static void receiver(lua_State *L, int cb_ref, struct nm_desc *d, unsigned int ring_id) {
struct pollfd fds;
struct netmap_ring *ring;
unsigned int i, len;
char *buf;
time_t now;
int pps;
now = time(NULL);
pps = 0;
while (1) {
fds.fd = d->fd;
fds.events = POLLIN;
int r = poll(&fds, 1, 1000);
if (r < 0) {
if (errno != EINTR) {
perror("poll()");
exit(3);
}
}
if (time(NULL) > now) {
printf("[+] receiving %d pps\n", pps);
pps = 0;
now = time(NULL);
}
ring = NETMAP_RXRING(d->nifp, ring_id);
while (!nm_ring_empty(ring)) {
i = ring->cur;
buf = NETMAP_BUF(ring, ring->slot[i].buf_idx);
len = ring->slot[i].len;
pps++;
if (filter_packet(L, cb_ref, buf, len)) {
// forward packet to kernel
ring->flags |= NR_FORWARD;
ring->slot[i].flags |= NS_FORWARD;
printf("+++ PASS\n");
} else {
// drop packet
printf("--- DROP\n");
}
ring->head = ring->cur = nm_ring_next(ring, i);
}
}
}
static int tee_write_packet(AVFormatContext *avf, AVPacket *pkt)
{
TeeContext *tee = avf->priv_data;
AVFormatContext *avf2;
AVPacket pkt2;
int ret_all = 0, ret;
unsigned i, s;
int s2;
AVRational tb, tb2;
for (i = 0; i < tee->nb_slaves; i++) {
avf2 = tee->slaves[i].avf;
s = pkt->stream_index;
s2 = tee->slaves[i].stream_map[s];
if (s2 < 0)
continue;
if ((ret = av_copy_packet(&pkt2, pkt)) < 0 ||
(ret = av_dup_packet(&pkt2))< 0)
if (!ret_all) {
ret_all = ret;
continue;
}
tb = avf ->streams[s ]->time_base;
tb2 = avf2->streams[s2]->time_base;
pkt2.pts = av_rescale_q(pkt->pts, tb, tb2);
pkt2.dts = av_rescale_q(pkt->dts, tb, tb2);
pkt2.duration = av_rescale_q(pkt->duration, tb, tb2);
pkt2.stream_index = s2;
filter_packet(avf2, &pkt2, avf2, tee->slaves[i].bsfs[s2]);
if ((ret = av_interleaved_write_frame(avf2, &pkt2)) < 0)
if (!ret_all)
ret_all = ret;
}
return ret_all;
}
static void got_packet(UNUSED uint8_t *args, const struct pcap_pkthdr *header, const uint8_t *data)
{
static int count = 1; /* Packets seen */
/*
* Define pointers for packet's attributes
*/
const struct ip_header *ip; /* The IP header */
const struct udp_header *udp; /* The UDP header */
const uint8_t *payload; /* Packet payload */
/*
* And define the size of the structures we're using
*/
int size_ethernet = sizeof(struct ethernet_header);
int size_ip = sizeof(struct ip_header);
int size_udp = sizeof(struct udp_header);
/*
* For FreeRADIUS
*/
RADIUS_PACKET *packet, *original;
struct timeval elapsed;
/*
* Define our packet's attributes
*/
if ((data[0] == 2) && (data[1] == 0) &&
(data[2] == 0) && (data[3] == 0)) {
ip = (const struct ip_header*) (data + 4);
} else {
ip = (const struct ip_header*)(data + size_ethernet);
}
udp = (const struct udp_header*)(((const uint8_t *) ip) + size_ip);
payload = (const uint8_t *)(((const uint8_t *) udp) + size_udp);
packet = rad_alloc(NULL, 0);
