get.c 30 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2024 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "defines.h"
  20. #include "config.h"
  21. #include "common.h"
  22. #include <lib/sll.h>
  23. #include <arpa/inet.h>
  24. #include <ctype.h>
  25. #include <netinet/in.h>
  26. #include <stdlib.h>
  27. #include <string.h>
  28. #include <sys/socket.h>
  29. #include <sys/types.h>
  30. #if defined HAVE_PCAP_VERSION && !defined HAVE_WIN32
  31. extern const char pcap_version[];
  32. #endif
  33. #define JUNIPER_FLAG_NO_L2 0x02 /* L2 header */
  34. #define JUNIPER_FLAG_EXT 0x80 /* Juniper extensions present */
  35. #define JUNIPER_PCAP_MAGIC "MGC"
  36. static void *get_ipv6_next(struct tcpr_ipv6_ext_hdr_base *exthdr, const u_char *end_ptr);
  37. /**
  38. * Depending on what version of libpcap there are different ways to get
  39. * the version of the libpcap library. This presents a unified way to
  40. * get that information.
  41. */
  42. const char *
  43. get_pcap_version(void)
  44. {
  45. #if defined HAVE_WINPCAP
  46. static char ourver[255];
  47. char *last, *version;
  48. /* WinPcap returns a string like:
  49. * WinPcap version 4.0 (packet.dll version 4.0.0.755), based on libpcap version 0.9.5
  50. */
  51. version = safe_strdup(pcap_lib_version());
  52. strtok_r(version, " ", &last);
  53. strtok_r(NULL, " ", &last);
  54. strlcpy(ourver, strtok_r(NULL, " ", &last), 255);
  55. safe_free(version);
  56. return ourver;
  57. #elif defined HAVE_PCAP_VERSION
  58. return pcap_version;
  59. #else
  60. return pcap_lib_version();
  61. #endif
  62. }
  63. /*
  64. * Advance L2 protocol and L2 length past any MPLS labels.
  65. * e.g. https://www.cloudshark.org/captures/20f210391b21
  66. *
  67. * If EoMPLS is detected, also advance L2 offset to point to the
  68. * encapsulated L2.
  69. * e.g. https://www.cloudshark.org/captures/b15412060b3d
  70. *
  71. * pktdata: pointer to the raw packet
  72. * datalen: number of bytes captured in the packet
  73. * next_protocol: reference to the next L2 protocol to be examined and possibly updated
  74. * l2len: reference to the length of the L2 header discovered so far
  75. * l2offset: reference to the offset to the start of the L2 header - typically 0
  76. *
  77. * return 0 on success, -1 on failure
  78. */
  79. int
  80. parse_mpls(const u_char *pktdata, uint32_t datalen, uint16_t *next_protocol, uint32_t *l2len, uint32_t *l2offset)
  81. {
  82. struct tcpr_mpls_label *mpls_label;
  83. const u_char *end_ptr = pktdata + datalen;
  84. u_char first_nibble;
  85. eth_hdr_t *eth_hdr;
  86. bool bos = false;
  87. uint32_t label;
  88. int len;
  89. assert(next_protocol);
  90. assert(l2len);
  91. assert(l2offset);
  92. len = (int)*l2len;
  93. /* move over MPLS labels until we get to the last one */
  94. while (!bos) {
  95. if (pktdata + len + sizeof(*mpls_label) > end_ptr) {
  96. warnx("parse_mpls: Need at least %zu bytes for MPLS header but only %u available",
  97. sizeof(*mpls_label) + len,
  98. datalen);
  99. return -1;
  100. }
  101. mpls_label = (struct tcpr_mpls_label *)(pktdata + len);
  102. len += sizeof(*mpls_label);
  103. bos = (ntohl(mpls_label->entry) & MPLS_LS_S_MASK) != 0;
  104. label = ntohl(mpls_label->entry) >> MPLS_LS_LABEL_SHIFT;
  105. if (label == MPLS_LABEL_GACH) {
  106. /* Generic Associated Channel Header */
  107. warn("GACH MPLS label not supported at this time");
  108. return -1;
  109. }
  110. }
  111. if ((u_char *)(mpls_label + 1) + 1 > end_ptr) {
  112. warnx("parse_mpls: Need at least %zu bytes for MPLS label but only %u available",
  113. sizeof(*mpls_label) + 1,
  114. datalen);
  115. return -1;
  116. }
  117. first_nibble = *((u_char *)(mpls_label + 1)) >> 4;
  118. switch (first_nibble) {
  119. case 4:
  120. *next_protocol = ETHERTYPE_IP;
  121. break;
  122. case 6:
  123. *next_protocol = ETHERTYPE_IP6;
  124. break;
  125. case 0:
  126. /* EoMPLS - jump over PW Ethernet Control Word and handle
  127. * inner Ethernet header
  128. */
  129. if (pktdata + len + 4 + sizeof(*eth_hdr) > end_ptr) {
  130. warnx("parse_mpls: Need at least %zu bytes for EoMPLS header but only %u available",
  131. sizeof(*eth_hdr) + len + 4,
  132. datalen);
  133. return -1;
  134. }
  135. len += 4;
  136. *l2offset = len;
  137. eth_hdr = (eth_hdr_t *)(pktdata + len);
  138. len += sizeof(*eth_hdr);
  139. *next_protocol = ntohs(eth_hdr->ether_type);
  140. break;
  141. default:
  142. warn("parse_mpls:suspect Generic Associated Channel Header");
  143. return -1;
  144. }
  145. *l2len = (uint32_t)len;
  146. return 0;
  147. }
  148. /*
  149. * Advance L2 protocol and L2 length past any VLAN tags.
