TCP端口扫描

Tetris · 发表于 2005-5-5 23:19:04

以前写的一段代码，用于发现internet上的tcp服务，如果大家对端口扫描感兴趣应该是不错的参考。当时参与了一个ftp文件搜索的项目，这是其中的一个模块，感觉写得还不错，用一台PC机只需两个多小时就可以发现全国的ftp服务。有人有兴趣的话我明天再给出代码的详细说明。

tcp_scan.h:

#ifndef _TCP_SCAN_H_
#define _TCP_SCAN_H_
#include <sys/types.h>
#include <sys/socket.h>
#define TS_ACCEPTED 1
#define TS_REFUSED 2
#define TS_UNREACH 3
struct addrseg
{
int as_family;
void *as_address;
unsigned int as_bits;
struct addrseg *as_next;
};
typedef int (*scan_info_t)(const struct sockaddr *, socklen_t, int, void *);
#ifdef __cplusplus
extern "C"
{
#endif
int tcp_scan(const struct addrseg *addrscope, const unsigned short *ports,
unsigned int ifindex, const char *ifname, int resetuid,
scan_info_t info, void *arg);
#ifdef __cplusplus
}
#endif
#endif

复制代码

tcp_scan.c:

/* I like BSD style better. */
#define _BSD_SOURCE
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#ifdef IPV6
# include <netinet/ip6.h>
# include <netinet/icmp6.h>
#endif
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <rbtree.h>
#include <unp.h>
#include "tcp_scan.h"
#define TCP_SCANNER_PORT 12200
#define TCP_SCAN_REPEATS 4
#define MAX_SEG_LIFETIME 30
#ifndef offsetof
# define offsetof(type, member) ((size_t)&((type *)0)->member)
#endif
#define SET_FD_NONBLOCK(fd) \
({ \
int __flags = fcntl(fd, F_GETFL, 0); \
if (__flags >= 0) \
__flags = fcntl(fd, F_SETFL, __flags | O_NONBLOCK); \
__flags; \
})
#ifdef IPV6
# define IN6_ADDR_NEXT(addr) \
do { \
int __i; \
for (__i = 15; __i >= 0; __i--) \
{ \
if (++((unsigned char *)(addr))[__i] != 0) \
break; \
} \
} while (0)
#endif
#ifndef __linux__
# define select(maxfdp1, rset, wset, xset, timeout) \
({ \
struct timeval __tv = *(timeout); \
long __tps = sysconf(_SC_CLK_TCK); \
clock_t __clock = times(NULL); \
int __n = select(maxfdp1, rset, wset, xset, timeout); \
__clock = times(NULL) - __clock; \
*(timeout) = __tv; \
if (((timeout)->tv_sec -= __clock / __tps) < 0) \
{ \
(timeout)->tv_usec += 1000000 * (timeout)->tv_sec; \
(timeout)->tv_sec = 0; \
} \
if (((timeout)->tv_usec -= __clock % __tps * 1000000 / __tps) < 0) \
(timeout)->tv_usec = 0; \
__n; \
})
#endif
/* "sockaddr" structs arranged in a Red-Black tree. */
struct __sockaddr_rb
{
struct rb_node rb;
socklen_t addrlen;
struct sockaddr sockaddr;
};
/* Union of sockaddr. */
union __sa_union
{
struct sockaddr sockaddr;
struct sockaddr_in sin;
#ifdef IPV6
struct sockaddr_in6 sin6;
#endif
};
/* IP pseudoheader of TCP or UDP. */
struct __ip_pheader
{
struct in_addr src;
struct in_addr dst;
unsigned char zero;
unsigned char protocol;
unsigned short len;
};
#ifdef IPV6
struct __ip6_pheader
{
struct in6_addr src;
struct in6_addr dst;
unsigned int len;
unsigned short zero1;
unsigned char zero2;
unsigned char next;
};
#endif
/* TCP header combined with IP pseudoheader. */
struct __tcp_pheader
{
#ifdef IPV6
union
{
struct __ip6_pheader phdr6;
struct
{
char __pad[sizeof (struct __ip6_pheader) -
sizeof (struct __ip_pheader)];
struct __ip_pheader phdr;
};
};
#else
struct __ip_pheader phdr;
#endif
struct tcphdr tcphdr;
};
unsigned short __tcp_scanner_port = TCP_SCANNER_PORT;
int __tcp_scan_repeats = TCP_SCAN_REPEATS;
int __max_seg_lifetime = MAX_SEG_LIFETIME;
/* For the sake of simplicity. */
static unsigned int __tcp_header_seq;
