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic inline uint64_t\nENCRYPT(unsigned r, uint64_t a_bits, uint64_t a_mask, uint64_t b_bits, uint64_t b_mask, uint64_t m, uint64_t seed)\n{\n uint64_t L, R;\n unsigned j = 1;\n uint64_t tmp;\n\n UNUSEDPARM(b_bits);\n\n L = m & a_mask;\n R = m >> a_bits;\n\n for (j=1; j<=r; j++) {\n tmp = (L + ROUND(j, R, seed)) & a_mask;\n L = R;\n R = tmp;\n j++;\n\n tmp = (L + ROUND(j, R, seed)) & b_mask;\n L = R;\n R = tmp;\n }\n\n if ((j-1) & 1) {\n return (L << (a_bits)) + R;\n } else {\n return (R << (a_bits)) + L;\n }\n}\nstatic inline uint64_t\nDECRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)\n{\n uint64_t L, R;\n unsigned j;\n uint64_t tmp;\n\n if (r & 1) {\n R = m % a;\n L = m / a;\n } else {\n L = m % a;\n R = m / a;\n }\n\n for (j=r; j>=1; j--) {\n if (j & 1) {\n tmp = ROUND(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = a - (tmp%a);\n if (tmp == a)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= a;\n }\n } else {\n tmp = ROUND(j, L, seed);\n if (tmp > R) {\n tmp = (tmp - R);\n tmp = b - (tmp%b);\n if (tmp == b)\n tmp = 0;\n } else {\n tmp = (R - tmp);\n tmp %= b;\n }\n }\n R = L;\n L = tmp;\n }\n return a * R + L;\n}\n\n/***************************************************************************\n ***************************************************************************/\nuint64_t\nblackrock2_shuffle(const struct BlackRock *br, uint64_t m)\n{\n uint64_t c;\n\n c = ENCRYPT(br->rounds, br->a_bits, br->a_mask, br->b_bits, br->b_mask, m, br->seed);\n while (c >= br->range)\n c = ENCRYPT(br->rounds, br->a_bits, br->a_mask, br->b_bits, br->b_mask, c, br->seed);\n\n return c;\n}\n\n/***************************************************************************\n ***************************************************************************/\nuint64_t\nblackrock2_unshuffle(const struct BlackRock *br, uint64_t m)\n{\n uint64_t c;\n\n c = DECRYPT(br->rounds, br->a, br->b, m, br->seed);\n while (c >= br->range)\n c = DECRYPT(br->rounds, br->a, br->b, c, br->seed);\n\n return c;\n}\n\n\n/***************************************************************************\n * This function called only during selftest/regression-test.\n ***************************************************************************/\nstatic unsigned\nverify(struct BlackRock *br, uint64_t max)\n{\n unsigned char *list;\n uint64_t i;\n unsigned is_success = 1;\n uint64_t range = br->range;\n\n /* Allocate a list of 1-byte counters */\n list = CALLOC(1, (size_t)((range /* for 'sqrt()', may need -lm for gcc */\n#include \n#include \n#include \n#include \n#include \n\n\n\n/**\n * A 64 bit number can't have more than 16 prime factors. The first factors\n * are:\n * 2*3*5*7*11*13*17*19*23*29*31*37*41*43*47*53 = 0xC443F2F861D29C3A\n * 0123456789abcdef\n * We zero termiante this list, so we are going to reserve 20 slots.\n */\ntypedef uint64_t PRIMEFACTORS[20];\n\n\n/****************************************************************************\n * Break down the number into prime factors using DJB's sieve code, which\n * is about 5 to 10 times faster than the Sieve of Eratosthenes.\n *\n * @param number\n * The integer that we are factoring. It can be any value up to 64 bits\n * in size.\n * @param factors\n * The list of all the prime factors, zero terminated.\n * @param non_factors\n * A list of smallest numbers that aren't prime factors. We return\n * this because we are going to use prime non-factors for finding\n * interesting numbers.\n ****************************************************************************/\nstatic unsigned\nsieve_prime_factors(uint64_t number, PRIMEFACTORS factors,\n PRIMEFACTORS non_factors, double *elapsed)\n{\n primegen pg;\n clock_t start;\n clock_t stop;\n uint64_t prime;\n uint64_t max;\n unsigned factor_count = 0;\n unsigned non_factor_count = 0;\n\n /*\n * We only need to sieve up to the square-root of the target number. Only\n * one prime factor can be bigger than the square root, so once we find\n * all the other primes, the square root is the only one left.\n * Note: you have to link to the 'm' math library for some gcc platforms.\n */\n max = (uint64_t)sqrt(number + 1.0);\n\n /*\n * Init the DJB primegen library.\n */\n primegen_init(&pg);\n\n /*\n * Enumerate all the primes starting with 2\n */\n start = clock();\n for (;;) {\n\n /* Sieve the next prime */\n prime = primegen_next(&pg);\n\n /* If we've reached the square root, then that's as far as we need\n * to go */\n if (prime > max)\n break;\n\n /* If this prime is not a factor (evenly divisible with no remainder)\n * then loop back and get the next prime */\n if ((number % prime) != 0) {\n if (non_factor_count < 12)\n non_factors[non_factor_count++] = prime;\n continue;\n }\n\n /* Else we've found a prime factor, so add this to the list of primes */\n factors[factor_count++] = prime;\n\n /* At the end, we may have one prime factor left that's bigger than the\n * sqrt. Therefore, as we go along, divide the original number\n * (possibly several times) by the prime factor so that this large\n * remaining factor will be the only one left */\n while ((number % prime) == 0)\n number /= prime;\n\n /* exit early if we've found all prime factors. comment out this\n * code if you want to benchmark it */\n if (number == 1 && non_factor_count > 10)\n break;\n }\n\n /*\n * See if there is one last prime that's bigger than the square root.\n * Note: This is the only number that can be larger than 32-bits in the\n * way this code is written.\n */\n if (number != 1)\n factors[factor_count++] = number;\n\n /*\n * Zero terminate the results.\n */\n factors[factor_count] = 0;\n non_factors[non_factor_count] = 0;\n\n /*\n * Since prime factorization takes a long time, especially on slow\n * CPUs, we benchmark it to keep track of performance.\n */\n stop = clock();\n if (elapsed)\n *elapsed = ((double)stop - (double)start)/(double)CLOCKS_PER_SEC;\n\n /* should always be at least 1, because if the number itself is prime,\n * then that's it's only prime factor */\n return factor_count;\n}\n\n\n\n/****************************************************************************\n * Do a pseudo-random 1-to-1 translation of a number within a range to\n * another number in that range.\n *\n * The constants 'a' and 'c' must be chosen to match the LCG algorithm\n * to fit 'm' (range).\n *\n * This the same as the function 'rand()', except all the constants and\n * seeds are specified as parameters.\n *\n * @param index\n * The index within the range that we are randomizing.\n * @param a\n * The 'multiplier' of the LCG algorithm.\n * @param c\n * The 'increment' of the LCG algorithm.\n * @param range\n * The 'modulus' of the LCG algorithm.\n ****************************************************************************/\nuint64_t\nlcg_rand(uint64_t index, uint64_t a, uint64_t c, uint64_t range)\n{\n return (index * a + c) % range;\n}\n\n\n/****************************************************************************\n * Verify the LCG algorithm. You shouldn't do this for large ranges,\n * because we'll run out of memory. Therefore, this algorithm allocates\n * a buffer only up to a smaller range. We still have to traverse the\n * entire range of numbers, but we only need store values for a smaller\n * range. If 10% of the range checks out, then there's a good chance\n * it applies to the other 90% as well.\n *\n * This works by counting the results of rand(), which should be produced\n * exactly once.\n ****************************************************************************/\nstatic unsigned\nlcg_verify(uint64_t a, uint64_t c, uint64_t range, uint64_t max)\n{\n unsigned char *list;\n uint64_t i;\n unsigned is_success = 1;\n\n /* Allocate a list of 1-byte counters */\n list = CALLOC(1, (size_t)((range= 70) {\n count = 0;\n printf(\"\\n\");\n }\n }\n printf(\"\\n\");\n }\n }\n\n *out_a = a;\n *inout_c = c;\n}\n\n/***************************************************************************\n ***************************************************************************/\nint\nlcg_selftest(void)\n{\n unsigned i;\n int is_success = 0;\n uint64_t m, a, c;\n\n\n m = 3015 * 3;\n\n for (i=0; i<5; i++) {\n a = 0;\n c = 0;\n\n m += 10 + i;\n\n lcg_calculate_constants(m, &a, &c, 0);\n\n is_success = lcg_verify(a, c, m, m);\n\n if (!is_success) {\n fprintf(stderr, \"LCG: randomization failed\\n\");\n return 1; /*fail*/\n }\n }\n\n return 0; /*success*/\n}\n"
},
{
"path": "src/crypto-lcg.h",
"content": "#ifndef RAND_LCG_H\n#define RAND_LCG_H\n#include \n\n\nvoid\nlcg_calculate_constants(uint64_t m, uint64_t *out_a, uint64_t *inout_c, int is_debug);\n\nuint64_t\nlcg_rand(uint64_t index, uint64_t a, uint64_t c, uint64_t range);\n\n/**\n * Performs a regression test on this module.\n * @return\n * 0 on success, or a positive integer on failure\n */\nint\nlcg_selftest(void);\n\n#endif\n"
},
{
"path": "src/crypto-primegen.c",
"content": "/*\n This is DJB's code for calculating primes, with a few modifications,\n such as making it work with Microsoft's compiler on Windows, and\n getting rid of warnings.\n*/\n#include \"crypto-primegen.h\"\n\n/*\nB is 32 times X.\nTotal memory use for one generator is 2B bytes = 64X bytes.\nCovers primes in an interval of length 1920X.\nWorking set size for one generator is B bits = 4X bytes.\n\nSpeedup by a factor of 2 or 3 for L1 cache instead of L2 cache.\nSlowdown by a factor of roughly n for primes past (nB)^2.\n\nPossible choices of X:\n 2002 to fit inside an 8K L1 cache (e.g., Pentium).\n 4004 to fit inside a 16K L1 cache (e.g., Pentium II).\n 64064 to fit inside a 256K L2 cache.\n\nThere are various word-size limits on X; 1000000 should still be okay.\n*/\n\n#define B32 PRIMEGEN_WORDS\n#define B (PRIMEGEN_WORDS * 32)\n\n#ifdef _MSC_VER\n#pragma warning(disable:4244)\n#endif\n\nstatic const uint32_t two[32] = {\n 0x00000001 , 0x00000002 , 0x00000004 , 0x00000008\n, 0x00000010 , 0x00000020 , 0x00000040 , 0x00000080\n, 0x00000100 , 0x00000200 , 0x00000400 , 0x00000800\n, 0x00001000 , 0x00002000 , 0x00004000 , 0x00008000\n, 0x00010000 , 0x00020000 , 0x00040000 , 0x00080000\n, 0x00100000 , 0x00200000 , 0x00400000 , 0x00800000\n, 0x01000000 , 0x02000000 , 0x04000000 , 0x08000000\n, 0x10000000 , 0x20000000 , 0x40000000 , 0x80000000\n} ;\n\nstatic void clear(register uint32_t (*buf)[B32])\n{\n register int i;\n register int j;\n\n for (j = 0;j < 16;++j) {\n for (i = 0;i < B32;++i)\n (*buf)[i] = (uint32_t)~0;\n ++buf;\n }\n}\n\nstatic void doit4(register uint32_t *a,register long x,register long y,int64_t start)\n{\n long i0;\n long y0;\n register long i;\n register uint32_t data;\n register uint32_t pos;\n register uint32_t bits;\n\n x += x; x += 15;\n y += 15;\n\n start += 1000000000;\n while (start < 0) { start += x; x += 30; }\n start -= 1000000000;\n i = start;\n\n while (i < B) { i += x; x += 30; }\n\n for (;;) {\n x -= 30;\n if (x <= 15) return;\n i -= x;\n\n while (i < 0) { i += y; y += 30; }\n\n i0 = i; y0 = y;\n while (i < B) {\n pos = (uint32_t)i; data = (uint32_t)i;\n pos >>= 5; data &= 31;\n i += y; y += 30;\n bits = a[pos]; data = two[data];\n bits ^= data;\n a[pos] = bits;\n }\n i = i0; y = y0;\n }\n}\n\nstatic void doit6(register uint32_t *a,register long x,register long y,int64_t start)\n{\n long i0;\n long y0;\n register long i;\n register uint32_t data;\n register uint32_t pos;\n register uint32_t bits;\n\n x += 5;\n y += 15;\n\n start += 1000000000;\n while (start < 0) { start += x; x += 10; }\n start -= 1000000000;\n i = start;\n while (i < B) { i += x; x += 10; }\n\n for (;;) {\n x -= 10;\n if (x <= 5) return;\n i -= x;\n\n while (i < 0) { i += y; y += 30; }\n\n i0 = i; y0 = y;\n while (i < B) {\n pos = (uint32_t)i; data = (uint32_t)i;\n pos >>= 5; data &= 31;\n i += y; y += 30;\n bits = a[pos]; data = two[data];\n bits ^= data;\n a[pos] = bits;\n }\n i = i0; y = y0;\n }\n}\n\nstatic void doit12(register uint32_t *a,register long x,register long y,int64_t start)\n{\n register long i;\n register uint32_t data;\n register uint32_t bits;\n\n x += 5;\n\n start += 1000000000;\n while (start < 0) { start += x; x += 10; }\n start -= 1000000000;\n i = start;\n while (i < 0) { i += x; x += 10; }\n\n y += 15;\n x += 10;\n\n for (;;) {\n long i0;\n long y0;\n while (i >= B) {\n if (x <= y) return;\n i -= y;\n y += 30;\n }\n i0 = i;\n y0 = y;\n while ((i >= 0) && (y < x)) {\n register uint32_t pos;\n pos = (uint32_t)i; data = (uint32_t)i;\n pos >>= 5; data &= 31;\n i -= y;\n y += 30;\n bits = a[pos]; data = two[data];\n bits ^= data;\n a[pos] = bits;\n }\n i = i0;\n y = y0;\n i += x - 10;\n x += 10;\n }\n}\n\nstatic const int deltainverse[60] = {\n -1,B32 * 0,-1,-1,-1,-1,-1,B32 * 1,-1,-1,-1,B32 * 2,-1,B32 * 3,-1\n,-1,-1,B32 * 4,-1,B32 * 5,-1,-1,-1,B32 * 6,-1,-1,-1,-1,-1,B32 * 7\n,-1,B32 * 8,-1,-1,-1,-1,-1,B32 * 9,-1,-1,-1,B32 * 10,-1,B32 * 11,-1\n,-1,-1,B32 * 12,-1,B32 * 13,-1,-1,-1,B32 * 14,-1,-1,-1,-1,-1,B32 * 15\n} ;\n\nstatic void squarefree1big(uint32_t (*buf)[B32],uint64_t base,uint32_t q,uint64_t qq)\n{\n uint64_t i;\n uint32_t pos;\n int n;\n uint64_t bound = base + 60 * B;\n\n while (qq < bound) {\n if (bound < 2000000000)\n i = qq - (((uint32_t) base) % ((uint32_t) qq));\n else\n i = qq - (base % qq);\n if (!(i & 1)) i += qq;\n\n if (i < B * 60) {\n pos = (uint32_t)i;\n n = deltainverse[pos % 60];\n if (n >= 0) {\n pos /= 60;\n (*buf)[n + (pos >> 5)] |= two[pos & 31];\n }\n }\n\n qq += q; q += 1800;\n }\n}\n\nstatic void squarefree1(register uint32_t (*buf)[B32],uint64_t L,uint32_t q)\n{\n uint32_t qq;\n register uint32_t qqhigh;\n uint32_t i;\n register uint32_t ilow;\n register uint32_t ihigh;\n register int n;\n uint64_t base;\n\n base = 60 * L;\n qq = q * q;\n q = 60 * q + 900;\n\n while (qq < B * 60) {\n if (base < 2000000000)\n i = qq - (((uint32_t) base) % qq);\n else\n i = qq - (base % qq);\n if (!(i & 1)) i += qq;\n\n if (i < B * 60) {\n qqhigh = qq / 60;\n ilow = i % 60; ihigh = i / 60;\n\n qqhigh += qqhigh;\n while (ihigh < B) {\n n = deltainverse[ilow];\n if (n >= 0)\n (*buf)[n + (ihigh >> 5)] |= two[ihigh & 31];\n\n ilow += 2; ihigh += qqhigh;\n if (ilow >= 60) { ilow -= 60; ihigh += 1; }\n }\n }\n\n qq += q; q += 1800;\n }\n\n squarefree1big(buf,base,q,qq);\n}\n\nstatic void squarefree49big(uint32_t (*buf)[B32],uint64_t base,uint32_t q,uint64_t qq)\n{\n uint64_t i;\n uint32_t pos;\n int n;\n uint64_t bound = base + 60 * B;\n\n while (qq < bound) {\n if (bound < 2000000000)\n i = qq - (((uint32_t) base) % ((uint32_t) qq));\n else\n i = qq - (base % qq);\n if (!(i & 1)) i += qq;\n\n if (i < B * 60) {\n pos = (uint32_t)i;\n n = deltainverse[pos % 60];\n if (n >= 0) {\n pos /= 60;\n (*buf)[n + (pos >> 5)] |= two[pos & 31];\n }\n }\n\n qq += q; q += 1800;\n }\n}\n\nstatic void squarefree49(register uint32_t (*buf)[B32],uint64_t L,uint32_t q)\n{\n uint32_t qq;\n register uint32_t qqhigh;\n uint32_t i;\n register uint32_t ilow;\n register uint32_t ihigh;\n register int n;\n uint64_t base = 60 * L;\n\n qq = q * q;\n q = 60 * q + 900;\n\n while (qq < B * 60) {\n if (base < 2000000000)\n i = qq - (((uint32_t) base) % qq);\n else\n i = qq - (base % qq);\n if (!(i & 1)) i += qq;\n\n if (i < B * 60) {\n qqhigh = qq / 60;\n ilow = i % 60; ihigh = i / 60;\n\n qqhigh += qqhigh;\n qqhigh += 1;\n while (ihigh < B) {\n n = deltainverse[ilow];\n if (n >= 0)\n (*buf)[n + (ihigh >> 5)] |= two[ihigh & 31];\n\n ilow += 38; ihigh += qqhigh;\n if (ilow >= 60) { ilow -= 60; ihigh += 1; }\n }\n }\n\n qq += q; q += 1800;\n }\n\n squarefree49big(buf,base,q,qq);\n}\n\n/* squares of primes >= 7, < 240 */\nuint32_t qqtab[49] = {\n 49,121,169,289,361,529,841,961,1369,1681\n ,1849,2209,2809,3481,3721,4489,5041,5329,6241,6889\n ,7921,9409,10201,10609,11449,11881,12769,16129,17161,18769\n ,19321,22201,22801,24649,26569,27889,29929,32041,32761,36481\n ,37249,38809,39601,44521,49729,51529,52441,54289,57121\n} ;\n\n/* (qq * 11 + 1) / 60 or (qq * 59 + 1) / 60 */\nuint32_t qq60tab[49] = {\n 9,119,31,53,355,97,827,945,251,1653\n ,339,405,515,3423,3659,823,4957,977,6137\n ,1263,7789,1725,10031,1945,2099,11683,2341,2957\n ,16875,3441,18999,21831,22421,4519,4871,5113,5487\n ,31507,32215,35873,6829,7115,38941,43779,9117,9447,51567,9953,56169\n} ;\n\nstatic void squarefreetiny(register uint32_t *a,uint32_t *Lmodqq,int d)\n{\n int j;\n\n for (j = 0;j < 49;++j) {\n register uint32_t k;\n register uint32_t qq;\n qq = qqtab[j];\n k = qq - 1 - ((Lmodqq[j] + qq60tab[j] * d - 1) % qq);\n while (k < B) {\n register uint32_t pos;\n register uint32_t data;\n register uint32_t bits;\n pos = k;\n data = k;\n pos >>= 5;\n data &= 31;\n k += qq;\n bits = a[pos];\n data = two[data];\n bits |= data;\n a[pos] = bits;\n }\n }\n}\n\ntypedef struct { char index; char f; char g; char k; } todo;\n\nstatic const todo for4[] = {\n {0,2,15,4} , {0,3,5,1} , {0,3,25,11} , {0,5,9,3}\n, {0,5,21,9} , {0,7,15,7} , {0,8,15,8} , {0,10,9,8}\n, {0,10,21,14} , {0,12,5,10} , {0,12,25,20} , {0,13,15,15}\n, {0,15,1,15} , {0,15,11,17} , {0,15,19,21} , {0,15,29,29}\n, {3,1,3,0} , {3,1,27,12} , {3,4,3,1} , {3,4,27,13}\n, {3,6,7,3} , {3,6,13,5} , {3,6,17,7} , {3,6,23,11}\n, {3,9,7,6} , {3,9,13,8} , {3,9,17,10} , {3,9,23,14}\n, {3,11,3,8} , {3,11,27,20} , {3,14,3,13} , {3,14,27,25}\n, {4,2,1,0} , {4,2,11,2} , {4,2,19,6} , {4,2,29,14}\n, {4,7,1,3} , {4,7,11,5} , {4,7,19,9} , {4,7,29,17}\n, {4,8,1,4} , {4,8,11,6} , {4,8,19,10} , {4,8,29,18}\n, {4,13,1,11} , {4,13,11,13} , {4,13,19,17} , {4,13,29,25}\n, {7,1,5,0} , {7,1,25,10} , {7,4,5,1} , {7,4,25,11}\n, {7,5,7,2} , {7,5,13,4} , {7,5,17,6} , {7,5,23,10}\n, {7,10,7,7} , {7,10,13,9} , {7,10,17,11} , {7,10,23,15}\n, {7,11,5,8} , {7,11,25,18} , {7,14,5,13} , {7,14,25,23}\n, {9,2,9,1} , {9,2,21,7} , {9,3,1,0} , {9,3,11,2}\n, {9,3,19,6} , {9,3,29,14} , {9,7,9,4} , {9,7,21,10}\n, {9,8,9,5} , {9,8,21,11} , {9,12,1,9} , {9,12,11,11}\n, {9,12,19,15} , {9,12,29,23} , {9,13,9,12} , {9,13,21,18}\n, {10,2,5,0} , {10,2,25,10} , {10,5,1,1} , {10,5,11,3}\n, {10,5,19,7} , {10,5,29,15} , {10,7,5,3} , {10,7,25,13}\n, {10,8,5,4} , {10,8,25,14} , {10,10,1,6} , {10,10,11,8}\n, {10,10,19,12} , {10,10,29,20} , {10,13,5,11} , {10,13,25,21}\n, {13,1,15,3} , {13,4,15,4} , {13,5,3,1} , {13,5,27,13}\n, {13,6,5,2} , {13,6,25,12} , {13,9,5,5} , {13,9,25,15}\n, {13,10,3,6} , {13,10,27,18} , {13,11,15,11} , {13,14,15,16}\n, {13,15,7,15} , {13,15,13,17} , {13,15,17,19} , {13,15,23,23}\n, {14,1,7,0} , {14,1,13,2} , {14,1,17,4} , {14,1,23,8}\n, {14,4,7,1} , {14,4,13,3} , {14,4,17,5} , {14,4,23,9}\n, {14,11,7,8} , {14,11,13,10} , {14,11,17,12} , {14,11,23,16}\n, {14,14,7,13} , {14,14,13,15} , {14,14,17,17} , {14,14,23,21}\n} ;\n\nstatic const todo for6[] = {\n {1,1,2,0} , {1,1,8,1} , {1,1,22,8} , {1,1,28,13}\n, {1,3,10,2} , {1,3,20,7} , {1,7,10,4} , {1,7,20,9}\n, {1,9,2,4} , {1,9,8,5} , {1,9,22,12} , {1,9,28,17}\n, {5,1,4,0} , {5,1,14,3} , {5,1,16,4} , {5,1,26,11}\n, {5,5,2,1} , {5,5,8,2} , {5,5,22,9} , {5,5,28,14}\n, {5,9,4,4} , {5,9,14,7} , {5,9,16,8} , {5,9,26,15}\n, {8,3,2,0} , {8,3,8,1} , {8,3,22,8} , {8,3,28,13}\n, {8,5,4,1} , {8,5,14,4} , {8,5,16,5} , {8,5,26,12}\n, {8,7,2,2} , {8,7,8,3} , {8,7,22,10} , {8,7,28,15}\n, {11,1,10,1} , {11,1,20,6} , {11,3,4,0} , {11,3,14,3}\n, {11,3,16,4} , {11,3,26,11} , {11,7,4,2} , {11,7,14,5}\n, {11,7,16,6} , {11,7,26,13} , {11,9,10,5} , {11,9,20,10}\n} ;\n\nstatic const todo for12[] = {\n {2,2,1,0} , {2,2,11,-2} , {2,2,19,-6} , {2,2,29,-14}\n, {2,3,4,0} , {2,3,14,-3} , {2,3,16,-4} , {2,3,26,-11}\n, {2,5,2,1} , {2,5,8,0} , {2,5,22,-7} , {2,5,28,-12}\n, {2,7,4,2} , {2,7,14,-1} , {2,7,16,-2} , {2,7,26,-9}\n, {2,8,1,3} , {2,8,11,1} , {2,8,19,-3} , {2,8,29,-11}\n, {2,10,7,4} , {2,10,13,2} , {2,10,17,0} , {2,10,23,-4}\n, {6,1,10,-2} , {6,1,20,-7} , {6,2,7,-1} , {6,2,13,-3}\n, {6,2,17,-5} , {6,2,23,-9} , {6,3,2,0} , {6,3,8,-1}\n, {6,3,22,-8} , {6,3,28,-13} , {6,4,5,0} , {6,4,25,-10}\n, {6,6,5,1} , {6,6,25,-9} , {6,7,2,2} , {6,7,8,1}\n, {6,7,22,-6} , {6,7,28,-11} , {6,8,7,2} , {6,8,13,0}\n, {6,8,17,-2} , {6,8,23,-6} , {6,9,10,2} , {6,9,20,-3}\n, {12,1,4,-1} , {12,1,14,-4} , {12,1,16,-5} , {12,1,26,-12}\n, {12,2,5,-1} , {12,2,25,-11} , {12,3,10,-2} , {12,3,20,-7}\n, {12,4,1,0} , {12,4,11,-2} , {12,4,19,-6} , {12,4,29,-14}\n, {12,6,1,1} , {12,6,11,-1} , {12,6,19,-5} , {12,6,29,-13}\n, {12,7,10,0} , {12,7,20,-5} , {12,8,5,2} , {12,8,25,-8}\n, {12,9,4,3} , {12,9,14,0} , {12,9,16,-1} , {12,9,26,-8}\n, {15,1,2,-1} , {15,1,8,-2} , {15,1,22,-9} , {15,1,28,-14}\n, {15,4,7,-1} , {15,4,13,-3} , {15,4,17,-5} , {15,4,23,-9}\n, {15,5,4,0} , {15,5,14,-3} , {15,5,16,-4} , {15,5,26,-11}\n, {15,6,7,0} , {15,6,13,-2} , {15,6,17,-4} , {15,6,23,-8}\n, {15,9,2,3} , {15,9,8,2} , {15,9,22,-5} , {15,9,28,-10}\n, {15,10,1,4} , {15,10,11,2} , {15,10,19,-2} , {15,10,29,-10}\n} ;\n\nvoid primegen_sieve(primegen *pg)\n{\n uint32_t (*buf)[B32];\n uint64_t L;\n int i;\n uint32_t Lmodqq[49];\n\n buf = pg->buf;\n L = pg->L;\n\n if (L > 2000000000)\n for (i = 0;i < 49;++i)\n Lmodqq[i] = L % qqtab[i];\n else\n for (i = 0;i < 49;++i)\n Lmodqq[i] = ((uint32_t) L) % qqtab[i];\n\n clear(buf);\n\n for (i = 0;i < 16;++i)\n doit4(buf[0],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[0],Lmodqq,1);\n for (;i < 32;++i)\n doit4(buf[3],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[3],Lmodqq,13);\n for (;i < 48;++i)\n doit4(buf[4],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[4],Lmodqq,17);\n for (;i < 64;++i)\n doit4(buf[7],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[7],Lmodqq,29);\n for (;i < 80;++i)\n doit4(buf[9],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[9],Lmodqq,37);\n for (;i < 96;++i)\n doit4(buf[10],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[10],Lmodqq,41);\n for (;i < 112;++i)\n doit4(buf[13],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[13],Lmodqq,49);\n for (;i < 128;++i)\n doit4(buf[14],for4[i].f,for4[i].g,(int64_t) for4[i].k - L);\n squarefreetiny(buf[14],Lmodqq,53);\n\n for (i = 0;i < 12;++i)\n doit6(buf[1],for6[i].f,for6[i].g,(int64_t) for6[i].k - L);\n squarefreetiny(buf[1],Lmodqq,7);\n for (;i < 24;++i)\n doit6(buf[5],for6[i].f,for6[i].g,(int64_t) for6[i].k - L);\n squarefreetiny(buf[5],Lmodqq,19);\n for (;i < 36;++i)\n doit6(buf[8],for6[i].f,for6[i].g,(int64_t) for6[i].k - L);\n squarefreetiny(buf[8],Lmodqq,31);\n for (;i < 48;++i)\n doit6(buf[11],for6[i].f,for6[i].g,(int64_t) for6[i].k - L);\n squarefreetiny(buf[11],Lmodqq,43);\n\n for (i = 0;i < 24;++i)\n doit12(buf[2],for12[i].f,for12[i].g,(int64_t) for12[i].k - L);\n squarefreetiny(buf[2],Lmodqq,11);\n for (;i < 48;++i)\n doit12(buf[6],for12[i].f,for12[i].g,(int64_t) for12[i].k - L);\n squarefreetiny(buf[6],Lmodqq,23);\n for (;i < 72;++i)\n doit12(buf[12],for12[i].f,for12[i].g,(int64_t) for12[i].k - L);\n squarefreetiny(buf[12],Lmodqq,47);\n for (;i < 96;++i)\n doit12(buf[15],for12[i].f,for12[i].g,(int64_t) for12[i].k - L);\n squarefreetiny(buf[15],Lmodqq,59);\n\n squarefree49(buf,L,247);\n squarefree49(buf,L,253);\n squarefree49(buf,L,257);\n squarefree49(buf,L,263);\n squarefree1(buf,L,241);\n squarefree1(buf,L,251);\n squarefree1(buf,L,259);\n squarefree1(buf,L,269);\n}\n\n\nvoid primegen_fill(primegen *pg)\n{\n int i;\n uint32_t mask;\n uint32_t bits0, bits1, bits2, bits3, bits4, bits5, bits6, bits7;\n uint32_t bits8, bits9, bits10, bits11, bits12, bits13, bits14, bits15;\n uint64_t base;\n\n i = pg->pos;\n if (i == B32) {\n primegen_sieve(pg);\n pg->L += B;\n i = 0;\n }\n pg->pos = i + 1;\n\n bits0 = ~pg->buf[0][i];\n bits1 = ~pg->buf[1][i];\n bits2 = ~pg->buf[2][i];\n bits3 = ~pg->buf[3][i];\n bits4 = ~pg->buf[4][i];\n bits5 = ~pg->buf[5][i];\n bits6 = ~pg->buf[6][i];\n bits7 = ~pg->buf[7][i];\n bits8 = ~pg->buf[8][i];\n bits9 = ~pg->buf[9][i];\n bits10 = ~pg->buf[10][i];\n bits11 = ~pg->buf[11][i];\n bits12 = ~pg->buf[12][i];\n bits13 = ~pg->buf[13][i];\n bits14 = ~pg->buf[14][i];\n bits15 = ~pg->buf[15][i];\n\n base = pg->base + 1920;\n pg->base = base;\n\n pg->num = 0;\n\n for (mask = 0x80000000;mask;mask >>= 1) {\n base -= 60;\n if (bits15 & mask) pg->p[pg->num++] = base + 59;\n if (bits14 & mask) pg->p[pg->num++] = base + 53;\n if (bits13 & mask) pg->p[pg->num++] = base + 49;\n if (bits12 & mask) pg->p[pg->num++] = base + 47;\n if (bits11 & mask) pg->p[pg->num++] = base + 43;\n if (bits10 & mask) pg->p[pg->num++] = base + 41;\n if (bits9 & mask) pg->p[pg->num++] = base + 37;\n if (bits8 & mask) pg->p[pg->num++] = base + 31;\n if (bits7 & mask) pg->p[pg->num++] = base + 29;\n if (bits6 & mask) pg->p[pg->num++] = base + 23;\n if (bits5 & mask) pg->p[pg->num++] = base + 19;\n if (bits4 & mask) pg->p[pg->num++] = base + 17;\n if (bits3 & mask) pg->p[pg->num++] = base + 13;\n if (bits2 & mask) pg->p[pg->num++] = base + 11;\n if (bits1 & mask) pg->p[pg->num++] = base + 7;\n if (bits0 & mask) pg->p[pg->num++] = base + 1;\n }\n}\n\nuint64_t primegen_next(primegen *pg)\n{\n while (!pg->num)\n primegen_fill(pg);\n\n return pg->p[--pg->num];\n}\n\nuint64_t primegen_peek(primegen *pg)\n{\n while (!pg->num)\n primegen_fill(pg);\n\n return pg->p[pg->num - 1];\n}\n\nvoid primegen_init(primegen *pg)\n{\n pg->L = 1;\n pg->base = 60;\n\n pg->pos = PRIMEGEN_WORDS;\n\n pg->p[0] = 59;\n pg->p[1] = 53;\n pg->p[2] = 47;\n pg->p[3] = 43;\n pg->p[4] = 41;\n pg->p[5] = 37;\n pg->p[6] = 31;\n pg->p[7] = 29;\n pg->p[8] = 23;\n pg->p[9] = 19;\n pg->p[10] = 17;\n pg->p[11] = 13;\n pg->p[12] = 11;\n pg->p[13] = 7;\n pg->p[14] = 5;\n pg->p[15] = 3;\n pg->p[16] = 2;\n\n pg->num = 17;\n}\n\n\nstatic const unsigned long pop[256] = {\n 0,1,1,2,1,2,2,3,1,2,2,3,2,3,3,4,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5\n,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6\n,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6\n,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7\n,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6\n,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7\n,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7\n,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,4,5,5,6,5,6,6,7,5,6,6,7,6,7,7,8\n};\n\nuint64_t primegen_count(primegen *pg,uint64_t to)\n{\n uint64_t count = 0;\n \n for (;;) {\n register int pos;\n register int j;\n register uint32_t bits;\n register uint32_t smallcount;\n while (pg->num) {\n if (pg->p[pg->num - 1] >= to) return count;\n ++count;\n --pg->num;\n }\n\n smallcount = 0;\n pos = pg->pos;\n while ((pos < B32) && (pg->base + 1920 < to)) {\n for (j = 0;j < 16;++j) {\n bits = ~pg->buf[j][pos];\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255];\n }\n pg->base += 1920;\n ++pos;\n }\n pg->pos = pos;\n count += smallcount;\n\n if (pos == B32)\n while (pg->base + B * 60 < to) {\n primegen_sieve(pg);\n pg->L += B;\n\n smallcount = 0;\n for (j = 0;j < 16;++j)\n for (pos = 0;pos < B32;++pos) {\n bits = ~pg->buf[j][pos];\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255]; bits >>= 8;\n smallcount += pop[bits & 255];\n }\n count += smallcount;\n pg->base += B * 60;\n }\n\n primegen_fill(pg);\n }\n}\n\nvoid primegen_skipto(primegen *pg,uint64_t to)\n{\n for (;;) {\n int pos;\n while (pg->num) {\n if (pg->p[pg->num - 1] >= to) return;\n --pg->num;\n }\n\n pos = pg->pos;\n while ((pos < B32) && (pg->base + 1920 < to)) {\n pg->base += 1920;\n ++pos;\n }\n pg->pos = pos;\n if (pos == B32)\n while (pg->base + B * 60 < to) {\n pg->L += B;\n pg->base += B * 60;\n }\n\n primegen_fill(pg);\n }\n}\n"
},
{
"path": "src/crypto-primegen.h",
"content": "#ifndef PRIMEGEN_H\n#define PRIMEGEN_H\n\n#include \n\n/**\n * This is B/32: the number of 32-bit words of space used in the primegen\n * inner loop. This should fit into the CPU's level-1 cache.\n *\n * 2048 works well on a Pentium-100.\n * 3600 works well on a Pentium II-350\n * 4004 works well on an UltraSPARC-I/167\n *\n * 2012-nov (Rob): This code was written 15 years ago. Processor caches\n * haven't really gotten any larger. A number like 8008 works slightly\n * better on an Ivy Bridge CPU, but works noticeably worse on an Atom\n * or ARM processor. The value 4004 seems to be a good compromise for\n * all these processors. In any case, modern CPUs will automatically\n * prefetch the buffers anyway, significantly lessoning the impact of\n * having a poor number defined here. I tried 16016, but it crashed, and\n * I don't know why, but I don't care because I'm not going to use such a\n * large size.\n */\n#define PRIMEGEN_WORDS 4004\n\ntypedef struct {\n uint32_t buf[16][PRIMEGEN_WORDS];\n uint64_t p[512]; /* p[num-1] ... p[0], in that order */\n int num;\n int pos; /* next entry to use in buf; WORDS to restart */\n uint64_t base;\n uint64_t L;\n} primegen;\n\nextern void primegen_sieve(primegen *);\nextern void primegen_fill(primegen *);\n\nextern void primegen_init(primegen *);\nextern uint64_t primegen_next(primegen *);\nextern uint64_t primegen_peek(primegen *);\nextern uint64_t primegen_count(primegen *,uint64_t to);\nextern void primegen_skipto(primegen *,uint64_t to);\n\n#endif\n"
},
{
"path": "src/crypto-siphash24.c",
"content": "/*\n SipHash reference C implementation\n\n Written in 2012 by\n Jean-Philippe Aumasson \n Daniel J. Bernstein \n\n To the extent possible under law, the author(s) have dedicated all copyright\n and related and neighboring rights to this software to the public domain\n worldwide. This software is distributed without any warranty.\n\n You should have received a copy of the CC0 Public Domain Dedication along with\n this software. If not, see .\n*/\n#include \n#include \n#include \n#include \"crypto-siphash24.h\"\n\ntypedef uint64_t u64;\ntypedef uint32_t u32;\ntypedef uint8_t u8;\n\n#define ROTL(x,b) (u64)( ((x) << (b)) | ( (x) >> (64 - (b))) )\n\n#define U32TO8_LE(p, v) \\\n (p)[0] = (u8)((v) ); (p)[1] = (u8)((v) >> 8); \\\n (p)[2] = (u8)((v) >> 16); (p)[3] = (u8)((v) >> 24);\n\n#define U64TO8_LE(p, v) \\\n U32TO8_LE((p), (u32)((v) )); \\\n U32TO8_LE((p) + 4, (u32)((v) >> 32));\n\n#define U8TO64_LE(p) \\\n (((u64)((p)[0]) ) | \\\n ((u64)((p)[1]) << 8) | \\\n ((u64)((p)[2]) << 16) | \\\n ((u64)((p)[3]) << 24) | \\\n ((u64)((p)[4]) << 32) | \\\n ((u64)((p)[5]) << 40) | \\\n ((u64)((p)[6]) << 48) | \\\n ((u64)((p)[7]) << 56))\n\n#define SIPROUND \\\n { \\\n v0 += v1; v1=ROTL(v1,13); v1 ^= v0; v0=ROTL(v0,32); \\\n v2 += v3; v3=ROTL(v3,16); v3 ^= v2; \\\n v0 += v3; v3=ROTL(v3,21); v3 ^= v0; \\\n v2 += v1; v1=ROTL(v1,17); v1 ^= v2; v2=ROTL(v2,32); \\\n }\n\n/* SipHash-2-4 */\nstatic int crypto_auth( unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *k )\n{\n /* \"somepseudorandomlygeneratedbytes\" */\n u64 v0 = 0x736f6d6570736575ULL;\n u64 v1 = 0x646f72616e646f6dULL;\n u64 v2 = 0x6c7967656e657261ULL;\n u64 v3 = 0x7465646279746573ULL;\n u64 b;\n u64 k0 = U8TO64_LE( k );\n u64 k1 = U8TO64_LE( k + 8 );\n const u8 *end = in + inlen - ( inlen % sizeof( u64 ) );\n const int left = inlen & 7;\n b = ( ( u64 )inlen ) << 56;\n v3 ^= k1;\n v2 ^= k0;\n v1 ^= k1;\n v0 ^= k0;\n\n for ( ; in != end; in += 8 )\n {\n u64 m;\n m = U8TO64_LE( in );\n#ifdef xxxDEBUG\n printf( \"(%3d) v0 %08x %08x\\n\", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 );\n printf( \"(%3d) v1 %08x %08x\\n\", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 );\n printf( \"(%3d) v2 %08x %08x\\n\", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 );\n printf( \"(%3d) v3 %08x %08x\\n\", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 );\n printf( \"(%3d) compress %08x %08x\\n\", ( int )inlen, ( u32 )( m >> 32 ), ( u32 )m );\n#endif\n v3 ^= m;\n SIPROUND;\n SIPROUND;\n v0 ^= m;\n }\n\n switch( left )\n {\n case 7: b |= ( ( u64 )in[ 6] ) << 48;\n case 6: b |= ( ( u64 )in[ 5] ) << 40;\n case 5: b |= ( ( u64 )in[ 4] ) << 32;\n case 4: b |= ( ( u64 )in[ 3] ) << 24;\n case 3: b |= ( ( u64 )in[ 2] ) << 16;\n case 2: b |= ( ( u64 )in[ 1] ) << 8;\n case 1: b |= ( ( u64 )in[ 0] ); break;\n case 0: break;\n }\n\n#ifdef xxxDEBUG\n printf( \"(%3d) v0 %08x %08x\\n\", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 );\n printf( \"(%3d) v1 %08x %08x\\n\", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 );\n printf( \"(%3d) v2 %08x %08x\\n\", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 );\n printf( \"(%3d) v3 %08x %08x\\n\", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 );\n printf( \"(%3d) padding %08x %08x\\n\", ( int )inlen, ( u32 )( b >> 32 ), ( u32 )b );\n#endif\n v3 ^= b;\n SIPROUND;\n SIPROUND;\n v0 ^= b;\n#ifdef xxxDEBUG\n printf( \"(%3d) v0 %08x %08x\\n\", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 );\n printf( \"(%3d) v1 %08x %08x\\n\", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 );\n printf( \"(%3d) v2 %08x %08x\\n\", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 );\n printf( \"(%3d) v3 %08x %08x\\n\", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 );\n#endif\n v2 ^= 0xff;\n SIPROUND;\n SIPROUND;\n SIPROUND;\n SIPROUND;\n b = v0 ^ v1 ^ v2 ^ v3;\n U64TO8_LE( out, b );\n return 0;\n}\n\nuint64_t\nsiphash24(const void *in, size_t inlen, const uint64_t key[2])\n{\n uint64_t result;\n\n crypto_auth((unsigned char*)&result,\n (const unsigned char *)in,\n inlen,\n (const unsigned char *)&key[0]);\n\n return result;\n}\n\n/*\n SipHash-2-4 output with\n k = 00 01 02 ...\n and\n in = (empty string)\n in = 00 (1 byte)\n in = 00 01 (2 bytes)\n in = 00 01 02 (3 bytes)\n ...\n in = 00 01 02 ... 3e (63 bytes)\n*/\nstatic u8 vectors[64][8] =\n{\n { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },\n { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },\n { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },\n { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },\n { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },\n { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },\n { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },\n { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },\n { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },\n { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },\n { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },\n { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },\n { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },\n { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },\n { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },\n { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },\n { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },\n { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },\n { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },\n { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },\n { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },\n { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },\n { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },\n { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },\n { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },\n { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },\n { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },\n { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },\n { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },\n { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },\n { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },\n { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },\n { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },\n { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },\n { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },\n { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },\n { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },\n { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },\n { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },\n { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },\n { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },\n { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },\n { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },\n { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },\n { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },\n { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },\n { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },\n { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },\n { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },\n { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },\n { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },\n { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },\n { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },\n { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },\n { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },\n { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },\n { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },\n { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },\n { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },\n { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },\n { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },\n { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },\n { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },\n { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }\n};\n\n\nstatic int\ntest_vectors()\n{\n#define MAXLEN 64\n u8 in[MAXLEN], out[8], k[16];\n int i;\n int ok = 1;\n\n for( i = 0; i < 16; ++i ) k[i] = (u8)i;\n\n for( i = 0; i < MAXLEN; ++i )\n {\n in[i] = (u8)i;\n crypto_auth( out, in, i, k );\n\n if ( memcmp( out, vectors[i], 8 ) )\n {\n printf( \"test vector failed for %d bytes\\n\", i );\n ok = 0;\n }\n }\n\n return ok;\n}\n\nint\nsiphash24_selftest(void)\n{\n if (test_vectors())\n return 0;\n else\n return 1;\n}\n"
},
{
"path": "src/crypto-siphash24.h",
"content": "#ifndef CRYPTO_SIPHASH24_H\n#define CRYPTO_SIPHASH24_H\n#include \n\nuint64_t\nsiphash24(const void *in, size_t inlen, const uint64_t key[2]);\n\n/**\n * Regression-test this module.\n * @return\n * 0 on success, a positive integer otherwise.\n */\nint\nsiphash24_selftest(void);\n\n#endif\n\n"
},
{
"path": "src/event-timeout.c",
"content": "/*\n\n Event timeout\n\n This is for the user-mode TCP stack. We need to mark timeouts in the\n future when we'll re-visit a connection/tcb. For example, when we\n send a packet, we need to resend it in the future in case we don't\n get a response.\n\n This design creates a large \"ring\" of timeouts, and then cycles\n again and again through the ring. This is a fairly high granularity,\n just has hundreds, thousands, or 10 thousand entries per second.\n (I keep adjusting the granularity up and down). Not that at any\n slot in the ring, there may be entries from the far future.\n\n NOTE: a big feature of this system is that the structure that tracks\n the timeout is actually held within the TCB structure. In other\n words, each TCB can have one-and-only-one timeout.\n\n NOTE: a recurring bug is that the TCP code removes a TCB from the\n timeout ring and forgets to put it back somewhere else. Since the\n TCB is cleaned up on a timeout, such TCBs never get cleaned up,\n leading to a memory leak. I keep fixing this bug, then changing the\n code and causing the bug to come back again.\n*/\n#include \"event-timeout.h\"\n#include \"util-logger.h\"\n#include \"util-malloc.h\"\n#include \n#include \n#include \n#include \n\n\n\n/***************************************************************************\n * The timeout system is a circular ring. We move an index around the \n * ring. At each slot in the ring is a linked-list of all entries at\n * that time index. Because the ring can wrap, not everything at a given\n * entry will be the same timestamp. Therefore, when doing the timeout\n * logic at a slot, we have to doublecheck the actual timestamp, and skip\n * those things that are further in the future.\n ***************************************************************************/\nstruct Timeouts {\n /**\n * This index is a monotonically increasing number, modulus the mask.\n * Every time we check timeouts, we simply move it forward in time.\n */\n uint64_t current_index;\n\n /**\n * Counts the number of outstanding timeouts. Adding a timeout increments\n * this number, and removing a timeout decrements this number. The\n * program shouldn't exit until this number is zero.\n */\n uint64_t outstanding_count;\n\n /**\n * The number of slots is a power-of-2, so the mask is just this\n * number minus 1\n */\n unsigned mask;\n\n /**\n * The ring of entries.\n */\n struct TimeoutEntry *slots[1024*1024];\n};\n\n/***************************************************************************\n ***************************************************************************/\nstruct Timeouts *\ntimeouts_create(uint64_t timestamp)\n{\n struct Timeouts *timeouts;\n\n /*\n * Allocate memory and initialize it to zero\n */\n timeouts = CALLOC(1, sizeof(*timeouts));\n \n /*\n * We just mask off the low order bits to determine wrap. I'm using\n * a variable here because one of these days I'm going to make\n * the size of the ring dynamically adjustable depending upon\n * the speed of the scan.\n */\n timeouts->mask = sizeof(timeouts->slots)/sizeof(timeouts->slots[0]) - 1;\n\n /*\n * Set the index to the current time. Note that this timestamp is\n * the 'time_t' value multiplied by the number of ticks-per-second,\n * where 'ticks' is something I've defined for scanning. Right now\n * I hard-code in the size of the ticks, but eventually they'll be\n * dynamically resized depending upon the speed of the scan.\n */\n timeouts->current_index = timestamp;\n\n\n return timeouts;\n}\n\n/***************************************************************************\n * This inserts the timeout entry into the appropriate place in the\n * timeout ring.\n ***************************************************************************/\nvoid\ntimeouts_add(struct Timeouts *timeouts, struct TimeoutEntry *entry,\n size_t offset, uint64_t timestamp)\n{\n unsigned index;\n\n /* Unlink from wherever the entry came from */\n if (entry->timestamp)\n timeouts->outstanding_count--;\n timeout_unlink(entry);\n\n if (entry->prev) {\n LOG(1, \"***CHANGE %d-seconds\\n\", \n (int)((timestamp-entry->timestamp)/TICKS_PER_SECOND));\n }\n\n /* Initialize the new entry */\n entry->timestamp = timestamp;\n entry->offset = (unsigned)offset;\n\n /* Link it into it's new location */\n index = timestamp & timeouts->mask;\n entry->next = timeouts->slots[index];\n timeouts->slots[index] = entry;\n entry->prev = &timeouts->slots[index];\n if (entry->next)\n entry->next->prev = &entry->next;\n\n timeouts->outstanding_count++;\n}\n\n/***************************************************************************\n * Remove the next event that it older than the specified timestamp\n ***************************************************************************/\nvoid *\ntimeouts_remove(struct Timeouts *timeouts, uint64_t timestamp)\n{\n struct TimeoutEntry *entry = NULL;\n\n /* Search until we find one */\n while (timeouts->current_index <= timestamp) {\n\n /* Start at the current slot */\n entry = timeouts->slots[timeouts->current_index & timeouts->mask];\n\n /* enumerate through the linked list until we find a used slot */\n while (entry && entry->timestamp > timestamp)\n entry = entry->next;\n if (entry)\n break;\n\n /* found nothing at this slot, so move to next slot */\n timeouts->current_index++;\n }\n\n if (entry == NULL) {\n /* we've caught up to the current time, and there's nothing\n * left to timeout, so return NULL */\n return NULL;\n }\n\n /* unlink this entry from the timeout system */\n timeouts--;\n timeout_unlink(entry);\n\n /* return a pointer to the structure holding this entry */\n return ((char*)entry) - entry->offset;\n}\n\n\n"
},
{
"path": "src/event-timeout.h",
"content": "#ifndef EVENT_TIMEOUT_H\n#define EVENT_TIMEOUT_H\n#include \n#include \n#include /* offsetof*/\n#include \"util-bool.h\" /* */\n#if defined(_MSC_VER)\n#undef inline\n#define inline _inline\n#endif\nstruct Timeouts;\n\n\n\n\n/***************************************************************************\n ***************************************************************************/\nstruct TimeoutEntry {\n /**\n * In units of 1/16384 of a second. We use power-of-two units here\n * to make the \"modulus\" operation a simple binary \"and\".\n * See the TICKS_FROM_TV() macro for getting the timestamp from\n * the current time.\n */\n uint64_t timestamp;\n\n /** we build a doubly-linked list */\n struct TimeoutEntry *next;\n struct TimeoutEntry **prev;\n\n /** The timeout entry is never allocated by itself, but instead\n * lives inside another data structure. This stores the value of\n * 'offsetof()', so given a pointer to this structure, we can find\n * the original structure that contains it */\n unsigned offset;\n};\n\n/***************************************************************************\n ***************************************************************************/\nstatic inline bool\ntimeout_is_unlinked(const struct TimeoutEntry *entry) {\n if (entry->prev == 0 || entry->next == 0)\n return true;\n else\n return false;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic inline void\ntimeout_unlink(struct TimeoutEntry *entry)\n{\n if (entry->prev == 0 && entry->next == 0)\n return;\n *(entry->prev) = entry->next;\n if (entry->next)\n entry->next->prev = entry->prev;\n entry->next = 0;\n entry->prev = 0;\n entry->timestamp = 0;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic inline void\ntimeout_init(struct TimeoutEntry *entry)\n{\n entry->next = 0;\n entry->prev = 0;\n}\n\n/**\n * Create a timeout subsystem.\n * @param timestamp_now\n * The current timestamp indicating \"now\" when the thing starts.\n * This should be 'time(0) * TICKS_PER_SECOND'.\n */\nstruct Timeouts *\ntimeouts_create(uint64_t timestamp_now);\n\n/**\n * Insert the timeout 'entry' into the future location in the timeout\n * ring, as determined by the timestamp.\n * @param timeouts\n * A ring of timeouts, with each slot corresponding to a specific\n * time in the future.\n * @param entry\n * The entry that we are going to insert into the ring. If it's\n * already in the ring, it'll be removed from the old location\n * first before inserting into the new location.\n * @param offset\n * The 'entry' field above is part of an existing structure. This\n * tells the offset_of() from the beginning of that structure. \n * In other words, this tells us the pointer to the object that\n * that is the subject of the timeout.\n * @param timestamp_expires\n * When this timeout will expire. This is in terms of internal\n * ticks, which in units of TICKS_PER_SECOND.\n */\nvoid\ntimeouts_add(struct Timeouts *timeouts, struct TimeoutEntry *entry,\n size_t offset, uint64_t timestamp_expires);\n\n/**\n * Remove an object from the timestamp system that is older than than\n * the specified timestamp. This function must be called repeatedly\n * until it returns NULL to remove all the objects that are older\n * than the given timestamp.\n * @param timeouts\n * A ring of timeouts. We'll walk the ring until we've caught\n * up with the current time.\n * @param timestamp_now\n * Usually, this timestmap will be \"now\", the current time,\n * and anything older than this will be aged out.\n * @return\n * an object older than the specified timestamp, or NULL\n * if there are no more objects to be found\n */\nvoid *\ntimeouts_remove(struct Timeouts *timeouts, uint64_t timestamp_now);\n\n/*\n * This macros convert a normal \"timeval\" structure into the timestamp\n * that we use for timeouts. The timeval structure probably will come\n * from the packets that we are capturing.\n */\n#define TICKS_PER_SECOND (16384ULL)\n#define TICKS_FROM_SECS(secs) ((secs)*16384ULL)\n#define TICKS_FROM_USECS(usecs) ((usecs)/16384ULL)\n#define TICKS_FROM_TV(secs,usecs) (TICKS_FROM_SECS(secs)+TICKS_FROM_USECS(usecs))\n\n#endif\n"