  150. * e.g. https://www.cloudshark.org/captures/e4fa464563d2
  151. *
  152. * pktdata: pointer to the raw packet
  153. * datalen: number of bytes captured in the packet
  154. * next_protocol: reference to the next L2 protocol to be examined and possibly updated
  155. * l2len: reference to the length of the L2 header discovered so far
  156. *
  157. * return 0 on success, -1 on failure
  158. */
  159. int
  160. parse_vlan(const u_char *pktdata, uint32_t datalen, uint16_t *next_protocol, uint32_t *l2len)
  161. {
  162. vlan_hdr_t *vlan_hdr;
  163. if ((size_t)datalen < *l2len + sizeof(*vlan_hdr)) {
  164. warnx("parse_vlan: Need at least %zu bytes for VLAN header but only %u available", sizeof(*vlan_hdr), datalen);
  165. return -1;
  166. }
  167. vlan_hdr = (vlan_hdr_t *)(pktdata + *l2len);
  168. *next_protocol = ntohs(vlan_hdr->vlan_tpid);
  169. *l2len += sizeof(vlan_hdr_t);
  170. return 0;
  171. }
  172. /*
  173. * Loop through all non-protocol L2 headers while updating key variables
  174. *
  175. * pktdata: pointer to the raw packet
  176. * datalen: number of bytes captured in the packet
  177. * next_protocol: reference to the next L2 protocol to be examined and possibly updated
  178. * l2len: reference to the length of the L2 header discovered so far
  179. * l2offset: reference to the offset to the start of the L2 header - typically 0
  180. * vlan_offset: reference to the offset to the start of the VLAN headers, if any
  181. *
  182. * return 0 on success, -1 on failure
  183. */
  184. static int
  185. parse_metadata(const u_char *pktdata,
  186. uint32_t datalen,
  187. uint16_t *next_protocol,
  188. uint32_t *l2len,
  189. uint32_t *l2offset,
  190. uint32_t *vlan_offset)
  191. {
  192. bool done = false;
  193. assert(next_protocol);
  194. assert(l2len);
  195. assert(l2offset);
  196. assert(vlan_offset);
  197. if (!pktdata || !datalen)
  198. errx(-1, "parse_metadata: invalid L2 parameters: pktdata=0x%p len=%d", pktdata, datalen);
  199. while (!done) {
  200. switch (*next_protocol) {
  201. case ETHERTYPE_VLAN:
  202. case ETHERTYPE_Q_IN_Q:
  203. case ETHERTYPE_8021QINQ:
  204. if (*vlan_offset == 0)
  205. *vlan_offset = *l2len;
  206. if (parse_vlan(pktdata, datalen, next_protocol, l2len))
  207. return -1;
  208. break;
  209. case ETHERTYPE_MPLS:
  210. case ETHERTYPE_MPLS_MULTI:
  211. if (parse_mpls(pktdata, datalen, next_protocol, l2len, l2offset))
  212. return -1;
  213. break;
  214. default:
  215. done = true;
  216. }
  217. }
  218. return 0;
  219. }
  220. /*
  221. * Parse raw packet and get the L3 protocol and L2 length. In cases where the
  222. * L2 header is not at the beginning of the packet
  223. * (e.g. DLT_JUNIPER_ETHER or EoMPLS), report the offset to the start of the
  224. * L2 header
  225. *
  226. * pktdata: pointer to the raw packet
  227. * datalen: number of bytes captured in the packet
  228. * datalink: data link type of the packet
  229. * protocol: reference to the L3 protocol as discovered in the L2 header
  230. * l2len: reference to the total length of the L2 header
  231. * l2offset: reference to the offset to the start of the L2 header (typically 0)
  232. * vlan_offset: reference to the offset to the start of the VLAN headers, if any
  233. *
  234. * return 0 on success, -1 on failure
  235. */
  236. int
  237. get_l2len_protocol(const u_char *pktdata,
  238. uint32_t datalen,
  239. int datalink,
  240. uint16_t *protocol,
  241. uint32_t *l2len,
  242. uint32_t *l2offset,
  243. uint32_t *vlan_offset)
  244. {
  245. assert(protocol);
  246. assert(l2len);
  247. assert(l2offset);
  248. assert(vlan_offset);
