Skip to content

Commit a50af99

Browse files
bonsaivikingbonsaiviking
committed
Add ICMPV6_TYPE and ICMPV6_CODE features for IPv6 OS detection. http://seclists.org/nmap-dev/2015/q3/232 nmap#224 
1 parent f257fa5 commit a50af99

File tree

3 files changed

+935
-875
lines changed

3 files changed

+935
-875
lines changed

FPEngine.cc

+43-1
Original file line numberDiff line numberDiff line change
@@ -760,6 +760,13 @@ static const TCPHeader *find_tcp(const PacketElement *pe) {
760760
return (TCPHeader *) pe;
761761
}
762762

763+
static const ICMPv6Header *find_icmpv6(const PacketElement *pe) {
764+
while (pe != NULL && pe->protocol_id() != HEADER_TYPE_ICMPv6)
765+
pe = pe->getNextElement();
766+
767+
return (ICMPv6Header *) pe;
768+
}
769+
763770
static double vectorize_plen(const PacketElement *pe) {
764771
const IPv6Header *ipv6;
765772

@@ -857,9 +864,31 @@ static double vectorize_isr(std::map<std::string, FPPacket>& resps) {
857864
return sum / t;
858865
}
859866

867+
static int vectorize_icmpv6_type(const PacketElement *pe) {
868+
const ICMPv6Header *icmpv6;
869+
870+
icmpv6 = find_icmpv6(pe);
871+
if (icmpv6 == NULL)
872+
return -1;
873+
874+
return icmpv6->getType();
875+
}
876+
877+
static int vectorize_icmpv6_code(const PacketElement *pe) {
878+
const ICMPv6Header *icmpv6;
879+
880+
icmpv6 = find_icmpv6(pe);
881+
if (icmpv6 == NULL)
882+
return -1;
883+
884+
return icmpv6->getCode();
885+
}
886+
860887
static struct feature_node *vectorize(const FingerPrintResultsIPv6 *FPR) {
861888
const char * const IPV6_PROBE_NAMES[] = {"S1", "S2", "S3", "S4", "S5", "S6", "IE1", "IE2", "NS", "U1", "TECN", "T2", "T3", "T4", "T5", "T6", "T7"};
862889
const char * const TCP_PROBE_NAMES[] = {"S1", "S2", "S3", "S4", "S5", "S6", "TECN", "T2", "T3", "T4", "T5", "T6", "T7"};
890+
const char * const ICMPV6_PROBE_NAMES[] = {"IE1", "IE2", "NS"};
891+
863892
unsigned int nr_feature, i, idx;
864893
struct feature_node *features;
865894
std::map<std::string, FPPacket> resps;
@@ -956,6 +985,15 @@ static struct feature_node *vectorize(const FingerPrintResultsIPv6 *FPR) {
956985
else
957986
features[idx++].value = -1;
958987
}
988+
/* ICMPv6 features */
989+
for (i = 0; i < NELEMS(ICMPV6_PROBE_NAMES); i++) {
990+
const char *probe_name;
991+
992+
probe_name = ICMPV6_PROBE_NAMES[i];
993+
features[idx++].value = vectorize_icmpv6_type(resps[probe_name].getPacket());
994+
features[idx++].value = vectorize_icmpv6_code(resps[probe_name].getPacket());
995+
}
996+
959997
assert(idx == nr_feature);
960998

961999
if (o.debugging > 2) {
@@ -2603,7 +2641,11 @@ bool FPProbe::isResponse(PacketElement *rcvd) {
26032641
if (this->pkt_time.tv_sec == 0 && this->pkt_time.tv_usec == 0)
26042642
return false;
26052643

2606-
return PacketParser::is_response(this->pkt, rcvd);
2644+
bool is_response = PacketParser::is_response(this->pkt, rcvd);
2645+
if (o.debugging > 2 && is_response)
2646+
printf("Received response to probe %s\n", this->getProbeID());
2647+
2648+
return is_response;
26072649
}
26082650

26092651

0 commit comments

Comments
 (0)