},
{
"path": "src/in-binary.c",
"content": "/*\n Read in the binary file produced by \"out-binary.c\". This allows you to\n translate the \"binary\" format into any of the other output formats.\n*/\n#include \"massip-addr.h\"\n#include \"in-binary.h\"\n#include \"masscan.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"main-globals.h\"\n#include \"output.h\"\n#include \"util-safefunc.h\"\n#include \"in-filter.h\"\n#include \"in-report.h\"\n#include \"util-malloc.h\"\n#include \"util-logger.h\"\n\n#include \n#include \n\n#ifdef _MSC_VER\n#pragma warning(disable:4996)\n#endif\n\nstatic const size_t BUF_MAX = 1024*1024;\n\nstruct MasscanRecord {\n unsigned timestamp;\n ipaddress ip;\n unsigned char ip_proto;\n unsigned short port;\n unsigned char reason;\n unsigned char ttl;\n unsigned char mac[6];\n enum ApplicationProtocol app_proto;\n};\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nparse_status(struct Output *out,\n enum PortStatus status, /* open/closed */\n const unsigned char *buf, size_t buf_length)\n{\n struct MasscanRecord record;\n\n if (buf_length < 12)\n return;\n\n /* parse record */\n record.timestamp = buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3];\n record.ip.ipv4 = buf[4]<<24 | buf[5]<<16 | buf[6]<<8 | buf[7];\n record.ip.version = 4;\n record.port = buf[8]<<8 | buf[9];\n record.reason = buf[10];\n record.ttl = buf[11];\n\n /* if ARP, then there will be a MAC address */\n if (record.ip.ipv4 == 0 && buf_length >= 12+6)\n memcpy(record.mac, buf+12, 6);\n else\n memset(record.mac, 0, 6);\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n switch (record.port) {\n case 53:\n case 123:\n case 137:\n case 161: \n record.ip_proto = 17;\n break;\n case 36422:\n case 36412:\n case 2905:\n record.ip_proto = 132;\n break;\n default:\n record.ip_proto = 6;\n break;\n }\n\n /*\n * Now report the result\n */\n output_report_status(out,\n record.timestamp,\n status,\n record.ip,\n record.ip_proto,\n record.port,\n record.reason,\n record.ttl,\n record.mac);\n\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nparse_status2(struct Output *out,\n enum PortStatus status, /* open/closed */\n const unsigned char *buf, size_t buf_length,\n struct MassIP *filter)\n{\n struct MasscanRecord record;\n\n if (buf_length < 13)\n return;\n\n /* parse record */\n record.timestamp = buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3];\n record.ip.ipv4 = buf[4]<<24 | buf[5]<<16 | buf[6]<<8 | buf[7];\n record.ip.version = 4;\n record.ip_proto = buf[8];\n record.port = buf[9]<<8 | buf[10];\n record.reason = buf[11];\n record.ttl = buf[12];\n\n /* if ARP, then there will be a MAC address */\n if (record.ip.ipv4 == 0 && buf_length >= 13+6)\n memcpy(record.mac, buf+13, 6);\n else\n memset(record.mac, 0, 6);\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n /* Filter for known IP/ports, if specified on command-line */\n if (filter && filter->count_ipv4s) {\n if (!massip_has_ip(filter, record.ip))\n return;\n }\n if (filter && filter->count_ports) {\n if (!massip_has_port(filter, record.port))\n return;\n }\n\n /*\n * Now report the result\n */\n output_report_status(out,\n record.timestamp,\n status,\n record.ip,\n record.ip_proto,\n record.port,\n record.reason,\n record.ttl,\n record.mac);\n\n}\n\nstatic unsigned char\n_get_byte(const unsigned char *buf, size_t length, size_t *offset)\n{\n unsigned char result;\n if (*offset < length) {\n result = buf[*offset];\n } else {\n result = 0xFF;\n }\n (*offset)++;\n return result;\n}\nstatic unsigned\n_get_integer(const unsigned char *buf, size_t length, size_t *r_offset)\n{\n unsigned result;\n size_t offset = *r_offset;\n (*r_offset) += 4;\n \n if (offset + 4 <= length) {\n result = buf[offset+0]<<24\n | buf[offset+1]<<16\n | buf[offset+2]<<8\n | buf[offset+3]<<0;\n } else {\n result = 0xFFFFFFFF;\n }\n return result;\n}\nstatic unsigned short\n_get_short(const unsigned char *buf, size_t length, size_t *r_offset)\n{\n unsigned short result;\n size_t offset = *r_offset;\n (*r_offset) += 2;\n \n if (offset + 2 <= length) {\n result = buf[offset+0]<<8\n | buf[offset+1]<<0;\n } else {\n result = 0xFFFF;\n }\n return result;\n}\n\nstatic unsigned long long\n_get_long(const unsigned char *buf, size_t length, size_t *r_offset)\n{\n unsigned long long result;\n size_t offset = *r_offset;\n (*r_offset) += 8;\n \n if (offset + 8 <= length) {\n result =\n (unsigned long long)buf[offset+0]<<56ULL\n | (unsigned long long)buf[offset+1]<<48ULL\n | (unsigned long long)buf[offset+2]<<40ULL\n | (unsigned long long)buf[offset+3]<<32ULL\n | (unsigned long long)buf[offset+4]<<24ULL\n | (unsigned long long)buf[offset+5]<<16ULL\n | (unsigned long long)buf[offset+6]<<8ULL\n | (unsigned long long)buf[offset+7]<<0ULL;\n\n } else {\n result = 0xFFFFFFFFffffffffULL;\n }\n return result;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nparse_status6(struct Output *out,\n enum PortStatus status, /* open/closed */\n const unsigned char *buf, size_t length,\n struct MassIP *filter)\n{\n struct MasscanRecord record;\n size_t offset = 0;\n\n /* parse record */\n record.timestamp = _get_integer(buf, length, &offset);\n record.ip_proto = _get_byte(buf, length, &offset);\n record.port = _get_short(buf, length, &offset);\n record.reason = _get_byte(buf, length, &offset);\n record.ttl = _get_byte(buf, length, &offset);\n record.ip.version= _get_byte(buf, length, &offset);\n if (record.ip.version != 6) {\n fprintf(stderr, \"[-] corrupt record\\n\");\n return;\n }\n record.ip.ipv6.hi = _get_long(buf, length, &offset);\n record.ip.ipv6.lo = _get_long(buf, length, &offset);\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n /* Filter for known IP/ports, if specified on command-line */\n if (filter && filter->count_ipv4s) {\n if (!massip_has_ip(filter, record.ip))\n return;\n }\n if (filter && filter->count_ports) {\n if (!massip_has_port(filter, record.port))\n return;\n }\n\n /*\n * Now report the result\n */\n output_report_status(out,\n record.timestamp,\n status,\n record.ip,\n record.ip_proto,\n record.port,\n record.reason,\n record.ttl,\n record.mac);\n\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nparse_banner6(struct Output *out, unsigned char *buf, size_t length,\n const struct MassIP *filter,\n const struct RangeList *btypes)\n{\n struct MasscanRecord record;\n size_t offset = 0;\n\n /*\n * Parse the parts that are common to most records\n */\n record.timestamp = _get_integer(buf, length, &offset);\n record.ip_proto = _get_byte(buf, length, &offset);\n record.port = _get_short(buf, length, &offset);\n record.app_proto = _get_short(buf, length, &offset);\n record.ttl = _get_byte(buf, length, &offset);\n record.ip.version= _get_byte(buf, length, &offset);\n if (record.ip.version != 6) {\n fprintf(stderr, \"[-] corrupt record\\n\");\n return;\n }\n record.ip.ipv6.hi = _get_long(buf, length, &offset);\n record.ip.ipv6.lo = _get_long(buf, length, &offset);\n \n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n \n /*\n * Filter out records if requested\n */\n if (!readscan_filter_pass(record.ip, record.port, record.app_proto,\n filter, btypes))\n return;\n \n /*\n * Now print the output\n */\n if (offset > length)\n return;\n output_report_banner(\n out,\n record.timestamp,\n record.ip,\n record.ip_proto, /* TCP=6, UDP=17 */\n record.port,\n record.app_proto, /* HTTP, SSL, SNMP, etc. */\n record.ttl, /* ttl */\n buf+offset, (unsigned)(length-offset)\n );\n}\n\n\n/***************************************************************************\n * [OBSOLETE]\n * This parses an old version of the banner record. I've still got files\n * hanging around with this version, so I'm keeping it in the code for\n * now, but eventually I'll get rid of it.\n ***************************************************************************/\nstatic void\nparse_banner3(struct Output *out, unsigned char *buf, size_t buf_length)\n{\n struct MasscanRecord record;\n\n /*\n * Parse the parts that are common to most records\n */\n record.timestamp = buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3];\n record.ip.ipv4 = buf[4]<<24 | buf[5]<<16 | buf[6]<<8 | buf[7];\n record.ip.version = 4;\n record.port = buf[8]<<8 | buf[9];\n record.app_proto = buf[10]<<8 | buf[11];\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n /*\n * Now print the output\n */\n output_report_banner(\n out,\n record.timestamp,\n record.ip,\n 6, /* this is always TCP */\n record.port,\n record.app_proto,\n 0, /* ttl */\n buf+12, (unsigned)buf_length-12\n );\n}\n\n/***************************************************************************\n * Parse the BANNER record, extracting the timestamp, IP address, and port\n * number. We also convert the banner string into a safer form.\n ***************************************************************************/\nstatic void\nparse_banner4(struct Output *out, unsigned char *buf, size_t buf_length)\n{\n struct MasscanRecord record;\n\n if (buf_length < 13)\n return;\n\n /*\n * Parse the parts that are common to most records\n */\n record.timestamp = buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3];\n record.ip.ipv4 = buf[4]<<24 | buf[5]<<16 | buf[6]<<8 | buf[7];\n record.ip.version = 4;\n record.ip_proto = buf[8];\n record.port = buf[9]<<8 | buf[10];\n record.app_proto = buf[11]<<8 | buf[12];\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n /*\n * Now print the output\n */\n output_report_banner(\n out,\n record.timestamp,\n record.ip,\n record.ip_proto, /* TCP=6, UDP=17 */\n record.port,\n record.app_proto, /* HTTP, SSL, SNMP, etc. */\n 0, /* ttl */\n buf+13, (unsigned)buf_length-13\n );\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nparse_banner9(struct Output *out, unsigned char *buf, size_t buf_length,\n const struct MassIP *filter,\n const struct RangeList *btypes)\n{\n struct MasscanRecord record;\n unsigned char *data = buf+14;\n size_t data_length = buf_length-14;\n\n if (buf_length < 14)\n return;\n\n /*\n * Parse the parts that are common to most records\n */\n record.timestamp = buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3];\n record.ip.ipv4 = buf[4]<<24 | buf[5]<<16 | buf[6]<<8 | buf[7];\n record.ip.version = 4;\n record.ip_proto = buf[8];\n record.port = buf[9]<<8 | buf[10];\n record.app_proto = buf[11]<<8 | buf[12];\n record.ttl = buf[13];\n\n if (out->when_scan_started == 0)\n out->when_scan_started = record.timestamp;\n\n /*\n * KLUDGE: when doing SSL stuff, add a IP:name pair to a database\n * so we can annotate [VULN] strings with this information\n */\n //readscan_report(record.ip, record.app_proto, &data, &data_length);\n\n\n /*\n * Filter out records if requested\n */\n if (!readscan_filter_pass(record.ip, record.port, record.app_proto,\n filter, btypes))\n return;\n \n /*\n * Now print the output\n */\n output_report_banner(\n out,\n record.timestamp,\n record.ip,\n record.ip_proto, /* TCP=6, UDP=17 */\n record.port,\n record.app_proto, /* HTTP, SSL, SNMP, etc. */\n record.ttl, /* ttl */\n data, (unsigned)data_length\n );\n}\n\n/***************************************************************************\n * Read in the file, one record at a time.\n ***************************************************************************/\nstatic uint64_t\n_binaryfile_parse(struct Output *out, const char *filename,\n struct MassIP *filter,\n const struct RangeList *btypes)\n{\n FILE *fp = 0;\n unsigned char *buf = 0;\n size_t bytes_read;\n uint64_t total_records = 0;\n\n /* Allocate a buffer of up to one megabyte per record */\n buf = MALLOC(BUF_MAX);\n\n /* Open the file */\n fp = fopen(filename, \"rb\");\n if (fp == NULL) {\n fprintf(stderr, \"[-] FAIL: --readscan\\n\");\n fprintf(stderr, \"[-] %s: %s\\n\", filename, strerror(errno));\n goto end;\n }\n\n LOG(0, \"[+] --readscan %s\\n\", filename);\n \n if (feof(fp)) {\n LOG(0, \"[-] %s: file is empty\\n\", filename);\n goto end;\n }\n \n /* first record is pseudo-record */\n bytes_read = fread(buf, 1, 'a'+2, fp);\n if (bytes_read < 'a'+2) {\n LOG(0, \"[-] %s: %s\\n\", filename, strerror(errno));\n goto end;\n }\n\n /* Make sure it's got the format string */\n if (memcmp(buf, \"masscan/1.1\", 11) != 0) {\n LOG(0,\n \"[-] %s: unknown file format (expeced \\\"masscan/1.1\\\")\\n\",\n filename);\n goto end;\n }\n\n /*\n * Look for start time\n */\n if (buf[11] == '.' && strtoul((char*)buf+12,0,0) >= 2) {\n unsigned i;\n\n /* move to next field */\n for (i=0; i<'a' && buf[i] && buf[i] != '\\n'; i++)\n ;\n i++;\n\n if (buf[i] == 's')\n i++;\n if (buf[i] == ':')\n i++;\n\n /* extract timestamp */\n if (i < 'a')\n out->when_scan_started = strtoul((char*)buf+i,0,0);\n }\n\n /* Now read all records */\n for (;;) {\n unsigned type;\n unsigned length;\n\n\n /* [TYPE]\n * This is one or more bytes indicating the type of type of the\n * record\n */\n bytes_read = fread(buf, 1, 1, fp);\n if (bytes_read != 1)\n break;\n type = buf[0] & 0x7F;\n while (buf[0] & 0x80) {\n bytes_read = fread(buf, 1, 1, fp);\n if (bytes_read != 1)\n break;\n type = (type << 7) | (buf[0] & 0x7F);\n }\n\n /* [LENGTH]\n * Is one byte for lengths smaller than 127 bytes, or two\n * bytes for lengths up to 16384.\n */\n bytes_read = fread(buf, 1, 1, fp);\n if (bytes_read != 1)\n break;\n length = buf[0] & 0x7F;\n while (buf[0] & 0x80) {\n bytes_read = fread(buf, 1, 1, fp);\n if (bytes_read != 1)\n break;\n length = (length << 7) | (buf[0] & 0x7F);\n }\n if (length > BUF_MAX) {\n LOG(0, \"[-] file corrupt\\n\");\n goto end;\n }\n\n\n /* get the remainder of the record */\n bytes_read = fread(buf, 1, length, fp);\n if (bytes_read < length)\n break; /* eof */\n\n /* Depending on record type, do something different */\n switch (type) {\n case 1: /* STATUS: open */\n if (!btypes->count)\n parse_status(out, PortStatus_Open, buf, bytes_read);\n break;\n case 2: /* STATUS: closed */\n if (!btypes->count)\n parse_status(out, PortStatus_Closed, buf, bytes_read);\n break;\n case 3: /* BANNER */\n parse_banner3(out, buf, bytes_read);\n break;\n case 4:\n if (fread(buf+bytes_read,1,1,fp) != 1) {\n LOG(0, \"[-] read() error\\n\");\n exit(1);\n }\n bytes_read++;\n parse_banner4(out, buf, bytes_read);\n break;\n case 5:\n parse_banner4(out, buf, bytes_read);\n break;\n case 6: /* STATUS: open */\n if (!btypes->count)\n parse_status2(out, PortStatus_Open, buf, bytes_read, filter);\n break;\n case 7: /* STATUS: closed */\n if (!btypes->count)\n parse_status2(out, PortStatus_Closed, buf, bytes_read, filter);\n break;\n case 9:\n parse_banner9(out, buf, bytes_read, filter, btypes);\n break;\n case 10: /* Open6 */\n if (!btypes->count)\n parse_status6(out, PortStatus_Open, buf, bytes_read, filter);\n break;\n case 11: /* Closed6 */\n if (!btypes->count)\n parse_status6(out, PortStatus_Closed, buf, bytes_read, filter);\n break;\n case 13: /* Banner6 */\n parse_banner6(out, buf, bytes_read, filter, btypes);\n break;\n case 'm': /* FILEHEADER */\n //goto end;\n break;\n default:\n LOG(0, \"[-] file corrupt: unknown type %u\\n\", type);\n goto end;\n }\n total_records++;\n if ((total_records & 0xFFFF) == 0)\n LOG(0, \"[+] %s: %8\" PRIu64 \"\\r\", filename, total_records);\n }\n\nend:\n if (buf)\n free(buf);\n if (fp)\n fclose(fp);\n return total_records;\n}\n\n\n/*****************************************************************************\n * When masscan is called with the \"--readscan\" parameter, it doesn't\n * do a scan of the live network, but instead reads scan results from\n * a file. Those scan results can then be written out in any of the\n * other formats. This preserves the original timestamps.\n *****************************************************************************/\nvoid\nreadscan_binary_scanfile(struct Masscan *masscan,\n int arg_first, int arg_max, char *argv[])\n{\n struct Output *out;\n int i;\n\n /*\n * Create the output system, such as XML or JSON output\n */\n out = output_create(masscan, 0);\n \n /*\n * Set the start time to zero. We'll read it from the first file\n * that we parse\n */\n out->when_scan_started = 0;\n\n /*\n * We don't parse the entire argument list, just a subrange\n * containing the list of files. The 'arg_first' parameter\n * points to the first filename after the '--readscan'\n * parameter, and 'arg_max' is the parameter after\n * the last filename. For example, consider an argument list that\n * looks like:\n * masscan --foo --readscan file1.scan file2.scan --bar\n * Then arg_first=3 and arg_max=5.\n */\n for (i=arg_first; itargets, &masscan->banner_types);\n }\n\n /* Done! */\n output_destroy(out);\n}\n\n\n"
},
{
"path": "src/in-binary.h",
"content": "#ifndef IN_BINARY_H\n#define IN_BINARY_H\nstruct Masscan;\n\n/**\n * Read that output of previous scans that were saved in the binary format\n * (i.e. using the -oB parameter or the '--output-format binary' parameter).\n * The intent is that the user can then re-output in another format like\n * JSON or XML.\n */\nvoid\nreadscan_binary_scanfile(struct Masscan *masscan, \n int arg_first, int arg_max, char *argv[]);\n\n#endif\n\n"
},
{
"path": "src/in-filter.c",
"content": "#include \"in-filter.h\"\n#include \"massip.h\"\n\n\nint\nreadscan_filter_pass(ipaddress ip, unsigned port, unsigned type,\n const struct MassIP *filter,\n const struct RangeList *btypes)\n{\n if (filter && filter->count_ipv4s) {\n if (!massip_has_ip(filter, ip))\n return 0;\n }\n if (filter && filter->count_ports) {\n if (!massip_has_port(filter, port))\n return 0;\n }\n if (btypes && btypes->count) {\n if (!rangelist_is_contains(btypes, type))\n return 0;\n }\n\n return 1;\n}\n"
},
{
"path": "src/in-filter.h",
"content": "/*\n This is for filtering input in the \"--readscan\" feature\n*/\n#ifndef IN_FILTER_H\n#define IN_FILTER_H\n#include \"massip-addr.h\"\nstruct RangeList;\nstruct Range6List;\nstruct MassIP;\n\n/**\n * Filters readscan record by IP address, port number,\n * or banner-type.\n */\nint\nreadscan_filter_pass(ipaddress ip, unsigned port, unsigned type,\n const struct MassIP *massip,\n const struct RangeList *btypes);\n\n\n\n#endif\n"
},
{
"path": "src/in-report.c",
"content": "#include \"in-report.h\"\n#include \"masscan-app.h\"\n#include \"crypto-base64.h\"\n#include \"proto-x509.h\"\n#include \"proto-banout.h\"\n#include \"smack.h\"\n#include \"util-malloc.h\"\n\n#include \n#include \n#include \n\nstruct CNDB_Entry {\n unsigned ip;\n char *name;\n struct CNDB_Entry *next;\n};\n\nstruct CNDB_Database {\n struct CNDB_Entry *entries[65536];\n};\n\n/***************************************************************************\n ***************************************************************************/\nstatic struct CNDB_Database *db = NULL;\n\n/***************************************************************************\n ***************************************************************************/\nstatic const char *\ncndb_lookup(unsigned ip)\n{\n const struct CNDB_Entry *entry;\n \n if (db == NULL)\n return 0;\n\n entry = db->entries[ip&0xFFFF];\n while (entry && entry->ip != ip)\n entry = entry->next;\n if (entry)\n return entry->name;\n else {\n return 0;\n }\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\ncndb_add(unsigned ip, const unsigned char *name, size_t name_length)\n{\n struct CNDB_Entry *entry;\n\n if (name_length == 0)\n return;\n \n if (db == NULL) {\n db = CALLOC(1, sizeof(*db));\n }\n \n entry = MALLOC(sizeof(*entry));\n entry->ip =ip;\n entry->name = MALLOC(name_length+1);\n memcpy(entry->name, name, name_length+1);\n entry->name[name_length] = '\\0';\n entry->next = db->entries[ip&0xFFFF];\n db->entries[ip&0xFFFF] = entry;\n\n}\n\n/***************************************************************************\n ***************************************************************************/\n#if 0\nstatic void\ncndb_add_cn(unsigned ip, const unsigned char *data, size_t length)\n{\n size_t offset = 0;\n size_t name_offset;\n size_t name_length;\n \n if (length < 7)\n return;\n \n /*cipher:0x39 , safe-we1.dyndns.org*/\n if (memcmp(data+offset, \"cipher:\", 7) != 0)\n return;\n offset += 7;\n \n /* skip to name */\n while (offset < length && data[offset] != ',')\n offset++;\n if (offset >= length)\n return;\n else\n offset++; /* skip ',' */\n while (offset < length && data[offset] == ' ')\n offset++;\n if (offset >= length)\n return;\n \n /* we should have a good name */\n name_offset = offset;\n while (offset < length && data[offset] != ',')\n offset++;\n name_length = offset - name_offset;\n \n /* now insert into database */\n cndb_add(ip, data+name_offset, name_length);\n}\n#endif\n\n/***************************************************************************\n ***************************************************************************/\n#if 0\nstatic unsigned\nfound(const char *str, size_t str_len, const unsigned char *p, size_t length)\n{\n size_t i;\n \n if (str_len > length)\n return 0;\n\n for (i=0; i\n\nvoid\nreadscan_report( unsigned ip,\n unsigned app_proto,\n unsigned char **data,\n size_t *data_length);\n\nvoid\nreadscan_report_init(void);\n\nvoid\nreadscan_report_print(void);\n\n\n\n\n#endif\n"
},
{
"path": "src/main-conf.c",
"content": "/*\n Read in the configuration for MASSCAN.\n\n Configuration parameters can be read either from the command-line\n or a configuration file. Long parameters of the --xxxx variety have\n the same name in both.\n\n Most of the code in this module is for 'nmap' options we don't support.\n That's because we support some 'nmap' options, and I wanted to give\n more feedback for some of them why they don't work as expected, such\n as reminding people that this is an asynchronous scanner.\n\n*/\n#include \"masscan.h\"\n#include \"massip-addr.h\"\n#include \"masscan-version.h\"\n#include \"util-safefunc.h\"\n#include \"util-logger.h\"\n#include \"proto-banner1.h\"\n#include \"templ-payloads.h\"\n#include \"crypto-base64.h\"\n#include \"vulncheck.h\"\n#include \"masscan-app.h\"\n#include \"unusedparm.h\"\n#include \"read-service-probes.h\"\n#include \"util-malloc.h\"\n#include \"massip.h\"\n#include \"massip-parse.h\"\n#include \"massip-port.h\"\n#include \"templ-opts.h\"\n#include \n#include \n\n#ifdef WIN32\n#include \n#define getcwd _getcwd\n#else\n#include \n#endif\n\n#ifndef min\n#define min(a,b) ((a)<(b)?(a):(b))\n#endif\n\n#if defined(_MSC_VER)\n#define strdup _strdup\n#endif\n\n\n\n/***************************************************************************\n ***************************************************************************/\n/*static struct Range top_ports_tcp[] = {\n {80, 80},{23, 23}, {443,443},{21,22},{25,25},{3389,3389},{110,110},\n {445,445},\n};\nstatic struct Range top_ports_udp[] = {\n {161, 161}, {631, 631}, {137,138},{123,123},{1434},{445,445},{135,135},\n {67,67},\n};\nstatic struct Range top_ports_sctp[] = {\n {7, 7},{9, 9},{20,22},{80,80},{179,179},{443,443},{1167,1167},\n};*/\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nmasscan_usage(void)\n{\n printf(\"usage: masscan [options] [... -pPORT[,PORT...]]\\n\");\n printf(\"\\n\");\n printf(\"examples:\\n\");\n printf(\" masscan -p80,8000-8100 10.0.0.0/8 --rate=10000\\n\");\n printf(\" scan some web ports on 10.x.x.x at 10kpps\\n\");\n printf(\"\\n\");\n printf(\" masscan --nmap\\n\");\n printf(\" list those options that are compatible with nmap\\n\");\n printf(\"\\n\");\n printf(\" masscan -p80 10.0.0.0/8 --banners -oB \\n\");\n printf(\" save results of scan in binary format to \\n\");\n printf(\"\\n\");\n printf(\" masscan --open --banners --readscan -oX \\n\");\n printf(\" read binary scan results in and save them as xml in \\n\");\n exit(1);\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nprint_version()\n{\n const char *cpu = \"unknown\";\n const char *compiler = \"unknown\";\n const char *compiler_version = \"unknown\";\n const char *os = \"unknown\";\n printf(\"\\n\");\n printf(\"Masscan version %s ( %s )\\n\", \n MASSCAN_VERSION,\n \"https://github.com/robertdavidgraham/masscan\"\n );\n printf(\"Compiled on: %s %s\\n\", __DATE__, __TIME__);\n\n#if defined(__x86_64) || defined(__x86_64__)\n cpu = \"x86\";\n#endif\n\n#if defined(_MSC_VER)\n #if defined(_M_AMD64) || defined(_M_X64)\n cpu = \"x86\";\n #elif defined(_M_IX86)\n cpu = \"x86\";\n #elif defined (_M_ARM_FP)\n cpu = \"arm\";\n #endif\n\n {\n int msc_ver = _MSC_VER;\n\n compiler = \"VisualStudio\";\n\n if (msc_ver < 1500)\n compiler_version = \"pre2008\";\n else if (msc_ver == 1500)\n compiler_version = \"2008\";\n else if (msc_ver == 1600)\n compiler_version = \"2010\";\n else if (msc_ver == 1700)\n compiler_version = \"2012\";\n else if (msc_ver == 1800)\n compiler_version = \"2013\";\n else\n compiler_version = \"post-2013\";\n }\n\n \n#elif defined(__GNUC__)\n# if defined(__clang__)\n compiler = \"clang\";\n# else\n compiler = \"gcc\";\n# endif\n compiler_version = __VERSION__;\n\n#if defined(i386) || defined(__i386) || defined(__i386__)\n cpu = \"x86\";\n#endif\n\n#if defined(__corei7) || defined(__corei7__)\n cpu = \"x86-Corei7\";\n#endif\n\n#endif\n\n#if defined(WIN32)\n os = \"Windows\";\n#elif defined(__linux__)\n os = \"Linux\";\n#elif defined(__APPLE__)\n os = \"Apple\";\n#elif defined(__MACH__)\n os = \"MACH\";\n#elif defined(__FreeBSD__)\n os = \"FreeBSD\";\n#elif defined(__NetBSD__)\n os = \"NetBSD\";\n#elif defined(unix) || defined(__unix) || defined(__unix__)\n os = \"Unix\";\n#endif\n\n printf(\"Compiler: %s %s\\n\", compiler, compiler_version);\n printf(\"OS: %s\\n\", os);\n printf(\"CPU: %s (%u bits)\\n\", cpu, (unsigned)(sizeof(void*))*8);\n\n#if defined(GIT)\n printf(\"GIT version: %s\\n\", GIT);\n#endif\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nprint_nmap_help(void)\n{\n printf(\"Masscan (https://github.com/robertdavidgraham/masscan)\\n\"\n\"Usage: masscan [Options] -p{Target-Ports} {Target-IP-Ranges}\\n\"\n\"TARGET SPECIFICATION:\\n\"\n\" Can pass only IPv4/IPv6 address, CIDR networks, or ranges (non-nmap style)\\n\"\n\" Ex: 10.0.0.0/8, 192.168.0.1, 10.0.0.1-10.0.0.254\\n\"\n\" -iL : Input from list of hosts/networks\\n\"\n\" --exclude : Exclude hosts/networks\\n\"\n\" --excludefile : Exclude list from file\\n\"\n\" --randomize-hosts: Randomize order of hosts (default)\\n\"\n\"HOST DISCOVERY:\\n\"\n\" -Pn: Treat all hosts as online (default)\\n\"\n\" -n: Never do DNS resolution (default)\\n\"\n\"SCAN TECHNIQUES:\\n\"\n\" -sS: TCP SYN (always on, default)\\n\"\n\"SERVICE/VERSION DETECTION:\\n\"\n\" --banners: get the banners of the listening service if available. The\\n\"\n\" default timeout for waiting to receive data is 30 seconds.\\n\"\n\"PORT SPECIFICATION AND SCAN ORDER:\\n\"\n\" -p : Only scan specified ports\\n\"\n\" Ex: -p22; -p1-65535; -p 111,137,80,139,8080\\n\"\n\"TIMING AND PERFORMANCE:\\n\"\n\" --max-rate : Send packets no faster than per second\\n\"\n\" --connection-timeout : time in seconds a TCP connection will\\n\"\n\" timeout while waiting for banner data from a port.\\n\"\n\"FIREWALL/IDS EVASION AND SPOOFING:\\n\"\n\" -S/--source-ip : Spoof source address\\n\"\n\" -e : Use specified interface\\n\"\n\" -g/--source-port : Use given port number\\n\"\n\" --ttl : Set IP time-to-live field\\n\"\n\" --spoof-mac : Spoof your MAC address\\n\"\n\"OUTPUT:\\n\"\n\" --output-format : Sets output to binary/list/unicornscan/json/ndjson/grepable/xml\\n\"\n\" --output-file : Write scan results to file. If --output-format is\\n\"\n\" not given default is xml\\n\"\n\" -oL/-oJ/-oD/-oG/-oB/-oX/-oU : Output scan in List/JSON/nDjson/Grepable/Binary/XML/Unicornscan format,\\n\"\n\" respectively, to the given filename. Shortcut for\\n\"\n\" --output-format --output-file \\n\"\n\" -v: Increase verbosity level (use -vv or more for greater effect)\\n\"\n\" -d: Increase debugging level (use -dd or more for greater effect)\\n\"\n\" --open: Only show open (or possibly open) ports\\n\"\n\" --packet-trace: Show all packets sent and received\\n\"\n\" --iflist: Print host interfaces and routes (for debugging)\\n\"\n\" --append-output: Append to rather than clobber specified output files\\n\"\n\" --resume : Resume an aborted scan\\n\"\n\"MISC:\\n\"\n\" --send-eth: Send using raw ethernet frames (default)\\n\"\n\" -V: Print version number\\n\"\n\" -h: Print this help summary page.\\n\"\n\"EXAMPLES:\\n\"\n\" masscan -v -sS 192.168.0.0/16 10.0.0.0/8 -p 80\\n\"\n\" masscan 23.0.0.0/0 -p80 --banners -output-format binary --output-filename internet.scan\\n\"\n\" masscan --open --banners --readscan internet.scan -oG internet_scan.grepable\\n\"\n\"SEE (https://github.com/robertdavidgraham/masscan) FOR MORE HELP\\n\"\n\"\\n\");\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic unsigned\ncount_cidr6_bits(struct Range6 *range, bool *exact)\n{\n uint64_t i;\n\n /* for the comments of this function, see count_cidr_bits */\n *exact = false;\n \n for (i=0; i<128; i++) {\n uint64_t mask_hi;\n uint64_t mask_lo;\n if (i < 64) {\n mask_hi = 0xFFFFFFFFffffffffull >> i;\n mask_lo = 0xFFFFFFFFffffffffull;\n } else {\n mask_hi = 0;\n mask_lo = 0xFFFFFFFFffffffffull >> (i - 64);\n }\n if ((range->begin.hi & mask_hi) != 0 || (range->begin.lo & mask_lo) != 0) {\n continue;\n }\n if ((range->begin.hi & ~mask_hi) == (range->end.hi & ~mask_hi) &&\n (range->begin.lo & ~mask_lo) == (range->end.lo & ~mask_lo)) {\n if (((range->end.hi & mask_hi) == mask_hi) && ((range->end.lo & mask_lo) == mask_lo)) {\n *exact = true;\n return (unsigned) i;\n }\n } else {\n *exact = false;\n range->begin.hi = range->begin.hi + mask_hi;\n if (range->begin.lo >= 0xffffffffffffffff - 1 - mask_lo) {\n range->begin.hi += 1;\n }\n range->begin.lo = range->begin.lo + mask_lo + 1;\n return (unsigned) i;\n }\n }\n range->begin.lo = range->begin.lo + 1;\n if (range->begin.lo == 0) {\n range->begin.hi = range->begin.hi + 1;\n }\n return 128;\n}\n\n\n\n/***************************************************************************\n * Echoes the configuration for one NIC\n ***************************************************************************/\nstatic void\nmasscan_echo_nic(struct Masscan *masscan, FILE *fp, unsigned i)\n{\n char idx_str[64];\n\n /* If we have only one adapter, then don't print the array indexes.\n * Otherwise, we need to print the array indexes to distinguish\n * the NICs from each other */\n if (masscan->nic_count <= 1)\n idx_str[0] = '\\0';\n else\n snprintf(idx_str, sizeof(idx_str), \"[%u]\", i);\n\n if (masscan->nic[i].ifname[0])\n fprintf(fp, \"adapter%s = %s\\n\", idx_str, masscan->nic[i].ifname);\n \n if (masscan->nic[i].src.ipv4.first != 0 || masscan->nic[i].src.ipv4.last != 0) {\n\n /**\n * FIX 495.1 for issue #495: Single adapter-ip is not saved at all\n *\n * The else case handles a simple invocation of one adapter-ip:\n *\n * 1. masscan ... --adapter-ip 1.2.3.1 ... [BROKEN]\n *\n * This looks like it was just copy pasta/typo. If the first ip is the same\n * as the last ip, it is a single adapter-ip\n *\n * This never worked as it was before so paused.conf would never save the\n * adapter-ip as it fell through this if/else if into nowhere. It probably\n * went undetected because in simple environments and/or in simple scans,\n * masscan is able to intelligently determine the adapter-ip and only\n * advanced usage requires overriding the chosen value. In addition to\n * that, it is probably relatively uncommon to interrupt a scan as not many\n * users are doing multi-hour / multi-day scans, having them paused and\n * then resuming them (apparently)\n */\n if (masscan->nic[i].src.ipv4.first == masscan->nic[i].src.ipv4.last) {\n ipaddress_formatted_t fmt = ipv4address_fmt(masscan->nic[i].src.ipv4.first);\n fprintf(fp, \"adapter-ip%s = %s\\n\", idx_str, fmt.string);\n }\n\n /**\n * FIX 495.2 for issue #495: Ranges of size two don't print. When 495.1 is\n * added, ranges of size two print as only the first value in the range\n * Before 495.1, they didn't print at all, so this is not a bug that is\n * introduced by 495.1, just noticed while applying that fix\n *\n * The first if case here is for handling when adapter-ip is a range\n *\n * Examples of the multiple/range case:\n *\n * 1. masscan ... --adapter-ip 1.2.3.1-1.2.3.2 ... [BROKEN]\n * 2. masscan ... --adapter-ip 1.2.3.1-1.2.3.4 ... [OK]\n *\n * If the range spans exactly two adapter-ips, it will not hit the range\n * printing logic case here because of an off-by-one\n *\n * Changing it from < to <= fixes that issue and both of the above cases\n * now print the correct range as expected\n */\n else if (masscan->nic[i].src.ipv4.first < masscan->nic[i].src.ipv4.last) {\n ipaddress_formatted_t fmt1 = ipv4address_fmt(masscan->nic[i].src.ipv4.first);\n ipaddress_formatted_t fmt2 = ipv4address_fmt(masscan->nic[i].src.ipv4.last);\n fprintf(fp, \"adapter-ip%s = %s-%s\\n\", idx_str, fmt1.string, fmt2.string);\n }\n }\n\n if (masscan->nic[i].src.ipv6.range) {\n if (ipv6address_is_lessthan(masscan->nic[i].src.ipv6.first, masscan->nic[i].src.ipv6.last)) {\n ipaddress_formatted_t fmt1 = ipv6address_fmt(masscan->nic[i].src.ipv6.first);\n ipaddress_formatted_t fmt2 = ipv6address_fmt(masscan->nic[i].src.ipv6.last);\n fprintf(fp, \"adapter-ip%s = %s-%s\\n\", idx_str, fmt1.string, fmt2.string);\n } else {\n ipaddress_formatted_t fmt = ipv6address_fmt(masscan->nic[i].src.ipv6.first);\n fprintf(fp, \"adapter-ip%s = %s\\n\", idx_str, fmt.string);\n }\n }\n\n if (masscan->nic[i].my_mac_count) {\n ipaddress_formatted_t fmt = macaddress_fmt(masscan->nic[i].source_mac);\n fprintf(fp, \"adapter-mac%s = %s\\n\", idx_str, fmt.string);\n }\n if (masscan->nic[i].router_ip) {\n ipaddress_formatted_t fmt = ipv4address_fmt(masscan->nic[i].router_ip);\n fprintf(fp, \"router-ip%s = %s\\n\", idx_str, fmt.string);\n }\n if (!macaddress_is_zero(masscan->nic[i].router_mac_ipv4)) {\n ipaddress_formatted_t fmt = macaddress_fmt(masscan->nic[i].router_mac_ipv4);\n fprintf(fp, \"router-mac-ipv4%s = %s\\n\", idx_str, fmt.string);\n }\n if (!macaddress_is_zero(masscan->nic[i].router_mac_ipv6)) {\n ipaddress_formatted_t fmt = macaddress_fmt(masscan->nic[i].router_mac_ipv6);\n fprintf(fp, \"router-mac-ipv6%s = %s\\n\", idx_str, fmt.string);\n }\n\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nmasscan_save_state(struct Masscan *masscan)\n{\n char filename[512];\n FILE *fp;\n\n safe_strcpy(filename, sizeof(filename), \"paused.conf\");\n fprintf(stderr, \" \"\n \" \\r\");\n fprintf(stderr, \"saving resume file to: %s\\n\", filename);\n\n fp = fopen(filename, \"wt\");\n if (fp == NULL) {\n fprintf(stderr, \"[-] FAIL: saving resume file\\n\");\n fprintf(stderr, \"[-] %s: %s\\n\", filename, strerror(errno));\n return;\n }\n\n \n masscan_echo(masscan, fp, 0);\n\n fclose(fp);\n}\n\n\n#if 0\n/*****************************************************************************\n * Read in ranges from a file\n *\n * There can be multiple ranges on a line, delimited by spaces. In fact,\n * millions of ranges can be on a line: there is limit to the line length.\n * That makes reading the file a little bit squirrelly. From one perspective\n * this parser doesn't treat the new-line '\\n' any different than other\n * space. But, from another perspective, it has to, because things like\n * comments are terminated by a newline. Also, it has to count the number\n * of lines correctly to print error messages.\n *****************************************************************************/\nstatic void\nranges_from_file(struct RangeList *ranges, const char *filename)\n{\n FILE *fp;\n unsigned line_number = 0;\n\n fp = fopen(filename, \"rt\");\n if (fp) {\n perror(filename);\n exit(1); /* HARD EXIT: because if it's an exclusion file, we don't\n * want to continue. We don't want ANY chance of\n * accidentally scanning somebody */\n }\n\n while (!feof(fp)) {\n int c = '\\n';\n\n /* remove leading whitespace */\n while (!feof(fp)) {\n c = getc(fp);\n line_number += (c == '\\n');\n if (!isspace(c&0xFF))\n break;\n }\n\n /* If this is a punctuation, like '#', then it's a comment */\n if (ispunct(c&0xFF)) {\n while (!feof(fp)) {\n c = getc(fp);\n line_number += (c == '\\n');\n if (c == '\\n') {\n break;\n }\n }\n /* Loop back to the begining state at the start of a line */\n continue;\n }\n\n if (c == '\\n') {\n continue;\n }\n\n /*\n * Read in a single entry\n */\n if (!feof(fp)) {\n char address[64];\n size_t i;\n struct Range range;\n unsigned offset = 0;\n\n\n /* Grab all bytes until the next space or comma */\n address[0] = (char)c;\n i = 1;\n while (!feof(fp)) {\n c = getc(fp);\n if (c == EOF)\n break;\n line_number += (c == '\\n');\n if (isspace(c&0xFF) || c == ',') {\n break;\n }\n if (i+1 >= sizeof(address)) {\n LOG(0, \"%s:%u:%u: bad address spec: \\\"%.*s\\\"\\n\",\n filename, line_number, offset, (int)i, address);\n exit(1);\n } else\n address[i] = (char)c;\n i++;\n }\n address[i] = '\\0';\n\n /* parse the address range */\n range = range_parse_ipv4(address, &offset, (unsigned)i);\n if (range.begin == 0xFFFFFFFF && range.end == 0) {\n LOG(0, \"%s:%u:%u: bad range spec: \\\"%.*s\\\"\\n\",\n filename, line_number, offset, (int)i, address);\n exit(1);\n } else {\n rangelist_add_range(ranges, range.begin, range.end);\n }\n }\n }\n\n fclose(fp);\n\n /* Target list must be sorted every time it's been changed, \n * before it can be used */\n rangelist_sort(ranges);\n}\n#endif\n\n/***************************************************************************\n ***************************************************************************/\nstatic unsigned\nhexval(char c)\n{\n if ('0' <= c && c <= '9')\n return (unsigned)(c - '0');\n if ('a' <= c && c <= 'f')\n return (unsigned)(c - 'a' + 10);\n if ('A' <= c && c <= 'F')\n return (unsigned)(c - 'A' + 10);\n return 0xFF;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic int\nparse_mac_address(const char *text, macaddress_t *mac)\n{\n unsigned i;\n\n for (i=0; i<6; i++) {\n unsigned x;\n char c;\n\n while (isspace(*text & 0xFF) && ispunct(*text & 0xFF))\n text++;\n\n c = *text;\n if (!isxdigit(c&0xFF))\n return -1;\n x = hexval(c)<<4;\n text++;\n\n c = *text;\n if (!isxdigit(c&0xFF))\n return -1;\n x |= hexval(c);\n text++;\n\n mac->addr[i] = (unsigned char)x;\n\n if (ispunct(*text & 0xFF))\n text++;\n }\n\n return 0;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic uint64_t\nparseInt(const char *str)\n{\n uint64_t result = 0;\n\n while (*str && isdigit(*str & 0xFF)) {\n result = result * 10 + (*str - '0');\n str++;\n }\n return result;\n}\n\n/**\n * a stricter function for determining if something is boolean.\n */\nstatic bool\nisBoolean(const char *str) {\n size_t length = str?strlen(str):0;\n\n if (length == 0)\n return false;\n\n /* \"0\" or \"1\" is boolean */\n if (isdigit(str[0])) {\n if (strtoul(str,0,0) == 0)\n return true;\n else if (strtoul(str,0,0) == 1)\n return true;\n else\n return false;\n }\n\n switch (str[0]) {\n case 'e':\n case 'E':\n if (memcasecmp(\"enable\", str, length)==0)\n return true;\n if (memcasecmp(\"enabled\", str, length)==0)\n return true;\n return false;\n case 'd':\n case 'D':\n if (memcasecmp(\"disable\", str, length)==0)\n return true;\n if (memcasecmp(\"disabled\", str, length)==0)\n return true;\n return false;\n\n case 't':\n case 'T':\n if (memcasecmp(\"true\", str, length)==0)\n return true;\n return false;\n case 'f':\n case 'F':\n if (memcasecmp(\"false\", str, length)==0)\n return true;\n return false;\n\n case 'o':\n case 'O':\n if (memcasecmp(\"on\", str, length)==0)\n return true;\n if (memcasecmp(\"off\", str, length)==0)\n return true;\n return false;\n case 'Y':\n case 'y':\n if (memcasecmp(\"yes\", str, length)==0)\n return true;\n return false;\n case 'n':\n case 'N':\n if (memcasecmp(\"no\", str, length)==0)\n return true;\n return false;\n default:\n return false;\n }\n}\n\nstatic unsigned\nparseBoolean(const char *str)\n{\n if (str == NULL || str[0] == 0)\n return 1;\n if (isdigit(str[0])) {\n if (strtoul(str,0,0) == 0)\n return 0;\n else\n return 1;\n }\n switch (str[0]) {\n case 'e': /* enable */\n case 'E':\n return 1;\n case 'd': /* disable */\n case 'D':\n return 0;\n\n case 't': /* true */\n case 'T':\n return 1;\n case 'f': /* false */\n case 'F':\n return 0;\n\n case 'o': /* on or off */\n case 'O':\n if (str[1] == 'f' || str[1] == 'F')\n return 0;\n else\n return 1;\n break;\n\n case 'Y': /* yes */\n case 'y':\n return 1;\n case 'n': /* no */\n case 'N':\n return 0;\n }\n return 1;\n}\n\n/***************************************************************************\n * Parses the number of seconds (for rotating files mostly). We do a little\n * more than just parse an integer. We support strings like:\n *\n * hourly\n * daily\n * Week\n * 5days\n * 10-months\n * 3600\n ***************************************************************************/\nstatic uint64_t\nparseTime(const char *value)\n{\n uint64_t num = 0;\n unsigned is_negative = 0;\n\n while (*value == '-') {\n is_negative = 1;\n value++;\n }\n\n while (isdigit(value[0]&0xFF)) {\n num = num*10 + (value[0] - '0');\n value++;\n }\n while (ispunct(value[0]) || isspace(value[0]))\n value++;\n\n if (isalpha(value[0]) && num == 0)\n num = 1;\n\n if (value[0] == '\\0')\n return num;\n\n switch (tolower(value[0])) {\n case 's':\n num *= 1;\n break;\n case 'm':\n num *= 60;\n break;\n case 'h':\n num *= 60*60;\n break;\n case 'd':\n num *= 24*60*60;\n break;\n case 'w':\n num *= 24*60*60*7;\n break;\n default:\n fprintf(stderr, \"--rotate-offset: unknown character\\n\");\n exit(1);\n }\n if (num >= 24*60*60) {\n fprintf(stderr, \"--rotate-offset: value is greater than 1 day\\n\");\n exit(1);\n }\n if (is_negative)\n num = 24*60*60 - num;\n\n return num;\n}\n\n/***************************************************************************\n * Parses a size integer, which can be suffixed with \"tera\", \"giga\", \n * \"mega\", and \"kilo\". These numbers are in units of 1024 so suck it.\n ***************************************************************************/\nstatic uint64_t\nparseSize(const char *value)\n{\n uint64_t num = 0;\n\n while (isdigit(value[0]&0xFF)) {\n num = num*10 + (value[0] - '0');\n value++;\n }\n while (ispunct(value[0]) || isspace(value[0]))\n value++;\n\n if (isalpha(value[0]) && num == 0)\n num = 1;\n\n if (value[0] == '\\0')\n return num;\n\n switch (tolower(value[0])) {\n case 'k': /* kilobyte */\n num *= 1024ULL;\n break;\n case 'm': /* megabyte */\n num *= 1024ULL * 1024ULL;\n break;\n case 'g': /* gigabyte */\n num *= 1024ULL * 1024ULL * 1024ULL;\n break;\n case 't': /* terabyte, 'cause we roll that way */\n num *= 1024ULL * 1024ULL * 1024ULL * 1024ULL;\n break;\n case 'p': /* petabyte, 'cause we are awesome */\n num *= 1024ULL * 1024ULL * 1024ULL * 1024ULL * 1024ULL;\n break;\n case 'e': /* exabyte, now that's just silly */\n num *= 1024ULL * 1024ULL * 1024ULL * 1024ULL * 1024ULL * 1024ULL;\n break;\n default:\n fprintf(stderr, \"--rotate-size: unknown character\\n\");\n exit(1);\n }\n return num;\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic int\nis_power_of_two(uint64_t x)\n{\n while ((x&1) == 0)\n x >>= 1;\n return x == 1;\n}\n\n\n/***************************************************************************\n * Tests if the named parameter on the command-line. We do a little\n * more than a straight string compare, because I get confused\n * whether parameter have punctuation. Is it \"--excludefile\" or\n * \"--exclude-file\"? I don't know if it's got that dash. Screw it,\n * I'll just make the code so it don't care.\n ***************************************************************************/\nstatic int\nEQUALS(const char *lhs, const char *rhs)\n{\n for (;;) {\n while (*lhs == '-' || *lhs == '.' || *lhs == '_')\n lhs++;\n while (*rhs == '-' || *rhs == '.' || *rhs == '_')\n rhs++;\n if (*lhs == '\\0' && *rhs == '[')\n return 1; /*arrays*/\n if (tolower(*lhs & 0xFF) != tolower(*rhs & 0xFF))\n return 0;\n if (*lhs == '\\0')\n return 1;\n lhs++;\n rhs++;\n }\n}\n\nstatic int\nEQUALSx(const char *lhs, const char *rhs, size_t rhs_length)\n{\n for (;;) {\n while (*lhs == '-' || *lhs == '.' || *lhs == '_')\n lhs++;\n while (*rhs == '-' || *rhs == '.' || *rhs == '_')\n rhs++;\n if (*lhs == '\\0' && *rhs == '[')\n return 1; /*arrays*/\n if (tolower(*lhs & 0xFF) != tolower(*rhs & 0xFF))\n return 0;\n if (*lhs == '\\0')\n return 1;\n lhs++;\n rhs++;\n if (--rhs_length == 0)\n return 1;\n }\n}\n\nstatic unsigned\nINDEX_OF(const char *str, char c)\n{\n unsigned i;\n for (i=0; str[i] && str[i] != c; i++)\n ;\n return i;\n}\n\nstatic unsigned\nARRAY(const char *rhs)\n{\n const char *p = strchr(rhs, '[');\n if (p == NULL)\n return 0;\n else\n p++;\n return (unsigned)parseInt(p);\n}\n\n/**\n * Called if user specified `--top-ports` on the command-line.