  249. if (!pktdata || !datalen)
  250. errx(-1, "get_l2len_protocol: invalid L2 parameters: pktdata=0x%p len=%d", pktdata, datalen);
  251. *protocol = 0;
  252. *l2len = 0;
  253. *l2offset = 0;
  254. *vlan_offset = 0;
  255. switch (datalink) {
  256. case DLT_NULL:
  257. case DLT_RAW:
  258. if ((pktdata[0] >> 4) == 4)
  259. *protocol = ETHERTYPE_IP;
  260. else if ((pktdata[0] >> 4) == 6)
  261. *protocol = ETHERTYPE_IP6;
  262. break;
  263. case DLT_JUNIPER_ETHER:
  264. if (datalen < 4) {
  265. warnx("%s (0x%x): Need at least 4 bytes for DLT_JUNIPER_ETHER but only %u available",
  266. pcap_datalink_val_to_description(datalink),
  267. datalink,
  268. datalen);
  269. return -1;
  270. }
  271. if (memcmp(pktdata, JUNIPER_PCAP_MAGIC, 3) != 0) {
  272. warnx("%s (0x%x): No JUNIPER_PCAP_MAGIC Magic Number found during protocol lookup",
  273. pcap_datalink_val_to_description(datalink),
  274. datalink);
  275. return -1;
  276. }
  277. if ((pktdata[3] & JUNIPER_FLAG_EXT) == JUNIPER_FLAG_EXT) {
  278. if (datalen < 6) {
  279. warnx("%s (0x%x): Need at least 6 bytes for JUNIPER_FLAG_EXT but only %u available",
  280. pcap_datalink_val_to_description(datalink),
  281. datalink,
  282. datalen);
  283. return -1;
  284. }
  285. *l2offset = ntohs(*((uint16_t *)&pktdata[4]));
  286. *l2offset += 6; /* MGC + flags + ext_total_len */
  287. } else {
  288. *l2offset = 4; /* MGC + flags (no header extensions) */
  289. }
  290. if ((pktdata[3] & JUNIPER_FLAG_NO_L2) == JUNIPER_FLAG_NO_L2) {
  291. /* no L2 header present - *l2offset is actually IP offset */
  292. uint32_t ip_hdr_offset = *l2offset;
  293. uint32_t hdrSpaceNeeded = ip_hdr_offset + 1;
  294. if (datalen < hdrSpaceNeeded) {
  295. warnx("%s (0x%x): Need at least %u bytes for JUNIPER_FLAG_NO_L2 but only %u available",
  296. pcap_datalink_val_to_description(datalink),
  297. hdrSpaceNeeded,
  298. datalink,
  299. datalen);
  300. return -1;
  301. }
  302. if ((pktdata[ip_hdr_offset] >> 4) == 4)
  303. *protocol = ETHERTYPE_IP;
  304. else if ((pktdata[ip_hdr_offset] >> 4) == 6)
  305. *protocol = ETHERTYPE_IP6;
  306. return 0;
  307. }
  308. /* fall through */
  309. case DLT_EN10MB: {
  310. eth_hdr_t *eth_hdr;
  311. uint16_t ether_type;
  312. uint32_t l2_net_off = sizeof(*eth_hdr) + *l2offset;
  313. if (datalen <= l2_net_off + 4) {
  314. warnx("%s (0x%x): Need at least %u bytes for DLT_EN10MB but only %u available",
  315. pcap_datalink_val_to_description(datalink),
  316. datalink,
  317. l2_net_off + 4,
  318. datalen);
  319. return -1;
  320. }
  321. eth_hdr = (eth_hdr_t *)(pktdata + *l2offset);
  322. ether_type = ntohs(eth_hdr->ether_type);
  323. if (parse_metadata(pktdata, datalen, &ether_type, &l2_net_off, l2offset, vlan_offset))
  324. return -1;
  325. *l2len = l2_net_off;
  326. if (ether_type >= 1536) {
  327. /* Ethernet II frame - return in host order */
  328. *protocol = ether_type;
  329. } else if (ether_type > 1500) {
  330. warnx("%s (0x%x): unsupported 802.3 length %u",
  331. pcap_datalink_val_to_description(datalink),
  332. datalink,
  333. ether_type);
  334. return -1;
  335. } else {
  336. /* 803.3 frame */
  337. /* we don't modify 802.3 protocols */
  338. return -1;
  339. }
  340. break;
  341. }
  342. case DLT_PPP_SERIAL:
  343. if ((size_t)datalen < sizeof(struct tcpr_pppserial_hdr)) {
  344. warnx("%s (0x%x): Need at least %zu bytes for DLT_PPP_SERIAL but only %u available",
  345. pcap_datalink_val_to_description(datalink),
  346. datalink,
  347. sizeof(struct tcpr_pppserial_hdr),
  348. datalen);
  349. return -1;
  350. }
