fix udp v6 forgery and add examples

greenbone · Dec 17, 2024 · ee83e30 · ee83e30
1 parent a028783
commit ee83e30
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 11 deletions.
diff --git a/rust/examples/forge_tcp_v6.nasl b/rust/examples/forge_tcp_v6.nasl
@@ -7,7 +7,7 @@
 #    sudo openvas-nasl -X -d -i $PLUGINSPATH ~/my_nasl/forge_tcp_v6.nasl -t 5858::2
 #    sudo target/debug/scannerctl execute script ~/my_nasl/forge_tcp_v6.nasl -t 5858::2
 #
-# Set the correct IPv6 addresses and routes in the origin and destination hosts with the right address on each.
+# Set the correct IPv6 addresses and routes in the orgin and destination hosts with the right address on each.
 #    sudo ip addr add 5858::1/64 dev wlp6s0 
 #    sudo ip -6 route add 5858::1 dev wlp6s0 
 

diff --git a/rust/examples/packet_forgery_udp_v6.nasl b/rust/examples/packet_forgery_udp_v6.nasl
@@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2023 Greenbone AG
+#
+# SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception
+
+IP6_HLIM = 128;
+
+src = "5858::1";
+dst = "5858::2";
+
+ip6 = forge_ip_v6_packet( ip6_v: 6, # IP6_v,
+                         ip6_p: IPPROTO_UDP, #0x11
+                         ip6_plen:40,
+                         ip6_hlim:IP6_HLIM,
+                         ip6_src: src,
+                         ip6_dst: dst);
+
+dump_ip_v6_packet (ip6);
+
+udp6_packet = forge_udp_v6_packet(ip: ip6,
+                              uh_sport: 5080,
+                              uh_dport: 80,
+                              uh_len:   12,
+                              th_sum:   0,
+			      data: "1234");
+display(get_udp_v6_element(udp:udp6_packet, element:"uh_sport"));
+udp6_packet = set_udp_v6_elements(udp: udp6_packet, uh_sport: 33000);
+display(get_udp_v6_element(udp:udp6_packet, element:"uh_sport"));
+
+dump_ip_v6_packet (udp6_packet);
+
+send_v6packet(udp6_packet);
diff --git a/rust/src/nasl/builtin/raw_ip/packet_forgery.rs b/rust/src/nasl/builtin/raw_ip/packet_forgery.rs
@@ -3116,7 +3116,7 @@ fn insert_tcp_v6_options(register: &Register, _configs: &Context) -> Result<Nasl
     ori_tcp = packet::tcp::MutableTcpPacket::new(&mut new_buf)
         .ok_or_else(|| error("No possible to create a packet from buffer".to_string()))?;
 
-    // At this point, opts len is a 4bytes multiple and the ofset is expressed in 32bits words
+    // At this point, opts len is a 4bytes multiple and the offset is expressed in 32bits words
     ori_tcp.set_data_offset(5 + opts_len as u8 / 4);
     if !opts.is_empty() {
         ori_tcp.set_options(&opts);
@@ -3392,15 +3392,16 @@ fn set_udp_v6_elements(register: &Register) -> Result<NaslValue, FnError> {
     let chksum = match register.named("uh_sum") {
         Some(ContextType::Value(NaslValue::Number(x))) if *x != 0 => (*x as u16).to_be(),
         _ => {
-            let pkt = packet::ipv6::Ipv6Packet::new(&buf)
-                .ok_or_else(|| error("No possible to create a packet from buffer".to_string()))?;
-            let udp_aux = UdpPacket::new(ori_udp.packet())
-                .ok_or_else(|| error("No possible to create a packet from buffer".to_string()))?;
+            let pkt = packet::ipv6::Ipv6Packet::new(&buf).ok_or_else(|| {
+                error("No possible to create an IPv6 segment from buffer".to_string())
+            })?;
+            let udp_aux = UdpPacket::new(ori_udp.packet()).ok_or_else(|| {
+                error("No possible to create an UDP datagram from buffer".to_string())
+            })?;
             pnet::packet::udp::ipv6_checksum(&udp_aux, &pkt.get_source(), &pkt.get_destination())
         }
     };
     ori_udp.set_checksum(chksum);
-
     // Create a owned copy of the final udp segment, which will be appended as payload to the IP packet.
     let mut fin_udp_buf: Vec<u8> = vec![0u8; udp_total_length];
     let buf_aux = <&[u8]>::clone(&ori_udp.packet()).to_owned();
@@ -3409,13 +3410,18 @@ fn set_udp_v6_elements(register: &Register) -> Result<NaslValue, FnError> {
     // Create a new IP packet with the original IP header, and the new UDP payload
     let mut new_ip_buf = vec![0u8; iph_len];
     //new_ip_buf[..].copy_from_slice(&buf[..iph_len]);
-    safe_copy_from_slice(&mut new_ip_buf[..], 0, iph_len, &buf, 0, iph_len)?;
-    new_ip_buf.append(&mut fin_udp_buf.to_vec());
+    safe_copy_from_slice(
+        &mut new_ip_buf[..],
+        0,
+        buf.len() - 1,
+        &buf,
+        0,
+        buf.len() - 1,
+    )?;
 
-    let l = new_ip_buf.len();
+    let l = fin_udp_buf.len();
     let mut pkt = packet::ipv6::MutableIpv6Packet::new(&mut new_ip_buf)
         .ok_or_else(|| error("No possible to create a packet from buffer".to_string()))?;
-
     pkt.set_payload_length(l as u16);
     pkt.set_payload(&fin_udp_buf);