static scan_info_t __info;
static void *__arg;
inline static void __make_tcp_ip_pheader(const struct in_addr *saddr,
const struct in_addr *daddr,
struct __ip_pheader *phdr)
{
phdr->src = *saddr;
phdr->dst = *daddr;
phdr->zero = 0;
phdr->protocol = IPPROTO_TCP;
phdr->len = htons(sizeof (struct tcphdr));
}
#ifdef IPV6
inline static void __make_tcp_ip6_pheader(const struct in6_addr *saddr,
const struct in6_addr *daddr,
struct __ip6_pheader *phdr)
{
phdr->src = *saddr;
phdr->dst = *daddr;
phdr->len = htonl(sizeof (struct tcphdr));
phdr->zero1 = 0;
phdr->zero2 = 0;
phdr->next = IPPROTO_TCP;
}
#endif
/* Send a TCP packet. (Without TCP options or TCP data.) */
static int __tcp_send(int sockfd, struct __tcp_pheader *tcpphdr,
const void *saddr, const struct sockaddr *daddr,
socklen_t addrlen)
{
unsigned short *pfrom;
int len;
switch (daddr->sa_family)
{
case AF_INET:
__make_tcp_ip_pheader((const struct in_addr *)saddr,
&((const struct sockaddr_in *)daddr)->
sin_addr, &tcpphdr->phdr);
pfrom = (unsigned short *)&tcpphdr->phdr;
len = sizeof (struct __ip_pheader) + sizeof (struct tcphdr);
break;
#ifdef IPV6
case AF_INET6:
__make_tcp_ip6_pheader((const struct in6_addr *)saddr,
&((const struct sockaddr_in6 *)daddr)->
sin6_addr, &tcpphdr->phdr6);
pfrom = (unsigned short *)&tcpphdr->phdr6;
len = sizeof (struct __ip6_pheader) + sizeof (struct tcphdr);
break;
#endif
default:
errno = EAFNOSUPPORT;
return -1;
}
tcpphdr->tcphdr.th_sum = 0;
tcpphdr->tcphdr.th_sum = in_cksum(pfrom, len);
return sendto(sockfd, &tcpphdr->tcphdr, sizeof (struct tcphdr), 0,
daddr, addrlen);
}
/* Send a SYN packet to the remote server. */
static int __tcp_syn(int sockfd, unsigned short sport, unsigned short dport,
const void *saddr, const struct sockaddr *daddr,
socklen_t addrlen)
{
struct __tcp_pheader tcpphdr = {
tcphdr : {
th_sport : htons(sport),
th_dport : htons(dport),
th_seq : htonl(__tcp_header_seq),
th_ack : htonl(0),
th_x2 : 0,
th_off : sizeof (struct tcphdr) >> 2,
th_flags : TH_SYN,
th_win : htons(8192),
th_urp : htons(0)
}
};
return __tcp_send(sockfd, &tcpphdr, saddr, daddr, addrlen);
}
/* Tell the remote server that connection is aborted. */
static int __tcp_rst(int sockfd, unsigned short sport, unsigned short dport,
const void *saddr, const struct sockaddr *daddr,
socklen_t addrlen)
{
struct __tcp_pheader tcpphdr = {
tcphdr : {
th_sport : htons(sport),
th_dport : htons(dport),
th_seq : htonl(0),
th_ack : htonl(0),
th_x2 : 0,
th_off : sizeof (struct tcphdr) >> 2,
th_flags : TH_RST,
th_win : htons(0),
th_urp : htons(0)
}
};
return __tcp_send(sockfd, &tcpphdr, saddr, daddr, addrlen);
}
/* Search a sockaddr in a Red-Black tree. */
static struct __sockaddr_rb *
__rb_search_sockaddr(const struct sockaddr *sockaddr, socklen_t addrlen,
const struct rb_root *root)
{
const struct rb_node *p = root->node;
struct __sockaddr_rb *entry;
int n;
while (p)
{
entry = rb_entry(p, struct __sockaddr_rb, rb);
if (addrlen < entry->addrlen)
n = -1;
else if (addrlen > entry->addrlen)
n = 1;
else if ((n = memcmp(sockaddr, &entry->sockaddr, addrlen)) == 0)
return entry;
p = n < 0 ? p->left : p->right;
}
return NULL;
}
/* Insert a sockaddr into a Red-Black tree. */
static struct __sockaddr_rb *
__rb_insert_sockaddr(const struct sockaddr *sockaddr, socklen_t addrlen,
struct rb_root *root)
