123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633 |
- /* $Id: get.c 2423 2010-03-13 07:09:49Z aturner $ */
- /*
- * Copyright (c) 2001-2010 Aaron Turner.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the names of the copyright owners nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- #include "config.h"
- #include "defines.h"
- #include "common.h"
- #include "../../lib/sll.h"
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <ctype.h>
- #include <string.h>
- #include <stdlib.h>
- #ifdef DEBUG
- extern int debug;
- #endif
- #if defined HAVE_PCAP_VERSION && ! defined HAVE_WIN32
- extern const char pcap_version[];
- #endif
- /**
- * Depending on what version of libpcap/WinPcap there are different ways to get the
- * version of the libpcap/WinPcap library. This presents a unified way to get that
- * information.
- */
- const char *
- get_pcap_version(void)
- {
- #if defined HAVE_WINPCAP
- static char ourver[255];
- char *last, *version;
- /* WinPcap returns a string like:
- * WinPcap version 4.0 (packet.dll version 4.0.0.755), based on libpcap version 0.9.5
- */
- version = safe_strdup(pcap_lib_version());
- strtok_r(version, " ", &last);
- strtok_r(NULL, " ", &last);
- strlcpy(ourver, strtok_r(NULL, " ", &last), 255);
- safe_free(version);
- return ourver;
- #elif defined HAVE_PCAP_VERSION
- return pcap_version;
- #else
- return pcap_lib_version();
- #endif
- }
- /**
- * returns the L2 protocol (IP, ARP, etc)
- * or 0 for error
- */
- u_int16_t
- get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
- {
- eth_hdr_t *eth_hdr;
- vlan_hdr_t *vlan_hdr;
- hdlc_hdr_t *hdlc_hdr;
- sll_hdr_t *sll_hdr;
- u_int16_t ether_type;
- assert(pktdata);
- assert(datalen);
- switch (datalink) {
- case DLT_RAW:
- return ETHERTYPE_IP;
- break;
- case DLT_EN10MB:
- eth_hdr = (eth_hdr_t *)pktdata;
- ether_type = ntohs(eth_hdr->ether_type);
- switch (ether_type) {
- case ETHERTYPE_VLAN: /* 802.1q */
- vlan_hdr = (vlan_hdr_t *)pktdata;
- return ntohs(vlan_hdr->vlan_len);
- default:
- return ether_type; /* yes, return it in host byte order */
- }
- break;
- case DLT_C_HDLC:
- hdlc_hdr = (hdlc_hdr_t *)pktdata;
- return hdlc_hdr->protocol;
- break;
- case DLT_LINUX_SLL:
- sll_hdr = (sll_hdr_t *)pktdata;
- return sll_hdr->sll_protocol;
- break;
- default:
- errx(-1, "Unable to process unsupported DLT type: %s (0x%x)",
- pcap_datalink_val_to_description(datalink), datalink);
- }
- return 0;
- }
- /**
- * returns the length in number of bytes of the L2 header, or -1 on error
- */
- int
- get_l2len(const u_char *pktdata, const int datalen, const int datalink)
- {
- eth_hdr_t *eth_hdr;
-
- assert(pktdata);
- assert(datalen);
- switch (datalink) {
- case DLT_RAW:
- /* pktdata IS the ip header! */
- return 0;
- break;
- case DLT_EN10MB:
- eth_hdr = (struct tcpr_ethernet_hdr *)pktdata;
- switch (ntohs(eth_hdr->ether_type)) {
- case ETHERTYPE_VLAN:
- return 18;
- break;
-
- default:
- return 14;
- break;
- }
- break;
-
- case DLT_C_HDLC:
- return CISCO_HDLC_LEN;
- break;
- case DLT_LINUX_SLL:
- return SLL_HDR_LEN;
- break;
- default:
- errx(-1, "Unable to process unsupported DLT type: %s (0x%x)",
- pcap_datalink_val_to_description(datalink), datalink);
- break;
- }
- return -1; /* we shouldn't get here */
- }
- /**
- * returns a ptr to the ip header + data or NULL if it's not IP
- * we may use an extra buffer for the ip header (and above)
- * on stricly aligned systems where the layer 2 header doesn't
- * fall on a 4 byte boundry (like a standard ethernet header)
- *
- * Note: you can cast the result as an ip_hdr_t, but you'll be able
- * to access data above the header minus any stripped L2 data
- */
- const u_char *
- get_ipv4(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
- {
- const u_char *ip_hdr = NULL;
- int l2_len = 0;
- u_int16_t proto;
- assert(pktdata);
