static int pyextend_populate_connections(struct tuple *hdr, void *arg) { PyObject *pArgs = arg, *pValue; struct addr src, dst; addr_pack(&src, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_src, IP_ADDR_LEN); addr_pack(&dst, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_dst, IP_ADDR_LEN); pValue = Py_BuildValue("{sssssisisisi}", "src", addr_ntoa(&src), "dst", addr_ntoa(&dst), "sport", hdr->sport, "dport", hdr->dport, "received", hdr->received, "sent", hdr->sent); if (pValue == NULL) { PyErr_Print(); syslog(LOG_ERR, "%s: failed to build argument list", __func__); exit(EXIT_FAILURE); } /* pValue reference stolen here */ PyList_Append(pArgs, pValue); return (0); }
char * honeyd_contoa(const struct tuple *hdr) { static char buf[128]; char asrc[24], adst[24]; struct addr src, dst; u_short sport, dport; addr_pack(&src, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_src, IP_ADDR_LEN); addr_pack(&dst, ADDR_TYPE_IP, IP_ADDR_BITS, &hdr->ip_dst, IP_ADDR_LEN); /* For a local connection switch the address around */ if (hdr->local) { struct addr tmp; tmp = src; src = dst; dst = tmp; sport = hdr->dport; dport = hdr->sport; } else { sport = hdr->sport; dport = hdr->dport; } addr_ntop(&src, asrc, sizeof(asrc)); addr_ntop(&dst, adst, sizeof(adst)); snprintf(buf, sizeof(buf), "(%s:%d - %s:%d)", asrc, sport, adst, dport); return (buf); }
int subsystem_socket(struct subsystem_command *cmd, int local, char *ip, size_t iplen, u_short *port, int *proto) { struct sockaddr_in *si; struct addr src; socklen_t len; si = (struct sockaddr_in *)(local ? &cmd->sockaddr : &cmd->rsockaddr); len = local ? cmd->len : cmd->rlen; /* Only IPv4 TCP or UDP is allowed. No raw sockets or such */ if (si->sin_family != AF_INET || cmd->domain != AF_INET || !(cmd->type == SOCK_DGRAM || cmd->type == SOCK_STREAM) || len != sizeof(struct sockaddr_in)) { if (local == SOCKET_LOCAL) return (-1); memset(&cmd->sockaddr, 0, sizeof(cmd->sockaddr)); } addr_pack(&src, ADDR_TYPE_IP, IP_ADDR_BITS, &si->sin_addr.s_addr, IP_ADDR_LEN); addr_ntop(&src, ip, iplen); *port = ntohs(si->sin_port); *proto = cmd->type == SOCK_DGRAM ? IP_PROTO_UDP : IP_PROTO_TCP; return (0); }
static int _radix_walk(int fd, struct radix_node *rn, arp_handler callback, void *arg) { struct radix_node rnode; struct rtentry rt; struct sockaddr_in sin; struct arptab at; struct arp_entry entry; int ret = 0; again: _kread(fd, rn, &rnode, sizeof(rnode)); if (rnode.rn_b < 0) { if (!(rnode.rn_flags & RNF_ROOT)) { _kread(fd, rn, &rt, sizeof(rt)); _kread(fd, rt_key(&rt), &sin, sizeof(sin)); addr_ston((struct sockaddr *)&sin, &entry.arp_pa); _kread(fd, rt.rt_llinfo, &at, sizeof(at)); if (at.at_flags & ATF_COM) { addr_pack(&entry.arp_ha, ADDR_TYPE_ETH, ETH_ADDR_BITS, at.at_hwaddr, ETH_ADDR_LEN); if ((ret = callback(&entry, arg)) != 0) return (ret); } } if ((rn = rnode.rn_dupedkey)) goto again; } else { rn = rnode.rn_r; if ((ret = _radix_walk(fd, rnode.rn_l, callback, arg)) != 0) return (ret); if ((ret = _radix_walk(fd, rn, callback, arg)) != 0) return (ret); } return (ret); }
