static void test_compare_mac() { uint8_t mac1[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; uint8_t mac2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; assert_true( compare_mac( mac1, mac1 ) ); assert_false( compare_mac( mac1, mac2 ) ); }
/* Callback function invoked by libpcap for every incoming packet */ void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data) { struct tm ltime; char timestr[16]; ip_header *ih; arp_header *ah; u_int ip_len; time_t local_tv_sec; /* * Unused variable */ (VOID)(param); mac_address target_mac; target_mac.byte1 = 0xf0; target_mac.byte2 = 0x27; target_mac.byte3 = 0x2d; target_mac.byte4 = 0x52; target_mac.byte5 = 0x17; target_mac.byte6 = 0xc2; /* convert the timestamp to readable format */ local_tv_sec = header->ts.tv_sec; localtime_s(<ime, &local_tv_sec); strftime(timestr, sizeof timestr, "%H:%M:%S", <ime); /* print timestamp and length of the packet */ printf("%s.%.6d len:%d ", timestr, header->ts.tv_usec, header->len); /* retireve the position of the ip header */ ih = (ip_header *)(pkt_data + 14); //length of ethernet header /* retireve the position of the udp header */ ip_len = (ih->ver_ihl & 0xf) * 4; ah = (arp_header *)((u_char*)ih + ip_len); /* convert from network byte order to host byte order */ //sport = ntohs(uh->sport); //dport = ntohs(uh->dport); /* print ip addresses and udp ports */ printf("Source MAC address: %x:%x:%x:%x:%x:%x\n", ah->sha.byte1, ah->sha.byte2, ah->sha.byte3, ah->sha.byte4, ah->sha.byte5, ah->sha.byte6); if (compare_mac(target_mac, ah->sha)) { printf("ZOMG! I found a dash button!\n"); } }
bool NetGuard_User_State_Check_Maconoff_Enable::checkstate(NetGuard_User_State* state_data) { if (state_data->Getuser().vlan_id != my_instance->mof_vlan_id) //if it is not our vlan -> return false which results in use of another handler return true; ng_slogdebug_spam(Get_Name().c_str(),"check state change for user (user: %s vlan: %d)",inet_ntoa(*(struct in_addr *)&state_data->Getuser().saddr),state_data->Getuser().vlan_id); mac_addr n_hw_addr = {0,0,0,0,0,0}; if (compare_mac(state_data->params()->GetMac("mac"),&n_hw_addr)) { ng_slogerror(Get_Name().c_str(),"invalid enabled state - no mac in params (user: %s vlan: %d)",inet_ntoa(*(struct in_addr *)&state_data->Getuser().saddr),state_data->Getuser().vlan_id); return false; } return true; }
// Add new entry in device-specific ARP table // but first check if already existing or change. // // RETURN VALUE: 0 upon success // 1 upon error // int arptable_add(struct device_struct *dev, u_int8_t *sa, u_int8_t *da, u_int8_t *smac, u_int8_t *sip, u_int32_t sec, u_int32_t nsec) { struct arp_table_struct *prev=NULL, *cur = dev->arp_table; int i=0, alert=0; // If SA and SMAC are different this might be a MITM !!! if (compare_mac(smac, sa)) alert=1; // Check if IP (sip) is already existing in arp table: while (cur!=NULL) { if (compare_ip(sip, cur->sip)==0) { // IP found! timestamp_hms(cur->when); if (da[0]==0xff) cur->bc_resp++; else cur->uni_resp++; if (compare_mac(smac, cur->smac)==0) { // entry identical ! cur->sec=sec; cur->nsec=nsec; return 0; } else { // entry with other MAC address found ! if (cur->locked==0) { cur->changed++; memcpy((void*) cur->smac_prev, (void*) cur->smac, 6); memcpy((void*) cur->smac, (void*) smac, 6); cur->sec_prev=cur->sec; cur->nsec_prev=cur->nsec; cur->sec=sec; cur->nsec=nsec; if (alert) cur->flags|=0x02; } return 0; } } prev = cur; cur = cur->next; i++; } // If we get here, then there was no entry for that IP yet! // Create new arp_table entry: cur = (struct arp_table_struct *) malloc(sizeof(struct arp_table_struct)); if (cur==NULL) return 1; // Append element: if (dev->arp_table==NULL) dev->arp_table = cur; else prev->next = cur; memcpy((void*) cur->sa, (void*) sa, 6); memcpy((void*) cur->smac, (void*) smac, 6); cur->smac_prev[0]=0x00; cur->smac_prev[1]=0x00; cur->smac_prev[2]=0x00; cur->smac_prev[3]=0x00; cur->smac_prev[4]=0x00; cur->smac_prev[5]=0x00; memcpy((void*) cur->sip, (void*) sip, 4); if (da[0]==0xff) { cur->bc_resp=1; cur->uni_resp=0; } else { cur->bc_resp=0; cur->uni_resp=1; } cur->changed=1; cur->locked=0; cur->dynamic=1; cur->flags=0; cur->sec=sec; cur->nsec=nsec; cur->sec_prev=0; cur->nsec_prev=0; cur->index=i+1; // I assume users prefer to count from 1. timestamp_hms(cur->when); if (alert) cur->flags|=0x02; cur->next=NULL; return 0; }