summaryrefslogtreecommitdiffstats
path: root/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'main.c')
-rw-r--r--main.c85
1 files changed, 51 insertions, 34 deletions
diff --git a/main.c b/main.c
index 2546712..bdcc30b 100644
--- a/main.c
+++ b/main.c
@@ -28,7 +28,7 @@
" -f Exclude sent packets from -e PCAP output They're all the same with different dst IPs.\n" \
" -h Show this help and exit.\n" \
" -k Increment IP addresses in reverse bit endianness (000 100 010 110 001 101 011 111).\n" \
-" -m Scans increasingly larger networks. Input networks are treated as /31. Use with -n.\n" \
+" -m Spiral-search around a single host given instead of networks. Use with -n.\n" \
" -n Stops scanning after provided number of working servers is found and reported.\n" \
" -p Set the source port number to use instead of a dynamically asigned one.\n" \
" -t Number of microseconds to wait between sent packets. (default & min. 1000 - 64 KB/s)\n" \
@@ -360,7 +360,9 @@ int main (int argc, char ** argv) {
int k = 0; /* little bitendian IP address inc: 10.0.0.0, 10.128.0.0, 10.64.0.0, 10.192.0.0 */
int targetnum = 0;
int workingnum = 0;
- int increasinglylarger = 0;
+ unsigned int spiralsearch = 0;
+ unsigned int spiralsearch_up = 0;
+ unsigned int spiralsearch_down = 0;
int t = 1000;
int w = 1000000;
int e = 0; /* whether to exclude sent packets in PCAP - they're all the same */
@@ -408,7 +410,7 @@ int main (int argc, char ** argv) {
k++;
break;
case 'm':
- increasinglylarger++;
+ spiralsearch++;
break;
case 'n':
targetnum = atoi(optarg);
@@ -435,8 +437,8 @@ int main (int argc, char ** argv) {
r = 5;
goto r;
}
- if (increasinglylarger && l != 1) {
- fprintf(stderr, "-m option is set, max one network. :: " HELP, argv[0]);
+ if (spiralsearch && l != 1) {
+ fprintf(stderr, "-m option is set, max one host :: " HELP, argv[0]);
r = 6;
goto r;
}
@@ -444,8 +446,10 @@ int main (int argc, char ** argv) {
for (int i = e; i < argc; i++) {
int w = i-e;
n[w] = str2net(argv[i]);
- if (increasinglylarger)
- n[w].mask.s_addr = htonl(ntohl(INADDR_BROADCAST)&~1);
+ if (spiralsearch) {
+ n[w].mask.s_addr = INADDR_BROADCAST;
+ h = n[w];
+ }
}
goto o;
case '?':
@@ -504,10 +508,31 @@ o:
notfirst++;
if (getenv("DF_DEBUG"))
fprintf(stderr, "j = %lld, scanuntilhost = %ld\n", j, scanuntilhost);
- if ((h = host(n[i], j)).mask.s_addr != INADDR_BROADCAST ||
- (increasinglylarger && scanuntilhost != -1 && j >= scanuntilhost)) {
+ if (spiralsearch || (h = host(n[i], j)).mask.s_addr != INADDR_BROADCAST) {
k:
- if (increasinglylarger ? (n[0].mask.s_addr == INADDR_ANY) : (++i >= l)) {
+ if (spiralsearch) {
+ if (spiralsearch < 10) /* this indicates we haven't yet */
+ spiralsearch = 10; /* scanned given ip itself */
+ else {
+ if (spiralsearch_down == UINT32_MAX
+ && spiralsearch_up == UINT32_MAX)
+ goto finished_sending;
+ if ((spiralsearch_up <= spiralsearch_down
+ && spiralsearch_up != UINT32_MAX)
+ || spiralsearch_down == UINT32_MAX) {
+ h.addr.s_addr = htonl(ntohl(n[i].addr.s_addr)
+ + ++spiralsearch_up);
+ if (h.addr.s_addr == INADDR_BROADCAST)
+ spiralsearch_up = UINT32_MAX;
+ } else {
+ h.addr.s_addr = htonl(ntohl(n[i].addr.s_addr)
+ - ++spiralsearch_down);
+ if (!h.addr.s_addr)
+ spiralsearch_down = UINT32_MAX;
+ }
+ }
+ } else if (++i >= l) {
+finished_sending:
fprintf(stderr, "finished sending, waiting for last replies\n");
if (clock_gettime(CLOCK_MONOTONIC, &lp) == -1) {
perror("clock_gettime(CLOCK_MONOTONIC, &z)");
@@ -516,20 +541,6 @@ k:
}
goto i;
} else {
- for (int ž = 0; increasinglylarger && ž < 31; ž++)
- if (ntohl(n[i].mask.s_addr) & 1 << ž) {
- n[i].mask.s_addr &= htonl(~(1 << ž));
- if (ntohl(n[i].addr.s_addr) & 1 << (ž)) {
- scanuntilhost = 1 << ž;
- n[i].addr.s_addr &= n[i].mask.s_addr; /* 0 */
- } else {
- n[i].addr.s_addr |= htonl((1 << (ž))-1);
- scanuntilhost = -1; /* until end */
- }
- break;
- }
- fprintf(stderr, "increasing scanning net: %s", inet_ntoa(n[i].addr));
- fprintf(stderr, "/%s t: %ld\n", inet_ntoa(n[i].mask), scanuntilhost);
j = localnumber(n[i]);
h = host(n[i], j);
}
@@ -660,16 +671,22 @@ i:
r:
if (!r && notfirst) { /* TODO: tell EXACT packets that were sent before termination. */
char * x = alloca(l*31+strlen("SCANNED \n0")+strlen("WORKINGNUM aaaaaaaaaaaaaaaa"));
- strcpy(x, "SCANNED "); /* if scan term, only networks be4 */
- for (int m = 0; m < (finish ? i : l); m++) { /* network at which scan was */
- strcat(x, inet_ntoa(n[m].addr)); /* terminated are reported to be */
- strcat(x, "/"); /* scanned, not mentioning the */
- strcat(x, inet_ntoa(n[m].mask)); /* part of the last not mentioned */
- strcat(x, " "); /* network that was scanned. */
- } /* this may lead to statistical */
- sprintf(x+strlen(x), "\nWORKINGNUM %d\n", workingnum); /* issues cause it'd appear */
- write(STDIN_FILENO, x, strlen(x)); /* as if we received packets from */
- } /* hosts we haven't queried yet. */
+ if (spiralsearch) {
+ strcpy(x, "SPIRALSEARCH ");
+ strcat(x, inet_ntoa(n[0].addr));
+ strcat(x, " ");
+ } else {
+ strcpy(x, "SCANNED ");
+ for (int m = 0; m < (finish ? i : l); m++) {
+ strcat(x, inet_ntoa(n[m].addr));
+ strcat(x, "/");
+ strcat(x, inet_ntoa(n[m].mask));
+ strcat(x, " ");
+ }
+ }
+ sprintf(x+strlen(x), "\nWORKINGNUM %d\n", workingnum);
+ write(STDIN_FILENO, x, strlen(x));
+ }
if (s != -1)
if (close(s))
perror("close(s)");