int dumpling(u8 * buf, const char *dumpfile, u8 mode)
{
u32 base;
u16 len;
if(mode == NON_LEGACY) {
if(!checksum(buf, buf[0x05]) || !memcmp(buf + 0x10, "_DMI_", 5) == 0 ||
!checksum(buf + 0x10, 0x0F))
return 0;
base = DWORD(buf + 0x18);
len = WORD(buf + 0x16);
} else {
if(!checksum(buf, 0x0F))
return 0;
base = DWORD(buf + 0x08);
len = WORD(buf + 0x06);
}
u8 *buff;
if((buff = mem_chunk(NULL, base, len, DEFAULT_MEM_DEV)) != NULL) {
//. Part 1.
#ifdef NDEBUG
printf("# Writing %d bytes to %s.\n", len, dumpfile);
#endif
write_dump(32, len, buff, dumpfile, 0);
free(buff);
//. Part 2.
if(mode != LEGACY) {
u8 crafted[32];
memcpy(crafted, buf, 32);
overwrite_dmi_address(crafted + 0x10);
#ifdef NDEBUG
printf("# Writing %d bytes to %s.\n", crafted[0x05], dumpfile);
#endif
write_dump(0, crafted[0x05], crafted, dumpfile, 1);
} else {
u8 crafted[16];
memcpy(crafted, buf, 16);
overwrite_dmi_address(crafted);
#ifdef NDEBUG
printf("# Writing %d bytes to %s.\n", 0x0F, dumpfile);
#endif
write_dump(0, 0x0F, crafted, dumpfile, 1);
}
} else {
fprintf(stderr, "Failed to read table, sorry.\n");
}
//. TODO: Cleanup
return 1;
}
int main(int argc, char **argv)
{
char *ptr;
//open_dump("test.out");
open_dump("-");
struct dumper d;
d.width = 16;
d.height = 2;
d.data = malloc( sizeof(char) * d.width * d.height );
memset(d.data, '0', sizeof(char) * d.width * d.height);
ptr = d.data;
ptr[5] = '1';
write_dump(&d);
dump_close();
return 0;
}
static int
send_complete (krb5_context context, slave *s, const char *database,
uint32_t current_version, uint32_t oldest_version,
uint32_t initial_log_tstamp)
{
krb5_error_code ret;
krb5_storage *dump = NULL;
uint32_t vno = 0;
krb5_data data;
int fd = -1;
struct stat st;
char *dfn;
ret = asprintf(&dfn, "%s/ipropd.dumpfile", hdb_db_dir(context));
if (ret == -1 || !dfn) {
krb5_warn(context, ENOMEM, "Cannot allocate memory");
return ENOMEM;
}
fd = open(dfn, O_CREAT|O_RDWR, 0600);
if (fd == -1) {
ret = errno;
krb5_warn(context, ret, "Cannot open/create iprop dumpfile %s", dfn);
free(dfn);
return ret;
}
free(dfn);
dump = krb5_storage_from_fd(fd);
if (!dump) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_from_fd");
goto done;
}
for (;;) {
ret = flock(fd, LOCK_SH);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "flock(fd, LOCK_SH)");
goto done;
}
if (krb5_storage_seek(dump, 0, SEEK_SET) == (off_t)-1) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_seek(dump, 0, SEEK_SET)");
goto done;
}
vno = 0;
ret = krb5_ret_uint32(dump, &vno);
if (ret && ret != HEIM_ERR_EOF) {
krb5_warn(context, ret, "krb5_ret_uint32(dump, &vno)");
goto done;
}
if (fstat(fd, &st) == -1) {
ret = errno;
krb5_warn(context, ret, "send_complete: could not stat dump file");
goto done;
}
/*
* If the current dump has an appropriate version, then we can
* break out of the loop and send the file below.
*/
if (ret == 0 && vno != 0 && st.st_mtime > initial_log_tstamp &&
vno >= oldest_version && vno <= current_version)
break;
if (verbose)
krb5_warnx(context, "send_complete: dumping HDB");
/*
* Otherwise, we may need to write a new dump file. We
* obtain an exclusive lock on the fd. Because this is
* not guaranteed to be an upgrade of our existing shared
* lock, someone else may have written a new dumpfile while
* we were waiting and so we must first check the vno of
* the dump to see if that happened. If it did, we need
* to go back to the top of the loop so that we can downgrade
* our lock to a shared one.
