int
main(int argc, char **argv)
{
int o;
printf("\nCSF[%d] starting...\n", (int)getpid());
realpath(argv[0], exec_path);
if (set_working_dir(exec_path) != 0) {
PRINT("Can not set the working directory.");
return (2);
}
set_conf_file(CONF_FILE);
while(-1 != (o = getopt(argc, argv, "f:hv"))) {
switch(o) {
case 'f':
set_conf_file(optarg);
break;
case 'v': output_config(); return 0;
case 'h': show_help(); return 0;
default:
break;
}
}
/* init each modules */
if (csf_init() < 0) {
PRINT("CSF init failed. Exited.");
return (2);
}
set_signals();
save_pid(argv[0]);
/* starts the server */
server_init(&main_conf);
WLOG_ERR("Fatal Error, SERVER DOWN!");
logger_deinit();
PRINT("Fatal Error, SERVER DOWN!");
return (2);
}
void parse_options(int argc, char **argv)
{
int c;
static struct option long_options[] = {
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, 'v' },
{ "iface", required_argument, NULL, 'i' },
{ "lifaces", no_argument, NULL, 'I' },
{ "netmask", required_argument, NULL, 'n' },
{ "address", required_argument, NULL, 'A' },
{ "write", required_argument, NULL, 'w' },
{ "read", required_argument, NULL, 'r' },
{ "pcapfilter", required_argument, NULL, 'f' },
{ "reversed", no_argument, NULL, 'R' },
{ "proto", required_argument, NULL, 't' },
{ "plugin", required_argument, NULL, 'P' },
{ "filter", required_argument, NULL, 'F' },
#ifdef HAVE_EC_LUA
{ "lua-script", required_argument, NULL, 0 },
{ "lua-args", required_argument, NULL, 0 },
#endif
{ "superquiet", no_argument, NULL, 'Q' },
{ "quiet", no_argument, NULL, 'q' },
{ "script", required_argument, NULL, 's' },
{ "silent", no_argument, NULL, 'z' },
#ifdef WITH_IPV6
{ "ip6scan", no_argument, NULL, '6' },
#endif
{ "unoffensive", no_argument, NULL, 'u' },
{ "nosslmitm", no_argument, NULL, 'S' },
{ "load-hosts", required_argument, NULL, 'j' },
{ "save-hosts", required_argument, NULL, 'k' },
{ "wifi-key", required_argument, NULL, 'W' },
{ "config", required_argument, NULL, 'a' },
{ "dns", no_argument, NULL, 'd' },
{ "regex", required_argument, NULL, 'e' },
{ "visual", required_argument, NULL, 'V' },
{ "ext-headers", no_argument, NULL, 'E' },
{ "log", required_argument, NULL, 'L' },
{ "log-info", required_argument, NULL, 'l' },
{ "log-msg", required_argument, NULL, 'm' },
{ "compress", no_argument, NULL, 'c' },
{ "text", no_argument, NULL, 'T' },
{ "curses", no_argument, NULL, 'C' },
{ "daemon", no_argument, NULL, 'D' },
{ "gtk", no_argument, NULL, 'G' },
{ "mitm", required_argument, NULL, 'M' },
{ "only-mitm", no_argument, NULL, 'o' },
{ "bridge", required_argument, NULL, 'B' },
{ "broadcast", required_argument, NULL, 'b' },
{ "promisc", no_argument, NULL, 'p' },
{ "gateway", required_argument, NULL, 'Y' },
{ "certificate", required_argument, NULL, 0 },
{ "private-key", required_argument, NULL, 0 },
{ 0 , 0 , 0 , 0}
};
for (c = 0; c < argc; c++)
DEBUG_MSG("parse_options -- [%d] [%s]", c, argv[c]);
/* OPTIONS INITIALIZATION */
GBL_PCAP->promisc = 1;
GBL_FORMAT = &ascii_format;
GBL_OPTIONS->ssl_mitm = 1;
GBL_OPTIONS->broadcast = 0;
GBL_OPTIONS->ssl_cert = NULL;
GBL_OPTIONS->ssl_pkey = NULL;
/* OPTIONS INITIALIZED */
optind = 0;
int option_index = 0;
