void Reset_Domain_Query_Setting(void) { int opmode=-1; int lan_dhcp_mode=0; int wlan_mode_root=0; struct sockaddr hwaddr; unsigned char *pMacAddr; unsigned char cmdBuffer[100]; char lan_domain_name[ MAX_NAME_LEN]={0}; apmib_get( MIB_DOMAIN_NAME, (void *)lan_domain_name); apmib_get(MIB_OP_MODE,(void *)&opmode); apmib_get(MIB_DHCP,(void *)&lan_dhcp_mode); apmib_get( MIB_WLAN_MODE, (void *)&wlan_mode_root); if(opmode==1 &&((wlan_mode_root==1 && lan_dhcp_mode==15) || (wlan_mode_root==0 && lan_dhcp_mode==15)) && lan_domain_name[0]){ system("echo 1 > /proc/pocket/en_filter"); if(getInAddr("br0", HW_ADDR, (void *)&hwaddr)){ pMacAddr = hwaddr.sa_data; sprintf(cmdBuffer, "echo \"%s %02X%02X%02X%02X%02X%02X 0\" > /proc/pocket/filter_conf","00000000", pMacAddr[0], pMacAddr[1],pMacAddr[2], pMacAddr[3], pMacAddr[4], pMacAddr[5]); }else{ sprintf(cmdBuffer, "echo \"%s 000000000000 0\" > /proc/pocket/filter_conf","00000000"); } system(cmdBuffer); }else{ system("echo 0 > /proc/pocket/en_filter"); } }
void* routeRecordMain(void* arg){ randomValue = createLongRandomValue(); char* gatewayIP = getIPAddress(INTERFACE); gatewayAddr = getInAddr(gatewayIP); initializeRRFilterList(); struct nfq_handle* h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } //nfq_callback* cb = (nfq_callback*) calloc(1, sizeof(nfq_callback)); printf("binding this socket to queue '0'\n"); struct nfq_q_handle* qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } printf("setting copy_packet mode\n"); if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "can't set packet_copy mode\n"); exit(1); } int fd = nfq_fd(h); int rv = -1; char* buf = (char*) calloc(1, 100001); while ((rv = recv(fd, buf, 10000, 0)) >= 0) { printf("pkt received\n received: [%d]\n\n", rv); nfq_handle_packet(h, buf, rv); } printf("unbinding from queue 0\n"); nfq_destroy_queue(qh); printf("closing library handle\n"); nfq_close(h); pthread_exit(NULL); }
int getLan_MacAddress(unsigned char *dst) { struct sockaddr hwaddr; unsigned char *pMacAddr; if(getInAddr("br0", HW_ADDR, (void *)&hwaddr)){ pMacAddr = hwaddr.sa_data; sprintf(dst, "%02X%02X%02X%02X%02X%02X",pMacAddr[0], pMacAddr[1], pMacAddr[2], pMacAddr[3],pMacAddr[4],pMacAddr[5]); return 1; } return 0; }
int OSAPIUDPChannel::receive() { int numbytes; addr_len = sizeof their_addr; if ((numbytes = recvfrom(listenerSocket, buf, MAXBUFLEN-1 , 0, (struct sockaddr *)&their_addr, &addr_len)) == -1) return -1; datagram.resize(numbytes); datagram.setRawData(buf, numbytes); QHostAddress senderAddress(inet_ntop(their_addr.ss_family, getInAddr((struct sockaddr *)&their_addr), s, sizeof s)); quint16 senderPort = getInPort((struct sockaddr *) &their_addr); processTheDatagram(datagram,senderAddress,senderPort); return numbytes; }
struct tunnel *l2tp_call (char *host, int port, struct lac *lac, struct lns *lns) { /* * Establish a tunnel from us to host * on port port */ struct call *tmp = NULL; struct hostent *hp; unsigned int addr; //------------------------------------------------- #if defined(CONFIG_RTL8186_TR) || defined(CONFIG_RTL865X_SC) struct in_addr retval; struct in_addr intaddr; struct in_addr intmask; char server_ip[100]; char l2tp_gw[30]; char l2tp_ipdyn[30]; char cmdBuffer[200]; FILE *fp1, *fp2; #endif //------------------------------------------------ port = htons (port); hp = gethostbyname (host); if (!hp) { log (LOG_WARN, "Host name lookup failed for %s.