Change: Improve stop_denial. Test the host if still alive with boreas (…

…#1345) * Change: move heartbeat function to its own file * Change: Improve stop_denial. Test the host if still alive with boreas
greenbone · Mar 1, 2023 · d73cae3 · d73cae3
1 parent 7da584e
commit d73cae3
Show file tree

Hide file tree

Showing 6 changed files with 139 additions and 60 deletions.
diff --git a/misc/CMakeLists.txt b/misc/CMakeLists.txt
@@ -31,6 +31,7 @@ pkg_check_modules (GNUTLS REQUIRED gnutls>=3.6.4)
 
 pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.4)
 pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.4)
+pkg_check_modules (LIBGVM_BOREAS REQUIRED libgvm_boreas>=22.4)
 
 pkg_check_modules (OPENVAS_WMICLIENT libopenvas_wmiclient>=1.0.5)
 
@@ -87,7 +88,7 @@ include_directories (${GLIB_INCLUDE_DIRS} ${GLIB_JSON_INCLUDE_DIRS}
 
 set (FILES bpf_share.c ftp_funcs.c vendorversion.c network.c plugutils.c pcap.c
      scan_id.c strutils.c table_driven_lsc.c ipc.c ipc_openvas.c ipc_pipe.c
-     user_agent.c scanneraux.c kb_cache.c)
+     user_agent.c scanneraux.c kb_cache.c heartbeat.c)
 
 # On windows we are always PIC and stack-protector is replaces by DEP
 # Also stack protection needs a shared library to work
@@ -102,8 +103,10 @@ set_target_properties (openvas_misc_shared PROPERTIES CLEAN_DIRECT_OUTPUT 1)
 set_target_properties (openvas_misc_shared PROPERTIES SOVERSION "${PROJECT_VERSION_MAJOR}")
 set_target_properties (openvas_misc_shared PROPERTIES VERSION "${PROJECT_VERSION_STRING}")
 
-target_link_libraries (openvas_misc_shared LINK_PRIVATE ${GNUTLS_LDFLAGS} ${UUID_LDFLAGS}
-                       ${GLIB_LDFLAGS} ${GLIB_JSON_LDFLAGS} ${PCAP_LDFLAGS}
+target_link_libraries (openvas_misc_shared LINK_PRIVATE
+                       ${GNUTLS_LDFLAGS} ${UUID_LDFLAGS}
+                       ${GLIB_LDFLAGS} ${GLIB_JSON_LDFLAGS}
+                       ${PCAP_LDFLAGS} ${LIBGVM_BOREAS_LDFLAGS}
                        ${LINKER_HARDENING_FLAGS})
 
 if (OPENVAS_STATE_DIR)

diff --git a/misc/heartbeat.c b/misc/heartbeat.c
@@ -0,0 +1,92 @@
+/* Copyright (C) 2023 Greenbone Networks GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/**
+ * @file heartbeat.c
+ * @brief Function for heartbeat
+ */
+
+#include "../misc/heartbeat.h"
+
+#include "../misc/plugutils.h" /* for kb_item_set_int_with_main_kb_check */
+
+#include <gvm/base/prefs.h> /* for prefs_get() */
+#include <gvm/boreas/cli.h> /* for is_host_alive() */
+
+#undef G_LOG_DOMAIN
+/**
+ * @brief GLib log domain.
+ */
+#define G_LOG_DOMAIN "sd   main"
+
+/**
+ * @brief Check if the hosts is still alive and set it as dead if not.
+ *
+ * @param kb Host kb where the host is set as dead.
+ *
+ * @return 1 if considered alive, 0 if it is dead. -1 on error
+ * or option disabled.
+ */
+int
+check_host_still_alive (kb_t kb, const char *hostname)
+{
+  int is_alive = 0;
+  boreas_error_t alive_err;
+
+  /* Heartbeat will work only with boreas enabled. We check if we
+     have all what we need before running a heartbeat check. */
+  if (prefs_get_bool ("test_alive_hosts_only"))
+    {
+      const gchar *alive_test_str = prefs_get ("ALIVE_TEST");
+
+      /* Don't perform a hearbeat check if the host is always considered
+         alive or the alive test is not valid. */
+      if (!(alive_test_str
+            && atoi (alive_test_str) >= ALIVE_TEST_TCP_ACK_SERVICE
+            && atoi (alive_test_str) < 32 // max value for alive test combi.
+            && !((atoi (alive_test_str)) & ALIVE_TEST_CONSIDER_ALIVE)))
+        return -1;
+    }
+  else
+    {
+      g_warning ("%s: Trying to perform an alive test, but Boreas is not "
+                 "enabled. Heartbeat check for %s will not be performed",
+                 __func__, hostname);
+      return -1;
+    }
+
+  alive_err = is_host_alive (hostname, &is_alive);
+  if (alive_err)
+    {
+      g_warning ("%s: Heartbeat check failed for %s with error %d.", __func__,
+                 hostname, alive_err);
+      return -1;
+    }
+
+  if (is_alive == 0)
+    {
+      g_message ("%s: Heartbeat check was not successful. The host %s has"
+                 " been set as dead.",
+                 __func__, hostname);
+      kb_item_set_int_with_main_kb_check (kb, "Host/dead", 1);
+      return 0;
+    }
+
+  return 1;
+}
diff --git a/misc/heartbeat.h b/misc/heartbeat.h
@@ -0,0 +1,32 @@
+/* Copyright (C) 2023 Greenbone Networks GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/**
+ * @file heartbeat.h
+ * @brief heartbeat.c headerfile.
+ */
+
+#ifndef OPENVAS_HEARTBEAT_H
+#define OPENVAS_HEARTBEAT_H
+
+#include "../misc/scanneraux.h"
+
+int
+check_host_still_alive (kb_t, const char *);
+#endif
diff --git a/nasl/nasl_misc_funcs.c b/nasl/nasl_misc_funcs.c
@@ -24,6 +24,7 @@
 #include "nasl_misc_funcs.h"
 
