OpenVAS Scanner 23.23.1
nasl_socket.c File Reference

The NASL socket API. More...

#include "nasl_socket.h"
#include "../misc/network.h"
#include "../misc/pcap_openvas.h"
#include "../misc/plugutils.h"
#include "../misc/support.h"
#include "exec.h"
#include "nasl.h"
#include "nasl_debug.h"
#include "nasl_func.h"
#include "nasl_global_ctxt.h"
#include "nasl_lex_ctxt.h"
#include "nasl_packet_forgery.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <gnutls/gnutls.h>
#include <gvm/base/logging.h>
#include <gvm/base/networking.h>
#include <gvm/base/prefs.h>
#include <net/if.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <unistd.h>

Data Structures

struct  udp_record
struct  jmg

Macros

#define EADDRNOTAVAIL   EADDRINUSE
#define G_LOG_DOMAIN   "lib nasl"
 GLib logging domain.

Functions

static int unblock_socket (int soc)
static int block_socket (int soc)
static void wait_before_next_probe ()
static int add_udp_data (struct script_infos *script_infos, int soc, char *data, int len)
static char * get_udp_data (struct script_infos *script_infos, int soc, int *len)
static void rm_udp_data (struct script_infos *script_infos, int soc)
static tree_cellnasl_open_privileged_socket (lex_ctxt *lexic, int proto)
tree_cellnasl_open_priv_sock_tcp (lex_ctxt *lexic)
tree_cellnasl_open_priv_sock_udp (lex_ctxt *lexic)
tree_cellnasl_open_sock_tcp_bufsz (lex_ctxt *lexic, int bufsz)
tree_cellnasl_open_sock_tcp (lex_ctxt *lexic)
 Open a TCP socket to the target host.
tree_cellnasl_open_sock_udp (lex_ctxt *lexic)
tree_cellnasl_socket_negotiate_ssl (lex_ctxt *lexic)
tree_cellnasl_socket_check_ssl_safe_renegotiation (lex_ctxt *lexic)
 Check if Secure Renegotiation is supported in the server side.
tree_cellnasl_socket_ssl_do_handshake (lex_ctxt *lexic)
 Do a re-handshake of the TLS/SSL protocol.
tree_cellnasl_socket_get_cert (lex_ctxt *lexic)
tree_cellnasl_socket_get_ssl_session_id (lex_ctxt *lexic)
tree_cellnasl_socket_get_ssl_version (lex_ctxt *lexic)
tree_cellnasl_socket_get_ssl_ciphersuite (lex_ctxt *lexic)
tree_cellnasl_recv (lex_ctxt *lexic)
tree_cellnasl_recv_line (lex_ctxt *lexic)
static int get_mtu (struct in6_addr *dst)
static int get_udp_payload_size (struct in6_addr *dst)
tree_cellnasl_get_mtu (lex_ctxt *lexic)
tree_cellnasl_send (lex_ctxt *lexic)
tree_cellnasl_close_socket (lex_ctxt *lexic)
tree_cellnasl_join_multicast_group (lex_ctxt *lexic)
tree_cellnasl_leave_multicast_group (lex_ctxt *lexic)
tree_cellnasl_get_source_port (lex_ctxt *lexic)
tree_cellnasl_socket_get_error (lex_ctxt *lexic)
tree_cellnasl_get_sock_info (lex_ctxt *lexic)
 Get info pertaining to a socket.
tree_cellnasl_socket_cert_verify (lex_ctxt *lexic)
 Verify a certificate.

Variables

int lowest_socket = 0
static struct jmgjmg_desc = NULL
static int jmg_max = 0

Detailed Description

The NASL socket API.

This file contains all the functions related to the handling of the sockets within a NASL script - for example the implementation of the NASL built-ins open_sock_tcp, send, recv, recv_line, and close.

