Exemple #1
0
static int Syslog_FormatIPHeaderLog(OpSyslog_Data *data, Packet *p) 
{

    unsigned int s, d, proto, ver, hlen, tos, len, id, off, ttl, csum;
    s=d=proto=ver=hlen=tos=len=id=off=ttl=csum=0;

    if(p->iph) 
    {
	if(p->iph->ip_src.s_addr)
	    s = ntohl( p->iph->ip_src.s_addr);
	if(p->iph->ip_dst.s_addr)
	    d = ntohl( p->iph->ip_dst.s_addr);
	if(p->iph->ip_proto)
	    proto = p->iph->ip_proto;
	if(IP_VER(p->iph))
	    ver = IP_VER(p->iph);
	if(IP_HLEN(p->iph))
	    ver = IP_HLEN(p->iph);
	if(p->iph->ip_tos)
	    tos = p->iph->ip_tos;
	if(p->iph->ip_len)
	    len = ntohs(p->iph->ip_len);
	if(p->iph->ip_id)
	    id = ntohs(p->iph->ip_id);
	if(p->iph->ip_off)
	    off = (p->iph->ip_off);
	if(p->iph->ip_ttl)
	    ttl = (p->iph->ip_ttl);
	if(p->iph->ip_csum)
	    ttl = htons(p->iph->ip_csum);
    }
    
    if( (data->format_current_pos += snprintf(data->formatBuffer,SYSLOG_MAX_QUERY_SIZE,
					      "%u%c%u%c%u%c%u%c%u%c%u%c%u%c%u%c%u%c%u%c%u%c%u",
					      proto,data->field_separators, 
					      s, data->field_separators, 
					      d, data->field_separators, 
					      ver, data->field_separators, 
					      hlen, data->field_separators, 
					      tos, data->field_separators, 
					      len, data->field_separators, 
					      id, data->field_separators, 
#if defined(WORDS_BIGENDIAN)
					      ((off & 0xE000) >> 13),data->field_separators, 
					      htons(off & 0x1FFF),data->field_separators, 
#else
					      ((off & 0x00E0) >> 5),data->field_separators, 
					      htons(off & 0xFF1F), data->field_separators, 
#endif	     
					      ttl,data->field_separators, 
					      csum)) >= SYSLOG_MAX_QUERY_SIZE)
    {
	/* XXX */
	return 1;
    }

    return OpSyslog_Concat(data);
}
Exemple #2
0
int InsertIPData(OpAcidDb_Data *op_data, Packet *p)
{
    if(op_data->detail)
    {
        if(snprintf(sql_buffer, MAX_QUERY_SIZE,
                "INSERT INTO iphdr(sid, cid, ip_src, ip_dst, ip_proto, "
                "ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, "
                "ip_ttl, ip_csum) VALUES('%u', '%u', '%u', '%u', '%u', "
                "'%u', '%u', '%u', '%u', '%u', '%u', '%u', "
                "'%u', '%u')",
                op_data->sensor_id, op_data->event_id, 
                ntohl(p->iph->ip_src.s_addr), ntohl(p->iph->ip_dst.s_addr), 
                p->iph->ip_proto, IP_VER(p->iph), IP_HLEN(p->iph),
                p->iph->ip_tos, ntohs(p->iph->ip_len), ntohs(p->iph->ip_id),
#if defined(WORDS_BIGENDIAN)
                ((p->iph->ip_off & 0xE000) >> 13),
                htons(p->iph->ip_off & 0x1FFF),
#else
                ((p->iph->ip_off & 0x00E0) >> 5),
                htons(p->iph->ip_off & 0xFF1F), 
#endif
                p->iph->ip_ttl,
                htons(p->iph->ip_csum)) < MAX_QUERY_SIZE)
        {
            Insert(op_data, sql_buffer, NULL);  /* XXX: Error Checking */
        }
        /* XXX: IP Options not handled */
    }
    else
    {
        if(snprintf(sql_buffer, MAX_QUERY_SIZE,
Exemple #3
0
void print_packet(const struct sniff_ethernet *eth,
		 const struct sniff_ip *ip,
		 const struct sniff_tcp *tcp)
{	
	/* Ethernet */
	printf("DADDR:"); print_ethernet_addr(eth->dest_host);
	printf("SADDR:"); print_ethernet_addr(eth->src_host);
	printf("TYPE:%u\n", eth->ether_type);
	/* IP */
	printf(	"\tVERSION: %u\n"
		"\tHEADER LENGTH: %u\n"
		"\tTOTAL LENGTH: %u\n"
		"\tTOS: %u\n"
		"\tTTL: %u\n",
		IP_VER(ip),
		IP_HL(ip),
		ip->ip_len,
		ip->ip_tos,
		ip->ip_ttl);