while ((c = getopt_long (argc, argv, "A:a:bB:CchDdEe:F:f:GhIi:j:k:L:l:M:m:n:oP:pQqiRr:s:STt:uV:vW:w:Y:z6", long_options, &option_index)) != EOF) {
/* used for parsing arguments */
char *opt_end = optarg;
while (opt_end && *opt_end) opt_end++;
/* enable a loaded filter script? */
switch (c) {
case 'M':
set_mitm(optarg);
break;
case 'o':
set_onlymitm();
//select_text_interface();
break;
case 'b':
set_broadcast();
break;
case 'B':
set_iface_bridge(optarg);
break;
case 'p':
set_promisc();
break;
#ifndef JUST_LIBRARY
case 'T':
select_text_interface();
break;
case 'C':
select_curses_interface();
break;
case 'G':
select_gtk_interface();
break;
case 'D':
select_daemon_interface();
break;
#endif
case 'R':
set_reversed();
break;
case 't':
set_proto(optarg);
break;
case 'P':
set_plugin(optarg);
break;
case 'i':
set_iface(optarg);
break;
case 'I':
/* this option is only useful in the text interface */
set_lifaces();
break;
case 'Y':
set_secondary(optarg);
break;
case 'n':
set_netmask(optarg);
break;
case 'A':
set_address(optarg);
break;
case 'r':
set_read_pcap(optarg);
break;
case 'w':
set_write_pcap(optarg);
break;
case 'f':
set_pcap_filter(optarg);
break;
case 'F':
load_filter(opt_end, optarg);
break;
case 'L':
set_loglevel_packet(optarg);
case 'l':
set_loglevel_info(optarg);
break;
case 'm':
set_loglevel_true(optarg);
break;
case 'c':
set_compress();
break;
case 'e':
opt_set_regex(optarg);
break;
case 'Q':
set_superquiet();
/* no break, quiet must be enabled */
case 'q':
set_quiet();
break;
case 's':
set_script(optarg);
break;
case 'z':
set_silent();
break;
#ifdef WITH_IPV6
case '6':
set_ip6scan();
break;
#endif
case 'u':
set_unoffensive();
break;
case 'S':
disable_sslmitm();
break;
case 'd':
set_resolve();
break;
case 'j':
load_hosts(optarg);
break;
case 'k':
save_hosts(optarg);
break;
case 'V':
opt_set_format(optarg);
break;
case 'E':
set_ext_headers();
break;
case 'W':
set_wifi_key(optarg);
break;
case 'a':
set_conf_file(optarg);
break;
case 'h':
ec_usage();
break;
case 'v':
printf("%s %s\n", GBL_PROGRAM, GBL_VERSION);
clean_exit(0);
break;
/* Certificate and private key options */
case 0:
if (!strcmp(long_options[option_index].name, "certificate")) {
GBL_OPTIONS->ssl_cert = strdup(optarg);
} else if (!strcmp(long_options[option_index].name, "private-key")) {
GBL_OPTIONS->ssl_pkey = strdup(optarg);
#ifdef HAVE_EC_LUA
} else if (!strcmp(long_options[option_index].name,"lua-args")) {
ec_lua_cli_add_args(strdup(optarg));
}
else if (!strcmp(long_options[option_index].name,"lua-script")) {
ec_lua_cli_add_script(strdup(optarg));
break;
#endif
} else {
fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
clean_exit(-1);
}
break;
case ':': // missing parameter
fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
clean_exit(-1);
break;
case '?': // unknown option
fprintf(stdout, "\nTry `%s --help' for more options.\n\n", GBL_PROGRAM);
clean_exit(-1);
break;
}
}
DEBUG_MSG("parse_options: options parsed");
/* TARGET1 and TARGET2 parsing */
if (argv[optind]) {
GBL_OPTIONS->target1 = strdup(argv[optind]);
DEBUG_MSG("TARGET1: %s", GBL_OPTIONS->target1);
if (argv[optind+1]) {
GBL_OPTIONS->target2 = strdup(argv[optind+1]);
