nudgeval.c tweaks sysctl(2) values related to TCP/IP stack

/*
 * - nudgeval (nudge sysctl values related to network stack)
 *   nudges sysctl(2) values using sysctlbyname(3)
 *   specifically those controlling the network stack, _TCP/IP/ICMP/IGMP/UDP/...
 *   this works wonders for nmap -O and other fingerprint detection evasion.
 *
 *   -n@mod.net
 *
 * TODO: port to Linux sysctl interface with new naming convention, net.ipv4/ipv6/etc...
 * Under the /proc/sys filesystem directory.
 * TODO: Some of these sysctls are using values outside the normal ranges, tune that, and add more.
 *
 * Notes: before running this, nmap -O on high sierra, returns 'Aggressive OS guesses' that include OSX
 *        after running this, it has no idea what OS I am running (whether nmap -O localhost or from remote host)
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <string.h>

#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/sysctl.h>

#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <err.h>

#define		RANDOMIZE		 (-1)

#define 	NET_INET 		 "net.inet."
#define		_IP_PORTRANGE	NET_INET "ip.portrange"
#define		_IP		NET_INET "ip."
#define		_ICMP		NET_INET "icmp."
#define		_TCP		NET_INET "tcp."
#define		_IGMP		NET_INET "igmp."
#define		_UDP		NET_INET "udp."
#define		_IPSEC		NET_INET "ipsec."
#define		_RAW		NET_INET "raw."
#define		_MPTCP		NET_INET "mptcp."

#define		_USE_SYSLOG		0

#if _USE_SYSLOG == 1
#define		syslog	syslog
#else
#define		syslog	warnx
#endif

struct sysctls {
	char		*name;
	int		def;
	int		low;
	int		hi;
	int		mlsecs;
	struct timeval  last;
};

struct sysctls ctl[] = {
	{ _IP "forwarding", 0, 0, 0, 0, { 0, 0 } },
	{ _IP "sourceroute", 0, 0, 0, 0, { 0, 0 } },
	{ _IP "redirect", 0, 0, 0, 0, { 0, 0 } },
	{ _IP "gifttl", 0, 0, 0, 0,  { 0, 0 } },
	{ _IP "accept_sourceroute", 0, 0, 0, 0, { 0, 0 } },
	{ _IP "ttl", 64, 30, 64, 100000, { 0, 0 } },
	{ _IP "rtexpire", 10, 5, 25, 100000, { 0, 0 } },
	{ _IP "rtminexpire", 10, 1, 16, 40000, { 0, 0 } },
	{ _IP "rtmaxcache", 128, 100, 200, 10000000, { 0, 0 } },
	{ _IP "log_restricted", 1, 1, 1, 0, { 0, 0 } },
	{ _UDP "log_in_vain", 4, 4, 4, 0, { 0, 0 } },
	{ _UDP "blackhole", 1, 1, 1, 0, { 0, 0 } },
	{ _MPTCP "enable", 0, 1, 0, 10000, { 0, 0 } },
	{ _TCP "log_in_vain", 4, 4, 4, 0, { 0, 0 } },
	{ _TCP "rfc1644", 0, 1, 0, 200000, { 0, 0 } },
	{ _TCP "delayed_ack", 3, 0, 4, 100000, { 0, 0 } },
	{ _TCP "blackhole", 2, 1, 2, 50000, { 0, 0 } },
	{ _ICMP "icmplim", 5, 0, 50, 25000, { 0, 0 } },
	{ _MPTCP "log_restricted", 1, 1, 1, 0, { 0, 0 } },
	{ _TCP "cc_debug", 1, 1, 1, 0, { 0, 0 } },
	{ _TCP "newreno_sockets", 0, 0, 16, 30000, { 0, 0 } },
	{ _TCP "use_newreno", 1, 0, 1, 40000, { 0, 0 } },
	{ _TCP "cubic_sockets", 0, 10, 0, 20000, { 0, 0 } },
	{ _TCP "background_sockets", 1, 20, 0, 120000, { 0, 0 } },
	{ _TCP "cubic_tcp_friendliness", 0, 0, 1, 100000, { 0, 0 } },
	{ _TCP "cubic_fast_convergence", 0, 0, 1, 10000, { 0, 0 } },
	{ _TCP "slowstart_flightsize", 15, 5, 50, 10000, { 0, 0 } },
	{ _TCP "icmp_may_rst", 0, 0, 1, 12000, { 0, 0 } },
	{ _TCP "fastopen", 3, 0, 3, 48000, { 0, 0 } },
	{ _TCP "fastopen_backlog", 12, 3, 16, 240000, { 0, 0 } },
	{ _TCP "sack", 1, 0, 1, 10000, { 0, 0 } },
	{ _TCP "rfc3390", 1, 0, 1, 10000, { 0, 0 } },
	{ _TCP "rfc3645", 1, 1, 1, 0, { 0, 0 } },
	{ _TCP "rfc3645_lim2", 1, 0, 3, 20000, { 0, 0 } },
	{ _TCP "drop_synfin", 1, 0, 1, 24000, { 0, 0 } },
	{ _TCP "enable_tlp", 1, 0, 1, 50000, { 0, 0 } },
	{ _TCP "ack_prioritize", 1, 0, 1, 40000, { 0, 0 } },
	{ _TCP "rfc3390", 1, 0, 1, 205000, { 0, 0 } },
	{ _TCP "tcp_lq_overflow", 1, 0, 1, 200000, { 0, 0 } },
	{ NULL, 0, 0, 0, 0, { 0, 0 } },
};


