static void
test_compare_mac() {
uint8_t mac1[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
uint8_t mac2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
assert_true( compare_mac( mac1, mac1 ) );
assert_false( compare_mac( mac1, mac2 ) );
}
/* Callback function invoked by libpcap for every incoming packet */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
ip_header *ih;
arp_header *ah;
u_int ip_len;
time_t local_tv_sec;
/*
* Unused variable
*/
(VOID)(param);
mac_address target_mac;
target_mac.byte1 = 0xf0;
target_mac.byte2 = 0x27;
target_mac.byte3 = 0x2d;
target_mac.byte4 = 0x52;
target_mac.byte5 = 0x17;
target_mac.byte6 = 0xc2;
/* convert the timestamp to readable format */
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
/* print timestamp and length of the packet */
printf("%s.%.6d len:%d ", timestr, header->ts.tv_usec, header->len);
/* retireve the position of the ip header */
ih = (ip_header *)(pkt_data +
14); //length of ethernet header
/* retireve the position of the udp header */
ip_len = (ih->ver_ihl & 0xf) * 4;
ah = (arp_header *)((u_char*)ih + ip_len);
/* convert from network byte order to host byte order */
//sport = ntohs(uh->sport);
//dport = ntohs(uh->dport);
/* print ip addresses and udp ports */
printf("Source MAC address: %x:%x:%x:%x:%x:%x\n",
ah->sha.byte1,
ah->sha.byte2,
ah->sha.byte3,
ah->sha.byte4,
ah->sha.byte5,
ah->sha.byte6);
if (compare_mac(target_mac, ah->sha)) {
printf("ZOMG! I found a dash button!\n");
}
}
bool NetGuard_User_State_Check_Maconoff_Enable::checkstate(NetGuard_User_State* state_data)
{
if (state_data->Getuser().vlan_id != my_instance->mof_vlan_id) //if it is not our vlan -> return false which results in use of another handler
return true;
ng_slogdebug_spam(Get_Name().c_str(),"check state change for user (user: %s vlan: %d)",inet_ntoa(*(struct in_addr *)&state_data->Getuser().saddr),state_data->Getuser().vlan_id);
mac_addr n_hw_addr = {0,0,0,0,0,0};
if (compare_mac(state_data->params()->GetMac("mac"),&n_hw_addr))
{
ng_slogerror(Get_Name().c_str(),"invalid enabled state - no mac in params (user: %s vlan: %d)",inet_ntoa(*(struct in_addr *)&state_data->Getuser().saddr),state_data->Getuser().vlan_id);
return false;
}
return true;
}
// Add new entry in device-specific ARP table
// but first check if already existing or change.
//
// RETURN VALUE: 0 upon success
// 1 upon error
//
int arptable_add(struct device_struct *dev,
u_int8_t *sa,
u_int8_t *da,
u_int8_t *smac,
u_int8_t *sip,
u_int32_t sec,
u_int32_t nsec)
{
struct arp_table_struct *prev=NULL, *cur = dev->arp_table;
int i=0, alert=0;
// If SA and SMAC are different this might be a MITM !!!
if (compare_mac(smac, sa)) alert=1;
// Check if IP (sip) is already existing in arp table:
while (cur!=NULL) {
if (compare_ip(sip, cur->sip)==0) { // IP found!
timestamp_hms(cur->when);
if (da[0]==0xff) cur->bc_resp++;
else cur->uni_resp++;
if (compare_mac(smac, cur->smac)==0) {
// entry identical !
cur->sec=sec;
cur->nsec=nsec;
return 0;
} else {
// entry with other MAC address found !
if (cur->locked==0) {
cur->changed++;
memcpy((void*) cur->smac_prev, (void*) cur->smac, 6);
memcpy((void*) cur->smac, (void*) smac, 6);
cur->sec_prev=cur->sec;
cur->nsec_prev=cur->nsec;
cur->sec=sec;
cur->nsec=nsec;
if (alert) cur->flags|=0x02;
}
return 0;
}
}
prev = cur;
cur = cur->next;
i++;
}
// If we get here, then there was no entry for that IP yet!
// Create new arp_table entry:
cur = (struct arp_table_struct *) malloc(sizeof(struct arp_table_struct));
if (cur==NULL) return 1;
// Append element:
if (dev->arp_table==NULL) dev->arp_table = cur;
else prev->next = cur;
memcpy((void*) cur->sa, (void*) sa, 6);
memcpy((void*) cur->smac, (void*) smac, 6);
cur->smac_prev[0]=0x00;
cur->smac_prev[1]=0x00;
cur->smac_prev[2]=0x00;
cur->smac_prev[3]=0x00;
cur->smac_prev[4]=0x00;
cur->smac_prev[5]=0x00;
memcpy((void*) cur->sip, (void*) sip, 4);
if (da[0]==0xff) {
cur->bc_resp=1;
cur->uni_resp=0;
} else {
cur->bc_resp=0;
cur->uni_resp=1;
}
cur->changed=1;
cur->locked=0;
cur->dynamic=1;
cur->flags=0;
cur->sec=sec;
cur->nsec=nsec;
cur->sec_prev=0;
cur->nsec_prev=0;
cur->index=i+1; // I assume users prefer to count from 1.
timestamp_hms(cur->when);
if (alert) cur->flags|=0x02;
cur->next=NULL;
return 0;
}