	/* TCP */
	printf(	"\t\tSPORT: %u\n"
		"\t\tDPORT: %u\n"
		"\t\tSEQ: %u\n"
		"\t\tACK: %u\n", 
		ntohs(tcp->th_sport),
		ntohs(tcp->th_dport),
		tcp->th_seq,
		tcp->th_ack);
}
bool
dhd_tcpdata_info_get(dhd_pub_t *dhdp, void *pkt)
{
	uint8 *ether_hdr;	/* Ethernet header of the new packet */
	uint16 ether_type;	/* Ethernet type of the new packet */
	uint8 *ip_hdr;		/* IP header of the new packet */
	uint8 *tcp_hdr;		/* TCP header of the new packet */
	uint32 ip_hdr_len;	/* IP header length of the new packet */
	uint32 cur_framelen;
	uint16 ip_total_len;	/* Total length of IP packet for the new packet */
	uint32 tcp_hdr_len;		/* TCP header length of the new packet */
	uint32 tcp_seq_num;		/* TCP sequence number of the new packet */
	uint16 tcp_data_len;	/* TCP DATA length that excludes IP and TCP headers */
	uint32 end_tcp_seq_num;	/* TCP seq number of the last byte in the new packet */
	tcpack_sup_module_t *tcpack_sup_mod;
	tcpdata_info_t *tcpdata_info = NULL;
	tdata_psh_info_t *tdata_psh_info;

	int i;
	bool ret = FALSE;

	if (dhdp->tcpack_sup_mode != TCPACK_SUP_DELAYTX)
		goto exit;

	ether_hdr = PKTDATA(dhdp->osh, pkt);
	cur_framelen = PKTLEN(dhdp->osh, pkt);

	ether_type = ether_hdr[12] << 8 | ether_hdr[13];

	if (ether_type != ETHER_TYPE_IP) {
		DHD_TRACE(("%s %d: Not a IP packet 0x%x\n",
			__FUNCTION__, __LINE__, ether_type));
		goto exit;
	}

	DHD_TRACE(("%s %d: IP pkt! 0x%x\n", __FUNCTION__, __LINE__, ether_type));

	ip_hdr = ether_hdr + ETHER_HDR_LEN;
	cur_framelen -= ETHER_HDR_LEN;

	ASSERT(cur_framelen >= IPV4_MIN_HEADER_LEN);

	ip_hdr_len = IPV4_HLEN(ip_hdr);
	if (IP_VER(ip_hdr) != IP_VER_4 || IPV4_PROT(ip_hdr) != IP_PROT_TCP) {
		DHD_TRACE(("%s %d: Not IPv4 nor TCP! ip ver %d, prot %d\n",
			__FUNCTION__, __LINE__, IP_VER(ip_hdr), IPV4_PROT(ip_hdr)));
		goto exit;
	}

	tcp_hdr = ip_hdr + ip_hdr_len;
	cur_framelen -= ip_hdr_len;

	ASSERT(cur_framelen >= TCP_MIN_HEADER_LEN);

	DHD_TRACE(("%s %d: TCP pkt!\n", __FUNCTION__, __LINE__));

	ip_total_len = ntoh16_ua(&ip_hdr[IPV4_PKTLEN_OFFSET]);
	tcp_hdr_len = 4 * TCP_HDRLEN(tcp_hdr[TCP_HLEN_OFFSET]);

	/* This packet is mere TCP ACK, so do nothing */
	if (ip_total_len == ip_hdr_len + tcp_hdr_len) {
		DHD_TRACE(("%s %d: Do nothing for no data TCP ACK\n", __FUNCTION__, __LINE__));
		goto exit;
	}