char * spammer_key_print(void *key, size_t keylen) { struct addr addr; addr_pack(&addr, ADDR_TYPE_IP, IP_ADDR_BITS, key, IP_ADDR_LEN); return (addr_ntoa(&addr)); }
char * eth_ntoa(const eth_addr_t *eth) { struct addr a; addr_pack(&a, ADDR_TYPE_ETH, ETH_ADDR_BITS, eth->data, ETH_ADDR_LEN); return (addr_ntoa(&a)); }
char * ip6_ntoa(const ip6_addr_t *ip6) { struct addr a; addr_pack(&a, ADDR_TYPE_IP6, IP6_ADDR_BITS, ip6->data, IP6_ADDR_LEN); return (addr_ntoa(&a)); }
char * ip_ntoa(const ip_addr_t *ip) { struct addr a; addr_pack(&a, ADDR_TYPE_IP, IP_ADDR_BITS, ip, IP_ADDR_LEN); return (addr_ntoa(&a)); }
void retrans(struct my_pkthdr *h, u_char *pack ) { struct eth_hdr *ethhdr; struct ip_hdr *iphdr; struct tcp_hdr *tcphdr; struct addr srcad, srcha; char sip[32],smac[32]; int n; ethhdr = (struct eth_hdr *)pack; iphdr = (struct ip_hdr *)(pack+ETH_HDR_LEN); tcphdr= (struct tcp_hdr *)(pack+ETH_HDR_LEN+TCP_HDR_LEN); addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN); addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN); if((strcmp(addr_ntoa(&srcha),ahw)==0)){ // Replace source address with my address and destination address memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN); // Replace destination address with other client if ( addr_cmp( &srcad, &aad ) == 0 ) { memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN); }else{ memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN); } /* if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,2)<0){ // return; } if(modify_tcp_header(&tcphdr,tcphdr->th_sport,tcphdr->th_dport,next_seq,next_ack,tcphdr->th_flags,tcphdr->th_win,tcphdr->th_sum,tcphdr->th_urp,3)<0){ // return; }*/ ip_checksum((void *)iphdr, ntohs(iphdr->ip_len)); n = eth_send(e,pack,h->len); //n=ip_send(e,pack,h->len); if ( n != h->len ) { fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len); } else { fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len); } } }
static void arpd_recv_cb(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt) { struct arp_hdr *arp; struct arp_ethip *ethip; struct arp_entry src; struct timeval tv; struct addr pa; if (pkthdr->caplen < ETH_HDR_LEN + ARP_HDR_LEN + ARP_ETHIP_LEN) return; arp = (struct arp_hdr *)(pkt + ETH_HDR_LEN); /* XXX */ ethip = (struct arp_ethip *)(arp + 1); addr_pack(&src.arp_ha, ADDR_TYPE_ETH, ETH_ADDR_BITS, ETH_ADDR_BROADCAST, ETH_ADDR_LEN); addr_pack(&src.arp_pa, ADDR_TYPE_IP, IP_ADDR_BITS, ethip->ar_spa, IP_ADDR_LEN); switch (ntohs(arp->ar_op)) { case ARP_OP_REQUEST: addr_pack(&pa, ADDR_TYPE_IP, IP_ADDR_BITS, ðip->ar_tpa, IP_ADDR_LEN); arpd_send(arpd_eth, ARP_OP_REPLY, &arpd_ifent.intf_link_addr, &pa, &src.arp_ha, &src.arp_pa); break; case ARP_OP_REPLY: addr_pack(&pa, ADDR_TYPE_IP, IP_ADDR_BITS, ðip->ar_spa, IP_ADDR_LEN); break; } }