{
struct rb_node **p = &root->node;
struct rb_node *parent = NULL;
struct __sockaddr_rb *entry;
int n;
while (*p)
{
parent = *p;
entry = rb_entry(parent, struct __sockaddr_rb, rb);
if (addrlen < entry->addrlen)
n = -1;
else if (addrlen > entry->addrlen)
n = 1;
else if ((n = memcmp(sockaddr, &entry->sockaddr, addrlen)) == 0)
return entry;
p = n < 0 ? &parent->left : &parent->right;
}
#define __SOCKADDR_RB_SIZE \
(offsetof(struct __sockaddr_rb, sockaddr) + addrlen)
if (entry = (struct __sockaddr_rb *)malloc(__SOCKADDR_RB_SIZE))
{
entry->addrlen = addrlen;
memcpy(&entry->sockaddr, sockaddr, addrlen);
rb_link_node(&entry->rb, parent, p);
rb_insert_color(&entry->rb, root);
return NULL;
}
#undef __SOCKADDR_RB_SIZE
return (struct __sockaddr_rb *)-1;
}
static void __rb_destroy_sockaddr(struct rb_root *root)
{
struct __sockaddr_rb *entry;
while (root->node)
{
entry = rb_entry(root->node, struct __sockaddr_rb, rb);
rb_erase(root->node, root);
free(entry);
}
}
static int __proc_tcp_packet(int sockfd, const struct tcphdr *tcphdr,
const void *daddr, const struct sockaddr *saddr,
socklen_t addrlen, struct rb_root *root)
{
struct __sockaddr_rb *entry;
int state;
if (ntohs(tcphdr->th_dport) == __tcp_scanner_port)
{
if (tcphdr->th_flags & (TH_SYN | TH_RST) &&
tcphdr->th_flags & TH_ACK &&
ntohl(tcphdr->th_ack) == __tcp_header_seq + 1)
{
if (tcphdr->th_flags & TH_SYN)
{
/* Be a polite scanner! */
__tcp_rst(sockfd, __tcp_scanner_port,
ntohs(tcphdr->th_sport),
daddr, saddr, addrlen);
}
if (!(entry = __rb_insert_sockaddr(saddr, addrlen, root)))
{
state = tcphdr->th_flags & TH_SYN ? TS_ACCEPTED : TS_REFUSED;
if (__info(saddr, addrlen, state, __arg) < 0)
return -1;
}
else if (entry == (struct __sockaddr_rb *)-1)
return -1;
}
}
return 0;
}
static int __recv_tcp_packet(int sockfd, struct rb_root *root)
{
/* We do not care the TCP options or TCP data, so the buffer size is the
biggest IPv4 header size, which is bigger than IPv6 header size, plus
TCP header size. */
#define __BUFSIZE ((0xf << 2) + sizeof (struct tcphdr))
char buf[__BUFSIZE];
struct ip *iphdr = (struct ip *)buf;
#ifdef IPV6
struct ip6_hdr *ip6hdr = (struct ip6_hdr *)buf;
#endif
struct tcphdr *tcphdr;
union __sa_union un;
socklen_t addrlen;
ssize_t n;
while (addrlen = sizeof (union __sa_union), (n = recvfrom(sockfd, buf,
__BUFSIZE, 0, &un.sockaddr, &addrlen)) >= 0)
{
if (un.sockaddr.sa_family == AF_INET)
{
/* Make sure that it is a valid TCP packet. */
if (n >= sizeof (struct ip) && iphdr->ip_p == IPPROTO_TCP &&
n >= (iphdr->ip_hl << 2) + sizeof (struct tcphdr))
{
tcphdr = (struct tcphdr *)(buf + (iphdr->ip_hl << 2));
un.sin.sin_port = tcphdr->th_sport;
if (__proc_tcp_packet(sockfd, tcphdr, &iphdr->ip_dst,
&un.sockaddr, addrlen, root) < 0)
break;
}
}
#ifdef IPV6
else if (un.sockaddr.sa_family == AF_INET6)
{
if (n >= sizeof (struct ip6_hdr) + sizeof (struct tcphdr) &&
ip6hdr->ip6_nxt == IPPROTO_TCP)
{
tcphdr = (struct tcphdr *)(ip6hdr + 1);
un.sin6.sin6_port = tcphdr->th_sport;
if (__proc_tcp_packet(sockfd, tcphdr, &ip6hdr->ip6_dst,
&un.sockaddr, addrlen, root) < 0)
break;
}
}
#endif
}
#undef __BUFSIZE
return n < 0 && errno == EAGAIN ? 0 : -1;
}
static int __proc_icmp_packet(const struct icmp *icmp, size_t icmplen,
