123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957 |
- /* $Id$ */
- /*
- * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
- * Copyright (c) 2013-2022 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
- *
- * The Tcpreplay Suite of tools is free software: you can redistribute it
- * and/or modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or with the authors permission any later version.
- *
- * The Tcpreplay Suite is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
- */
- #include "config.h"
- #include "defines.h"
- #include "common.h"
- #include "../../lib/sll.h"
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <ctype.h>
- #include <string.h>
- #include <stdlib.h>
- #ifdef DEBUG
- extern int debug;
- #endif
- #if defined HAVE_PCAP_VERSION && ! defined HAVE_WIN32
- extern const char pcap_version[];
- #endif
- #define JUNIPER_FLAG_NO_L2 0x02 /* L2 header */
- #define JUNIPER_FLAG_EXT 0x80 /* Juniper extensions present */
- #define JUNIPER_PCAP_MAGIC "MGC"
- static void *
- get_ipv6_next(struct tcpr_ipv6_ext_hdr_base *exthdr, const u_char *end_ptr);
- /**
- * Depending on what version of libpcap/WinPcap there are different ways to get
- * the version of the libpcap/WinPcap library. This presents a unified way to
- * get that information.
- */
- const char *
- get_pcap_version(void)
- {
- #if defined HAVE_WINPCAP
- static char ourver[255];
- char *last, *version;
- /* WinPcap returns a string like:
- * WinPcap version 4.0 (packet.dll version 4.0.0.755), based on libpcap version 0.9.5
- */
- version = safe_strdup(pcap_lib_version());
- strtok_r(version, " ", &last);
- strtok_r(NULL, " ", &last);
- strlcpy(ourver, strtok_r(NULL, " ", &last), 255);
- safe_free(version);
- return ourver;
- #elif defined HAVE_PCAP_VERSION
- return pcap_version;
- #else
- return pcap_lib_version();
- #endif
- }
- /*
- * Advance L2 protocol and L2 length past any MPLS labels.
- * e.g. https://www.cloudshark.org/captures/20f210391b21
- *
- * If EoMPLS is detected, also advance L2 offset to point to the
- * encapsulated L2.
- * e.g. https://www.cloudshark.org/captures/b15412060b3d
- *
- * pktdata: pointer to the raw packet
- * datalen: number of bytes captured in the packet
- * next_protocol: reference to the next L2 protocol to be examined and possibly updated
- * l2len: reference to the length of the L2 header discovered so far
- * l2offset: reference to the offset to the start of the L2 header - typically 0
- *
- * return 0 on success, -1 on failure
- */
- int parse_mpls(const u_char *pktdata,
- const uint32_t datalen,
- uint16_t *next_protocol,
- uint32_t *l2len,
- uint32_t *l2offset)
- {
- struct tcpr_mpls_label *mpls_label;
- const u_char *end_ptr = pktdata + datalen;
- u_char first_nibble;
- eth_hdr_t *eth_hdr;
- bool bos = false;
- uint32_t label;
- int len;
- assert(next_protocol);
- assert(l2len);
- assert(l2offset);
- len = (int)*l2len;
- /* move over MPLS labels until we get to the last one */
- while (!bos) {
- if (pktdata + len + sizeof(*mpls_label) > end_ptr)
- return -1;
- mpls_label = (struct tcpr_mpls_label*)(pktdata + len);
- len += sizeof(*mpls_label);
- bos = (ntohl(mpls_label->entry) & MPLS_LS_S_MASK) != 0;
- label = ntohl(mpls_label->entry) >> MPLS_LS_LABEL_SHIFT;
- if (label == MPLS_LABEL_GACH) {
- /* Generic Associated Channel Header */
- warn("GACH MPLS label not supported at this time");
- return -1;
- }
- }
- if ((u_char*)mpls_label + 1 > end_ptr)
- return -1;
- first_nibble = *((u_char *)(mpls_label + 1)) >> 4;
- switch(first_nibble) {
- case 4:
- *next_protocol = ETHERTYPE_IP;
- break;
- case 6:
- *next_protocol = ETHERTYPE_IP6;
- break;
- case 0:
- /* EoMPLS - jump over PW Ethernet Control Word and handle
- * inner Ethernet header
- */
- if (pktdata + len + 4 + sizeof(*eth_hdr) > end_ptr)
- return -1;
- len += 4;
- *l2offset = len;
- eth_hdr = (eth_hdr_t*)(pktdata + len);
- len += sizeof(*eth_hdr);
- *next_protocol = ntohs(eth_hdr->ether_type);
- break;
- default:
- /* suspect Generic Associated Channel Header */
- return -1;
- }
- *l2len = (uint32_t)len;
- return 0;
- }
- /*
- * Advance L2 protocol and L2 length past any VLAN tags.
- * e.g. https://www.cloudshark.org/captures/e4fa464563d2
- *
- * pktdata: pointer to the raw packet
- * datalen: number of bytes captured in the packet
- * next_protocol: reference to the next L2 protocol to be examined and possibly updated
- * l2len: reference to the length of the L2 header discovered so far
- *
- * return 0 on success, -1 on failure
- */
- int parse_vlan(const u_char *pktdata,
- const uint32_t datalen,
- uint16_t *next_protocol,
- uint32_t *l2len)
- {
- vlan_hdr_t *vlan_hdr;
- if ((size_t)datalen < *l2len + sizeof(*vlan_hdr))
- return -1;
- vlan_hdr = (vlan_hdr_t*)(pktdata + *l2len);
- *next_protocol = ntohs(vlan_hdr->vlan_tpid);
- *l2len += sizeof(vlan_hdr_t);
- return 0;
- }
- /*
- * Loop through all non-protocol L2 headers while updating key variables
- *
- * pktdata: pointer to the raw packet
- * datalen: number of bytes captured in the packet
- * next_protocol: reference to the next L2 protocol to be examined and possibly updated
- * l2len: reference to the length of the L2 header discovered so far
- * l2offset: reference to the offset to the start of the L2 header - typically 0
- * vlan_offset: reference to the offset to the start of the VLAN headers, if any
- *
- * return 0 on success, -1 on failure
- */
- static int parse_metadata(const u_char *pktdata,
- const uint32_t datalen,
- uint16_t *next_protocol,
- uint32_t *l2len,
- uint32_t *l2offset,
- uint32_t *vlan_offset)
- {
- bool done = false;
- int res = 0;
- while (!done && res == 0) {
- switch (*next_protocol) {
- case ETHERTYPE_VLAN:
- case ETHERTYPE_Q_IN_Q:
- case ETHERTYPE_8021QINQ:
- if (*vlan_offset == 0)
- *vlan_offset = *l2len;
- res = parse_vlan(pktdata, datalen, next_protocol, l2len);
- break;
- case ETHERTYPE_MPLS:
- case ETHERTYPE_MPLS_MULTI:
- res = parse_mpls(pktdata, datalen, next_protocol, l2len, l2offset);
- break;
- default:
- done = true;
- }
- }
- return res;
- }
- /*
- * Parse raw packet and get the L3 protocol and L2 length. In cases where the
- * L2 header is not at the beginning of the packet
- * (e.g. DLT_JUNIPER_ETHER or EoMPLS), report the offset to the start of the
- * L2 header
- *
- * pktdata: pointer to the raw packet
- * datalen: number of bytes captured in the packet
- * datalink: data link type of the packet
- * protocol: reference to the L3 protocol as discovered in the L2 header
- * l2len: reference to the total length of the L2 header
- * l2offset: reference to the offset to the start of the L2 header (typically 0)
- * vlan_offset: reference to the offset to the start of the VLAN headers, if any
- *
- * return 0 on success, -1 on failure
- */
- int get_l2len_protocol(const u_char *pktdata,
- const uint32_t datalen,
- const int datalink,
- uint16_t *protocol,
- uint32_t *l2len,
- uint32_t *l2offset,
- uint32_t *vlan_offset)
- {
- assert(protocol);
- assert(l2len);
- assert(l2offset);
- assert(vlan_offset);
- if (!pktdata || !datalen) {
- errx(-1, "get_l2len_protocol: invalid L2 parameters: pktdata=0x%p len=%d",
- pktdata,
- datalen);
- return -1;
- }
- *protocol = 0;
- *l2len = 0;
- *l2offset = 0;
- *vlan_offset = 0;
- switch (datalink) {
- case DLT_NULL:
- case DLT_RAW:
- if (datalen == 0)
- return -1;
- if ((pktdata[0] >> 4) == 4)
- *protocol = ETHERTYPE_IP;
- else if ((pktdata[0] >> 4) == 6)
- *protocol = ETHERTYPE_IP6;
- break;
- case DLT_JUNIPER_ETHER:
- if (datalen < 4)
- return -1;
- if (memcmp(pktdata, JUNIPER_PCAP_MAGIC, 3)) {
- warnx("No Magic Number found during protocol lookup: %s (0x%x)",
- pcap_datalink_val_to_description(datalink),
- datalink);
- return -1;
- }
- if ((pktdata[3] & JUNIPER_FLAG_EXT) == JUNIPER_FLAG_EXT) {
- if (datalen < 6)
- return -1;
- *l2offset = ntohs(*((uint16_t*)&pktdata[4]));
- *l2offset += 6; /* MGC + flags + ext_total_len */
- } else {
- *l2offset = 4; /* MGC + flags (no header extensions) */
- }
- if ((pktdata[3] & JUNIPER_FLAG_NO_L2) == JUNIPER_FLAG_NO_L2) {
- /* no L2 header present - *l2offset is actually IP offset */
- uint32_t ip_hdr_offset = *l2offset;
- if (datalen < ip_hdr_offset + 1)
- return -1;
- if ((pktdata[ip_hdr_offset] >> 4) == 4)
- *protocol = ETHERTYPE_IP;
- else if ((pktdata[ip_hdr_offset] >> 4) == 6)
- *protocol = ETHERTYPE_IP6;
- return 0;
- }
- /* fall through */
- case DLT_EN10MB:
- {
- eth_hdr_t *eth_hdr;
- uint16_t ether_type;
- uint32_t l2_net_off = sizeof(*eth_hdr) + *l2offset;
- if (datalen <= l2_net_off)
- return -1;
- eth_hdr = (eth_hdr_t*)(pktdata + *l2offset);
- ether_type = ntohs(eth_hdr->ether_type);
- if (parse_metadata(pktdata,
- datalen,
- ðer_type,
- &l2_net_off,
- l2offset,
- vlan_offset))
- return -1;
- if (datalen <= l2_net_off)
- return -1;
- *l2len = l2_net_off;
- if (ether_type > 1500) {
- /* Ethernet II frame - return in host order */
- *protocol = ether_type;
- } else {
- /* 803.3 frame */
- if ((pktdata[l2_net_off] >> 4) == 4)
- *protocol = ETHERTYPE_IP;
- else if ((pktdata[l2_net_off] >> 4) == 6)
- *protocol = ETHERTYPE_IP6;
- else
- /* unsupported 802.3 protocol */
- return -1;
- }
- break;
- }
- case DLT_PPP_SERIAL:
- if ((size_t)datalen < sizeof(struct tcpr_pppserial_hdr))
- return -1;
- struct tcpr_pppserial_hdr *ppp = (struct tcpr_pppserial_hdr*)pktdata;
- *l2len = sizeof(*ppp);
- if (ntohs(ppp->protocol) == 0x0021)
- *protocol = ETHERTYPE_IP;
- else
- *protocol = ntohs(ppp->protocol);
- break;
- case DLT_C_HDLC:
- if (datalen < CISCO_HDLC_LEN)
- return -1;
- hdlc_hdr_t *hdlc_hdr = (hdlc_hdr_t*)pktdata;
- *l2len = sizeof(*hdlc_hdr);
- *protocol = ntohs(hdlc_hdr->protocol);
- break;
- case DLT_LINUX_SLL:
- if (datalen < SLL_HDR_LEN)
- return -1;
- sll_hdr_t *sll_hdr = (sll_hdr_t*)pktdata;
- *l2len = sizeof(*sll_hdr);
- *protocol = ntohs(sll_hdr->sll_protocol);
- break;
- default:
- errx(-1, "Unable to process unsupported DLT type: %s (0x%x)",
- pcap_datalink_val_to_description(datalink),
- datalink);
- }
- return 0;
- }
- /**
- * returns the length in number of bytes of the L2 header, or -1 on error
- */
- int
- get_l2len(const u_char *pktdata, const int datalen, const int datalink)
- {
- uint16_t _U_ protocol;
- uint32_t _U_ l2offset;
- uint32_t _U_ vlan_offset;
- uint32_t l2len = 0;
- int res = get_l2len_protocol(pktdata,
- datalen,
- datalink,
- &protocol,
- &l2len,
- &l2offset,
- &vlan_offset);
- if (res == -1)
- return 0;
- return l2len;
- }
- /**
- * \brief returns a ptr to the ipv4 header + data or NULL if it's not IP
- *
- * we may use an extra buffer for the IP header (and above)
- * on strictly aligned systems where the layer 2 header doesn't
- * fall on a 4 byte boundary (like a standard Ethernet header)
- *
- * Note: you can cast the result as an ip_hdr_t, but you'll be able
- * to access data above the header minus any stripped L2 data
- */
- const u_char *
- get_ipv4(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
- {
- const u_char *packet = pktdata;
- const u_char *ip_hdr = NULL;
- ssize_t pkt_len = datalen;
- uint32_t _U_ vlan_offset;
- uint32_t l2offset;
- uint16_t proto;
- uint32_t l2len;
- int res;
- assert(packet);
- assert(pkt_len);
- assert(*newbuff);
- res = get_l2len_protocol(packet,
- pkt_len,
- datalink,
- &proto,
- &l2len,
- &l2offset,
- &vlan_offset);
- /* sanity... pkt_len must be > l2len + IP header len*/
- if (res == -1 || l2len + TCPR_IPV4_H > pkt_len) {
- dbg(1, "get_ipv4(): Layer 2 len > total packet len, hence no IP header");
- return NULL;
- }
- if (proto != ETHERTYPE_IP)
- return NULL;
- packet += l2offset;
- l2len -= l2offset;
- pkt_len -= l2offset;
- #ifdef FORCE_ALIGN
- /*
- * copy layer 3 and up to our temp packet buffer
- * for now on, we have to edit the packetbuff because
- * just before we send the packet, we copy the packetbuff
- * back onto the pkt.data + l2len buffer
- * we do all this work to prevent byte alignment issues
- */
- if (l2len % sizeof(long)) {
- memcpy(*newbuff, (packet + l2len), (pkt_len - l2len));
- ip_hdr = *newbuff;
- } else {
- /* we don't have to do a memcpy if l2len lands on a boundary */
- ip_hdr = (packet + l2len);
- }
- #else
- /*
- * on non-strict byte align systems, don't need to memcpy(),
- * just point to l2len bytes into the existing buffer
- */
- ip_hdr = (packet + l2len);
- #endif
- return ip_hdr;
- }
- /**
- * \brief returns a ptr to the ipv6 header + data or NULL if it's not IP
- *
- * we may use an extra buffer for the IP header (and above)
- * on strictly aligned systems where the layer 2 header doesn't
- * fall on a 4 byte boundary (like a standard Ethernet header)
- *
- * Note: you can cast the result as an ip_hdr_t, but you'll be able
- * to access data above the header minus any stripped L2 data
- */
- const u_char *
- get_ipv6(const u_char *pktdata, int datalen, int datalink, u_char **newbuff)
- {
- const u_char *packet = pktdata;
- const u_char *ip6_hdr = NULL;
- ssize_t pkt_len = datalen;
- uint32_t _U_ vlan_offset;
- uint32_t l2offset;
- uint16_t proto;
- uint32_t l2len;
- int res;
- assert(packet);
- assert(pkt_len);
- assert(*newbuff);
- res = get_l2len_protocol(packet,
- pkt_len,
- datalink,
- &proto,
- &l2len,
- &l2offset,
- &vlan_offset);
- /* sanity... pkt_len must be > l2len + IP header len*/
- if (res == -1 || l2len + TCPR_IPV6_H > pkt_len) {
- dbg(1, "get_ipv6(): Layer 2 len > total packet len, hence no IPv6 header");
- return NULL;
- }
- if (proto != ETHERTYPE_IP6)
- return NULL;
- packet += l2offset;
- l2len -= l2offset;
- pkt_len -= l2offset;
- #ifdef FORCE_ALIGN
- /*
- * copy layer 3 and up to our temp packet buffer
- * for now on, we have to edit the packetbuff because
- * just before we send the packet, we copy the packetbuff
- * back onto the pkt.data + l2len buffer
- * we do all this work to prevent byte alignment issues
- */
- if (l2len % sizeof(long)) {
- memcpy(*newbuff, (packet + l2len), (pkt_len - l2len));
- ip6_hdr = *newbuff;
- } else {
- /* we don't have to do a memcpy if l2len lands on a boundary */
- ip6_hdr = (packet + l2len);
- }
- #else
- /*
- * on non-strict byte align systems, don't need to memcpy(),
- * just point to l2len bytes into the existing buffer
- */
- ip6_hdr = (packet + l2len);
- #endif
- return ip6_hdr;
- }
- /**
- * \brief returns a pointer to the layer 4 header which is just beyond the IPv4 header
- *
- * If the packet is to short, returns NULL
- */
- void *
- get_layer4_v4(const ipv4_hdr_t *ip_hdr, const u_char *end_ptr)
- {
- void *ptr;
- assert(ip_hdr);
- assert(end_ptr);
- ptr = (u_char *)ip_hdr + (ip_hdr->ip_hl << 2);
- /* make sure we don't jump over the end of the buffer */
- if ((u_char *)ptr > end_ptr)
- return NULL;
- return ((void *)ptr);
- }
- /**
- * returns a pointer to the layer 4 header which is just beyond the IPv6 header
- * and any extension headers or NULL when there is none as in the case of
- * v6 Frag or ESP header. Function is recursive.
- */
- void *
- get_layer4_v6(const ipv6_hdr_t *ip6_hdr, const u_char *end_ptr)
- {
- struct tcpr_ipv6_ext_hdr_base *next, *exthdr;
- bool done = false;
- uint8_t proto;
- assert(ip6_hdr);
- assert(end_ptr);
- /* jump to the end of the IPv6 header */
- next = (struct tcpr_ipv6_ext_hdr_base *)((u_char *)ip6_hdr + TCPR_IPV6_H);
- if ((u_char*)next > end_ptr)
- return NULL;
- proto = ip6_hdr->ip_nh;
- while (!done) {
- dbgx(3, "Processing proto: 0x%hx", (uint16_t)proto);
- switch (proto) {
- /* recurse due to v6-in-v6, need to recast next as an IPv6 Header */
- case TCPR_IPV6_NH_IPV6:
- dbg(3, "recursing due to v6-in-v6");
- next = get_layer4_v6((ipv6_hdr_t *)next, end_ptr);
- break;
- /* loop again */
- case TCPR_IPV6_NH_AH:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- dbgx(3, "Going deeper due to extension header 0x%02X", proto);
- exthdr = get_ipv6_next(next, end_ptr);
- if (exthdr == NULL) {
- next = NULL;
- done = true;
- break;
- }
- proto = exthdr->ip_nh;
- next = exthdr;
- break;
- /*
- * Can't handle. Unparsable IPv6 fragment/encrypted data
- */
- case TCPR_IPV6_NH_FRAGMENT:
- case TCPR_IPV6_NH_ESP:
- next = NULL;
- done = true;
- break;
- /*
- * no further processing, either TCP, UDP, ICMP, etc...
- */
- default:
- if (proto != ip6_hdr->ip_nh) {
- dbgx(3, "Returning byte offset of this ext header: %u",
- IPV6_EXTLEN_TO_BYTES(next->ip_len));
- next = (void *)((u_char *)next + IPV6_EXTLEN_TO_BYTES(next->ip_len));
- } else {
- dbgx(3, "%s", "Returning end of IPv6 Header");
- }
- done = true;
- } /* switch */
- if (next == NULL)
- done = true;
- } /* while */
- return next;
- }
- /**
- * returns the next payload or header of the current extension header
- * returns NULL for none/ESP.
- */
- static void *
- get_ipv6_next(struct tcpr_ipv6_ext_hdr_base *exthdr, const u_char *end_ptr)
- {
- uint8_t extlen = 0;
- u_char *ptr;
- assert(exthdr);
- if ((u_char*)exthdr + sizeof(*exthdr) > end_ptr)
- return NULL;
- dbgx(3, "Jumping to next IPv6 header. Processing 0x%02x", exthdr->ip_nh);
- switch (exthdr->ip_nh) {
- /* no further processing */
- case TCPR_IPV6_NH_NO_NEXT:
- case TCPR_IPV6_NH_ESP:
- dbg(3, "No-Next or ESP... can't go any further...");
- return NULL;
- break;
- /*
- * fragment header is fixed size
- * FIXME: Frag header has further ext headers (has a ip_nh field)
- * but I don't support it because there's never a full L4 + payload beyond.
- */
- case TCPR_IPV6_NH_FRAGMENT:
- dbg(3, "Looks like were a fragment header. Returning some frag'd data.");
- ptr = (void *)((u_char *)exthdr + sizeof(struct tcpr_ipv6_frag_hdr));
- if (ptr > end_ptr)
- return NULL;
- return (void *)ptr;
- break;
- /* all the rest require us to go deeper using the ip_len field */
- case TCPR_IPV6_NH_IPV6:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- case TCPR_IPV6_NH_AH:
- extlen = IPV6_EXTLEN_TO_BYTES(exthdr->ip_len);
- dbgx(3, "Looks like we're an ext header (0x%hhx). Jumping %u bytes"
- " to the next", exthdr->ip_nh, extlen);
- ptr = (u_char *)exthdr + extlen;
- if (ptr > end_ptr)
- return NULL;
- return (void *)ptr;
- break;
- default:
- dbg(3, "Must not be a v6 extension header... returning self");
- return (void *)exthdr;
- break;
- }
- }
- /**
- * returns the protocol of the actual layer4 header by processing through
- * the extension headers
- */
- uint8_t
- get_ipv6_l4proto(const ipv6_hdr_t *ip6_hdr, const u_char *end_ptr)
- {
- u_char *ptr = (u_char *)ip6_hdr + TCPR_IPV6_H; /* jump to the end of the IPv6 header */
- uint8_t proto;
- struct tcpr_ipv6_ext_hdr_base *exthdr = NULL;
- assert(ip6_hdr);
- if (ptr > end_ptr)
- return TCPR_IPV6_NH_NO_NEXT;
- proto = ip6_hdr->ip_nh;
- while (TRUE) {
- dbgx(3, "Processing next proto 0x%02X", proto);
- switch (proto) {
- /* no further processing for IPV6 types with nothing beyond them */
- case TCPR_IPV6_NH_NO_NEXT:
- case TCPR_IPV6_NH_FRAGMENT:
- case TCPR_IPV6_NH_ESP:
- dbg(3, "No-Next or ESP... can't go any further...");
- return proto;
- break;
- /* recurse */
- case TCPR_IPV6_NH_IPV6:
- dbg(3, "Recursing due to v6 in v6");
- return get_ipv6_l4proto((ipv6_hdr_t *)ptr, end_ptr);
- break;
- /* loop again */
- case TCPR_IPV6_NH_AH:
- case TCPR_IPV6_NH_ROUTING:
- case TCPR_IPV6_NH_DESTOPTS:
- case TCPR_IPV6_NH_HBH:
- dbgx(3, "Jumping to next extension header (0x%hhx)", proto);
- exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr,
- end_ptr);
- if (exthdr == NULL || (u_char*)exthdr + sizeof(*exthdr) > end_ptr)
- return TCPR_IPV6_NH_NO_NEXT;
- proto = exthdr->ip_nh;
- ptr = (u_char *)exthdr;
- break;
- /* should be TCP, UDP or the like */
- default:
- dbgx(3, "Selecting next L4 Proto as: 0x%02x", proto);
- return proto;
- } /* switch */
- } /* while */
- }
- /**
- * \brief Converts a human readable IPv4 address to a binary one
- *
- * stolen from LIBNET since I didn't want to have to deal with
- * passing a libnet_t around. Returns 0xFFFFFFFF (255.255.255.255)
- * on error
- */
- uint32_t
- get_name2addr4(const char *hostname, bool dnslookup)
- {
- struct in_addr addr;
- #if ! defined HAVE_INET_ATON && defined HAVE_INET_ADDR
- struct hostent *host_ent;
- #endif
- if (dnslookup) {
- #ifdef HAVE_INET_ATON
- if (inet_aton(hostname, &addr) != 1) {
- return(0xffffffff);
- }
- #elif defined HAVE_INET_ADDR
- if ((addr.s_addr = inet_addr(hostname)) == INADDR_NONE) {
- if (!(host_ent = gethostbyname(hostname))) {
- warnx("unable to resolve %s: %s", hostname, strerror(errno));
- /* this is actually 255.255.255.255 */
- return (0xffffffff);
- }
- /* was: host_ent->h_length); */
- memcpy(&addr.s_addr, host_ent->h_addr, sizeof(addr.s_addr));
- }
- #else
- warn("Unable to support get_name2addr4 w/ resolve");
- /* call ourselves recursively once w/o resolving the hostname */
- return get_name2addr4(hostname, DNS_DONT_RESOLVE);
- #endif
- /* return in network byte order */
- return (addr.s_addr);
- } else {
- /*
- * We only want dots 'n decimals.