Macro Definition Documentation

◆ EADDRNOTAVAIL

#define EADDRNOTAVAIL   EADDRINUSE

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib nasl"

GLib logging domain.

Function Documentation

◆ add_udp_data()

int add_udp_data ( struct script_infos * script_infos,
int soc,
char * data,
int len )
static

◆ block_socket()

int block_socket ( int soc)
static

◆ get_mtu()

int get_mtu ( struct in6_addr * dst)
static

◆ get_udp_data()

char * get_udp_data ( struct script_infos * script_infos,
int soc,
int * len )
static

◆ get_udp_payload_size()

int get_udp_payload_size ( struct in6_addr * dst)
static

◆ nasl_close_socket()

tree_cell * nasl_close_socket ( lex_ctxt * lexic)

◆ nasl_get_mtu()

tree_cell * nasl_get_mtu ( lex_ctxt * lexic)

◆ nasl_get_sock_info()

tree_cell * nasl_get_sock_info ( lex_ctxt * lexic)

Get info pertaining to a socket.

NASL Function: get_sock_info\n

This function is used to retrieve various information about an active socket. It requires the NASL socket number and a string to select the information to retrieve.

Supported keywords are:

  • dport Return the destination port. This is an integer. NOTE: Not yet implemented.
  • sport Return the source port. This is an integer. NOTE: Not yet implemented.
  • encaps Return the encapsulation of the socket. Example output: "TLScustom".
  • tls-proto Return a string with the actual TLS protocol in use. n/a" is returned if no SSL/TLS session is active. Example output: "TLSv1". - @a tls-kx Return a string describing the key exchange algorithm. Example output: "RSA". - @a tls-certtype Return the type of the certificate in use by the session. Example output: "X.509" - @a tls-cipher Return the cipher algorithm in use by the session; Example output: "AES-256-CBC". - @a tls-mac Return the message authentication algorithms used by the session. Example output: "SHA1". - @a tls-auth Return the peer's authentication type. Example output: "CERT".
  • tls-cert Return the peer's certificates for an SSL or TLS connection. This is an array of binary strings or NULL if no certificate is known.
NASL Unnamed Parameters:\n
  • A NASL socket
  • A string keyword; see above.
NASL Named Parameters:\n
  • asstring If true return a human readable string instead of an integer. Used only with these keywords: encaps.
NASL Returns:\n An integer or a string or NULL on error.
Parameters
[in]lexicLexical context of the NASL interpreter.
Returns
A tree cell.

◆ nasl_get_source_port()

tree_cell * nasl_get_source_port ( lex_ctxt * lexic)

◆ nasl_join_multicast_group()

tree_cell * nasl_join_multicast_group ( lex_ctxt * lexic)

◆ nasl_leave_multicast_group()

tree_cell * nasl_leave_multicast_group ( lex_ctxt * lexic)

◆ nasl_open_priv_sock_tcp()

tree_cell * nasl_open_priv_sock_tcp ( lex_ctxt * lexic)

◆ nasl_open_priv_sock_udp()

tree_cell * nasl_open_priv_sock_udp ( lex_ctxt * lexic)

◆ nasl_open_privileged_socket()

tree_cell * nasl_open_privileged_socket ( lex_ctxt * lexic,
int proto )
static

◆ nasl_open_sock_tcp()

tree_cell * nasl_open_sock_tcp ( lex_ctxt * lexic)

Open a TCP socket to the target host.

NASL Function: open_sock_tcp\n

This function is used to create a TCP connection to the target host. It requires the port number as its argument and has various optional named arguments to control encapsulation, timeout and buffering.