  351. struct tcpr_pppserial_hdr *ppp = (struct tcpr_pppserial_hdr *)pktdata;
  352. *l2len = sizeof(*ppp);
  353. if (ntohs(ppp->protocol) == 0x0021)
  354. *protocol = ETHERTYPE_IP;
  355. else
  356. *protocol = ntohs(ppp->protocol);
  357. break;
  358. case DLT_C_HDLC:
  359. if (datalen < CISCO_HDLC_LEN) {
  360. warnx("%s (0x%x): Need at least %u bytes for DLT_C_HDLC but only %u available",
  361. pcap_datalink_val_to_description(datalink),
  362. datalink,
  363. CISCO_HDLC_LEN,
  364. datalen);
  365. return -1;
  366. }
  367. hdlc_hdr_t *hdlc_hdr = (hdlc_hdr_t *)pktdata;
  368. *l2len = sizeof(*hdlc_hdr);
  369. *protocol = ntohs(hdlc_hdr->protocol);
  370. break;
  371. case DLT_LINUX_SLL:
  372. if (datalen < SLL_HDR_LEN) {
  373. warnx("%s (0x%x): Need at least %u bytes for DLT_LINUX_SLL but only %u available",
  374. pcap_datalink_val_to_description(datalink),
  375. datalink,
  376. SLL_HDR_LEN,
  377. datalen);
  378. return -1;
  379. }
  380. *l2len = SLL_HDR_LEN;
  381. sll_hdr_t *sll_hdr = (sll_hdr_t *)pktdata;
  382. *protocol = ntohs(sll_hdr->sll_protocol);
  383. break;
  384. case DLT_LINUX_SLL2:
  385. if (datalen < SLL2_HDR_LEN) {
  386. warnx("%s (0x%x): Need at least %u bytes for DLT_LINUX_SLL2 but only %u available",
  387. pcap_datalink_val_to_description(datalink),
  388. datalink,
  389. SLL2_HDR_LEN,
  390. datalen);
  391. return -1;
  392. }
  393. *l2len = SLL2_HDR_LEN;
  394. sll2_hdr_t *sll2_hdr = (sll2_hdr_t *)pktdata;
  395. *protocol = ntohs(sll2_hdr->sll2_protocol);
  396. break;
  397. default:
  398. errx(-1,
  399. "Unable to process unsupported DLT type: %s (0x%x)",
  400. pcap_datalink_val_to_description(datalink),
  401. datalink);
  402. }
  403. return 0;
  404. }
  405. /**
  406. * returns the length in number of bytes of the L2 header, or -1 on error
  407. */
  408. int
  409. get_l2len(const u_char *pktdata, int datalen, int datalink)
  410. {
  411. uint16_t _U_ protocol;
  412. uint32_t _U_ l2offset;
  413. uint32_t _U_ vlan_offset;
  414. uint32_t l2len = 0;
  415. int res = get_l2len_protocol(pktdata, datalen, datalink, &protocol, &l2len, &l2offset, &vlan_offset);
  416. if (res == -1)
  417. return 0;
  418. return (int)l2len;
  419. }
  420. /**
  421. * \brief returns a ptr to the ipv4 header + data or NULL if it's not IP
  422. *
  423. * we may use an extra buffer for the IP header (and above)
  424. * on strictly aligned systems where the layer 2 header doesn't
  425. * fall on a 4 byte boundary (like a standard Ethernet header)
  426. *
  427. * Note: you can cast the result as an ip_hdr_t, but you'll be able
  428. * to access data above the header minus any stripped L2 data
  429. */
  430. const u_char *
  431. get_ipv4(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
  432. {
  433. const u_char *packet = pktdata;
  434. const u_char *ip_hdr = NULL;
  435. ssize_t pkt_len = datalen;
  436. uint32_t _U_ vlan_offset;
  437. uint32_t l2offset;
  438. uint16_t proto;
  439. uint32_t l2len;
  440. int res;
  441. assert(packet);
  442. assert(pkt_len);
  443. assert(*newbuff);
  444. res = get_l2len_protocol(packet, pkt_len, datalink, &proto, &l2len, &l2offset, &vlan_offset);
  445. /* sanity... pkt_len must be > l2len + IP header len*/
  446. if (res == -1 || l2len + TCPR_IPV4_H > pkt_len) {
  447. dbg(1, "get_ipv4(): Layer 2 len > total packet len, hence no IP header");
  448. return NULL;
  449. }
  450. if (proto != ETHERTYPE_IP)
  451. return NULL;
  452. packet += l2offset;
  453. l2len -= l2offset;
  454. #ifdef FORCE_ALIGN
  455. pkt_len -= l2offset;
  456. /*
  457. * copy layer 3 and up to our temp packet buffer