struct sockaddr *saddr, socklen_t addrlen,
struct rb_root *root)
{
struct __sockaddr_rb *entry;
const struct ip *iphdr;
const struct tcphdr *tcphdr;
/* We care only ICMP unreach packet. */
if (icmp->icmp_type == ICMP_UNREACH)
{
/* if (icmplen >= sizeof (struct icmp) + sizeof (struct ip)) */
if (icmplen >= offsetof(struct icmp, icmp_data) + sizeof (struct ip))
{
iphdr = (const struct ip *)icmp->icmp_data;
if (icmplen >= offsetof(struct icmp, icmp_data) +
(iphdr->ip_hl << 2) + 8)
{
tcphdr = (const struct tcphdr *)((const char *)iphdr +
(iphdr->ip_hl << 2));
if (ntohs(tcphdr->th_sport) == __tcp_scanner_port &&
ntohl(tcphdr->th_seq) == __tcp_header_seq)
{
((struct sockaddr_in *)saddr)->sin_port = tcphdr->th_dport;
if (!(entry = __rb_insert_sockaddr(saddr, addrlen, root)))
{
if (__info(saddr, addrlen, TS_UNREACH, __arg) < 0)
return -1;
}
else if (entry == (struct __sockaddr_rb *)-1)
return -1;
}
}
}
}
return 0;
}
#ifdef IPV6
static int __proc_icmp6_packet(const struct icmp6_hdr *icmp6, size_t icmplen,
struct sockaddr *saddr, socklen_t addrlen,
struct rb_root *root)
{
struct __sockaddr_rb *entry;
const struct ip6_hdr *ip6hdr;
const struct tcphdr *tcphdr;
if (icmp6->icmp6_type == ICMP6_DST_UNREACH)
{
if (icmplen >= sizeof (struct icmp6_hdr) + sizeof (struct ip6_hdr) + 8)
{
ip6hdr = (const struct ip6_hdr *)(icmp6 + 1);
tcphdr = (const struct tcphdr *)(ip6hdr + 1);
if (ntohs(tcphdr->th_sport) == __tcp_scanner_port &&
ntohl(tcphdr->th_seq) == __tcp_header_seq)
{
((struct sockaddr_in6 *)saddr)->sin6_port = tcphdr->th_dport;
if (!(entry = __rb_insert_sockaddr(saddr, addrlen, root)))
{
if (__info(saddr, addrlen, TS_UNREACH, __arg) < 0)
return -1;
}
else if (entry == (struct __sockaddr_rb *)-1)
return -1;
}
}
}
return 0;
}
#endif
static int __recv_icmp_packet(int sockfd, struct rb_root *root)
{
/* Biggest IPv4 header, ICMP header, the returned IP header with
8 bytes TCP header. */
#define __BUFSIZE \
((0xf << 2) + offsetof(struct icmp, icmp_data) + (0xf << 2) + 8)
char buf[__BUFSIZE];
struct ip *iphdr = (struct ip *)buf;
#ifdef IPV6
struct ip6_hdr *ip6hdr = (struct ip6_hdr *)buf;
#endif
union __sa_union un;
socklen_t addrlen;
ssize_t n;
while (addrlen = sizeof (union __sa_union), (n = recvfrom(sockfd, buf,
__BUFSIZE, 0, &un.sockaddr, &addrlen)) >= 0)
{
if (un.sockaddr.sa_family == AF_INET)
{
if (n >= sizeof (struct ip) && iphdr->ip_p == IPPROTO_ICMP &&
n >= (iphdr->ip_hl << 2) + offsetof(struct icmp, icmp_data))
{
struct icmp *icmp = (struct icmp *)(buf + (iphdr->ip_hl << 2));
if (__proc_icmp_packet(icmp, n - (iphdr->ip_hl << 2),
&un.sockaddr, addrlen, root) < 0)
break;
}
}
#ifdef IPV6
else if (un.sockaddr.sa_family == AF_INET6)
{
if (n >= sizeof (struct ip6_hdr) + sizeof (struct icmp6_hdr) &&
ip6hdr->ip6_nxt == IPPROTO_ICMPV6)
{
struct icmp6_hdr *icmp6 = (struct icmp6_hdr *)(ip6hdr + 1);
if (__proc_icmp6_packet(icmp6, n - sizeof (struct ip6_hdr),
&un.sockaddr, addrlen, root) < 0)
break;
}
}
#endif
}
#undef __BUFSIZE
return n < 0 && errno == EAGAIN ? 0 : -1;
}
inline static int
#ifdef IPV6
__scan_ip_seg(const struct in_addr *address, unsigned int bits,
unsigned short port, int tcpsock, int icmpsock,
int tcpsock6, int icmpsock6, const struct in_addr *myaddr,
struct rb_root *root)
#else