\n", host); return NULL; } #if defined(CONFIG_RTL8186_TR) || defined(CONFIG_RTL865X_SC) //Brad add //if l2tp server is not in the same subnet as l2tp client, we put l2tp server ip to /var/l2tp_server memcpy(&retval.s_addr, hp->h_addr, sizeof(retval.s_addr)); if (getInAddr("eth1", IP_ADDR, (void *)&intaddr )){ if(getInAddr("eth1", SUBNET_MASK, (void *)&intmask)){ if((intaddr.s_addr & intmask.s_addr) != (retval.s_addr & intmask.s_addr)){ //warn("generate pptp server =%s\n", inet_ntoa(retval)); sprintf(server_ip, "echo %s > /var/l2tp_server", inet_ntoa(retval)); system(server_ip); fp1= fopen("/var/l2tp_dyn", "r"); if(fp1 !=NULL){ fscanf(fp1, "%s", l2tp_ipdyn); if(l2tp_ipdyn[0]=='1'){ fp2= fopen("/var/l2tp_gw", "r"); if (fp2 != NULL) { fscanf(fp2, "%s", l2tp_gw); sprintf(cmdBuffer, "route add -host %s gw %s", inet_ntoa(retval), l2tp_gw); system(cmdBuffer); fclose(fp2); } }else{ fp2= fopen("/var/eth1_gw", "r"); if (fp2 != NULL) { fscanf(fp2, "%s", l2tp_gw); sprintf(cmdBuffer, "route add -host %s gw %s", inet_ntoa(retval), l2tp_gw); system(cmdBuffer); fclose(fp2); } } fclose(fp1); } } } } #endif bcopy (hp->h_addr, &addr, hp->h_length); /* Force creation of a new tunnel and set it's tid to 0 to cause negotiation to occur */ /* XXX L2TP/IPSec: Set up SA to addr:port here? NTB 20011010 */ tmp = get_call (0, 0, addr, port); if (!tmp) { log (LOG_WARN, "%s: Unable to create tunnel to %s.\n", __FUNCTION__, host); return NULL; } tmp->container->tid = 0; tmp->container->lac = lac; tmp->container->lns = lns; tmp->lac = lac; tmp->lns = lns; if (lac) lac->t = tmp->container; if (lns) lns->t = tmp->container; /* * Since our state is 0, we will establish a tunnel now */ log (LOG_NOTICE, "Connecting to host %s, port %d\n", host, ntohs (port)); control_finish (tmp->container, tmp); return tmp->container; }
int main(int argc, char* argv[]){ if(argc > 1){ printf("Arg detected\n"); } char* hostIP = getIPAddress(INTERFACE); printf("Host Interface (%s) Address: [%s]\n", INTERFACE, hostIP); //Part of this is Recycled/Modified Code from cs4516 printf("Elevation Handler Started.\n"); int packet_socket = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)); printf("FD: [%d]\n", packet_socket); if(packet_socket == -1){ printf("Error [%s]\n", strerror(errno)); exit(1); } struct sockaddr_ll saddr; unsigned int interface = if_nametoindex(INTERFACE); printf("IF: [%u]\n", interface); if(interface == 0){ printf("Interface not found./n"); exit(1); } saddr.sll_protocol = htons(ETH_P_ALL); saddr.sll_ifindex = interface; saddr.sll_family = AF_PACKET; int bindInt = bind(packet_socket, (struct sockaddr*) &saddr, sizeof(saddr)); printf("BIND: [%d]\n", bindInt); if(bindInt == -1){ printf("Error [%s]\n", strerror(errno)); exit(1); } char buffer[2000]; AttackList* attackList = NULL; while(1){ int count = recv(packet_socket, buffer, 1500, 0); buffer[count] = '\n'; buffer[count + 1] = '\0'; char srcIP[33]; inet_ntop(AF_INET, buffer+12, srcIP, INET_ADDRSTRLEN); srcIP[32] = '\0'; char destIP[33]; inet_ntop(AF_INET, buffer+16, destIP, INET_ADDRSTRLEN); destIP[32] = '\0'; int protocol = (int) buffer[9]; if(protocol == 17 && strcmp(hostIP, destIP) == 0){ AttackList** entry = (AttackList**) calloc(sizeof(AttackList*), 1); attackList = updateAttackCount(attackList, srcIP, entry); printf("UDP Packet Size: [%d]\n", count); printf("UDP Packet Src: [%s]\n", srcIP); printf("UDP Packet Dest: [%s]\n", destIP); printf("Attack Count: [%d]\n\n", (*entry)->count); if((*entry)->count > ATTACK_COUNT_THRESHOLD){ printf("Attack Threshold Met for [%s] - Reporting and resetting!