*/
ret = flock(fd, LOCK_EX);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "flock(fd, LOCK_EX)");
goto done;
}
ret = krb5_storage_seek(dump, 0, SEEK_SET);
if (ret == -1) {
ret = errno;
krb5_warn(context, ret, "krb5_storage_seek(dump, 0, SEEK_SET)");
goto done;
}
vno = 0;
ret = krb5_ret_uint32(dump, &vno);
if (ret && ret != HEIM_ERR_EOF) {
krb5_warn(context, ret, "krb5_ret_uint32(dump, &vno)");
goto done;
}
if (fstat(fd, &st) == -1) {
ret = errno;
krb5_warn(context, ret, "send_complete: could not stat dump file");
goto done;
}
/* check if someone wrote a better version for us */
if (ret == 0 && vno != 0 && st.st_mtime > initial_log_tstamp &&
vno >= oldest_version && vno <= current_version)
continue;
/* Now, we know that we must write a new dump file. */
ret = write_dump(context, dump, database, current_version);
if (ret)
goto done;
/*
* And we must continue to the top of the loop so that we can
* downgrade to a shared lock.
*/
}
/*
* Leaving the above loop, dump should have a ptr right after the initial
* 4 byte DB version number and we should have a shared lock on the file
* (which we may have just created), so we are reading to simply blast
* the data down the wire.
*/
for (;;) {
ret = krb5_ret_data(dump, &data);
if (ret == HEIM_ERR_EOF) {
ret = 0; /* EOF is not an error, it's success */
goto done;
}
if (ret) {
krb5_warn(context, ret, "krb5_ret_data(dump, &data)");
slave_dead(context, s);
goto done;
}
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
krb5_data_free(&data);
if (ret) {
krb5_warn (context, ret, "krb5_write_priv_message");
slave_dead(context, s);
goto done;
}
}
done:
if (!ret) {
s->version = vno;
slave_seen(s);
}
if (fd != -1)
close(fd);
if (dump)
krb5_storage_free(dump);
return ret;
}
void process_packet(struct pcap_pkthdr* pkthdr, u_char* packet) {
struct eth_hdr *eth;
struct ip_hdr *ip;
struct tcp_hdr *tcp;
char *payload;
int size_ip, size_tcp, payload_size;
u_int mp3_len;
struct dump *dp;
// --------------------------------------------------------
eth = (struct eth_hdr *) packet;
if (ntohs (eth->ether_type) != 0x0800)
{
return;
}
ip = (struct ip_hdr*)(packet + SIZE_ETHERNET);
if (ip->ip_p != IPPROTO_TCP) {
return;
}
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf("Invalid IP header length: %u bytes\n", size_ip);
return;
}
tcp = (struct tcp_hdr*)(packet + SIZE_ETHERNET + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf("Invalid TCP header length: %u bytes\n", size_tcp);
return;
}
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
payload_size = ntohs(ip->ip_len) - (size_ip + size_tcp);
// --------------------------------------------------------
//check_old_streams();
if ((dp = get_dump_stream(ntohs(tcp->th_dport))) != NULL) {
if (dp->next_seq != ntohl(tcp->th_seq)) {
struct payload *old;
//printf("invalid seq number got: %u expected: %u\n", ntohl(tcp->th_seq), dp->next_seq);
store_packet(dp, ntohl(tcp->th_seq), payload, payload_size);
/* try to find the valid packet */
old = find_valid_seq(dp, ntohl(tcp->th_seq));
if (old) {
write_dump(dp, old->data, old->length);
return;
}
if (++dp->fail_count > 5) {
close_dump_stream(dp, 1);
}
return;
}
write_dump(dp, payload, payload_size);
}
else if ((mp3_len = contain_mp3(payload, payload_size)) > 0) {
char *start;
start = strstr(payload, "\r\n\r\n") + 4;
dp = create_dump_stream(ntohs(tcp->th_dport), ntohl(tcp->th_seq), mp3_len, payload, payload_size, start);
dp->current_size += payload_size - (start - payload);
fwrite(start, 1, dp->current_size, dp->file);
dp->next_seq += payload_size;
}
}