\n */\nstatic void\nconfig_top_ports(struct Masscan *masscan, unsigned maxports)\n{\n unsigned i;\n static const unsigned short top_udp_ports[] = {\n 161, /* SNMP - should be found on all network equipment */\n 135, /* MS-RPC - should be found on all modern Windows */\n 500, /* ISAKMP - for establishing IPsec tunnels */\n 137, /* NetBIOS-NameService - should be found on old Windows */\n 138, /* NetBIOS-Datagram - should be found on old Windows */\n 445, /* SMB datagram service */\n 67, /* DHCP */\n 53, /* DNS */\n 1900, /* UPnP - Microsoft-focused local discovery */\n 5353, /* mDNS - Apple-focused local discovery */\n 4500, /* nat-t-ike - IPsec NAT traversal */\n 514, /* syslog - all Unix machiens */\n 69, /* TFTP */\n 49152, /* first of modern ephemeral ports */\n 631, /* IPP - printing protocol for Linux */\n 123, /* NTP network time protocol */\n 1434, /* MS-SQL server*/\n 520, /* RIP - routers use this protocol sometimes */\n 7, /* Echo */\n 111, /* SunRPC portmapper */\n 2049, /* SunRPC NFS */\n 5683, /* COAP */\n 11211, /* memcached */\n 1701, /* L2TP */\n 27960, /* quaked amplifier */\n 1645, /* RADIUS */\n 1812, /* RADIUS */\n 1646, /* RADIUS */\n 1813, /* RADIUS */\n 3343, /* Microsoft Cluster Services */\n 2535, /* MADCAP rfc2730 TODO FIXME */\n \n };\n\n static const unsigned short top_tcp_ports[] = {\n 80, 443, 8080, /* also web */\n 21, 990, /* FTP, oldie but goodie */\n 22, /* SSH, so much infrastructure */\n 23, 992, /* Telnet, oldie but still around*/\n 24, /* people put things here instead of TelnetSSH*/\n 25, 465, 587, 2525, /* SMTP email*/\n 5800, 5900, 5901, /* VNC */\n 111, /* SunRPC */\n 139, 445, /* Microsoft Windows networking */\n 135, /* DCEPRC, more Microsoft Windows */\n 3389, /* Microsoft Windows RDP */\n 88, /* Kerberos, also Microsoft windows */\n 389, 636, /* LDAP and MS Win */\n 1433, /* MS SQL */\n 53, /* DNS */\n 2083, 2096, /* cPanel */\n 9050, /* ToR */\n 8140, /* Puppet */\n 11211, /* memcached */\n 1098, 1099, /* Java RMI */\n 6000, 6001, /* XWindows */\n 5060, 5061, /* SIP - session initiation protocool */\n 554, /* RTSP */\n 548, /* AFP */\n \n\n 1,3,4,6,7,9,13,17,19,20,26,30,32,33,37,42,43,49,70,\n 79,81,82,83,84,85,89,90,99,100,106,109,110,113,119,125,\n 143,144,146,161,163,179,199,211,212,222,254,255,256,259,264,280,\n 301,306,311,340,366,406,407,416,417,425,427,444,458,464,\n 465,481,497,500,512,513,514,515,524,541,543,544,545,554,555,563,\n 593,616,617,625,631,646,648,666,667,668,683,687,691,700,705,\n 711,714,720,722,726,749,765,777,783,787,800,801,808,843,873,880,888,\n 898,900,901,902,903,911,912,981,987,993,995,999,1000,1001,\n 1002,1007,1009,1010,1011,1021,1022,1023,1024,1025,1026,1027,1028,\n 1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,\n 1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,\n 1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,\n 1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,\n 1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,\n 1094,1095,1096,1097,1100,1102,1104,1105,1106,1107,1108,\n 1110,1111,1112,1113,1114,1117,1119,1121,1122,1123,1124,1126,1130,\n 1131,1132,1137,1138,1141,1145,1147,1148,1149,1151,1152,1154,1163,\n 1164,1165,1166,1169,1174,1175,1183,1185,1186,1187,1192,1198,1199,\n 1201,1213,1216,1217,1218,1233,1234,1236,1244,1247,1248,1259,1271,\n 1272,1277,1287,1296,1300,1301,1309,1310,1311,1322,1328,1334,1352,\n 1417,1434,1443,1455,1461,1494,1500,1501,1503,1521,1524,1533,\n 1556,1580,1583,1594,1600,1641,1658,1666,1687,1688,1700,1717,1718,\n 1719,1720,1721,1723,1755,1761,1782,1783,1801,1805,1812,1839,1840,\n 1862,1863,1864,1875,1900,1914,1935,1947,1971,1972,1974,1984,1998,\n 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2013,\n 2020,2021,2022,2030,2033,2034,2035,2038,2040,2041,2042,2043,2045,\n 2046,2047,2048,2049,2065,2068,2099,2100,2103,2105,2106,2107,2111,\n 2119,2121,2126,2135,2144,2160,2161,2170,2179,2190,2191,2196,2200,\n 2222,2251,2260,2288,2301,2323,2366,2381,2382,2383,2393,2394,2399,\n 2401,2492,2500,2522,2557,2601,2602,2604,2605,2607,2608,2638,\n 2701,2702,2710,2717,2718,2725,2800,2809,2811,2869,2875,2909,2910,\n 2920,2967,2968,2998,3000,3001,3003,3005,3006,3007,3011,3013,3017,\n 3030,3031,3052,3071,3077,3128,3168,3211,3221,3260,3261,3268,3269,\n 3283,3300,3301,3306,3322,3323,3324,3325,3333,3351,3367,3369,3370,\n 3371,3372,3389,3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,\n 3689,3690,3703,3737,3766,3784,3800,3801,3809,3814,3826,3827,3828,\n 3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,\n 3995,3998,4000,4001,4002,4003,4004,4005,4006,4045,4111,4125,4126,\n 4129,4224,4242,4279,4321,4343,4443,4444,4445,4446,4449,4550,4567,\n 4662,4848,4899,4900,4998,5000,5001,5002,5003,5004,5009,5030,5033,\n 5050,5051,5054,5080,5087,5100,5101,5102,5120,5190,5200,\n 5214,5221,5222,5225,5226,5269,5280,5298,5357,5405,5414,5431,5432,\n 5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678,5679,\n 5718,5730,5801,5802,5810,5811,5815,5822,5825,5850,5859,5862,\n 5877,5902,5903,5904,5906,5907,5910,5911,5915,5922,5925,\n 5950,5952,5959,5960,5961,5962,5963,5987,5988,5989,5998,5999,\n 6002,6003,6004,6005,6006,6007,6009,6025,6059,6100,6101,6106,\n 6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565,6566,6567,\n 6580,6646,6666,6667,6668,6669,6689,6692,6699,6779,6788,6789,6792,\n 6839,6881,6901,6969,7000,7001,7002,7004,7007,7019,7025,7070,7100,\n 7103,7106,7200,7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,\n 7777,7778,7800,7911,7920,7921,7937,7938,7999,8000,8001,8002,8007,\n 8008,8009,8010,8011,8021,8022,8031,8042,8045,8080,8081,8082,8083,\n 8084,8085,8086,8087,8088,8089,8090,8093,8099,8100,8180,8181,8192,\n 8193,8194,8200,8222,8254,8290,8291,8292,8300,8333,8383,8400,8402,\n 8443,8500,8600,8649,8651,8652,8654,8701,8800,8873,8888,8899,8994,\n 9000,9001,9002,9003,9009,9010,9011,9040,9071,9080,9081,9090,\n 9091,9099,9100,9101,9102,9103,9110,9111,9200,9207,9220,9290,9415,\n 9418,9485,9500,9502,9503,9535,9575,9593,9594,9595,9618,9666,9876,\n 9877,9878,9898,9900,9917,9929,9943,9944,9968,9998,9999,10000,10001,\n 10002,10003,10004,10009,10010,10012,10024,10025,10082,10180,10215,\n 10243,10566,10616,10617,10621,10626,10628,10629,10778,11110,11111,\n 11967,12000,12174,12265,12345,13456,13722,13782,13783,14000,14238,\n 14441,14442,15000,15002,15003,15004,15660,15742,16000,16001,16012,\n 16016,16018,16080,16113,16992,16993,17877,17988,18040,18101,18988,\n 19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221,\n 20222,20828,21571,22939,23502,24444,24800,25734,25735,26214,27000,\n 27352,27353,27355,27356,27715,28201,30000,30718,30951,31038,31337,\n 32768,32769,32770,32771,32772,32773,32774,32775,32776,32777,32778,\n 32779,32780,32781,32782,32783,32784,32785,33354,33899,34571,34572,\n 34573,35500,38292,40193,40911,41511,42510,44176,44442,44443,44501,\n 45100,48080,49152,49153,49154,49155,49156,49157,49158,49159,49160,\n 49161,49163,49165,49167,49175,49176,49400,49999,50000,50001,50002,\n 50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,\n 52848,52869,54045,54328,55055,55056,55555,55600,56737,56738,57294,\n 57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,\n 65129,65389};\n struct RangeList *ports = &masscan->targets.ports;\n static const unsigned max_tcp_ports = sizeof(top_tcp_ports)/sizeof(top_tcp_ports[0]);\n static const unsigned max_udp_ports = sizeof(top_udp_ports)/sizeof(top_udp_ports[0]);\n\n\n if (masscan->scan_type.tcp) {\n LOG(2, \"[+] adding TCP top-ports = %u\\n\", maxports);\n for (i=0; iscan_type.udp) {\n LOG(2, \"[+] adding UDP top-ports = %u\\n\", maxports);\n for (i=0; iecho) {\n if (masscan->scan_type.arp || masscan->echo_all)\n fprintf(masscan->echo, \"arpscan = %s\\n\", masscan->scan_type.arp?\"true\":\"false\");\n return 0;\n }\n range.begin = Templ_ARP;\n range.end = Templ_ARP;\n rangelist_add_range(&masscan->targets.ports, range.begin, range.end);\n rangelist_sort(&masscan->targets.ports);\n masscan_set_parameter(masscan, \"router-mac\", \"ff-ff-ff-ff-ff-ff\");\n masscan->scan_type.arp = 1;\n LOG(5, \"--arpscan\\n\");\n return CONF_OK;\n}\n\nstatic int SET_banners(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->is_banners || masscan->echo_all)\n fprintf(masscan->echo, \"banners = %s\\n\", masscan->is_banners?\"true\":\"false\");\n return 0;\n }\n masscan->is_banners = parseBoolean(value);\n return CONF_OK;\n}\n\nstatic int SET_banners_rawudp(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->is_banners_rawudp || masscan->echo_all)\n fprintf(masscan->echo, \"rawudp = %s\\n\", masscan->is_banners_rawudp?\"true\":\"false\");\n return 0;\n }\n masscan->is_banners_rawudp = parseBoolean(value);\n if (masscan->is_banners_rawudp)\n masscan->is_banners = true;\n return CONF_OK;\n}\n\nstatic int SET_capture(struct Masscan *masscan, const char *name, const char *value)\n{\n if (masscan->echo) {\n if (!masscan->is_capture_cert || masscan->echo_all)\n fprintf(masscan->echo, \"%scapture = cert\\n\", masscan->is_capture_cert?\"\":\"no\");\n if (!masscan->is_capture_servername || masscan->echo_all)\n fprintf(masscan->echo, \"%scapture = servername\\n\", masscan->is_capture_servername?\"\":\"no\");\n if (masscan->is_capture_html || masscan->echo_all)\n fprintf(masscan->echo, \"%scapture = html\\n\", masscan->is_capture_html?\"\":\"no\");\n if (masscan->is_capture_heartbleed || masscan->echo_all)\n fprintf(masscan->echo, \"%scapture = heartbleed\\n\", masscan->is_capture_heartbleed?\"\":\"no\");\n if (masscan->is_capture_ticketbleed || masscan->echo_all)\n fprintf(masscan->echo, \"%scapture = ticketbleed\\n\", masscan->is_capture_ticketbleed?\"\":\"no\");\n return 0;\n }\n if (EQUALS(\"capture\", name)) {\n if (EQUALS(\"cert\", value))\n masscan->is_capture_cert = 1;\n else if (EQUALS(\"servername\", value))\n masscan->is_capture_servername = 1;\n else if (EQUALS(\"html\", value))\n masscan->is_capture_html = 1;\n else if (EQUALS(\"heartbleed\", value))\n masscan->is_capture_heartbleed = 1;\n else if (EQUALS(\"ticketbleed\", value))\n masscan->is_capture_ticketbleed = 1;\n else {\n fprintf(stderr, \"FAIL: %s: unknown capture type\\n\", value);\n return CONF_ERR;\n }\n } else if (EQUALS(\"nocapture\", name)) {\n if (EQUALS(\"cert\", value))\n masscan->is_capture_cert = 0;\n else if (EQUALS(\"servername\", value))\n masscan->is_capture_servername = 0;\n else if (EQUALS(\"html\", value))\n masscan->is_capture_html = 0;\n else if (EQUALS(\"heartbleed\", value))\n masscan->is_capture_heartbleed = 0;\n else if (EQUALS(\"ticketbleed\", value))\n masscan->is_capture_ticketbleed = 0;\n else {\n fprintf(stderr, \"FAIL: %s: unknown nocapture type\\n\", value);\n return CONF_ERR;\n }\n }\n return CONF_OK;\n}\n\nstatic int SET_hello(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->is_hello_ssl) {\n fprintf(masscan->echo, \"hello = ssl\\n\");\n } else if (masscan->is_hello_smbv1) {\n fprintf(masscan->echo, \"hello = smbv1\\n\");\n } else if (masscan->is_hello_http) {\n fprintf(masscan->echo, \"hello = http\\n\");\n }\n return 0;\n }\n if (EQUALS(\"ssl\", value))\n masscan->is_hello_ssl = 1;\n else if (EQUALS(\"smbv1\", value))\n masscan->is_hello_smbv1 = 1;\n else if (EQUALS(\"http\", value))\n masscan->is_hello_http = 1;\n else {\n fprintf(stderr, \"FAIL: %s: unknown hello type\\n\", value);\n return CONF_ERR;\n }\n return CONF_OK;\n}\n\nstatic int SET_hello_file(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned index;\n FILE *fp;\n char buf[16384];\n char buf2[16384];\n size_t bytes_read;\n size_t bytes_encoded;\n char foo[64];\n\n if (masscan->echo) {\n //Echoed as a string \"hello-string\" that was originally read\n //from a file, not the \"hello-filename\"\n return 0;\n }\n \n index = ARRAY(name);\n if (index >= 65536) {\n fprintf(stderr, \"%s: bad index\\n\", name);\n return CONF_ERR;\n }\n\n /* When connecting via TCP, send this file */\n fp = fopen(value, \"rb\");\n if (fp == NULL) {\n LOG(0, \"[-] [FAILED] --hello-file\\n\");\n LOG(0, \"[-] %s: %s\\n\", value, strerror(errno));\n return CONF_ERR;\n }\n \n bytes_read = fread(buf, 1, sizeof(buf), fp);\n if (bytes_read == 0) {\n LOG(0, \"[FAILED] could not read hello file\\n\");\n perror(value);\n fclose(fp);\n return CONF_ERR;\n }\n fclose(fp);\n \n bytes_encoded = base64_encode(buf2, sizeof(buf2)-1, buf, bytes_read);\n buf2[bytes_encoded] = '\\0';\n \n snprintf(foo, sizeof(foo), \"hello-string[%u]\", (unsigned)index);\n \n masscan_set_parameter(masscan, foo, buf2);\n\n return CONF_OK;\n}\n\nstatic int SET_hello_string(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned index;\n char *value2;\n struct TcpCfgPayloads *pay;\n\n if (masscan->echo) {\n for (pay = masscan->payloads.tcp; pay; pay = pay->next) {\n fprintf(masscan->echo, \"hello-string[%u] = %s\\n\",\n pay->port, pay->payload_base64);\n }\n return 0;\n }\n \n index = ARRAY(name);\n if (index >= 65536) {\n fprintf(stderr, \"%s: bad index\\n\", name);\n exit(1);\n }\n\n \n value2 = STRDUP(value);\n\n pay = MALLOC(sizeof(*pay));\n \n pay->payload_base64 = value2;\n pay->port = index;\n pay->next = masscan->payloads.tcp;\n masscan->payloads.tcp = pay;\n return CONF_OK;\n}\n\nstatic int SET_hello_timeout(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->tcp_hello_timeout || masscan->echo_all)\n fprintf(masscan->echo, \"hello-timeout = %u\\n\", masscan->tcp_hello_timeout);\n return 0;\n }\n masscan->tcp_hello_timeout = (unsigned)parseInt(value);\n return CONF_OK;\n}\n\nstatic int SET_http_cookie(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned char *newvalue;\n size_t value_length;\n\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.cookies_count || masscan->echo_all) {\n size_t i;\n for (i=0; ihttp.cookies_count; i++) {\n fprintf(masscan->echo,\n \"http-cookie = %.*s\\n\",\n (unsigned)masscan->http.cookies[i].value_length,\n masscan->http.cookies[i].value);\n }\n }\n return 0;\n }\n\n /* allocate new value */\n value_length = strlen(value);\n newvalue = MALLOC(value_length+1);\n memcpy(newvalue, value, value_length+1);\n newvalue[value_length] = '\\0';\n\n /* Add to our list of headers */\n if (masscan->http.cookies_count < sizeof(masscan->http.cookies)/sizeof(masscan->http.cookies[0])) {\n size_t x = masscan->http.cookies_count;\n masscan->http.cookies[x].value = newvalue;\n masscan->http.cookies[x].value_length = value_length;\n masscan->http.cookies_count++;\n }\n return CONF_OK;\n}\n\nstatic int SET_http_header(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned name_length;\n char *newname;\n unsigned char *newvalue;\n size_t value_length;\n\n if (masscan->echo) {\n if (masscan->http.headers_count || masscan->echo_all) {\n size_t i;\n for (i=0; ihttp.headers_count; i++) {\n if (masscan->http.headers[i].name == 0)\n continue;\n fprintf(masscan->echo,\n \"http-header = %s:%.*s\\n\",\n masscan->http.headers[i].name,\n (unsigned)masscan->http.headers[i].value_length,\n masscan->http.headers[i].value);\n }\n }\n return 0;\n }\n\n /* \n * allocate a new name \n */\n name += 11;\n if (*name == '[') {\n /* Specified as: \"--http-header[name] value\" */\n while (ispunct(*name))\n name++;\n name_length = (unsigned)strlen(name);\n while (name_length && ispunct(name[name_length-1]))\n name_length--;\n newname = MALLOC(name_length+1);\n memcpy(newname, name, name_length+1);\n newname[name_length] = '\\0';\n } else if (strchr(value, ':')) {\n /* Specified as: \"--http-header Name:value\" */\n name_length = INDEX_OF(value, ':');\n newname = MALLOC(name_length + 1);\n memcpy(newname, value, name_length + 1);\n \n /* Trim the value */\n value = value + name_length + 1;\n while (*value && isspace(*value & 0xFF))\n value++;\n\n /* Trim the name */\n while (name_length && isspace(newname[name_length-1]&0xFF))\n name_length--;\n newname[name_length] = '\\0';\n } else {\n fprintf(stderr, \"[-] --http-header needs both a name and value\\n\");\n fprintf(stderr, \" hint: \\\"--http-header Name:value\\\"\\n\");\n exit(1);\n }\n\n /* allocate new value */\n value_length = strlen(value);\n newvalue = MALLOC(value_length+1);\n memcpy(newvalue, value, value_length+1);\n newvalue[value_length] = '\\0';\n\n /* Add to our list of headers */\n if (masscan->http.headers_count < sizeof(masscan->http.headers)/sizeof(masscan->http.headers[0])) {\n size_t x = masscan->http.headers_count;\n masscan->http.headers[x].name = newname;\n masscan->http.headers[x].value = newvalue;\n masscan->http.headers[x].value_length = value_length;\n masscan->http.headers_count++;\n }\n return CONF_OK;\n}\n\nstatic int SET_http_method(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.method || masscan->echo_all)\n fprintf(masscan->echo, \"http-method = %.*s\\n\", (unsigned)masscan->http.method_length, masscan->http.method);\n return 0;\n }\n if (masscan->http.method)\n free(masscan->http.method);\n masscan->http.method_length = strlen(value);\n masscan->http.method = MALLOC(masscan->http.method_length+1);\n memcpy(masscan->http.method, value, masscan->http.method_length+1);\n return CONF_OK;\n}\nstatic int SET_http_url(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.url || masscan->echo_all)\n fprintf(masscan->echo, \"http-url = %.*s\\n\", (unsigned)masscan->http.url_length, masscan->http.url);\n return 0;\n }\n if (masscan->http.url)\n free(masscan->http.url);\n masscan->http.url_length = strlen(value);\n masscan->http.url = MALLOC(masscan->http.url_length+1);\n memcpy(masscan->http.url, value, masscan->http.url_length+1);\n return CONF_OK;\n}\nstatic int SET_http_version(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.version || masscan->echo_all)\n fprintf(masscan->echo, \"http-version = %.*s\\n\", (unsigned)masscan->http.version_length, masscan->http.version);\n return 0;\n }\n if (masscan->http.version)\n free(masscan->http.version);\n masscan->http.version_length = strlen(value);\n masscan->http.version = MALLOC(masscan->http.version_length+1);\n memcpy(masscan->http.version, value, masscan->http.version_length+1);\n return CONF_OK;\n}\nstatic int SET_http_host(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.host || masscan->echo_all)\n fprintf(masscan->echo, \"http-host = %.*s\\n\", (unsigned)masscan->http.host_length, masscan->http.host);\n return 0;\n }\n if (masscan->http.host)\n free(masscan->http.host);\n masscan->http.host_length = strlen(value);\n masscan->http.host = MALLOC(masscan->http.host_length+1);\n memcpy(masscan->http.host, value, masscan->http.host_length+1);\n return CONF_OK;\n}\n\nstatic int SET_http_user_agent(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.user_agent || masscan->echo_all)\n fprintf(masscan->echo, \"http-user-agent = %.*s\\n\", (unsigned)masscan->http.user_agent_length, masscan->http.user_agent);\n return 0;\n }\n if (masscan->http.user_agent)\n free(masscan->http.user_agent);\n masscan->http.user_agent_length = strlen(value);\n masscan->http.user_agent = MALLOC(masscan->http.user_agent_length+1);\n memcpy( masscan->http.user_agent,\n value,\n masscan->http.user_agent_length+1\n );\n return CONF_OK;\n}\n\nstatic int SET_http_payload(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->http.payload || masscan->echo_all)\n fprintf(masscan->echo, \"http-payload = %.*s\\n\", (unsigned)masscan->http.payload_length, masscan->http.payload);\n return 0;\n }\n masscan->http.payload_length = strlen(value);\n masscan->http.payload = REALLOC(masscan->http.payload, masscan->http.payload_length+1);\n memcpy( masscan->http.payload,\n value,\n masscan->http.payload_length+1\n );\n return CONF_OK;\n}\n\nstatic int SET_status_ndjson(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n\n if (masscan->echo) {\n if (masscan->output.is_status_ndjson || masscan->echo_all)\n fprintf(masscan->echo, \"ndjson-status = %s\\n\", masscan->output.is_status_ndjson?\"true\":\"false\");\n return 0;\n }\n masscan->output.is_status_ndjson = parseBoolean(value);\n return CONF_OK;\n}\nstatic int SET_status_json(struct Masscan *masscan, const char *name, const char *value)\n{\n /* NOTE: this is here just to warn people they mistyped it */\n UNUSEDPARM(name);\n UNUSEDPARM(value);\n\n if (masscan->echo) {\n return 0;\n }\n fprintf(stderr, \"[-] FAIL: %s not supported, use --status-ndjson\\n\", name);\n fprintf(stderr, \" hint: new-line delimited JSON status is what we use\\n\");\n return CONF_ERR;\n}\n\nstatic int SET_min_packet(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->min_packet_size != 60 || masscan->echo_all)\n fprintf(masscan->echo, \"min-packet = %u\\n\", masscan->min_packet_size);\n return 0;\n }\n masscan->min_packet_size = (unsigned)parseInt(value);\n return CONF_OK;\n}\n\n\nstatic int SET_nobanners(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n return 0;\n }\n masscan->is_banners = !parseBoolean(value);\n return CONF_OK;\n}\n\nstatic int SET_noreset(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->is_noreset || masscan->echo_all)\n fprintf(masscan->echo, \"noreset = %s\\n\", masscan->is_noreset?\"true\":\"false\");\n return 0;\n }\n masscan->is_noreset = parseBoolean(value);\n return CONF_OK;\n}\n\nstatic int SET_nmap_payloads(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n \n if (masscan->echo) {\n if ((masscan->payloads.nmap_payloads_filename && masscan->payloads.nmap_payloads_filename[0]) || masscan->echo_all)\n fprintf(masscan->echo, \"nmap-payloads = %s\\n\", masscan->payloads.nmap_payloads_filename);\n return 0;\n }\n \n if (masscan->payloads.nmap_payloads_filename)\n free(masscan->payloads.nmap_payloads_filename);\n masscan->payloads.nmap_payloads_filename = strdup(value);\n\n return CONF_OK;\n}\n\nstatic int SET_nmap_service_probes(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n \n if (masscan->echo) {\n if ((masscan->payloads.nmap_service_probes_filename && masscan->payloads.nmap_service_probes_filename[0]) || masscan->echo_all)\n fprintf(masscan->echo, \"nmap-service-probes = %s\\n\", masscan->payloads.nmap_service_probes_filename);\n return 0;\n }\n \n if (masscan->payloads.nmap_service_probes_filename)\n free(masscan->payloads.nmap_service_probes_filename);\n masscan->payloads.nmap_service_probes_filename = strdup(value);\n \n \n return CONF_OK;\n}\n\nstatic int SET_offline(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n\n if (masscan->echo) {\n if (masscan->is_offline || masscan->echo_all)\n fprintf(masscan->echo, \"offline = %s\\n\", masscan->is_offline?\"true\":\"false\");\n return 0;\n }\n masscan->is_offline = parseBoolean(value);\n return CONF_OK;\n}\n\nstatic int SET_output_append(struct Masscan *masscan, const char *name, const char *value)\n{\n if (masscan->echo) {\n if (masscan->output.is_append || masscan->echo_all)\n fprintf(masscan->echo, \"output-append = %s\\n\",\n masscan->output.is_append?\"true\":\"false\");\n return 0;\n }\n if (EQUALS(\"overwrite\", name) || !parseBoolean(value))\n masscan->output.is_append = 0;\n else\n masscan->output.is_append = 1;\n return CONF_OK;\n}\n\nstatic int SET_output_filename(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->output.filename[0] || masscan->echo_all)\n fprintf(masscan->echo, \"output-filename = %s\\n\", masscan->output.filename);\n return 0;\n }\n if (masscan->output.format == 0)\n masscan->output.format = Output_XML; /*TODO: Why is the default XML?*/\n safe_strcpy(masscan->output.filename,\n sizeof(masscan->output.filename),\n value);\n return CONF_OK;\n}\n\nstatic int SET_output_format(struct Masscan *masscan, const char *name, const char *value)\n{\n enum OutputFormat x = 0;\n UNUSEDPARM(name);\n if (masscan->echo) {\n FILE *fp = masscan->echo;\n ipaddress_formatted_t fmt;\n switch (masscan->output.format) {\n case Output_Default: if (masscan->echo_all) fprintf(fp, \"output-format = interactive\\n\"); break;\n case Output_Interactive:fprintf(fp, \"output-format = interactive\\n\"); break;\n case Output_List: fprintf(fp, \"output-format = list\\n\"); break;\n case Output_Unicornscan:fprintf(fp, \"output-format = unicornscan\\n\"); break;\n case Output_XML: fprintf(fp, \"output-format = xml\\n\"); break;\n case Output_Binary: fprintf(fp, \"output-format = binary\\n\"); break;\n case Output_Grepable: fprintf(fp, \"output-format = grepable\\n\"); break;\n case Output_JSON: fprintf(fp, \"output-format = json\\n\"); break;\n case Output_NDJSON: fprintf(fp, \"output-format = ndjson\\n\"); break;\n case Output_Certs: fprintf(fp, \"output-format = certs\\n\"); break;\n case Output_None: fprintf(fp, \"output-format = none\\n\"); break;\n case Output_Hostonly: fprintf(fp, \"output-format = hostonly\\n\"); break;\n case Output_Redis:\n fmt = ipaddress_fmt(masscan->redis.ip);\n fprintf(fp, \"output-format = redis\\n\");\n fprintf(fp, \"redis = %s %u\\n\", fmt.string, masscan->redis.port);\n break;\n \n default:\n fprintf(fp, \"output-format = unknown(%u)\\n\", masscan->output.format);\n break;\n }\n return 0;\n }\n if (EQUALS(\"unknown(0)\", value)) x = Output_Interactive;\n else if (EQUALS(\"interactive\", value)) x = Output_Interactive;\n else if (EQUALS(\"list\", value)) x = Output_List;\n else if (EQUALS(\"unicornscan\", value)) x = Output_Unicornscan;\n else if (EQUALS(\"xml\", value)) x = Output_XML;\n else if (EQUALS(\"binary\", value)) x = Output_Binary;\n else if (EQUALS(\"greppable\", value)) x = Output_Grepable;\n else if (EQUALS(\"grepable\", value)) x = Output_Grepable;\n else if (EQUALS(\"json\", value)) x = Output_JSON;\n else if (EQUALS(\"ndjson\", value)) x = Output_NDJSON;\n else if (EQUALS(\"certs\", value)) x = Output_Certs;\n else if (EQUALS(\"none\", value)) x = Output_None;\n else if (EQUALS(\"redis\", value)) x = Output_Redis;\n else if (EQUALS(\"hostonly\", value)) x = Output_Hostonly;\n else {\n LOG(0, \"FAIL: unknown output-format: %s\\n\", value);\n LOG(0, \" hint: 'binary', 'xml', 'grepable', ...\\n\");\n return CONF_ERR;\n }\n masscan->output.format = x;\n\n return CONF_OK;\n}\n\nstatic int SET_output_noshow(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->echo_all) {\n fprintf(masscan->echo, \"output-noshow = %s%s%s\\n\",\n (!masscan->output.is_show_open)?\"open,\":\"\",\n (!masscan->output.is_show_closed)?\"closed,\":\"\",\n (!masscan->output.is_show_host)?\"host,\":\"\"\n );\n }\n return 0;\n }\n for (;;) {\n const char *val2 = value;\n unsigned val2_len = INDEX_OF(val2, ',');\n if (val2_len == 0)\n break;\n if (EQUALSx(\"open\", val2, val2_len))\n masscan->output.is_show_open = 0;\n else if (EQUALSx(\"closed\", val2, val2_len) || EQUALSx(\"close\", val2, val2_len))\n masscan->output.is_show_closed = 0;\n else if (EQUALSx(\"open\", val2, val2_len))\n masscan->output.is_show_host = 0;\n else if (EQUALSx(\"all\",val2,val2_len)) {\n masscan->output.is_show_open = 0;\n masscan->output.is_show_host = 0;\n masscan->output.is_show_closed = 0;\n }\n else {\n LOG(0, \"FAIL: unknown 'noshow' spec: %.*s\\n\", val2_len, val2);\n exit(1);\n }\n value += val2_len;\n while (*value == ',')\n value++;\n }\n return CONF_OK;\n}\n\nstatic int SET_output_show(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->echo_all) {\n fprintf(masscan->echo, \"output-show = %s%s%s\\n\",\n masscan->output.is_show_open?\"open,\":\"\",\n masscan->output.is_show_closed?\"closed,\":\"\",\n masscan->output.is_show_host?\"host,\":\"\"\n );\n }\n return 0;\n }\n for (;;) {\n const char *val2 = value;\n unsigned val2_len = INDEX_OF(val2, ',');\n if (val2_len == 0)\n break;\n if (EQUALSx(\"open\", val2, val2_len))\n masscan->output.is_show_open = 1;\n else if (EQUALSx(\"closed\", val2, val2_len) || EQUALSx(\"close\", val2, val2_len))\n masscan->output.is_show_closed = 1;\n else if (EQUALSx(\"open\", val2, val2_len))\n masscan->output.is_show_host = 1;\n else if (EQUALSx(\"all\",val2,val2_len)) {\n masscan->output.is_show_open = 1;\n masscan->output.is_show_host = 1;\n masscan->output.is_show_closed = 1;\n }\n else {\n LOG(0, \"FAIL: unknown 'show' spec: %.*s\\n\", val2_len, val2);\n exit(1);\n }\n value += val2_len;\n while (*value == ',')\n value++;\n }\n return CONF_OK;\n}\nstatic int SET_output_show_open(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n UNUSEDPARM(value);\n if (masscan->echo) {\n return 0;\n }\n /* \"open\" \"open-only\" */\n masscan->output.is_show_open = 1;\n masscan->output.is_show_closed = 0;\n masscan->output.is_show_host = 0;\n return CONF_OK;\n}\n\n/* Specifies a 'libpcap' file where the received packets will be written.\n * This is useful while debugging so that we can see what exactly is\n * going on. It's also an alternate mode for getting output from this\n * program. Instead of relying upon this program's determination of what\n * ports are open or closed, you can instead simply parse this capture\n * file yourself and make your own determination */\nstatic int SET_pcap_filename(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->pcap_filename[0])\n fprintf(masscan->echo, \"pcap-filename = %s\\n\", masscan->pcap_filename);\n return 0;\n }\n if (value)\n safe_strcpy(masscan->pcap_filename, sizeof(masscan->pcap_filename), value);\n return CONF_OK;\n}\n\n/* Specifies a 'libpcap' file from which to read packet-payloads. The payloads found\n * in this file will serve as the template for spewing out custom packets. There are\n * other options that can set payloads as well, like \"--nmap-payloads\" for reading\n * their custom payload file, as well as the various \"hello\" options for specifying\n * the string sent to the server once a TCP connection has been established. */\nstatic int SET_pcap_payloads(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if ((masscan->payloads.pcap_payloads_filename && masscan->payloads.pcap_payloads_filename[0]) || masscan->echo_all)\n fprintf(masscan->echo, \"pcap-payloads = %s\\n\", masscan->payloads.pcap_payloads_filename);\n return 0;\n }\n \n if (masscan->payloads.pcap_payloads_filename)\n free(masscan->payloads.pcap_payloads_filename);\n masscan->payloads.pcap_payloads_filename = strdup(value);\n \n /* file will be loaded in \"masscan_load_database_files()\" */\n \n return CONF_OK;\n}\n\n\nstatic int SET_randomize_hosts(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n UNUSEDPARM(value);\n if (masscan->echo) {\n //fprintf(masscan->echo, \"randomize-hosts = true\\n\");\n return 0;\n }\n return CONF_OK;\n}\n\n\nstatic int SET_rate(struct Masscan *masscan, const char *name, const char *value)\n{\n double rate = 0.0;\n double point = 10.0;\n unsigned i;\n \n if (masscan->echo) {\n if ((unsigned)(masscan->max_rate * 100000) % 100000) {\n /* print as floating point number, which is rare */\n fprintf(masscan->echo, \"rate = %f\\n\", masscan->max_rate);\n } else {\n /* pretty print as just an integer, which is what most people\n * expect */\n fprintf(masscan->echo, \"rate = %-10.0f\\n\", masscan->max_rate);\n }\n return 0;\n }\n \n for (i=0; value[i] && value[i] != '.'; i++) {\n char c = value[i];\n if (c < '0' || '9' < c) {\n fprintf(stderr, \"CONF: non-digit in rate spec: %s=%s\\n\", name, value);\n return CONF_ERR;\n }\n rate = rate * 10.0 + (c - '0');\n }\n \n if (value[i] == '.') {\n i++;\n while (value[i]) {\n char c = value[i];\n if (c < '0' || '9' < c) {\n fprintf(stderr, \"CONF: non-digit in rate spec: %s=%s\\n\",\n name, value);\n return CONF_ERR;\n }\n rate += (c - '0')/point;\n point *= 10.0;\n value++;\n }\n }\n \n masscan->max_rate = rate;\n return CONF_OK;\n}\n\nstatic int SET_resume_count(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->resume.count || masscan->echo_all) {\n fprintf(masscan->echo, \"resume-count = %\" PRIu64 \"\\n\", masscan->resume.count);\n }\n return 0;\n }\n masscan->resume.count = parseInt(value);\n return CONF_OK;\n}\n\nstatic int SET_resume_index(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->resume.index || masscan->echo_all) {\n fprintf(masscan->echo, \"\\n# resume information\\n\");\n fprintf(masscan->echo, \"resume-index = %\" PRIu64 \"\\n\", masscan->resume.index);\n }\n return 0;\n }\n masscan->resume.index = parseInt(value);\n return CONF_OK;\n}\n\nstatic int SET_retries(struct Masscan *masscan, const char *name, const char *value)\n{\n uint64_t x;\n \n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->retries || masscan->echo_all)\n fprintf(masscan->echo, \"retries = %u\\n\", masscan->retries);\n return 0;\n }\n x = strtoul(value, 0, 0);\n if (x >= 1000) {\n fprintf(stderr, \"FAIL: retries=: expected number less than 1000\\n\");\n return CONF_ERR;\n }\n masscan->retries = (unsigned)x;\n return CONF_OK;\n \n}\n\nstatic int SET_rotate_time(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->output.rotate.timeout || masscan->echo_all)\n fprintf(masscan->echo, \"rotate = %u\\n\", masscan->output.rotate.timeout);\n return 0;\n }\n masscan->output.rotate.timeout = (unsigned)parseTime(value);\n return CONF_OK;\n}\nstatic int SET_rotate_directory(struct Masscan *masscan, const char *name, const char *value)\n{\n char *p;\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (memcmp(masscan->output.rotate.directory, \".\",2) != 0 || masscan->echo_all) {\n fprintf(masscan->echo, \"rotate-dir = %s\\n\", masscan->output.rotate.directory);\n }\n return 0;\n }\n safe_strcpy( masscan->output.rotate.directory,\n sizeof(masscan->output.rotate.directory),\n value);\n /* strip trailing slashes */\n p = masscan->output.rotate.directory;\n while (*p && (p[strlen(p)-1] == '/' || p[strlen(p)-1] == '\\\\')) /* Fix for #561 */\n p[strlen(p)-1] = '\\0';\n return CONF_OK;\n}\nstatic int SET_rotate_offset(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n /* Time offset, otherwise output files are aligned to nearest time\n * interval, e.g. at the start of the hour for \"hourly\" */\n if (masscan->echo) {\n if (masscan->output.rotate.offset || masscan->echo_all)\n fprintf(masscan->echo, \"rotate-offset = %u\\n\", masscan->output.rotate.offset);\n return 0;\n }\n masscan->output.rotate.offset = (unsigned)parseTime(value);\n return CONF_OK;\n}\nstatic int SET_rotate_filesize(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->output.rotate.filesize || masscan->echo_all)\n fprintf(masscan->echo, \"rotate-size = %\" PRIu64 \"\\n\", masscan->output.rotate.filesize);\n return 0;\n }\n masscan->output.rotate.filesize = parseSize(value);\n return CONF_OK;\n \n}\n\nstatic int SET_script(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if ((masscan->scripting.name && masscan->scripting.name[0]) || masscan->echo_all)\n fprintf(masscan->echo, \"script = %s\\n\", masscan->scripting.name);\n return 0;\n }\n if (value && value[0])\n masscan->is_scripting = 1;\n else\n masscan->is_scripting = 0;\n \n if (masscan->scripting.name)\n free(masscan->scripting.name);\n \n masscan->scripting.name = strdup(value);\n \n return CONF_OK;\n}\n\n\nstatic int SET_seed(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n fprintf(masscan->echo, \"seed = %\" PRIu64 \"\\n\", masscan->seed);\n return 0;\n }\n if (EQUALS(\"time\", value))\n masscan->seed = time(0);\n else\n masscan->seed = parseInt(value);\n return CONF_OK;\n}\n\nstatic int SET_space(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n UNUSEDPARM(value);\n if (masscan->echo) {\n fprintf(masscan->echo, \"\\n\");\n return 0;\n }\n return CONF_OK;\n}\n\nstatic int SET_shard(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned one = 0;\n unsigned of = 0;\n\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->shard.of > 0 || masscan->echo_all)\n fprintf(masscan->echo, \"shard = %u/%u\\n\", masscan->shard.one, masscan->shard.of);\n return 0;\n }\n while (isdigit(*value))\n one = one*10 + (*(value++)) - '0';\n while (ispunct(*value))\n value++;\n while (isdigit(*value))\n of = of*10 + (*(value++)) - '0';\n \n if (one < 1) {\n LOG(0, \"FAIL: shard index can't be zero\\n\");\n LOG(0, \"hint it goes like 1/4 2/4 3/4 4/4\\n\");\n return CONF_ERR;\n }\n if (one > of) {\n LOG(0, \"FAIL: shard spec is wrong\\n\");\n LOG(0, \"hint it goes like 1/4 2/4 3/4 4/4\\n\");\n return CONF_ERR;\n }\n masscan->shard.one = one;\n masscan->shard.of = of;\n return CONF_OK;\n}\n\nstatic int SET_output_stylesheet(struct Masscan *masscan, const char *name, const char *value)\n{\n UNUSEDPARM(name);\n if (masscan->echo) {\n if (masscan->output.stylesheet[0] || masscan->echo_all)\n fprintf(masscan->echo, \"stylesheet = %s\\n\", masscan->output.stylesheet);\n return 0;\n }\n \n if (masscan->output.format == 0)\n masscan->output.format = Output_XML;\n \n safe_strcpy(masscan->output.stylesheet, sizeof(masscan->output.stylesheet), value);\n return CONF_OK;\n}\n\nstatic int SET_topports(struct Masscan *masscan, const char *name, const char *value)\n{\n unsigned default_value = 20;\n\n if (masscan->echo) {\n /* don't echo: this instead triggers filling the `--port`\n * list, so the ports themselves will be echoed, not this\n * parameter */\n return 0;\n }\n\n if (value == 0 || value[0] == '\\0') {\n /* can be specified by itself on the command-line, alone\n * without a following parameter */\n /* ex: `--top-ports` */\n masscan->top_ports = default_value;\n } else if (isBoolean(value)) {\n /* ex: `--top-ports enable` */\n if (parseBoolean(value))\n masscan->top_ports = default_value;\n else\n masscan->top_ports = 0;\n } else if (isInteger(value)) {\n /* ex: `--top-ports 5` */\n uint64_t num = parseInt(value);\n masscan->top_ports = (unsigned)num;\n } else {\n fprintf(stderr, \"[-] %s: bad value: %s\\n\", name, value);\n return CONF_ERR;\n }\n return CONF_OK;\n}\n\nstatic int SET_tcp_mss(struct Masscan *masscan, const char *name, const char *value)\n{\n /* h/t @IvreRocks */\n static const unsigned default_mss = 1460;\n\n if (masscan->echo) {\n if (masscan->templ_opts) {\n switch (masscan->templ_opts->tcp.is_mss) {\n case Default:\n break;\n case Add:\n if (masscan->templ_opts->tcp.mss == default_mss)\n fprintf(masscan->echo, \"tcp-mss = %s\\n\", \"enable\");\n else\n fprintf(masscan->echo, \"tcp-mss = %u\\n\",\n masscan->templ_opts->tcp.mss);\n break;\n case Remove:\n fprintf(masscan->echo, \"tcp-mss = %s\\n\", \"disable\");\n break;\n default:\n break;\n }\n }\n return 0;\n }\n\n if (masscan->templ_opts == NULL)\n masscan->templ_opts = calloc(1, sizeof(*masscan->templ_opts));\n\n if (value == 0 || value[0] == '\\0') {\n /* no following parameter, so interpret this to mean \"enable\" */\n masscan->templ_opts->tcp.is_mss = Add;\n masscan->templ_opts->tcp.mss = default_mss; /* 1460 */\n } else if (isBoolean(value)) {\n /* looking for \"enable\" or \"disable\", but any boolean works,\n * like \"true/false\" or \"off/on\" */\n if (parseBoolean(value)) {\n masscan->templ_opts->tcp.is_mss = Add;\n masscan->templ_opts->tcp.mss = default_mss; /* 1460 */\n } else\n masscan->templ_opts->tcp.is_mss = Remove;\n } else if (isInteger(value)) {\n /* A specific number was specified */\n uint64_t num = parseInt(value);\n if (num >= 0x10000)\n goto fail;\n masscan->templ_opts->tcp.is_mss = Add;\n masscan->templ_opts->tcp.mss = (unsigned)num;\n } else\n goto fail;\n\n return CONF_OK;\nfail:\n fprintf(stderr, \"[-] %s: bad value: %s\\n\", name, value);\n return CONF_ERR;\n}\n\nstatic int SET_tcp_wscale(struct Masscan *masscan, const char *name, const char *value)\n{\n static const unsigned default_value = 3;\n\n if (masscan->echo) {\n if (masscan->templ_opts) {\n switch (masscan->templ_opts->tcp.is_wscale) {\n case Default:\n break;\n case Add:\n if (masscan->templ_opts->tcp.wscale == default_value)\n fprintf(masscan->echo, \"tcp-wscale = %s\\n\", \"enable\");\n else\n fprintf(masscan->echo, \"tcp-wscale = %u\\n\",\n masscan->templ_opts->tcp.wscale);\n break;\n case Remove:\n fprintf(masscan->echo, \"tcp-wscale = %s\\n\", \"disable\");\n break;\n default:\n break;\n }\n }\n return 0;\n }\n\n if (masscan->templ_opts == NULL)\n masscan->templ_opts = calloc(1, sizeof(*masscan->templ_opts));\n\n if (value == 0 || value[0] == '\\0') {\n masscan->templ_opts->tcp.is_wscale = Add;\n masscan->templ_opts->tcp.wscale = default_value;\n } else if (isBoolean(value)) {\n if (parseBoolean(value)) {\n masscan->templ_opts->tcp.is_wscale = Add;\n masscan->templ_opts->tcp.wscale = default_value;\n } else\n masscan->templ_opts->tcp.is_wscale = Remove;\n } else if (isInteger(value)) {\n uint64_t num = parseInt(value);\n if (num >= 255)\n goto fail;\n masscan->templ_opts->tcp.is_wscale = Add;\n masscan->templ_opts->tcp.wscale = (unsigned)num;\n } else\n goto fail;\n\n return CONF_OK;\nfail:\n fprintf(stderr, \"[-] %s: bad value: %s\\n\", name, value);\n return CONF_ERR;\n}\n\nstatic int SET_tcp_tsecho(struct Masscan *masscan, const char *name, const char *value)\n{\n static const unsigned default_value = 0x12345678;\n\n if (masscan->echo) {\n if (masscan->templ_opts) {\n switch (masscan->templ_opts->tcp.is_tsecho) {\n case Default:\n break;\n case Add:\n if (masscan->templ_opts->tcp.tsecho == default_value)\n fprintf(masscan->echo, \"tcp-tsecho = %s\\n\", \"enable\");\n else\n fprintf(masscan->echo, \"tcp-tsecho = %u\\n\",\n masscan->templ_opts->tcp.tsecho);\n break;\n case Remove:\n fprintf(masscan->echo, \"tcp-tsecho = %s\\n\", \"disable\");\n break;\n default:\n break;\n }\n }\n return 0;\n }\n\n if (masscan->templ_opts == NULL)\n masscan->templ_opts = calloc(1, sizeof(*masscan->templ_opts));\n\n if (value == 0 || value[0] == '\\0') {\n masscan->templ_opts->tcp.is_tsecho = Add;\n masscan->templ_opts->tcp.tsecho = default_value;\n } else if (isBoolean(value)) {\n if (parseBoolean(value)) {\n masscan->templ_opts->tcp.is_tsecho = Add;\n masscan->templ_opts->tcp.tsecho = default_value;\n } else\n masscan->templ_opts->tcp.is_tsecho = Remove;\n } else if (isInteger(value)) {\n uint64_t num = parseInt(value);\n if (num >= 255)\n goto fail;\n masscan->templ_opts->tcp.is_tsecho = Add;\n masscan->templ_opts->tcp.tsecho = (unsigned)num;\n } else\n goto fail;\n\n return CONF_OK;\nfail:\n fprintf(stderr, \"[-] %s: bad value: %s\\n\", name, value);\n return CONF_ERR;\n}\n\nstatic int SET_tcp_sackok(struct Masscan *masscan, const char *name, const char *value)\n{\n if (masscan->echo) {\n if (masscan->templ_opts) {\n switch (masscan->templ_opts->tcp.is_sackok) {\n case Default:\n break;\n case Add:\n fprintf(masscan->echo, \"tcp-sackok = %s\\n\", \"enable\");\n break;\n case Remove:\n fprintf(masscan->echo, \"tcp-sackok = %s\\n\", \"disable\");\n break;\n default:\n break;\n }\n }\n return 0;\n }\n\n if (masscan->templ_opts == NULL)\n masscan->templ_opts = calloc(1, sizeof(*masscan->templ_opts));\n\n if (value == 0 || value[0] == '\\0') {\n masscan->templ_opts->tcp.is_sackok = Add;\n } else if (isBoolean(value)) {\n if (parseBoolean(value)) {\n masscan->templ_opts->tcp.is_sackok = Add;\n } else\n masscan->templ_opts->tcp.is_sackok = Remove;\n } else if (isInteger(value)) {\n if (parseInt(value) != 0)\n masscan->templ_opts->tcp.is_sackok = Add;\n } else\n goto fail;\n\n return CONF_OK;\nfail:\n fprintf(stderr, \"[-] %s: bad value: %s\\n\", name, value);\n return CONF_ERR;\n}\n\n\nstatic int SET_debug_tcp(struct Masscan *masscan, const char *name, const char *value) {\n extern int is_tcp_debug; /* global */\n UNUSEDPARM(name);\n UNUSEDPARM(masscan);\n\n if (value == 0 || value[0] == '\\0')\n is_tcp_debug = 1;\n else\n is_tcp_debug = parseBoolean(value);\n return CONF_OK;\n}\n\n\n\nstruct ConfigParameter {\n const char *name;\n SET_PARAMETER set;\n unsigned flags;\n const char *alts[6];\n};\nenum {F_NONE, F_BOOL=1, F_NUMABLE=2};\nstruct ConfigParameter config_parameters[] = {\n {\"resume-index\", SET_resume_index, 0, {0}},\n {\"resume-count\", SET_resume_count, 0, {0}},\n {\"seed\", SET_seed, 0, {0}},\n {\"arpscan\", SET_arpscan, F_BOOL, {\"arp\",0}},\n {\"randomize-hosts\", SET_randomize_hosts, F_BOOL, {0}},\n {\"rate\", SET_rate, 0, {\"max-rate\",0}},\n {\"shard\", SET_shard, 0, {\"shards\",0}},\n {\"banners\", SET_banners, F_BOOL, {\"banner\",0}}, /* --banners */\n {\"rawudp\", SET_banners_rawudp, F_BOOL, {\"rawudp\",0}}, /* --rawudp */\n {\"nobanners\", SET_nobanners, F_BOOL, {\"nobanner\",0}},\n {\"retries\", SET_retries, 0, {\"retry\", \"max-retries\", \"max-retry\", 0}},\n {\"noreset\", SET_noreset, F_BOOL, {0}},\n {\"nmap-payloads\", SET_nmap_payloads, 0, {\"nmap-payload\",0}},\n {\"nmap-service-probes\",SET_nmap_service_probes, 0, {\"nmap-service-probe\",0}},\n {\"offline\", SET_offline, F_BOOL, {\"notransmit\", \"nosend\", \"dry-run\", 0}},\n {\"pcap-filename\", SET_pcap_filename, 0, {\"pcap\",0}},\n {\"pcap-payloads\", SET_pcap_payloads, 0, {\"pcap-payload\",0}},\n {\"hello\", SET_hello, 0, {0}},\n {\"hello-file\", SET_hello_file, 0, {\"hello-filename\",0}},\n {\"hello-string\", SET_hello_string, 0, {0}},\n {\"hello-timeout\", SET_hello_timeout, 0, {0}},\n {\"http-cookie\", SET_http_cookie, 0, {0}},\n {\"http-header\", SET_http_header, 0, {\"http-field\", 0}},\n {\"http-method\", SET_http_method, 0, {0}},\n {\"http-version\", SET_http_version, 0, {0}},\n {\"http-url\", SET_http_url, 0, {\"http-uri\",0}},\n {\"http-user-agent\", SET_http_user_agent, 0, {\"http-useragent\",0}},\n {\"http-host\", SET_http_host, 0, {0}},\n {\"http-payload\", SET_http_payload, 0, {0}},\n {\"ndjson-status\", SET_status_ndjson, F_BOOL, {\"status-ndjson\", 0}},\n {\"json-status\", SET_status_json, F_BOOL, {\"status-json\", 0}},\n {\"min-packet\", SET_min_packet, 0, {\"min-pkt\",0}},\n {\"capture\", SET_capture, 0, {0}},\n {\"nocapture\", SET_capture, 0, {\"no-capture\", 0}},\n {\"SPACE\", SET_space, 0, {0}},\n {\"output-filename\", SET_output_filename, 0, {\"output-file\",0}},\n {\"output-format\", SET_output_format, 0, {0}},\n {\"output-show\", SET_output_show, 0, {\"output-status\", \"show\",0}},\n {\"output-noshow\", SET_output_noshow, 0, {\"noshow\",0}},\n {\"output-show-open\",SET_output_show_open, F_BOOL, {\"open\", \"open-only\", 0}},\n {\"output-append\", SET_output_append, 0, {\"append-output\",0}},\n {\"rotate\", SET_rotate_time, 0, {\"output-rotate\", \"rotate-output\", \"rotate-time\", 0}},\n {\"rotate-dir\", SET_rotate_directory, 0, {\"output-rotate-dir\", \"rotate-directory\", 0}},\n {\"rotate-offset\", SET_rotate_offset, 0, {\"output-rotate-offset\", 0}},\n {\"rotate-size\", SET_rotate_filesize, 0, {\"output-rotate-filesize\", \"rotate-filesize\", 0}},\n {\"stylesheet\", SET_output_stylesheet, 0, {0}},\n {\"script\", SET_script, 0, {0}},\n {\"SPACE\", SET_space, 0, {0}},\n {\"tcp-mss\", SET_tcp_mss, F_NUMABLE, {\"tcpmss\",0}},\n {\"tcp-wscale\", SET_tcp_wscale, F_NUMABLE, {0}},\n {\"tcp-tsecho\", SET_tcp_tsecho, F_NUMABLE, {0}},\n {\"tcp-sackok\", SET_tcp_sackok, F_BOOL, {0}},\n {\"top-ports\", SET_topports, F_NUMABLE, {\"top-port\",0}},\n\n {\"debug-tcp\", SET_debug_tcp, F_BOOL, {\"tcp-debug\", 0}},\n {0}\n};\n\n/***************************************************************************\n * Called either from the \"command-line\" parser when it sees a --param,\n * or from the \"config-file\" parser for normal options.\n ***************************************************************************/\nvoid\nmasscan_set_parameter(struct Masscan *masscan,\n const char *name, const char *value)\n{\n unsigned index = ARRAY(name);\n if (index >= 65536) {\n fprintf(stderr, \"%s: bad index\\n\", name);\n exit(1);\n }\n \n /*\n * NEW:\n * Go through configured list of parameters\n */\n {\n size_t i;\n \n for (i=0; config_parameters[i].name; i++) {\n if (EQUALS(config_parameters[i].name, name)) {\n config_parameters[i].set(masscan, name, value);\n return;\n } else {\n size_t j;\n for (j=0; config_parameters[i].alts[j]; j++) {\n if (EQUALS(config_parameters[i].alts[j], name)) {\n config_parameters[i].set(masscan, name, value);\n return;\n }\n }\n }\n }\n }\n\n /*\n * OLD:\n * Configure the old parameters, the ones we don't have in the new config\n * system yet (see the NEW part above).\n * TODO: transition all these old params to the new system\n */\n if (EQUALS(\"conf\", name) || EQUALS(\"config\", name)) {\n masscan_read_config_file(masscan, value);\n } else if (EQUALS(\"adapter\", name) || EQUALS(\"if\", name) || EQUALS(\"interface\", name)) {\n if (masscan->nic[index].ifname[0]) {\n fprintf(stderr, \"CONF: overwriting \\\"adapter=%s\\\"\\n\", masscan->nic[index].ifname);\n }\n if (masscan->nic_count < index + 1)\n masscan->nic_count = index + 1;\n snprintf( masscan->nic[index].ifname,\n sizeof(masscan->nic[index].ifname),\n \"%s\",\n value);\n\n }\n else if (EQUALS(\"adapter-ip\", name) || EQUALS(\"source-ip\", name)\n || EQUALS(\"source-address\", name) || EQUALS(\"spoof-ip\", name)\n || EQUALS(\"spoof-address\", name) || EQUALS(\"src-ip\", name)) {\n /* Send packets FROM this IP address */\n struct Range range;\n struct Range6 range6;\n int err;\n\n /* Grab the next IPv4 or IPv6 range */\n err = massip_parse_range(value, 0, 0, &range, &range6);\n switch (err) {\n case Ipv4_Address:\n /* If more than one IP address given, make the range is\n * an even power of two (1, 2, 4, 8, 16, ...) */\n if (!is_power_of_two((uint64_t)range.end - range.begin + 1)) {\n LOG(0, \"FAIL: range must be even power of two: %s=%s\\n\",\n name, value);\n exit(1);\n }\n masscan->nic[index].src.ipv4.first = range.begin;\n masscan->nic[index].src.ipv4.last = range.end;\n masscan->nic[index].src.ipv4.range = range.end - range.begin + 1;\n break;\n case Ipv6_Address:\n masscan->nic[index].src.ipv6.first = range6.begin;\n masscan->nic[index].src.ipv6.last = range6.end;\n masscan->nic[index].src.ipv6.range = 1; /* TODO: add support for more than one source */\n break;\n default:\n LOG(0, \"FAIL: bad source IP address: %s=%s\\n\",\n name, value);\n LOG(0, \"hint addresses look like \\\"192.168.1.23\\\" or \\\"2001:db8:1::1ce9\\\".