DEBUG_MSG("TARGET2: %s", GBL_OPTIONS->target2);
}
}
/* create the list form the TARGET format (MAC/IPrange/PORTrange) */
compile_display_filter();
DEBUG_MSG("parse_options: targets parsed");
/* check for other options */
if (GBL_SNIFF->start == NULL)
set_unified_sniff();
if (GBL_OPTIONS->read && GBL_PCAP->filter)
FATAL_ERROR("Cannot read from file and set a filter on interface");
if (GBL_OPTIONS->read && GBL_SNIFF->type != SM_UNIFIED )
FATAL_ERROR("You can read from a file ONLY in unified sniffing mode !");
if (GBL_OPTIONS->mitm && GBL_SNIFF->type != SM_UNIFIED )
FATAL_ERROR("You can't do mitm attacks in bridged sniffing mode !");
if (GBL_SNIFF->type == SM_BRIDGED && GBL_PCAP->promisc == 0)
FATAL_ERROR("During bridged sniffing the iface must be in promisc mode !");
if (GBL_OPTIONS->quiet && GBL_UI->type != UI_TEXT)
FATAL_ERROR("The quiet option is useful only with text only UI");
if (GBL_OPTIONS->load_hosts && GBL_OPTIONS->save_hosts)
FATAL_ERROR("Cannot load and save at the same time the hosts list...");
if (GBL_OPTIONS->unoffensive && GBL_OPTIONS->mitm)
FATAL_ERROR("Cannot use mitm attacks in unoffensive mode");
if (GBL_OPTIONS->read && GBL_OPTIONS->mitm)
FATAL_ERROR("Cannot use mitm attacks while reading from file");
#ifndef JUST_LIBRARY
if (GBL_UI->init == NULL)
FATAL_ERROR("Please select an User Interface");
#endif
/* force text interface for only mitm attack */
/* Do not select text interface for only MiTM mode
if (GBL_OPTIONS->only_mitm) {
if (GBL_OPTIONS->mitm)
select_text_interface();
else
FATAL_ERROR("Only mitm requires at least one mitm method");
} */
DEBUG_MSG("parse_options: options combination looks good");
return;
}
int main(int argc, char *argv[])
{
char *file = NULL;
char c;
int daemon = 0;
int rc = OK;
if (getuid() != 0) {
fprintf(stderr, "Run me as root please\n");
return 1;
}
while ((c = getopt(argc, argv, "c:dvh")) != EOF) {
switch (c) {
case 'c':
file = strdup(optarg);
if (file == NULL) {
fprintf(stderr, "Failed to alloc memory\n");
exit(1);
}
break;
case 'd':
daemon++;
break;
case 'v':
show_version();
exit(0);
break;
case 'h':
usage(argv[0]);
exit(0);
break;
default:
usage(argv[0]);
exit(1);
}
}
init_filter();
set_conf_file(file);
parse_conf();
rc = init_log();
if (rc != OK) {
fprintf(stderr, "Failed to open log file \n");
return 1;
}
ip_socket_fd = ip_socket();
if (ip_socket_fd < 0) {
fprintf(stderr, "Failed to create raw socket \n");
return 1;
}
rc = create_pipe(&ip_pipe_in_fd, &ip_pipe_out_fd);
if (rc != OK) {
fprintf(stderr, "Failed to create net pipe \n");
return 1;
}
rc = create_pipe(&cmd_pipe_in_fd, &cmd_pipe_out_fd);
if (rc != OK) {
fprintf(stderr, "Failed to create cmd pipe \n");
return 1;
}
log_msg(LOG_WARN, "Icmp Knock daemon %s started", version);
/* Go daemon mode */
if (daemon) {
switch (fork()) {
case -1:
fprintf(stderr, "fork(): call failed \n");
return 3;
case 0:
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
if (setsid() == -1) {
exit(1);
}
break;
default :
return 0;
}
}
parent_pid = getpid();
child_pid = fork();
switch (child_pid) {
case -1:
fprintf(stderr, "fork(): call failed \n");
return 1;
break;
case 0:
agent_main();
break;
default :
principal_main();
break;
}
return OK;
}