if (!packet) {
fprintf(stderr, "Out of memory\n");
return;
}
packet->src_ipaddr.af = AF_INET;
packet->src_ipaddr.ipaddr.ip4addr.s_addr = ip->ip_src.s_addr;
packet->src_port = ntohs(udp->udp_sport);
packet->dst_ipaddr.af = AF_INET;
packet->dst_ipaddr.ipaddr.ip4addr.s_addr = ip->ip_dst.s_addr;
packet->dst_port = ntohs(udp->udp_dport);
memcpy(&packet->data, &payload, sizeof(packet->data));
packet->data_len = header->len - (payload - data);
if (!rad_packet_ok(packet, 0)) {
DEBUG(log_dst, "Packet: %s\n", fr_strerror());
DEBUG(log_dst, " From %s:%d\n", inet_ntoa(ip->ip_src), ntohs(udp->udp_sport));
DEBUG(log_dst, " To: %s:%d\n", inet_ntoa(ip->ip_dst), ntohs(udp->udp_dport));
DEBUG(log_dst, " Type: %s\n", fr_packet_codes[packet->code]);
rad_free(&packet);
return;
}
switch (packet->code) {
case PW_COA_REQUEST:
/* we need a 16 x 0 byte vector for decrypting encrypted VSAs */
original = nullpacket;
break;
case PW_AUTHENTICATION_ACK:
/* look for a matching request and use it for decoding */
original = rbtree_finddata(request_tree, packet);
break;
case PW_AUTHENTICATION_REQUEST:
/* save the request for later matching */
original = rad_alloc_reply(NULL, packet);
if (original) { /* just ignore allocation failures */
rbtree_deletebydata(request_tree, original);
rbtree_insert(request_tree, original);
}
/* fallthrough */
default:
/* don't attempt to decode any encrypted attributes */
original = NULL;
}
/*
* Decode the data without bothering to check the signatures.
*/
if (rad_decode(packet, original, radius_secret) != 0) {
rad_free(&packet);
fr_perror("decode");
return;
}
/*
* We've seen a successfull reply to this, so delete it now
*/
if (original)
rbtree_deletebydata(request_tree, original);
if (filter_vps && filter_packet(packet)) {
rad_free(&packet);
DEBUG(log_dst, "Packet number %d doesn't match\n", count++);
return;
}
if (out) {
pcap_dump((void *) out, header, data);
goto check_filter;
}
INFO(log_dst, "%s Id %d\t", fr_packet_codes[packet->code], packet->id);
/*
* Print the RADIUS packet
*/
INFO(log_dst, "%s:%d -> ", inet_ntoa(ip->ip_src), ntohs(udp->udp_sport));
INFO(log_dst, "%s:%d", inet_ntoa(ip->ip_dst), ntohs(udp->udp_dport));
DEBUG1(log_dst, "\t(%d packets)", count++);
if (!start_pcap.tv_sec) {
start_pcap = header->ts;
}
tv_sub(&header->ts, &start_pcap, &elapsed);
INFO(log_dst, "\t+%u.%03u", (unsigned int) elapsed.tv_sec,
(unsigned int) elapsed.tv_usec / 1000);
if (fr_debug_flag > 1) {
DEBUG(log_dst, "\n");
if (packet->vps) {
if (do_sort) sort(packet);
vp_printlist(log_dst, packet->vps);
pairfree(&packet->vps);
}
}
INFO(log_dst, "\n");
if (!to_stdout && (fr_debug_flag > 4)) {
rad_print_hex(packet);
}
fflush(log_dst);
check_filter:
/*
* If we're doing filtering, Access-Requests are cached in the
* filter tree.
