fix: syn.scanner now uses a dedicated pcap handle to prevent deadlocks and improve performances

2025-07-16 10:03:39 -07:00 · 2019-04-21 20:37:41 +02:00 · 2019-04-21 20:37:41 +02:00 · cd249687da
commit cd249687da
parent 8257d25ff3
4 changed files with 87 additions and 80 deletions
--- a/modules/syn_scan/syn_scan.go
+++ b/modules/syn_scan/syn_scan.go
@ -3,7 +3,6 @@ package syn_scan
 import (
 	"fmt"
 	"net"
 	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"
@ -11,10 +10,10 @@ import (
 	"github.com/bettercap/bettercap/packets"
 	"github.com/bettercap/bettercap/session"
 	"github.com/malfunkt/iprange"
 	"github.com/evilsocket/islazy/async"
-	"github.com/evilsocket/islazy/str"
+
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/pcap"
 )
 const synSourcePort = 666
@ -33,6 +32,8 @@ type SynScanner struct {
 	addresses     []net.IP
 	startPort     int
 	endPort       int
 	handle        *pcap.Handle
 	packets       chan gopacket.Packet
 	progressEvery time.Duration
 	stats         synScannerStats
 	waitGroup     *sync.WaitGroup
@ -97,44 +98,6 @@ func NewSynScanner(s *session.Session) *SynScanner {
 	return mod
 }
 func (mod *SynScanner) parseTargets(arg string) error {
 	if list, err := iprange.Parse(arg); err != nil {
 		return fmt.Errorf("error while parsing IP range '%s': %s", arg, err)
 	} else {
 		mod.addresses = list.Expand()
 	}
 	return nil
 }
 func (mod *SynScanner) parsePorts(args []string) (err error) {
 	argc := len(args)
 	mod.stats.totProbes = 0
 	mod.stats.doneProbes = 0
 	mod.startPort = 1
 	mod.endPort = 65535
 	if argc > 1 && str.Trim(args[1]) != "" {
 		if mod.startPort, err = strconv.Atoi(str.Trim(args[1])); err != nil {
 			return fmt.Errorf("invalid start port %s: %s", args[1], err)
 		} else if mod.startPort > 65535 {
 			mod.startPort = 65535
 		}
 		mod.endPort = mod.startPort
 	}
 	if argc > 2 && str.Trim(args[2]) != "" {
 		if mod.endPort, err = strconv.Atoi(str.Trim(args[2])); err != nil {
 			return fmt.Errorf("invalid end port %s: %s", args[2], err)
 		}
 	}
 	if mod.endPort < mod.startPort {
 		return fmt.Errorf("end port %d is greater than start port %d", mod.endPort, mod.startPort)
 	}
 	return
 }
 func (mod *SynScanner) Name() string {
 	return "syn.scan"
 }
@ -147,7 +110,14 @@ func (mod *SynScanner) Author() string {
 	return "Simone Margaritelli <evilsocket@gmail.com>"
 }
-func (mod *SynScanner) Configure() error {
+func (mod *SynScanner) Configure() (err error) {
 	if mod.Running() {
 		return session.ErrAlreadyStarted(mod.Name())
 	} else if mod.handle, err = pcap.OpenLive(mod.Session.Interface.Name(), 65536, true, pcap.BlockForever); err != nil {
 		return err
 	} else if err = mod.handle.SetBPFFilter(fmt.Sprintf("tcp dst port %d", synSourcePort)); err != nil {
 		return err
 	}
 	return nil
 }
@ -180,10 +150,12 @@ func (mod *SynScanner) showProgress() error {
 func (mod *SynScanner) Stop() error {
 	mod.Info("stopping ...")
