unsigned
asn1_integer(struct NetFrame *frame, const unsigned char *px, unsigned length, unsigned *r_offset)
{
unsigned int_length;
unsigned result;
unsigned tag;
tag = px[(*r_offset)++];
if (tag != 0x0a && tag != 0x02 && tag != 0x01)
FRAMERR_BADVAL(frame, "asn1", tag);
int_length = asn1_length(frame, px, length, r_offset);
if (int_length == 0xFFFFffff) {
*r_offset = length;
return 0xFFFFffff;
}
if (*r_offset + int_length > length) {
FRAMERR(frame, "snmp: truncated\n");
*r_offset = length;
return 0xFFFFffff;
}
result = 0;
while (int_length--)
result = result * 256 + px[(*r_offset)++];
return result;
}
static void process_ldap_filter(struct NetFrame *frame, const unsigned char *px, unsigned length, unsigned *r_offset, struct FILTER **r_filter)
{
unsigned len;
struct FILTER *filter;
*r_filter = (struct FILTER*)malloc(sizeof(struct FILTER));
memset(*r_filter, 0, sizeof(struct FILTER));
filter = *r_filter;
filter->tag = asn1_tag(px,length,r_offset);
len = asn1_length(frame,px,length,r_offset);
if (length > *r_offset+len)
length = *r_offset+len;
switch (filter->tag) {
case 0xa0: /* 'and' - SET OF Filter */
case 0xa1: /* 'or' - SET OF Filter */
while (*r_offset < length) {
if (filter->count < 128) {
process_ldap_filter(frame, px, length, r_offset, &filter->data.filters[filter->count++]);
} else {
asn1_tag(px,length,r_offset);
len = asn1_length(frame,px,length,r_offset);
*r_offset += len;
}
}
break;
case 0xa3: /*equalityMatch - AttributeValueAssertion */
case 0xa5: /*greaterOrEqual - AttributeValueAssertion */
case 0xa6: /*lessOrEqual - AttributeValueAssertion */
asn1_string(frame, px, length, r_offset, &filter->data.val.attributeDescription, &filter->data.val.attributeDescription_length);
asn1_string(frame, px, length, r_offset, &filter->data.val.assertionValue, &filter->data.val.assertionValue_length);
break;
case 0xa4: /*substrings - SubstringFilter */
case 0xa7: /*present - AttributeDescription */
case 0xa8: /*approxMatch - AttributeValueAssertion, default */
default:
FRAMERR_BADVAL(frame, "ldap", filter->tag);
break;
}
*r_offset = length;
}
void process_ldap(struct Ferret *ferret, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned offset=0;
unsigned outer_length;
struct LDAP ldap[1];
if (ferret)
return;
memset(ldap, 0, sizeof(ldap[0]));
/* tag */
if (asn1_tag(px, length, &offset) != 0x30)
return;
/* length */
outer_length = asn1_length(frame, px, length, &offset);
if (length > outer_length + offset)
length = outer_length + offset;
/* Version */
ldap->message_id = asn1_integer(frame, px, length, &offset);
/* PDU */
ldap->message_type = asn1_tag(px, length, &offset);
outer_length = asn1_length(frame, px, length, &offset);
if (length > outer_length + offset)
length = outer_length + offset;
switch (ldap->message_type) {
case 0x63:
process_ldap_search_request(ferret, frame, px+offset, length-offset, ldap);
break;
default:
FRAMERR_BADVAL(frame, "ldap", ldap->message_type);
break;
}
}
void squirrel_ethernet_frame(struct Squirrel *squirrel, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
unsigned offset;
unsigned ethertype;
unsigned oui;
if (length <= 14) {
; /*FRAMERR(frame, "wifi.data: too short\n");*/
return;
}
frame->src_mac = px+6;
frame->dst_mac = px+0;
offset = 12;
/* Look for SAP header */
if (offset + 6 >= length) {
FRAMERR(frame, "wifi.sap: too short\n");
return;
}
ethertype = ex16be(px+offset);
offset += 2;
switch (ethertype) {
case 0x0800:
squirrel_ip(squirrel, frame, px+offset, length-offset);
break;
case 0x0806:
squirrel_arp(squirrel, frame, px+offset, length-offset);
break;
case 0x888e: /*802.11x authentication*/
//squirrel_802_1x_auth(squirrel, frame, px+offset, length-offset);
break;
case 0x86dd: /* IPv6*/
//squirrel_ipv6(squirrel, frame, px+offset, length-offset);
break;
case 0x809b:
//squirrel_ipv6(squirrel, frame, px+offset, length-offset);
break;
case 0x872d: /* Cisco OWL */
break;
case 0x9000: /* Loopback */
break;
default:
if (ethertype < 1518) {
if (memcmp(px+offset, "\xaa\xaa\x03", 3) != 0) {
return;
}
offset +=3 ;
oui = ex24be(px+offset);
if (squirrel->filter.snap_oui_count) {
if (filter_has_port(squirrel->filter.snap_ouis, squirrel->filter.snap_oui_count, oui))
frame->flags.found.filtered = 1;
}
/* Look for OUI code */
switch (oui){
case 0x000000:
/* fall through below */
break;
case 0x004096: /* Cisco Wireless */
return;
break;
case 0x00000c:
offset +=3;
if (offset < length) {
;//squirrel_cisco00000c(squirrel, frame, px+offset, length-offset);
}
return;
case 0x080007:
break; /*apple*/
default:
FRAMERR(frame, "Unknown SAP OUI: 0x%06x\n", oui);
return;
}
offset +=3;
/* EtherType */
if (offset+2 >= length) {
FRAMERR(frame, "ethertype: packet too short\n");
return;
}
}
if (ethertype == length-offset && ex16be(px+offset) == 0xAAAA) {
;
}
else
FRAMERR_BADVAL(frame, "ethertype", ethertype);
}
}