	ASSERT(ip_total_len > ip_hdr_len + tcp_hdr_len);

	if ((tcp_hdr[TCP_FLAGS_OFFSET] & TCP_FLAG_PSH) == 0) {
		DHD_TRACE(("%s %d: Not interested TCP DATA packet\n", __FUNCTION__, __LINE__));
		goto exit;
	}

	DHD_TRACE(("%s %d: TCP DATA with nonzero DATA length"
		" IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR" TCP port %d %d, flag 0x%x\n",
		__FUNCTION__, __LINE__,
		IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_SRC_IP_OFFSET])),
		IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_DEST_IP_OFFSET])),
		ntoh16_ua(&tcp_hdr[TCP_SRC_PORT_OFFSET]),
		ntoh16_ua(&tcp_hdr[TCP_DEST_PORT_OFFSET]),
		tcp_hdr[TCP_FLAGS_OFFSET]));

	dhd_os_tcpacklock(dhdp);
	tcpack_sup_mod = dhdp->tcpack_sup_module;

	if (!tcpack_sup_mod) {
		DHD_ERROR(("%s %d: tcpack suppress module NULL!!\n", __FUNCTION__, __LINE__));
		ret = BCME_ERROR;
		dhd_os_tcpackunlock(dhdp);
		goto exit;
	}

	/* Look for tcpdata_info that has the same ip src/dst addrs and tcp src/dst ports */
	i = 0;
	while (i < tcpack_sup_mod->tcpdata_info_cnt) {
		tcpdata_info_t *tdata_info_tmp = &tcpack_sup_mod->tcpdata_info_tbl[i];
		uint32 now_in_ms = OSL_SYSUPTIME();
		DHD_TRACE(("%s %d: data info[%d], IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR
			" TCP port %d %d\n", __FUNCTION__, __LINE__, i,
			IPV4_ADDR_TO_STR(ntoh32_ua(tdata_info_tmp->src_ip_addr)),
			IPV4_ADDR_TO_STR(ntoh32_ua(tdata_info_tmp->dst_ip_addr)),
			ntoh16_ua(tdata_info_tmp->src_tcp_port),
			ntoh16_ua(tdata_info_tmp->dst_tcp_port)));

		/* If both IP address and TCP port number match, we found it so break. */
		if (memcmp(&ip_hdr[IPV4_SRC_IP_OFFSET],
			tdata_info_tmp->src_ip_addr, IPV4_ADDR_LEN * 2) == 0 &&
			memcmp(&tcp_hdr[TCP_SRC_PORT_OFFSET],
			tdata_info_tmp->src_tcp_port, TCP_PORT_LEN * 2) == 0) {
			tcpdata_info = tdata_info_tmp;
			tcpdata_info->last_used_time = now_in_ms;
			break;
		}

		if (now_in_ms - tdata_info_tmp->last_used_time > TCPDATA_INFO_TIMEOUT) {
			tdata_psh_info_t *tdata_psh_info_tmp;
			tcpdata_info_t *last_tdata_info;

			while ((tdata_psh_info_tmp = tdata_info_tmp->tdata_psh_info_head)) {
				tdata_info_tmp->tdata_psh_info_head = tdata_psh_info_tmp->next;
				tdata_psh_info_tmp->next = NULL;
				DHD_TRACE(("%s %d: Clean tdata_psh_info(end_seq %u)!\n",
					__FUNCTION__, __LINE__, tdata_psh_info_tmp->end_seq));
				_tdata_psh_info_pool_enq(tcpack_sup_mod, tdata_psh_info_tmp);
			}
#ifdef DHDTCPACK_SUP_DBG
			DHD_ERROR(("%s %d: PSH INFO ENQ %d\n",
				__FUNCTION__, __LINE__, tcpack_sup_mod->psh_info_enq_num));
#endif /* DHDTCPACK_SUP_DBG */
			tcpack_sup_mod->tcpdata_info_cnt--;
			ASSERT(tcpack_sup_mod->tcpdata_info_cnt >= 0);