- assert(datalen);
- assert(*newbuff);
- l2_len = get_l2len(pktdata, datalen, datalink);
- /* sanity... datalen must be > l2_len + IP header len*/
- if (l2_len + TCPR_IPV4_H > datalen) {
- dbg(1, "get_ipv4(): Layer 2 len > total packet len, hence no IP header");
- return NULL;
- }
- proto = get_l2protocol(pktdata, datalen, datalink);
- if (proto != ETHERTYPE_IP)
- return NULL;
- #ifdef FORCE_ALIGN
- /*
- * copy layer 3 and up to our temp packet buffer
- * for now on, we have to edit the packetbuff because
- * just before we send the packet, we copy the packetbuff
- * back onto the pkt.data + l2len buffer
- * we do all this work to prevent byte alignment issues
- */
- if (l2_len % 4) {
- ip_hdr = *newbuff;
- memcpy(ip_hdr, (pktdata + l2_len), (datalen - l2_len));
- } else {
- /* we don't have to do a memcpy if l2_len lands on a boundry */
- ip_hdr = (pktdata + l2_len);
- }
- #else
- /*
- * on non-strict byte align systems, don't need to memcpy(),
- * just point to l2len bytes into the existing buffer
- */
- ip_hdr = (pktdata + l2_len);
- #endif
- return ip_hdr;
- }
- const u_char *
- get_ipv6(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
- {
- const u_char *ip6_hdr = NULL;
- int l2_len = 0;
- u_int16_t proto;
- assert(pktdata);
- assert(datalen);
- assert(*newbuff);
- l2_len = get_l2len(pktdata, datalen, datalink);
- /* sanity... datalen must be > l2_len + IP header len*/
- if (l2_len + TCPR_IPV6_H > datalen) {
- dbg(1, "get_ipv6(): Layer 2 len > total packet len, hence no IPv6 header");
- return NULL;
- }
- proto = get_l2protocol(pktdata, datalen, datalink);
- if (proto != ETHERTYPE_IP6)
- return NULL;
- #ifdef FORCE_ALIGN
- /*
- * copy layer 3 and up to our temp packet buffer
- * for now on, we have to edit the packetbuff because
- * just before we send the packet, we copy the packetbuff
- * back onto the pkt.data + l2len buffer
- * we do all this work to prevent byte alignment issues
- */
- if (l2_len % 4) {
- ip6_hdr = *newbuff;
- memcpy(ip6_hdr, (pktdata + l2_len), (datalen - l2_len));
- } else {
- /* we don't have to do a memcpy if l2_len lands on a boundry */
- ip6_hdr = (pktdata + l2_len);
- }
- #else
- /*
- * on non-strict byte align systems, don't need to memcpy(),
- * just point to l2len bytes into the existing buffer
- */
- ip6_hdr = (pktdata + l2_len);
- #endif
- return ip6_hdr;
- }
- /**
- * returns a pointer to the layer 4 header which is just beyond the IPv4 header
- */
- void *
- get_layer4_v4(const ipv4_hdr_t *ip_hdr)
- {
- void *ptr;
- assert(ip_hdr);
- ptr = (u_int32_t *) ip_hdr + ip_hdr->ip_hl;
- return ((void *)ptr);
- }
- /**
- * returns a pointer to the layer 4 header which is just beyond the IPv6 header
- * and any exension headers or NULL when there is none as in the case of
- * v6 Frag or ESP header. Function is recursive.
- */
- void *
- get_layer4_v6(const ipv6_hdr_t *ip6_hdr)
- {
- struct tcpr_ipv6_ext_hdr_base *next, *exthdr;
- u_int8_t proto;
-
- assert(ip6_hdr);
-
- /* jump to the end of the IPv6 header */
- next = (struct tcpr_ipv6_ext_hdr_base *)((u_char *)ip6_hdr + TCPR_IPV6_H);
- proto = ip6_hdr->ip_nh;
-
- while (TRUE) {
- dbgx(3, "Processing proto: 0x%hx", proto);
-
- switch (proto) {
- /* recurse due to v6-in-v6, need to recast next as an IPv6 Header */
- case TCPR_IPV6_NH_IPV6:
- dbg(3, "recursing due to v6-in-v6");
- return get_layer4_v6((ipv6_hdr_t *)next);
- break;
-
- /* loop again */
- case TCPR_IPV6_NH_AH:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- dbgx(3, "Going deeper due to extension header 0x%02X", proto);
- exthdr = get_ipv6_next(next);
- proto = exthdr->ip_nh;
- next = exthdr;
- break;
-
- /*
- * Can't handle. Unparsable IPv6 fragment/encrypted data
- */
- case TCPR_IPV6_NH_FRAGMENT:
- case TCPR_IPV6_NH_ESP:
- return NULL;
- break;
- /*
- * no further processing, either TCP, UDP, ICMP, etc...