\\n\");\n exit(1);\n }\n\n\n\n } else if (EQUALS(\"adapter-port\", name) || EQUALS(\"source-port\", name)\n || EQUALS(\"src-port\", name)) {\n /* Send packets FROM this port number */\n unsigned is_error = 0;\n struct RangeList ports = {0};\n memset(&ports, 0, sizeof(ports));\n\n rangelist_parse_ports(&ports, value, &is_error, 0);\n\n /* Check if there was an error in parsing */\n if (is_error) {\n LOG(0, \"FAIL: bad source port specification: %s\\n\",\n name);\n exit(1);\n }\n\n /* Only allow one range of ports */\n if (ports.count != 1) {\n LOG(0, \"FAIL: only one '%s' range may be specified, found %u ranges\\n\",\n name, ports.count);\n exit(1);\n }\n\n /* verify range is even power of 2 (1, 2, 4, 8, 16, ...) */\n if (!is_power_of_two(ports.list[0].end - ports.list[0].begin + 1)) {\n LOG(0, \"FAIL: source port range must be even power of two: %s=%s\\n\",\n name, value);\n exit(1);\n }\n\n masscan->nic[index].src.port.first = ports.list[0].begin;\n masscan->nic[index].src.port.last = ports.list[0].end;\n masscan->nic[index].src.port.range = ports.list[0].end - ports.list[0].begin + 1;\n } else if (EQUALS(\"adapter-mac\", name) || EQUALS(\"spoof-mac\", name)\n || EQUALS(\"source-mac\", name) || EQUALS(\"src-mac\", name)) {\n /* Send packets FROM this MAC address */\n macaddress_t source_mac;\n int err;\n\n err = parse_mac_address(value, &source_mac);\n if (err) {\n LOG(0, \"[-] CONF: bad MAC address: %s = %s\\n\", name, value);\n return;\n }\n\n /* Check for duplicates */\n if (macaddress_is_equal(masscan->nic[index].source_mac, source_mac)) {\n /* suppresses warning message about duplicate MAC addresses if\n * they are in fact the same */\n return;\n }\n\n /* Warn if we are overwriting a Mac address */\n if (masscan->nic[index].my_mac_count != 0) {\n ipaddress_formatted_t fmt1 = macaddress_fmt(masscan->nic[index].source_mac);\n ipaddress_formatted_t fmt2 = macaddress_fmt(source_mac);\n LOG(0, \"[-] WARNING: overwriting MAC address, was %s, now %s\\n\",\n fmt1.string,\n fmt2.string);\n }\n\n masscan->nic[index].source_mac = source_mac;\n masscan->nic[index].my_mac_count = 1;\n }\n else if (EQUALS(\"router-mac\", name) || EQUALS(\"router\", name)\n || EQUALS(\"dest-mac\", name) || EQUALS(\"destination-mac\", name)\n || EQUALS(\"dst-mac\", name) || EQUALS(\"target-mac\", name)) {\n macaddress_t router_mac;\n int err;\n \n err = parse_mac_address(value, &router_mac);\n if (err) {\n fprintf(stderr, \"[-] CONF: bad MAC address: %s = %s\\n\", name, value);\n return;\n }\n\n masscan->nic[index].router_mac_ipv4 = router_mac;\n masscan->nic[index].router_mac_ipv6 = router_mac;\n }\n else if (EQUALS(\"router-mac-ipv4\", name) || EQUALS(\"router-ipv4\", name)) {\n macaddress_t router_mac;\n int err;\n \n err = parse_mac_address(value, &router_mac);\n if (err) {\n fprintf(stderr, \"[-] CONF: bad MAC address: %s = %s\\n\", name, value);\n return;\n }\n\n masscan->nic[index].router_mac_ipv4 = router_mac;\n }\n else if (EQUALS(\"router-mac-ipv6\", name) || EQUALS(\"router-ipv6\", name)) {\n macaddress_t router_mac;\n int err;\n \n err = parse_mac_address(value, &router_mac);\n if (err) {\n fprintf(stderr, \"[-] CONF: bad MAC address: %s = %s\\n\", name, value);\n return;\n }\n\n masscan->nic[index].router_mac_ipv6 = router_mac;\n }\n else if (EQUALS(\"router-ip\", name)) {\n /* Send packets FROM this IP address */\n struct Range range;\n\n range = range_parse_ipv4(value, 0, 0);\n\n /* Check for bad format */\n if (range.begin != range.end) {\n LOG(0, \"FAIL: bad source IPv4 address: %s=%s\\n\",\n name, value);\n LOG(0, \"hint addresses look like \\\"19.168.1.23\\\"\\n\");\n exit(1);\n }\n\n masscan->nic[index].router_ip = range.begin;\n }\n else if (EQUALS(\"udp-ports\", name) || EQUALS(\"udp-port\", name)) {\n unsigned is_error = 0;\n masscan->scan_type.udp = 1;\n rangelist_parse_ports(&masscan->targets.ports, value, &is_error, Templ_UDP);\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n }\n else if (EQUALS(\"oprotos\", name) || EQUALS(\"oproto\", name)) {\n unsigned is_error = 0;\n masscan->scan_type.oproto = 1;\n rangelist_parse_ports(&masscan->targets.ports, value, &is_error, Templ_Oproto_first);\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n }\n else if (EQUALS(\"tcp-ports\", name) || EQUALS(\"tcp-port\", name)) {\n unsigned is_error = 0;\n masscan->scan_type.tcp = 1;\n rangelist_parse_ports(&masscan->targets.ports, value, &is_error, Templ_TCP);\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n }\n else if (EQUALS(\"ports\", name) || EQUALS(\"port\", name)\n || EQUALS(\"dst-port\", name) || EQUALS(\"dest-port\", name)\n || EQUALS(\"destination-port\", name)\n || EQUALS(\"target-port\", name)) {\n unsigned defaultrange = 0;\n int err;\n\n if (masscan->scan_type.udp)\n defaultrange = Templ_UDP;\n else if (masscan->scan_type.sctp)\n defaultrange = Templ_SCTP;\n \n err = massip_add_port_string(&masscan->targets, value, defaultrange);\n if (err) {\n fprintf(stderr, \"[-] FAIL: bad target port: %s\\n\", value);\n fprintf(stderr, \" Hint: a port is a number [0..65535]\\n\");\n exit(1);\n }\n if (masscan->op == 0)\n masscan->op = Operation_Scan; }\n else if (EQUALS(\"banner-types\", name) || EQUALS(\"banner-type\", name)\n || EQUALS(\"banner-apps\", name) || EQUALS(\"banner-app\", name)\n ) {\n enum ApplicationProtocol app;\n \n app = masscan_string_to_app(value);\n \n if (app) {\n rangelist_add_range(&masscan->banner_types, app, app);\n rangelist_sort(&masscan->banner_types);\n } else {\n LOG(0, \"FAIL: bad banner app: %s\\n\", value);\n fprintf(stderr, \"err\\n\");\n exit(1);\n }\n } else if (EQUALS(\"exclude-ports\", name) || EQUALS(\"exclude-port\", name)) {\n unsigned defaultrange = 0;\n int err;\n\n if (masscan->scan_type.udp)\n defaultrange = Templ_UDP;\n else if (masscan->scan_type.sctp)\n defaultrange = Templ_SCTP;\n \n err = massip_add_port_string(&masscan->exclude, value, defaultrange);\n if (err) {\n fprintf(stderr, \"[-] FAIL: bad exclude port: %s\\n\", value);\n fprintf(stderr, \" Hint: a port is a number [0..65535]\\n\");\n exit(1);\n }\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n } else if (EQUALS(\"bpf\", name)) {\n size_t len = strlen(value) + 1;\n if (masscan->bpf_filter)\n free(masscan->bpf_filter);\n masscan->bpf_filter = MALLOC(len);\n memcpy(masscan->bpf_filter, value, len);\n } else if (EQUALS(\"ping\", name) || EQUALS(\"ping-sweep\", name)) {\n /* Add ICMP ping request */\n struct Range range;\n range.begin = Templ_ICMP_echo;\n range.end = Templ_ICMP_echo;\n rangelist_add_range(&masscan->targets.ports, range.begin, range.end);\n rangelist_sort(&masscan->targets.ports);\n masscan->scan_type.ping = 1;\n LOG(5, \"--ping\\n\");\n } else if (EQUALS(\"range\", name) || EQUALS(\"ranges\", name)\n || EQUALS(\"ip\", name) || EQUALS(\"ipv4\", name)\n || EQUALS(\"dst-ip\", name) || EQUALS(\"dest-ip\", name)\n || EQUALS(\"destination-ip\", name)\n || EQUALS(\"target-ip\", name)) {\n int err;\n err = massip_add_target_string(&masscan->targets, value);\n if (err) {\n fprintf(stderr, \"ERROR: bad IP address/range: %s\\n\", value);\n }\n\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n }\n else if (\n EQUALS(\"exclude\", name) ||\n EQUALS(\"exclude-range\", name) ||\n EQUALS(\"exclude-ranges\", name) ||\n EQUALS(\"exclude-ip\", name) ||\n EQUALS(\"exclude-ipv4\", name)\n ) {\n int err;\n err = massip_add_target_string(&masscan->exclude, value);\n if (err) {\n fprintf(stderr, \"ERROR: bad exclude address/range: %s\\n\", value);\n }\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n } else if (EQUALS(\"badsum\", name)) {\n masscan->nmap.badsum = 1;\n } else if (EQUALS(\"banner1\", name)) {\n banner1_test(value);\n exit(1);\n } else if (EQUALS(\"blackrock-rounds\", name)) {\n masscan->blackrock_rounds = (unsigned)parseInt(value);\n } else if (EQUALS(\"connection-timeout\", name) || EQUALS(\"tcp-timeout\", name)) {\n /* The timeout for banners TCP connections */\n masscan->tcp_connection_timeout = (unsigned)parseInt(value);\n } else if (EQUALS(\"datadir\", name)) {\n safe_strcpy(masscan->nmap.datadir, sizeof(masscan->nmap.datadir), value);\n } else if (EQUALS(\"data-length\", name)) {\n unsigned x = (unsigned)strtoul(value, 0, 0);\n if (x >= 1514 - 14 - 40) {\n fprintf(stderr, \"error: %s=: expected number less than 1500\\n\", name);\n } else {\n masscan->nmap.data_length = x;\n }\n } else if (EQUALS(\"debug\", name)) {\n if (EQUALS(\"if\", value)) {\n masscan->op = Operation_DebugIF;\n }\n } else if (EQUALS(\"dns-servers\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: DNS lookups too synchronous\\n\",\n name);\n exit(1);\n } else if (EQUALS(\"echo\", name)) {\n masscan->op = Operation_Echo;\n } else if (EQUALS(\"echo-all\", name)) {\n masscan->op = Operation_EchoAll;\n } else if (EQUALS(\"echo-cidr\", name)) {\n masscan->op = Operation_EchoCidr;\n } else if (EQUALS(\"excludefile\", name)) {\n unsigned count1 = masscan->exclude.ipv4.count;\n unsigned count2;\n int err;\n const char *filename = value;\n\n LOG(1, \"EXCLUDING: %s\\n\", value);\n err = massip_parse_file(&masscan->exclude, filename);\n if (err) {\n LOG(0, \"[-] FAIL: error reading from exclude file\\n\");\n exit(1);\n }\n\n /* Detect if this file has made any change, otherwise don't print\n * a message */\n count2 = masscan->exclude.ipv4.count;\n if (count2 - count1)\n fprintf(stderr, \"%s: excluding %u ranges from file\\n\",\n value, count2 - count1);\n } else if (EQUALS(\"heartbleed\", name)) {\n masscan->is_heartbleed = 1;\n masscan_set_parameter(masscan, \"no-capture\", \"cert\");\n masscan_set_parameter(masscan, \"no-capture\", \"heartbleed\");\n masscan_set_parameter(masscan, \"banners\", \"true\");\n } else if (EQUALS(\"ticketbleed\", name)) {\n masscan->is_ticketbleed = 1;\n masscan_set_parameter(masscan, \"no-capture\", \"cert\");\n masscan_set_parameter(masscan, \"no-capture\", \"ticketbleed\");\n masscan_set_parameter(masscan, \"banners\", \"true\");\n } else if (EQUALS(\"host-timeout\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: this is an asynchronous tool, so no timeouts\\n\", name);\n exit(1);\n } else if (EQUALS(\"iflist\", name)) {\n masscan->op = Operation_List_Adapters;\n } else if (EQUALS(\"includefile\", name)) {\n int err;\n const char *filename = value;\n\n err = massip_parse_file(&masscan->targets, filename);\n if (err) {\n LOG(0, \"[-] FAIL: error reading from include file\\n\");\n exit(1);\n }\n if (masscan->op == 0)\n masscan->op = Operation_Scan;\n } else if (EQUALS(\"infinite\", name)) {\n masscan->is_infinite = 1;\n } else if (EQUALS(\"interactive\", name)) {\n masscan->output.is_interactive = 1;\n } else if (EQUALS(\"nointeractive\", name)) {\n masscan->output.is_interactive = 0;\n } else if (EQUALS(\"status\", name)) {\n masscan->output.is_status_updates = 1;\n } else if (EQUALS(\"nostatus\", name)) {\n masscan->output.is_status_updates = 0;\n } else if (EQUALS(\"ip-options\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: maybe soon\\n\", name);\n exit(1);\n } else if (EQUALS(\"log-errors\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: maybe soon\\n\", name);\n exit(1);\n } else if (EQUALS(\"min-hostgroup\", name) || EQUALS(\"max-hostgroup\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: we randomize all the groups!\\n\", name);\n exit(1);\n } else if (EQUALS(\"min-parallelism\", name) || EQUALS(\"max-parallelism\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: we all the parallel!\\n\", name);\n exit(1);\n } else if (EQUALS(\"min-rtt-timeout\", name) || EQUALS(\"max-rtt-timeout\", name) || EQUALS(\"initial-rtt-timeout\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: we are asynchronous, so no timeouts, no RTT tracking!\\n\", name);\n exit(1);\n } else if (EQUALS(\"min-rate\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported, we go as fast as --max-rate allows\\n\", name);\n /* no exit here, since it's just info */\n } else if (EQUALS(\"mtu\", name)) {\n fprintf(stderr, \"nmap(%s): fragmentation not yet supported\\n\", name);\n exit(1);\n } else if (EQUALS(\"nmap\", name)) {\n print_nmap_help();\n exit(1);\n } else if (EQUALS(\"osscan-limit\", name)) {\n fprintf(stderr, \"nmap(%s): OS scanning unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"osscan-guess\", name)) {\n fprintf(stderr, \"nmap(%s): OS scanning unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"packet-trace\", name) || EQUALS(\"trace-packet\", name)) {\n masscan->nmap.packet_trace = 1;\n } else if (EQUALS(\"privileged\", name) || EQUALS(\"unprivileged\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"pfring\", name)) {\n masscan->is_pfring = 1;\n } else if (EQUALS(\"port-ratio\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"readrange\", name) || EQUALS(\"readranges\", name)) {\n masscan->op = Operation_ReadRange;\n } else if (EQUALS(\"reason\", name)) {\n masscan->output.is_reason = 1;\n } else if (EQUALS(\"redis\", name)) {\n struct Range range;\n unsigned offset = 0;\n unsigned max_offset = (unsigned)strlen(value);\n unsigned port = 6379;\n\n range = range_parse_ipv4(value, &offset, max_offset);\n if ((range.begin == 0 && range.end == 0) || range.begin != range.end) {\n LOG(0, \"FAIL: bad redis IP address: %s\\n\", value);\n exit(1);\n }\n if (offset < max_offset) {\n while (offset < max_offset && isspace(value[offset]))\n offset++;\n if (offset+1 < max_offset && value[offset] == ':' && isdigit(value[offset+1]&0xFF)) {\n port = (unsigned)strtoul(value+offset+1, 0, 0);\n if (port > 65535 || port == 0) {\n LOG(0, \"FAIL: bad redis port: %s\\n\", value+offset+1);\n exit(1);\n }\n }\n }\n\n /* TODO: add support for connecting to IPv6 addresses here */\n masscan->redis.ip.ipv4 = range.begin;\n masscan->redis.ip.version = 4;\n\n masscan->redis.port = port;\n masscan->output.format = Output_Redis;\n safe_strcpy(masscan->output.filename, \n sizeof(masscan->output.filename), \n \"\");\n } else if(EQUALS(\"redis-pwd\", name)) {\n masscan->redis.password = strdup(value);\n } else if (EQUALS(\"release-memory\", name)) {\n fprintf(stderr, \"nmap(%s): this is our default option\\n\", name);\n } else if (EQUALS(\"resume\", name)) {\n masscan_read_config_file(masscan, value);\n masscan_set_parameter(masscan, \"output-append\", \"true\");\n } else if (EQUALS(\"vuln\", name)) {\n if (EQUALS(\"heartbleed\", value)) {\n masscan_set_parameter(masscan, \"heartbleed\", \"true\");\n return;\n\t\t} else if (EQUALS(\"ticketbleed\", value)) {\n masscan_set_parameter(masscan, \"ticketbleed\", \"true\");\n return;\n } else if (EQUALS(\"poodle\", value) || EQUALS(\"sslv3\", value)) {\n masscan->is_poodle_sslv3 = 1;\n masscan_set_parameter(masscan, \"no-capture\", \"cert\");\n masscan_set_parameter(masscan, \"banners\", \"true\");\n return;\n }\n \n if (!vulncheck_lookup(value)) {\n fprintf(stderr, \"FAIL: vuln check '%s' does not exist\\n\", value);\n fprintf(stderr, \" hint: use '--vuln list' to list available scripts\\n\");\n exit(1);\n }\n if (masscan->vuln_name != NULL) {\n if (strcmp(masscan->vuln_name, value) == 0)\n return; /* ok */\n else {\n fprintf(stderr, \"FAIL: only one vuln check supported at a time\\n\");\n fprintf(stderr, \" hint: '%s' is existing vuln check, '%s' is new vuln check\\n\",\n masscan->vuln_name, value);\n exit(1);\n }\n }\n \n masscan->vuln_name = vulncheck_lookup(value)->name;\n } else if (EQUALS(\"scan-delay\", name) || EQUALS(\"max-scan-delay\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported: we do timing VASTLY differently!\\n\", name);\n exit(1);\n } else if (EQUALS(\"scanflags\", name)) {\n fprintf(stderr, \"nmap(%s): TCP scan flags not yet supported\\n\", name);\n exit(1);\n } else if (EQUALS(\"sendq\", name) || EQUALS(\"sendqueue\", name)) {\n masscan->is_sendq = 1;\n } else if (EQUALS(\"send-eth\", name)) {\n fprintf(stderr, \"nmap(%s): unnecessary, we always do --send-eth\\n\", name);\n } else if (EQUALS(\"send-ip\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported, we only do --send-eth\\n\", name);\n exit(1);\n } else if (EQUALS(\"selftest\", name) || EQUALS(\"self-test\", name) || EQUALS(\"regress\", name)) {\n masscan->op = Operation_Selftest;\n return;\n } else if (EQUALS(\"benchmark\", name)) {\n masscan->op = Operation_Benchmark;\n return;\n } else if (EQUALS(\"source-port\", name) || EQUALS(\"sourceport\", name)) {\n masscan_set_parameter(masscan, \"adapter-port\", value);\n } else if (EQUALS(\"nobacktrace\", name) || EQUALS(\"backtrace\", name)) {\n ;\n } else if (EQUALS(\"no-stylesheet\", name)) {\n masscan->output.stylesheet[0] = '\\0';\n } else if (EQUALS(\"system-dns\", name)) {\n fprintf(stderr, \"nmap(%s): DNS lookups will never be supported by this code\\n\", name);\n exit(1);\n } else if (EQUALS(\"top-ports\", name)) {\n unsigned n = (unsigned)parseInt(value);\n if (!isInteger(value))\n n = 100;\n LOG(2, \"top-ports = %u\\n\", n);\n masscan->top_ports = n;\n } else if (EQUALS(\"traceroute\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"test\", name)) {\n if (EQUALS(\"csv\", value))\n masscan->is_test_csv = 1;\n } else if (EQUALS(\"notest\", name)) {\n if (EQUALS(\"csv\", value))\n masscan->is_test_csv = 0;\n } else if (EQUALS(\"ttl\", name)) {\n unsigned x = (unsigned)strtoul(value, 0, 0);\n if (x >= 256) {\n fprintf(stderr, \"error: %s=: expected number less than 256\\n\", name);\n } else {\n masscan->nmap.ttl = x;\n }\n } else if (EQUALS(\"version\", name)) {\n print_version();\n exit(1);\n } else if (EQUALS(\"version-intensity\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"version-light\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"version-all\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"version-trace\", name)) {\n fprintf(stderr, \"nmap(%s): unsupported\\n\", name);\n exit(1);\n } else if (EQUALS(\"vlan\", name) || EQUALS(\"adapter-vlan\", name)) {\n masscan->nic[index].is_vlan = 1;\n masscan->nic[index].vlan_id = (unsigned)parseInt(value);\n } else if (EQUALS(\"wait\", name)) {\n if (EQUALS(\"forever\", value))\n masscan->wait = INT_MAX;\n else\n masscan->wait = (unsigned)parseInt(value);\n } else if (EQUALS(\"webxml\", name)) {\n masscan_set_parameter(masscan, \"stylesheet\", \"http://nmap.org/svn/docs/nmap.xsl\");\n } else {\n fprintf(stderr, \"CONF: unknown config option: %s=%s\\n\", name, value);\n exit(1);\n }\n}\n\nstatic bool\nis_numable(const char *name) {\n size_t i;\n\n for (i=0; config_parameters[i].name; i++) {\n if (EQUALS(config_parameters[i].name, name)) {\n return (config_parameters[i].flags & F_NUMABLE) == F_NUMABLE;\n } else {\n size_t j;\n for (j=0; config_parameters[i].alts[j]; j++) {\n if (EQUALS(config_parameters[i].alts[j], name)) {\n return (config_parameters[i].flags & F_NUMABLE) == F_NUMABLE;\n }\n }\n }\n }\n return false;\n}\n\n/***************************************************************************\n * Command-line parsing code assumes every --parm is followed by a value.\n * This is a list of the parameters that don't follow the default.\n ***************************************************************************/\nstatic int\nis_singleton(const char *name)\n{\n static const char *singletons[] = {\n \"echo\", \"echo-all\", \"echo-cidr\", \"selftest\", \"self-test\", \"regress\",\n \"benchmark\",\n \"system-dns\", \"traceroute\", \"version\",\n \"version-light\",\n \"version-all\", \"version-trace\",\n \"osscan-limit\", \"osscan-guess\",\n \"badsum\", \"reason\", \"open\", \"open-only\",\n \"packet-trace\", \"release-memory\",\n \"log-errors\", \"append-output\", \"webxml\",\n \"no-stylesheet\", \"heartbleed\", \"ticketbleed\",\n \"send-eth\", \"send-ip\", \"iflist\",\n \"nmap\", \"trace-packet\", \"pfring\", \"sendq\",\n \"ping\", \"ping-sweep\", \"nobacktrace\", \"backtrace\",\n \"infinite\", \"nointeractive\", \"interactive\", \"status\", \"nostatus\",\n \"read-range\", \"read-ranges\", \"readrange\", \"read-ranges\",\n 0};\n size_t i;\n\n for (i=0; singletons[i]; i++) {\n if (EQUALS(singletons[i], name))\n return 1;\n }\n \n for (i=0; config_parameters[i].name; i++) {\n if (EQUALS(config_parameters[i].name, name)) {\n return (config_parameters[i].flags & F_BOOL) == F_BOOL;\n } else {\n size_t j;\n for (j=0; config_parameters[i].alts[j]; j++) {\n if (EQUALS(config_parameters[i].alts[j], name)) {\n return (config_parameters[i].flags & F_BOOL) == F_BOOL;\n }\n }\n }\n }\n \n return 0;\n}\n\n/*****************************************************************************\n *****************************************************************************/\nstatic void\nmasscan_help()\n{\n printf(\n\"usage: masscan [options] [... -pPORT[,PORT...]]\\n\"\n\"MASSCAN is a fast port scanner. The primary input parameters are the\\n\"\n\"IP addresses/ranges you want to scan, and the port numbers. An example\\n\"\n\"is the following, which scans the 10.x.x.x network for web servers:\\n\"\n\"\\n\"\n\" masscan 10.0.0.0/8 -p80\\n\"\n\"\\n\"\n\"The program auto-detects network interface/adapter settings. If this\\n\"\n\"fails, you'll have to set these manually. The following is an\\n\"\n\"example of all the parameters that are needed:\\n\"\n\"\\n\"\n\" --adapter-ip 192.168.10.123\\n\"\n\" --adapter-mac 00-11-22-33-44-55\\n\"\n\" --router-mac 66-55-44-33-22-11\\n\"\n\"\\n\"\n\"Parameters can be set either via the command-line or config-file. The\\n\"\n\"names are the same for both. Thus, the above adapter settings would\\n\"\n\"appear as follows in a configuration file:\\n\"\n\"\\n\"\n\" adapter-ip = 192.168.10.123\\n\"\n\" adapter-mac = 00-11-22-33-44-55\\n\"\n\" router-mac = 66-55-44-33-22-11\\n\"\n\"\\n\"\n\"All single-dash parameters have a spelled out double-dash equivalent,\\n\"\n\"so '-p80' is the same as '--ports 80' (or 'ports = 80' in config file).\\n\"\n\"To use the config file, type:\\n\"\n\"\\n\"\n\" masscan -c \\n\"\n\"\\n\"\n\"To generate a config-file from the current settings, use the --echo\\n\"\n\"option. This stops the program from actually running, and just echoes\\n\"\n\"the current configuration instead. This is a useful way to generate\\n\"\n\"your first config file, or see a list of parameters you didn't know\\n\"\n\"about. I suggest you try it now:\\n\"\n\"\\n\"\n\" masscan -p1234 --echo\\n\"\n\"\\n\");\n exit(1);\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nmasscan_load_database_files(struct Masscan *masscan)\n{\n const char *filename;\n \n /*\n * \"pcap-payloads\"\n */\n filename = masscan->payloads.pcap_payloads_filename;\n if (filename) {\n if (masscan->payloads.udp == NULL)\n masscan->payloads.udp = payloads_udp_create();\n if (masscan->payloads.oproto == NULL)\n masscan->payloads.oproto = payloads_udp_create();\n\n payloads_read_pcap(filename, masscan->payloads.udp, masscan->payloads.oproto);\n }\n\n /*\n * `--nmap-payloads`\n */\n filename = masscan->payloads.nmap_payloads_filename;\n if (filename) {\n FILE *fp;\n \n fp = fopen(filename, \"rt\");\n if (fp == NULL) {\n fprintf(stderr, \"[-] FAIL: --nmap-payloads\\n\");\n fprintf(stderr, \"[-] %s:%s\\n\", filename, strerror(errno));\n } else {\n if (masscan->payloads.udp == NULL)\n masscan->payloads.udp = payloads_udp_create();\n \n payloads_udp_readfile(fp, filename, masscan->payloads.udp);\n \n fclose(fp);\n }\n }\n \n /*\n * \"nmap-service-probes\"\n */\n filename = masscan->payloads.nmap_service_probes_filename;\n if (filename) {\n if (masscan->payloads.probes)\n nmapserviceprobes_free(masscan->payloads.probes);\n \n masscan->payloads.probes = nmapserviceprobes_read_file(filename);\n }\n}\n\n/***************************************************************************\n * Read the configuration from the command-line.\n * Called by 'main()' when starting up.\n ***************************************************************************/\nvoid\nmasscan_command_line(struct Masscan *masscan, int argc, char *argv[])\n{\n int i;\n\n for (i=1; i sizeof(name2) - 1) {\n fprintf(stderr, \"%.*s: name too long\\n\", name_length, name);\n name_length = sizeof(name2) - 1;\n }\n memcpy(name2, name, name_length);\n name2[name_length] = '\\0';\n\n masscan_set_parameter(masscan, name2, value);\n } else if (EQUALS(\"readscan\", argv[i]+2)) {\n /* Read in a binary file instead of scanning the network*/\n masscan->op = Operation_ReadScan;\n \n /* Default to reading banners */\n masscan->is_banners = true;\n masscan->is_banners_rawudp = true;\n\n /* This option may be followed by many filenames, therefore,\n * skip forward in the argument list until the next\n * argument */\n while (i+1 < argc && argv[i+1][0] != '-')\n i++;\n continue;\n } else {\n char name2[64];\n char *name = argv[i] + 2;\n unsigned name_length;\n const char *value;\n\n value = strchr(&argv[i][2], '=');\n if (value == NULL)\n value = strchr(&argv[i][2], ':');\n if (value == NULL) {\n if (is_singleton(name))\n value = \"\";\n else\n value = argv[++i];\n name_length = (unsigned)strlen(name);\n } else {\n name_length = (unsigned)(value - name);\n value++;\n }\n\n if (i >= argc) {\n fprintf(stderr, \"%.*s: empty parameter\\n\", name_length, name);\n break;\n }\n\n if (name_length > sizeof(name2) - 1) {\n fprintf(stderr, \"%.*s: name too long\\n\", name_length, name);\n name_length = sizeof(name2) - 1;\n }\n\n memcpy(name2, name, name_length);\n name2[name_length] = '\\0';\n\n masscan_set_parameter(masscan, name2, value);\n }\n continue;\n }\n\n /* For for a single-dash parameter */\n if (argv[i][0] == '-') {\n const char *arg;\n\n switch (argv[i][1]) {\n case '6':\n /* Silently ignore this: IPv6 features enabled all the time */\n break;\n case 'A':\n fprintf(stderr, \"nmap(%s): unsupported: this tool only does SYN scan\\n\", argv[i]);\n exit(1);\n case 'b':\n fprintf(stderr, \"nmap(%s): FTP bounce scans will never be supported\\n\", argv[i]);\n exit(1);\n case 'c':\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n masscan_read_config_file(masscan, arg);\n break;\n case 'd': /* just do same as verbosity level */\n {\n int v;\n for (v=1; argv[i][v] == 'd'; v++) {\n LOG_add_level(1);\n }\n }\n break;\n case 'e':\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n masscan_set_parameter(masscan, \"adapter\", arg);\n break;\n case 'f':\n fprintf(stderr, \"nmap(%s): fragmentation not yet supported\\n\", argv[i]);\n exit(1);\n case 'F':\n fprintf(stderr, \"nmap(%s): unsupported, no slow/fast mode\\n\", argv[i]);\n exit(1);\n case 'g':\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n masscan_set_parameter(masscan, \"adapter-port\", arg);\n break;\n case 'h':\n case '?':\n masscan_usage();\n break;\n case 'i':\n if (argv[i][3] == '\\0' && !isdigit(argv[i][2]&0xFF)) {\n /* This looks like an nmap option*/\n switch (argv[i][2]) {\n case 'L':\n masscan_set_parameter(masscan, \"includefile\", argv[++i]);\n break;\n case 'R':\n /* -iR in nmap makes it randomize addresses completely. Thus,\n * it's nearest equivalent is scanning the entire Internet range */\n masscan_set_parameter(masscan, \"include\", \"0.0.0.0/0\");\n break;\n default:\n fprintf(stderr, \"nmap(%s): unsupported option\\n\", argv[i]);\n exit(1);\n }\n\n } else {\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n\n masscan_set_parameter(masscan, \"adapter\", arg);\n }\n break;\n case 'n':\n /* This looks like an nmap option*/\n /* Do nothing: this code never does DNS lookups anyway */\n break;\n case 'o': /* nmap output format */\n switch (argv[i][2]) {\n case 'A':\n masscan->output.format = Output_All;\n fprintf(stderr, \"nmap(%s): unsupported output format\\n\", argv[i]);\n exit(1);\n break;\n case 'B':\n masscan->output.format = Output_Binary;\n break;\n case 'D':\n masscan->output.format = Output_NDJSON;\n break;\n case 'J':\n masscan->output.format = Output_JSON;\n break;\n case 'N':\n masscan->output.format = Output_Nmap;\n fprintf(stderr, \"nmap(%s): unsupported output format\\n\", argv[i]);\n exit(1);\n break;\n case 'X':\n masscan->output.format = Output_XML;\n break;\n case 'R':\n masscan->output.format = Output_Redis;\n if (i+1 < argc && argv[i+1][0] != '-')\n masscan_set_parameter(masscan, \"redis\", argv[i+1]);\n break;\n case 'S':\n masscan->output.format = Output_ScriptKiddie;\n fprintf(stderr, \"nmap(%s): unsupported output format\\n\", argv[i]);\n exit(1);\n break;\n case 'G':\n masscan->output.format = Output_Grepable;\n break;\n case 'L':\n masscan_set_parameter(masscan, \"output-format\", \"list\");\n break;\n case 'U':\n masscan_set_parameter(masscan, \"output-format\", \"unicornscan\");\n break;\n case 'H':\n masscan_set_parameter(masscan, \"output-format\", \"hostonly\");\n break;\n default:\n fprintf(stderr, \"nmap(%s): unknown output format\\n\", argv[i]);\n exit(1);\n }\n\n ++i;\n if (i >= argc || (argv[i][0] == '-' && argv[i][1] != '\\0')) {\n fprintf(stderr, \"missing output filename\\n\");\n exit(1);\n }\n\n masscan_set_parameter(masscan, \"output-filename\", argv[i]);\n break;\n case 'O':\n fprintf(stderr, \"nmap(%s): unsupported, OS detection is too complex\\n\", argv[i]);\n exit(1);\n break;\n case 'p':\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n if (i >= argc || arg[0] == 0) { // if string is empty\n fprintf(stderr, \"%s: empty parameter\\n\", argv[i]);\n } else\n masscan_set_parameter(masscan, \"ports\", arg);\n break;\n case 'P':\n switch (argv[i][2]) {\n case 'n':\n /* we already do this */\n break;\n default:\n fprintf(stderr, \"nmap(%s): unsupported option, maybe in future\\n\", argv[i]);\n exit(1);\n }\n break;\n case 'r':\n /* This looks like an nmap option*/\n fprintf(stderr, \"nmap(%s): wat? randomization is our raison d'etre!! rethink prease\\n\", argv[i]);\n exit(1);\n break;\n case 'R':\n /* This looks like an nmap option*/\n fprintf(stderr, \"nmap(%s): unsupported. This code will never do DNS lookups.\\n\", argv[i]);\n exit(1);\n break;\n case 's': /* NMAP: scan type */\n if (argv[i][3] == '\\0' && !isdigit(argv[i][2]&0xFF)) {\n unsigned j;\n\n for (j=2; argv[i][j]; j++)\n switch (argv[i][j]) {\n case 'A':\n fprintf(stderr, \"nmap(%s): ACK scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'C':\n fprintf(stderr, \"nmap(%s): unsupported\\n\", argv[i]);\n exit(1);\n case 'F':\n fprintf(stderr, \"nmap(%s): FIN scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'I':\n fprintf(stderr, \"nmap(%s): Zombie scans will never be supported\\n\", argv[i]);\n exit(1);\n case 'L': /* List Scan - simply list targets to scan */\n masscan->op = Operation_ListScan;\n break;\n case 'M':\n fprintf(stderr, \"nmap(%s): Maimon scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'n': /* Ping Scan - disable port scan */\n fprintf(stderr, \"nmap(%s): ping-sweeps not yet supported\\n\", argv[i]);\n exit(1);\n case 'N':\n fprintf(stderr, \"nmap(%s): NULL scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'O': /* Other IP protocols (not ICMP, UDP, TCP, or SCTP) */\n masscan->scan_type.oproto = 1;\n break;\n case 'S': /* TCP SYN scan - THIS IS WHAT WE DO! */\n masscan->scan_type.tcp = 1;\n break;\n case 'T': /* TCP connect scan */\n fprintf(stderr, \"nmap(%s): connect() is too synchronous for cool kids\\n\", argv[i]);\n fprintf(stderr, \"WARNING: doing SYN scan (-sS) anyway, ignoring (-sT)\\n\");\n break;\n case 'U': /* UDP scan */\n masscan->scan_type.udp = 1;\n break;\n case 'V':\n fprintf(stderr, \"nmap(%s): unlikely this will be supported\\n\", argv[i]);\n exit(1);\n case 'W':\n fprintf(stderr, \"nmap(%s): Windows scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'X':\n fprintf(stderr, \"nmap(%s): Xmas scan not yet supported\\n\", argv[i]);\n exit(1);\n case 'Y':\n break;\n case 'Z':\n masscan->scan_type.sctp = 1;\n break;\n default:\n fprintf(stderr, \"nmap(%s): unsupported option\\n\", argv[i]);\n exit(1);\n }\n\n } else {\n fprintf(stderr, \"%s: unknown parameter\\n\", argv[i]);\n exit(1);\n }\n break;\n case 'S':\n if (argv[i][2])\n arg = argv[i]+2;\n else\n arg = argv[++i];\n masscan_set_parameter(masscan, \"adapter-ip\", arg);\n break;\n case 'v':\n {\n int v;\n for (v=1; argv[i][v] == 'v'; v++)\n LOG_add_level(1);\n }\n break;\n case 'V': /* print version and exit */\n masscan_set_parameter(masscan, \"version\", \"\");\n break;\n case 'W':\n masscan->op = Operation_List_Adapters;\n return;\n case 'T':\n fprintf(stderr, \"nmap(%s): unsupported, we do timing WAY different than nmap\\n\", argv[i]);\n exit(1);\n return;\n default:\n LOG(0, \"FAIL: unknown option: -%s\\n\", argv[i]);\n LOG(0, \" [hint] try \\\"--help\\\"\\n\");\n LOG(0, \" [hint] ...or, to list nmap-compatible options, try \\\"--nmap\\\"\\n\");\n exit(1);\n }\n continue;\n }\n\n if (!isdigit(argv[i][0]) && argv[i][0] != ':' && argv[i][0] != '[') {\n fprintf(stderr, \"FAIL: unknown command-line parameter \\\"%s\\\"\\n\", argv[i]);\n fprintf(stderr, \" [hint] did you want \\\"--%s\\\"?\\n\", argv[i]);\n exit(1);\n }\n\n /* If parameter doesn't start with '-', assume it's an\n * IPv4 range\n */\n masscan_set_parameter(masscan, \"range\", argv[i]);\n }\n\n /*\n * If no other \"scan type\" found, then default to TCP\n */\n if (masscan->scan_type.udp == 0 && masscan->scan_type.sctp == 0\n && masscan->scan_type.ping == 0 && masscan->scan_type.arp == 0\n && masscan->scan_type.oproto == 0)\n masscan->scan_type.tcp = 1;\n \n /*\n * If \"top-ports\" specified, then add all those ports. This may be in\n * addition to any other ports\n */\n if (masscan->top_ports) {\n config_top_ports(masscan, masscan->top_ports);\n }\n if (masscan->shard.of < masscan->shard.one) {\n fprintf(stderr, \"[-] WARNING: the shard number must be less than the total shard count: %u/%u\\n\",\n masscan->shard.one, masscan->shard.of);\n }\n if (masscan->shard.of > 1 && masscan->seed == 0) {\n fprintf(stderr, \"[-] WARNING: --seed is not specified\\n HINT: all shards must share the same seed\\n\");\n }\n}\n\n/***************************************************************************\n * Prints the current configuration to the command-line then exits.\n * Use#1: create a template file of all settable parameters.\n * Use#2: make sure your configuration was interpreted correctly.\n ***************************************************************************/\nvoid\nmasscan_echo(struct Masscan *masscan, FILE *fp, unsigned is_echo_all)\n{\n unsigned i;\n unsigned l = 0;\n \n /*\n * NEW:\n * Print all configuration parameters\n */\n masscan->echo = fp;\n masscan->echo_all = is_echo_all;\n for (i=0; config_parameters[i].name; i++) {\n config_parameters[i].set(masscan, 0, 0);\n }\n masscan->echo = 0;\n masscan->echo_all = 0;\n \n /*\n * OLD:\n * Things here below are the old way of echoing parameters.\n * TODO: cleanup this code, replacing with the new way.\n */\n if (masscan->nic_count == 0)\n masscan_echo_nic(masscan, fp, 0);\n else {\n for (i=0; inic_count; i++)\n masscan_echo_nic(masscan, fp, i);\n }\n\n /**\n * Fix for #737, save adapter-port/source-port value or range\n */\n if (masscan->nic[0].src.port.first != 0) {\n fprintf(fp, \"adapter-port = %d\", masscan->nic[0].src.port.first);\n if (masscan->nic[0].src.port.first != masscan->nic[0].src.port.last) {\n /* --adapter-port - */\n fprintf(fp, \"-%d\", masscan->nic[0].src.port.last);\n }\n fprintf(fp, \"\\n\");\n }\n\n /*\n * Targets\n */\n fprintf(fp, \"# TARGET SELECTION (IP, PORTS, EXCLUDES)\\n\");\n fprintf(fp, \"ports = \");\n /* Disable comma generation for the first element */\n l = 0;\n for (i=0; itargets.ports.count; i++) {\n struct Range range = masscan->targets.ports.list[i];\n do {\n struct Range rrange = range;\n unsigned done = 0;\n if (l)\n fprintf(fp, \",\");\n l = 1;\n if (rrange.begin >= Templ_ICMP_echo) {\n rrange.begin -= Templ_ICMP_echo;\n rrange.end -= Templ_ICMP_echo;\n fprintf(fp,\"I:\");\n done = 1;\n } else if (rrange.begin >= Templ_SCTP) {\n rrange.begin -= Templ_SCTP;\n rrange.end -= Templ_SCTP;\n fprintf(fp,\"S:\");\n range.begin = Templ_ICMP_echo;\n } else if (rrange.begin >= Templ_UDP) {\n rrange.begin -= Templ_UDP;\n rrange.end -= Templ_UDP;\n fprintf(fp,\"U:\");\n range.begin = Templ_SCTP;\n } else if (Templ_Oproto_first <= rrange.begin && rrange.begin <= Templ_Oproto_last) {\n rrange.begin -= Templ_Oproto_first;\n rrange.end -= Templ_Oproto_first;\n fprintf(fp, \"O:\");\n range.begin = Templ_Oproto_first;\n } else\n range.begin = Templ_UDP;\n rrange.end = min(rrange.end, 65535);\n if (rrange.begin == rrange.end)\n fprintf(fp, \"%u\", rrange.begin);\n else\n fprintf(fp, \"%u-%u\", rrange.begin, rrange.end);\n if (done)\n break;\n } while (range.begin <= range.end);\n }\n fprintf(fp, \"\\n\");\n\n /*\n * IPv4 address targets\n */\n for (i=0; itargets.ipv4.count; i++) {\n unsigned prefix_bits;\n struct Range range = masscan->targets.ipv4.list[i];\n\n if (range.begin == range.end) {\n fprintf(fp, \"range = %u.%u.%u.%u\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF\n );\n } else if (range_is_cidr(range, &prefix_bits)) {\n fprintf(fp, \"range = %u.%u.%u.%u/%u\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF,\n prefix_bits\n );\n\n } else {\n fprintf(fp, \"range = %u.%u.%u.%u-%u.%u.%u.%u\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF,\n (range.end>>24)&0xFF,\n (range.end>>16)&0xFF,\n (range.end>> 8)&0xFF,\n (range.end>> 0)&0xFF\n );\n }\n fprintf(fp, \"\\n\");\n }\n for (i=0; itargets.ipv6.count; i++) {\n bool exact = false;\n struct Range6 range = masscan->targets.ipv6.list[i];\n ipaddress_formatted_t fmt = ipv6address_fmt(range.begin);\n \n fprintf(fp, \"range = %s\", fmt.string);\n if (!ipv6address_is_equal(range.begin, range.end)) {\n unsigned cidr_bits = count_cidr6_bits(&range, &exact);\n \n if (exact && cidr_bits) {\n fprintf(fp, \"/%u\", cidr_bits);\n } else {\n fmt = ipv6address_fmt(range.end);\n fprintf(fp, \"-%s\", fmt.string);\n }\n }\n fprintf(fp, \"\\n\");\n }\n}\n\n\n/***************************************************************************\n * Prints the list of CIDR to scan to the command-line then exits.\n * Use: provide this list to other tools. Unlike masscan -sL, it keeps\n * the CIDR aggretated format, and does not randomize the order of output.\n * For example, given the starting range of [10.0.0.1-10.0.0.255], this will\n * print all the CIDR ranges that make this up:\n * 10.0.0.1/32\n * 10.0.0.2/31\n * 10.0.0.4/30\n * 10.0.0.8/29\n * 10.0.0.16/28\n * 10.0.0.32/27\n * 10.0.0.64/26\n * 10.0.0.128/25\n ***************************************************************************/\nvoid\nmasscan_echo_cidr(struct Masscan *masscan, FILE *fp, unsigned is_echo_all)\n{\n unsigned i;\n UNUSEDPARM(is_echo_all);\n\n masscan->echo = fp;\n\n /*\n * For all IPv4 ranges ...\n */\n for (i=0; itargets.ipv4.count; i++) {\n\n /* Get the next range in the list */\n struct Range range = masscan->targets.ipv4.list[i];\n\n /* If not a single CIDR range, print all the CIDR ranges\n * needed to completely represent this addres */\n for (;;) {\n unsigned prefix_length;\n struct Range cidr;\n\n /* Find the largest CIDR range (one that can be specified\n * with a /prefix) at the start of this range. */\n cidr = range_first_cidr(range, &prefix_length);\n fprintf(fp, \"%u.%u.%u.%u/%u\\n\",\n (cidr.begin>>24)&0xFF,\n (cidr.begin>>16)&0xFF,\n (cidr.begin>> 8)&0xFF,\n (cidr.begin>> 0)&0xFF,\n prefix_length\n );\n\n /* If this is the last range, then stop. There are multiple\n * ways to gets to see if we get to the end, but I think\n * this is the best. */\n if (cidr.end >= range.end)\n break;\n\n /* If the CIDR range didn't cover the entire range,\n * then remove it from the beginning of the range\n * and process the remainder */\n range.begin = cidr.end+1;\n }\n }\n\n /*\n * For all IPv6 ranges...\n */\n for (i=0; itargets.ipv6.count; i++) {\n struct Range6 range = masscan->targets.ipv6.list[i];\n bool exact = false;\n while (!exact) {\n ipaddress_formatted_t fmt = ipv6address_fmt(range.begin);\n fprintf(fp, \"%s\", fmt.string);\n if (range.begin.hi == range.end.hi && range.begin.lo == range.end.lo) {\n fprintf(fp, \"/128\");\n exact = true;\n } else {\n unsigned cidr_bits = count_cidr6_bits(&range, &exact);\n fprintf(fp, \"/%u\", cidr_bits);\n }\n fprintf(fp, \"\\n\");\n }\n }\n}\n\n/***************************************************************************\n * remove leading/trailing whitespace\n ***************************************************************************/\nstatic void\ntrim(char *line, size_t sizeof_line)\n{\n if (sizeof_line > strlen(line))\n sizeof_line = strlen(line);\n\n while (isspace(*line & 0xFF))\n memmove(line, line+1, sizeof_line--);\n while (*line && isspace(line[sizeof_line-1] & 0xFF))\n line[--sizeof_line] = '\\0';\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nmasscan_read_config_file(struct Masscan *masscan, const char *filename)\n{\n FILE *fp;\n char line[65536];\n\n fp = fopen(filename, \"rt\");\n if (fp == NULL) {\n char dir[512];\n char *x;\n \n fprintf(stderr, \"[-] FAIL: reading configuration file\\n\");\n fprintf(stderr, \"[-] %s: %s\\n\", filename, strerror(errno));\n\n x = getcwd(dir, sizeof(dir));\n if (x)\n fprintf(stderr, \"[-] cwd = %s\\n\", dir);\n return;\n }\n\n while (fgets(line, sizeof(line), fp)) {\n char *name;\n char *value;\n\n trim(line, sizeof(line));\n\n if (ispunct(line[0] & 0xFF) || line[0] == '\\0')\n continue;\n\n name = line;\n value = strchr(line, '=');\n if (value == NULL)\n continue;\n *value = '\\0';\n value++;\n trim(name, sizeof(line));\n trim(value, sizeof(line));\n\n masscan_set_parameter(masscan, name, value);\n }\n\n fclose(fp);\n}\n\n\n\n/***************************************************************************\n ***************************************************************************/\nint masscan_conf_contains(const char *x, int argc, char **argv)\n{\n int i;\n\n for (i=0; i\n#include \n#include \n#include \"syn-cookie.h\"\n\n/**\n * This is the number of entries in our table. More entries does a better job at the\n * cost of using more memory.\n */\n#define DEDUP_ENTRIES 65536\n\nstruct DedupEntry_IPv4\n{\n unsigned ip_them;\n unsigned port_them;\n unsigned ip_me;\n unsigned port_me;\n};\n\nstruct DedupEntry_IPv6\n{\n ipv6address ip_them;\n ipv6address ip_me;\n unsigned short port_them;\n unsigned short port_me;\n};\n\n/**\n * This is simply the array of entries. We have two arrays, one for IPv4\n * and another for IPv6.\n */\nstruct DedupTable\n{\n struct DedupEntry_IPv4 entries[DEDUP_ENTRIES][4];\n struct DedupEntry_IPv6 entries6[DEDUP_ENTRIES][4];\n};\n\n/**\n * We use the FNv1a hash algorithm, which starts with this seed value.\n */\nconst unsigned fnv1a_seed = 0x811C9DC5; /* 2166136261 */\n\n/**\n * Hash one byte, the other hash functions of multiple bytes call this function.\n * @param hash\n * The current hash value that we keep updating as we repeatedly\n * call this function, or the `fnv1a_seed value on the first call to\n * this function.\n */\nstatic inline unsigned fnv1a(unsigned char c, unsigned hash)\n{\n const unsigned prime = 0x01000193; /* 16777619 */\n return (c ^ hash) * prime;\n}\n\nstatic unsigned fnv1a_string(const void *v_buf, size_t length, unsigned hash)\n{\n const unsigned char *buf = (const unsigned char *)v_buf;\n size_t i;\n for (i=0; i>0)&0xFF, hash);\n hash = fnv1a((data>>8)&0xFF, hash);\n return hash;\n}\nstatic inline unsigned fnv1a_longlong(unsigned long long data, unsigned hash)\n{\n return fnv1a_string(&data, 8, hash);\n}\n\n/**\n * Create a new table, which means simply allocating the object\n * and setting it to zero.\n */\nstruct DedupTable *\ndedup_create(void)\n{\n struct DedupTable *dedup;\n\n dedup = CALLOC(1, sizeof(*dedup));\n\n return dedup;\n}\n\n/**\n * There's nothing special we need to do to free the structure\n * since it's all contained in the single allocation.\n */\nvoid\ndedup_destroy(struct DedupTable *dedup)\n{\n free(dedup);\n}\n\n/**\n * Create a hash of the IPv6 socket. This doesn't have to be\n * cryptographically secure, so we are going to use the FNv1a algorithm.\n */\nstatic inline unsigned\ndedup_hash_ipv6(ipaddress ip_them, unsigned port_them, ipaddress ip_me, unsigned port_me)\n{\n unsigned hash = fnv1a_seed;\n hash = fnv1a_longlong(ip_them.ipv6.hi, hash);\n hash = fnv1a_longlong(ip_them.ipv6.lo, hash);\n hash = fnv1a_short(port_them, hash);\n hash = fnv1a_longlong(ip_me.ipv6.hi, hash);\n hash = fnv1a_longlong(ip_me.ipv6.lo, hash);\n hash = fnv1a_short(port_me, hash);\n return hash;\n}\n\n/**\n * If two IPv6 addresses are equal.\n */\nstatic inline int\nis_equal6(ipv6address lhs, ipv6address rhs)\n{\n return lhs.hi == rhs.hi && lhs.lo == rhs.lo;\n}\n\n/**\n * Swap two addresses in the table. This uses the classic XOR trick\n * rather than using a swap variable.\n */\nstatic inline void\nswap6(struct DedupEntry_IPv6 *lhs, struct DedupEntry_IPv6 *rhs)\n{\n lhs->ip_them.hi ^= rhs->ip_them.hi;\n lhs->ip_them.lo ^= rhs->ip_them.lo;\n lhs->port_them ^= rhs->port_them;\n lhs->ip_me.hi ^= rhs->ip_me.hi;\n lhs->ip_me.lo ^= rhs->ip_me.lo;\n lhs->port_me ^= rhs->port_me;\n\n rhs->ip_them.hi ^= lhs->ip_them.hi;\n rhs->ip_them.lo ^= lhs->ip_them.lo;\n rhs->port_them ^= lhs->port_them;\n rhs->ip_me.hi ^= lhs->ip_me.hi;\n rhs->ip_me.lo ^= lhs->ip_me.lo;\n rhs->port_me ^= lhs->port_me;\n\n lhs->ip_them.hi ^= rhs->ip_them.hi;\n lhs->ip_them.lo ^= rhs->ip_them.lo;\n lhs->port_them ^= rhs->port_them;\n lhs->ip_me.hi ^= rhs->ip_me.hi;\n lhs->ip_me.lo ^= rhs->ip_me.lo;\n lhs->port_me ^= rhs->port_me;\n}\n\n/**\n * This implements the same algorithm as for IPv4 addresses, but for\n * IPv6 addresses instead.\n */\nstatic unsigned\ndedup_is_duplicate_ipv6(struct DedupTable *dedup,\n ipaddress ip_them, unsigned port_them,\n ipaddress ip_me, unsigned port_me)\n{\n unsigned hash;\n struct DedupEntry_IPv6 *bucket;\n unsigned i;\n\n /* THREAT: probably need to secure this hash, though the syn-cookies\n * provides some protection */\n hash = dedup_hash_ipv6(ip_them, port_them, ip_me, port_me);\n hash &= DEDUP_ENTRIES-1;\n\n /* Search in this bucket */\n bucket = dedup->entries6[hash];\n\n /* If we find the entry in our table, move it to the front, so\n * that it won't be aged out as quickly. We keep prepending new\n * addresses to front, aging older addresses that haven't been\n * seen in a while. */\n for (i = 0; i < 4; i++) {\n if (is_equal6(bucket[i].ip_them, ip_them.ipv6) && bucket[i].port_them == port_them\n && is_equal6(bucket[i].ip_me, ip_me.ipv6) && bucket[i].port_me == port_me) {\n /* move to end of list so constant repeats get ignored */\n if (i > 0) {\n swap6(&bucket[0], &bucket[i]);\n }\n return 1;\n }\n }\n\n /* We didn't find it, so add it to our list. This will push\n * older entries at this bucket off the list */\n memmove(bucket, bucket+1, 3*sizeof(*bucket));\n bucket[0].ip_them.hi = ip_them.ipv6.hi;\n bucket[0].ip_them.lo = ip_them.ipv6.lo;\n bucket[0].port_them = (unsigned short)port_them;\n bucket[0].ip_me.hi = ip_me.ipv6.hi;\n bucket[0].ip_me.lo = ip_me.ipv6.lo;\n bucket[0].port_me = (unsigned short)port_me;\n\n return 0;\n\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic unsigned\ndedup_is_duplicate_ipv4(struct DedupTable *dedup,\n ipaddress ip_them, unsigned port_them,\n ipaddress ip_me, unsigned port_me)\n{\n unsigned hash;\n struct DedupEntry_IPv4 *bucket;\n unsigned i;\n\n /* THREAT: probably need to secure this hash, though the syn-cookies\n * provides some protection */\n hash = (ip_them.ipv4 + port_them) ^ ((ip_me.ipv4) + (ip_them.ipv4>>16)) ^ (ip_them.ipv4>>24) ^ port_me;\n hash &= DEDUP_ENTRIES-1;\n\n /* Search in this bucket */\n bucket = dedup->entries[hash];\n\n /* If we find the entry in our table, move it to the front, so\n * that it won't be aged out as quickly. We keep prepending new\n * addresses to front, aging older addresses that haven't been\n * seen in a while. */\n for (i = 0; i < 4; i++) {\n if (bucket[i].ip_them == ip_them.ipv4 && bucket[i].port_them == port_them\n && bucket[i].ip_me == ip_me.ipv4 && bucket[i].port_me == port_me) {\n /* move to end of list so constant repeats get ignored */\n if (i > 0) {\n bucket[i].ip_them ^= bucket[0].ip_them;\n bucket[i].port_them ^= bucket[0].port_them;\n bucket[i].ip_me ^= bucket[0].ip_me;\n bucket[i].port_me ^= bucket[0].port_me;\n\n bucket[0].ip_them ^= bucket[i].ip_them;\n bucket[0].port_them ^= bucket[i].port_them;\n bucket[0].ip_me ^= bucket[i].ip_me;\n bucket[0].port_me ^= bucket[i].port_me;\n\n bucket[i].ip_them ^= bucket[0].ip_them;\n bucket[i].port_them ^= bucket[0].port_them;\n bucket[i].ip_me ^= bucket[0].ip_me;\n bucket[i].port_me ^= bucket[0].port_me;\n }\n return 1;\n }\n }\n\n /* We didn't find it, so add it to our list. This will push\n * older entries at this bucket off the list */\n memmove(bucket, bucket+1, 3*sizeof(*bucket));\n bucket[0].ip_them = ip_them.ipv4;\n bucket[0].port_them = port_them;\n bucket[0].ip_me = ip_me.ipv4;\n bucket[0].port_me = port_me;\n\n return 0;\n\n}\n\n/***************************************************************************\n ***************************************************************************/\nunsigned\ndedup_is_duplicate(struct DedupTable *dedup,\n ipaddress ip_them, unsigned port_them,\n ipaddress ip_me, unsigned port_me)\n{\n if (ip_them.version == 6)\n return dedup_is_duplicate_ipv6(dedup, ip_them, port_them, ip_me, port_me);\n else\n return dedup_is_duplicate_ipv4(dedup, ip_them, port_them, ip_me, port_me);\n}\n\n\n/**\n * My own deterministic rand() function for testing this module\n */\nstatic unsigned\n_rand(unsigned *seed)\n{\n static const unsigned a = 214013;\n static const unsigned c = 2531011;\n\n *seed = (*seed) * a + c;\n return (*seed)>>16 & 0x7fff;\n}\n\n/*\n * Provide a simple unit test for this module.\n *\n * This is a pretty lame test. I'm going to generate\n * a set of random addresses, tweaked so that they aren't\n * too random, so that I get around 30 to 50 expected\n * duplicates. If I get zero duplicates, or if I get too\n * many duplicates in the test, then I know it's failed.\n *\n * This is in no way a reliable test that deterministically\n * tests the functionality. It's a crappy non-deterministic\n * test.\n *\n * We also do a simple deterministic test, but this still\n * is insufficient testing how duplicates age out and such.\n */\nint\ndedup_selftest(void)\n{\n struct DedupTable *dedup;\n unsigned seed = 0;\n size_t i;\n unsigned found_match = 0;\n unsigned line = 0;\n \n dedup = dedup_create();\n \n /* Deterministic test.\n *\n * The first time we check on a socket combo, there should\n * be no duplicate. The second time we check, however, there should\n * be a duplicate.\n */\n {\n ipaddress ip_me;\n ipaddress ip_them;\n unsigned port_me;\n unsigned port_them;\n \n ip_me.version = 4;\n ip_them.version = 4;\n ip_me.ipv4 = 0x12345678;\n ip_them.ipv4 = 0xabcdef0;\n port_me = 0x1234;\n port_them = 0xfedc;\n \n if (dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n line = __LINE__;\n goto fail;\n }\n if (!dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n line = __LINE__;\n goto fail;\n }\n \n ip_me.version = 6;\n ip_them.version = 6;\n ip_me.ipv6.hi = 0x12345678;\n\t ip_me.ipv6.lo = 0x12345678;\n ip_them.ipv6.hi = 0xabcdef0;\n ip_them.ipv6.lo = 0xabcdef0;\n\n if (dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n line = __LINE__;\n goto fail;\n }\n if (!dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n ipaddress_formatted_t fmt1 = ipaddress_fmt(ip_them);\n ipaddress_formatted_t fmt2 = ipaddress_fmt(ip_me);\n fprintf(stderr, \"[-] [%s]:%u -> [%s]:%u\\n\", \n\t\t\t fmt1.string, port_them,\n\t\t\t fmt2.string, port_me);\n line = __LINE__;\n goto fail;\n }\n \n }\n \n /* Test IPv4 addresses */\n for (i=0; i<100000; i++) {\n ipaddress ip_me;\n ipaddress ip_them;\n unsigned port_me;\n unsigned port_them;\n \n ip_me.version = 4;\n ip_them.version = 4;\n \n /* Instead of completely random numbers over the entire\n * range, each port/IP is restricted to just 512\n * random combinations. This should statistically\n * give us around 10 matches*/\n ip_me.ipv4 = _rand(&seed) & 0xFF800000;\n ip_them.ipv4 = _rand(&seed) & 0x1FF;\n port_me = _rand(&seed) & 0xFF80;\n port_them = _rand(&seed) & 0x1FF;\n \n if (dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n found_match++;\n }\n }\n \n /* Approximately 30 matches should be found. If we couldn't\n * find any, or if we've found too many, then the test has\n * failed. */\n if (found_match == 0 || found_match > 200) {\n line = __LINE__;\n goto fail;\n }\n \n /* Now do IPv6 */\n found_match = 0;\n seed = 0;\n \n /* Test IPv4 addresses */\n for (i=0; i<100000; i++) {\n ipaddress ip_me;\n ipaddress ip_them;\n unsigned port_me;\n unsigned port_them;\n \n ip_me.version = 6;\n ip_them.version = 6;\n \n /* Instead of completely random numbers over the entire\n * range, each port/IP is restricted to just 512\n * random combinations. This should statistically\n * give us around 10 matches*/\n ip_me.ipv6.hi = _rand(&seed) & 0xFF800000;\n ip_them.ipv6.lo = _rand(&seed) & 0x1FF;\n port_me = _rand(&seed) & 0xFF80;\n port_them = _rand(&seed) & 0x1FF;\n \n if (dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me)) {\n found_match++;\n }\n }\n\n /* The result should be same as for IPv4, around 30 matches found. */\n if (found_match == 0 || found_match > 200) {\n line = __LINE__;\n goto fail;\n }\n \n /* All tests have passed */\n return 0; /* success :) */\n\nfail:\n fprintf(stderr, \"[-] selftest: 'dedup' failed, file=%s, line=%u\\n\", __FILE__, line);\n return 1;\n}\n"