  458. * for now on, we have to edit the packetbuff because
  459. * just before we send the packet, we copy the packetbuff
  460. * back onto the pkt.data + l2len buffer
  461. * we do all this work to prevent byte alignment issues
  462. */
  463. if (l2len % sizeof(long)) {
  464. memcpy(*newbuff, (packet + l2len), (pkt_len - l2len));
  465. ip_hdr = *newbuff;
  466. } else {
  467. /* we don't have to do a memcpy if l2len lands on a boundary */
  468. ip_hdr = (packet + l2len);
  469. }
  470. #else
  471. /*
  472. * on non-strict byte align systems, don't need to memcpy(),
  473. * just point to l2len bytes into the existing buffer
  474. */
  475. ip_hdr = (packet + l2len);
  476. #endif
  477. return ip_hdr;
  478. }
  479. /**
  480. * \brief returns a ptr to the ipv6 header + data or NULL if it's not IP
  481. *
  482. * we may use an extra buffer for the IP header (and above)
  483. * on strictly aligned systems where the layer 2 header doesn't
  484. * fall on a 4 byte boundary (like a standard Ethernet header)
  485. *
  486. * Note: you can cast the result as an ip_hdr_t, but you'll be able
  487. * to access data above the header minus any stripped L2 data
  488. */
  489. const u_char *
  490. get_ipv6(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
  491. {
  492. const u_char *packet = pktdata;
  493. const u_char *ip6_hdr = NULL;
  494. ssize_t pkt_len = datalen;
  495. uint32_t _U_ vlan_offset;
  496. uint32_t l2offset;
  497. uint16_t proto;
  498. uint32_t l2len;
  499. int res;
  500. assert(packet);
  501. assert(pkt_len);
  502. assert(*newbuff);
  503. res = get_l2len_protocol(packet, pkt_len, datalink, &proto, &l2len, &l2offset, &vlan_offset);
  504. /* sanity... pkt_len must be > l2len + IP header len*/
  505. if (res == -1 || l2len + TCPR_IPV6_H > pkt_len) {
  506. dbg(1, "get_ipv6(): Layer 2 len > total packet len, hence no IPv6 header");
  507. return NULL;
  508. }
  509. if (proto != ETHERTYPE_IP6)
  510. return NULL;
  511. packet += l2offset;
  512. l2len -= l2offset;
  513. #ifdef FORCE_ALIGN
  514. pkt_len -= l2offset;
  515. /*
  516. * copy layer 3 and up to our temp packet buffer
  517. * for now on, we have to edit the packetbuff because
  518. * just before we send the packet, we copy the packetbuff
  519. * back onto the pkt.data + l2len buffer
  520. * we do all this work to prevent byte alignment issues
  521. */
  522. if (l2len % sizeof(long)) {
  523. memcpy(*newbuff, (packet + l2len), (pkt_len - l2len));
  524. ip6_hdr = *newbuff;
  525. } else {
  526. /* we don't have to do a memcpy if l2len lands on a boundary */
  527. ip6_hdr = (packet + l2len);
  528. }
  529. #else
  530. /*
  531. * on non-strict byte align systems, don't need to memcpy(),
  532. * just point to l2len bytes into the existing buffer
  533. */
  534. ip6_hdr = (packet + l2len);
  535. #endif
  536. return ip6_hdr;
  537. }
  538. /**
  539. * \brief returns a pointer to the layer 4 header which is just beyond the IPv4 header
  540. *
  541. * If the packet is to short, returns NULL
  542. */
  543. void *
  544. get_layer4_v4(const ipv4_hdr_t *ip_hdr, const u_char *end_ptr)
  545. {
  546. void *ptr;
  547. assert(ip_hdr);
  548. assert(end_ptr);
  549. ptr = (u_char *)ip_hdr + (ip_hdr->ip_hl << 2);
  550. /* make sure we don't jump over the end of the buffer */
  551. if ((u_char *)ptr > end_ptr)
  552. return NULL;
  553. return ((void *)ptr);
  554. }
  555. /**
  556. * returns a pointer to the layer 4 header which is just beyond the IPv6 header
  557. * and any extension headers or NULL when there is none as in the case of
  558. * v6 Frag or ESP header. Function is recursive.