static int _intf_get_noalias(intf_t *intf, struct intf_entry *entry) { struct ifreq ifr; strlcpy(ifr.ifr_name, entry->intf_name, sizeof(ifr.ifr_name)); /* Get interface flags. */ if (ioctl(intf->fd, SIOCGIFFLAGS, &ifr) < 0) return (-1); entry->intf_flags = intf_iff_to_flags(ifr.ifr_flags); _intf_set_type(entry); /* Get interface MTU. */ #ifdef SIOCGIFMTU if (ioctl(intf->fd, SIOCGIFMTU, &ifr) < 0) #endif return (-1); entry->intf_mtu = ifr.ifr_mtu; entry->intf_addr.addr_type = entry->intf_dst_addr.addr_type = entry->intf_link_addr.addr_type = ADDR_TYPE_NONE; /* Get primary interface address. */ if (ioctl(intf->fd, SIOCGIFADDR, &ifr) == 0) { addr_ston(&ifr.ifr_addr, &entry->intf_addr); if (ioctl(intf->fd, SIOCGIFNETMASK, &ifr) < 0) return (-1); addr_stob(&ifr.ifr_addr, &entry->intf_addr.addr_bits); } /* Get other addresses. */ if (entry->intf_type == INTF_TYPE_TUN) { if (ioctl(intf->fd, SIOCGIFDSTADDR, &ifr) == 0) { if (addr_ston(&ifr.ifr_addr, &entry->intf_dst_addr) < 0) return (-1); } } else if (entry->intf_type == INTF_TYPE_ETH) { #if defined(SIOCGIFHWADDR) if (ioctl(intf->fd, SIOCGIFHWADDR, &ifr) < 0) return (-1); if (addr_ston(&ifr.ifr_addr, &entry->intf_link_addr) < 0) return (-1); #elif defined(SIOCRPHYSADDR) /* Tru64 */ struct ifdevea *ifd = (struct ifdevea *)𝔦 /* XXX */ if (ioctl(intf->fd, SIOCRPHYSADDR, ifd) < 0) return (-1); addr_pack(&entry->intf_link_addr, ADDR_TYPE_ETH, ETH_ADDR_BITS, ifd->current_pa, ETH_ADDR_LEN); #else eth_t *eth; if ((eth = eth_open(entry->intf_name)) != NULL) { if (!eth_get(eth, &entry->intf_link_addr.addr_eth)) { entry->intf_link_addr.addr_type = ADDR_TYPE_ETH; entry->intf_link_addr.addr_bits = ETH_ADDR_BITS; } eth_close(eth); } #endif } return (0); }
void retrans(struct my_pkthdr *h, u_char *pack ) { struct eth_hdr *ethhdr; struct ip_hdr *iphdr; struct addr srcad, srcha; char sip[32],smac[32]; int n; ethhdr = (struct eth_hdr *)pack; iphdr = (struct ip_hdr *)(pack + ETH_HDR_LEN); /* DELETE ME WHEN FINISHED struct addr ad; struct addr mad, mha; // my ip, mac struct addr vad, vha, vprt; // victim ip, mac struct addr aad, aha, aprt; // attacker ip, mac struct addr revi_ip, revi_mac; // replay victim ip, mac struct addr reat_ip, reat_mac; // replay attacker ip, mac char mip[32], mhw[32]; // my ip, mac char vip[32], vhw[32], vpt[32]; // victim ip, mac char aip[32], ahw[32], apt[32]; // attacker ip, mac char rvip[32], rvmc[32]; // replay victim ip, mac char ratip[32], ratmac[32]; // replay attacker ip, mac*/ // Get source addresses from packet (mac and ip) addr_pack(&srcha,ADDR_TYPE_ETH,ETH_ADDR_BITS,&(ethhdr->eth_src),ETH_ADDR_LEN); addr_pack(&srcad,ADDR_TYPE_IP,IP_ADDR_BITS,&(iphdr->ip_src),IP_ADDR_LEN); if((strcmp(addr_ntoa(&srcha),vhw)==0)){ // Replace source address with my address and destination address memcpy( ðhdr->eth_src, &revi_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_src, &revi_ip.addr_ip, IP_ADDR_LEN); // Replace destination address with other client if ( addr_cmp( &srcad, &vad ) == 0 ) { memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN); }else{ memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN); } // Compute both ip and tcp checksums ip_checksum((void *)iphdr, ntohs(iphdr->ip_len)); // Send packet n = eth_send(e,pack,h->len); if ( n != h->len ) { fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len); } else { fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len); } } if((strcmp(addr_ntoa(&srcha),ahw)==0)){ // Replace source address with my address and destination address memcpy( ðhdr->eth_src, &reat_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_src, &reat_ip.addr_ip, IP_ADDR_LEN); // Replace destination address with other client if ( addr_cmp( &srcad, &aad ) == 0 ) { memcpy( ðhdr->eth_dst, &revi_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &revi_ip.addr_ip, IP_ADDR_LEN); }else{ memcpy( ðhdr->eth_dst, &reat_mac.addr_eth, ETH_ADDR_LEN); memcpy( &iphdr->ip_dst, &reat_ip.addr_ip, IP_ADDR_LEN); } // Compute both ip and tcp checksums ip_checksum((void *)iphdr, ntohs(iphdr->ip_len)); // Send packet n = eth_send(e,pack,h->len); if ( n != h->len ) { fprintf(stderr,"Partial packet transmission %d/%d\n",n,h->len); } else { fprintf(stdout, "Packet Transmission Successfull %d %d\n", n, h->len); } } }
static int test_ip_tracert(void) { struct timeval tv; struct hop hops[IP_TTL_DEFAULT]; struct pkt *pkt; struct icmp_msg_echo *echo; int i, hopcnt, max_ttl; printf("ip-tracert: "); fflush(stdout); pcap_filter(ctx.pcap, "icmp[0] = 0 and src %s and dst %s", addr_ntoa(&ctx.dst), addr_ntoa(&ctx.src)); ping->pkt_icmp_msg->echo.icmp_id = rand_uint16(ctx.rnd); pkt = pkt_dup(ping); pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd); ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data); send_pkt(pkt); tv = read_tv; if ((pkt = recv_pkt(&tv)) == NULL) { printf("no reply\n"); return (0); } /* XXX - guess remote stack's starting TTL */ for (i = 2; pkt->pkt_ip->ip_ttl > i; i <<= 1) ; if ((max_ttl = i - pkt->pkt_ip->ip_ttl + 1) > IP_TTL_DEFAULT) max_ttl = IP_TTL_DEFAULT; printf("%s, %d hops max\n", ip_ntoa(&ping->pkt_ip->ip_dst), max_ttl); pcap_filter(ctx.pcap, "icmp and dst %s", addr_ntoa(&ctx.src)); for (i = 1; i < max_ttl + 1; i++) { pkt = pkt_dup(ping); pkt->pkt_ip->ip_id = rand_uint16(ctx.rnd); pkt->pkt_ip->ip_ttl = i; pkt->pkt_icmp_msg->echo.icmp_seq = htons(i); ip_checksum(pkt->pkt_ip, pkt->pkt_end - pkt->pkt_eth_data); send_pkt(pkt); usleep(42); /* XXX */ } memset(&hops, 0, sizeof(hops)); hopcnt = 0; for (tv = read_tv; (pkt = recv_pkt(&tv)) != NULL; tv = read_tv) { if ((pkt->pkt_icmp->icmp_type == ICMP_TIMEXCEED || pkt->pkt_icmp->icmp_type == ICMP_UNREACH) && pkt->pkt_end - pkt->pkt_eth_data >= (IP_HDR_LEN + ICMP_LEN_MIN) * 2) { echo = (struct icmp_msg_echo *) (pkt->pkt_icmp_msg->timexceed.icmp_ip + IP_HDR_LEN + ICMP_HDR_LEN); } else if (pkt->pkt_icmp->icmp_type == ICMP_ECHOREPLY) { echo = &pkt->pkt_icmp_msg->echo; } else continue; if (echo->icmp_id != ping->pkt_icmp_msg->echo.icmp_id) continue; i = ntohs(echo->icmp_seq); addr_pack(&hops[i].addr, ADDR_TYPE_IP, IP_ADDR_BITS, &pkt->pkt_ip->ip_src, IP_ADDR_LEN); memcpy(&hops[i].icmp, pkt->pkt_icmp, ICMP_HDR_LEN); hops[i].ttl = pkt->pkt_ip->ip_ttl; hopcnt++; if (pkt->pkt_ip->ip_src == ping->pkt_ip->ip_dst) break; } for (i = 1; i < hopcnt + 1; i++) { if (hops[i].addr.addr_type == ADDR_TYPE_IP) { printf("%2d %s (%d)\n", i, addr_ntoa(&hops[i].addr), hops[i].ttl); } else printf("%2d *\n", i); } return (0); }