},
{
"path": "src/main-dedup.h",
"content": "#ifndef MAIN_DEDUP_H\n#define MAIN_DEDUP_H\n#include \"massip-addr.h\"\n\nstruct DedupTable *\ndedup_create(void);\n\nvoid\ndedup_destroy(struct DedupTable *table);\n\nunsigned\ndedup_is_duplicate( struct DedupTable *dedup,\n ipaddress ip_them, unsigned port_them,\n ipaddress ip_me, unsigned port_me);\n\n/**\n * Simple unit test\n * @return 0 on success, 1 on failure.\n */\nint dedup_selftest(void);\n\n\n#endif\n"
},
{
"path": "src/main-globals.h",
"content": "#ifndef MAIN_GLOBALS_H\n#define MAIN_GLOBALS_H\n#include \n\nextern unsigned volatile is_tx_done;\nextern unsigned volatile is_rx_done;\nextern time_t global_now;\n\n\n#endif\n"
},
{
"path": "src/main-initadapter.c",
"content": "#include \"masscan.h\"\n#include \"util-logger.h\"\n#include \"rawsock.h\"\n#include \"rawsock-adapter.h\"\n#include \"stack-arpv4.h\"\n#include \"stack-ndpv6.h\"\n#include \"stub-pcap-dlt.h\"\n\n\n/***************************************************************************\n * Initialize the network adapter.\n *\n * This requires finding things like our IP address, MAC address, and router\n * MAC address. The user could configure these things manually instead.\n *\n * Note that we don't update the \"static\" configuration with the discovered\n * values, but instead return them as the \"running\" configuration. That's\n * so if we pause and resume a scan, auto discovered values don't get saved\n * in the configuration file.\n ***************************************************************************/\nint\nmasscan_initialize_adapter(\n struct Masscan *masscan,\n unsigned index,\n macaddress_t *source_mac,\n macaddress_t *router_mac_ipv4,\n macaddress_t *router_mac_ipv6\n )\n{\n char *ifname;\n char ifname2[256];\n unsigned adapter_ip = 0;\n unsigned is_usable_ipv4 = !massip_has_ipv4_targets(&masscan->targets); /* I don't understand this line, seems opposite */\n unsigned is_usable_ipv6 = !massip_has_ipv6_targets(&masscan->targets); /* I don't understand this line, seems opposite */\n ipaddress_formatted_t fmt;\n\n /*\n * ADAPTER/NETWORK-INTERFACE\n *\n * If no network interface was configured, we need to go hunt down\n * the best Interface to use. We do this by choosing the first\n * interface with a \"default route\" (aka. \"gateway\") defined\n */\n if (masscan->nic[index].ifname[0])\n ifname = masscan->nic[index].ifname;\n else {\n /* no adapter specified, so find a default one */\n int err;\n ifname2[0] = '\\0';\n err = rawsock_get_default_interface(ifname2, sizeof(ifname2));\n if (err || ifname2[0] == '\\0') {\n LOG(0, \"[-] FAIL: could not determine default interface\\n\");\n LOG(0, \" [hint] try \\\"--interface ethX\\\"\\n\");\n return -1;\n }\n ifname = ifname2;\n }\n LOG(1, \"[+] interface = %s\\n\", ifname);\n\n /*\n * START ADAPTER\n *\n * Once we've figured out which adapter to use, we now need to\n * turn it on.\n */\n masscan->nic[index].adapter = rawsock_init_adapter(\n ifname,\n masscan->is_pfring,\n masscan->is_sendq,\n masscan->nmap.packet_trace,\n masscan->is_offline,\n (void*)masscan->bpf_filter,\n masscan->nic[index].is_vlan,\n masscan->nic[index].vlan_id);\n if (masscan->nic[index].adapter == 0) {\n LOG(0, \"[-] if:%s:init: failed\\n\", ifname);\n return -1;\n }\n masscan->nic[index].link_type = masscan->nic[index].adapter->link_type;\n LOG(1, \"[+] interface-type = %u\\n\", masscan->nic[index].link_type);\n rawsock_ignore_transmits(masscan->nic[index].adapter, ifname);\n\n /*\n * MAC ADDRESS\n *\n * This is the address we send packets from. It actually doesn't really\n * matter what this address is, but to be a \"responsible\" citizen we\n * try to use the hardware address in the network card.\n */\n if (masscan->nic[index].link_type == PCAP_DLT_NULL) {\n LOG(1, \"[+] source-mac = %s\\n\", \"none\");\n } else if (masscan->nic[index].link_type == PCAP_DLT_RAW) {\n LOG(1, \"[+] source-mac = %s\\n\", \"none\");\n } else {\n *source_mac = masscan->nic[index].source_mac;\n if (masscan->nic[index].my_mac_count == 0) {\n if (macaddress_is_zero(*source_mac)) {\n rawsock_get_adapter_mac(ifname, source_mac->addr);\n }\n /* If still zero, then print error message */\n if (macaddress_is_zero(*source_mac)) {\n fprintf(stderr, \"[-] FAIL: failed to detect MAC address of interface:\"\n \" \\\"%s\\\"\\n\", ifname);\n fprintf(stderr, \" [hint] try something like \"\n \"\\\"--source-mac 00-11-22-33-44-55\\\"\\n\");\n return -1;\n }\n }\n \n fmt = macaddress_fmt(*source_mac);\n LOG(1, \"[+] source-mac = %s\\n\", fmt.string);\n }\n \n\n /*\n * IPv4 ADDRESS\n *\n * We need to figure out that IP address to send packets from. This\n * is done by querying the adapter (or configured by user). If the\n * adapter doesn't have one, then the user must configure one.\n */\n if (massip_has_ipv4_targets(&masscan->targets)) {\n adapter_ip = masscan->nic[index].src.ipv4.first;\n if (adapter_ip == 0) {\n adapter_ip = rawsock_get_adapter_ip(ifname);\n masscan->nic[index].src.ipv4.first = adapter_ip;\n masscan->nic[index].src.ipv4.last = adapter_ip;\n masscan->nic[index].src.ipv4.range = 1;\n }\n if (adapter_ip == 0) {\n /* We appear to have IPv4 targets, yet we cannot find an adapter\n * to use for those targets. We are having trouble querying the\n * operating system stack. */\n LOG(0, \"[-] FAIL: failed to detect IP of interface \\\"%s\\\"\\n\", ifname);\n LOG(0, \" [hint] did you spell the name correctly?\\n\");\n LOG(0, \" [hint] if it has no IP address, manually set with something like \"\n \"\\\"--source-ip 198.51.100.17\\\"\\n\");\n if (massip_has_ipv4_targets(&masscan->targets)) {\n return -1;\n }\n }\n \n fmt = ipv4address_fmt(adapter_ip);\n LOG(1, \"[+] source-ip = %s\\n\", fmt.string);\n \n if (adapter_ip != 0)\n is_usable_ipv4 = 1;\n \n /*\n * ROUTER MAC ADDRESS\n *\n * NOTE: this is one of the least understood aspects of the code. We must\n * send packets to the local router, which means the MAC address (not\n * IP address) of the router.\n *\n * Note: in order to ARP the router, we need to first enable the libpcap\n * code above.\n */\n *router_mac_ipv4 = masscan->nic[index].router_mac_ipv4;\n if (masscan->is_offline) {\n /* If we are doing offline benchmarking/testing, then create\n * a fake MAC address fro the router */\n memcpy(router_mac_ipv4->addr, \"\\x66\\x55\\x44\\x33\\x22\\x11\", 6);\n } else if (masscan->nic[index].link_type == PCAP_DLT_NULL) {\n /* If it's a VPN tunnel, then there is no Ethernet MAC address */\n LOG(1, \"[+] router-mac-ipv4 = %s\\n\", \"implicit\");\n\t} else if (masscan->nic[index].link_type == PCAP_DLT_RAW) {\n /* If it's a VPN tunnel, then there is no Ethernet MAC address */\n LOG(1, \"[+] router-mac-ipv4 = %s\\n\", \"implicit\");\n } else if (macaddress_is_zero(*router_mac_ipv4)) {\n ipv4address_t router_ipv4 = masscan->nic[index].router_ip;\n int err = 0;\n\n\n LOG(2, \"[+] if(%s): looking for default gateway\\n\", ifname);\n if (router_ipv4 == 0)\n err = rawsock_get_default_gateway(ifname, &router_ipv4);\n if (err == 0) {\n fmt = ipv4address_fmt(router_ipv4);\n LOG(1, \"[+] router-ip = %s\\n\", fmt.string);\n LOG(2, \"[+] if(%s):arp: resolving IPv4 address\\n\", ifname);\n \n stack_arp_resolve(\n masscan->nic[index].adapter,\n adapter_ip,\n *source_mac,\n router_ipv4,\n router_mac_ipv4);\n }\n \n fmt = macaddress_fmt(*router_mac_ipv4);\n LOG(1, \"[+] router-mac-ipv4 = %s\\n\", fmt.string);\n if (macaddress_is_zero(*router_mac_ipv4)) {\n fmt = ipv4address_fmt(masscan->nic[index].router_ip);\n LOG(0, \"[-] FAIL: ARP timed-out resolving MAC address for router %s: \\\"%s\\\"\\n\", ifname, fmt.string);\n LOG(0, \" [hint] try \\\"--router ip 192.0.2.1\\\" to specify different router\\n\");\n LOG(0, \" [hint] try \\\"--router-mac 66-55-44-33-22-11\\\" instead to bypass ARP\\n\");\n LOG(0, \" [hint] try \\\"--interface eth0\\\" to change interface\\n\");\n return -1;\n }\n }\n }\n \n\n /*\n * IPv6 ADDRESS\n *\n * We need to figure out that IPv6 address to send packets from. This\n * is done by querying the adapter (or configured by user). If the\n * adapter doesn't have one, then the user must configure one.\n */\n if (massip_has_ipv6_targets(&masscan->targets)) {\n ipv6address adapter_ipv6 = masscan->nic[index].src.ipv6.first;\n if (ipv6address_is_zero(adapter_ipv6)) {\n adapter_ipv6 = rawsock_get_adapter_ipv6(ifname);\n masscan->nic[index].src.ipv6.first = adapter_ipv6;\n masscan->nic[index].src.ipv6.last = adapter_ipv6;\n masscan->nic[index].src.ipv6.range = 1;\n }\n if (ipv6address_is_zero(adapter_ipv6)) {\n fprintf(stderr, \"[-] FAIL: failed to detect IPv6 address of interface \\\"%s\\\"\\n\",\n ifname);\n fprintf(stderr, \" [hint] did you spell the name correctly?\\n\");\n fprintf(stderr, \" [hint] if it has no IP address, manually set with something like \"\n \"\\\"--source-ip 2001:3b8::1234\\\"\\n\");\n return -1;\n }\n fmt = ipv6address_fmt(adapter_ipv6);\n LOG(1, \"[+] source-ip = [%s]\\n\", fmt.string);\n is_usable_ipv6 = 1;\n \n /*\n * ROUTER MAC ADDRESS\n */\n *router_mac_ipv6 = masscan->nic[index].router_mac_ipv6;\n if (masscan->is_offline) {\n memcpy(router_mac_ipv6->addr, \"\\x66\\x55\\x44\\x33\\x22\\x11\", 6);\n }\n if (macaddress_is_zero(*router_mac_ipv6)) {\n /* [synchronous]\n * Wait for router neighbor notification. This may take\n * some time */\n stack_ndpv6_resolve(\n masscan->nic[index].adapter,\n adapter_ipv6,\n *source_mac,\n router_mac_ipv6);\n }\n \n fmt = macaddress_fmt(*router_mac_ipv6);\n LOG(1, \"[+] router-mac-ipv6 = %s\\n\", fmt.string);\n if (macaddress_is_zero(*router_mac_ipv6)) {\n fmt = ipv4address_fmt(masscan->nic[index].router_ip);\n LOG(0, \"[-] FAIL: NDP timed-out resolving MAC address for router %s: \\\"%s\\\"\\n\", ifname, fmt.string);\n LOG(0, \" [hint] try \\\"--router-mac-ipv6 66-55-44-33-22-11\\\" instead to bypass ARP\\n\");\n LOG(0, \" [hint] try \\\"--interface eth0\\\" to change interface\\n\");\n return -1;\n }\n\n\n }\n\n masscan->nic[index].is_usable = (is_usable_ipv4 & is_usable_ipv6);\n\n\n\n LOG(2, \"[+] if(%s): initialization done.\\n\", ifname);\n return 0;\n}\n"
},
{
"path": "src/main-listscan.c",
"content": "#include \"masscan.h\"\n#include \"util-logger.h\"\n#include \"crypto-blackrock.h\"\n\n\nvoid\nmain_listscan(struct Masscan *masscan)\n{\n uint64_t i;\n uint64_t range;\n uint64_t start;\n uint64_t end;\n struct BlackRock blackrock;\n unsigned increment = masscan->shard.of;\n uint64_t seed = masscan->seed;\n\n /* If called with no ports, then create a pseudo-port needed\n * for the internal algorithm. */\n if (!massip_has_target_ports(&masscan->targets))\n rangelist_add_range(&masscan->targets.ports, 80, 80);\n massip_optimize(&masscan->targets);\n\n /* The \"range\" is the total number of IP/port combinations that\n * the scan can produce */\n range = massip_range(&masscan->targets).lo;\n\n\ninfinite:\n blackrock_init(&blackrock, range, seed, masscan->blackrock_rounds);\n\n start = masscan->resume.index + (masscan->shard.one-1);\n end = range;\n if (masscan->resume.count && end > start + masscan->resume.count)\n end = start + masscan->resume.count;\n end += (uint64_t)(masscan->retries * masscan->max_rate);\n\n for (i=start; itargets, xXx, &addr, &port);\n \n\n if (masscan->is_test_csv) {\n /* [KLUDGE] [TEST]\n * For testing randomness output, prints last two bytes of\n * IP address as CSV format for import into spreadsheet\n */\n printf(\"%u,%u\\n\",(addr.ipv4>>8)&0xFF, (addr.ipv4>>0)&0xFF);\n } else if (masscan->targets.count_ports == 1) {\n ipaddress_formatted_t fmt = ipaddress_fmt(addr);\n /* This is the normal case */\n printf(\"%s\\n\", fmt.string);\n } else {\n ipaddress_formatted_t fmt = ipaddress_fmt(addr);\n if (addr.version == 6)\n printf(\"[%s]:%u\\n\", fmt.string, port);\n else\n printf(\"%s:%u\\n\", fmt.string, port);\n }\n\n i += increment; /* <------ increment by 1 normally, more with shards/NICs */\n }\n\n if (masscan->is_infinite) {\n seed++;\n goto infinite;\n }\n}\n"
},
{
"path": "src/main-ptrace.c",
"content": "#include \"main-ptrace.h\"\n#include \"proto-preprocess.h\"\n#include \"pixie-timer.h\"\n#include \"util-safefunc.h\"\n\n\n/***************************************************************************\n * Print packet info, when using nmap-style --packet-trace option\n ***************************************************************************/\nvoid\npacket_trace(FILE *fp, double pt_start, const unsigned char *px, size_t length, unsigned is_sent)\n{\n unsigned x;\n struct PreprocessedInfo parsed;\n char from[64];\n char to[64];\n char sz_type[32];\n unsigned type;\n double timestamp = 1.0 * pixie_gettime() / 1000000.0;\n unsigned offset;\n const char *direction;\n ipaddress_formatted_t fmt;\n\n if (is_sent)\n direction = \"SENT\";\n else\n direction = \"RCVD\";\n\n /* parse the packet */\n x = preprocess_frame(px, (unsigned)length, 1, &parsed);\n if (!x)\n return;\n offset = parsed.found_offset;\n\n\n /* format the IP addresses into fixed-width fields */\n fmt = ipaddress_fmt(parsed.src_ip);\n snprintf(from, sizeof(from), \"[%s]:%u\", fmt.string, parsed.port_src);\n\n fmt = ipaddress_fmt(parsed.dst_ip);\n snprintf(to, sizeof(to), \"[%s]:%u\", fmt.string, parsed.port_dst);\n\n switch (parsed.found) {\n case FOUND_ARP:\n type = px[offset+6]<<8 | px[offset+7];\n *strchr(to, ':') = '\\0';\n *strchr(from, ':') = '\\0';\n switch (type) {\n case 1:safe_strcpy(sz_type, sizeof(sz_type), \"request\"); break;\n case 2:safe_strcpy(sz_type, sizeof(sz_type), \"response\"); break;\n default: snprintf(sz_type, sizeof(sz_type), \"unknown(%u)\", type); break;\n }\n fprintf(fp, \"%s (%5.4f) ARP %-21s > %-21s %s\\n\", direction,\n timestamp - pt_start, from, to, sz_type);\n break;\n case FOUND_DNS:\n case FOUND_UDP:\n fprintf(fp, \"%s (%5.4f) UDP %-21s > %-21s \\n\", direction,\n timestamp - pt_start, from, to);\n break;\n case FOUND_ICMP:\n fprintf(fp, \"%s (%5.4f) ICMP %-21s > %-21s \\n\", direction,\n timestamp - pt_start, from, to);\n break;\n case FOUND_TCP:\n type = px[offset+13];\n switch (type) {\n case 0x00: safe_strcpy(sz_type, sizeof(sz_type), \"NULL\"); break;\n case 0x01: safe_strcpy(sz_type, sizeof(sz_type), \"FIN\"); break;\n case 0x11: safe_strcpy(sz_type, sizeof(sz_type), \"FIN-ACK\"); break;\n case 0x19: safe_strcpy(sz_type, sizeof(sz_type), \"FIN-ACK-PSH\"); break;\n case 0x02: safe_strcpy(sz_type, sizeof(sz_type), \"SYN\"); break;\n case 0x12: safe_strcpy(sz_type, sizeof(sz_type), \"SYN-ACK\"); break;\n case 0x04: safe_strcpy(sz_type, sizeof(sz_type), \"RST\"); break;\n case 0x14: safe_strcpy(sz_type, sizeof(sz_type), \"RST-ACK\"); break;\n case 0x15: safe_strcpy(sz_type, sizeof(sz_type), \"RST-FIN-ACK\"); break;\n case 0x10: safe_strcpy(sz_type, sizeof(sz_type), \"ACK\"); break;\n case 0x18: safe_strcpy(sz_type, sizeof(sz_type), \"ACK-PSH\"); break;\n default:\n snprintf(sz_type, sizeof(sz_type),\n \"%s%s%s%s%s%s%s%s\",\n (type&0x01)?\"FIN\":\"\",\n (type&0x02)?\"SYN\":\"\",\n (type&0x04)?\"RST\":\"\",\n (type&0x08)?\"PSH\":\"\",\n (type&0x10)?\"ACK\":\"\",\n (type&0x20)?\"URG\":\"\",\n (type&0x40)?\"ECE\":\"\",\n (type&0x80)?\"CWR\":\"\"\n );\n break;\n }\n if (parsed.app_length)\n fprintf(fp, \"%s (%5.4f) TCP %-21s > %-21s %s %u-bytes\\n\", direction,\n timestamp - pt_start, from, to, sz_type, parsed.app_length);\n else\n fprintf(fp, \"%s (%5.4f) TCP %-21s > %-21s %s\\n\", direction,\n timestamp - pt_start, from, to, sz_type);\n break;\n case FOUND_IPV6:\n break;\n default:\n fprintf(fp, \"%s (%5.4f) UNK %-21s > %-21s [%u]\\n\", direction,\n timestamp - pt_start, from, to, parsed.found);\n break;\n }\n\n\n}\n"
},
{
"path": "src/main-ptrace.h",
"content": "#ifndef masscan_main_ptrace_h\n#define masscan_main_ptrace_h\n#include \n#include \n\n\nvoid packet_trace(FILE *fp, double pt_trace, const unsigned char *px, size_t length, unsigned is_sent);\n\n\n#endif\n"
},
{
"path": "src/main-readrange.c",
"content": "#include \"main-readrange.h\"\n#include \"masscan.h\"\n#include \n\n/***************************************************************************\n ***************************************************************************/\n/*static unsigned\ncount_cidr_bits(struct Range range)\n{\n unsigned i;\n\n for (i=0; i<32; i++) {\n unsigned mask = 0xFFFFFFFF >> i;\n\n if ((range.begin & ~mask) == (range.end & ~mask)) {\n if ((range.begin & mask) == 0 && (range.end & mask) == mask)\n return i;\n }\n }\n\n return 0;\n}*/\n\n/***************************************************************************\n ***************************************************************************/\nstatic unsigned\ncount_cidr6_bits(struct Range6 range)\n{\n uint64_t i;\n\n /* Kludge: can't handle more than 64-bits of CIDR ranges */\n if (range.begin.hi != range.begin.lo)\n return 0;\n\n for (i=0; i<64; i++) {\n uint64_t mask = 0xFFFFFFFFffffffffull >> i;\n\n if ((range.begin.lo & ~mask) == (range.end.lo & ~mask)) {\n if ((range.begin.lo & mask) == 0 && (range.end.lo & mask) == mask)\n return (unsigned)i;\n }\n }\n\n return 0;\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nmain_readrange(struct Masscan *masscan)\n{\n struct RangeList *list4 = &masscan->targets.ipv4;\n struct Range6List *list6 = &masscan->targets.ipv6;\n unsigned i;\n FILE *fp = stdout;\n\n for (i=0; icount; i++) {\n unsigned prefix_length;\n struct Range range = list4->list[i];\n\n if (range.begin == range.end) {\n fprintf(fp, \"%u.%u.%u.%u\\n\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF\n );\n } else if (range_is_cidr(range, &prefix_length)) {\n fprintf(fp, \"%u.%u.%u.%u/%u\\n\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF,\n prefix_length\n );\n } else {\n fprintf(fp, \"%u.%u.%u.%u-%u.%u.%u.%u\\n\",\n (range.begin>>24)&0xFF,\n (range.begin>>16)&0xFF,\n (range.begin>> 8)&0xFF,\n (range.begin>> 0)&0xFF,\n (range.end>>24)&0xFF,\n (range.end>>16)&0xFF,\n (range.end>> 8)&0xFF,\n (range.end>> 0)&0xFF\n );\n }\n }\n\n for (i=0; icount; i++) {\n struct Range6 range = list6->list[i];\n ipaddress_formatted_t fmt = ipv6address_fmt(range.begin);\n fprintf(fp, \"%s\", fmt.string);\n if (!ipv6address_is_equal(range.begin, range.end)) {\n unsigned cidr_bits = count_cidr6_bits(range);\n if (cidr_bits) {\n fprintf(fp, \"/%u\", cidr_bits);\n } else {\n fmt = ipv6address_fmt(range.end);\n fprintf(fp, \"-%s\", fmt.string);\n }\n }\n fprintf(fp, \"\\n\");\n }\n\n}\n"
},
{
"path": "src/main-readrange.h",
"content": "#ifndef MAIN_READRANGE_H\n#define MAIN_READRANGE_H\nstruct Masscan;\n\nvoid\nmain_readrange(struct Masscan *masscan);\n\n#endif\n"
},
{
"path": "src/main-status.c",
"content": "/*\n prints \"status\" message once per second to the commandline\n\n The status message indicates:\n - the rate in packets-per-second\n - %done\n - estimated time remaining of the scan\n - number of 'tcbs' (TCP control blocks) of active TCP connections\n\n*/\n#include \"main-status.h\"\n#include \"pixie-timer.h\"\n#include \"unusedparm.h\"\n#include \"main-globals.h\"\n#include \"util-safefunc.h\"\n#include \"util-bool.h\"\n#include \n\n\n/***************************************************************************\n * Print a status message about once-per-second to the command-line. This\n * algorithm is a little funky because checking the timestamp on EVERY\n * packet is slow.\n ***************************************************************************/\nvoid\nstatus_print(\n struct Status *status,\n uint64_t count,\n uint64_t max_count,\n double pps,\n uint64_t total_tcbs,\n uint64_t total_synacks,\n uint64_t total_syns,\n uint64_t exiting,\n bool json_status)\n{\n double elapsed_time;\n double rate;\n double now;\n double percent_done;\n double time_remaining;\n uint64_t current_tcbs = 0;\n uint64_t current_synacks = 0;\n uint64_t current_syns = 0;\n double tcb_rate = 0.0;\n double synack_rate = 0.0;\n double syn_rate = 0.0;\n double kpps = pps / 1000;\n const char *fmt;\n\n /* Support for --json-status; does not impact legacy/default output */\n \n /**\n * {\"state\":\"*\",\"rate\":{\"kpps\":24.99,\"pps\":24985.49,\"synps\": 27763,\"ackps\":4,\"tcbps\":4},\"tcb\": 33,\"syn\":246648}\n */\n const char* json_fmt_infinite =\n \"{\"\n \"\\\"state\\\":\\\"*\\\",\"\n \"\\\"rate\\\":\"\n \"{\"\n \"\\\"kpps\\\":%.2f,\"\n \"\\\"pps\\\":%6$.2f,\"\n \"\\\"synps\\\":%.0f,\"\n \"\\\"ackps\\\":%.0f,\"\n \"\\\"tcbps\\\":%.0f\"\n \"},\"\n \"\\\"tcb\\\":%5$\" PRIu64 \",\"\n \"\\\"syn\\\":%7$\" PRIu64\n \"}\\n\";\n \n /**\n * {\"state\":\"waiting\",\"rate\":{\"kpps\":0.00,\"pps\":0.00},\"progress\":{\"percent\":21.87,\"seconds\":4,\"found\":56,\"syn\":{\"sent\": 341436,\"total\":1561528,\"remaining\":1220092}}}\n */\n const char *json_fmt_waiting = \n \"{\"\n \"\\\"state\\\":\\\"waiting\\\",\"\n \"\\\"rate\\\":\"\n \"{\"\n \"\\\"kpps\\\":%.2f,\"\n \"\\\"pps\\\":%5$.2f\"\n \"},\"\n \"\\\"progress\\\":\"\n \"{\"\n \"\\\"percent\\\":%.2f,\"\n \"\\\"seconds\\\":%d,\"\n \"\\\"found\\\":%\" PRIu64 \",\"\n \"\\\"syn\\\":\"\n \"{\"\n \"\\\"sent\\\":%6$\" PRIu64 \",\"\n \"\\\"total\\\":%7$\" PRIu64 \",\"\n \"\\\"remaining\\\":%8$\" PRIu64\n \"}\" \n \"}\"\n \"}\\n\";\n\n /**\n * {\"state\":\"running\",\"rate\":{\"kpps\":24.92,\"pps\":24923.07},\"progress\":{\"percent\":9.77,\"eta\":{\n * \"hours\":0,\"mins\":0,\"seconds\":55},\"syn\":{\"sent\": 152510,\"total\": 1561528,\"remaining\": 1409018},\"found\": 27}}\n */\n const char *json_fmt_running = \n \"{\"\n \"\\\"state\\\":\\\"running\\\",\"\n \"\\\"rate\\\":\"\n \"{\"\n \"\\\"kpps\\\":%.2f,\"\n \"\\\"pps\\\":%7$.2f\"\n \"},\"\n \"\\\"progress\\\":\"\n \"{\"\n \"\\\"percent\\\":%.2f,\"\n \"\\\"eta\\\":\"\n \"{\"\n \"\\\"hours\\\":%u,\"\n \"\\\"mins\\\":%u,\"\n \"\\\"seconds\\\":%u\"\n \"},\"\n \"\\\"syn\\\":\"\n \"{\"\n \"\\\"sent\\\":%8$\" PRIu64 \",\"\n \"\\\"total\\\":%9$\" PRIu64 \",\"\n \"\\\"remaining\\\":%10$\" PRIu64\n \"},\" \n \"\\\"found\\\":%6$\" PRIu64\n \"}\"\n \"}\\n\";\n\n /*\n * #### FUGGLY TIME HACK ####\n *\n * PF_RING doesn't timestamp packets well, so we can't base time from\n * incoming packets. Checking the time ourself is too ugly on per-packet\n * basis. Therefore, we are going to create a global variable that keeps\n * the time, and update that variable whenever it's convenient. This\n * is one of those convenient places.\n */\n global_now = time(0);\n\n\n /* Get the time. NOTE: this is CLOCK_MONOTONIC_RAW on Linux, not\n * wall-clock time. */\n now = (double)pixie_gettime();\n\n /* Figure how many SECONDS have elapsed, in a floating point value.\n * Since the above timestamp is in microseconds, we need to\n * shift it by 1-million\n */\n elapsed_time = (now - status->last.clock)/1000000.0;\n if (elapsed_time <= 0)\n return;\n\n /* Figure out the \"packets-per-second\" number, which is just:\n *\n * rate = packets_sent / elapsed_time;\n */\n rate = (count - status->last.count)*1.0/elapsed_time;\n\n /*\n * Smooth the number by averaging over the last 8 seconds\n */\n status->last_rates[status->last_count++ & 0x7] = rate;\n rate = status->last_rates[0]\n + status->last_rates[1]\n + status->last_rates[2]\n + status->last_rates[3]\n + status->last_rates[4]\n + status->last_rates[5]\n + status->last_rates[6]\n + status->last_rates[7]\n ;\n rate /= 8;\n /*if (rate == 0)\n return;*/\n\n /*\n * Calculate \"percent-done\", which is just the total number of\n * packets sent divided by the number we need to send.\n */\n percent_done = (double)(count*100.0/max_count);\n\n\n /*\n * Calculate the time remaining in the scan\n */\n time_remaining = (1.0 - percent_done/100.0) * (max_count / rate);\n\n /*\n * some other stats\n */\n if (total_tcbs) {\n current_tcbs = total_tcbs - status->total_tcbs;\n status->total_tcbs = total_tcbs;\n tcb_rate = (1.0*current_tcbs)/elapsed_time;\n }\n if (total_synacks) {\n current_synacks = total_synacks - status->total_synacks;\n status->total_synacks = total_synacks;\n synack_rate = (1.0*current_synacks)/elapsed_time;\n }\n if (total_syns) {\n current_syns = total_syns - status->total_syns;\n status->total_syns = total_syns;\n syn_rate = (1.0*current_syns)/elapsed_time;\n }\n\n /*\n * Print the message to so that can be redirected\n * to a file ( reports what systems were found).\n */\n\n if (status->is_infinite) {\n if (json_status == 1)\n fmt = json_fmt_infinite;\n else\n fmt = \"rate:%6.2f-kpps, syn/s=%.0f ack/s=%.0f tcb-rate=%.0f, %\" PRIu64 \"-tcbs, \\r\";\n\n fprintf(stderr,\n fmt,\n kpps,\n syn_rate,\n synack_rate,\n tcb_rate,\n total_tcbs,\n pps,\n count);\n } else {\n if (is_tx_done) {\n if (json_status == 1)\n fmt = json_fmt_waiting;\n else\n fmt = \"rate:%6.2f-kpps, %5.2f%% done, waiting %d-secs, found=%\" PRIu64 \" \\r\";\n\n fprintf(stderr,\n fmt,\n pps/1000.0,\n percent_done,\n (int)exiting,\n total_synacks,\n pps,\n count,\n max_count,\n max_count-count);\n \n } else {\n if (json_status == 1)\n fmt = json_fmt_running;\n else\n fmt = \"rate:%6.2f-kpps, %5.2f%% done,%4u:%02u:%02u remaining, found=%\" PRIu64 \" \\r\";\n\n fprintf(stderr,\n fmt,\n pps/1000.0,\n percent_done,\n (unsigned)(time_remaining/60/60),\n (unsigned)(time_remaining/60)%60,\n (unsigned)(time_remaining)%60,\n total_synacks,\n pps,\n count,\n max_count,\n max_count-count);\n }\n }\n fflush(stderr);\n\n /*\n * Remember the values to be diffed against the next time around\n */\n status->last.clock = now;\n status->last.count = count;\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nstatus_finish(struct Status *status)\n{\n UNUSEDPARM(status);\n fprintf(stderr,\n\" \\r\");\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nstatus_start(struct Status *status)\n{\n memset(status, 0, sizeof(*status));\n status->last.clock = clock();\n status->last.time = time(0);\n status->last.count = 0;\n status->timer = 0x1;\n}\n"
},
{
"path": "src/main-status.h",
"content": "#ifndef MAIN_STATUS_H\n#define MAIN_STATUS_H\n#include \n#include \n#include \"util-bool.h\"\n\nstruct Status\n{\n struct {\n double clock;\n time_t time;\n uint64_t count;\n } last;\n uint64_t timer;\n unsigned charcount;\n\n double last_rates[8];\n unsigned last_count;\n\n unsigned is_infinite:1;\n\n uint64_t total_tcbs;\n uint64_t total_synacks;\n uint64_t total_syns;\n};\n\n\nvoid status_print(struct Status *status, uint64_t count, uint64_t max_count, double x, uint64_t total_tcbs, uint64_t total_synacks, uint64_t total_syns, uint64_t exiting, bool json_status);\nvoid status_finish(struct Status *status);\nvoid status_start(struct Status *status);\n\n\n#endif\n"
},
{
"path": "src/main-throttle.c",
"content": "/*\n\n Rate-limit/throttler: stops us from transmitting too fast.\n\n We can send packets at millions of packets/second. This will\n melt most networks. Therefore, we need to throttle or rate-limit\n how fast we go.\n\n Since we are sending packet at a rate of 10-million-per-second, we\n the calculations need to be done in a light-weight manner. For one\n thing, we can't do a system-call per packet.\n\n NOTE: one complication to watch for is the difference between clock\n time and elapsed time, and that they change. We have to avoid a problem\n where somebody suspends the computer for a few days, then wake it up,\n at which point the system tries sending a million packets/second instead\n of the desired thousand packets/second.\n*/\n#include \"main-throttle.h\"\n#include \"pixie-timer.h\"\n#include \"util-logger.h\"\n#include \n#include \n\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nthrottler_start(struct Throttler *throttler, double max_rate)\n{\n unsigned i;\n\n memset(throttler, 0, sizeof(*throttler));\n\n throttler->max_rate = max_rate;\n\n for (i=0; ibuckets)/sizeof(throttler->buckets[0]); i++) {\n throttler->buckets[i].timestamp = pixie_gettime();\n throttler->buckets[i].packet_count = 0;\n }\n\n throttler->batch_size = 1;\n\n LOG(1, \"[+] starting throttler: rate = %0.2f-pps\\n\", throttler->max_rate);\n}\n\n\n/***************************************************************************\n * We return the number of packets that can be sent in a batch. Thus,\n * instead of trying to throttle each packet individually, which has a\n * high per-packet cost, we try to throttle a bunch at a time. Normally,\n * this function will return 1, only at high rates does it return larger\n * numbers.\n *\n * NOTE: The minimum value this returns is 1. When it's less than that,\n * it'll pause and wait until it's ready to send a packet.\n ***************************************************************************/\nuint64_t\nthrottler_next_batch(struct Throttler *throttler, uint64_t packet_count)\n{\n uint64_t timestamp;\n uint64_t index;\n uint64_t old_timestamp;\n uint64_t old_packet_count;\n double current_rate;\n double max_rate = throttler->max_rate;\n\nagain:\n\n /* NOTE: this uses CLOCK_MONOTONIC_RAW on Linux, so the timstamp doesn't\n * move forward when the machine is suspended */\n timestamp = pixie_gettime();\n\n /*\n * We record that last 256 buckets, and average the rate over all of\n * them.\n */\n index = (throttler->index) & 0xFF;\n throttler->buckets[index].timestamp = timestamp;\n throttler->buckets[index].packet_count = packet_count;\n\n index = (++throttler->index) & 0xFF;\n old_timestamp = throttler->buckets[index].timestamp;\n old_packet_count = throttler->buckets[index].packet_count;\n\n /*\n * If the delay is more than 1-second, then we should reset the system\n * in order to avoid transmitting too fast.\n */\n if (timestamp - old_timestamp > 1000000) {\n //throttler_start(throttler, throttler->max_rate);\n throttler->batch_size = 1;\n goto again;\n }\n\n /*\n * Calculate the recent rate.\n * NOTE: this isn't the rate \"since start\", but only the \"recent\" rate.\n * That's so that if the system pauses for a while, we don't flood the\n * network trying to catch up.\n */\n current_rate = 1.0*(packet_count - old_packet_count)/((timestamp - old_timestamp)/1000000.0);\n\n\n /*\n * If we've been going too fast, then for a moment, then\n * try again.\n */\n if (current_rate > max_rate) {\n double waittime;\n\n /* calculate waittime, in seconds */\n waittime = (current_rate - max_rate) / throttler->max_rate;\n\n /* At higher rates of speed, we don't actually need to wait the full\n * interval. It's better to have a much smaller interval, so that\n * we converge back on the true rate faster */\n waittime *= 0.1;\n\n /* This is in case of gross failure of the system. This should never\n * actually happen, unless there is a bug. Really, I ought to make\n * this an 'assert()' instead to fail and fix the bug rather than\n * silently continuing, but I'm too lazy */\n if (waittime > 0.1)\n waittime = 0.1;\n\n /* Since we've exceeded the speed limit, we should reduce the\n * batch size slightly. We don't do it only by a little bit to\n * avoid over-correcting. We want to converge on the correct\n * speed gradually. Note that since this happens hundreds or\n * thousands of times a second, the convergence is very fast\n * even with 0.1% adjustment */\n throttler->batch_size *= 0.999;\n\n /* Now we wait for a bit */\n pixie_usleep((uint64_t)(waittime * 1000000.0));\n\n /* There are two choices here. We could either return immediately,\n * or we can loop around again. Right now, the code loops around\n * again in order to support very slow rates, such as 0.5 packets\n * per second. Nobody would want to run a scanner that slowly of\n * course, but it's great for testing */\n //return (uint64_t)throttler->batch_size;\n goto again;\n }\n\n /*\n * Calculate how many packets are needed to catch up again to the current\n * rate, and return that.\n *\n * NOTE: this is almost always going to have the value of 1 (one). Only at\n * very high speeds (above 100,000 packets/second) will this value get\n * larger.\n */\n throttler->batch_size *= 1.005;\n if (throttler->batch_size > 10000)\n throttler->batch_size = 10000;\n throttler->current_rate = current_rate;\n\n throttler->test_timestamp = timestamp;\n throttler->test_packet_count = packet_count;\n return (uint64_t)throttler->batch_size;\n}\n"
},
{
"path": "src/main-throttle.h",
"content": "#ifndef MAIN_THROTTLE_H\n#define MAIN_THROTTLE_H\n#include \n\nstruct Throttler\n{\n double max_rate;\n double current_rate;\n double batch_size;\n\n unsigned index;\n\n struct {\n uint64_t timestamp;\n uint64_t packet_count;\n } buckets[256];\n\n uint64_t test_timestamp;\n uint64_t test_packet_count;\n\n};\n\n\nuint64_t throttler_next_batch(struct Throttler *throttler, uint64_t count);\nvoid throttler_start(struct Throttler *status, double max_rate);\n\n#endif\n"
},
{
"path": "src/main.c",
"content": "/*\n\n main\n\n This includes:\n\n * main()\n * transmit_thread() - transmits probe packets\n * receive_thread() - receives response packets\n\n You'll be wanting to study the transmit/receive threads, because that's\n where all the action is.\n\n This is the lynch-pin of the entire program, so it includes a heckuva lot\n of headers, and the functions have a lot of local variables. I'm trying\n to make this file relative \"flat\" this way so that everything is visible.\n*/\n#include \"masscan.h\"\n#include \"masscan-version.h\"\n#include \"masscan-status.h\" /* open or closed */\n#include \"massip-parse.h\"\n#include \"massip-port.h\"\n#include \"main-status.h\" /* printf() regular status updates */\n#include \"main-throttle.h\" /* rate limit */\n#include \"main-dedup.h\" /* ignore duplicate responses */\n#include \"main-ptrace.h\" /* for nmap --packet-trace feature */\n#include \"main-globals.h\" /* all the global variables in the program */\n#include \"main-readrange.h\"\n#include \"crypto-siphash24.h\" /* hash function, for hash tables */\n#include \"crypto-blackrock.h\" /* the BlackRock shuffling func */\n#include \"crypto-lcg.h\" /* the LCG randomization func */\n#include \"crypto-base64.h\" /* base64 encode/decode */\n#include \"templ-pkt.h\" /* packet template, that we use to send */\n#include \"util-logger.h\" /* adjust with -v command-line opt */\n#include \"stack-ndpv6.h\" /* IPv6 Neighbor Discovery Protocol */\n#include \"stack-arpv4.h\" /* Handle ARP resolution and requests */\n#include \"rawsock.h\" /* API on top of Linux, Windows, Mac OS X*/\n#include \"rawsock-adapter.h\" /* Get Ethernet adapter configuration */\n#include \"rawsock-pcapfile.h\" /* for saving pcap files w/ raw packets */\n#include \"syn-cookie.h\" /* for SYN-cookies on send */\n#include \"output.h\" /* for outputting results */\n#include \"rte-ring.h\" /* producer/consumer ring buffer */\n#include \"stub-pcap.h\" /* dynamically load libpcap library */\n#include \"smack.h\" /* Aho-corasick state-machine pattern-matcher */\n#include \"pixie-timer.h\" /* portable time functions */\n#include \"pixie-threads.h\" /* portable threads */\n#include \"pixie-backtrace.h\" /* maybe print backtrace on crash */\n#include \"templ-payloads.h\" /* UDP packet payloads */\n#include \"in-binary.h\" /* convert binary output to XML/JSON */\n#include \"vulncheck.h\" /* checking vulns like monlist, poodle, heartblee */\n#include \"scripting.h\"\n#include \"read-service-probes.h\"\n#include \"misc-rstfilter.h\"\n#include \"proto-x509.h\"\n#include \"proto-arp.h\" /* for responding to ARP requests */\n#include \"proto-banner1.h\" /* for snatching banners from systems */\n#include \"stack-tcp-core.h\" /* for TCP/IP connection table */\n#include \"proto-preprocess.h\" /* quick parse of packets */\n#include \"proto-icmp.h\" /* handle ICMP responses */\n#include \"proto-udp.h\" /* handle UDP responses */\n#include \"proto-snmp.h\" /* parse SNMP responses */\n#include \"proto-ntp.h\" /* parse NTP responses */\n#include \"proto-coap.h\" /* CoAP selftest */\n#include \"proto-zeroaccess.h\"\n#include \"proto-sctp.h\"\n#include \"proto-oproto.h\" /* Other protocols on top of IP */\n#include \"util-malloc.h\"\n#include \"util-checksum.h\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#if defined(WIN32)\n#include \n#if defined(_MSC_VER)\n#pragma comment(lib, \"Ws2_32.lib\")\n#endif\n#else\n#include \n#include \n#include \n#endif\n\n/*\n * yea I know globals suck\n */\nunsigned volatile is_tx_done = 0;\nunsigned volatile is_rx_done = 0;\ntime_t global_now;\n\nuint64_t usec_start;\n\n\n/***************************************************************************\n * We create a pair of transmit/receive threads for each network adapter.\n * This structure contains the parameters we send to each pair.\n ***************************************************************************/\nstruct ThreadPair {\n /** This points to the central configuration. Note that it's 'const',\n * meaning that the thread cannot change the contents. That'd be\n * unsafe */\n const struct Masscan *masscan;\n\n /** The adapter used by the thread-pair. Normally, thread-pairs have\n * their own network adapter, especially when doing PF_RING\n * clustering. */\n struct Adapter *adapter;\n\n struct stack_t *stack;\n\n /**\n * The index of the network adapter that we are using for this\n * thread-pair. This is an index into the \"masscan->nic[]\"\n * array.\n *\n * NOTE: this is also the \"thread-id\", because we create one\n * transmit/receive thread pair per NIC.\n */\n unsigned nic_index;\n\n /**\n * A copy of the master 'index' variable. This is just advisory for\n * other threads, to tell them how far we've gotten.\n */\n volatile uint64_t my_index;\n\n\n /* This is used both by the transmit and receive thread for\n * formatting packets */\n struct TemplateSet tmplset[1];\n\n /**\n * The current IP address we are using for transmit/receive.\n */\n struct stack_src_t _src_;\n\n macaddress_t source_mac;\n macaddress_t router_mac_ipv4;\n macaddress_t router_mac_ipv6;\n\n unsigned done_transmitting;\n unsigned done_receiving;\n\n double pt_start;\n\n struct Throttler throttler[1];\n\n uint64_t *total_synacks;\n uint64_t *total_tcbs;\n uint64_t *total_syns;\n\n size_t thread_handle_xmit;\n size_t thread_handle_recv;\n};\n\nstruct source_t {\n unsigned ipv4;\n unsigned ipv4_mask;\n unsigned port;\n unsigned port_mask;\n ipv6address ipv6;\n ipv6address ipv6_mask;\n};\n\n/***************************************************************************\n * We support a range of source IP/port. This function converts that\n * range into useful variables we can use to pick things form that range.\n ***************************************************************************/\nstatic void\nadapter_get_source_addresses(const struct Masscan *masscan,\n unsigned nic_index,\n struct source_t *src)\n{\n const struct stack_src_t *ifsrc = &masscan->nic[nic_index].src;\n static ipv6address mask = {~0ULL, ~0ULL};\n\n src->ipv4 = ifsrc->ipv4.first;\n src->ipv4_mask = ifsrc->ipv4.last - ifsrc->ipv4.first;\n\n src->port = ifsrc->port.first;\n src->port_mask = ifsrc->port.last - ifsrc->port.first;\n\n src->ipv6 = ifsrc->ipv6.first;\n\n /* TODO: currently supports only a single address. This needs to\n * be fixed to support a list of addresses */\n src->ipv6_mask = mask;\n}\n\n\n/***************************************************************************\n * This thread spews packets as fast as it can\n *\n * THIS IS WHERE ALL THE EXCITEMENT HAPPENS!!!!\n * 90% of CPU cycles are in the function.\n *\n ***************************************************************************/\nstatic void\ntransmit_thread(void *v) /*aka. scanning_thread() */\n{\n struct ThreadPair *parms = (struct ThreadPair *)v;\n uint64_t i;\n uint64_t start;\n uint64_t end;\n const struct Masscan *masscan = parms->masscan;\n uint64_t retries = masscan->retries;\n uint64_t rate = (uint64_t)masscan->max_rate;\n unsigned r = (unsigned)retries + 1;\n uint64_t range;\n uint64_t range_ipv6;\n struct BlackRock blackrock;\n uint64_t count_ipv4 = rangelist_count(&masscan->targets.ipv4);\n uint64_t count_ipv6 = range6list_count(&masscan->targets.ipv6).lo;\n struct Throttler *throttler = parms->throttler;\n struct TemplateSet pkt_template = templ_copy(parms->tmplset);\n struct Adapter *adapter = parms->adapter;\n uint64_t packets_sent = 0;\n unsigned increment = masscan->shard.of * masscan->nic_count;\n struct source_t src;\n uint64_t seed = masscan->seed;\n uint64_t repeats = 0; /* --infinite repeats */\n uint64_t *status_syn_count;\n uint64_t entropy = masscan->seed;\n\n /* Wait to make sure receive_thread is ready */\n pixie_usleep(1000000);\n LOG(1, \"[+] starting transmit thread #%u\\n\", parms->nic_index);\n\n /* export a pointer to this variable outside this threads so\n * that the 'status' system can print the rate of syns we are\n * sending */\n status_syn_count = MALLOC(sizeof(uint64_t));\n *status_syn_count = 0;\n parms->total_syns = status_syn_count;\n\n\n /* Normally, we have just one source address. In special cases, though\n * we can have multiple. */\n adapter_get_source_addresses(masscan, parms->nic_index, &src);\n\n\n /* \"THROTTLER\" rate-limits how fast we transmit, set with the\n * --max-rate parameter */\n throttler_start(throttler, masscan->max_rate/masscan->nic_count);\n\ninfinite:\n \n /* Create the shuffler/randomizer. This creates the 'range' variable,\n * which is simply the number of IP addresses times the number of\n * ports.