- */
- default:
- if (proto != ip6_hdr->ip_nh) {
- dbgx(3, "Returning byte offset of this ext header: %u", IPV6_EXTLEN_TO_BYTES(next->ip_len));
- return (void *)((u_char *)next + IPV6_EXTLEN_TO_BYTES(next->ip_len));
- } else {
- dbgx(3, "%s", "Returning end of IPv6 Header");
- return next;
- }
- break;
- } /* switch */
- } /* while */
- }
- /**
- * returns the next payload or header of the current extention header
- * returns NULL for none/ESP.
- */
- void *
- get_ipv6_next(struct tcpr_ipv6_ext_hdr_base *exthdr)
- {
- int len = 0;
- assert(exthdr);
- dbgx(3, "Jumping to next IPv6 header. Processing 0x%02x", exthdr->ip_nh);
- switch (exthdr->ip_nh) {
- /* no further processing */
- case TCPR_IPV6_NH_NO_NEXT:
- case TCPR_IPV6_NH_ESP:
- dbg(3, "No-Next or ESP... can't go any further...");
- return NULL;
- break;
- /*
- * fragment header is fixed size
- * FIXME: Frag header has further ext headers (has a ip_nh field)
- * but I don't support it because there's never a full L4 + payload beyond.
- */
- case TCPR_IPV6_NH_FRAGMENT:
- dbg(3, "Looks like were a fragment header. Returning some frag'd data.");
- return (void *)((u_char *)exthdr + sizeof(struct tcpr_ipv6_frag_hdr));
- break;
- /* all the rest require us to go deeper using the ip_len field */
- case TCPR_IPV6_NH_IPV6:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- case TCPR_IPV6_NH_AH:
- len = IPV6_EXTLEN_TO_BYTES(exthdr->ip_len);
- dbgx(3, "Looks like we're an ext header (0x%hhx). Jumping %u bytes to the next", exthdr->ip_nh, len);
- return (void *)((u_char *)exthdr + len);
- break;
-
- default:
- dbg(3, "Must not be a v6 extension header... returning self");
- return (void *)exthdr;
- break;
- }
- }
- /**
- * returns the protocol of the actual layer4 header by processing through
- * the extension headers
- */
- u_int8_t
- get_ipv6_l4proto(const ipv6_hdr_t *ip6_hdr)
- {
- u_char *ptr = (u_char *)ip6_hdr + TCPR_IPV6_H; /* jump to the end of the IPv6 header */
- u_int8_t proto;
- struct tcpr_ipv6_ext_hdr_base *exthdr = NULL;
-
- proto = ip6_hdr->ip_nh;
- assert(ip6_hdr);
-
- while (TRUE) {
- dbgx(3, "Processing next proto 0x%02X", proto);
- switch (proto) {
- /* no further processing for IPV6 types with nothing beyond them */
- case TCPR_IPV6_NH_FRAGMENT:
- case TCPR_IPV6_NH_ESP:
- dbg(3, "No-Next or ESP... can't go any further...");
- return proto;
- break;
-
- /* recurse */
- case TCPR_IPV6_NH_IPV6:
- dbg(3, "Recursing due to v6 in v6");
- return get_ipv6_l4proto((ipv6_hdr_t *)ptr);
- break;
- /* loop again */
- case TCPR_IPV6_NH_AH:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- dbgx(3, "Jumping to next extension header (0x%hhx)", proto);
- exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr);
- proto = exthdr->ip_nh;
- ptr = (u_char *)exthdr;
- break;
-
- /* should be TCP, UDP or the like */
- default:
- dbgx(3, "Selecting next L4 Proto as: 0x%02x", proto);
- return proto;
- }
- }
- }
- /**
- * get_name2addr4()
- * stolen from LIBNET since I didn't want to have to deal with
- * passing a libnet_t around. Returns 0xFFFFFFFF (255.255.255.255)
- * on error
- */
- u_int32_t
- get_name2addr4(const char *hostname, u_int8_t dnslookup)
- {
- struct in_addr addr;
- #if ! defined HAVE_INET_ATON && defined HAVE_INET_ADDR
- struct hostent *host_ent;
- #endif
- u_int32_t m;
- u_int val;
- int i;
- if (dnslookup == DNS_RESOLVE) {
- #ifdef HAVE_INET_ATON
- if (inet_aton(hostname, &addr) != 1) {
- return(0xffffffff);
- }
-
- #elif defined HAVE_INET_ADDR
- if ((addr.s_addr = inet_addr(hostname)) == INADDR_NONE) {
- if (!(host_ent = gethostbyname(hostname))) {
- warnx("unable to resolve %s: %s", hostname, strerror(errno));
- /* XXX - this is actually 255.255.255.255 */
- return (0xffffffff);
- }
- /* was: host_ent->h_length); */
- memcpy(&addr.s_addr, host_ent->h_addr, sizeof(addr.s_addr));
- }
- #else
- warn("Unable to support get_name2addr4 w/ resolve");
- /* call ourselves recursively once w/o resolving the hostname */
- return get_name2addr4(hostname, DNS_DONT_RESOLVE);
- #endif
- /* return in network byte order */
- return (addr.s_addr);
- } else {
- /*
- * We only want dots 'n decimals.