*/
if (!filter_vps ||
((packet->code != PW_AUTHENTICATION_REQUEST) &&
(packet->code != PW_ACCOUNTING_REQUEST))) {
rad_free(&packet);
}
}
static void _router_process_route(component_t comp, nad_t nad) {
int atype, ato, afrom;
unsigned int dest;
struct jid_st sto, sfrom;
jid_static_buf sto_buf, sfrom_buf;
jid_t to = NULL, from = NULL;
routes_t targets;
component_t target;
union xhashv xhv;
/* init static jid */
jid_static(&sto,&sto_buf);
jid_static(&sfrom,&sfrom_buf);
if(nad_find_attr(nad, 0, -1, "error", NULL) >= 0) {
log_debug(ZONE, "dropping error packet, trying to avoid loops");
nad_free(nad);
return;
}
atype = nad_find_attr(nad, 0, -1, "type", NULL);
ato = nad_find_attr(nad, 0, -1, "to", NULL);
afrom = nad_find_attr(nad, 0, -1, "from", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
if(afrom >= 0) from = jid_reset(&sfrom, NAD_AVAL(nad, afrom), NAD_AVAL_L(nad, afrom));
/* unicast */
if(atype < 0) {
if(to == NULL || from == NULL) {
log_debug(ZONE, "unicast route with missing or invalid to or from, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
_router_comp_write(comp, nad);
return;
}
log_debug(ZONE, "unicast route from %s to %s", from->domain, to->domain);
/* check the from */
if(xhash_get(comp->routes, from->domain) == NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to send a packet from '%s', but that name is not bound to this component", comp->ip, comp->port, from->domain);
nad_set_attr(nad, 0, -1, "error", "401", 3);
_router_comp_write(comp, nad);
return;
}
/* filter it */
if(comp->r->filter != NULL) {
int ret = filter_packet(comp->r, nad);
if(ret == stanza_err_REDIRECT) {
ato = nad_find_attr(nad, 0, -1, "to", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
}
else if(ret > 0) {
log_debug(ZONE, "packet filtered out: %s (%s)", _stanza_errors[ret - stanza_err_BAD_REQUEST].name, _stanza_errors[ret - stanza_err_BAD_REQUEST].code);
nad_set_attr(nad, 0, -1, "error", _stanza_errors[ret - stanza_err_BAD_REQUEST].code, 3);
_router_comp_write(comp, nad);
return;
}
}
/* find a target */
targets = xhash_get(comp->r->routes, to->domain);
if(targets == NULL) {
if(comp->r->default_route != NULL && strcmp(from->domain, comp->r->default_route) == 0) {
log_debug(ZONE, "%s is unbound, bouncing", from->domain);
nad_set_attr(nad, 0, -1, "error", "404", 3);
_router_comp_write(comp, nad);
return;
}
targets = xhash_get(comp->r->routes, comp->r->default_route);
}
if(targets == NULL) {
log_debug(ZONE, "%s is unbound, and no default route, bouncing", to->domain);
nad_set_attr(nad, 0, -1, "error", "404", 3);
_router_comp_write(comp, nad);
return;
}
/* copy to any log sinks */
if(xhash_count(comp->r->log_sinks) > 0)
xhash_walk(comp->r->log_sinks, _router_route_log_sink, (void *) nad);
/* get route candidate */
if(targets->ncomp == 1) {
dest = 0;
}
else {
switch(targets->rtype) {
case route_MULTI_TO:
ato = nad_find_attr(nad, 1, -1, "to", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
ato = nad_find_attr(nad, 1, -1, "target", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
const char *out; int len;
nad_print(nad, 0, &out, &len);
log_write(comp->r->log, LOG_ERR, "Cannot get destination for multiple route: %.*s", len, out);
}
}
break;
case route_MULTI_FROM:
ato = nad_find_attr(nad, 1, -1, "from", NULL);