			last_tdata_info =
				&tcpack_sup_mod->tcpdata_info_tbl[tcpack_sup_mod->tcpdata_info_cnt];
			if (i < tcpack_sup_mod->tcpdata_info_cnt) {
				ASSERT(last_tdata_info != tdata_info_tmp);
				bcopy(last_tdata_info, tdata_info_tmp, sizeof(tcpdata_info_t));
			}
			bzero(last_tdata_info, sizeof(tcpdata_info_t));
			DHD_TRACE(("%s %d: tcpdata_info(idx %d) is aged out. ttl cnt is now %d\n",
				__FUNCTION__, __LINE__, i, tcpack_sup_mod->tcpdata_info_cnt));
			/* Don't increase "i" here, so that the prev last tcpdata_info is checked */
		} else
			 i++;
	}

	tcp_seq_num = ntoh32_ua(&tcp_hdr[TCP_SEQ_NUM_OFFSET]);
	tcp_data_len = ip_total_len - ip_hdr_len - tcp_hdr_len;
	end_tcp_seq_num = tcp_seq_num + tcp_data_len;

	if (tcpdata_info == NULL) {
		ASSERT(i == tcpack_sup_mod->tcpdata_info_cnt);
		if (i >= TCPDATA_INFO_MAXNUM) {
			DHD_TRACE(("%s %d: tcp_data_info_tbl FULL! %d %d"
				" IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR" TCP port %d %d\n",
				__FUNCTION__, __LINE__, i, tcpack_sup_mod->tcpdata_info_cnt,
				IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_SRC_IP_OFFSET])),
				IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_DEST_IP_OFFSET])),
				ntoh16_ua(&tcp_hdr[TCP_SRC_PORT_OFFSET]),
				ntoh16_ua(&tcp_hdr[TCP_DEST_PORT_OFFSET])));
			dhd_os_tcpackunlock(dhdp);
			goto exit;
		}
		tcpdata_info = &tcpack_sup_mod->tcpdata_info_tbl[i];

		/* No TCP flow with the same IP addr and TCP port is found
		 * in tcp_data_info_tbl. So add this flow to the table.
		 */
		DHD_TRACE(("%s %d: Add data info to tbl[%d]: IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR
			" TCP port %d %d\n",
			__FUNCTION__, __LINE__, tcpack_sup_mod->tcpdata_info_cnt,
			IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_SRC_IP_OFFSET])),
			IPV4_ADDR_TO_STR(ntoh32_ua(&ip_hdr[IPV4_DEST_IP_OFFSET])),
			ntoh16_ua(&tcp_hdr[TCP_SRC_PORT_OFFSET]),
			ntoh16_ua(&tcp_hdr[TCP_DEST_PORT_OFFSET])));

		bcopy(&ip_hdr[IPV4_SRC_IP_OFFSET], tcpdata_info->src_ip_addr,
			IPV4_ADDR_LEN * 2);
		bcopy(&tcp_hdr[TCP_SRC_PORT_OFFSET], tcpdata_info->src_tcp_port,
			TCP_PORT_LEN * 2);

		tcpdata_info->last_used_time = OSL_SYSUPTIME();
		tcpack_sup_mod->tcpdata_info_cnt++;
	}

	ASSERT(tcpdata_info != NULL);

	tdata_psh_info = _tdata_psh_info_pool_deq(tcpack_sup_mod);
#ifdef DHDTCPACK_SUP_DBG
	DHD_TRACE(("%s %d: PSH INFO ENQ %d\n",
		__FUNCTION__, __LINE__, tcpack_sup_mod->psh_info_enq_num));
#endif /* DHDTCPACK_SUP_DBG */

	if (tdata_psh_info == NULL) {
		DHD_ERROR(("%s %d: No more free tdata_psh_info!!\n", __FUNCTION__, __LINE__));
		ret = BCME_ERROR;
		dhd_os_tcpackunlock(dhdp);
		goto exit;
	}
	tdata_psh_info->end_seq = end_tcp_seq_num;

#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
	tack_tbl.cnt[4]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */

	DHD_TRACE(("%s %d: TCP PSH DATA recvd! end seq %u\n",
		__FUNCTION__, __LINE__, tdata_psh_info->end_seq));