 	return mod.SetRunning(false, func() {
 		mod.packets <- nil
 		mod.waitGroup.Wait()
 		mod.showProgress()
 		mod.addresses = []net.IP{}
 		mod.State.Store("progress", 0.0)
 		mod.State.Store("scanning", &mod.addresses)
 	})
 }
@ -219,15 +191,22 @@ func (mod *SynScanner) scanWorker(job async.Job) {
 }
 func (mod *SynScanner) synScan() error {
 	if err := mod.Configure(); err != nil {
 		return err
 	}
 	mod.SetRunning(true, func() {
 		mod.waitGroup.Add(1)
 		defer mod.waitGroup.Done()
 		defer mod.SetRunning(false, func() {
 			mod.addresses = []net.IP{}
 			mod.State.Store("progress", 0.0)
 			mod.State.Store("scanning", &mod.addresses)
 			mod.packets <- nil
 			mod.handle.Close()
 		})
 		mod.waitGroup.Add(1)
 		defer mod.waitGroup.Done()
 		mod.stats.openPorts = 0
 		mod.stats.numPorts = uint64(mod.endPort - mod.startPort + 1)
 		mod.stats.started = time.Now()
@ -247,9 +226,20 @@ func (mod *SynScanner) synScan() error {
 		mod.State.Store("progress", 0.0)
-		// set the collector
+		// start the collector
-		mod.Session.Queue.OnPacket(mod.onPacket)
+		go func() {
-		defer mod.Session.Queue.OnPacket(nil)
+			mod.waitGroup.Add(1)
 			defer mod.waitGroup.Done()
 			src := gopacket.NewPacketSource(mod.handle, mod.handle.LinkType())
 			mod.packets = src.Packets()
 			for packet := range mod.packets {
 				if !mod.Running() {
 					break
 				}
 				mod.onPacket(packet)
 			}
 		}()
 		// start to show progress every second
 		go func() {
--- a/modules/syn_scan/syn_scan_parsers.go
+++ b/modules/syn_scan/syn_scan_parsers.go
@ -0,0 +1,47 @@
 package syn_scan
 import (
 	"fmt"
 	"strconv"
 	"github.com/evilsocket/islazy/str"
 	"github.com/malfunkt/iprange"
 )
 func (mod *SynScanner) parseTargets(arg string) error {
 	if list, err := iprange.Parse(arg); err != nil {
 		return fmt.Errorf("error while parsing IP range '%s': %s", arg, err)
 	} else {
 		mod.addresses = list.Expand()
 	}
 	return nil
 }
 func (mod *SynScanner) parsePorts(args []string) (err error) {
 	argc := len(args)
 	mod.stats.totProbes = 0
 	mod.stats.doneProbes = 0
 	mod.startPort = 1
 	mod.endPort = 65535
 	if argc > 1 && str.Trim(args[1]) != "" {
 		if mod.startPort, err = strconv.Atoi(str.Trim(args[1])); err != nil {
 			return fmt.Errorf("invalid start port %s: %s", args[1], err)
 		} else if mod.startPort > 65535 {
 			mod.startPort = 65535
 		}
 		mod.endPort = mod.startPort
 	}
 	if argc > 2 && str.Trim(args[2]) != "" {
 		if mod.endPort, err = strconv.Atoi(str.Trim(args[2])); err != nil {
 			return fmt.Errorf("invalid end port %s: %s", args[2], err)
 		}
 	}
 	if mod.endPort < mod.startPort {
 		return fmt.Errorf("end port %d is greater than start port %d", mod.endPort, mod.startPort)
 	}
 	return
 }
--- a/modules/syn_scan/syn_scan_reader.go
+++ b/modules/syn_scan/syn_scan_reader.go
@ -1,7 +1,6 @@
 package syn_scan
 import (
 	"net"
 	"sync/atomic"
 	"github.com/bettercap/bettercap/network"
@ -19,15 +18,6 @@ type OpenPort struct {
 	Port    int    `json:"port"`
 }
 func (mod *SynScanner) isAddressInRange(ip net.IP) bool {
 	for _, a := range mod.addresses {
 		if a.Equal(ip) {
 			return true
 		}
 	}
 	return false
 }
 func (mod *SynScanner) onPacket(pkt gopacket.Packet) {
 	var eth layers.Ethernet
 	var ip layers.IPv4
@ -46,7 +36,7 @@ func (mod *SynScanner) onPacket(pkt gopacket.Packet) {
 		return
 	}
-	if mod.isAddressInRange(ip.SrcIP) && tcp.DstPort == synSourcePort && tcp.SYN && tcp.ACK {
+	if tcp.DstPort == synSourcePort && tcp.SYN && tcp.ACK {
 		atomic.AddUint64(&mod.stats.openPorts, 1)
 		from := ip.SrcIP.String()
--- a/packets/queue.go
+++ b/packets/queue.go
@ -33,8 +33,6 @@ type Stats struct {
 	Errors      uint64 `json:"errors"`
 }
 type PacketCallback func(pkt gopacket.Packet)
 type Queue struct {
 	sync.RWMutex
@ -49,7 +47,6 @@ type Queue struct {
 	source     *gopacket.PacketSource
 	srcChannel chan gopacket.Packet
 	writes     *sync.WaitGroup
 	pktCb      PacketCallback
 	active     bool
 }
@ -69,7 +66,6 @@ func NewQueue(iface *network.Endpoint) (q *Queue, err error) {
 		writes: &sync.WaitGroup{},
 		iface:  iface,
 		active: !iface.IsMonitor(),
 		pktCb:  nil,
 	}
 	if q.active {
@ -107,21 +103,6 @@ func (q *Queue) MarshalJSON() ([]byte, error) {
 	return json.Marshal(doc)
 }
 func (q *Queue) OnPacket(cb PacketCallback) {
 	q.Lock()
 	defer q.Unlock()
 	q.pktCb = cb
 }
 func (q *Queue) onPacketCallback(pkt gopacket.Packet) {
 	q.RLock()
 	defer q.RUnlock()
 	if q.pktCb != nil {
 		q.pktCb(pkt)
 	}
 }
 func (q *Queue) trackProtocols(pkt gopacket.Packet) {
 	// gather protocols stats
 	pktLayers := pkt.Layers()
@ -206,7 +187,6 @@ func (q *Queue) worker() {
 		pktSize := uint64(len(pkt.Data()))
 		q.TrackPacket(pktSize)
 		q.onPacketCallback(pkt)
 		// decode eth and ipv4 layers
 		leth := pkt.Layer(layers.LayerTypeEthernet)