Handle non-local source IPs better

Author: sfan5

README.md

@@ -16,8 +16,8 @@ Building fi6s is fairly easy on any recent Linux system, e.g. on Ubuntu:
 
 The scanner executable will be ready at `./fi6s`.
 
-Note that fi6s is developed and tested solely on Linux. It *should* work on other
-UNIX-like platforms, but don't expect it to run on Windows.
+Note that fi6s is developed and tested solely on Linux. Other UNIX-like platforms
+*should* work, but not Windows.
 
 ## Usage
 
@@ -66,7 +66,7 @@ It would typically send RST frames in this case.
 By default fi6s will ask the OS to reserve an ephemeral port and use it for the
 duration of the scan. This only works on Linux.
 
-If this doesn't work or you are on a different platform you will have to use a static
+*If this doesn't work* or you are on a different platform you will have to set a
 source port and configure your firewall to drop traffic on this port, e.g.:
 
 	# ip6tables -A INPUT -p tcp -m tcp --dport 12345 -j DROP
@@ -102,4 +102,5 @@ This means fi6s may not perform as expected or outright not work if:
 * your network has consistent packet loss
 
 For banner collection note that fi6s does not come with anything resembling a real TCP
-stack. It merely supports sending one query and reading response data that follows. Resends are not implemented.
+stack. It merely supports sending one query and reading response data that follows.
+Resends or window logic are not implemented.

src/main.c

@@ -396,34 +396,46 @@ int main(int argc, char *argv[])
 			}
 		}
 
-		rawsock_eth_settings(source_mac, router_mac);
-		rawsock_ip_settings(source_addr, ttl);
-
 		// Handle --source-port: auto-detection, reservation, errors
-		if (r == 0) {
-			const bool mandatory = banners && ip_type == IP_TYPE_TCP;
-			const bool useful = mandatory || (banners && ip_type == IP_TYPE_UDP);
+		const bool port_mandatory = banners && ip_type == IP_TYPE_TCP;
+		if (r == 0 && rawsock_islocal(source_addr) == 0) {
+			// We're using an unassigned IP, pick any random port. No need to
+			// reserve it or care about the OS.
+			if (port_mandatory && source_port == -1) {
+				source_port = 25000 + rand() % 40000;
+				log_raw("Using random source port: %d", source_port);
+			}
+		} else if (r == 0) {
+			const bool port_useful = banners && ip_type == IP_TYPE_UDP;
 			bool auto_failed = false;
 
-			if (mandatory || useful) {
+			if (port_mandatory || port_useful) {
 				int tmp = rawsock_reserve_port(source_addr, ip_type, source_port == -1 ? 0 : source_port);
 				if (tmp >= 0) {
-					log_debug("reserved source port: %d", tmp);
 					source_port = tmp;
+					if (port_mandatory)
+						log_raw("Using reserved source port: %d", source_port);
+					else
+						log_debug("Using reserved source port: %d", source_port);
 				} else {
 					auto_failed = tmp == -1;
 				}
 			}
 
 			assert(source_port != 0);
-			if (mandatory && source_port == -1) {
+			if (port_mandatory && source_port == -1) {
 				log_raw("A source port is required but was not given%s.",
 					auto_failed ? " (automatic reservation failed)" : "");
 				r = 1;
+			} else if (auto_failed) {
+				// assume the user knows what he's doing
+				log_debug("automatic port reservation failed");
 			}
 		}
 
 		if (r == 0) {
+			rawsock_eth_settings(source_mac, router_mac);
+			rawsock_ip_settings(source_addr, ttl);
 			scan_set_general(&ports, max_rate, show_closed, banners);
 			scan_set_network(source_addr, source_port, ip_type);
 			scan_set_output(outfile, outdef);

src/rawsock-routes.c

@@ -44,7 +44,7 @@ int rawsock_getdev(char **out_dev)
 		if(!(d->flags & PCAP_IF_UP))
 			continue;
 		for(pcap_addr_t *a = d->addresses; a; a = a->next) {
-			if(((struct sockaddr*)a->addr)->sa_family != AF_INET6)
+			if(a->addr->sa_family != AF_INET6)
 				continue;
 			struct sockaddr_in6 *inaddr = (struct sockaddr_in6*) a->addr;
 			// Exclude link-local fe80::
@@ -301,6 +301,36 @@ int rawsock_getsrcip(const struct sockaddr_in6 *dest, const char *interface, uin
 	return ret;
 }
 
+int rawsock_islocal(const uint8_t *ip)
+{
+	char errbuf[PCAP_ERRBUF_SIZE];
+	pcap_if_t *alldevs, *d;
+
+	if(pcap_findalldevs(&alldevs, errbuf) != 0) {
+		log_debug("pcap_findalldevs: %s", errbuf);
+		return -1;
+	}
+
+	int ret = 0;
+	for(d = alldevs; d; d = d->next) {
+		if(!(d->flags & PCAP_IF_UP))
+			continue;
+		for(pcap_addr_t *a = d->addresses; a; a = a->next) {
+			if(a->addr->sa_family != AF_INET6)
+				continue;
+			struct sockaddr_in6 *inaddr = (struct sockaddr_in6*) a->addr;
+			if(!memcmp(inaddr->sin6_addr.s6_addr, ip, 16)) {
+				ret = 1;
+				goto found;
+			}
+		}
+	}
+
+found:
+	pcap_freealldevs(alldevs);
+	return ret;
+}
+
 int rawsock_reserve_port(const uint8_t *addr, int type, int port)
 {
 #ifdef __linux__

src/rawsock.h

@@ -74,6 +74,8 @@ int rawsock_getmac(const char *dev, uint8_t *mac); // MAC of the adapter/intf
 int rawsock_getgw(const char *dev, uint8_t *mac); // MAC of the default router/gateway
 // advice: 0=quiet, 1=default route, 2=specific IP
 int rawsock_getsrcip(const struct sockaddr_in6 *dest, const char *interface, uint8_t *ip, int advice);
+/// @return 1 if IP is local to this host, 0 if not, -1 if error
+int rawsock_islocal(const uint8_t *ip);
 /**
  * Reserve a local port on the specified IP for the rest of the program lifetime.
  * The effect should be that the kernel ignores any packets to this tuple.