	ASSERT(tdata_psh_info->next == NULL);

	if (tcpdata_info->tdata_psh_info_head == NULL)
		tcpdata_info->tdata_psh_info_head = tdata_psh_info;
	else {
		ASSERT(tcpdata_info->tdata_psh_info_tail);
		tcpdata_info->tdata_psh_info_tail->next = tdata_psh_info;
	}
	tcpdata_info->tdata_psh_info_tail = tdata_psh_info;

	dhd_os_tcpackunlock(dhdp);

exit:
	return ret;
}
bool
dhd_tcpack_suppress(dhd_pub_t *dhdp, void *pkt)
{
	uint8 *new_ether_hdr;	/* Ethernet header of the new packet */
	uint16 new_ether_type;	/* Ethernet type of the new packet */
	uint8 *new_ip_hdr;		/* IP header of the new packet */
	uint8 *new_tcp_hdr;		/* TCP header of the new packet */
	uint32 new_ip_hdr_len;	/* IP header length of the new packet */
	uint32 cur_framelen;
	uint32 new_tcp_ack_num;		/* TCP acknowledge number of the new packet */
	uint16 new_ip_total_len;	/* Total length of IP packet for the new packet */
	uint32 new_tcp_hdr_len;		/* TCP header length of the new packet */
	tcpack_sup_module_t *tcpack_sup_mod;
	tcpack_info_t *tcpack_info_tbl;
	int i;
	bool ret = FALSE;
	bool set_dotxinrx = TRUE;

	if (dhdp->tcpack_sup_mode == TCPACK_SUP_OFF)
		goto exit;

	new_ether_hdr = PKTDATA(dhdp->osh, pkt);
	cur_framelen = PKTLEN(dhdp->osh, pkt);

	if (cur_framelen < TCPACKSZMIN || cur_framelen > TCPACKSZMAX) {
		DHD_TRACE(("%s %d: Too short or long length %d to be TCP ACK\n",
			__FUNCTION__, __LINE__, cur_framelen));
		goto exit;
	}

	new_ether_type = new_ether_hdr[12] << 8 | new_ether_hdr[13];

	if (new_ether_type != ETHER_TYPE_IP) {
		DHD_TRACE(("%s %d: Not a IP packet 0x%x\n",
			__FUNCTION__, __LINE__, new_ether_type));
		goto exit;
	}

	DHD_TRACE(("%s %d: IP pkt! 0x%x\n", __FUNCTION__, __LINE__, new_ether_type));

	new_ip_hdr = new_ether_hdr + ETHER_HDR_LEN;
	cur_framelen -= ETHER_HDR_LEN;

	ASSERT(cur_framelen >= IPV4_MIN_HEADER_LEN);

	new_ip_hdr_len = IPV4_HLEN(new_ip_hdr);
	if (IP_VER(new_ip_hdr) != IP_VER_4 || IPV4_PROT(new_ip_hdr) != IP_PROT_TCP) {
		DHD_TRACE(("%s %d: Not IPv4 nor TCP! ip ver %d, prot %d\n",
			__FUNCTION__, __LINE__, IP_VER(new_ip_hdr), IPV4_PROT(new_ip_hdr)));
		goto exit;
	}

	new_tcp_hdr = new_ip_hdr + new_ip_hdr_len;
	cur_framelen -= new_ip_hdr_len;

	ASSERT(cur_framelen >= TCP_MIN_HEADER_LEN);

	DHD_TRACE(("%s %d: TCP pkt!\n", __FUNCTION__, __LINE__));

	/* is it an ack ? Allow only ACK flag, not to suppress others. */
	if (new_tcp_hdr[TCP_FLAGS_OFFSET] != TCP_FLAG_ACK) {
		DHD_TRACE(("%s %d: Do not touch TCP flag 0x%x\n",
			__FUNCTION__, __LINE__, new_tcp_hdr[TCP_FLAGS_OFFSET]));
		goto exit;
	}

	new_ip_total_len = ntoh16_ua(&new_ip_hdr[IPV4_PKTLEN_OFFSET]);
	new_tcp_hdr_len = 4 * TCP_HDRLEN(new_tcp_hdr[TCP_HLEN_OFFSET]);