  559. */
  560. void *
  561. get_layer4_v6(const ipv6_hdr_t *ip6_hdr, const u_char *end_ptr)
  562. {
  563. struct tcpr_ipv6_ext_hdr_base *next, *exthdr;
  564. bool done = false;
  565. uint8_t proto;
  566. assert(ip6_hdr);
  567. assert(end_ptr);
  568. /* jump to the end of the IPv6 header */
  569. next = (struct tcpr_ipv6_ext_hdr_base *)((u_char *)ip6_hdr + TCPR_IPV6_H);
  570. if ((u_char *)next > end_ptr)
  571. return NULL;
  572. proto = ip6_hdr->ip_nh;
  573. while (!done) {
  574. dbgx(3, "Processing proto: 0x%hx", (uint16_t)proto);
  575. switch (proto) {
  576. /* recurse due to v6-in-v6, need to recast next as an IPv6 Header */
  577. case TCPR_IPV6_NH_IPV6:
  578. dbg(3, "recursing due to v6-in-v6");
  579. next = get_layer4_v6((ipv6_hdr_t *)next, end_ptr);
  580. break;
  581. /* loop again */
  582. case TCPR_IPV6_NH_AH:
  583. case TCPR_IPV6_NH_ROUTING:
  584. case TCPR_IPV6_NH_DESTOPTS:
  585. case TCPR_IPV6_NH_HBH:
  586. dbgx(3, "Going deeper due to extension header 0x%02X", proto);
  587. exthdr = get_ipv6_next(next, end_ptr);
  588. if (exthdr == NULL) {
  589. next = NULL;
  590. done = true;
  591. break;
  592. }
  593. proto = exthdr->ip_nh;
  594. next = exthdr;
  595. break;
  596. /*
  597. * handle (unparsable) IPv6 fragment data
  598. */
  599. case TCPR_IPV6_NH_FRAGMENT:
  600. // next points to l4 data
  601. dbgx(3, "Go deeper due to fragment extension header 0x%02X", proto);
  602. exthdr = get_ipv6_next(next, end_ptr);
  603. if ((exthdr == NULL) || ((u_char *)exthdr > end_ptr)) {
  604. next = NULL;
  605. done = true;
  606. break;
  607. }
  608. proto = exthdr->ip_nh;
  609. next = exthdr;
  610. // done = true;
  611. break;
  612. /*
  613. * Can't handle. Unparsable IPv6 encrypted data
  614. */
  615. case TCPR_IPV6_NH_ESP:
  616. next = NULL;
  617. done = true;
  618. break;
  619. /*
  620. * no further processing, either TCP, UDP, ICMP, etc...
  621. */
  622. default:
  623. if (proto != ip6_hdr->ip_nh && next) {
  624. dbgx(3, "Returning byte offset of this ext header: %u", IPV6_EXTLEN_TO_BYTES(next->ip_len));
  625. next = (void *)((u_char *)next + IPV6_EXTLEN_TO_BYTES(next->ip_len));
  626. if ((u_char*)next > end_ptr)
  627. return NULL;
  628. } else {
  629. dbgx(3, "%s", "Returning end of IPv6 Header");
  630. }
  631. done = true;
  632. } /* switch */
  633. if (next == NULL)
  634. done = true;
  635. } /* while */
  636. return next;
  637. }
  638. /**
  639. * returns the next payload or header of the current extension header
  640. * returns NULL for none/ESP.
  641. */
  642. static void *
  643. get_ipv6_next(struct tcpr_ipv6_ext_hdr_base *exthdr, const u_char *end_ptr)
  644. {
  645. uint8_t extlen;
  646. u_char *ptr;
  647. assert(exthdr);
  648. if ((u_char *)exthdr + sizeof(*exthdr) > end_ptr)
  649. return NULL;
  650. dbgx(3, "Jumping to next IPv6 header. Processing 0x%02x", exthdr->ip_nh);
  651. switch (exthdr->ip_nh) {
  652. /* no further processing */
  653. case TCPR_IPV6_NH_NO_NEXT:
  654. case TCPR_IPV6_NH_ESP:
  655. dbg(3, "No-Next or ESP... can't go any further...");
  656. return NULL;
  657. /*
  658. * fragment header is fixed size
  659. * FIXME: Frag header has further ext headers (has a ip_nh field)
  660. * but I don't support it because there's never a full L4 + payload beyond.