 #include "../misc/ftp_funcs.h"     /* for ftp_log_in */
+#include "../misc/heartbeat.h"     /* plug_get_host_open_port */
 #include "../misc/network.h"       /* read_stream_connection_min */
 #include "../misc/plugutils.h"     /* plug_get_host_open_port */
 #include "../misc/vendorversion.h" /* for vendor_version_get */
@@ -245,6 +246,7 @@ nasl_end_denial (lex_ctxt *lexic)
   int soc;
   int to = lexic->recv_timeout;
   struct script_infos *script_infos = lexic->script_infos;
+  kb_t kb = plug_get_kb (script_infos);
   tree_cell *retc = NULL;
   char *bogus_data;
 
@@ -287,7 +289,12 @@ nasl_end_denial (lex_ctxt *lexic)
         }
     }
 
-  retc->x.i_val = 0;
+  // Services seem to not respond.
+  // Last test with boreas
+  if (check_host_still_alive (kb, plug_current_vhost ()) == 1)
+    retc->x.i_val = 1;
+  else
+    retc->x.i_val = 0;
   return retc;
 }
 

diff --git a/src/pluginlaunch.c b/src/pluginlaunch.c
@@ -25,6 +25,7 @@
 
 #include "pluginlaunch.h"
 
+#include "../misc/heartbeat.h" /* for check_host_still_alive */
 #include "../misc/network.h"
 #include "../misc/nvt_categories.h" /* for ACT_SCANNER */
 #include "../misc/plugutils.h"      /* for get_plugin_preference */

diff --git a/src/utils.c b/src/utils.c
@@ -225,62 +225,6 @@ data_left (int soc)
   return data;
 }
 
-/**
- * @brief Check if the hosts is still alive and set it as dead if not.
- *
- * @param kb Host kb where the host is set as dead.
- *
- * @return 1 if considered alive, 0 if it is dead. -1 on error
- * or option disabled.
- */
-int
-check_host_still_alive (kb_t kb, const char *hostname)
-{
-  int is_alive = 0;
-  boreas_error_t alive_err;
-
-  /* Heartbeat will work only with boreas enabled. We check if we
-     have all what we need before running a heartbeat check. */
-  if (prefs_get_bool ("test_alive_hosts_only"))
-    {
-      const gchar *alive_test_str = prefs_get ("ALIVE_TEST");
-
-      /* Don't perform a hearbeat check if the host is always considered
-         alive or the alive test is not valid. */
-      if (!(alive_test_str
-            && atoi (alive_test_str) >= ALIVE_TEST_TCP_ACK_SERVICE
-            && atoi (alive_test_str) < 32 // max value for alive test combi.
-            && !((atoi (alive_test_str)) & ALIVE_TEST_CONSIDER_ALIVE)))
-        return -1;
-    }
-  else
-    {
-      g_warning ("%s: Max VTs timeout has been reached, but Boreas is not "
-                 "enabled. Heartbeat check for %s will not be performed",
-                 __func__, hostname);
-      return -1;
-    }
-
-  alive_err = is_host_alive (hostname, &is_alive);
-  if (alive_err)
-    {
-      g_warning ("%s: Heartbeat check failed for %s with error %d.", __func__,
-                 hostname, alive_err);
-      return -1;
-    }
-
-  if (is_alive == 0)
-    {
-      g_message ("%s: Heartbeat check was not successful. The host %s has"
-                 " been set as dead.",
-                 __func__, hostname);
-      kb_item_set_int_with_main_kb_check (kb, "Host/dead", 1);
-      return 0;
-    }
-
-  return 1;
-}
-
 void
 wait_for_children1 (void)
 {