	/* This packet has TCP data, so just send */
	if (new_ip_total_len > new_ip_hdr_len + new_tcp_hdr_len) {
		DHD_TRACE(("%s %d: Do nothing for TCP DATA\n", __FUNCTION__, __LINE__));
		goto exit;
	}

	ASSERT(new_ip_total_len == new_ip_hdr_len + new_tcp_hdr_len);

	new_tcp_ack_num = ntoh32_ua(&new_tcp_hdr[TCP_ACK_NUM_OFFSET]);

	DHD_TRACE(("%s %d: TCP ACK with zero DATA length"
		" IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR" TCP port %d %d\n",
		__FUNCTION__, __LINE__,
		IPV4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_SRC_IP_OFFSET])),
		IPV4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_DEST_IP_OFFSET])),
		ntoh16_ua(&new_tcp_hdr[TCP_SRC_PORT_OFFSET]),
		ntoh16_ua(&new_tcp_hdr[TCP_DEST_PORT_OFFSET])));

	/* Look for tcp_ack_info that has the same ip src/dst addrs and tcp src/dst ports */
	dhd_os_tcpacklock(dhdp);
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
	counter_printlog(&tack_tbl);
	tack_tbl.cnt[0]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */

	tcpack_sup_mod = dhdp->tcpack_sup_module;
	tcpack_info_tbl = tcpack_sup_mod->tcpack_info_tbl;

	if (!tcpack_sup_mod) {
		DHD_ERROR(("%s %d: tcpack suppress module NULL!!\n", __FUNCTION__, __LINE__));
		ret = BCME_ERROR;
		dhd_os_tcpackunlock(dhdp);
		goto exit;
	}

	if (dhd_tcpdata_psh_acked(dhdp, new_ip_hdr, new_tcp_hdr, new_tcp_ack_num)) {
		/* This TCPACK is ACK to TCPDATA PSH pkt, so keep set_dotxinrx TRUE */
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
		tack_tbl.cnt[5]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */
	} else
		set_dotxinrx = FALSE;

	for (i = 0; i < tcpack_sup_mod->tcpack_info_cnt; i++) {
		void *oldpkt;	/* TCPACK packet that is already in txq or DelayQ */
		uint8 *old_ether_hdr, *old_ip_hdr, *old_tcp_hdr;
		uint32 old_ip_hdr_len, old_tcp_hdr_len;
		uint32 old_tcpack_num;	/* TCP ACK number of old TCPACK packet in Q */

		if ((oldpkt = tcpack_info_tbl[i].pkt_in_q) == NULL) {
			DHD_ERROR(("%s %d: Unexpected error!! cur idx %d, ttl cnt %d\n",
				__FUNCTION__, __LINE__, i, tcpack_sup_mod->tcpack_info_cnt));
			break;
		}

		if (PKTDATA(dhdp->osh, oldpkt) == NULL) {
			DHD_ERROR(("%s %d: oldpkt data NULL!! cur idx %d, ttl cnt %d\n",
				__FUNCTION__, __LINE__, i, tcpack_sup_mod->tcpack_info_cnt));
			break;
		}

		old_ether_hdr = tcpack_info_tbl[i].pkt_ether_hdr;
		old_ip_hdr = old_ether_hdr + ETHER_HDR_LEN;
		old_ip_hdr_len = IPV4_HLEN(old_ip_hdr);
		old_tcp_hdr = old_ip_hdr + old_ip_hdr_len;
		old_tcp_hdr_len = 4 * TCP_HDRLEN(old_tcp_hdr[TCP_HLEN_OFFSET]);

		DHD_TRACE(("%s %d: oldpkt %p[%d], IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR
			" TCP port %d %d\n", __FUNCTION__, __LINE__, oldpkt, i,
			IPV4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_SRC_IP_OFFSET])),
			IPV4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_DEST_IP_OFFSET])),
			ntoh16_ua(&old_tcp_hdr[TCP_SRC_PORT_OFFSET]),
			ntoh16_ua(&old_tcp_hdr[TCP_DEST_PORT_OFFSET])));

