Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Raw sockets support

From: castorpilot <castorpilot () gmail com>
Date: Mon, 11 Dec 2006 20:02:37 +0000
Hi,

I had also thought about Raw sockets, since it would be a good feature
to add to NSE, but had encountered pretty much the same problems when
it comes to writting a non_blocking implementation. At the time, I had
written a quick and dirty wrapper for libnet and a sniffer, which I
still use from time to time, but which does not scale at all. Writing
support for libdnet should not be a problem, by reusing functions in
tcpip.cc, but as you said, listening will not be easy.
I am not good with Lua, but could coroutine do the job ? Or are they
not thread enough ?

Fred



Hi!

I was thinking about raw sockets in Diman's NSE.

Unfortunately there are some architectural problems.

As for today NSE is using only NSOCK and only function
that is blocking in NSE is "nsock_loop".

In case of adding raw sockets we'll have to add support for:
        - creating raw packets (libdnet?)
        - capturing packets (libpcap)

We would need to listen to both nsock and pcap descriptors.

And here the problem comes. How to listen in the same
time for two blocking mechanisms nsock_loop and pcap_dispatch.

Solutions I can think about:
- modify nsock and support listening to pcap in nsock_loop
  (I personally don't like this solution. I think that nsock
   shouldn't be changed if possible.)
- run two threads of nmap. in one thread listen to nsock
  in other listen to pcap.
  (probably there will be huge compatibility problems with threads
   and synchronization)
- set some custom flags on pcap descriptor and when
  packet comes signal SIGIO will be triggered.
  In signal handler do something to get out from nsock_loop function.
  (this solution is also very os-dependant and some changes to nsock
   will be needed)
- check for pcap events after nsock_loop() leaves after some time.
  (some packets can be lost while nsock_loop() is working)
- extract socket descriptors from nsock and run select() on them and on pcap by hand.
  (there will be complications with NSE_TYPE_TIMER events)

Anyone has idea?

Cheers!!
   Marek Majkowski






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: