void process_gre_pptp(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned flags;
unsigned offset;
unsigned payload_length;
unsigned call_id;
unsigned sequence_number;
unsigned acknowledgement_number;
/*
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C|R|K|S|s|Recur|A| Flags | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (HW) Payload Length | Key (LW) Call ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
flags = ex16be(px);
payload_length = ex16be(px+4);
call_id = ex16be(px+6);
if ((flags&0xE80F) != 0x2001) {
FRAMERR_UNKNOWN_UNSIGNED(frame, "gre", flags);
return;
}
offset = 8;
if (flags & 0x1000) {
sequence_number = ex32be(px+offset);
offset += 4;
}
if (flags & 0x0080) {
acknowledgement_number = ex32be(px+offset);
offset += 4;
}
if (offset >= length) {
FRAMERR_TRUNCATED(frame, "gre");
return;
}
process_pptp(seap, frame, px+offset, length-offset);
}
void process_gre(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned flags;
unsigned version;
unsigned protocol;
unsigned offset;
/*
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C|R|K|S|s|Recur| Flags | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Offset (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Routing (optional)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
if (length < 8) {
FRAMERR_TRUNCATED(frame, "gre");
return;
}
flags = ex16be(px);
version = px[1]&0x7;
protocol = ex16be(px+2);
offset = 4;
if (version == 1 && protocol == 0x880b)
process_gre_pptp(seap, frame, px, length);
else {
FRAMERR_UNKNOWN_UNSIGNED(frame, "gre", version);
}
}
void process_isakmp(struct Ferret *ferret, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned type;
return; /*TODO: add code later */
if (length < 1) {
FRAMERR_TRUNCATED(frame, "isakmp");
return;
}
type = px[0];
SAMPLE(ferret,"ISAKMP", JOT_NUM("type", type));
switch (type) {
case 0xFF: /* keep alive */
break;
default:
FRAMERR_UNKNOWN_UNSIGNED(frame, "isakmp", type);
break;
}
}
void process_udp(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned offset=0;
struct {
unsigned src_port;
unsigned dst_port;
unsigned length;
unsigned checksum;
} udp;
if (length == 0) {
FRAMERR(frame, "udp: frame empty\n");
return;
}
if (length < 8) {
FRAMERR(frame, "udp: frame too short\n");
return;
}
udp.src_port = ex16be(px+0);
udp.dst_port = ex16be(px+2);
udp.length = ex16be(px+4);
udp.checksum = ex16be(px+6);
frame->src_port = udp.src_port;
frame->dst_port = udp.dst_port;
if (udp.length < 8) {
FRAMERR_TRUNCATED(frame, "udp");
return;
}
if (length > udp.length)
length = udp.length;
offset += 8;
switch (frame->dst_ipv4) {
case 0xe0000123: /* 224.0.1.35 - SLP */
if (udp.dst_port == 427)
SAMPLE("SLP", "packet", REC_SZ, "test",-1);
else
FRAMERR(frame, "unknown port %d\n", udp.dst_port);
return;
}
SAMPLE("UDP", "src", REC_UNSIGNED, &udp.src_port, sizeof(udp.src_port));
SAMPLE("UDP", "dst", REC_UNSIGNED, &udp.dst_port, sizeof(udp.dst_port));
switch (udp.src_port) {
case 68:
case 67:
process_dhcp(seap, frame, px+offset, length-offset);
break;
case 53:
process_dns(seap, frame, px+offset, length-offset);
break;
case 137:
process_dns(seap, frame, px+offset, length-offset);
break;
case 138:
process_netbios_dgm(seap, frame, px+offset, length-offset);
break;
case 389:
process_ldap(seap, frame, px+offset, length-offset);
break;
case 631:
if (udp.dst_port == 631) {
process_cups(seap, frame, px+offset, length-offset);
}
break;
case 1900:
if (length-offset > 9 && memicmp(px+offset, "HTTP/1.1 ", 9) == 0) {
process_upnp_response(seap, frame, px+offset, length-offset);
}
break;
case 14906: /* ??? */
break;
case 4500:
break;
default:
switch (udp.dst_port) {
case 0:
break;
case 68:
case 67:
process_dhcp(seap, frame, px+offset, length-offset);
break;
case 53:
case 5353:
process_dns(seap, frame, px+offset, length-offset);
break;
case 137:
process_dns(seap, frame, px+offset, length-offset);
break;
case 138:
process_netbios_dgm(seap, frame, px+offset, length-offset);
break;
case 1900:
if (frame->dst_ipv4 == 0xeffffffa)
process_ssdp(seap, frame, px+offset, length-offset);
break;
case 5369:
break;
case 29301:
break;
case 123:
break;
case 5499:
break;
case 2233: /*intel/shiva vpn*/
break;
case 27900: /* GameSpy*/
break;
case 9283:
process_callwave_iam(seap, frame, px+offset, length-offset);
break;
case 161:
process_snmp(seap, frame, px+offset, length-offset);
break;
case 192: /* ??? */
break;
case 389:
process_ldap(seap, frame, px+offset, length-offset);
break;
case 427: /* SRVLOC */
process_srvloc(seap, frame, px+offset, length-offset);
break;
case 14906: /* ??? */
break;
case 500:
process_isakmp(seap, frame, px+offset, length-offset);
break;
case 2222:
break;
default:
if (frame->dst_ipv4 == 0xc0a8a89b || frame->src_ipv4 == 0xc0a8a89b)
;
else
FRAMERR(frame, "udp: unknown, [%d.%d.%d.%d]->[%d.%d.%d.%d] src=%d, dst=%d\n",
(frame->src_ipv4>>24)&0xFF,(frame->src_ipv4>>16)&0xFF,(frame->src_ipv4>>8)&0xFF,(frame->src_ipv4>>0)&0xFF,
(frame->dst_ipv4>>24)&0xFF,(frame->dst_ipv4>>16)&0xFF,(frame->dst_ipv4>>8)&0xFF,(frame->dst_ipv4>>0)&0xFF,
frame->src_port, frame->dst_port);
}
}
}