\n\n", srcIP); //Complain to Victim Gateway Here //Create Flow struct based on received Route Record first //TODO below: temporary implementation RouteRecord* tempRR = readRouteRecord(buffer + 20); struct in_addr* victimAddr = getInAddr(destIP); struct in_addr* attackerAddr = getInAddr(srcIP); Flow* flow = createFlowStruct(victimAddr, attackerAddr, tempRR, createNonce(victimAddr, attackerAddr), 0, AITF_BLOCKING_REQUEST); sendFlow(VICTIM_GATEWAY_IP, TCP_SENDING_PORT, flow); //Wait T-temp here waitMilliseconds(T_TEMP); (*entry)->count = 0; } } } }
// extern for P2P_SUPPORT void set_lan_dhcpd(char *interface, int mode) { char tmpBuff1[32]={0}, tmpBuff2[32]={0}; int intValue=0, dns_mode=0; char line_buffer[100]={0}; char tmp1[64]={0}; char tmp2[64]={0}; int opMode=-1; int dhcpMode=-1; struct in_addr lanIpAddr; char *strtmp=NULL, *strtmp1=NULL; //DHCPRSVDIP_T entry; //int i, entry_Num=0; #ifdef HOME_GATEWAY char tmpBuff3[32]={0}; #endif sprintf(line_buffer,"interface %s\n",interface); write_line_to_file(DHCPD_CONF_FILE, 1, line_buffer); apmib_get(MIB_DHCP_CLIENT_START, (void *)tmp1); strtmp= inet_ntoa(*((struct in_addr *)tmp1)); sprintf(line_buffer,"start %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); apmib_get(MIB_DHCP_CLIENT_END, (void *)tmp1); strtmp= inet_ntoa(*((struct in_addr *)tmp1)); sprintf(line_buffer,"end %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); apmib_get(MIB_SUBNET_MASK, (void *)tmp1); strtmp= inet_ntoa(*((struct in_addr *)tmp1)); sprintf(line_buffer,"opt subnet %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); apmib_get( MIB_OP_MODE,&opMode); apmib_get( MIB_DHCP,&dhcpMode); if((opMode==1) && (dhcpMode==15)) { if(check_upStream_connected()) { getInAddr("br0", IP_ADDR, (void *)&tmp2); } else { apmib_get( MIB_IP_ADDR, (void *)tmp2); if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){ strtmp= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(line_buffer,"opt router %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } } if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){ strtmp= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(line_buffer,"opt dns %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } } else { if(mode==1){//ap apmib_get( MIB_DEFAULT_GATEWAY, (void *)tmp2); if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){ strtmp= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(line_buffer,"opt router %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } }else{ apmib_get(MIB_IP_ADDR, (void *)tmp1); strtmp= inet_ntoa(*((struct in_addr *)tmp1)); sprintf(line_buffer,"opt router %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); #ifdef HOME_GATEWAY apmib_get( MIB_DNS_MODE, (void *)&dns_mode); if(dns_mode==0){ sprintf(line_buffer,"opt dns %s\n",strtmp); /*now strtmp is ip address value */ write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } #endif } if((mode==1) #if 1 ||(mode==2 && dns_mode==1) #endif ){ if(intValue==0){ /*no dns option for dhcp server, use default gatewayfor dns opt*/ if(mode==1){ apmib_get( MIB_DEFAULT_GATEWAY, (void *)tmp2); if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){ strtmp= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(line_buffer,"opt dns %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } }else { apmib_get( MIB_IP_ADDR, (void *)tmp2); if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){ strtmp= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(line_buffer,"opt dns %s\n",strtmp); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } } } } } memset(tmp1, 0x00, 64); apmib_get( MIB_DOMAIN_NAME, (void *)&tmp1); if(tmp1[0]){ sprintf(line_buffer,"opt domain %s\n",tmp1); write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer); } /* may not need to set ip again*/ apmib_get(MIB_IP_ADDR, (void *)tmp1); strtmp= inet_ntoa(*((struct in_addr *)tmp1)); sprintf(tmpBuff1, "%s", strtmp); apmib_get(MIB_SUBNET_MASK, (void *)tmp2); strtmp1= inet_ntoa(*((struct in_addr *)tmp2)); sprintf(tmpBuff2, "%s", strtmp1); sprintf(line_buffer, "ifconfig %s %s netmask %s", interface, tmpBuff1, tmpBuff2); system(line_buffer); sprintf(line_buffer, "udhcpd %s", DHCPD_CONF_FILE); system(line_buffer); //start_dnrd(); }
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data) { u_int32_t id = -1; struct nfqnl_msg_packet_hdr* ph = nfq_get_msg_packet_hdr(nfa); if (ph) { id = ntohl(ph->packet_id); printf("hw_protocol=0x%04x hook=%u id=%u ", ntohs(ph->hw_protocol), ph->hook, id); char* packet_data = (char*) calloc(1, 10000); char* packet_data_2 = (char*) calloc(1, 10000); int count = nfq_get_payload(nfa, (unsigned char**)&packet_data); printf("count: [%d], ", count); int protocol = (int) packet_data[9]; printf("protocol: [%d]", protocol); //Get the source and destination IPs char srcIP[33]; inet_ntop(AF_INET, packet_data+12, srcIP, INET_ADDRSTRLEN); srcIP[32] = '\0'; char destIP[33]; inet_ntop(AF_INET, packet_data+16, destIP, INET_ADDRSTRLEN); destIP[32] = '\0'; struct in_addr* destAddr = getInAddr(destIP); struct in_addr* sourceAddr = getInAddr(srcIP); //If we're blocking the flow, drop the packet. if(checkForFilteredFlows(sourceAddr, destAddr) == TRUE){ return nfq_set_verdict(qh, id, NF_DROP, 0, NULL); } //Means the route record shim is not already there, so add it. if(protocol != ROUTE_RECORD_PROTOCOL){ RouteRecord* rr = createRouteRecord(gatewayAddr, randomValue); char* rr_buf = writeRouteRecordAsNetworkBuffer(rr); memcpy(packet_data_2, packet_data + 20, count - 20); memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE); memcpy(packet_data + 20 + MAX_RR_HEADER_SIZE, packet_data_2, count - 20); packet_data[9] = (char) ROUTE_RECORD_PROTOCOL; printf("Modifying Packet\n\n"); } else{ // CHange the route record to add new gateway information RouteRecord* rr = readRouteRecord(packet_data + 20); addGatewayInfo(rr, gatewayAddr, -1l); char* rr_buf = writeRouteRecordAsNetworkBuffer(rr); memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE); } return nfq_set_verdict(qh, id, NF_ACCEPT, count + MAX_RR_HEADER_SIZE, (unsigned char*) packet_data); } printf("entering callback\n\n"); return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); }