__scan_ip_seg(const struct in_addr *address, unsigned int bits,
unsigned short port, int tcpsock, int icmpsock,
const struct in_addr *myaddr, struct rb_root *root)
#endif
{
unsigned int hostmax = 0;
unsigned int host;
struct sockaddr_in sin;
unsigned int bit = 1;
bzero(&sin, sizeof (struct sockaddr_in));
sin.sin_family = AF_INET;
for (host = 0; host < 32 - bits; host++)
{
hostmax |= bit;
bit <<= 1;
}
host = ntohl(address->s_addr) & ~hostmax;
hostmax |= ntohl(address->s_addr);
do
{
sin.sin_addr.s_addr = htonl(host);
if (!__rb_search_sockaddr((struct sockaddr *)&sin,
sizeof (struct sockaddr_in), root))
{
__tcp_syn(tcpsock, __tcp_scanner_port, port,
myaddr, (struct sockaddr *)&sin,
sizeof (struct sockaddr_in));
}
if (__recv_tcp_packet(tcpsock, root) < 0)
return -1;
if (__recv_icmp_packet(icmpsock, root) < 0)
return -1;
#ifdef IPV6
if (tcpsock6 >= 0)
{
if (__recv_tcp_packet(tcpsock6, root) < 0)
return -1;
if (__recv_icmp_packet(icmpsock6, root) < 0)
return -1;
}
#endif
} while (host++ != hostmax);
return 0;
}
#ifdef IPV6
inline static int
__scan_ip6_seg(const struct in6_addr *address, unsigned int bits,
unsigned short port, int tcpsock, int icmpsock,
int tcpsock6, int icmpsock6, const struct in6_addr *myaddr,
struct rb_root *root)
{
struct in6_addr hostmax;
struct in6_addr host;
struct sockaddr_in6 sin6;
unsigned char bit = 1;
int i, j;
bzero(&hostmax, sizeof (struct in6_addr));
for (i = 15; i > bits >> 3; i--)
hostmax.s6_addr[i] = 0xff;
for (j = 0; j < (128 - bits) & 7; j++)
{
hostmax.s6_addr[i] |= bit;
bit <<= 1;
}
for (i = 0; i < 4; i++)
{
host.s6_addr32[i] = address->s6_addr32[i] & ~hostmax.s6_addr32[i];
hostmax.s6_addr32[i] |= address->s6_addr32[i];
}
bzero(&sin6, sizeof (struct sockaddr_in6));
sin6.sin6_family = AF_INET6;
while (1)
{
sin6.sin6_addr = host;
if (!__rb_search_sockaddr((struct sockaddr *)&sin6,
sizeof (struct sockaddr_in6), root))
{
__tcp_syn(tcpsock, __tcp_scanner_port, port,
myaddr, (struct sockaddr *)&sin6,
sizeof (struct sockaddr_in6));
}
if (tcpsock >= 0)
{
if (__recv_tcp_packet(tcpsock, root) < 0)
return -1;
if (__recv_icmp_packet(icmpsock, root) < 0)
return -1;
}
if (__recv_tcp_packet(tcpsock6, root) < 0)
return -1;
if (__recv_icmp_packet(icmpsock6, root) < 0)
return -1;
if (IN6_ARE_ADDR_EQUAL(&host, &hostmax))
break;
IN6_ADDR_NEXT(&host);
}
return 0;
}
#endif
#ifdef IPV6
static int __wait_response(int tcpsock, int icmpsock, int tcpsock6,
int icmpsock6, struct rb_root *root)
#else
static int __wait_response(int tcpsock, int icmpsock, struct rb_root *root)
#endif
{
fd_set all, rset;
struct timeval timeout = {
tv_sec : __max_seg_lifetime << 1,
tv_usec : 0
};
int maxfd = -1;
int n;
#define __max(x, y) ((x) > (y) ? (x) : (y))
if (tcpsock >= 0)
{
FD_SET(tcpsock, &all);
FD_SET(icmpsock, &all);
maxfd = __max(tcpsock, icmpsock);
}
#ifdef IPV6
if (tcpsock6 >= 0)
{
FD_SET(tcpsock6, &all);
FD_SET(icmpsock6, &all);
maxfd = __max(maxfd, __max(tcpsock6, icmpsock6));
}
#endif
#undef __max
/* Wait at least 2*MSL for all IP segments to expire. */
while (rset = all, (n = select(maxfd + 1, &rset, NULL, NULL,
&timeout)) > 0)
{
if (tcpsock >= 0)
{
if (FD_ISSET(tcpsock, &rset))
{
if (__recv_tcp_packet(tcpsock, root) < 0)
return -1;
}
if (FD_ISSET(icmpsock, &rset))
{
if (__recv_icmp_packet(icmpsock, root) < 0)