\n * IPv6: low index will pick addresses from the IPv6 ranges, and high\n * indexes will pick addresses from the IPv4 ranges. */\n range = count_ipv4 * rangelist_count(&masscan->targets.ports)\n + count_ipv6 * rangelist_count(&masscan->targets.ports);\n range_ipv6 = count_ipv6 * rangelist_count(&masscan->targets.ports);\n blackrock_init(&blackrock, range, seed, masscan->blackrock_rounds);\n\n /* Calculate the 'start' and 'end' of a scan. One reason to do this is\n * to support --shard, so that multiple machines can co-operate on\n * the same scan. Another reason to do this is so that we can bleed\n * a little bit past the end when we have --retries. Yet another\n * thing to do here is deal with multiple network adapters, which\n * is essentially the same logic as shards. */\n start = masscan->resume.index + (masscan->shard.one-1) * masscan->nic_count + parms->nic_index;\n end = range;\n if (masscan->resume.count && end > start + masscan->resume.count)\n end = start + masscan->resume.count;\n end += retries * range;\n\n\n /* -----------------\n * the main loop\n * -----------------*/\n LOG(3, \"THREAD: xmit: starting main loop: [%llu..%llu]\\n\", start, end);\n for (i=start; istack, adapter,\n &packets_sent, &batch_size);\n\n\n /*\n * Transmit a bunch of packets. At any rate slower than 100,000\n * packets/second, the 'batch_size' is likely to be 1. At higher\n * rates, we can't afford to throttle on a per-packet basis and \n * instead throttle on a per-batch basis. In other words, throttle\n * based on 2-at-a-time, 3-at-time, and so on, with the batch\n * size increasing as the packet rate increases. This gives us\n * very precise packet-timing for low rates below 100,000 pps,\n * while not incurring the overhead for high packet rates.\n */\n while (batch_size && i < end) {\n uint64_t xXx;\n uint64_t cookie;\n \n\n\n /*\n * RANDOMIZE THE TARGET:\n * This is kinda a tricky bit that picks a random IP and port\n * number in order to scan. We monotonically increment the\n * index 'i' from [0..range]. We then shuffle (randomly transmog)\n * that index into some other, but unique/1-to-1, number in the\n * same range. That way we visit all targets, but in a random\n * order. Then, once we've shuffled the index, we \"pick\" the\n * IP address and port that the index refers to.\n */\n xXx = (i + (r--) * rate);\n if (rate > range)\n xXx %= range;\n else\n while (xXx >= range)\n xXx -= range;\n xXx = blackrock_shuffle(&blackrock, xXx);\n \n if (xXx < range_ipv6) {\n ipv6address ip_them;\n unsigned port_them;\n ipv6address ip_me;\n unsigned port_me;\n\n ip_them = range6list_pick(&masscan->targets.ipv6, xXx % count_ipv6);\n port_them = rangelist_pick(&masscan->targets.ports, xXx / count_ipv6);\n\n ip_me = src.ipv6;\n port_me = src.port;\n \n cookie = syn_cookie_ipv6(ip_them, port_them, ip_me, port_me, entropy);\n\n rawsock_send_probe_ipv6(\n adapter,\n ip_them, port_them,\n ip_me, port_me,\n (unsigned)cookie,\n !batch_size, /* flush queue on last packet in batch */\n &pkt_template\n );\n\n /* Our index selects an IPv6 target */\n } else {\n /* Our index selects an IPv4 target. In other words, low numbers\n * index into the IPv6 ranges, and high numbers index into the\n * IPv4 ranges. */\n ipv4address ip_them;\n ipv4address port_them;\n unsigned ip_me;\n unsigned port_me;\n\n xXx -= range_ipv6;\n\n ip_them = rangelist_pick(&masscan->targets.ipv4, xXx % count_ipv4);\n port_them = rangelist_pick(&masscan->targets.ports, xXx / count_ipv4);\n\n /*\n * SYN-COOKIE LOGIC\n * Figure out the source IP/port, and the SYN cookie\n */\n if (src.ipv4_mask > 1 || src.port_mask > 1) {\n uint64_t ck = syn_cookie_ipv4((unsigned)(i+repeats),\n (unsigned)((i+repeats)>>32),\n (unsigned)xXx, (unsigned)(xXx>>32),\n entropy);\n port_me = src.port + (ck & src.port_mask);\n ip_me = src.ipv4 + ((ck>>16) & src.ipv4_mask);\n } else {\n ip_me = src.ipv4;\n port_me = src.port;\n }\n cookie = syn_cookie_ipv4(ip_them, port_them, ip_me, port_me, entropy);\n\n /*\n * SEND THE PROBE\n * This is sorta the entire point of the program, but little\n * exciting happens here. The thing to note that this may\n * be a \"raw\" transmit that bypasses the kernel, meaning\n * we can call this function millions of times a second.\n */\n rawsock_send_probe_ipv4(\n adapter,\n ip_them, port_them,\n ip_me, port_me,\n (unsigned)cookie,\n !batch_size, /* flush queue on last packet in batch */\n &pkt_template\n );\n }\n\n batch_size--;\n packets_sent++;\n (*status_syn_count)++;\n\n /*\n * SEQUENTIALLY INCREMENT THROUGH THE RANGE\n * Yea, I know this is a puny 'i++' here, but it's a core feature\n * of the system that is linearly increments through the range,\n * but produces from that a shuffled sequence of targets (as\n * described above). Because we are linearly incrementing this\n * number, we can do lots of creative stuff, like doing clever\n * retransmits and sharding.\n */\n if (r == 0) {\n i += increment; /* <------ increment by 1 normally, more with shards/nics */\n r = (unsigned)retries + 1;\n }\n\n } /* end of batch */\n\n\n /* save our current location for resuming, if the user pressed\n * to exit early */\n parms->my_index = i;\n\n /* If the user pressed , then we need to exit. In case\n * the user wants to --resume the scan later, we save the current\n * state in a file */\n if (is_tx_done) {\n break;\n }\n }\n\n /*\n * --infinite\n * For load testing, go around and do this again\n */\n if (masscan->is_infinite && !is_tx_done) {\n seed++;\n repeats++;\n goto infinite;\n }\n\n /*\n * Flush any untransmitted packets. High-speed mechanisms like Windows\n * \"sendq\" and Linux's \"PF_RING\" queue packets and transmit many together,\n * so there may be some packets that we've queued but not yet transmitted.\n * This call makes sure they are transmitted.\n */\n rawsock_flush(adapter);\n\n /*\n * Wait until the receive thread realizes the scan is over\n */\n LOG(1, \"[+] transmit thread #%u complete\\n\", parms->nic_index);\n\n /*\n * We are done transmitting. However, response packets will take several\n * seconds to arrive. Therefore, sit in short loop waiting for those\n * packets to arrive. Pressing a second time will exit this\n * prematurely.\n */\n while (!is_rx_done) {\n unsigned k;\n uint64_t batch_size;\n\n for (k=0; k<1000; k++) {\n \n /*\n * Only send a few packets at a time, throttled according to the max\n * --max-rate set by the user\n */\n batch_size = throttler_next_batch(throttler, packets_sent);\n\n\n /* Transmit packets from the receive thread */\n stack_flush_packets( parms->stack, adapter,\n &packets_sent,\n &batch_size);\n\n /* Make sure they've actually been transmitted, not just queued up for\n * transmit */\n rawsock_flush(adapter);\n\n pixie_usleep(100);\n }\n }\n\n /* Thread is about to exit */\n parms->done_transmitting = 1;\n LOG(1, \"[+] exiting transmit thread #%u \\n\", parms->nic_index);\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic unsigned\nis_nic_port(const struct Masscan *masscan, unsigned ip)\n{\n unsigned i;\n for (i=0; inic_count; i++)\n if (is_my_port(&masscan->nic[i].src, ip))\n return 1;\n return 0;\n}\n\nstatic unsigned\nis_ipv6_multicast(ipaddress ip_me)\n{\n /* If this is an IPv6 multicast packet, one sent to the IPv6\n * address with a prefix of FF02::/16 */\n return ip_me.version == 6 && (ip_me.ipv6.hi>>48ULL) == 0xFF02;\n}\n\n\n/***************************************************************************\n *\n * Asynchronous receive thread\n *\n * The transmit and receive threads run independently of each other. There\n * is no record what was transmitted. Instead, the transmit thread sets a\n * \"SYN-cookie\" in transmitted packets, which the receive thread will then\n * use to match up requests with responses.\n ***************************************************************************/\nstatic void\nreceive_thread(void *v)\n{\n struct ThreadPair *parms = (struct ThreadPair *)v;\n const struct Masscan *masscan = parms->masscan;\n struct Adapter *adapter = parms->adapter;\n int data_link = stack_if_datalink(adapter);\n struct Output *out;\n struct DedupTable *dedup;\n struct PcapFile *pcapfile = NULL;\n struct TCP_ConnectionTable *tcpcon = 0;\n uint64_t *status_synack_count;\n uint64_t *status_tcb_count;\n uint64_t entropy = masscan->seed;\n struct ResetFilter *rf;\n struct stack_t *stack = parms->stack;\n struct source_t src = {0};\n\n \n \n /* For reducing RST responses, see rstfilter_is_filter() below */\n rf = rstfilter_create(entropy, 16384);\n\n /* some status variables */\n status_synack_count = MALLOC(sizeof(uint64_t));\n *status_synack_count = 0;\n parms->total_synacks = status_synack_count;\n\n status_tcb_count = MALLOC(sizeof(uint64_t));\n *status_tcb_count = 0;\n parms->total_tcbs = status_tcb_count;\n\n LOG(1, \"[+] starting receive thread #%u\\n\", parms->nic_index);\n \n /* Lock this thread to a CPU. Transmit threads are on even CPUs,\n * receive threads on odd CPUs */\n if (pixie_cpu_get_count() > 1) {\n unsigned cpu_count = pixie_cpu_get_count();\n unsigned cpu = parms->nic_index * 2 + 1;\n while (cpu >= cpu_count) {\n cpu -= cpu_count;\n cpu++;\n }\n //TODO:\n //pixie_cpu_set_affinity(cpu);\n }\n\n /*\n * If configured, open a --pcap file for saving raw packets. This is\n * so that we can debug scans, but also so that we can look at the\n * strange things people send us. Note that we don't record transmitted\n * packets, just the packets we've received.\n */\n if (masscan->pcap_filename[0]) {\n pcapfile = pcapfile_openwrite(masscan->pcap_filename, 1);\n }\n\n /*\n * Open output. This is where results are reported when saving\n * the --output-format to the --output-filename\n */\n out = output_create(masscan, parms->nic_index);\n\n /*\n * Create deduplication table. This is so when somebody sends us\n * multiple responses, we only record the first one.\n */\n dedup = dedup_create();\n\n /*\n * Create a TCP connection table (per thread pair) for interacting with live\n * connections when doing --banners\n */\n if (masscan->is_banners) {\n struct TcpCfgPayloads *pay;\n size_t i;\n\n /*\n * Create TCP connection table\n */\n tcpcon = tcpcon_create_table(\n (size_t)((masscan->max_rate/5) / masscan->nic_count),\n parms->stack,\n &parms->tmplset->pkts[Proto_TCP],\n output_report_banner,\n out,\n masscan->tcb.timeout,\n masscan->seed\n );\n \n /*\n * Initialize TCP scripting\n */\n scripting_init_tcp(tcpcon, masscan->scripting.L);\n\n /*\n * Get the possible source IP addresses and ports that masscan\n * might be using to transmit from.\n */\n adapter_get_source_addresses(masscan, parms->nic_index, &src);\n \n\n /*\n * Set some flags [kludge]\n */\n tcpcon_set_banner_flags(tcpcon,\n masscan->is_capture_cert,\n masscan->is_capture_servername,\n masscan->is_capture_html,\n masscan->is_capture_heartbleed,\n\t\t\t\tmasscan->is_capture_ticketbleed);\n if (masscan->is_hello_smbv1)\n tcpcon_set_parameter(tcpcon, \"hello\", 1, \"smbv1\");\n if (masscan->is_hello_http)\n tcpcon_set_parameter(tcpcon, \"hello\", 1, \"http\");\n if (masscan->is_hello_ssl)\n tcpcon_set_parameter(tcpcon, \"hello\", 1, \"ssl\");\n if (masscan->is_heartbleed)\n tcpcon_set_parameter(tcpcon, \"heartbleed\", 1, \"1\");\n if (masscan->is_ticketbleed)\n tcpcon_set_parameter(tcpcon, \"ticketbleed\", 1, \"1\");\n if (masscan->is_poodle_sslv3)\n tcpcon_set_parameter(tcpcon, \"sslv3\", 1, \"1\");\n\n if (masscan->http.payload)\n tcpcon_set_parameter( tcpcon,\n \"http-payload\",\n masscan->http.payload_length,\n masscan->http.payload);\n if (masscan->http.user_agent)\n tcpcon_set_parameter( tcpcon,\n \"http-user-agent\",\n masscan->http.user_agent_length,\n masscan->http.user_agent);\n if (masscan->http.host)\n tcpcon_set_parameter( tcpcon,\n \"http-host\",\n masscan->http.host_length,\n masscan->http.host);\n if (masscan->http.method)\n tcpcon_set_parameter( tcpcon,\n \"http-method\",\n masscan->http.method_length,\n masscan->http.method);\n if (masscan->http.url)\n tcpcon_set_parameter( tcpcon,\n \"http-url\",\n masscan->http.url_length,\n masscan->http.url);\n if (masscan->http.version)\n tcpcon_set_parameter( tcpcon,\n \"http-version\",\n masscan->http.version_length,\n masscan->http.version);\n\n\n if (masscan->tcp_connection_timeout) {\n char foo[64];\n snprintf(foo, sizeof(foo), \"%u\", masscan->tcp_connection_timeout);\n tcpcon_set_parameter( tcpcon,\n \"timeout\",\n strlen(foo),\n foo);\n }\n if (masscan->tcp_hello_timeout) {\n char foo[64];\n snprintf(foo, sizeof(foo), \"%u\", masscan->tcp_hello_timeout);\n tcpcon_set_parameter( tcpcon,\n \"hello-timeout\",\n strlen(foo),\n foo);\n }\n \n for (i=0; ihttp.headers_count; i++) {\n tcpcon_set_http_header(tcpcon,\n masscan->http.headers[i].name,\n masscan->http.headers[i].value_length,\n masscan->http.headers[i].value,\n http_field_replace);\n }\n for (i=0; ihttp.cookies_count; i++) {\n tcpcon_set_http_header(tcpcon,\n \"Cookie\",\n masscan->http.cookies[i].value_length,\n masscan->http.cookies[i].value,\n http_field_add);\n }\n for (i=0; ihttp.remove_count; i++) {\n tcpcon_set_http_header(tcpcon,\n masscan->http.headers[i].name,\n 0,\n 0,\n http_field_remove);\n }\n\n for (pay = masscan->payloads.tcp; pay; pay = pay->next) {\n char name[64];\n snprintf(name, sizeof(name), \"hello-string[%u]\", pay->port);\n tcpcon_set_parameter( tcpcon, \n name, \n strlen(pay->payload_base64), \n pay->payload_base64);\n }\n\n }\n\n /*\n * In \"offline\" mode, we don't have any receive threads, so simply\n * wait until transmitter thread is done then go to the end\n */\n if (masscan->is_offline) {\n while (!is_rx_done)\n pixie_usleep(10000);\n parms->done_receiving = 1;\n goto end;\n }\n\n /*\n * Receive packets. This is where we catch any responses and print\n * them to the terminal.\n */\n LOG(2, \"[+] THREAD: recv: starting main loop\\n\");\n while (!is_rx_done) {\n int status;\n unsigned length;\n unsigned secs;\n unsigned usecs;\n const unsigned char *px;\n int err;\n unsigned x;\n struct PreprocessedInfo parsed;\n ipaddress ip_me;\n unsigned port_me;\n ipaddress ip_them;\n unsigned port_them;\n unsigned seqno_me;\n unsigned seqno_them;\n unsigned cookie;\n unsigned Q = 0;\n\n /*\n * RECEIVE\n *\n * This is the boring part of actually receiving a packet\n */\n err = rawsock_recv_packet(\n adapter,\n &length,\n &secs,\n &usecs,\n &px);\n if (err != 0) {\n if (tcpcon)\n tcpcon_timeouts(tcpcon, (unsigned)time(0), 0);\n continue;\n }\n \n\n /*\n * Do any TCP event timeouts based on the current timestamp from\n * the packet. For example, if the connection has been open for\n * around 10 seconds, we'll close the connection. (--banners)\n */\n if (tcpcon) {\n tcpcon_timeouts(tcpcon, secs, usecs);\n }\n\n if (length > 1514)\n continue;\n\n /*\n * \"Preprocess\" the response packet. This means to go through and\n * figure out where the TCP/IP headers are and the locations of\n * some fields, like IP address and port numbers.\n */\n x = preprocess_frame(px, length, data_link, &parsed);\n if (!x)\n continue; /* corrupt packet */\n ip_me = parsed.dst_ip;\n ip_them = parsed.src_ip;\n port_me = parsed.port_dst;\n port_them = parsed.port_src;\n seqno_them = TCP_SEQNO(px, parsed.transport_offset);\n seqno_me = TCP_ACKNO(px, parsed.transport_offset);\n \n assert(ip_me.version != 0);\n assert(ip_them.version != 0);\n\n switch (parsed.ip_protocol) {\n case 132: /* SCTP */\n cookie = syn_cookie(ip_them, port_them | (Proto_SCTP<<16), ip_me, port_me, entropy) & 0xFFFFFFFF;\n break;\n default:\n cookie = syn_cookie(ip_them, port_them, ip_me, port_me, entropy) & 0xFFFFFFFF;\n }\n\n /* verify: my IP address */\n if (!is_my_ip(stack->src, ip_me)) {\n /* NDP Neighbor Solicitations don't come to our IP address, but to\n * a multicast address */\n if (is_ipv6_multicast(ip_me)) {\n if (parsed.found == FOUND_NDPv6 && parsed.opcode == 135) {\n stack_ndpv6_incoming_request(stack, &parsed, px, length);\n }\n }\n continue;\n }\n\n /*\n * Handle non-TCP protocols\n */\n switch (parsed.found) {\n case FOUND_NDPv6:\n switch (parsed.opcode) {\n case 133: /* Router Solicitation */\n /* Ignore router solicitations, since we aren't a router */\n continue;\n case 134: /* Router advertisement */\n /* TODO: We need to process router advertisements while scanning\n * so that we can print warning messages if router information\n * changes while scanning. */\n continue;\n case 135: /* Neighbor Solicitation */\n /* When responses come back from our scans, the router will send us\n * these packets. We need to respond to them, so that the router\n * can then forward the packets to us. If we don't respond, we'll\n * get no responses. */\n stack_ndpv6_incoming_request(stack, &parsed, px, length);\n continue;\n case 136: /* Neighbor Advertisement */\n /* TODO: If doing an --ndpscan, the scanner subsystem needs to deal\n * with these */\n continue;\n case 137: /* Redirect */\n /* We ignore these, since we really don't have the capability to send\n * packets to one router for some destinations and to another router\n * for other destinations */\n continue;\n default:\n break;\n }\n continue;\n case FOUND_ARP:\n LOGip(2, ip_them, 0, \"-> ARP [%u] \\n\", px[parsed.found_offset]);\n\n switch (parsed.opcode) {\n case 1: /* request */\n /* This function will transmit a \"reply\" to somebody's ARP request\n * for our IP address (as part of our user-mode TCP/IP).\n * Since we completely bypass the TCP/IP stack, we have to handle ARPs\n * ourself, or the router will lose track of us.*/\n stack_arp_incoming_request(stack,\n ip_me.ipv4,\n parms->source_mac,\n px, length);\n break;\n case 2: /* response */\n /* This is for \"arp scan\" mode, where we are ARPing targets rather\n * than port scanning them */\n\n /* If we aren't doing an ARP scan, then ignore ARP responses */\n if (!masscan->scan_type.arp)\n break;\n\n /* If this response isn't in our range, then ignore it */\n if (!rangelist_is_contains(&masscan->targets.ipv4, ip_them.ipv4))\n break;\n\n /* Ignore duplicates */\n if (dedup_is_duplicate(dedup, ip_them, 0, ip_me, 0))\n continue;\n\n /* ...everything good, so now report this response */\n arp_recv_response(out, secs, px, length, &parsed);\n break;\n }\n continue;\n case FOUND_UDP:\n case FOUND_DNS:\n if (!is_nic_port(masscan, port_me))\n continue;\n if (parms->masscan->nmap.packet_trace)\n packet_trace(stdout, parms->pt_start, px, length, 0);\n handle_udp(out, secs, px, length, &parsed, entropy);\n continue;\n case FOUND_ICMP:\n handle_icmp(out, secs, px, length, &parsed, entropy);\n continue;\n case FOUND_SCTP:\n handle_sctp(out, secs, px, length, cookie, &parsed, entropy);\n break;\n case FOUND_OPROTO: /* other IP proto */\n handle_oproto(out, secs, px, length, &parsed, entropy);\n break;\n case FOUND_TCP:\n /* fall down to below */\n break;\n default:\n continue;\n }\n\n\n /* verify: my port number */\n if (!is_my_port(stack->src, port_me))\n continue;\n if (parms->masscan->nmap.packet_trace)\n packet_trace(stdout, parms->pt_start, px, length, 0);\n\n Q = 0;\n\n /* Save raw packet in --pcap file */\n if (pcapfile) {\n pcapfile_writeframe(\n pcapfile,\n px,\n length,\n length,\n secs,\n usecs);\n }\n\n {\n char buf[64];\n LOGip(5, ip_them, port_them, \"-> TCP ackno=0x%08x flags=0x%02x(%s)\\n\",\n seqno_me,\n TCP_FLAGS(px, parsed.transport_offset),\n reason_string(TCP_FLAGS(px, parsed.transport_offset), buf, sizeof(buf)));\n }\n\n /* If recording --banners, create a new \"TCP Control Block (TCB)\" */\n if (tcpcon) {\n struct TCP_Control_Block *tcb;\n\n /* does a TCB already exist for this connection? */\n tcb = tcpcon_lookup_tcb(tcpcon,\n ip_me, ip_them,\n port_me, port_them);\n\n if (TCP_IS_SYNACK(px, parsed.transport_offset)) {\n if (cookie != seqno_me - 1) {\n ipaddress_formatted_t fmt = ipaddress_fmt(ip_them);\n LOG(0, \"%s - bad cookie: ackno=0x%08x expected=0x%08x\\n\",\n fmt.string, seqno_me-1, cookie);\n continue;\n }\n if (tcb == NULL) {\n tcb = tcpcon_create_tcb(tcpcon,\n ip_me, ip_them,\n port_me, port_them,\n seqno_me, seqno_them+1,\n parsed.ip_ttl, NULL,\n secs, usecs);\n (*status_tcb_count)++;\n }\n Q += stack_incoming_tcp(tcpcon, tcb, TCP_WHAT_SYNACK,\n 0, 0, secs, usecs, seqno_them+1, seqno_me);\n\n } else if (tcb) {\n /* If this is an ACK, then handle that first */\n if (TCP_IS_ACK(px, parsed.transport_offset)) {\n Q += stack_incoming_tcp(tcpcon, tcb, TCP_WHAT_ACK,\n 0, 0, secs, usecs, seqno_them, seqno_me);\n }\n\n /* If this contains payload, handle that second */\n if (parsed.app_length) {\n Q += stack_incoming_tcp(tcpcon, tcb, TCP_WHAT_DATA,\n px + parsed.app_offset, parsed.app_length,\n secs, usecs, seqno_them, seqno_me);\n }\n\n /* If this is a FIN, handle that. Note that ACK +\n * payload + FIN can come together */\n if (TCP_IS_FIN(px, parsed.transport_offset)\n && !TCP_IS_RST(px, parsed.transport_offset)) {\n Q += stack_incoming_tcp(tcpcon, tcb, TCP_WHAT_FIN,\n 0, 0, \n secs, usecs, \n seqno_them + parsed.app_length, /* the FIN comes after any data in the packet */\n seqno_me);\n }\n\n /* If this is a RST, then we'll be closing the connection */\n if (TCP_IS_RST(px, parsed.transport_offset)) {\n Q += stack_incoming_tcp(tcpcon, tcb, TCP_WHAT_RST,\n 0, 0, secs, usecs, seqno_them, seqno_me);\n }\n } else if (TCP_IS_FIN(px, parsed.transport_offset)) {\n ipaddress_formatted_t fmt;\n /*\n * NO TCB!\n * This happens when we've sent a FIN, deleted our connection,\n * but the other side didn't get the packet.\n */\n fmt = ipaddress_fmt(ip_them);\n LOG(4, \"%s: received FIN but no TCB\\n\", fmt.string);\n if (TCP_IS_RST(px, parsed.transport_offset))\n ; /* ignore if it's own TCP flag is set */\n else {\n int is_suppress;\n \n is_suppress = rstfilter_is_filter(rf, ip_me, port_me, ip_them, port_them);\n if (!is_suppress)\n tcpcon_send_RST(\n tcpcon,\n ip_me, ip_them,\n port_me, port_them,\n seqno_them, seqno_me);\n }\n }\n\n }\n\n if (Q == 0)\n ; //printf(\"\\nerr\\n\");\n \n if (TCP_IS_SYNACK(px, parsed.transport_offset)\n || TCP_IS_RST(px, parsed.transport_offset)) {\n /* figure out the status */\n status = PortStatus_Unknown;\n if (TCP_IS_SYNACK(px, parsed.transport_offset))\n status = PortStatus_Open;\n if (TCP_IS_RST(px, parsed.transport_offset)) {\n status = PortStatus_Closed;\n }\n\n /* verify: syn-cookies */\n if (cookie != seqno_me - 1) {\n ipaddress_formatted_t fmt = ipaddress_fmt(ip_them);\n LOG(2, \"%s - bad cookie: ackno=0x%08x expected=0x%08x\\n\",\n fmt.string, seqno_me-1, cookie);\n continue;\n }\n\n /* verify: ignore duplicates */\n if (dedup_is_duplicate(dedup, ip_them, port_them, ip_me, port_me))\n continue;\n\n /* keep statistics on number received */\n if (TCP_IS_SYNACK(px, parsed.transport_offset))\n (*status_synack_count)++;\n\n /*\n * This is where we do the output\n */\n output_report_status(\n out,\n global_now,\n status,\n ip_them,\n 6, /* ip proto = tcp */\n port_them,\n px[parsed.transport_offset + 13], /* tcp flags */\n parsed.ip_ttl,\n parsed.mac_src\n );\n \n\n /*\n * Send RST so other side isn't left hanging (only doing this in\n * complete stateless mode where we aren't tracking banners)\n */\n if (tcpcon == NULL && !masscan->is_noreset)\n tcp_send_RST(\n &parms->tmplset->pkts[Proto_TCP],\n parms->stack,\n ip_them, ip_me,\n port_them, port_me,\n 0, seqno_me);\n\n }\n }\n\n\n LOG(1, \"[+] exiting receive thread #%u \\n\", parms->nic_index);\n \n /*\n * cleanup\n */\nend:\n if (tcpcon)\n tcpcon_destroy_table(tcpcon);\n dedup_destroy(dedup);\n output_destroy(out);\n if (pcapfile)\n pcapfile_close(pcapfile);\n\n /*TODO: free stack packet buffers */\n\n /* Thread is about to exit */\n parms->done_receiving = 1;\n}\n\n\n/***************************************************************************\n * We trap the so that instead of exiting immediately, we sit in\n * a loop for a few seconds waiting for any late response. But, the user\n * can press a second time to exit that waiting.\n ***************************************************************************/\nstatic void control_c_handler(int x)\n{\n static unsigned control_c_pressed = 0;\n static unsigned control_c_pressed_again = 0;\n if (control_c_pressed == 0) {\n fprintf(stderr,\n \"waiting several seconds to exit...\"\n \" \\n\"\n );\n fflush(stderr);\n control_c_pressed = 1+x;\n is_tx_done = control_c_pressed;\n } else {\n if (is_rx_done) {\n fprintf(stderr, \"\\nERROR: threads not exiting %d\\n\", is_rx_done);\n if (is_rx_done++ > 1)\n exit(1);\n } else {\n control_c_pressed_again = 1;\n is_rx_done = control_c_pressed_again;\n }\n }\n\n}\n\n\n\n\n/***************************************************************************\n * Called from main() to initiate the scan.\n * Launches the 'transmit_thread()' and 'receive_thread()' and waits for\n * them to exit.\n ***************************************************************************/\nstatic int\nmain_scan(struct Masscan *masscan)\n{\n struct ThreadPair parms_array[8];\n uint64_t count_ips;\n uint64_t count_ports;\n uint64_t range;\n unsigned index;\n time_t now = time(0);\n struct Status status;\n uint64_t min_index = UINT64_MAX;\n struct MassVulnCheck *vulncheck = NULL;\n struct stack_t *stack;\n\n memset(parms_array, 0, sizeof(parms_array));\n\n /*\n * Vuln check initialization\n */\n if (masscan->vuln_name) {\n unsigned i;\n\t\tunsigned is_error;\n vulncheck = vulncheck_lookup(masscan->vuln_name);\n \n /* If no ports specified on command-line, grab default ports */\n is_error = 0;\n if (rangelist_count(&masscan->targets.ports) == 0)\n rangelist_parse_ports(&masscan->targets.ports, vulncheck->ports, &is_error, 0);\n \n /* Kludge: change normal port range to vulncheck range */\n for (i=0; itargets.ports.count; i++) {\n struct Range *r = &masscan->targets.ports.list[i];\n r->begin = (r->begin&0xFFFF) | Templ_VulnCheck;\n r->end = (r->end & 0xFFFF) | Templ_VulnCheck;\n }\n }\n \n /*\n * Initialize the task size\n */\n count_ips = rangelist_count(&masscan->targets.ipv4) + range6list_count(&masscan->targets.ipv6).lo;\n if (count_ips == 0) {\n LOG(0, \"FAIL: target IP address list empty\\n\");\n LOG(0, \" [hint] try something like \\\"--range 10.0.0.0/8\\\"\\n\");\n LOG(0, \" [hint] try something like \\\"--range 192.168.0.100-192.168.0.200\\\"\\n\");\n return 1;\n }\n count_ports = rangelist_count(&masscan->targets.ports);\n if (count_ports == 0) {\n LOG(0, \"FAIL: no ports were specified\\n\");\n LOG(0, \" [hint] try something like \\\"-p80,8000-9000\\\"\\n\");\n LOG(0, \" [hint] try something like \\\"--ports 0-65535\\\"\\n\");\n return 1;\n }\n range = count_ips * count_ports;\n range += (uint64_t)(masscan->retries * range);\n\n /*\n * If doing an ARP scan, then don't allow port scanning\n */\n if (rangelist_is_contains(&masscan->targets.ports, Templ_ARP)) {\n if (masscan->targets.ports.count != 1) {\n LOG(0, \"FAIL: cannot arpscan and portscan at the same time\\n\");\n return 1;\n }\n }\n\n /*\n * If the IP address range is very big, then require that that the\n * user apply an exclude range\n */\n if (count_ips > 1000000000ULL && rangelist_count(&masscan->exclude.ipv4) == 0) {\n LOG(0, \"FAIL: range too big, need confirmation\\n\");\n LOG(0, \" [hint] to prevent accidents, at least one --exclude must be specified\\n\");\n LOG(0, \" [hint] use \\\"--exclude 255.255.255.255\\\" as a simple confirmation\\n\");\n exit(1);\n }\n\n /*\n * trim the nmap UDP payloads down to only those ports we are using. This\n * makes lookups faster at high packet rates.\n */\n payloads_udp_trim(masscan->payloads.udp, &masscan->targets);\n payloads_oproto_trim(masscan->payloads.oproto, &masscan->targets);\n\n\n#ifdef __AFL_HAVE_MANUAL_CONTROL\n __AFL_INIT();\n#endif\n\n /*\n * Start scanning threats for each adapter\n */\n for (index=0; indexnic_count; index++) {\n struct ThreadPair *parms = &parms_array[index];\n int err;\n\n parms->masscan = masscan;\n parms->nic_index = index;\n parms->my_index = masscan->resume.index;\n parms->done_transmitting = 0;\n parms->done_receiving = 0;\n\n /* needed for --packet-trace option so that we know when we started\n * the scan */\n parms->pt_start = 1.0 * pixie_gettime() / 1000000.0;\n\n\n /*\n * Turn the adapter on, and get the running configuration\n */\n err = masscan_initialize_adapter(\n masscan,\n index,\n &parms->source_mac,\n &parms->router_mac_ipv4,\n &parms->router_mac_ipv6\n );\n if (err != 0)\n exit(1);\n parms->adapter = masscan->nic[index].adapter;\n if (!masscan->nic[index].is_usable) {\n LOG(0, \"FAIL: failed to detect IP of interface\\n\");\n LOG(0, \" [hint] did you spell the name correctly?\\n\");\n LOG(0, \" [hint] if it has no IP address, \"\n \"manually set with \\\"--adapter-ip 192.168.100.5\\\"\\n\");\n exit(1);\n }\n\n\n /*\n * Initialize the TCP packet template. The way this works is that\n * we parse an existing TCP packet, and use that as the template for\n * scanning. Then, we adjust the template with additional features,\n * such as the IP address and so on.\n */\n parms->tmplset->vulncheck = vulncheck;\n template_packet_init(\n parms->tmplset,\n parms->source_mac,\n parms->router_mac_ipv4,\n parms->router_mac_ipv6,\n masscan->payloads.udp,\n masscan->payloads.oproto,\n stack_if_datalink(masscan->nic[index].adapter),\n masscan->seed,\n masscan->templ_opts);\n\n /*\n * Set the \"source port\" of everything we transmit.\n */\n if (masscan->nic[index].src.port.range == 0) {\n unsigned port = 40000 + now % 20000;\n masscan->nic[index].src.port.first = port;\n masscan->nic[index].src.port.last = port + 16;\n masscan->nic[index].src.port.range = 16;\n }\n\n stack = stack_create(parms->source_mac, &masscan->nic[index].src);\n parms->stack = stack;\n\n /*\n * Set the \"TTL\" (IP time-to-live) of everything we send.\n */\n if (masscan->nmap.ttl)\n template_set_ttl(parms->tmplset, masscan->nmap.ttl);\n\n if (masscan->nic[0].is_vlan)\n template_set_vlan(parms->tmplset, masscan->nic[0].vlan_id);\n\n\n /*\n * trap to pause\n */\n signal(SIGINT, control_c_handler);\n\n }\n\n /*\n * Print helpful text\n */\n {\n char buffer[80];\n struct tm x;\n\n now = time(0);\n safe_gmtime(&x, &now);\n strftime(buffer, sizeof(buffer), \"%Y-%m-%d %H:%M:%S GMT\", &x);\n LOG(0, \"Starting masscan \" MASSCAN_VERSION \" (http://bit.ly/14GZzcT) at %s\\n\",\n buffer);\n\n if (count_ports == 1 && \\\n masscan->targets.ports.list->begin == Templ_ICMP_echo && \\\n masscan->targets.ports.list->end == Templ_ICMP_echo)\n { /* ICMP only */\n //LOG(0, \" -- forced options: -sn -n --randomize-hosts -v --send-eth\\n\");\n LOG(0, \"Initiating ICMP Echo Scan\\n\");\n LOG(0, \"Scanning %u hosts\\n\",(unsigned)count_ips);\n }\n else /* This could actually also be a UDP only or mixed UDP/TCP/ICMP scan */\n {\n //LOG(0, \" -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth\\n\");\n LOG(0, \"Initiating SYN Stealth Scan\\n\");\n LOG(0, \"Scanning %u hosts [%u port%s/host]\\n\",\n (unsigned)count_ips, (unsigned)count_ports, (count_ports==1)?\"\":\"s\");\n }\n }\n \n /*\n * Start all the threads\n */\n for (index=0; indexnic_count; index++) {\n struct ThreadPair *parms = &parms_array[index];\n \n /*\n * Start the scanning thread.\n * THIS IS WHERE THE PROGRAM STARTS SPEWING OUT PACKETS AT A HIGH\n * RATE OF SPEED.\n */\n parms->thread_handle_xmit = pixie_begin_thread(transmit_thread, 0, parms);\n\n /*\n * Start the MATCHING receive thread. Transmit and receive threads\n * come in matching pairs.\n */\n parms->thread_handle_recv = pixie_begin_thread(receive_thread, 0, parms);\n }\n\n /*\n * Now wait for to be pressed OR for threads to exit\n */\n pixie_usleep(1000 * 100);\n LOG(1, \"[+] waiting for threads to finish\\n\");\n status_start(&status);\n status.is_infinite = masscan->is_infinite;\n while (!is_tx_done && masscan->output.is_status_updates) {\n unsigned i;\n double rate = 0;\n uint64_t total_tcbs = 0;\n uint64_t total_synacks = 0;\n uint64_t total_syns = 0;\n\n\n /* Find the minimum index of all the threads */\n min_index = UINT64_MAX;\n for (i=0; inic_count; i++) {\n struct ThreadPair *parms = &parms_array[i];\n\n if (min_index > parms->my_index)\n min_index = parms->my_index;\n\n rate += parms->throttler->current_rate;\n\n if (parms->total_tcbs)\n total_tcbs += *parms->total_tcbs;\n if (parms->total_synacks)\n total_synacks += *parms->total_synacks;\n if (parms->total_syns)\n total_syns += *parms->total_syns;\n }\n\n if (min_index >= range && !masscan->is_infinite) {\n /* Note: This is how we can tell the scan has ended */\n is_tx_done = 1;\n }\n\n /*\n * update screen about once per second with statistics,\n * namely packets/second.\n */\n if (masscan->output.is_status_updates)\n status_print(&status, min_index, range, rate,\n total_tcbs, total_synacks, total_syns,\n 0, masscan->output.is_status_ndjson);\n\n /* Sleep for almost a second */\n pixie_mssleep(750);\n }\n\n /*\n * If we haven't completed the scan, then save the resume\n * information.\n */\n if (min_index < count_ips * count_ports) {\n masscan->resume.index = min_index;\n\n /* Write current settings to \"paused.conf\" so that the scan can be restarted */\n masscan_save_state(masscan);\n }\n\n\n\n /*\n * Now wait for all threads to exit\n */\n now = time(0);\n for (;;) {\n unsigned transmit_count = 0;\n unsigned receive_count = 0;\n unsigned i;\n double rate = 0;\n uint64_t total_tcbs = 0;\n uint64_t total_synacks = 0;\n uint64_t total_syns = 0;\n\n\n /* Find the minimum index of all the threads */\n min_index = UINT64_MAX;\n for (i=0; inic_count; i++) {\n struct ThreadPair *parms = &parms_array[i];\n\n if (min_index > parms->my_index)\n min_index = parms->my_index;\n\n rate += parms->throttler->current_rate;\n\n if (parms->total_tcbs)\n total_tcbs += *parms->total_tcbs;\n if (parms->total_synacks)\n total_synacks += *parms->total_synacks;\n if (parms->total_syns)\n total_syns += *parms->total_syns;\n }\n\n\n\n if (time(0) - now >= masscan->wait) {\n is_rx_done = 1;\n }\n\n if (time(0) - now - 10 > masscan->wait) {\n LOG(0, \"[-] Passed the wait window but still running, forcing exit...\\n\");\n exit(0);\n }\n\n if (masscan->output.is_status_updates) {\n status_print(&status, min_index, range, rate,\n total_tcbs, total_synacks, total_syns,\n masscan->wait - (time(0) - now),\n masscan->output.is_status_ndjson);\n\n for (i=0; inic_count; i++) {\n struct ThreadPair *parms = &parms_array[i];\n\n transmit_count += parms->done_transmitting;\n receive_count += parms->done_receiving;\n\n }\n\n pixie_mssleep(250);\n\n if (transmit_count < masscan->nic_count)\n continue;\n is_tx_done = 1;\n is_rx_done = 1;\n if (receive_count < masscan->nic_count)\n continue;\n\n } else {\n /* [AFL-fuzz]\n * Join the threads, which doesn't allow us to print out \n * status messages, but allows us to exit cleanly without\n * any waiting */\n for (i=0; inic_count; i++) {\n struct ThreadPair *parms = &parms_array[i];\n\n pixie_thread_join(parms->thread_handle_xmit);\n parms->thread_handle_xmit = 0;\n pixie_thread_join(parms->thread_handle_recv);\n parms->thread_handle_recv = 0;\n }\n is_tx_done = 1;\n is_rx_done = 1;\n }\n\n break;\n }\n\n\n /*\n * Now cleanup everything\n */\n status_finish(&status);\n\n if (!masscan->output.is_status_updates) {\n uint64_t usec_now = pixie_gettime();\n\n printf(\"%u milliseconds elapsed\\n\", (unsigned)((usec_now - usec_start)/1000));\n }\n \n LOG(1, \"[+] all threads have exited \\n\");\n\n return 0;\n}\n\n\n\n\n/***************************************************************************\n ***************************************************************************/\nint main(int argc, char *argv[])\n{\n struct Masscan masscan[1];\n unsigned i;\n int has_target_addresses = 0;\n int has_target_ports = 0;\n \n usec_start = pixie_gettime();\n#if defined(WIN32)\n {WSADATA x; WSAStartup(0x101, &x);}\n#endif\n\n global_now = time(0);\n\n /* Set system to report debug information on crash */\n {\n int is_backtrace = 1;\n for (i=1; i<(unsigned)argc; i++) {\n if (strcmp(argv[i], \"--nobacktrace\") == 0)\n is_backtrace = 0;\n }\n if (is_backtrace)\n pixie_backtrace_init(argv[0]);\n }\n \n /*\n * Initialize those defaults that aren't zero\n */\n memset(masscan, 0, sizeof(*masscan));\n /* 14 rounds seem to give way better statistical distribution than 4 with a \n very low impact on scan rate */\n masscan->blackrock_rounds = 14;\n masscan->output.is_show_open = 1; /* default: show syn-ack, not rst */\n masscan->output.is_status_updates = 1; /* default: show status updates */\n masscan->wait = 10; /* how long to wait for responses when done */\n masscan->max_rate = 100.0; /* max rate = hundred packets-per-second */\n masscan->nic_count = 1;\n masscan->shard.one = 1;\n masscan->shard.of = 1;\n masscan->min_packet_size = 60;\n masscan->redis.password = NULL;\n masscan->payloads.udp = payloads_udp_create();\n masscan->payloads.oproto = payloads_oproto_create();\n safe_strcpy( masscan->output.rotate.directory,\n sizeof(masscan->output.rotate.directory),\n \".\");\n masscan->is_capture_cert = 1;\n\n /*\n * Pre-parse the command-line\n */\n if (masscan_conf_contains(\"--readscan\", argc, argv)) {\n masscan->is_readscan = 1;\n }\n\n /*\n * On non-Windows systems, read the defaults from the file in\n * the /etc directory. These defaults will contain things\n * like the output directory, max packet rates, and so on. Most\n * importantly, the master \"--excludefile\" might be placed here,\n * so that blacklisted ranges won't be scanned, even if the user\n * makes a mistake\n */\n#if !defined(WIN32)\n if (!masscan->is_readscan) {\n if (access(\"/etc/masscan/masscan.conf\", 0) == 0) {\n masscan_read_config_file(masscan, \"/etc/masscan/masscan.conf\");\n }\n }\n#endif\n\n /*\n * Read in the configuration from the command-line. We are looking for\n * either options or a list of IPv4 address ranges.\n */\n masscan_command_line(masscan, argc, argv);\n if (masscan->seed == 0)\n masscan->seed = get_entropy(); /* entropy for randomness */\n\n /*\n * Load database files like \"nmap-payloads\" and \"nmap-service-probes\"\n */\n masscan_load_database_files(masscan);\n\n /*\n * Load the scripting engine if needed and run those that were\n * specified.\n */\n if (masscan->is_scripting)\n scripting_init(masscan);\n\n /* We need to do a separate \"raw socket\" initialization step. This is\n * for Windows and PF_RING. */\n if (pcap_init() != 0)\n LOG(2, \"libpcap: failed to load\\n\");\n rawsock_init();\n\n /* Init some protocol parser data structures */\n snmp_init();\n x509_init();\n\n\n /*\n * Apply excludes. People ask us not to scan them, so we maintain a list\n * of their ranges, and when doing wide scans, add the exclude list to\n * prevent them from being scanned.\n */\n has_target_addresses = massip_has_ipv4_targets(&masscan->targets) || massip_has_ipv6_targets(&masscan->targets);\n has_target_ports = massip_has_target_ports(&masscan->targets);\n massip_apply_excludes(&masscan->targets, &masscan->exclude);\n if (!has_target_ports && masscan->op == Operation_ListScan)\n massip_add_port_string(&masscan->targets, \"80\", 0);\n\n\n\n\n /* Optimize target selection so it's a quick binary search instead\n * of walking large memory tables. When we scan the entire Internet\n * our --excludefile will chop up our pristine 0.0.0.0/0 range into\n * hundreds of subranges. This allows us to grab addresses faster. */\n massip_optimize(&masscan->targets);\n \n /* FIXME: we only support 63-bit scans at the current time.\n * This is big enough for the IPv4 Internet, where scanning\n * for all TCP ports on all IPv4 addresses results in a 48-bit\n * scan, but this isn't big enough even for a single port on\n * an IPv6 subnet (which are 64-bits in size, usually). However,\n * even at millions of packets per second scanning rate, you still\n * can't complete a 64-bit scan in a reasonable amount of time.\n * Nor would you want to attempt the feat, as it would overload\n * the target IPv6 subnet. Since implementing this would be\n * difficult for 32-bit processors, for now, I'm going to stick\n * to a simple 63-bit scan.\n */\n if (massint128_bitcount(massip_range(&masscan->targets)) > 63) {\n fprintf(stderr, \"[-] FAIL: scan range too large, max is 63-bits, requested is %u bits\\n\",\n massint128_bitcount(massip_range(&masscan->targets)));\n fprintf(stderr, \" Hint: scan range is number of IP addresses times number of ports\\n\");\n fprintf(stderr, \" Hint: IPv6 subnet must be at least /66 \\n\");\n exit(1);\n }\n\n /*\n * Once we've read in the configuration, do the operation that was\n * specified\n */\n switch (masscan->op) {\n case Operation_Default:\n /* Print usage info and exit */\n masscan_usage();\n break;\n\n case Operation_Scan:\n /*\n * THIS IS THE NORMAL THING\n */\n if (rangelist_count(&masscan->targets.ipv4) == 0 && massint128_is_zero(range6list_count(&masscan->targets.ipv6))) {\n /* We check for an empty target list here first, before the excludes,\n * so that we can differentiate error messages after excludes, in case\n * the user specified addresses, but they were removed by excludes. */\n LOG(0, \"FAIL: target IP address list empty\\n\");\n if (has_target_addresses) {\n LOG(0, \" [hint] all addresses were removed by exclusion ranges\\n\");\n } else {\n LOG(0, \" [hint] try something like \\\"--range 10.0.0.0/8\\\"\\n\");\n LOG(0, \" [hint] try something like \\\"--range 192.168.0.100-192.168.0.200\\\"\\n\");\n }\n exit(1);\n }\n if (rangelist_count(&masscan->targets.ports) == 0) {\n if (has_target_ports) {\n LOG(0, \" [hint] all ports were removed by exclusion ranges\\n\");\n } else {\n LOG(0, \"FAIL: no ports were specified\\n\");\n LOG(0, \" [hint] try something like \\\"-p80,8000-9000\\\"\\n\");\n LOG(0, \" [hint] try something like \\\"--ports 0-65535\\\"\\n\");\n }\n return 1;\n }\n return main_scan(masscan);\n\n case Operation_ListScan:\n /* Create a randomized list of IP addresses */\n main_listscan(masscan);\n return 0;\n\n case Operation_List_Adapters:\n /* List the network adapters we might want to use for scanning */\n rawsock_list_adapters();\n break;\n\n case Operation_DebugIF:\n for (i=0; inic_count; i++)\n rawsock_selftest_if(masscan->nic[i].ifname);\n return 0;\n\n case Operation_ReadRange:\n main_readrange(masscan);\n return 0;\n\n case Operation_ReadScan:\n {\n unsigned start;\n unsigned stop;\n\n /* find first file */\n for (start=1; start<(unsigned)argc; start++) {\n if (memcmp(argv[start], \"--readscan\", 10) == 0) {\n start++;\n break;\n }\n }\n\n /* find last file */\n for (stop=start+1; stop<(unsigned)argc && argv[stop][0] != '-'; stop++)\n ;\n\n /*\n * read the binary files, and output them again depending upon\n * the output parameters\n */\n readscan_binary_scanfile(masscan, start, stop, argv);\n\n }\n break;\n\n case Operation_Benchmark:\n printf(\"=== benchmarking (%u-bits) ===\\n\\n\", (unsigned)sizeof(void*)*8);\n blackrock_benchmark(masscan->blackrock_rounds);\n blackrock2_benchmark(masscan->blackrock_rounds);\n smack_benchmark();\n exit(1);\n break;\n\n case Operation_Echo:\n masscan_echo(masscan, stdout, 0);\n exit(0);\n break;\n\n case Operation_EchoAll:\n masscan_echo(masscan, stdout, 0);\n exit(0);\n break;\n\n case Operation_EchoCidr:\n masscan_echo_cidr(masscan, stdout, 0);\n exit(0);\n break;\n\n case Operation_Selftest:\n /*\n * Do a regression test of all the significant units\n */\n {\n int x = 0;\n extern int proto_isakmp_selftest(void);\n \n x += massip_selftest();\n x += ranges6_selftest();\n x += dedup_selftest();\n x += checksum_selftest();\n x += ipv4address_selftest();\n x += ipv6address_selftest();\n x += proto_coap_selftest();\n x += smack_selftest();\n x += sctp_selftest();\n x += base64_selftest();\n x += banner1_selftest();\n x += output_selftest();\n x += siphash24_selftest();\n x += ntp_selftest();\n x += snmp_selftest();\n x += proto_isakmp_selftest();\n x += templ_payloads_selftest();\n x += blackrock_selftest();\n x += rawsock_selftest();\n x += lcg_selftest();\n x += template_selftest();\n x += ranges_selftest();\n x += massip_parse_selftest();\n x += pixie_time_selftest();\n x += rte_ring_selftest();\n x += mainconf_selftest();\n x += zeroaccess_selftest();\n x += nmapserviceprobes_selftest();\n x += rstfilter_selftest();\n x += masscan_app_selftest();\n\n\n if (x != 0) {\n /* one of the selftests failed, so return error */\n fprintf(stderr, \"regression test: failed :( \\n\");\n return 1;\n } else {\n fprintf(stderr, \"regression test: success!\\n\");\n return 0;\n }\n }\n break;\n }\n\n\n return 0;\n}\n\n\n"
},
{
"path": "src/masscan-app.c",