- */
- int i;
- uint32_t m;
- if (!isdigit(hostname[0])) {
- warnx("Expected dotted-quad notation (%s) when DNS lookups are disabled",
- hostname);
- /* XXX - this is actually 255.255.255.255 */
- return (-1);
- }
- m = 0;
- for (i = 0; i < 4; i++) {
- u_int val;
- m <<= 8;
- if (*hostname) {
- val = 0;
- while (*hostname && *hostname != '.') {
- val *= 10;
- val += *hostname - '0';
- if (val > 255) {
- dbgx(4, "value %d > 255 for dotted quad", val);
- /* this is actually 255.255.255.255 */
- return (-1);
- }
- hostname++;
- }
- m |= val;
- if (*hostname) {
- hostname++;
- }
- }
- }
- /* host byte order */
- return (ntohl(m));
- }
- }
- /**
- * \brief Converts human readable IPv6 address to binary value
- *
- * Wrapper around inet_pton
- * Returns 1 for valid, 0 for not parsable and -1 for system error.
- * Does not support DNS.
- */
- int
- get_name2addr6(const char *hostname, bool dnslookup, struct tcpr_in6_addr *addr)
- {
- (void)dnslookup; /* prevent warning about unused arg */
- #ifdef HAVE_INET_PTON
- return inet_pton(AF_INET6, hostname, addr);
- #else
- #error "Unable to support get_name2addr6: Missing inet_pton() support."
- #endif
- return -1;
- }
- /**
- * \brief Converts binary IPv4 address to a string.
- *
- * Generic wrapper around inet_ntop() and inet_ntoa() depending on whichever
- * is available on your system. Does not support DNS.
- */
- const char *
- get_addr2name4(const uint32_t ip, bool _U_ dnslookup)
- {
- struct in_addr addr;
- static char *new_string = NULL;
- if (new_string == NULL)
- new_string = (char *)safe_malloc(255);
- new_string[0] = '\0';
- addr.s_addr = ip;
- #ifdef HAVE_INET_NTOP
- if (inet_ntop(AF_INET, &addr, new_string, 255) == NULL) {
- warnx("Unable to convert 0x%x to a string", ip);
- new_string[0] = 0;
- }
- return new_string;
- #elif defined HAVE_INET_NTOA
- return inet_ntoa(&addr);
- #else
- #error "Unable to support get_addr2name4."
- #endif
- }
- /**
- * \brief Converts a IPv6 binary address to a string.a
- *
- * Does not support DNS.
- */
- const char *
- get_addr2name6(const struct tcpr_in6_addr *addr, _U_ bool dnslookup)
- {
- static char *new_string = NULL;
- if (new_string == NULL)
- new_string = (char *)safe_malloc(255);
- new_string[0] = '\0';
- #ifdef HAVE_INET_NTOP
- if (inet_ntop(AF_INET6, addr, new_string, 255) == NULL) {
- warn("Unable to convert addr to a string");
- new_string[0] = 0;
- }
- return new_string;
- #else
- #error "Unable to support get_addr2name6."
- #endif
- }
- /**
- * \brief Converts the binary network address of a tcpr_cidr_t to a string
- */
- const char *
- get_cidr2name(const tcpr_cidr_t *cidr_ptr, bool dnslookup)
- {
- if (cidr_ptr->family == AF_INET) {
- return get_addr2name4(cidr_ptr->u.network, dnslookup);
- } else if (cidr_ptr->family == AF_INET6) {
- return get_addr2name6(&cidr_ptr->u.network6, dnslookup);
- } else {
- return NULL;
- }
- }
|