return -1;
}
}
#ifdef IPV6
if (tcpsock6 >= 0)
{
if (FD_ISSET(tcpsock6, &rset))
{
if (__recv_tcp_packet(tcpsock6, root) < 0)
return -1;
}
if (FD_ISSET(icmpsock6, &rset))
{
if (__recv_icmp_packet(icmpsock6, root) < 0)
return -1;
}
}
#endif
}
return n;
}
int tcp_scan(const struct addrseg *scope, const unsigned short *ports,
unsigned int ifindex, const char *ifname, int resetuid,
scan_info_t info, void *arg)
{
const struct addrseg *p;
const short *port;
int tcpsock = -1, icmpsock = -1;
struct in_addr ipaddr;
#ifdef IPV6
int tcpsock6 = -1, icmpsock6 = -1;
struct in6_addr ip6addr;
#endif
union __sa_union un;
int i, ret = -1;
struct rb_root root = RB_ROOT;
for (p = scope; p; p = p->as_next)
{
switch (p->as_family)
{
case AF_INET:
tcpsock = -2;
break;
#ifdef IPV6
case AF_INET6:
tcpsock6 = -2;
break;
#endif
default:
errno = EAFNOSUPPORT;
return -1;
}
}
if (tcpsock == -2)
{
if (getifaddr(AF_INET, ifindex, ifname, &ipaddr) < 0)
goto error;
if ((tcpsock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0)
goto error;
if ((icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
goto error;
bzero(&un.sin, sizeof (struct sockaddr_in));
un.sin.sin_family = AF_INET;
un.sin.sin_addr = ipaddr;
if (bind(tcpsock, &un.sockaddr, sizeof (struct sockaddr_in)) < 0)
goto error;
if (bind(icmpsock, &un.sockaddr, sizeof (struct sockaddr_in)) < 0)
goto error;
if (SET_FD_NONBLOCK(tcpsock) < 0)
goto error;
if (SET_FD_NONBLOCK(icmpsock) < 0)
goto error;
}
#ifdef IPV6
if (tcpsock6 == -2)
{
if (getifaddr(AF_INET6, ifindex, ifname, &ip6addr) < 0)
goto error;
if ((tcpsock6 = socket(AF_INET6, SOCK_RAW, IPPROTO_TCP)) < 0)
goto error;
if ((icmpsock6 = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0)
goto error;
bzero(&un.sin6, sizeof (struct sockaddr_in6));
un.sin6.sin6_family = AF_INET6;
un.sin6.sin6_addr = ip6addr;
if (bind(tcpsock6, &un.sockaddr, sizeof (struct sockaddr_in6)) < 0)
goto error;
if (bind(icmpsock6, &un.sockaddr, sizeof (struct sockaddr_in6)) < 0)
goto error;
if (SET_FD_NONBLOCK(tcpsock6) < 0)
goto error;
if (SET_FD_NONBLOCK(icmpsock6) < 0)
goto error;
}
#endif
/* We no longer need root privilege. */
if (resetuid)
setuid(getuid());
/* Generate a random TCP sequance. */
srand(time(NULL));
__tcp_header_seq = rand();
__info = info;
__arg = arg;
for (i = 0; i < __tcp_scan_repeats; i++)
{
for (port = ports; *port; port++)
{
for (p = scope; p; p = p->as_next)
{
if (p->as_family == AF_INET)
{
#ifdef IPV6
if (__scan_ip_seg(p->as_address, p->as_bits, *port,
tcpsock, icmpsock, tcpsock6,
icmpsock6, &ipaddr, &root) < 0)
goto error;
#else
if (__scan_ip_seg(p->as_address, p->as_bits,
*port, tcpsock, icmpsock,
&ipaddr, &root) < 0)
goto error;
#endif
}
#ifdef IPV6
else /* if (p->as_family == AF_INET6) */
{
if (__scan_ip6_seg(p->as_address, p->as_bits, *port,
tcpsock, icmpsock, tcpsock6,
icmpsock6, &ip6addr, &root) < 0)
goto error;
}
#endif
}
}
}
#ifdef IPV6
if (__wait_response(tcpsock, icmpsock, tcpsock6, icmpsock6, &root) >= 0)
ret = 0;
#else
if (__wait_response(tcpsock, icmpsock, &root) >= 0)
ret = 0;
#endif
error:
__rb_destroy_sockaddr(&root);
if (tcpsock >= 0)
close(tcpsock);
if (icmpsock >= 0)
close(icmpsock);
#ifdef IPV6
if (tcpsock6 >= 0)
close(tcpsock6);
if (icmpsock6 >= 0)
close(icmpsock6);
#endif
return ret;
}