"content": "#include \"masscan-app.h\"\n#include \"util-safefunc.h\"\n\n/******************************************************************************\n * When outputting results, we call this function to print out the type of \n * banner that we've collected\n ******************************************************************************/\nconst char *\nmasscan_app_to_string(enum ApplicationProtocol proto)\n{\n static char tmp[64];\n\n switch (proto) {\n case PROTO_NONE: return \"unknown\";\n case PROTO_HEUR: return \"unknown\";\n case PROTO_SSH1: return \"ssh\";\n case PROTO_SSH2: return \"ssh\";\n case PROTO_HTTP: return \"http\";\n case PROTO_FTP: return \"ftp\";\n case PROTO_DNS_VERSIONBIND: return \"dns-ver\";\n case PROTO_SNMP: return \"snmp\";\n case PROTO_NBTSTAT: return \"nbtstat\";\n case PROTO_SSL3: return \"ssl\";\n case PROTO_SMB: return \"smb\";\n case PROTO_SMTP: return \"smtp\";\n case PROTO_POP3: return \"pop\";\n case PROTO_IMAP4: return \"imap\";\n case PROTO_UDP_ZEROACCESS: return \"zeroaccess\";\n case PROTO_X509_CERT: return \"X509\";\n case PROTO_X509_CACERT: return \"X509CA\";\n case PROTO_HTML_TITLE: return \"title\";\n case PROTO_HTML_FULL: return \"html\";\n case PROTO_NTP: return \"ntp\";\n case PROTO_VULN: return \"vuln\";\n case PROTO_HEARTBLEED: return \"heartbleed\";\n case PROTO_TICKETBLEED: return \"ticketbleed\";\n case PROTO_VNC_OLD: return \"vnc\";\n case PROTO_SAFE: return \"safe\";\n case PROTO_MEMCACHED: return \"memcached\";\n case PROTO_SCRIPTING: return \"scripting\";\n case PROTO_VERSIONING: return \"versioning\";\n case PROTO_COAP: return \"coap\";\n case PROTO_TELNET: return \"telnet\";\n case PROTO_RDP: return \"rdp\";\n case PROTO_HTTP_SERVER: return \"http.server\";\n case PROTO_MC: return \"minecraft\";\n case PROTO_VNC_RFB: return \"vnc\";\n case PROTO_VNC_INFO: return \"vnc-info\";\n case PROTO_ISAKMP: return \"isakmp\";\n \n case PROTO_ERROR: return \"error\";\n \n default:\n snprintf(tmp, sizeof(tmp), \"(%u)\", proto);\n return tmp;\n }\n}\n\n/******************************************************************************\n ******************************************************************************/\nenum ApplicationProtocol\nmasscan_string_to_app(const char *str)\n{\n const static struct {\n const char *name;\n enum ApplicationProtocol value;\n } list[] = {\n {\"ssh1\", PROTO_SSH1},\n {\"ssh2\", PROTO_SSH2},\n {\"ssh\", PROTO_SSH2},\n {\"http\", PROTO_HTTP},\n {\"ftp\", PROTO_FTP},\n {\"dns-ver\", PROTO_DNS_VERSIONBIND},\n {\"snmp\", PROTO_SNMP},\n {\"nbtstat\", PROTO_NBTSTAT},\n {\"ssl\", PROTO_SSL3},\n {\"smtp\", PROTO_SMTP},\n {\"smb\", PROTO_SMB},\n {\"pop\", PROTO_POP3},\n {\"imap\", PROTO_IMAP4},\n {\"x509\", PROTO_X509_CERT},\n {\"x509ca\", PROTO_X509_CACERT},\n {\"zeroaccess\", PROTO_UDP_ZEROACCESS},\n {\"title\", PROTO_HTML_TITLE},\n {\"html\", PROTO_HTML_FULL},\n {\"ntp\", PROTO_NTP},\n {\"vuln\", PROTO_VULN},\n {\"heartbleed\", PROTO_HEARTBLEED},\n {\"ticketbleed\", PROTO_TICKETBLEED},\n {\"vnc-old\", PROTO_VNC_OLD},\n {\"safe\", PROTO_SAFE},\n {\"memcached\", PROTO_MEMCACHED},\n {\"scripting\", PROTO_SCRIPTING},\n {\"versioning\", PROTO_VERSIONING},\n {\"coap\", PROTO_COAP},\n {\"telnet\", PROTO_TELNET},\n {\"rdp\", PROTO_RDP},\n {\"http.server\", PROTO_HTTP_SERVER},\n {\"minecraft\", PROTO_MC},\n {\"vnc\", PROTO_VNC_RFB},\n {\"vnc-info\", PROTO_VNC_INFO},\n {\"isakmp\", PROTO_ISAKMP},\n {0,0}\n };\n size_t i;\n\n for (i=0; list[i].name; i++) {\n if (strcmp(str, list[i].name) == 0)\n return list[i].value;\n }\n return 0;\n}\n\nint\nmasscan_app_selftest(void) {\n static const struct {\n unsigned enumid;\n unsigned expected;\n } tests[] = {\n {PROTO_SNMP, 7},\n {PROTO_X509_CERT, 15},\n {PROTO_HTTP_SERVER, 31},\n {0,0}\n };\n size_t i;\n \n /* The ENUM contains fixed values in external files,\n * so programmers should only add onto its end, not\n * the middle. This self-test will verify that\n * a programmer hasn't made this mistake.\n */\n for (i=0; tests[i].enumid != 0; i++) {\n unsigned enumid = tests[i].enumid;\n unsigned expected = tests[i].expected;\n \n /* YOU ADDED AN ENUM IN THE MIDDLE INSTEAD ON THE END OF THE LIST */\n if (enumid != expected) {\n fprintf(stderr, \"[-] %s:%u fail\\n\", __FILE__, (unsigned)__LINE__);\n fprintf(stderr, \"[-] enum expected=%u, found=%u\\n\", 30, PROTO_HTTP_SERVER);\n return 1;\n }\n }\n \n return 0;\n}\n"
},
{
"path": "src/masscan-app.h",
"content": "#ifndef MASSCAN_APP_H\n#define MASSCAN_APP_H\n\n/*\n * WARNING: these constants are used in files, so don't change the values.\n * Add new ones onto the end\n */\nenum ApplicationProtocol {\n PROTO_NONE,\n PROTO_HEUR,\n PROTO_SSH1,\n PROTO_SSH2,\n PROTO_HTTP,\n PROTO_FTP,\n PROTO_DNS_VERSIONBIND,\n PROTO_SNMP, /* 7 - simple network management protocol, udp/161 */\n PROTO_NBTSTAT, /* 8 - netbios, udp/137 */\n PROTO_SSL3,\n PROTO_SMB, /* 10 - SMB tcp/139 and tcp/445 */\n PROTO_SMTP, /* 11 - transfering email */\n PROTO_POP3, /* 12 - fetching email */\n PROTO_IMAP4, /* 13 - fetching email */\n PROTO_UDP_ZEROACCESS,\n PROTO_X509_CERT, /* 15 - just the cert */\n PROTO_X509_CACERT,\n PROTO_HTML_TITLE,\n PROTO_HTML_FULL,\n PROTO_NTP, /* 19 - network time protocol, udp/123 */\n PROTO_VULN,\n PROTO_HEARTBLEED,\n PROTO_TICKETBLEED,\n PROTO_VNC_OLD,\n PROTO_SAFE,\n PROTO_MEMCACHED, /* 25 - memcached */\n PROTO_SCRIPTING,\n PROTO_VERSIONING,\n PROTO_COAP, /* 28 - constrained app proto, udp/5683, RFC7252 */\n PROTO_TELNET, /* 29 - ye old remote terminal */\n PROTO_RDP, /* 30 - Microsoft Remote Desktop Protocol tcp/3389 */\n PROTO_HTTP_SERVER, /* 31 - HTTP \"Server:\" field */\n PROTO_MC, /* 32 - Minecraft server */\n PROTO_VNC_RFB,\n PROTO_VNC_INFO,\n PROTO_ISAKMP, /* 35 - IPsec key exchange */\n \n PROTO_ERROR,\n\n PROTO_end_of_list /* must be last one */\n};\n\nconst char *\nmasscan_app_to_string(enum ApplicationProtocol proto);\n\nenum ApplicationProtocol\nmasscan_string_to_app(const char *str);\n\nint\nmasscan_app_selftest(void);\n\n#endif\n"
},
{
"path": "src/masscan-status.h",
"content": "#ifndef MASSCAN_STATUS_H\n#define MASSCAN_STATUS_H\n\n#if 0\nenum PortStatus {\n Port_Unknown,\n Port_Open,\n Port_Closed,\n Port_IcmpEchoResponse,\n Port_UdpOpen,\n Port_UdpClosed,\n Port_SctpOpen,\n Port_SctpClosed,\n Port_ArpOpen,\n};\n#endif\n\nenum PortStatus {\n PortStatus_Unknown,\n PortStatus_Open,\n PortStatus_Closed,\n PortStatus_Arp,\n PortStatus_Count\n\n};\n\n\n\n#endif\n"
},
{
"path": "src/masscan-version.h",
"content": "#ifndef MASSCAN_VERSION\n\n#define MASSCAN_VERSION \"1.3.9-integration\"\n\n#endif\n\n"
},
{
"path": "src/masscan.h",
"content": "#ifndef MASSCAN_H\n#define MASSCAN_H\n#include \"massip-addr.h\"\n#include \"util-safefunc.h\"\n#include \"stack-src.h\"\n#include \"massip.h\"\n#include \"util-bool.h\"\n#include \n#include \n#include \n#include \n\n#include \"massip.h\"\n#include \"stack-queue.h\"\n\nstruct Adapter;\nstruct TemplateSet;\nstruct Banner1;\nstruct TemplateOptions;\n\n/**\n * This is the \"operation\" to be performed by masscan, which is almost always\n * to \"scan\" the network. However, there are some lesser operations to do\n * instead, like run a \"regression self test\", or \"debug\", or something else\n * instead of scanning. We parse the command-line in order to figure out the\n * proper operation\n */\nenum Operation {\n Operation_Default = 0, /* nothing specified, so print usage */\n Operation_List_Adapters = 1, /* --listif */\n Operation_Selftest = 2, /* --selftest or --regress */\n Operation_Scan = 3, /* this is what you expect */\n Operation_DebugIF = 4, /* --debug if */\n Operation_ListScan = 5, /* -sL */\n Operation_ReadScan = 6, /* --readscan */\n Operation_ReadRange = 7, /* --readrange */\n Operation_Benchmark = 8, /* --benchmark */\n Operation_Echo = 9, /* --echo */\n Operation_EchoAll = 10, /* --echo-all */\n Operation_EchoCidr = 11, /* --echo-cidr */\n};\n\n/**\n * The format of the output. If nothing is specified, then the default will\n * be \"--interactive\", meaning that we'll print to the command-line live as\n * results come in. Only one output format can be specified, except that\n * \"--interactive\" can be specified alongside any of the other ones.\n */\nenum OutputFormat {\n Output_Default = 0x0000,\n Output_Interactive = 0x0001, /* --interactive, print to cmdline */\n Output_List = 0x0002,\n Output_Binary = 0x0004, /* -oB, \"binary\", the primary format */\n Output_XML = 0x0008, /* -oX, \"xml\" */\n Output_JSON = 0x0010, /* -oJ, \"json\" */\n Output_NDJSON = 0x0011, /* -oD, \"ndjson\" */\n Output_Nmap = 0x0020,\n Output_ScriptKiddie = 0x0040,\n Output_Grepable = 0x0080, /* -oG, \"grepable\" */\n Output_Redis = 0x0100, \n Output_Unicornscan = 0x0200, /* -oU, \"unicornscan\" */\n Output_None = 0x0400,\n Output_Certs = 0x0800,\n Output_Hostonly = 0x1000, /* -oH, \"hostonly\" */\n Output_All = 0xFFBF, /* not supported */\n};\n\n\n/**\n * Holds the list of TCP \"hello\" payloads, specified with the \"--hello-file\"\n * or \"--hello-string\" options\n */\nstruct TcpCfgPayloads\n{\n /** The \"hello\" data in base64 format. This is either the base64 string\n * specified in the cmdline/cfgfile with \"--hello-string\", or the \n * contents of a file specified with \"--hello-file\" that we've converted\n * into base64 */\n char *payload_base64;\n \n /** The TCP port that this hello belongs to */\n unsigned port;\n \n /** These configuration options are stored as a linked-list */\n struct TcpCfgPayloads *next;\n};\n\n\n\n\n/**\n * This is the master MASSCAN configuration structure. It is created on startup\n * by reading the command-line and parsing configuration files.\n *\n * Once read in at the start, this structure doesn't change. The transmit\n * and receive threads have only a \"const\" pointer to this structure.\n */\nstruct Masscan\n{\n /**\n * What this program is doing, which is normally \"Operation_Scan\", but\n * which can be other things, like \"Operation_SelfTest\"\n */\n enum Operation op;\n \n struct {\n unsigned tcp:1;\n unsigned udp:1; /* -sU */\n unsigned sctp:1;\n unsigned ping:1; /* --ping, ICMP echo */\n unsigned arp:1; /* --arp, local ARP scan */\n unsigned oproto:1; /* -sO */\n } scan_type;\n \n /**\n * After scan type has been configured, add these ports. In other words,\n * the user may specify `-sU` or `-sT` after the `--top-ports` parameter,\n * so we have to wait until after parsing arguments to fill in the ports.\n */\n unsigned top_ports;\n \n /**\n * Temporary file to echo parameters to, used for saving configuration\n * to a file\n */\n FILE *echo;\n unsigned echo_all;\n\n /**\n * One or more network adapters that we'll use for scanning. Each adapter\n * should have a separate set of IP source addresses, except in the case\n * of PF_RING dnaX:Y adapters.\n */\n struct {\n char ifname[256];\n struct Adapter *adapter;\n struct stack_src_t src;\n macaddress_t source_mac;\n macaddress_t router_mac_ipv4;\n macaddress_t router_mac_ipv6;\n ipv4address_t router_ip;\n int link_type; /* libpcap definitions */\n unsigned char my_mac_count; /*is there a MAC address? */\n unsigned vlan_id;\n unsigned is_vlan:1;\n unsigned is_usable:1;\n } nic[8];\n unsigned nic_count;\n\n /**\n * The target ranges of IPv4 addresses that are included in the scan.\n * The user can specify anything here, and we'll resolve all overlaps\n * and such, and sort the target ranges.\n */\n struct MassIP targets;\n \n /**\n * IPv4 addresses/ranges that are to be excluded from the scan. This takes\n * precedence over any 'include' statement. What happens is this: after\n * all the configuration has been read, we then apply the exclude/blacklist\n * on top of the target/whitelist, leaving only a target/whitelist left.\n * Thus, during the scan, we only choose from the target/whitelist and\n * don't consult the exclude/blacklist.\n */\n struct MassIP exclude;\n\n /**\n * Only output these types of banners\n */\n struct RangeList banner_types;\n\n\n /**\n * Maximum rate, in packets-per-second (--rate parameter). This can be\n * a fraction of a packet-per-second, or be as high as 30000000.0 (or\n * more actually, but I've only tested to 30megapps).\n */\n double max_rate;\n\n /**\n * Number of retries (--retries or --max-retries parameter). Retries\n * happen a few seconds apart.\n */\n unsigned retries;\n\n \n unsigned is_pfring:1; /* --pfring */\n unsigned is_sendq:1; /* --sendq */\n unsigned is_banners:1; /* --banners */\n unsigned is_banners_rawudp:1; /* --rawudp */\n unsigned is_offline:1; /* --offline */\n unsigned is_noreset:1; /* --noreset, don't transmit RST */\n unsigned is_gmt:1; /* --gmt, all times in GMT */\n unsigned is_capture_cert:1; /* --capture cert */\n unsigned is_capture_html:1; /* --capture html */\n unsigned is_capture_heartbleed:1; /* --capture heartbleed */\n unsigned is_capture_ticketbleed:1; /* --capture ticket */\n unsigned is_test_csv:1; /* (temporary testing feature) */\n unsigned is_infinite:1; /* -infinite */\n unsigned is_readscan:1; /* --readscan, Operation_Readscan */\n unsigned is_heartbleed:1; /* --heartbleed, scan for this vuln */\n unsigned is_ticketbleed:1; /* --ticketbleed, scan for this vuln */\n unsigned is_poodle_sslv3:1; /* --vuln poodle, scan for this vuln */\n unsigned is_hello_ssl:1; /* --ssl, use SSL HELLO on all ports */\n unsigned is_hello_smbv1:1; /* --smbv1, use SMBv1 hello, instead of v1/v2 hello */\n unsigned is_hello_http:1; /* --hello=http, use HTTP on all ports */\n unsigned is_scripting:1; /* whether scripting is needed */\n unsigned is_capture_servername:1; /* --capture servername */\n\n /** Packet template options, such as whether we should add a TCP MSS\n * value, or remove it from the packet */\n struct TemplateOptions *templ_opts; /* e.g. --tcpmss */\n\n /**\n * Wait forever for responses, instead of the default 10 seconds\n */\n unsigned wait;\n\n /**\n * --resume\n * This structure contains options for pausing the scan (by exiting the\n * program) and restarting it later.\n */\n struct {\n /** --resume-index */\n uint64_t index;\n \n /** --resume-count */\n uint64_t count;\n \n /** Derives the --resume-index from the target ip:port */\n struct {\n unsigned ip;\n unsigned port;\n } target;\n } resume;\n\n /**\n * --shard n/m\n * This is used for distributing a scan across multiple \"shards\". Every\n * shard in the scan must know the total number of shards, and must also\n * know which of those shards is it's identity. Thus, shard 1/5 scans\n * a different range than 2/5. These numbers start at 1, so it's\n * 1/3 (#1 out of three), 2/3, and 3/3 (but not 0/3).\n */\n struct {\n unsigned one;\n unsigned of;\n } shard;\n\n /**\n * The packet template set we are current using. We store a binary template\n * for TCP, UDP, SCTP, ICMP, and so on. All the scans using that protocol\n * are then scanned using that basic template. IP and TCP options can be\n * added to the basic template without affecting any other component\n * of the system.\n */\n struct TemplateSet *pkt_template;\n\n /**\n * A random seed for randomization if zero, otherwise we'll use\n * the configured seed for repeatable tests.\n */\n uint64_t seed;\n \n /**\n * This block configures what we do for the output files\n */\n struct OutputStuff {\n \n /**\n * --output-format\n * Examples are \"xml\", \"binary\", \"json\", \"ndjson\", \"grepable\", and so on.\n */\n enum OutputFormat format;\n \n /**\n * --output-filename\n * The name of the file where we are storing scan results.\n * Note: the filename \"-\" means that we should send the file to\n * rather than to a file.\n */\n char filename[256];\n \n /**\n * A feature of the XML output where we can insert an optional \n * stylesheet into the file for better rendering on web browsers\n */\n char stylesheet[256];\n\n /**\n * --append\n * We should append to the output file rather than overwriting it.\n */\n unsigned is_append:1;\n \n /**\n * --json-status\n * Print each status update line to stderr as JSON ending with a newline\n *\n * This only applies to the three types of status lines that are printed\n * in status_print(); it does *not* apply to things like startup messages,\n * error messages or discovery of individual ports\n *\n */\n bool is_status_ndjson;\n\n /**\n * --open\n * --open-only\n * --show open\n * Whether to show open ports\n */\n unsigned is_show_open:1;\n \n /**\n * --show closed\n * Whether to show closed ports (i.e. RSTs)\n */\n unsigned is_show_closed:1;\n \n /**\n * --show host\n * Whether to show host messages other than closed ports\n */\n unsigned is_show_host:1;\n \n /**\n * print reason port is open, which is redundant for us \n */\n unsigned is_reason:1;\n \n /**\n * --interactive\n * Print to command-line while also writing to output file. This isn't\n * needed if the output format is already 'interactive' (the default),\n * but only if the default output format is anything else, and the\n * user also wants interactivity.\n */\n unsigned is_interactive:1;\n \n /**\n * Print state updates\n */\n unsigned is_status_updates:1;\n\n struct {\n /**\n * When we should rotate output into the target directory\n */\n unsigned timeout;\n \n /**\n * When doing \"--rotate daily\", the rotation is done at GMT. In \n * order to fix this, add an offset.\n */\n unsigned offset;\n \n /**\n * Instead of rotating by timeout, we can rotate by filesize \n */\n uint64_t filesize;\n \n /**\n * The directory to which we store rotated files\n */\n char directory[256];\n } rotate;\n } output;\n\n struct {\n unsigned data_length; /* number of bytes to randomly append */\n unsigned ttl; /* starting IP TTL field */\n unsigned badsum; /* bad TCP/UDP/SCTP checksum */\n\n unsigned packet_trace:1; /* print transmit messages */\n \n char datadir[256];\n } nmap;\n\n char pcap_filename[256];\n\n struct {\n unsigned timeout;\n } tcb;\n\n struct {\n char *pcap_payloads_filename;\n char *nmap_payloads_filename;\n char *nmap_service_probes_filename;\n \n struct PayloadsUDP *udp;\n struct PayloadsUDP *oproto;\n struct TcpCfgPayloads *tcp;\n struct NmapServiceProbeList *probes;\n } payloads;\n \n /** Reconfigure the HTTP header */\n struct {\n /* Method */\n unsigned char *method;\n size_t method_length;\n\n /* URL */\n unsigned char *url;\n size_t url_length;\n\n /* Version */\n unsigned char *version;\n size_t version_length;\n\n /* Host */\n unsigned char *host;\n size_t host_length;\n\n /* User-Agent */\n unsigned char *user_agent;\n size_t user_agent_length;\n\n /* Payload after the header*/\n unsigned char *payload;\n size_t payload_length;\n\n /* Headers */\n struct {\n const char *name;\n unsigned char *value;\n size_t value_length;\n } headers[16];\n size_t headers_count;\n\n /* Cookies */\n struct {\n unsigned char *value;\n size_t value_length;\n } cookies[16];\n size_t cookies_count;\n\n /* Remove */\n struct {\n unsigned char *name;\n } remove[16];\n size_t remove_count;\n } http;\n\n unsigned tcp_connection_timeout;\n \n /** Number of seconds to wait for a 'hello' from the server before\n * giving up and sending a 'hello' from the client. Should be a small\n * value when doing scans that expect client-side hellos, like HTTP or\n * SSL, but should be a longer value when doing scans that expect server\n * hellos, such as FTP or VNC */\n unsigned tcp_hello_timeout;\n\n\n char *bpf_filter;\n\n struct {\n ipaddress ip;\n char *password;\n unsigned port;\n } redis;\n\n\n\n /**\n * --min-packet\n */\n unsigned min_packet_size;\n\n /**\n * Number of rounds for randomization\n * --blackrock-rounds\n */\n unsigned blackrock_rounds;\n \n /**\n * --script \n */\n struct {\n /* The name (filename) of the script to run */\n char *name;\n \n /* The script VM */\n struct lua_State *L;\n } scripting;\n\n \n /**\n * --vuln \n * The name of a vuln to check, like \"poodle\"\n */\n const char *vuln_name;\n\n};\n\n\nint mainconf_selftest(void);\nvoid masscan_read_config_file(struct Masscan *masscan, const char *filename);\nvoid masscan_command_line(struct Masscan *masscan, int argc, char *argv[]);\nvoid masscan_usage(void);\nvoid masscan_save_state(struct Masscan *masscan);\nvoid main_listscan(struct Masscan *masscan);\n\n/**\n * Load databases, such as:\n * - nmap-payloads\n * - nmap-service-probes\n * - pcap-payloads\n */\nvoid masscan_load_database_files(struct Masscan *masscan);\n\n/**\n * Pre-scan the command-line looking for options that may affect how\n * previous options are handled. This is a bit of a kludge, really.\n */\nint masscan_conf_contains(const char *x, int argc, char **argv);\n\n/**\n * Called to set a pair.\n */\nvoid\nmasscan_set_parameter(struct Masscan *masscan,\n const char *name, const char *value);\n\n\n\n/**\n * Discover the local network adapter parameters, such as which\n * MAC address we are using and the MAC addresses of the\n * local routers.\n */\nint\nmasscan_initialize_adapter(\n struct Masscan *masscan,\n unsigned index,\n macaddress_t *source_mac,\n macaddress_t *router_mac_ipv4,\n macaddress_t *router_mac_ipv6);\n\n/**\n * Echoes the settings to the command-line. By default, echoes only\n * non-default values. With \"echo-all\", everything is echoed.\n */\nvoid\nmasscan_echo(struct Masscan *masscan, FILE *fp, unsigned is_echo_all);\n\n/**\n * Echoes the list of CIDR ranges to scan.\n */\nvoid\nmasscan_echo_cidr(struct Masscan *masscan, FILE *fp, unsigned is_echo_all);\n\n#endif\n"
},
{
"path": "src/massip-addr.c",
"content": "#include \"massip-addr.h\"\n#include \n\n\n/**\n * Holds the output string, so that we can append to it without\n * overflowing buffers. The _append_xxx() functions below append\n * to this string.\n */\ntypedef struct stream_t {\n char *buf;\n size_t offset;\n size_t length;\n} stream_t;\n\n/**\n * Append a character to the output string. All the other _append_xxx()\n * functions call this one, so this is the only one where a\n * buffer-overflow can occur.\n */\nstatic void\n_append_char(stream_t *out, char c)\n{\n if (out->offset < out->length)\n out->buf[out->offset++] = c;\n\n /* keep the string nul terminated as we build it */\n if (out->offset < out->length)\n out->buf[out->offset] = '\\0';\n}\n\nstatic void\n_append_ipv6(stream_t *out, const unsigned char *ipv6)\n{\n static const char hex[] = \"0123456789abcdef\";\n size_t i;\n int is_ellision = 0;\n\n /* An IPv6 address is printed as a series of 2-byte hex words\n * separated by colons :, for a total of 16-bytes */\n for (i = 0; i < 16; i += 2) {\n unsigned n = ipv6[i] << 8 | ipv6[i + 1];\n\n /* Handle the ellision case. A series of words with a value\n * of 0 can be removed completely, replaced by an extra colon */\n if (n == 0 && !is_ellision) {\n is_ellision = 1;\n while (i < 13 && ipv6[i + 2] == 0 && ipv6[i + 3] == 0)\n i += 2;\n _append_char(out, ':');\n\n /* test for all-zero address, in which case the output\n * will be \"::\". */\n while (i == 14 && ipv6[i] == 0 && ipv6[i + 1] == 0){\n i=16;\n _append_char(out, ':');\n }\n continue;\n }\n\n /* Print the colon between numbers. Fence-post alert: only colons\n * between numbers are printed, not at the beginning or end of the\n * string */\n if (i)\n _append_char(out, ':');\n\n /* Print the digits. Leading zeroes are not printed */\n if (n >> 12)\n _append_char(out, hex[(n >> 12) & 0xF]);\n if (n >> 8)\n _append_char(out, hex[(n >> 8) & 0xF]);\n if (n >> 4)\n _append_char(out, hex[(n >> 4) & 0xF]);\n _append_char(out, hex[(n >> 0) & 0xF]);\n }\n}\n\nstruct ipaddress_formatted ipv6address_fmt(ipv6address a)\n{\n struct ipaddress_formatted out;\n unsigned char tmp[16];\n size_t i;\n stream_t s;\n\n /*\n * Convert address into a sequence of bytes. Our code\n * here represents an IPv6 address as two 64-bit numbers, but\n * the formatting code above that we copied from a different\n * project represents it as an array of bytes.\n */\n for (i=0; i<16; i++) {\n uint64_t x;\n if (i<8)\n x = a.hi;\n else\n x = a.lo;\n x >>= (7 - (i%8)) * 8;\n\n tmp[i] = (unsigned char)(x & 0xFF);\n }\n\n /* Call the formatting function */\n s.buf = out.string;\n s.offset = 0;\n s.length = sizeof(out.string);\n _append_ipv6(&s, tmp);\n\n return out;\n}\n\n/**\n * Append a decimal integer.\n */\nstatic void\n_append_decimal(stream_t *out, unsigned long long n)\n{\n char tmp[64];\n size_t tmp_offset = 0;\n\n /* Create temporary string */\n while (n >= 10) {\n unsigned digit = n % 10;\n n /= 10;\n tmp[tmp_offset++] = (char)('0' + digit);\n }\n \n /* the final digit, may be zero */\n tmp[tmp_offset++] = (char)('0' + n);\n\n /* Copy the result backwards */\n while (tmp_offset)\n _append_char(out, tmp[--tmp_offset]);\n}\nstatic void\n_append_hex2(stream_t *out, unsigned long long n)\n{\n static const char hex[17] = \"0123456789abcdef\";\n \n _append_char(out, hex[(n>>4)&0xF]);\n _append_char(out, hex[(n>>0)&0xF]);\n}\n\nstruct ipaddress_formatted ipv4address_fmt(ipv4address ip)\n{\n struct ipaddress_formatted out;\n stream_t s;\n\n\n /* Call the formatting function */\n s.buf = out.string;\n s.offset = 0;\n s.length = sizeof(out.string);\n\n _append_decimal(&s, (ip >> 24) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 16) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 8) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 0) & 0xFF);\n\n return out;\n}\n\nstruct ipaddress_formatted macaddress_fmt(macaddress_t mac)\n{\n struct ipaddress_formatted out;\n stream_t s;\n\n\n /* Call the formatting function */\n s.buf = out.string;\n s.offset = 0;\n s.length = sizeof(out.string);\n\n _append_hex2(&s, mac.addr[0]);\n _append_char(&s, '-');\n _append_hex2(&s, mac.addr[1]);\n _append_char(&s, '-');\n _append_hex2(&s, mac.addr[2]);\n _append_char(&s, '-');\n _append_hex2(&s, mac.addr[3]);\n _append_char(&s, '-');\n _append_hex2(&s, mac.addr[4]);\n _append_char(&s, '-');\n _append_hex2(&s, mac.addr[5]);\n\n return out;\n}\n\nstruct ipaddress_formatted ipaddress_fmt(ipaddress a)\n{\n struct ipaddress_formatted out;\n stream_t s;\n ipv4address ip = a.ipv4;\n\n if (a.version == 6) {\n return ipv6address_fmt(a.ipv6);\n }\n\n\n /* Call the formatting function */\n s.buf = out.string;\n s.offset = 0;\n s.length = sizeof(out.string);\n\n _append_decimal(&s, (ip >> 24) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 16) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 8) & 0xFF);\n _append_char(&s, '.');\n _append_decimal(&s, (ip >> 0) & 0xFF);\n\n return out;\n}\n\n\nstatic unsigned _count_long(uint64_t number)\n{\n unsigned i;\n unsigned count = 0;\n for (i=0; i<64; i++) {\n if ((number >> i) & 1)\n count = i + 1;\n }\n return count;\n}\n\n/**\n * Find the number of bits needed to hold the integer. In other words,\n * the number 0x64 would need 7 bits to store it.\n *\n * We use this to count the size of scans. We currently only support\n * scan sizes up to 63 bits.\n */\nunsigned massint128_bitcount(massint128_t number)\n{\n if (number.hi)\n return _count_long(number.hi) + 64;\n else\n return _count_long(number.lo);\n}\n\nipv6address_t ipv6address_add_uint64(ipv6address_t lhs, uint64_t rhs) {\n lhs.lo += rhs;\n if (lhs.lo < rhs) {\n lhs.hi += 1;\n }\n return lhs;\n}\n\nipv6address_t ipv6address_subtract(ipv6address_t lhs, ipv6address_t rhs) {\n ipv6address_t difference;\n difference.hi = lhs.hi - rhs.hi;\n difference.lo = lhs.lo - rhs.lo;\n\n /* check for underflow */\n if (difference.lo > lhs.lo)\n difference.hi -= 1;\n return difference;\n}\n\nipv6address_t ipv6address_add(ipv6address_t lhs, ipv6address_t rhs) {\n ipv6address_t sum;\n sum.hi = lhs.hi + rhs.hi;\n sum.lo = lhs.lo - rhs.lo;\n\n /* check for underflow */\n if (sum.lo > lhs.lo)\n sum.hi += 1;\n return sum;\n}\n\n\nint ipv6address_selftest(void)\n{\n struct test_pair {\n const char *name; // Human-readable IPv6 address string\n struct ipaddress ip_addr; // IP address (union)\n };\n /* Probably overkill, added while investigating issue #796 */\n struct test_pair tests[] = {\n {\"2001:db8:ac10:fe01::2\", {.ipv6 = {0x20010db8ac10fe01, 0x0000000000000002}, .version = 6}},\n {\"2607:f8b0:4000::1\", {.ipv6 = {0x2607f8b040000000, 0x0000000000000001}, .version = 6}},\n {\"fd12:3456:7890:abcd:ef00::1\", {.ipv6 = {0xfd1234567890abcd, 0xef00000000000001}, .version = 6}},\n {\"::1\", {.ipv6 = {0x0000000000000000, 0x0000000000000001}, .version = 6}},\n {\"1::\", {.ipv6 = {0x0001000000000000, 0x0000000000000000}, .version = 6}},\n {\"1::2\", {.ipv6 = {0x0001000000000000, 0x0000000000000002}, .version = 6}},\n {\"2::1\", {.ipv6 = {0x0002000000000000, 0x0000000000000001}, .version = 6}},\n {\"1:2::\", {.ipv6 = {0x0001000200000000, 0x0000000000000000}, .version = 6}},\n {NULL, {{0, 0}, 0}}\n };\n\n int x = 0;\n ipaddress ip;\n struct ipaddress_formatted fmt;\n\n for (int i = 0; tests[i].name != NULL; i++) {\n fmt = ipaddress_fmt(tests[i].ip_addr);\n if (strcmp(fmt.string, tests[i].name) != 0)\n x++;\n }\n return x;\n}\n\nint ipv4address_selftest(void)\n{\n int x = 0;\n ipaddress ip;\n struct ipaddress_formatted fmt;\n\n ip.version = 4;\n ip.ipv4 = 0x01FF00A3;\n\n fmt = ipaddress_fmt(ip);\n if (strcmp(fmt.string, \"1.255.0.163\") != 0)\n x++;\n\n return x;\n}\n\nint ipv6address_is_equal_prefixed(ipv6address_t lhs, ipv6address_t rhs, unsigned prefix)\n{\n ipv6address mask;\n \n /* If the prefix is bad, then the answer is 'no'. */\n if (prefix > 128) {\n return 0;\n }\n\n /* Create the mask from the prefix */\n if (prefix > 64)\n mask.hi = ~0ULL;\n else if (prefix == 0)\n mask.hi = 0;\n else\n mask.hi = ~0ULL << (64 - prefix);\n \n if (prefix > 64)\n mask.lo = ~0ULL << (128 - prefix);\n else\n mask.lo = 0;\n\n /* Mask off any non-zero bits from both addresses */\n lhs.hi &= mask.hi;\n lhs.lo &= mask.lo;\n rhs.hi &= mask.hi;\n rhs.lo &= mask.lo;\n\n /* Now do a normal compare */\n return ipv6address_is_equal(lhs, rhs);\n}\n"
},
{
"path": "src/massip-addr.h",
"content": "/*\n Simple module for handling addresses (IPv6, IPv4, MAC).\n Also implements a 128-bit type for dealing with addresses.\n \n This is the module that almost all the other code depends\n upon, because everything else deals with the IP address\n types defined here.\n \n*/\n#ifndef MASSIP_ADDR_H\n#define MASSIP_ADDR_H\n#include \n#include \n\n#if defined(_MSC_VER) && !defined(inline)\n#define inline __inline\n#endif\n#if defined(_MSC_VER)\n#pragma warning(disable: 4201)\n#endif\n\n/**\n * An IPv6 address is represented as two 64-bit integers instead of a single\n * 128-bit integer. This is because currently (year 2020) most compilers\n * do not support the `uint128_t` type, but all relevant ones do support\n * the `uint64_t` type.\n */\nstruct ipv6address {uint64_t hi; uint64_t lo;};\ntypedef struct ipv6address ipv6address;\ntypedef struct ipv6address ipv6address_t;\n\n/**\n * IPv4 addresses are represented simply with an integer.\n */\ntypedef unsigned ipv4address;\ntypedef ipv4address ipv4address_t;\n\n/**\n * MAC address (layer 2). Since we have canonical types for IPv4/IPv6\n * addresses, we may as well have a canonical type for MAC addresses,\n * too.\n */\nstruct macaddress_t {unsigned char addr[6];};\ntypedef struct macaddress_t macaddress_t;\n\n/**\n * In many cases we need to do arithmetic on IPv6 addresses, treating\n * them as a large 128-bit integer. Thus, we declare our own 128-bit\n * integer type (and some accompanying math functions). But it's\n * still just the same as a 128-bit integer.\n */\ntypedef ipv6address massint128_t;\n\n\n/**\n * Most of the code in this project is agnostic to the version of IP\n * addresses (IPv4 or IPv6). Therefore, we represent them as a union\n * distinguished by a version number. The `version` is an integer\n * with a value of either 4 or 6.\n */\nstruct ipaddress {\n union {\n unsigned ipv4;\n ipv6address ipv6;\n };\n unsigned char version;\n};\ntypedef struct ipaddress ipaddress;\n\n/** @return true if the IPv6 address is zero [::] */\nstatic inline int ipv6address_is_zero(ipv6address_t a) {\n return a.hi == 0 && a.lo == 0;\n}\n#define massint128_is_zero ipv6address_is_zero\n\n/** The IPv6 address [FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]\n * is invalid */\nstatic inline int ipv6address_is_invalid(ipv6address_t a) {\n return a.hi == ~0ULL && a.lo == ~0ULL;\n}\n\n\n/** Compare two IPv6 addresses */\nstatic inline int ipv6address_is_equal(ipv6address_t a, ipv6address_t b) {\n return a.hi == b.hi && a.lo == b.lo;\n}\n\nstatic inline int ipaddress_is_equal(ipaddress a, ipaddress b) {\n if (a.version != b.version)\n return 0;\n if (a.version == 4) {\n return a.ipv4 == b.ipv4;\n } else if (a.version == 6) {\n return ipv6address_is_equal(a.ipv6, b.ipv6);\n } else\n return 0;\n}\n\n/** Compare two IPv6 addresses, to see which one comes frist. This is used\n * in sorting the addresses\n * @return true if a < b, false otherwise */\nstatic inline int ipv6address_is_lessthan(ipv6address_t a, ipv6address_t b) {\n return (a.hi == b.hi)?(a.lo < b.lo):(a.hi < b.hi);\n}\n\n/**\n * Mask the lower bits of each address and test if the upper bits are equal\n */\nint ipv6address_is_equal_prefixed(ipv6address_t lhs, ipv6address_t rhs, unsigned prefix);\n\nipv6address_t ipv6address_add_uint64(ipv6address_t lhs, uint64_t rhs);\nipv6address_t ipv6address_subtract(ipv6address_t lhs, ipv6address_t rhs);\nipv6address_t ipv6address_add(ipv6address_t lhs, ipv6address_t rhs);\n\n/**\n * Given a typical EXTERNAL representation of an IPv6 address, which is\n * an array of 16 bytes, convert to the canonical INTERNAL address.\n */\nstatic inline ipv6address ipv6address_from_bytes(const unsigned char *buf) {\n ipv6address addr;\n addr.hi = (uint64_t)buf[ 0] << 56\n | (uint64_t)buf[ 1] << 48\n | (uint64_t)buf[ 2] << 40\n | (uint64_t)buf[ 3] << 32\n | (uint64_t)buf[ 4] << 24\n | (uint64_t)buf[ 5] << 16\n | (uint64_t)buf[ 6] << 8\n | (uint64_t)buf[ 7] << 0;\n addr.lo = (uint64_t)buf[ 8] << 56\n | (uint64_t)buf[ 9] << 48\n | (uint64_t)buf[10] << 40\n | (uint64_t)buf[11] << 32\n | (uint64_t)buf[12] << 24\n | (uint64_t)buf[13] << 16\n | (uint64_t)buf[14] << 8\n | (uint64_t)buf[15] << 0;\n return addr;\n}\n\n/**\n * Given a typical EXTERNAL representation of an Ethernet MAC address,\n * which is an array of 6 bytes, convert to the canonical INTERNAL address.\n */\nstatic inline macaddress_t macaddress_from_bytes(const void *vbuf)\n{\n const unsigned char *buf = (const unsigned char *)vbuf;\n macaddress_t result;\n result.addr[0] = buf[0];\n result.addr[1] = buf[1];\n result.addr[2] = buf[2];\n result.addr[3] = buf[3];\n result.addr[4] = buf[4];\n result.addr[5] = buf[5];\n return result;\n}\n\n/** Test if the Ethernet MAC address is all zeroes */\nstatic inline int macaddress_is_zero(macaddress_t mac)\n{\n return mac.addr[0] == 0\n && mac.addr[1] == 0\n && mac.addr[2] == 0\n && mac.addr[3] == 0\n && mac.addr[4] == 0\n && mac.addr[5] == 0;\n}\n\n/** Compare two Ethernet MAC addresses to see if they are equal */\nstatic inline int macaddress_is_equal(macaddress_t lhs, macaddress_t rhs)\n{\n return lhs.addr[0] == rhs.addr[0]\n && lhs.addr[1] == rhs.addr[1]\n && lhs.addr[2] == rhs.addr[2]\n && lhs.addr[3] == rhs.addr[3]\n && lhs.addr[4] == rhs.addr[4]\n && lhs.addr[5] == rhs.addr[5];\n}\n\n/**\n * Return a buffer with the formatted address\n */\ntypedef struct ipaddress_formatted {\n char string[48];\n} ipaddress_formatted_t;\n\nstruct ipaddress_formatted ipv6address_fmt(ipv6address a);\nstruct ipaddress_formatted ipv4address_fmt(ipv4address a);\nstruct ipaddress_formatted ipaddress_fmt(ipaddress a);\nstruct ipaddress_formatted macaddress_fmt(macaddress_t a);\n\nunsigned massint128_bitcount(massint128_t num);\n\n/**\n * @return 0 on success, 1 on failure\n */\nint ipv6address_selftest(void);\nint ipv4address_selftest(void);\n\n#endif\n"
},
{
"path": "src/massip-parse.c",
"content": "/*\n massip-parse\n\n This module parses IPv4 and IPv6 addresses.\n\n It's not a typical parser. It's optimized around parsing large\n files containing millions of addresses and ranges using a \n \"state-machine parser\".\n*/\n#include \"massip.h\"\n#include \"massip-parse.h\"\n#include \"massip-rangesv4.h\"\n#include \"massip-rangesv6.h\"\n#include \"util-logger.h\"\n#include \"util-bool.h\"\n#include \"util-malloc.h\"\n#include \"util-safefunc.h\"\n#include \"unusedparm.h\"\n\n#include \n\nstruct massip_parser\n{\n unsigned long long line_number;\n unsigned long long char_number;\n unsigned state;\n unsigned tmp;\n unsigned char digit_count;\n unsigned addr;\n unsigned begin;\n unsigned end;\n struct {\n ipv6address _begin;\n ipv6address _end;\n unsigned short tmp[8];\n unsigned char index;\n unsigned char ellision_index;\n unsigned is_bracket:1;\n unsigned is_second:1;\n } ipv6;\n};\n\n/***************************************************************************\n ***************************************************************************/\nstatic struct massip_parser *\n_parser_init(struct massip_parser *p)\n{\n memset(p, 0, sizeof(*p));\n p->line_number = 1;\n p->ipv6.ellision_index = 8;\n return p;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\n_parser_destroy(struct massip_parser *p)\n{\n UNUSEDPARM(p);\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\n_parser_err(struct massip_parser *p, unsigned long long *line_number, unsigned long long *charindex)\n{\n *line_number = p->line_number;\n *charindex = p->char_number;\n}\n\n/** \n * Called before parsing the first address in a pair, and also\n * after the first address, to prepare for parsing the next\n * address\n */\nstatic void\n_init_next_address(struct massip_parser *p, int is_second)\n{\n p->tmp = 0;\n p->ipv6.ellision_index = 8;\n p->ipv6.index = 0;\n p->ipv6.is_bracket = 0;\n p->digit_count = 0;\n p->ipv6.is_second = is_second;\n}\n\n\n\nstatic unsigned\n_parser_finish_ipv6(struct massip_parser *p)\n{\n unsigned index = p->ipv6.index;\n unsigned ellision = p->ipv6.ellision_index;\n \n\n /* We must have seen 8 numbers, or an ellision */\n if (index < 8 && ellision >= 8)\n return 1;\n \n /* Handle ellision */\n memmove(\n &p->ipv6.tmp[8-(index-ellision)],\n &p->ipv6.tmp[ellision],\n sizeof(p->ipv6.tmp[0]) * (index-ellision)\n );\n memset(\n &p->ipv6.tmp[ellision],\n 0,\n sizeof(p->ipv6.tmp[0]) * (8 - index)\n );\n \n /* Copy over to begin/end. We parse the address as a series of 16-bit\n * integers, but return the result as two 64-bit integers */\n {\n ipv6address a;\n a.hi = (uint64_t)p->ipv6.tmp[0] << 48ULL\n | (uint64_t)p->ipv6.tmp[1] << 32ULL\n | (uint64_t)p->ipv6.tmp[2] << 16ULL\n | (uint64_t)p->ipv6.tmp[3] << 0ULL;\n a.lo = (uint64_t)p->ipv6.tmp[4] << 48ULL\n | (uint64_t)p->ipv6.tmp[5] << 32ULL\n | (uint64_t)p->ipv6.tmp[6] << 16ULL\n | (uint64_t)p->ipv6.tmp[7] << 0ULL;\n if (p->ipv6.is_second)\n p->ipv6._end = a;\n else {\n p->ipv6._begin = a;\n\n /* Set this here in case there is no 'end' address */\n p->ipv6._end = a;\n }\n }\n\n /* Reset the parser to start parsing the next address */\n _init_next_address(p, 1);\n\n return 0;\n}\n\n/***************************************************************************\n * We store the IPv6 addresses that we are building inside the 'state'\n * of the state-machine. This function copies them out of the opaque\n * state into discrete values.\n ***************************************************************************/\nstatic void\n_parser_get_ipv6(struct massip_parser *state, ipv6address *begin, ipv6address *end)\n{\n *begin = state->ipv6._begin;\n *end = state->ipv6._end;\n}\n\nenum parser_state_t {\n LINE_START, ADDR_START,\n COMMENT,\n NUMBER0, NUMBER1, NUMBER2, NUMBER3, NUMBER_ERR,\n SECOND0, SECOND1, SECOND2, SECOND3, SECOND_ERR,\n IPV4_CIDR_NUM,\n UNIDASH1, UNIDASH2,\n IPV6_BEGIN, IPV6_COLON, IPV6_CIDR, IPV6_CIDR_NUM,\n IPV6_NEXT,\n IPV6_END,\n ERROR\n};\n\n/***************************************************************************\n * When we start parsing an address, we don't know whether it's going to \n * be IPv4 or IPv6. We assume IPv4, but when we hit a condition indicating\n * that it's IPv6 instead, we need change the temporary number we \n * are working on from decimal to hex, then move from the middle of \n * parsing an IPv4 address to the middle of parsing an IPv6 address.\n ***************************************************************************/\nstatic int\n_switch_to_ipv6(struct massip_parser *p, int old_state)\n{\n unsigned num = p->tmp;\n\n num = ((num/1000)%10) * 16 * 16 * 16\n + ((num/100)%10) * 16 * 16\n + ((num/10)%10) * 16\n + (num % 10);\n \n //printf(\"%u -> 0x%x\\n\", p->tmp, num);\n p->tmp = num;\n return old_state;\n}\n\n\nenum {\n IPV4_n, IPV4_nn, IPV4_nnn, IPV4_nnn_, \n IPV4_nnn_n, IPV4_nnn_nn, IPV4_nnn_nnn, IPV4_nnn_nnn_, \n IPV4_nnn_nnn_n, IPV4_nnn_nnn_nn, IPV4_nnn_nnn_nnn, IPV4_nnn_nnn_nnn_,\n IPV4_nnn_nnn_nnn_n, IPV4_nnn_nnn_nnn_nn, IPV4_nnn_nnn_nnn_nnn, IPV4_nnn_nnn_nnn_nnn_,\n IPV4e_n, IPV4e_nn, IPV4e_nnn, IPV4e_nnn_, \n IPV4e_nnn_n, IPV4e_nnn_nn, IPV4e_nnn_nnn, IPV4e_nnn_nnn_, \n IPV4e_nnn_nnn_n, IPV4e_nnn_nnn_nn, IPV4e_nnn_nnn_nnn, IPV4e_nnn_nnn_nnn_,\n IPV4e_nnn_nnn_nnn_n, IPV4e_nnn_nnn_nnn_nn, IPV4e_nnn_nnn_nnn_nnn, IPV4e_nnn_nnn_nnn_nnn_,\n\n\n};\n\n\n/**\n * Applies a CIDR mask to an IPv4 address to create a begin/end address.\n */\nstatic void\n_ipv4_apply_cidr(unsigned *begin, unsigned *end, unsigned bitcount)\n{\n unsigned long long mask = 0xFFFFFFFF00000000ULL >> bitcount;\n \n /* mask off low-order bits */\n *begin &= (unsigned)mask;\n\n /* Set all suffix bits to 1, so that 192.168.1.0/24 has\n * an ending address of 192.168.1.255. */\n *end = *begin | (unsigned)~mask;\n}\n\n/**\n * Given an address 'being' and a 'prefix', return the 'begin' and 'end' address of the range.\n * @param begin\n * An in/out parameter. This may have some extra bits somewhere in the range.\n * These will be masked off and set to zero when the function returns.\n * @param end\n * An out parameter. This will be set to the last address of the range, meaning\n * that all the trailing bits will be set to '1'.\n * @parame prefix\n * The number of bits of the prefix, from [0..128]. If the value is 0,\n * then the 'begin' address will be set to all zeroes and the 'end'\n * address will be set to all ones. If the value is 128,\n * the 'begin' address is unchanged and the 'end' address\n * is set to the same as 'begin'.\n */\nstatic void\n_ipv6_apply_cidr(ipv6address *begin, ipv6address *end, unsigned prefix)\n{\n ipv6address mask;\n \n /* For bad prefixes, make sure we return an invalid address */\n if (prefix > 128) {\n static const ipv6address invalid = {~0ULL, ~0ULL};\n *begin = invalid;\n *end = invalid;\n return;\n };\n\n /* Create the mask from the prefix */\n if (prefix > 64)\n mask.hi = ~0ULL;\n else if (prefix == 0)\n mask.hi = 0;\n else\n mask.hi = ~0ULL << (64 - prefix);\n \n if (prefix > 64)\n mask.lo = ~0ULL << (128 - prefix);\n else\n mask.lo = 0;\n\n /* Mask off any non-zero bits from the start\n * TODO print warning */\n begin->hi &= mask.hi;\n begin->lo &= mask.lo;\n \n /* Set all suffix bits to 1, so that 192.168.1.0/24 has\n * an ending address of 192.168.1.255. */\n end->hi = begin->hi | ~mask.hi;\n end->lo = begin->lo | ~mask.lo;\n}\n\n/***************************************************************************\n * Parse the next IPv4/IPv6 address from a text stream, using a\n * 'state-machine parser'.