NASL Unnamed Parameters:\n
  • A non-negative integer with the TCP port number.
NASL Named Parameters:\n
  • bufsz An integer with the the size buffer size. Note that by default, no buffering is used.
  • timeout An integer with the timeout value in seconds. The default timeout is controlled by a global value.
  • transport One of the ENCAPS_* constants to force a specific encapsulation mode or force trying of all modes (ENCAPS_AUTO). This is for example useful to select a specific TLS or SSL version or use specific TLS connection setup priorities. See get_port_transport for a description of the ENCAPS constants.
  • priority A string value with priorities for an TLS encapsulation. For the syntax of the priority string see the GNUTLS manual. This argument is only used in ENCAPS_TLScustom encapsulation.
NASL Returns:\n A positive integer as a NASL socket, 0 on connection error or
NULL on other errors.
Parameters
[in]lexicLexical context of the NASL interpreter.
Returns
A tree cell.

◆ nasl_open_sock_tcp_bufsz()

tree_cell * nasl_open_sock_tcp_bufsz ( lex_ctxt * lexic,
int bufsz )

◆ nasl_open_sock_udp()

tree_cell * nasl_open_sock_udp ( lex_ctxt * lexic)

◆ nasl_recv()

tree_cell * nasl_recv ( lex_ctxt * lexic)

◆ nasl_recv_line()

tree_cell * nasl_recv_line ( lex_ctxt * lexic)

◆ nasl_send()

tree_cell * nasl_send ( lex_ctxt * lexic)

◆ nasl_socket_cert_verify()

tree_cell * nasl_socket_cert_verify ( lex_ctxt * lexic)

Verify a certificate.

NASL Function: socket_cert_verify\n

This function is used to retrieve and verify a certificate from an active socket. It requires the NASL socket number.

NASL Named Parameters:\n
  • socket A NASL socket.
NASL Returns:\n 0 in case of successful verification. A positive integer in
case of a verification error or NULL on other errors.
Parameters
[in]lexicLexical context of the NASL interpreter.
Returns
A tree cell.

◆ nasl_socket_check_ssl_safe_renegotiation()

tree_cell * nasl_socket_check_ssl_safe_renegotiation ( lex_ctxt * lexic)

Check if Secure Renegotiation is supported in the server side.

NASL Function: socket_check_ssl_safe_renegotiation\n
NASL Named Parameters:\n
  • socket An already stablished ssl/tls session.
NASL Returns:\n An 1 if supported, 0 otherwise. Null or -1 on error.

◆ nasl_socket_get_cert()

tree_cell * nasl_socket_get_cert ( lex_ctxt * lexic)

◆ nasl_socket_get_error()

tree_cell * nasl_socket_get_error ( lex_ctxt * lexic)

◆ nasl_socket_get_ssl_ciphersuite()

tree_cell * nasl_socket_get_ssl_ciphersuite ( lex_ctxt * lexic)

◆ nasl_socket_get_ssl_session_id()

tree_cell * nasl_socket_get_ssl_session_id ( lex_ctxt * lexic)

◆ nasl_socket_get_ssl_version()

tree_cell * nasl_socket_get_ssl_version ( lex_ctxt * lexic)

◆ nasl_socket_negotiate_ssl()

tree_cell * nasl_socket_negotiate_ssl ( lex_ctxt * lexic)

◆ nasl_socket_ssl_do_handshake()

tree_cell * nasl_socket_ssl_do_handshake ( lex_ctxt * lexic)

Do a re-handshake of the TLS/SSL protocol.

NASL Function: socket_ssl_do_handshake\n
NASL Named Parameters:\n
  • socket An already stablished TLS/SSL session.
NASL Returns:\n An 1 on success, less than 0 on handshake error.
Null on nasl error.
Parameters
[in]lexicLexical context of NASL interpreter.

◆ rm_udp_data()

void rm_udp_data ( struct script_infos * script_infos,
int soc )
static

◆ unblock_socket()

int unblock_socket ( int soc)
static

◆ wait_before_next_probe()

void wait_before_next_probe ( )
static

Variable Documentation

◆ jmg_desc

struct jmg * jmg_desc = NULL
static

◆ jmg_max

int jmg_max = 0
static

◆ lowest_socket

int lowest_socket = 0