int 	do_sysctl();
int  	nudgesys();

/*
 * do a sysctlbyname(2) and return success or failure.
 */
int
do_sysctl(char *name, void *newp, size_t size)
{
	int	err, oval;
	size_t	olen = 0;
	char	buf[256];


	/* get size of buffer we will need */
    	err = sysctlbyname(name, &oval, &olen, newp, size);
//	sprintf(buf, "sysctl -w %s=%d", name, *(int *)newp);
//	system(buf);

	if (err < 0) {
		perror("sysctlbyname");
		return -1;
	}

	return 0;
}

/*
 * nudgesys
 * takes care of nudging a sysctl value if the time is right, and updating the last timeval.
 */
int
nudgesys(struct sysctls *sc)
{
	size_t	size = sizeof(int);
	int	i, val, do_nudge = 0;
	struct	timeval tv, tvdiff;

	gettimeofday(&tv, NULL);
	if (sc->last.tv_sec == 0 && sc->last.tv_usec == 0) {
		/*
		 * Never been updated since first started.
		 */
		memcpy(&sc->last, &tv, sizeof(struct timeval));
		do_nudge++;
	}

	if (tv.tv_sec > sc->last.tv_sec) 	/* seconds make it automtically furhter/larger in time. */
	{
		memcpy(&sc->last, &tv, sizeof(struct timeval));
		do_nudge++;
	}

	if (tv.tv_sec == sc->last.tv_sec) {	/* Our television sets are getting hacked. */
		if (tv.tv_sec > sc->last.tv_sec)
			fprintf(stderr, "Unless 'usec' is higher than 'usec' (sec == sec).\n");
		if (tv.tv_usec > sc->last.tv_usec)
			do_nudge++;
	}
	else
		if (tv.tv_usec > sc->last.tv_usec && tv.tv_sec == sc->last.tv_sec)
			fprintf(stderr, "Unless 'sec' is higher than 'usec'\n");

	/*
	 * Analysis portion.
	 */
	if (do_nudge) {
		if (sc->mlsecs == 0 || (sc->hi == 0 && sc->low == 0))
			return 0;

		val = (rand() % (sc->hi - sc->low)) + sc->low;
		size = sizeof(val);
		if (do_sysctl(sc->name, &val, size) < 0) {
			syslog("nudgeval[%d]: nudgesys(): do_sysctl(%s, %d, %zu) < 0", getpid(),
				sc->name, val, size);
			syslog("nudgeval[%d]: nudgesys(): sc->def = %d, sc->hi = %d, sc->low = %d,"
				" sc->mlsecs = %u, sc->last.tv_sec = %u, sc->last.tv_usec = %u",
				getpid(), sc->def, sc->hi, sc->low, sc->mlsecs, sc->last.tv_sec,
				sc->last.tv_usec);
			return -1;
		}

		/*
		 * Succeeded in nudging the sysctl value.
		 */
		return 0;
	}

	return -2;	/* Not changed. */
}

int
main(int argc, char **argv)
{
	struct sysctls     *sc;
	int		   i;
	time_t		   t;

	time(&t);
	srand(t);

	for (;;) {
		for (i = 0; ctl[i].name != NULL; i++) {
			sc = &ctl[i];
			nudgesys(sc);
			usleep(sc->mlsecs);
		}
	}
}