\n ***************************************************************************/\nstatic enum {Still_Working, Found_Error, Found_IPv4, Found_IPv6}\n_parser_next(struct massip_parser *p, const char *buf, size_t *r_offset, size_t length,\n unsigned *r_begin, unsigned *r_end)\n{ \n size_t i;\n enum parser_state_t state = p->state;\n int result = Still_Working;\n\n /* The 'offset' parameter is optional. If NULL, then set it to zero */\n if (r_offset)\n i = *r_offset;\n else\n i = 0;\n\n /* For all bytes in this chunk. This loop will exit early once\n * we've found a complete IP address. */\n while (i < length) {\n unsigned char c = buf[i++];\n\n p->char_number++;\n switch (state) {\n case LINE_START:\n case ADDR_START:\n _init_next_address(p, 0);\n switch (c) {\n case ' ': case '\\t': case '\\r':\n /* ignore leading whitespace */\n continue;\n case '\\n':\n p->line_number++;\n p->char_number = 0;\n continue;\n case '#': case ';': case '/': case '-':\n state = COMMENT;\n continue;\n \n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n p->tmp = (c - '0');\n p->digit_count = 1;\n state = NUMBER0;\n break;\n case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':\n p->tmp = (c - 'a' + 10);\n p->digit_count = 1;\n state = IPV6_BEGIN;\n break;\n case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':\n p->tmp = (c - 'A' + 10);\n p->digit_count = 1;\n state = IPV6_BEGIN;\n break;\n case ':':\n p->ipv6.tmp[p->ipv6.index++] = 0;\n state = IPV6_COLON;\n break;\n case '[':\n p->ipv6.is_bracket = 1;\n state = IPV6_BEGIN;\n break;\n default:\n state = ERROR;\n length = i; /* break out of loop */\n break;\n }\n break;\n case IPV6_CIDR:\n p->digit_count = 0;\n p->tmp = 0;\n switch (c) {\n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n p->tmp = (c - '0');\n p->digit_count = 1;\n state = IPV6_CIDR_NUM;\n break;\n default:\n state = ERROR;\n length = i; /* break out of loop */\n break;\n }\n break;\n \n case IPV6_COLON:\n p->digit_count = 0;\n p->tmp = 0;\n if (c == ':') {\n if (p->ipv6.ellision_index < 8) {\n state = ERROR;\n length = i;\n } else {\n p->ipv6.ellision_index = p->ipv6.index;\n state = IPV6_COLON;\n }\n break;\n }\n state = IPV6_BEGIN;\n\n /* drop down */\n case IPV6_BEGIN:\n case IPV6_NEXT:\n switch (c) {\n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n if (p->digit_count >= 4) {\n state = ERROR;\n length = i;\n } else {\n p->tmp = p->tmp * 16 + (c - '0');\n p->digit_count++;\n }\n break;\n case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':\n if (p->digit_count >= 4) {\n state = ERROR;\n length = i;\n } else {\n p->tmp = p->tmp * 16 + (c - 'a' + 10);\n p->digit_count++;\n }\n break;\n case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':\n if (p->digit_count >= 4) {\n state = ERROR;\n length = i;\n } else {\n p->tmp = p->tmp * 16 + (c - 'A' + 10);\n p->digit_count++;\n }\n break;\n case ':':\n if (p->ipv6.index >= 8) {\n state = ERROR;\n length = i;\n } else {\n p->ipv6.tmp[p->ipv6.index++] = (unsigned short)p->tmp;\n state = IPV6_COLON;\n }\n break;\n case ']':\n if (!p->ipv6.is_bracket) {\n state = ERROR;\n length = i;\n } else {\n state = IPV6_END;\n }\n break;\n case '[':\n if (p->ipv6.is_bracket) {\n state = ERROR;\n length = i;\n } else {\n p->ipv6.is_bracket = 1;\n }\n break;\n case '/':\n case ' ':\n case '\\t':\n case '\\r':\n case '\\n':\n case ',':\n case '-':\n i--; /* push back */\n state = IPV6_END;\n continue;\n default:\n state = ERROR;\n length = i;\n break;\n }\n break;\n\n case IPV6_END:\n /* Finish off the trailing number */\n p->ipv6.tmp[p->ipv6.index++] = (unsigned short)p->tmp;\n\n /* Do the final processing of this IPv6 address and\n * prepare for the next one */\n if (_parser_finish_ipv6(p) != 0) {\n state = ERROR;\n length = i;\n continue;\n }\n\n /* Now decide the next state, whether this is a single\n * address, an address range, or a CIDR address */\n switch (c) {\n case '/':\n result = Still_Working;\n state = IPV6_CIDR;\n break;\n case '-':\n result = Still_Working;\n state = IPV6_NEXT;\n break;\n case '\\n':\n p->line_number++;\n p->char_number = 0;\n /* drop down */\n case ' ':\n case '\\t':\n case '\\r':\n case ',':\n result = Found_IPv6;\n state = 0;\n length = i; /* shorten the end to break out of loop */\n break;\n default:\n state = ERROR;\n length = i;\n break;\n }\n break;\n case COMMENT:\n if (c == '\\n') {\n state = LINE_START;\n p->line_number++;\n p->char_number = 0;\n } else\n state = COMMENT;\n break;\n case IPV6_CIDR_NUM:\n switch (c) {\n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n if (p->digit_count == 4) {\n state = ERROR;\n length = i; /* break out of loop */\n } else {\n p->digit_count++;\n p->tmp = p->tmp * 10 + (c - '0');\n if (p->tmp > 128) {\n state = ERROR;\n length = i;\n }\n continue;\n }\n break;\n case ':':\n case ',':\n case ' ':\n case '\\t':\n case '\\r':\n case '\\n':\n {\n _ipv6_apply_cidr(&p->ipv6._begin, &p->ipv6._end, p->tmp);\n\n state = ADDR_START;\n length = i; /* break out of loop */\n if (c == '\\n') {\n p->line_number++;\n p->char_number = 0;\n }\n *r_begin = p->begin;\n *r_end = p->end;\n result = Found_IPv6;\n }\n break;\n default:\n state = ERROR;\n length = i; /* break out of loop */\n break;\n }\n break;\n case IPV4_CIDR_NUM:\n switch (c) {\n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n if (p->digit_count == 3) {\n state = ERROR;\n length = i; /* break out of loop */\n } else {\n p->digit_count++;\n p->tmp = p->tmp * 10 + (c - '0');\n if (p->tmp > 32) {\n state = ERROR;\n length = i;\n }\n continue;\n }\n break;\n case ':':\n case ',':\n case ' ':\n case '\\t':\n case '\\r':\n case '\\n':\n {\n _ipv4_apply_cidr(&p->begin, &p->end, p->tmp);\n state = ADDR_START;\n length = i; /* break out of loop */\n if (c == '\\n') {\n p->line_number++;\n p->char_number = 0;\n }\n *r_begin = p->begin;\n *r_end = p->end;\n result = Found_IPv4;\n }\n break;\n default:\n state = ERROR;\n length = i; /* break out of loop */\n break;\n }\n break;\n\n case UNIDASH1:\n if (c == 0x80)\n state = UNIDASH2;\n else {\n state = ERROR;\n length = i; /* break out of loop */\n }\n break;\n case UNIDASH2:\n /* This covers:\n * U+2010 HYPHEN\n * U+2011 NON-BREAKING HYPHEN\n * U+2012 FIGURE DASH\n * U+2013 EN DASH\n * U+2014 EM DASH\n * U+2015 HORIZONTAL BAR\n */\n if (c < 0x90 || 0x95 < c) {\n state = ERROR;\n length = i; /* break out of loop */\n } else {\n c = '-';\n state = NUMBER3;\n /* drop down */\n }\n\n\n case NUMBER0:\n case NUMBER1:\n case NUMBER2:\n case NUMBER3:\n case SECOND0:\n case SECOND1:\n case SECOND2:\n case SECOND3:\n switch (c) {\n case '.':\n p->addr = (p->addr << 8) | p->tmp;\n p->tmp = 0;\n p->digit_count = 0;\n if (state == NUMBER3 || state == SECOND3) {\n length = i;\n state = ERROR;\n } else\n state++;\n break;\n case '0': case '1': case '2': case '3': case '4':\n case '5': case '6': case '7': case '8': case '9':\n p->digit_count++;\n p->tmp = p->tmp * 10 + (c - '0');\n if (p->tmp > 255 || p->digit_count > 3) {\n if (state == NUMBER0) {\n /* Assume that we've actually got an\n * IPv6 number */\n _switch_to_ipv6(p, state);\n state = IPV6_BEGIN;\n } else {\n state = ERROR;\n length = i;\n }\n }\n continue;\n break;\n case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':\n case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':\n if (state == NUMBER0 || state == SECOND0) {\n /* Assume that we've actually got an\n * IPv6 number */\n _switch_to_ipv6(p, state);\n state = IPV6_BEGIN;\n i--; /* go back one character */\n } else {\n state = ERROR;\n length = i; /* break out of loop */\n }\n break;\n case 0xe2:\n if (state == NUMBER3) {\n state = UNIDASH1;\n } else {\n state = ERROR;\n length = i; /* break out of loop */\n }\n break;\n case '-':\n case 0x96: /* long dash, comes from copy/pasting into exclude files */\n if (state == NUMBER3) {\n p->begin = (p->addr << 8) | p->tmp;\n p->tmp = 0;\n p->digit_count = 0;\n p->addr = 0;\n state = SECOND0;\n } else {\n state = NUMBER_ERR;\n length = i;\n }\n break;\n case '/':\n if (state == NUMBER3) {\n p->begin = (p->addr << 8) | p->tmp;\n p->tmp = 0;\n p->digit_count = 0;\n p->addr = 0;\n state = IPV4_CIDR_NUM;\n } else {\n state = NUMBER_ERR;\n length = i; /* break out of loop */\n }\n break;\n case ':':\n if (state == NUMBER0) {\n /* Assume this is an IPv6 address instead of an IPv4 address */\n _switch_to_ipv6(p, state);\n state = IPV6_BEGIN;\n i--;\n break;\n }\n case ',':\n case ' ':\n case '\\t':\n case '\\r':\n case '\\n':\n if (state == NUMBER3) {\n p->begin = (p->addr << 8) | p->tmp;\n p->end = p->begin;\n p->tmp = 0;\n p->digit_count = 0;\n p->addr = 0;\n state = ADDR_START;\n length = i; /* break out of loop */\n if (c == '\\n') {\n p->line_number++;\n p->char_number = 0;\n }\n *r_begin = p->begin;\n *r_end = p->end;\n result = Found_IPv4;\n } else if (state == SECOND3) {\n p->end = (p->addr << 8) | p->tmp;\n p->tmp = 0;\n p->digit_count = 0;\n p->addr = 0;\n state = ADDR_START;\n length = i; /* break out of loop */\n if (c == '\\n') {\n p->line_number++;\n p->char_number = 0;\n }\n *r_begin = p->begin;\n *r_end = p->end;\n result = Found_IPv4;\n } else {\n state = NUMBER_ERR;\n length = i;\n }\n break;\n default:\n state = ERROR;\n length = i; /* break out of loop */\n break;\n }\n break;\n \n default:\n case ERROR:\n case NUMBER_ERR:\n case SECOND_ERR:\n state = ERROR;\n length = i; /* break */\n break;\n }\n }\n\n /* The 'offset' parameter is optional. If NULL, then \n * we don't return a value */\n if (r_offset)\n *r_offset = i;\n\n p->state = state;\n if (state == ERROR || state == NUMBER_ERR || state == SECOND_ERR)\n result = Found_Error;\n return result;\n}\n\n\n/***************************************************************************\n * Test errors. We should get exactly which line-number and which character\n * in the line caused the error\n ***************************************************************************/\nstatic int\nrangefile_test_error(const char *buf, unsigned long long in_line_number, unsigned long long in_char_number, unsigned which_test)\n{\n size_t length = strlen(buf);\n size_t offset = 0;\n struct massip_parser p[1];\n unsigned out_begin = 0xa3a3a3a3;\n unsigned out_end = 0xa3a3a3a3;\n unsigned long long out_line_number;\n unsigned long long out_char_number;\n int x;\n\n /* test the entire buffer */\n _parser_init(p);\n x = _parser_next(p, buf, &offset, length, &out_begin, &out_end);\n if (x != Found_Error)\n goto fail;\n _parser_err(p, &out_line_number, &out_char_number);\n if (in_line_number != out_line_number || in_char_number != out_char_number)\n goto fail;\n\n /* test one byte at a time */\n _parser_destroy(p);\n _parser_init(p);\n offset = 0;\n out_begin = 0xa3a3a3a3;\n out_end = 0xa3a3a3a3;\n \n x = 0;\n while (offset < length) {\n x = _parser_next(p, buf, &offset, offset+1, &out_begin, &out_end);\n if (x == Found_Error)\n break;\n }\n if (x != Found_Error)\n goto fail;\n _parser_err(p, &out_line_number, &out_char_number);\n\n if (in_line_number != out_line_number || in_char_number != out_char_number)\n goto fail;\n\n _parser_destroy(p);\n return 0;\nfail:\n _parser_destroy(p);\n fprintf(stderr, \"[-] rangefile test fail, line=%u\\n\", which_test);\n return 1;\n}\n\n/***************************************************************************\n ***************************************************************************/\nint\nmassip_parse_file(struct MassIP *massip, const char *filename)\n{\n struct RangeList *targets_ipv4 = &massip->ipv4;\n struct Range6List *targets_ipv6 = &massip->ipv6;\n struct massip_parser p[1];\n char buf[65536];\n FILE *fp = NULL;\n bool is_error = false;\n unsigned addr_count = 0;\n unsigned long long line_number, char_number;\n\n /* Kludge: should never happen, should fix this when reading in\n * config, not this deep in the code. */\n if (filename == 0 || filename[0] == '\\0') {\n fprintf(stderr, \"[-] missing filename for ranges\\n\");\n exit(1);\n }\n\n /*\n * Open the file containing IP addresses, which can potentially be\n * many megabytes in size\n */\n if (strcmp(filename, \"-\") == 0) {\n fp = stdin;\n } else {\n fp = fopen(filename, \"rb\");\n if (fp == NULL) {\n fprintf(stderr, \"[-] FAIL: parsing IP addresses\\n\");\n fprintf(stderr, \"[-] %s: %s\\n\", filename, strerror(errno));\n exit(1);\n }\n }\n\n /*\n * Create a parser for reading in the IP addresses using a state\n * machine parser\n */\n _parser_init(p);\n\n /*\n * Read in the data a block at a time, parsing according to the state\n * machine.\n */\n while (!is_error) {\n size_t count;\n size_t offset;\n\n count = fread(buf, 1, sizeof(buf), fp);\n if (count <= 0)\n break;\n\n offset = 0;\n while (offset < count) {\n unsigned begin, end;\n int err;\n\n err = _parser_next(p, buf, &offset, count, &begin, &end);\n switch (err) {\n case Still_Working:\n if (offset < count) {\n /* We reached this somehow in the middle of the buffer, but\n * this return is only possible at the end of the buffer */\n fprintf(stderr, \"[-] rangeparse_next(): unknown coding failure\\n\");\n }\n break;\n case Found_Error:\n default:\n _parser_err(p, &line_number, &char_number);\n fprintf(stderr, \"[-] %s:%llu:%llu: invalid IP address on line #%llu\\n\", filename, line_number, char_number, line_number);\n is_error = true;\n count = offset;\n break;\n case Found_IPv4:\n rangelist_add_range(targets_ipv4, begin, end);\n addr_count++;\n break;\n case Found_IPv6:\n {\n ipv6address found_begin, found_end;\n _parser_get_ipv6(p, &found_begin, &found_end);\n range6list_add_range(targets_ipv6, found_begin, found_end);\n addr_count++;\n }\n break;\n }\n }\n }\n \n /* Close the file, unless we are reading from */\n if (fp != stdin && fp != NULL)\n fclose(fp);\n\n /* In case the file doesn't end with a newline '\\n', then artificially\n * add one to the end. This is just a repeat of the code above */\n if (!is_error) {\n size_t offset = 0;\n unsigned begin, end;\n int err;\n err = _parser_next(p, \"\\n\", &offset, 1, &begin, &end);\n switch (err) {\n case Still_Working:\n break;\n case Found_Error:\n default:\n _parser_err(p, &line_number, &char_number);\n fprintf(stderr, \"[-] %s:%llu:%llu: invalid IP address on line #%llu\\n\", filename, line_number, char_number, line_number);\n is_error = true;\n break;\n case Found_IPv4:\n rangelist_add_range(targets_ipv4, begin, end);\n addr_count++;\n break;\n case Found_IPv6:\n {\n ipv6address found_begin, found_end;\n _parser_get_ipv6(p, &found_begin, &found_end);\n range6list_add_range(targets_ipv6, found_begin, found_end);\n addr_count++;\n }\n break;\n }\n }\n\n LOG(1, \"[+] %s: %u addresses read\\n\", filename, addr_count);\n\n /* Target list must be sorted every time it's been changed, \n * before it can be used */\n rangelist_sort(targets_ipv4);\n\n if (is_error)\n return -1; /* fail */\n else\n return 0; /* success*/\n}\n\n\nipv6address\nmassip_parse_ipv6(const char *line)\n{\n struct massip_parser p[1];\n size_t count = strlen(line);\n size_t offset = 0;\n int err;\n unsigned begin, end;\n ipv6address result;\n ipv6address range;\n\n _parser_init(p);\n err = _parser_next(p, line, &offset, count, &begin, &end);\nagain:\n switch (err) {\n case Still_Working:\n if (offset < count) {\n /* We reached this somehow in the middle of the buffer, but\n * this return is only possible at the end of the buffer */\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n goto fail;\n } else {\n err = _parser_next(p, \"\\n\", 0, 1, &begin, &end);\n if (err == Still_Working) {\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n goto fail;\n } else {\n goto again;\n }\n }\n break;\n case Found_Error:\n default:\n goto fail;\n case Found_IPv4:\n goto fail;\n case Found_IPv6:\n _parser_get_ipv6(p, &result, &range);\n if (!ipv6address_is_equal(result, range))\n goto fail;\n return result;\n }\nfail:\n result.hi = ~0ULL;\n result.lo = ~0ULL;\n return result;\n}\n\nunsigned\nmassip_parse_ipv4(const char *line)\n{\n struct massip_parser p[1];\n size_t count = strlen(line);\n size_t offset = 0;\n int err;\n unsigned begin, end;\n\n\n _parser_init(p);\n err = _parser_next(p, line, &offset, count, &begin, &end);\nagain:\n switch (err) {\n case Still_Working:\n if (offset < count) {\n /* We reached this somehow in the middle of the buffer, but\n * this return is only possible at the end of the buffer */\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n goto fail;\n } else {\n err = _parser_next(p, \"\\n\", 0, 1, &begin, &end);\n if (err == Still_Working) {\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n goto fail;\n } else {\n goto again;\n }\n }\n break;\n case Found_Error:\n default:\n goto fail;\n case Found_IPv6:\n goto fail;\n case Found_IPv4:\n if (begin != end)\n goto fail;\n return begin;\n }\nfail:\n return 0xFFFFFFFF;\n}\n\nenum RangeParseResult\nmassip_parse_range(const char *line, size_t *offset, size_t count, struct Range *ipv4, struct Range6 *ipv6)\n{\n struct massip_parser p[1];\n int err;\n unsigned begin, end;\n size_t tmp_offset = 0;\n \n /* The 'count' (length of the string) is an optional parameter. If\n * zero, and also the offset is NULL, then set it to the string length */\n if (count == 0 && offset == NULL)\n count = strlen(line);\n\n /* The offset is an optional parameter. If NULL, then we set\n * it to point to a value on the stack instead */\n if (offset == NULL)\n offset = &tmp_offset;\n \n /* Create e parser object */\n _parser_init(p);\n\n /* Parse the next range from the input */\n err = _parser_next(p, line, offset, count, &begin, &end);\nagain:\n switch (err) {\n case Still_Working:\n if (*offset < count) {\n /* We reached this somehow in the middle of the buffer, but\n * this return is only possible at the end of the buffer */\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n return Bad_Address;\n } else {\n err = _parser_next(p, \"\\n\", 0, 1, &begin, &end);\n if (err == Still_Working) {\n fprintf(stderr, \"[-] _parser_next(): unknown coding failure\\n\");\n return Bad_Address;\n } else {\n goto again;\n }\n }\n break;\n case Found_Error:\n default:\n return Bad_Address;\n case Found_IPv4:\n ipv4->begin = begin;\n ipv4->end = end;\n return Ipv4_Address;\n case Found_IPv6:\n _parser_get_ipv6(p, &ipv6->begin, &ipv6->end);\n return Ipv6_Address;\n }\n}\n\n/**\n * This tests parsing when addresses/ranges are specified on the command-line\n * or configuration files, rather than the other test-cases which test parsing\n * when the IP addresses are specified in a file. The thing we are looking for\n * here is specifically when users separate addresses with things like\n * commas and spaces.\n */\nstatic int\nselftest_massip_parse_range(void)\n{\n struct testcases {\n const char *line;\n union {\n struct Range ipv4;\n struct Range6 ipv6;\n } list[4];\n } cases[] = {\n {\"0.0.1.0/24,0.0.3.0-0.0.4.0\", {{{0x100,0x1ff}}, {{0x300,0x400}}}},\n {\"0.0.1.0-0.0.1.255,0.0.3.0-0.0.4.0\", {{{0x100,0x1ff}}, {{0x300,0x400}}}},\n {\"0.0.1.0/24 0.0.3.0-0.0.4.0\", {{{0x100,0x1ff}}, {{0x300,0x400}}}},\n {0}\n };\n size_t i;\n \n for (i=0; cases[i].line; i++) {\n size_t length = strlen(cases[i].line);\n size_t offset = 0;\n size_t j = 0;\n struct Range6 range6;\n struct Range range4;\n \n while (offset < length) {\n int x;\n x = massip_parse_range(cases[i].line, &offset, length, &range4, &range6);\n switch (x) {\n default:\n case Bad_Address:\n fprintf(stdout, \"[-] selftest_massip_parse_range[%u] fail\\n\", (unsigned)i);\n return 1;\n case Ipv4_Address:\n if (cases[i].list[j].ipv4.begin != range4.begin\n || cases[i].list[j].ipv4.end != range4.end) {\n fprintf(stdout, \"[-] %u.%u.%u.%u - %u.%u.%u.%u\\n\",\n (unsigned char)(range4.begin>>24),\n (unsigned char)(range4.begin>>16),\n (unsigned char)(range4.begin>> 8),\n (unsigned char)(range4.begin>> 0),\n (unsigned char)(range4.end>>24),\n (unsigned char)(range4.end>>16),\n (unsigned char)(range4.end>> 8),\n (unsigned char)(range4.end>> 0)\n );\n fprintf(stdout, \"[-] selftest_massip_parse_range[%u] fail\\n\", (unsigned)i);\n return 1;\n }\n break;\n }\n j++;\n }\n \n /* Make sure we have found all the expected cases */\n if (cases[i].list[j].ipv4.begin != 0) {\n fprintf(stdout, \"[-] selftest_massip_parse_range[%u] fail\\n\", (unsigned)i);\n return 1;\n }\n }\n return 0;\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nstatic int\nrangefile6_test_buffer(struct massip_parser *parser,\n const char *buf,\n ipv6address expected_begin,\n ipv6address expected_end)\n{\n size_t length = strlen(buf);\n size_t offset = 0;\n ipv6address found_begin = {1,2};\n ipv6address found_end = {1,2};\n unsigned tmp1, tmp2;\n int err;\n \n /* test the entire buffer */\n err = _parser_next(parser, buf, &offset, length, &tmp1, &tmp2);\n if (err == Still_Working)\n err = _parser_next(parser, \"\\n\", 0, 1, &tmp1, &tmp2);\n switch (err) {\n case Found_IPv6:\n /* Extract the resulting IPv6 address from the state structure */\n _parser_get_ipv6(parser, &found_begin, &found_end);\n \n /* Test to see if the parsed address equals the expected address */\n if (!ipv6address_is_equal(found_begin, expected_begin)) {\n ipaddress_formatted_t fmt1 = ipv6address_fmt(found_begin);\n ipaddress_formatted_t fmt2 = ipv6address_fmt(expected_begin);\n fprintf(stderr, \"[-] begin mismatch: found=[%s], expected=[%s]\\n\", fmt1.string, fmt2.string);\n goto fail;\n }\n if (!ipv6address_is_equal(found_end, expected_end)) {\n ipaddress_formatted_t fmt1 = ipv6address_fmt(found_end);\n ipaddress_formatted_t fmt2 = ipv6address_fmt(expected_end);\n fprintf(stderr, \"[-] end mismatch: found=[%s], expected=[%s]\\n\", fmt1.string, fmt2.string);\n goto fail;\n }\n break;\n case Found_IPv4:\n if (expected_begin.hi != 0 || expected_end.hi != 0)\n goto fail;\n if (tmp1 != expected_begin.lo || tmp2 != expected_end.lo)\n goto fail;\n break;\n case Still_Working:\n /* Found a partial address, which is a normal result in the \n * real world at buffer boundaries, but which is an error\n * here */\n goto fail;\n case Found_Error:\n default:\n goto fail;\n }\n\n return 0; /* success */\nfail:\n return 1; /* failure */\n}\n\n/***************************************************************************\n * List of test cases. Each test case contains three parts:\n * - the string representation of an address, as read from a file, meaning\n * that it can contain additional things like comment strings\n * - the first address of a range, which in the case of IPv6 addresses\n * will be two 64-bit numbers, but an IPv4 address have a high-order\n * number set to zero and the low-order number set to the IPv4 address\n * - the second address of a range, which in the case of individual\n * addresses, will be equal to the first number\n ***************************************************************************/\nstruct {\n const char *string;\n ipv6address begin;\n ipv6address end;\n} test_cases[] = {\n {\"[1::1]/126\", {0x0001000000000000ULL, 0ULL}, {0x0001000000000000ULL, 3ULL}},\n {\"1::1/126\", {0x0001000000000000ULL, 0ULL}, {0x0001000000000000ULL, 3ULL}},\n {\"[1::1]-[2::3]\", {0x0001000000000000ULL, 1ULL}, {0x0002000000000000ULL, 3ULL}},\n {\"1::1-2::3\", {0x0001000000000000ULL, 1ULL}, {0x0002000000000000ULL, 3ULL}},\n {\"[1234:5678:9abc:def0:0fed:cba9:8765:4321]\", {0x123456789abcdef0ULL, 0x0fedcba987654321ULL}, {0x123456789abcdef0ULL, 0x0fedcba987654321ULL}},\n {\"22ab::1\", {0x22ab000000000000ULL, 1ULL}, {0x22ab000000000000ULL, 1ULL}},\n {\"240e:33c:2:c080:d08:d0e:b53:e74e\", {0x240e033c0002c080ULL, 0x0d080d0e0b53e74eULL}, {0x240e033c0002c080ULL, 0x0d080d0e0b53e74eULL}},\n {\"2a03:90c0:105::9\", {0x2a0390c001050000ULL, 9ULL}, {0x2a0390c001050000ULL, 9ULL}},\n {\"2a03:9060:0:400::2\", {0x2a03906000000400ULL, 2ULL}, {0x2a03906000000400ULL, 2ULL}},\n {\"2c0f:ff00:0:a:face:b00c:0:a7\", {0x2c0fff000000000aULL, 0xfaceb00c000000a7ULL}, {0x2c0fff000000000aULL, 0xfaceb00c000000a7ULL}},\n {\"2a01:5b40:0:4a01:0:e21d:789f:59b1\", {0x2a015b4000004a01ULL, 0x0000e21d789f59b1ULL}, {0x2a015b4000004a01ULL, 0x0000e21d789f59b1ULL}},\n {\"2001:1200:10::1\", {0x2001120000100000ULL, 1ULL}, {0x2001120000100000ULL, 1ULL}},\n {\"fec0:0:0:ffff::1\", {0xfec000000000ffffULL, 1ULL}, {0xfec000000000ffffULL, 1ULL}},\n {\"1234:5678:9abc:def0:0fed:cba9:8765:4321\", {0x123456789abcdef0ULL, 0x0fedcba987654321ULL}, {0x123456789abcdef0ULL, 0x0fedcba987654321ULL}},\n {\"[1111:2222:3333:4444:5555:6666:7777:8888]\", {0x1111222233334444ULL, 0x5555666677778888ULL}, {0x1111222233334444ULL, 0x5555666677778888ULL}},\n {\"1::1\", {0x0001000000000000ULL, 1ULL}, {0x0001000000000000ULL, 1ULL}},\n {\"1.2.3.4\", {0, 0x01020304}, {0, 0x01020304}},\n {\"#test\\n 97.86.162.161\" \"\\x96\" \"97.86.162.175\\n\", {0, 0x6156a2a1}, {0, 0x6156a2af}},\n {\"1.2.3.4/24\\n\", {0, 0x01020300}, {0, 0x010203ff}},\n {\" 1.2.3.4-1.2.3.5\\n\", {0, 0x01020304}, {0, 0x01020305}},\n {0,{0,0},{0,0}}\n};\n\n/***************************************************************************\n * Called during \"make test\" to run a regression test over this module.\n ***************************************************************************/\nint\nmassip_parse_selftest(void)\n{\n int x = 0;\n size_t i;\n struct massip_parser parser[1];\n\n \n /* Run through the test cases, stopping at the first failure */\n _parser_init(parser);\n for (i=0; test_cases[i].string; i++) {\n x += rangefile6_test_buffer(parser,\n test_cases[i].string, \n test_cases[i].begin,\n test_cases[i].end);\n if (x) {\n fprintf(stderr, \"[-] failed: %u: %s\\n\", (unsigned)i, test_cases[i].string);\n break;\n }\n }\n _parser_destroy(parser);\n\n \n /* First, do the single line test */\n x += selftest_massip_parse_range();\n if (x)\n return x;\n \n\n x += rangefile_test_error(\"#bad ipv4\\n 257.1.1.1\\n\", 2, 5, __LINE__);\n x += rangefile_test_error(\"#bad ipv4\\n 1.257.1.1.1\\n\", 2, 6, __LINE__);\n x += rangefile_test_error(\"#bad ipv4\\n 1.10.257.1.1.1\\n\", 2, 9, __LINE__);\n x += rangefile_test_error(\"#bad ipv4\\n 1.10.255.256.1.1.1\\n\", 2, 13, __LINE__);\n x += rangefile_test_error(\"#bad ipv4\\n 1.1.1.1.1\\n\", 2, 9, __LINE__);\n\n if (x)\n LOG(0, \"[-] rangefile_selftest: fail\\n\");\n return x;\n}\n\n"
},
{
"path": "src/massip-parse.h",
"content": "/*\n massip-parse\n\n This module parses IPv4 and IPv6 addresses.\n\n It's not a typical parser. It's optimized around parsing large\n files containing millions of addresses and ranges using a \n \"state-machine parser\".\n*/\n#ifndef MASSIP_PARSE_H\n#define MASSIP_PARSE_H\n#include \"massip-addr.h\"\n\nstruct MassIP;\nstruct Range;\nstruct Range6;\n\n/**\n * Parse a file, extracting all the IPv4 and IPv6 addresses and ranges.\n * This is optimized for speed, handling millions of entries in under\n * a second. This is especially tuned for IPv6 addresses, as while IPv4\n * scanning is mostly done with target rnages, IPv6 scanning is mostly\n * done with huge lists of target addresses.\n * @param filename\n * The name of the file that we'll open, parse, and close.\n * @param targets_ipv4\n * The list of IPv4 targets that we append any IPv4 addresses to.\n * @param targets_ipv6\n * The list of IPv6 targets that we append any IPv6 addresses/ranges to.\n * @return \n 0 on success, any other number on failure.\n */\nint\nmassip_parse_file(struct MassIP *massip, const char *filename);\n\n\nenum RangeParseResult {\n Bad_Address,\n Ipv4_Address=4,\n Ipv6_Address=6,\n};\n\n/**\n * Parse the next IPv4/IPv6 range from a string. This is called\n * when parsing strings from the command-line.\n */\nenum RangeParseResult\nmassip_parse_range(const char *line, size_t *inout_offset, size_t max, struct Range *ipv4, struct Range6 *ipv6);\n\n\n\n/**\n * Parse a single IPv6 address. This is called when working with\n * the operating system stack, when querying addresses from\n * the local network adapters.\n */\nipv6address_t\nmassip_parse_ipv6(const char *buf);\n\nipv4address_t\nmassip_parse_ipv4(const char *buf);\n\n\n/**\n * Do a simplistic unit test of the parser.\n * @return 0 on success, 1 on failure\n */\nint\nmassip_parse_selftest(void);\n\n#endif\n\n"
},
{
"path": "src/massip-port.h",
"content": "#ifndef MASSIP_PORT_H\n#define MASSIP_PORT_H\n\n/*\n * Ports are 16-bit numbers ([0..65535], but different\n * transports (TCP, UDP, SCTP) are distinct port ranges. Thus, we\n * instead of three 64k ranges we could instead treat this internally\n * as a 192k port range. We can expand this range to include other\n * things we scan for, such as ICMP pings or ARP requests.\n */\nenum {\n Templ_TCP = 0,\n Templ_TCP_last = 65535,\n Templ_UDP = 65536,\n Templ_UDP_last = 65536 + 65535,\n Templ_SCTP = 65536*2,\n Templ_SCTP_last = 65536*2 + 65535,\n Templ_ICMP_echo = 65536*3+0,\n Templ_ICMP_timestamp = 65536*3+1,\n Templ_ARP = 65536*3+2,\n Templ_Oproto_first = 65536*3 + 256,\n Templ_Oproto_last = 65536*3 + 256 + 255,\n Templ_VulnCheck = 65536*4,\n \n};\n\n#endif\n"
},
{
"path": "src/massip-rangesv4.c",
"content": "/*\n IPv4 and port ranges\n \n This is one of the more integral concepts to how masscan works internally.\n We combine all the input addresses and address ranges into a sorted list\n of 'target' IP addresses. This allows us to enumerate all the addresses\n in order by incrementing a simple index. It is that index that we randomize\n in order to produce random output, but internally, everything is sorted.\n \n Sorting the list allows us to remove duplicates. It also allows us to\n apply the 'excludes' directly to the input list. In other words, other\n scanners typically work by selecting an IP address at random, then checking\n to see if it's been excluded, then skipping it. In this scanner, however,\n we remove all the excluded address from the targets list before we start\n scanning.\n \n This module has been tuned to support mass lists of millions of target\n IPv4 addresses and excludes. This has required:\n - a fast way to parse the address from a file (see range-file.c)\n - fast sort (just using qsort() from the standard C library)\n - fast application of exludes, using an optimal O(n + m) linear\n algorithm, where 'n' is the number of targets, and 'm' is the\n number of excluded ranges.\n Large lists can still take a bit to process. On a fast server with\n 7-million input ranges/addresses and 5000 exclude ranges/addresses,\n it takes almost 3 seconds to process everything before starting.\n \n*/\n#include \"massip-rangesv4.h\"\n#include \"massip-port.h\"\n#include \"util-logger.h\"\n#include \"util-bool.h\"\n#include \"util-malloc.h\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n\n#ifdef _MSC_VER\n#pragma warning(disable:4204)\n#endif\n\n#define BUCKET_COUNT 16\n\n#define REGRESS(x) if (!(x)) return (fprintf(stderr, \"regression failed %s:%d\\n\", __FILE__, __LINE__)|1)\n\n/* An invalid range, where begin comes after the end */\nstatic struct Range INVALID_RANGE = {2,1};\n\n/***************************************************************************\n * Does a linear search to see if the list contains the address/port.\n * FIXME: This should be upgraded to a binary search. However, we don't\n * really use it in any performance critical code, so it's okay\n * as a linear search.\n ***************************************************************************/\nint\nrangelist_is_contains(const struct RangeList *targets, unsigned addr)\n{\n unsigned i;\n for (i=0; icount; i++) {\n struct Range *range = &targets->list[i];\n\n if (range->begin <= addr && addr <= range->end)\n return 1;\n }\n return 0;\n}\n\n/***************************************************************************\n * Returns the first CIDR range (which can be specified with prefix bits)\n * that fits within the input range. For example, consider the range\n * [10.0.0.4->10.0.0.255]. This does't match the bigger CIDR range.\n * The first range that would fit would be [10.0.0.04/30], or\n * [10.0.0.4->10.0.0.7].\n *\n * Using this function allows us to decompose\n ***************************************************************************/\nstruct Range\nrange_first_cidr(const struct Range range, unsigned *prefix_bits) {\n struct Range result = {range.begin, range.end};\n unsigned zbits = 0;\n\n /* Kludge: Special Case:\n * All inputs work but the boundary case of [0.0.0.0/0] or\n * [0.0.0.0-255.255.255.255]. I can't be bothered to figure out\n * why the algorithm doesn't work with this range, so I'm just\n * going to special case it here*/\n if (range.begin == 0 && range.end == 0xFFFFffff) {\n if (prefix_bits != NULL)\n *prefix_bits = 0;\n return range;\n }\n\n /* Count the number of trailing/suffix zeros, which may be range\n * from none (0) to 32 (all bits are 0) */\n for (zbits = 0; zbits <= 32; zbits++) {\n if ((range.begin & (1< 0) {\n unsigned mask = ~(0xFFFFFFFF << zbits);\n\n if (range.begin + mask > range.end)\n zbits--;\n else\n break;\n }\n\n result.begin = range.begin;\n result.end = range.begin + ~(0xFFFFffff << zbits);\n if (prefix_bits != NULL)\n *prefix_bits = 32-zbits;\n\n return result;\n}\n\nbool\nrange_is_cidr(const struct Range range, unsigned *prefix_bits) {\n struct Range out = range_first_cidr(range, prefix_bits);\n if (out.begin == range.begin && out.end == range.end)\n return true;\n else {\n if (prefix_bits != NULL)\n *prefix_bits = 0xFFFFFFFF;\n return false;\n }\n}\n\n/***************************************************************************\n * Selftest for the above function.\n ***************************************************************************/\nstatic int\nselftest_range_first_cidr(void) {\n static struct {\n struct Range in;\n struct Range out;\n unsigned prefix_bits;\n } tests[] = {\n {{0x00000000, 0xffffffff}, {0x00000000, 0xffffffff}, 0},\n {{0x00000001, 0xffffffff}, {0x00000001, 0x00000001}, 32},\n {{0xffffffff, 0xffffffff}, {0xffffffff, 0xffffffff}, 32},\n {{0xfffffffe, 0xfffffffe}, {0xfffffffe, 0xfffffffe}, 32},\n {{0x0A000000, 0x0A0000Ff}, {0x0A000000, 0x0A0000ff}, 24},\n {{0x0A0000ff, 0x0A0000Ff}, {0x0A0000ff, 0x0A0000ff}, 32},\n {{0x0A000000, 0x0A0000Ff}, {0x0A000000, 0x0A0000Ff}, 24},\n {{0x0A000001, 0x0A0000Fe}, {0x0A000001, 0x0A000001}, 32},\n {{0x0A000008, 0x0A0000Fe}, {0x0A000008, 0x0A00000f}, 29},\n {{0x0A000080, 0x0A0000Fe}, {0x0A000080, 0x0A0000bf}, 26},\n {{0x0A0000c0, 0x0A0000Fe}, {0x0A0000c0, 0x0A0000df}, 27},\n {{0x0A0000c1, 0x0A0000Fe}, {0x0A0000c1, 0x0A0000c1}, 32},\n {{0x0A0000fe, 0x0A0000Fe}, {0x0A0000fe, 0x0A0000fe}, 32},\n {{0,0}, {0,0}}\n };\n size_t i;\n\n for (i=0; tests[i].in.end != 0; i++) {\n unsigned prefix_bits = 0xFFFFFFFF;\n struct Range out = range_first_cidr(tests[i].in, &prefix_bits);\n if (out.begin != tests[i].out.begin\n || out.end != tests[i].out.end\n || prefix_bits != tests[i].prefix_bits) {\n fprintf(stderr, \"[%u] 0x%08x->0x%08x /%u 0x%08x->0x%08x /%u\\n\",\n (unsigned)i,\n out.begin,\n out.end,\n prefix_bits,\n tests[i].out.begin,\n tests[i].out.end,\n tests[i].prefix_bits);\n return 1;\n }\n }\n\n return 0;\n}\n\n/***************************************************************************\n * Test if two ranges overlap.\n * FIXME: I need to change this so that it (a) doesn't trigger on invalid\n * ranges (those where begin>end) and (b) use a simpler algorithm\n ***************************************************************************/\nstatic int\nrange_is_overlap(struct Range lhs, struct Range rhs)\n{\n if (lhs.begin < rhs.begin) {\n if (lhs.end == 0xFFFFFFFF || lhs.end + 1 >= rhs.begin)\n return 1;\n }\n if (lhs.begin >= rhs.begin) {\n if (lhs.end <= rhs.end)\n return 1;\n }\n\n if (rhs.begin < lhs.begin) {\n if (rhs.end == 0xFFFFFFFF || rhs.end + 1 >= lhs.begin)\n return 1;\n }\n if (rhs.begin >= lhs.begin) {\n if (rhs.end <= lhs.end)\n return 1;\n }\n\n return 0;\n}\n\n\n/***************************************************************************\n * Combine two ranges, such as when they overlap.\n ***************************************************************************/\nstatic void\nrange_combine(struct Range *lhs, struct Range rhs)\n{\n if (lhs->begin > rhs.begin)\n lhs->begin = rhs.begin;\n if (lhs->end < rhs.end)\n lhs->end = rhs.end;\n}\n\n/***************************************************************************\n * Callback for qsort() for comparing two ranges\n ***************************************************************************/\nstatic int\nrange_compare(const void *lhs, const void *rhs)\n{\n struct Range *left = (struct Range *)lhs;\n struct Range *right = (struct Range *)rhs;\n\n if (left->begin < right->begin)\n return -1;\n else if (left->begin > right->begin)\n return 1;\n else\n return 0;\n}\n\n/***************************************************************************\n ***************************************************************************/\nstatic void\nrangelist_remove_at(struct RangeList *targets, size_t index)\n{\n memmove(&targets->list[index],\n &targets->list[index+1],\n (targets->count - index) * sizeof(targets->list[index])\n );\n targets->count--;\n}\n\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nrangelist_sort(struct RangeList *targets)\n{\n size_t i;\n struct RangeList newlist = {0};\n unsigned original_count = targets->count;\n\n /* Empty lists are, of course, sorted. We need to set this\n * to avoid an error later on in the code which asserts that\n * the lists are sorted */\n if (targets->count == 0) {\n targets->is_sorted = 1;\n return;\n }\n \n /* If it's already sorted, then skip this */\n if (targets->is_sorted) {\n return;\n }\n \n \n /* First, sort the list */\n LOG(3, \"[+] range:sort: sorting...\\n\");\n qsort( targets->list, /* the array to sort */\n targets->count, /* number of elements to sort */\n sizeof(targets->list[0]), /* size of element */\n range_compare);\n \n \n /* Second, combine all overlapping ranges. We do this by simply creating\n * a new list from a sorted list, so we don't have to remove things in the\n * middle when collapsing overlapping entries together, which is painfully\n * slow. */\n LOG(3, \"[+] range:sort: combining...\\n\");\n for (i=0; icount; i++) {\n rangelist_add_range(&newlist, targets->list[i].begin, targets->list[i].end);\n }\n \n LOG(3, \"[+] range:sort: combined from %u elements to %u elements\\n\", original_count, newlist.count);\n free(targets->list);\n targets->list = newlist.list;\n targets->count = newlist.count;\n newlist.list = 0;\n\n LOG(2, \"[+] range:sort: done...\\n\");\n\n targets->is_sorted = 1;\n}\n\n/***************************************************************************\n * Add the IPv4 range to our list of ranges.\n ***************************************************************************/\nvoid\nrangelist_add_range(struct RangeList *targets, unsigned begin, unsigned end)\n{\n struct Range range;\n\n range.begin = begin;\n range.end = end;\n\n /* auto-expand the list if necessary */\n if (targets->count + 1 >= targets->max) {\n targets->max = targets->max * 2 + 1;\n targets->list = REALLOCARRAY(targets->list, targets->max, sizeof(targets->list[0]));\n }\n\n /* If empty list, then add this one */\n if (targets->count == 0) {\n targets->list[0] = range;\n targets->count++;\n targets->is_sorted = 1;\n return;\n }\n\n /* If new range overlaps the last range in the list, then combine it\n * rather than appending it. This is an optimization for the fact that\n * we often read in sequential addresses */\n if (range_is_overlap(targets->list[targets->count - 1], range)) {\n range_combine(&targets->list[targets->count - 1], range);\n targets->is_sorted = 0;\n return;\n }\n\n /* append to the end of our list */\n targets->list[targets->count] = range;\n targets->count++;\n targets->is_sorted = 0;\n}\n\n/** Use this when adding TCP ports, to avoid the comoplication of how\n * ports are stored */\nvoid\nrangelist_add_range_tcp(struct RangeList *targets, unsigned begin, unsigned end) {\n rangelist_add_range(targets,\n Templ_TCP + begin,\n Templ_TCP + end);\n}\n\n/** Use this when adding UDP ports, to avoid the comoplication of how\n * ports are stored */\nvoid\nrangelist_add_range_udp(struct RangeList *targets, unsigned begin, unsigned end) {\n rangelist_add_range(targets,\n Templ_UDP + begin,\n Templ_UDP + end);\n}\n\n\n/***************************************************************************\n * This is the \"free\" function for the list, freeing up any memory we've\n * allocated.\n ***************************************************************************/\nvoid\nrangelist_remove_all(struct RangeList *targets)\n{\n free(targets->list);\n free(targets->picker);\n memset(targets, 0, sizeof(*targets));\n}\n\n/***************************************************************************\n ***************************************************************************/\nvoid\nrangelist_merge(struct RangeList *list1, const struct RangeList *list2)\n{\n unsigned i;\n \n for (i=0; icount; i++) {\n rangelist_add_range(list1, list2->list[i].begin, list2->list[i].end);\n }\n rangelist_sort(list1);\n}\n\n/***************************************************************************\n * This searches a range list and removes that range of IP addresses, if\n * they exist. Since the input range can overlap multiple entries, then\n * more than one entry can be removed, or truncated. Since the range\n * can be in the middle of an entry in the list, it can actually increase\n * the list size by one, as that entry is split into two entries.\n * DEPRECATED: this function is deprecated, and will be removed at some\n * point. It's only remaining in order to serve as a regression test for\n * its replacement.\n ***************************************************************************/\nstatic void\nrangelist_remove_range(struct RangeList *targets, unsigned begin, unsigned end)\n{\n unsigned i;\n struct Range x;\n\n x.begin = begin;\n x.end = end;\n\n /* See if the range overlaps any exist range already in the\n * list */\n for (i = 0; i < targets->count; i++) {\n if (!range_is_overlap(targets->list[i], x))\n continue;\n\n /* If the removal-range wholly covers the range, delete\n * it completely */\n if (begin <= targets->list[i].begin && end >= targets->list[i].end) {\n rangelist_remove_at(targets, i);\n i--;\n continue;\n }\n\n /* If the removal-range bisects the target-rage, truncate\n * the lower end and add a new high-end */\n if (begin > targets->list[i].begin && end < targets->list[i].end) {\n struct Range newrange;\n\n newrange.begin = end+1;\n newrange.end = targets->list[i].end;\n\n\n targets->list[i].end = begin-1;\n\n rangelist_add_range(targets, newrange.begin, newrange.end);\n i--;\n continue;\n }\n\n /* If overlap on the lower side */\n if (end >= targets->list[i].begin && end < targets->list[i].end) {\n targets->list[i].begin = end+1;\n }\n\n /* If overlap on the upper side */\n if (begin > targets->list[i].begin && begin <= targets->list[i].end) {\n targets->list[i].end = begin-1;\n }\n\n //assert(!\"impossible\");\n }\n}\n\nstatic void\nrangelist_add_range2(struct RangeList *targets, struct Range range)\n{\n rangelist_add_range(targets, range.begin, range.end);\n}\nstatic void\nrangelist_remove_range2(struct RangeList *targets, struct Range range)\n{\n rangelist_remove_range(targets, range.begin, range.end);\n}\n\n\n/***************************************************************************\n * Parse an IPv4 address from a line of text, moving the offset forward\n * to the first non-IPv4 character\n ***************************************************************************/\nstatic int\nparse_ipv4(const char *line, unsigned *inout_offset, unsigned max, unsigned *ipv4)\n{\n unsigned offset = *inout_offset;\n unsigned result = 0;\n unsigned i;\n\n for (i=0; i<4; i++) {\n unsigned x = 0;\n unsigned digits = 0;\n\n if (offset >= max)\n return -4;\n if (!isdigit(line[offset]&0xFF))\n return -1;\n\n /* clear leading zeros */\n while (offset < max && line[offset] == '0')\n offset++;\n\n /* parse maximum of 3 digits */\n while (offset < max && isdigit(line[offset]&0xFF)) {\n x = x * 10 + (line[offset] - '0');\n offset++;\n if (++digits > 3)\n return -2;\n }\n if (x > 255)\n return -5;\n result = result * 256 + (x & 0xFF);\n if (i == 3)\n break;\n\n if (line[offset] != '.')\n return -3;\n offset++; /* skip dot */\n }\n\n *inout_offset = offset;\n *ipv4 = result;\n\n return 0; /* parse OK */\n}\n\n\n/****************************************************************************\n * Parse from text an IPv4 address range. This can be in one of several\n * formats:\n * - '192.168.1.1\" - a single address\n * - '192.168.1.0/24\" - a CIDR spec\n * - '192.168.1.0-192.168.1.255' - a range\n * @param line\n * Part of a line of text, probably read from a commandline or conf\n * file.\n * @param inout_offset\n * On input, the offset from the start of the line where the address\n * starts. On output, the offset of the first character after the\n * range, or equal to 'max' if the line prematurely ended.\n * @param max\n * The maximum length of the line.\n * @return\n * The first and last address of the range, inclusive.\n ****************************************************************************/\nstruct Range\nrange_parse_ipv4(const char *line, unsigned *inout_offset, unsigned max)\n{\n unsigned offset;\n struct Range result;\n static const struct Range badrange = {0xFFFFFFFF, 0};\n int err;\n\n if (line == NULL)\n return badrange;\n\n if (inout_offset == NULL) {\n inout_offset = &offset;\n offset = 0;\n max = (unsigned)strlen(line);\n } else\n offset = *inout_offset;\n\n\n /* trim whitespace */\n while (offset < max && isspace(line[offset]&0xFF))\n offset++;\n\n /* get the first IP address */\n err = parse_ipv4(line, &offset, max, &result.begin);\n if (err) {\n return badrange;\n }\n result.end = result.begin;\n\n /* trim whitespace */\n while (offset < max && isspace(line[offset]&0xFF))\n offset++;\n\n /* If only one IP address, return that */\n if (offset >= max)\n goto end;\n\n /*\n * Handle CIDR address of the form \"10.0.0.0/8\"\n */\n if (line[offset] == '/') {\n uint64_t prefix = 0;\n uint64_t mask = 0;\n unsigned digits = 0;\n\n /* skip slash */\n offset++;\n\n if (!isdigit(line[offset]&0xFF)) {\n return badrange;\n }\n\n /* strip leading zeroes */\n while (offset 2)\n return badrange;\n }\n if (prefix > 32)\n return badrange;\n\n /* Create the mask from the prefix */\n mask = 0xFFFFFFFF00000000ULL >> prefix;\n\n /* Mask off any non-zero bits from the start\n * TODO print warning */\n result.begin &= mask;\n\n /* Set all suffix bits to 1, so that 192.168.1.0/24 has\n * an ending address of 192.168.1.255. */\n result.end = result.begin | (unsigned)~mask;\n goto end;\n }\n\n /*\n * Handle a dashed range like \"10.0.0.100-10.0.0.200\"\n */\n if (offset>24)&0xFF), ((ip>>16)&0xFF), ((ip>>8)&0xFF), ((ip>>0)&0xFF),\n ((result.begin>>24)&0xFF), ((result.begin>>16)&0xFF), ((result.begin>>8)&0xFF), ((result.begin>>0)&0xFF)\n );\n } else\n result.end = ip;\n goto end;\n }\n\nend:\n *inout_offset = offset;\n return result;\n}\n\n\n/***************************************************************************\n * This is the old algorithm for applying exclude ranges, very slow\n * for large lists. We keep it around for verifying correctness of the\n * new replacement algorithm.\n ***************************************************************************/\nstatic void\nrangelist_exclude2( struct RangeList *targets,\n const struct RangeList *excludes)\n{\n unsigned i;\n \n for (i=0; icount; i++) {\n struct Range range = excludes->list[i];\n rangelist_remove_range(targets, range.begin, range.end);\n }\n \n /* Since chopping up large ranges can split ranges, this can\n * grow the list so we need to re-sort it */\n rangelist_sort(targets);\n\n}\n\n/**\n * Applies the (presumably overlapping) exclude range to the target. This can have\n * four outcomes:\n * - there is no overlap, in which case 'target' is unchanged, and 'split'\n * is set to INVALID.\n * - the entire target is excluded, in which case it's set to INVALID.\n * - the overlap is at the beginning, in which case the 'begin' is increased.\n * - the overlap is at the end, in which case 'end' is reduced.\n * - the overlap is in the middle, in which case the target is split\n * in two, with 'target' becoming the low addresses, and 'split' becoming\n * the high addresses.\n */\nstatic void\nrange_apply_exclude(const struct Range exclude, struct Range *target, struct Range *split)\n{\n /* Set 'split' to invalid to start with */\n split->begin = 2;\n split->end = 1;\n\n /* Case 1: no overlap */\n if (target->begin > exclude.end || target->end < exclude.begin) {\n return;\n }\n \n /* Case 2: complete overlap, mark target as invalid and return */\n if (target->begin >= exclude.begin && target->end <= exclude.end) {\n target->begin = 2;\n target->end = 1;\n return;\n }\n \n /* Case 3: overlap at start */\n if (target->begin >= exclude.begin && target->end > exclude.end) {\n target->begin = exclude.end + 1;\n return;\n }\n \n /* Case 4: overlap at end */\n if (target->begin < exclude.begin && target->end <= exclude.end) {\n target->end = exclude.begin - 1;\n return;\n }\n \n /* Case 5: this range needs to be split */\n if (target->begin < exclude.begin && target->end > exclude.end) {\n split->end = target->end;\n split->begin = exclude.end + 1;\n target->end = exclude.begin - 1;\n return;\n }\n \n /* No other condition should be possible */\n assert(!\"possible\");\n}\n\n/***************************************************************************\n ***************************************************************************/\nint\nrange_is_valid(struct Range range)\n{\n return range.begin <= range.end;\n}\n\n/***************************************************************************\n * Apply the exclude ranges, which means removing everything from \"targets\"\n * that's also in \"exclude\". This can make the target list even bigger\n * as individually excluded address chop up large ranges.\n ***************************************************************************/\nvoid\nrangelist_exclude( struct RangeList *targets,\n struct RangeList *excludes)\n{\n unsigned i;\n unsigned x;\n struct RangeList newlist = {0};\n \n /* Both lists must be sorted */\n rangelist_sort(targets);\n rangelist_sort(excludes);\n \n /* Go through all target ranges, apply excludes to them\n * (which may split into two ranges), and add them to\n * the new target list */\n x = 0;\n for (i=0; icount; i++) {\n struct Range range = targets->list[i];\n \n /* Move the exclude forward until we find a potentially\n * overlapping candidate */\n while (x < excludes->count && excludes->list[x].end < range.begin)\n x++;\n \n /* Keep applying excludes to this range as long as there are overlaps */\n while (x < excludes->count && excludes->list[x].begin <= range.end) {\n struct Range split = INVALID_RANGE;\n \n range_apply_exclude(excludes->list[x], &range, &split);\n \n /* If there is a split, then add the original range to our list\n * and then set that range to the split-ed portion */\n if (range_is_valid(split)) {\n rangelist_add_range(&newlist, range.begin, range.end);\n memcpy(&range, &split, sizeof(range));\n }\n \n if (excludes->list[x].begin > range.end)\n break;\n \n x++;\n }\n \n /* If the range hasn't been completely excluded, then add the remnants */\n if (range_is_valid(range)) {\n rangelist_add_range(&newlist, range.begin, range.end);\n }\n }\n\n /* Now free the old list and move over the new list */\n free(targets->list);\n targets->list = newlist.list;\n targets->count = newlist.count;\n newlist.list = NULL;\n newlist.count = 0;\n \n /* Since chopping up large ranges can split ranges, this can\n * grow the list so we need to re-sort it */\n rangelist_sort(targets);\n}\n\n\n/***************************************************************************\n * Counts the total number of addresses in all the ranges combined.\n * For 0.0.0.0/0, this will be 0x100000000, which means we have to use a\n * larger number than 32-bit to return the result. This assumes that\n * all overlaps have been resolved in the list (i.e. it's been sorted).\n ***************************************************************************/\nuint64_t\nrangelist_count(const struct RangeList *targets)\n{\n unsigned i;\n uint64_t result = 0;\n\n for (i=0; icount; i++) {\n result += (uint64_t)targets->list[i].end - (uint64_t)targets->list[i].begin + 1UL;\n }\n\n return result;\n}\n\n\n/***************************************************************************\n * Get's the indexed port/address.\n *\n * Note that this requires a search of all the ranges. Currently, this is\n * done by a learn search of the ranges. This needs to change, because\n * once we start adding in a lot of \"exclude ranges\", the address space\n * will get fragmented, and the linear search will take too long.\n ***************************************************************************/\nstatic unsigned\nrangelist_pick_linearsearch(const struct RangeList *targets, uint64_t index)\n{\n unsigned i;\n\n for (i=0; i