复制代码

kj501 · 发表于 2005-5-6 08:38:17

继续贴全呀，兄弟，这是很好参考资料。

wuhu · 发表于 2005-5-6 09:26:48

不错,不过兄台的函数命名方法,看的不习惯啊!

kj501 · 发表于 2005-5-6 10:16:07

下划线开头是一般是定义库函数中的符号。他这个程序应该是以库的形式来使用的。

tigeroar · 发表于 2005-5-6 11:30:22

关注!!!

erniu · 发表于 2005-5-6 14:18:53

继续贴啊！

Tetris · 发表于 2005-5-6 17:03:35

大家这么关注，继续写。要把整个东西解释清楚挺难的，先从接口开始。当时的需求是，给定一个IP地址范围，要以最快的速度发现存在ftp服务的地址。因为ftp服务一般都是使用21端口，所以想到的使用的方法就是检测21端口是否可连接。想了很久，接口的设计如下：
int tcp_scan(const struct addrseg *addrscope, const unsigned short *ports,
unsigned int ifindex, const char *ifname, int resetuid,
scan_info_t info, void *arg);
只有一个函数，而且没有使用面向对象的设计方法。解释一下各个参数的意义：

const struct addrseg *addrscope：要扫描的地址范围，是一个结点类型为struct addrseg的链表，每个结点为一个IP地址段。struct addrseg的定义如下：
struct addrseg
{
int as_family;
void *as_address;
unsigned int as_bits;
struct addrseg *as_next;
};
其中，as_family表示这个地址段的类型，可以是AF_INET或AF_INET6，分别表示IPv4地址和IPv6地址；as_address指向一个struct in_addr结构（IPv4）或struct in6_addr结构（IPV6）。as_bits指明as_address的有效位数，有效位数越少，则这个地址段越大。例如，地址段162.105.*.*，其地址有效位为16位；如果一个地址段只包含一个地址，如162.105.80.1，则其地址有效位为32位。as_next指向下一个地址段，若as_next == NULL则表示链表结束。