- */
- if (!isdigit(hostname[0])) {
- warnx("Expected dotted-quad notation (%s) when DNS lookups are disabled", hostname);
- /* XXX - this is actually 255.255.255.255 */
- return (-1);
- }
- m = 0;
- for (i = 0; i < 4; i++) {
- m <<= 8;
- if (*hostname) {
- val = 0;
- while (*hostname && *hostname != '.') {
- val *= 10;
- val += *hostname - '0';
- if (val > 255) {
- dbgx(4, "value %d > 255 for dotted quad", val);
- /* XXX - this is actually 255.255.255.255 */
- return (-1);
- }
- hostname++;
- }
- m |= val;
- if (*hostname) {
- hostname++;
- }
- }
- }
- /* host byte order */
- return (ntohl(m));
- }
- }
- int
- get_name2addr6(const char *hostname, u_int8_t dnslookup, struct tcpr_in6_addr *addr)
- {
- (void)dnslookup;
- #ifdef HAVE_INET_PTON
- return inet_pton(AF_INET6, hostname, addr);
- #else
- #error "Unable to support get_name2addr6."
- #endif
- return -1;
- }
- /**
- * Generic wrapper around inet_ntop() and inet_ntoa() depending on whichever
- * is available on your system
- */
- const char *
- get_addr2name4(const u_int32_t ip, u_int8_t dnslookup)
- {
- struct in_addr addr;
- static char *new_string = NULL;
- if (new_string == NULL)
- new_string = (char *)safe_malloc(255);
-
- new_string[0] = '\0';
- addr.s_addr = ip;
- #ifdef HAVE_INET_NTOP
- if (inet_ntop(AF_INET, &addr, new_string, 255) == NULL) {
- warnx("Unable to convert 0x%x to a string", ip);
- strlcpy(new_string, "", sizeof(new_string));
- }
- return new_string;
- #elif defined HAVE_INET_NTOA
- return inet_ntoa(&addr);
- #else
- #error "Unable to support get_addr2name4."
- #endif
- if (dnslookup != DNS_DONT_RESOLVE) {
- warn("Sorry, we don't support name resolution.");
- }
- return new_string;
- }
- const char *
- get_addr2name6(const struct tcpr_in6_addr *addr, u_int8_t dnslookup)
- {
- static char *new_string = NULL;
- if (new_string == NULL)
- new_string = (char *)safe_malloc(255);
- new_string[0] = '\0';
- #ifdef HAVE_INET_NTOP
- if (inet_ntop(AF_INET6, addr, new_string, 255) == NULL) {
- warn("Unable to convert addr to a string");
- strlcpy(new_string, "", sizeof(new_string));
- }
- return new_string;
- #else
- #error "Unable to support get_addr2name6."
- #endif
- if (dnslookup != DNS_DONT_RESOLVE) {
- warn("Sorry, we don't support name resolution.");
- }
- return new_string;
- }
- const char *
- get_cidr2name(const tcpr_cidr_t *cidr_ptr, u_int8_t dnslookup)
- {
- if (cidr_ptr->family == AF_INET) {
- return get_addr2name4(cidr_ptr->u.network, dnslookup);
- } else if (cidr_ptr->family == AF_INET6) {
- return get_addr2name6(&cidr_ptr->u.network6, dnslookup);
- } else {
- return NULL;
- }
- }
|