  661. */
  662. case TCPR_IPV6_NH_FRAGMENT:
  663. dbg(3, "Looks like were a fragment header. Returning some frag'd data.");
  664. ptr = (void *)((u_char *)exthdr + sizeof(struct tcpr_ipv6_frag_hdr));
  665. if (ptr > end_ptr)
  666. return NULL;
  667. return (void *)ptr;
  668. /* all the rest require us to go deeper using the ip_len field */
  669. case TCPR_IPV6_NH_IPV6:
  670. case TCPR_IPV6_NH_ROUTING:
  671. case TCPR_IPV6_NH_DESTOPTS:
  672. case TCPR_IPV6_NH_HBH:
  673. case TCPR_IPV6_NH_AH:
  674. extlen = IPV6_EXTLEN_TO_BYTES(exthdr->ip_len);
  675. if (extlen == 0) {
  676. dbg(3, "Malformed IPv6 extension header...");
  677. return NULL;
  678. }
  679. dbgx(3,
  680. "Looks like we're an ext header (0x%hhx). Jumping %u bytes"
  681. " to the next",
  682. exthdr->ip_nh,
  683. extlen);
  684. ptr = (u_char *)exthdr + extlen;
  685. if (ptr > end_ptr)
  686. return NULL;
  687. return (void *)ptr;
  688. default:
  689. dbg(3, "Must not be a v6 extension header... returning self");
  690. return (void *)exthdr;
  691. }
  692. }
  693. /**
  694. * returns the protocol of the actual layer4 header by processing through
  695. * the extension headers
  696. */
  697. uint8_t
  698. get_ipv6_l4proto(const ipv6_hdr_t *ip6_hdr, const u_char *end_ptr)
  699. {
  700. u_char *ptr = (u_char *)ip6_hdr + TCPR_IPV6_H; /* jump to the end of the IPv6 header */
  701. uint8_t proto;
  702. struct tcpr_ipv6_ext_hdr_base *exthdr = NULL;
  703. assert(ip6_hdr);
  704. if (ptr > end_ptr)
  705. return TCPR_IPV6_NH_NO_NEXT;
  706. proto = ip6_hdr->ip_nh;
  707. while (TRUE) {
  708. dbgx(3, "Processing next proto 0x%02X", proto);
  709. switch (proto) {
  710. /* no further processing for IPV6 types with nothing beyond them */
  711. case TCPR_IPV6_NH_NO_NEXT:
  712. case TCPR_IPV6_NH_FRAGMENT:
  713. case TCPR_IPV6_NH_ESP:
  714. dbg(3, "No-Next or ESP... can't go any further...");
  715. return proto;
  716. /* recurse */
  717. case TCPR_IPV6_NH_IPV6:
  718. dbg(3, "Recursing due to v6 in v6");
  719. return get_ipv6_l4proto((ipv6_hdr_t *)ptr, end_ptr);
  720. /* loop again */
  721. case TCPR_IPV6_NH_AH:
  722. case TCPR_IPV6_NH_ROUTING:
  723. case TCPR_IPV6_NH_DESTOPTS:
  724. case TCPR_IPV6_NH_HBH:
  725. dbgx(3, "Jumping to next extension header (0x%hhx)", proto);
  726. exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr, end_ptr);
  727. if (exthdr == NULL || (u_char *)exthdr + sizeof(*exthdr) > end_ptr)
  728. return TCPR_IPV6_NH_NO_NEXT;
  729. proto = exthdr->ip_nh;
  730. ptr = (u_char *)exthdr;
  731. break;
  732. /* should be TCP, UDP or the like */
  733. default:
  734. dbgx(3, "Selecting next L4 Proto as: 0x%02x", proto);
  735. return proto;
  736. } /* switch */
  737. } /* while */
  738. }
  739. /**
  740. * \brief Converts a human readable IPv4 address to a binary one
  741. *
  742. * stolen from LIBNET since I didn't want to have to deal with
  743. * passing a libnet_t around. Returns 0xFFFFFFFF (255.255.255.255)
  744. * on error
  745. */
  746. uint32_t
  747. get_name2addr4(const char *hostname, bool dnslookup)
  748. {
  749. struct in_addr addr;
  750. #if !defined HAVE_INET_ATON && defined HAVE_INET_ADDR
  751. struct hostent *host_ent;
  752. #endif
  753. if (dnslookup) {
  754. #ifdef HAVE_INET_ATON
  755. if (inet_aton(hostname, &addr) != 1) {
  756. return (0xffffffff);
  757. }
  758. #elif defined HAVE_INET_ADDR
  759. if ((addr.s_addr = inet_addr(hostname)) == INADDR_NONE) {
  760. if (!(host_ent = gethostbyname(hostname))) {
  761. warnx("unable to resolve %s: %s", hostname, strerror(errno));
  762. /* this is actually 255.255.255.255 */
  763. return (0xffffffff);
  764. }
  765. /* was: host_ent->h_length); */
  766. memcpy(&addr.s_addr, host_ent->h_addr, sizeof(addr.s_addr));
  767. }
  768. #else
  769. warn("Unable to support get_name2addr4 w/ resolve");
  770. /* call ourselves recursively once w/o resolving the hostname */
  771. return get_name2addr4(hostname, DNS_DONT_RESOLVE);
  772. #endif
  773. /* return in network byte order */
  774. return (addr.s_addr);
  775. } else {
  776. /*
  777. * We only want dots 'n decimals.