if(ato >= 0) to = jid_reset(&sto, NAD_AVAL(nad, ato), NAD_AVAL_L(nad, ato));
else {
const char *out; int len;
nad_print(nad, 0, &out, &len);
log_write(comp->r->log, LOG_ERR, "Cannot get source for multiple route: %.*s", len, out);
}
break;
default:
log_write(comp->r->log, LOG_ERR, "Multiple components bound to single component route '%s'", targets->name);
/* simulate no 'to' info in this case */
}
if(to->node == NULL || strlen(to->node) == 0) {
/* no node in destination JID - going random */
dest = rand();
log_debug(ZONE, "randomized to %u %% %d = %d", dest, targets->ncomp, dest % targets->ncomp);
}
else {
/* use JID hash */
unsigned char hashval[20];
unsigned int *val;
int i;
shahash_raw(jid_user(to), hashval);
val = (unsigned int *) hashval;
dest = *val;
for(i=1; i < 20 / (sizeof(unsigned int)/sizeof(unsigned char)); i++, val++) {
dest ^= *val;
}
dest >>= 2;
log_debug(ZONE, "JID %s hashed to %u %% %d = %d", jid_user(to), dest, targets->ncomp, dest % targets->ncomp);
/* jid_user() calls jid_expand() which may allocate some memory in _user and _full */
if (to->_user != NULL )
free(to->_user);
if (to->_full != NULL )
free(to->_full);
}
dest = dest % targets->ncomp;
}
target = targets->comp[dest];
/* push it out */
log_debug(ZONE, "writing route for '%s'*%u to %s, port %d", to->domain, dest+1, target->ip, target->port);
/* if logging enabled, log messages that match our criteria */
if (comp->r->message_logging_enabled && comp->r->message_logging_file != NULL) {
int attr_msg_to;
int attr_msg_from;
int attr_route_to;
int attr_route_from;
jid_t jid_msg_from = NULL;
jid_t jid_msg_to = NULL;
jid_t jid_route_from = NULL;
jid_t jid_route_to = NULL;
if ((NAD_ENAME_L(nad, 1) == 7 && strncmp("message", NAD_ENAME(nad, 1), 7) == 0) && // has a "message" element
((attr_route_from = nad_find_attr(nad, 0, -1, "from", NULL)) >= 0) &&
((attr_route_to = nad_find_attr(nad, 0, -1, "to", NULL)) >= 0) &&
((strncmp(NAD_AVAL(nad, attr_route_to), "c2s", 3)) != 0) && // ignore messages to "c2s" or we'd have dups
((jid_route_from = jid_new(NAD_AVAL(nad, attr_route_from), NAD_AVAL_L(nad, attr_route_from))) != NULL) && // has valid JID source in route
((jid_route_to = jid_new(NAD_AVAL(nad, attr_route_to), NAD_AVAL_L(nad, attr_route_to))) != NULL) && // has valid JID destination in route
((attr_msg_from = nad_find_attr(nad, 1, -1, "from", NULL)) >= 0) &&
((attr_msg_to = nad_find_attr(nad, 1, -1, "to", NULL)) >= 0) &&
((jid_msg_from = jid_new(NAD_AVAL(nad, attr_msg_from), NAD_AVAL_L(nad, attr_msg_from))) != NULL) && // has valid JID source in message
((jid_msg_to = jid_new(NAD_AVAL(nad, attr_msg_to), NAD_AVAL_L(nad, attr_msg_to))) != NULL)) // has valid JID dest in message
{
message_log(nad, comp->r, jid_full(jid_msg_from), jid_full(jid_msg_to));
}
if (jid_msg_from != NULL)
jid_free(jid_msg_from);
if (jid_msg_to != NULL)
jid_free(jid_msg_to);
if (jid_route_from != NULL)
jid_free(jid_route_from);
if (jid_route_to != NULL)
jid_free(jid_route_to);
}
_router_comp_write(target, nad);
return;
}
/* broadcast */
if(NAD_AVAL_L(nad, atype) == 9 && strncmp("broadcast", NAD_AVAL(nad, atype), 9) == 0) {
if(from == NULL) {
log_debug(ZONE, "broadcast route with missing or invalid from, bouncing");
nad_set_attr(nad, 0, -1, "error", "400", 3);
_router_comp_write(comp, nad);
return;
}