const unsigned short *ports：要扫描的一组端口。也就是一个unsigned short型的数组，以0作为结束。

unsigned int ifindex，const char *ifname：指定一个网络设备作为出口。这两个参数本来不应该存在，但我为了省过内部检查路由表麻烦，让函数调用者指定一个网络设备，以这个设备的地址作为每个包的源地址（这个源地址只用于计算TCP校验和）。这样做的好处是加快了扫描速度，缺点是对于多网卡的机器只能使用其中一块网卡。当ifindex不为0，使用ifindex，ifname参数被乎略。当ifindex为0时，使用ifname。

int resetuid：因为函数要打开一个raw socket，因此运行的时候需要root权限。这个参数表示，是否在打开了raw socket之后把进程的有效权限置为实际用户权限，也就是说，是否调用setuid(getuid())。

scan_info_t info，void *arg：回调函数，用于通知道调用者有响应的IP地址。在tcp_scan.h中有如下定义：
typedef int (*scan_info_t)(const struct sockaddr *, socklen_t, int, void *);
前两上参数const struct sockaddr *和socklen_t指明一个有响应的地址。每三个参数int表示响应的状态，可能为TS_ACCEPTED，TS_REFUSED或TS_UNREACH，分别表示该地址可连接，拒绝连接和不可达。最后一个参数void *为用户自定义参数，直接由tcp_scan的最后一个参数void *arg传到回调函数。

tcp_scan返回非负值表示成功，返回负值表示失败，错误原因保存在errno中。当回调函数返回负值，tcp_scan以失败返回。

下面一个简单例子，用于发现162.105.*.*和166.111.*.*里的所有http服务和ftp服务，并且把地址打印出来：

static int __print_result(const struct sockaddr *sockaddr, socklen_t addrlen,
int state, void *arg)
{
struct sockaddr_in *sin = (struct sockaddr_in *)sockaddr;
char addrstr[INET_ADDRSTRLEN + 1];
unsigned short port = ntohs(sin->sin_port);
const char *state_str;
inet_ntop(sockaddr->sin_family, sockaddr->sin_addr, addrstr,
INET_ADDRSTRLEN + 1);
switch (state)
{
case TS_ACCEPTED:
state_str = "Connection accepted.";
break;
case TS_REFUSED:
state_str = "Connection refused.";
break;
case TS_UNREACH:
state_str = "Destination unreachable.";
break;
default:
state_str = "Unknown state.";
break;
}
printf("%s %u:%s\n", addrstr, port, state_str);
return 0;
}
int main(void)
{
struct addrseg addrseg[2];
struct in_addr in_addr[2];
unsigned short ports[] = { 80, 21, 0 };
inet_pton(AF_INET, "162.105.0.0", in_addr);
inet_pton(AF_INET, "166.111.0.0", in_addr + 1);
addrseg[0].as_family = AF_INET;
addrseg[0].as_addr = in_addr;
addrseg[0].as_bits = 16;
addrseg[0].as_next = addrseg + 1;
addrseg[1].as_family = AF_INET;
addrseg[1].as_addr = in_addr + 1;
addrseg[1].as_bits = 16;
addrseg[1].as_next = NULL;
return tcp_scan(addrseg, ports, 0, "eth0", 1,
__print_result, NULL);
}

复制代码

今天先说这些了，以前写过文档现在找不着了，连例子都是现写的。内部实现以后再讲。仔细看懂这个接口的设计，应该对提高编程水平很有帮助。

Tetris · 发表于 2005-5-6 18:02:37

关于我的代码风格问题，我一般所有的模块内部符号都以双下划线开头。以前编程的时候，只在一处被调用的函数无论多长都定义为inline，让编译器自行决定是否展开，现在想起来好像没有这个必要。

wuhu · 发表于 2005-5-7 09:19:32

只在写driver的时候,这样写到,呵呵,不错,建议看这个的有点tcp/ip的基础啊!

zhx2006 · 发表于 2006-9-18 11:35:51

楼主大虾！我是新手，但非常感兴趣，可否指导一下！谢谢！qq：254836615 email：zhanghx1977@163.com

		自动登录	找回密码
密码			注册