  778. */
  779. int i;
  780. uint32_t m;
  781. if (!isdigit(hostname[0])) {
  782. warnx("Expected dotted-quad notation (%s) when DNS lookups are disabled", hostname);
  783. /* XXX - this is actually 255.255.255.255 */
  784. return (-1);
  785. }
  786. m = 0;
  787. for (i = 0; i < 4; i++) {
  788. u_int val;
  789. m <<= 8;
  790. if (*hostname) {
  791. val = 0;
  792. while (*hostname && *hostname != '.') {
  793. val *= 10;
  794. val += *hostname - '0';
  795. if (val > 255) {
  796. dbgx(4, "value %d > 255 for dotted quad", val);
  797. /* this is actually 255.255.255.255 */
  798. return (-1);
  799. }
  800. hostname++;
  801. }
  802. m |= val;
  803. if (*hostname) {
  804. hostname++;
  805. }
  806. }
  807. }
  808. /* host byte order */
  809. return (ntohl(m));
  810. }
  811. }
  812. /**
  813. * \brief Converts human readable IPv6 address to binary value
  814. *
  815. * Wrapper around inet_pton
  816. * Returns 1 for valid, 0 for not parsable and -1 for system error.
  817. * Does not support DNS.
  818. */
  819. int
  820. get_name2addr6(const char *hostname, bool dnslookup, struct tcpr_in6_addr *addr)
  821. {
  822. (void)dnslookup; /* prevent warning about unused arg */
  823. #ifdef HAVE_INET_PTON
  824. return inet_pton(AF_INET6, hostname, addr);
  825. #else
  826. #error "Unable to support get_name2addr6: Missing inet_pton() support."
  827. #endif
  828. }
  829. /**
  830. * \brief Converts binary IPv4 address to a string.
  831. *
  832. * Generic wrapper around inet_ntop() and inet_ntoa() depending on whichever
  833. * is available on your system. Does not support DNS.
  834. */
  835. const char *
  836. get_addr2name4(uint32_t ip, bool _U_ dnslookup)
  837. {
  838. struct in_addr addr;
  839. static char *new_string = NULL;
  840. if (new_string == NULL)
  841. new_string = (char *)safe_malloc(255);
  842. new_string[0] = '\0';
  843. addr.s_addr = ip;
  844. #ifdef HAVE_INET_NTOP
  845. if (inet_ntop(AF_INET, &addr, new_string, 255) == NULL) {
  846. warnx("Unable to convert 0x%x to a string", ip);
  847. new_string[0] = 0;
  848. }
  849. return new_string;
  850. #elif defined HAVE_INET_NTOA
  851. return inet_ntoa(&addr);
  852. #else
  853. #error "Unable to support get_addr2name4."
  854. #endif
  855. }
  856. /**
  857. * \brief Converts a IPv6 binary address to a string.a
  858. *
  859. * Does not support DNS.
  860. */
  861. const char *
  862. get_addr2name6(const struct tcpr_in6_addr *addr, _U_ bool dnslookup)
  863. {
  864. static char *new_string = NULL;
  865. if (new_string == NULL)
  866. new_string = (char *)safe_malloc(255);
  867. new_string[0] = '\0';
  868. #ifdef HAVE_INET_NTOP
  869. if (inet_ntop(AF_INET6, addr, new_string, 255) == NULL) {
  870. warn("Unable to convert addr to a string");
  871. new_string[0] = 0;
  872. }
  873. return new_string;
  874. #else
  875. #error "Unable to support get_addr2name6."
  876. #endif
  877. }
  878. /**
  879. * \brief Converts the binary network address of a tcpr_cidr_t to a string
  880. */
  881. const char *
  882. get_cidr2name(const tcpr_cidr_t *cidr_ptr, bool dnslookup)
  883. {
  884. if (cidr_ptr->family == AF_INET) {
  885. return get_addr2name4(cidr_ptr->u.network, dnslookup);
  886. } else if (cidr_ptr->family == AF_INET6) {
  887. return get_addr2name6(&cidr_ptr->u.network6, dnslookup);
  888. } else {
  889. return NULL;
  890. }
  891. }