log_debug(ZONE, "broadcast route from %s", from->domain);
/* check the from */
if(xhash_get(comp->routes, from->domain) == NULL) {
log_write(comp->r->log, LOG_NOTICE, "[%s, port=%d] tried to send a packet from '%s', but that name is not bound to this component", comp->ip, comp->port, from->domain);
nad_set_attr(nad, 0, -1, "error", "401", 3);
_router_comp_write(comp, nad);
return;
}
/* loop the components and distribute */
if(xhash_iter_first(comp->r->components))
do {
xhv.comp_val = ⌖
xhash_iter_get(comp->r->components, NULL, NULL, xhv.val);
if(target != comp) {
log_debug(ZONE, "writing broadcast to %s, port %d", target->ip, target->port);
_router_comp_write(target, nad_copy(nad));
}
} while(xhash_iter_next(comp->r->components));
nad_free(nad);
return;
}
log_debug(ZONE, "unknown route type '%.*s', dropping", NAD_AVAL_L(nad, atype), NAD_AVAL(nad, atype));
nad_free(nad);
}
static int output_tap_filter_parse(void *priv, struct registry_param *param, char *value) {
struct output_tap_priv *p = priv;
return filter_packet(value, &p->filter);
}
static void got_packet(uint8_t *args, const struct pcap_pkthdr *header, const uint8_t *data)
{
/* Just a counter of how many packets we've had */
static int count = 1;
/* Define pointers for packet's attributes */
const struct ethernet_header *ethernet; /* The ethernet header */
const struct ip_header *ip; /* The IP header */
const struct udp_header *udp; /* The UDP header */
const uint8_t *payload; /* Packet payload */
/* And define the size of the structures we're using */
int size_ethernet = sizeof(struct ethernet_header);
int size_ip = sizeof(struct ip_header);
int size_udp = sizeof(struct udp_header);
/* For FreeRADIUS */
RADIUS_PACKET *packet;
args = args; /* -Wunused */
/* Define our packet's attributes */
ethernet = (const struct ethernet_header*)(data);
ip = (const struct ip_header*)(ethernet + size_ethernet);
udp = (const struct udp_header*)(data + size_ethernet + size_ip);
payload = (const uint8_t *)(data + size_ethernet + size_ip + size_udp);
packet = malloc(sizeof(*packet));
if (!packet) {
fprintf(stderr, "Out of memory\n");
return;
}
memset(packet, 0, sizeof(*packet));
packet->src_ipaddr.af = AF_INET;
packet->src_ipaddr.ipaddr.ip4addr.s_addr = ip->ip_src.s_addr;
packet->src_port = ntohs(udp->udp_sport);
packet->dst_ipaddr.af = AF_INET;
packet->dst_ipaddr.ipaddr.ip4addr.s_addr = ip->ip_dst.s_addr;
packet->dst_port = ntohs(udp->udp_dport);
packet->data = payload;
packet->data_len = header->len - size_ethernet - size_ip - size_udp;
if (!rad_packet_ok(packet, 0)) {
fr_perror("Packet");
free(packet);
return;
}
/*
* Decode the data without bothering to check the signatures.
*/
if (rad_decode(packet, NULL, radius_secret) != 0) {
free(packet);
fr_perror("decode");
return;
}
if (filter_vps && filter_packet(packet)) {
free(packet);
DEBUG("Packet number %d doesn't match\n", count++);
return;
}
/* Print the RADIUS packet */
printf("Packet number %d has just been sniffed\n", count++);
printf("\tFrom: %s:%d\n", inet_ntoa(ip->ip_src), ntohs(udp->udp_sport));
printf("\tTo: %s:%d\n", inet_ntoa(ip->ip_dst), ntohs(udp->udp_dport));
printf("\tType: %s\n", packet_codes[packet->code]);
if (packet->vps != NULL) {
vp_printlist(stdout, packet->vps);
pairfree(&packet->vps);
}
fflush(stdout);
free(packet);
}
