 * scan_engine.h -- Includes much of the "engine" functions for scanning,  *
 * such as pos_scan and ultra_scan.  It also includes dependant functions  *
 * such as those for collecting SYN/connect scan responses.                *
 *                                                                         *
/* $Id: scan_engine.h 13506 2009-06-03 23:15:45Z daniel $ */


#include "nmap.h"
#include "global_structures.h"
#include <vector>

struct probespec_tcpdata {
  u16 dport;
  u8 flags;

struct probespec_udpdata {
  u16 dport;

struct probespec_sctpdata {
  u16 dport;
  u8 chunktype;

struct probespec_icmpdata {
  u8 type;
  u8 code;

#define PS_NONE 0
#define PS_TCP 1
#define PS_UDP 2
#define PS_PROTO 3
#define PS_ICMP 4
#define PS_ARP 5
#define PS_SCTP 7

/* The size of this structure is critical, since there can be tens of
   thousands of them stored together ... */
typedef struct probespec {
  /* To save space, I changed this from private enum (took 4 bytes) to
     u8 that uses #defines above */
  u8 type;
  u8 proto; /* If not PS_ARP -- Protocol number ... eg IPPROTO_TCP, etc. */
  union {
    struct probespec_tcpdata tcp; /* If type is PS_TCP or PS_CONNECTTCP. */
    struct probespec_udpdata udp; /* PS_UDP */
    struct probespec_sctpdata sctp; /* PS_SCTP */
    struct probespec_icmpdata icmp; /* PS_ICMP */
    /* Nothing needed for PS_ARP, since src mac and target IP are
       avail from target structure anyway */
  } pd;
} probespec;

/* 3rd generation Nmap scanning function.  Handles most Nmap port scan types */
void ultra_scan(std::vector<Target *> &Targets, struct scan_lists *ports, 
            stype scantype, struct timeout_info *to = NULL);

/* Handles the "positive-response" scans (where we get a response
   telling us that the port is open based on the probe.  This includes
   SYN Scan, Connect Scan, RPC scan, Window Scan, and ACK scan */
void pos_scan(Target *target, u16 *portarray, int numports, stype scantype);

/* FTP bounce attack scan.  This function is rather lame and should be
   rewritten.  But I don't think it is used much anyway.  If I'm going to
   allow FTP bounce scan, I should really allow SOCKS proxy scan.  */
void bounce_scan(Target *target, u16 *portarray, int numports,
             struct ftpinfo *ftp);

/* Determines an ideal number of hosts to be scanned (port scan, os
   scan, version detection, etc.) in parallel after the ping scan is
   completed.  This is a balance between efficiency (more hosts in
   parallel often reduces scan time per host) and results latency (you
   need to wait for all hosts to finish before Nmap can spit out the
   results).  Memory consumption usually also increases with the
   number of hosts scanned in parallel, though rarely to significant
   levels. */
int determineScanGroupSize(int hosts_scanned_so_far, 
                     struct scan_lists *ports);

#endif /* SCAN_ENGINE_H */

