Fix VPN Issues, ARP Interface Bug and IPv6 Trouble

[pilsnerfrajz]

Fix VPN Issues, ARP Interface Bug and IPv6 Trouble

When troubleshooting the VPN problems, multiple issues were found and fixed. This PR

• Fixes VPN issues related to packet processing during port scanning
• Fixes an error in the IPv6 pseudo header causing incorrect checksum calculations, which led to routing issues and packet drops
• Fixes IPv6 port scanning and related tests
• Fixes an ARP bug related to interface selection on Linux

Closes #14, closes #15.

VPN

It seems that VPN routing was never really an issue, but instead the processing of the packets. The encapsulation of VPN packets was not accounted for properly during packet parsing, but this now works correctly on both macOS and Linux. This also fixed an issue where null bytes are skipped, which was not necessary on Linux.

When using VPN, there are some issues in detecting SYN-ACKs. The current fix is to detect the ACK-response from the target, following the RST packet from the scanner if a port is open. There should not be any ACKs if the port is closed.

Scanner       SYN ->    Target
Scanner  <- SYN-ACK  	Target (Ideal case)
Scanner	      RST   ->  Target
Scanner    <- ACK 	 	Target (VPN case)

IPv6 was not enabled in my VPN settings which contributed to the difficulties in troubleshooting the problems.

File Changes

• src/syn_scan.c
  • Make Linux kernel add the IPv6 header when sending TCP packets. This was previously not automatically included. Not needed on macOS
  • Update pcap filter based on the address family of the target
  • Rewrite packet parser as it did not trigger when using VPN
  • Add check for TCP ACKs in the packet processing to support VPN
  • Add platform specific parse value

IPv6 Pseudo Header

IPv6 was not enabled in my VPN settings which made routing to external hosts impossible. There was also an issue in the structure of the IPv6 pseudo header, leading to incorrect checksum calculations. A field was removed and the next field was changed from 1 to 4 bytes. The checksum issues would cause targets to drop packets and even screw up routing.

File Changes

• src/ping.c
  • Remove zero-field and add missing htonl() to pack bits correctly.
• include/headers.h
  • Remove incorrect zero-field
  • Update next field type from u_int8_t to u_int32_t

IPv6 Port Scan and Testing

The above changes, fixed the issues with IPv6 port scanning on external hosts. Now a test is added to check for open ports on the IPv6 version of scanme.nmap.org. This IP was also added to the ICMPv6 test, as the previous IP had changed, failing the test.

File Changes

• tests/syn_scan_test.c and tests/ping_test.c
  • Update tests to ping and scan ports on external IPv6 host

ARP Interfaces

When investigating the VPN issues, errors in ARP requests were detected on Linux. Depending on the order the interfaces were parsed, the previous code sometimes did not find any interface to send ARP frames on. The new code parses all available interfaces and then selects a suitable one if available.

File Changes

• src/arp.c
  • Add struct to store interface information
  • Add loop through all interfaces to check IP, subnet mask and MAC address
  • Add second loop to check for suitable interface

Testing

Ensure IPv6 is enabled in VPN settings. make test now passes every test assuming the targets are up.