static int _intf_get_noalias(intf_t *intf, struct intf_entry *entry) { struct ifreq ifr; #ifdef HAVE_GETKERNINFO int size; struct kinfo_ndd *nddp; void *end; #endif /* Get interface index. */ entry->intf_index = if_nametoindex(entry->intf_name); if (entry->intf_index == 0) return (-1); strlcpy(ifr.ifr_name, entry->intf_name, sizeof(ifr.ifr_name)); /* Get interface flags. */ if (ioctl(intf->fd, SIOCGIFFLAGS, &ifr) < 0) return (-1); entry->intf_flags = intf_iff_to_flags(ifr.ifr_flags); _intf_set_type(entry); /* Get interface MTU. */ #ifdef SIOCGIFMTU if (ioctl(intf->fd, SIOCGIFMTU, &ifr) < 0) #endif return (-1); entry->intf_mtu = ifr.ifr_mtu; entry->intf_addr.addr_type = entry->intf_dst_addr.addr_type = entry->intf_link_addr.addr_type = ADDR_TYPE_NONE; /* Get primary interface address. */ if (ioctl(intf->fd, SIOCGIFADDR, &ifr) == 0) { addr_ston(&ifr.ifr_addr, &entry->intf_addr); if (ioctl(intf->fd, SIOCGIFNETMASK, &ifr) < 0) return (-1); addr_stob(&ifr.ifr_addr, &entry->intf_addr.addr_bits); } /* Get other addresses. */ if (entry->intf_type == INTF_TYPE_TUN) { if (ioctl(intf->fd, SIOCGIFDSTADDR, &ifr) == 0) { if (addr_ston(&ifr.ifr_addr, &entry->intf_dst_addr) < 0) return (-1); } } else if (entry->intf_type == INTF_TYPE_ETH) { #if defined(HAVE_GETKERNINFO) /* AIX also defines SIOCGIFHWADDR, but it fails silently? * This is the method IBM recommends here: * http://www-01.ibm.com/support/knowledgecenter/ssw_aix_53/com.ibm.aix.progcomm/doc/progcomc/skt_sndother_ex.htm%23ssqinc2joyc?lang=en */ /* How many bytes will be returned? */ size = getkerninfo(KINFO_NDD, 0, 0, 0); if (size <= 0) { return -1; } nddp = (struct kinfo_ndd *)malloc(size); if (!nddp) { return -1; } /* Get all Network Device Driver (NDD) info */ if (getkerninfo(KINFO_NDD, nddp, &size, 0) < 0) { free(nddp); return -1; } /* Loop over the returned values until we find a match */ end = (void *)nddp + size; while ((void *)nddp < end) { if (!strcmp(nddp->ndd_alias, entry->intf_name) || !strcmp(nddp->ndd_name, entry->intf_name)) { addr_pack(&entry->intf_link_addr, ADDR_TYPE_ETH, ETH_ADDR_BITS, nddp->ndd_addr, ETH_ADDR_LEN); break; } else nddp++; } free(nddp); #elif defined(SIOCGIFHWADDR) if (ioctl(intf->fd, SIOCGIFHWADDR, &ifr) < 0) return (-1); if (addr_ston(&ifr.ifr_addr, &entry->intf_link_addr) < 0) return (-1); #elif defined(SIOCRPHYSADDR) /* Tru64 */ struct ifdevea *ifd = (struct ifdevea *)𝔦 /* XXX */ if (ioctl(intf->fd, SIOCRPHYSADDR, ifd) < 0) return (-1); addr_pack(&entry->intf_link_addr, ADDR_TYPE_ETH, ETH_ADDR_BITS, ifd->current_pa, ETH_ADDR_LEN); #else eth_t *eth; if ((eth = eth_open(entry->intf_name)) != NULL) { if (!eth_get(eth, &entry->intf_link_addr.addr_eth)) { entry->intf_link_addr.addr_type = ADDR_TYPE_ETH; entry->intf_link_addr.addr_bits = ETH_ADDR_BITS; } eth_close(eth); } #endif } return (0); }