		/* If either of IP address or TCP port number does not match, skip. */
		if (memcmp(&new_ip_hdr[IPV4_SRC_IP_OFFSET],
			&old_ip_hdr[IPV4_SRC_IP_OFFSET], IPV4_ADDR_LEN * 2) ||
			memcmp(&new_tcp_hdr[TCP_SRC_PORT_OFFSET],
			&old_tcp_hdr[TCP_SRC_PORT_OFFSET], TCP_PORT_LEN * 2))
			continue;

		old_tcpack_num = ntoh32_ua(&old_tcp_hdr[TCP_ACK_NUM_OFFSET]);

		if (IS_TCPSEQ_GT(new_tcp_ack_num, old_tcpack_num)) {
			/* New packet has higher TCP ACK number, so it replaces the old packet */
			if (new_ip_hdr_len == old_ip_hdr_len &&
				new_tcp_hdr_len == old_tcp_hdr_len) {
				ASSERT(memcmp(new_ether_hdr, old_ether_hdr, ETHER_HDR_LEN) == 0);
				bcopy(new_ip_hdr, old_ip_hdr, new_ip_total_len);
				PKTFREE(dhdp->osh, pkt, FALSE);
				DHD_TRACE(("%s %d: TCP ACK replace %u -> %u\n",
					__FUNCTION__, __LINE__, old_tcpack_num, new_tcp_ack_num));
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
				tack_tbl.cnt[2]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */
				ret = TRUE;
			} else {
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
				tack_tbl.cnt[6]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */
				DHD_TRACE(("%s %d: lenth mismatch %d != %d || %d != %d"
					" ACK %u -> %u\n", __FUNCTION__, __LINE__,
					new_ip_hdr_len, old_ip_hdr_len,
					new_tcp_hdr_len, old_tcp_hdr_len,
					old_tcpack_num, new_tcp_ack_num));
			}
		} else if (new_tcp_ack_num == old_tcpack_num) {
			set_dotxinrx = TRUE;
			/* TCPACK retransmission */
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
			tack_tbl.cnt[3]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */
		} else {
			DHD_TRACE(("%s %d: ACK number reverse old %u(0x%p) new %u(0x%p)\n",
				__FUNCTION__, __LINE__, old_tcpack_num, oldpkt,
				new_tcp_ack_num, pkt));
		}
		dhd_os_tcpackunlock(dhdp);
		goto exit;
	}

	if (i == tcpack_sup_mod->tcpack_info_cnt && i < TCPACK_INFO_MAXNUM) {
		/* No TCPACK packet with the same IP addr and TCP port is found
		 * in tcp_ack_info_tbl. So add this packet to the table.
		 */
		DHD_TRACE(("%s %d: Add pkt 0x%p(ether_hdr 0x%p) to tbl[%d]\n",
			__FUNCTION__, __LINE__, pkt, new_ether_hdr,
			tcpack_sup_mod->tcpack_info_cnt));

		tcpack_info_tbl[tcpack_sup_mod->tcpack_info_cnt].pkt_in_q = pkt;
		tcpack_info_tbl[tcpack_sup_mod->tcpack_info_cnt].pkt_ether_hdr = new_ether_hdr;
		tcpack_sup_mod->tcpack_info_cnt++;
#if defined(DEBUG_COUNTER) && defined(DHDTCPACK_SUP_DBG)
		tack_tbl.cnt[1]++;
#endif /* DEBUG_COUNTER && DHDTCPACK_SUP_DBG */
	} else {
		ASSERT(i == tcpack_sup_mod->tcpack_info_cnt);
		DHD_TRACE(("%s %d: No empty tcp ack info tbl\n",
			__FUNCTION__, __LINE__));
	}
	dhd_os_tcpackunlock(dhdp);

exit:
	/* Unless TCPACK_SUP_DELAYTX, dotxinrx is alwasy TRUE, so no need to set here */
	if (dhdp->tcpack_sup_mode == TCPACK_SUP_DELAYTX && set_dotxinrx)
		dhd_bus_set_dotxinrx(dhdp->bus, TRUE);

	return ret;
}
pkt_frag_t pkt_frag_info(osl_t *osh, void *p)
{
	uint8 *frame;
	int length;
	uint8 *pt;			/* Pointer to type field */
	uint16 ethertype;
	struct ipv4_hdr *iph;		/* IP frame pointer */
	int ipl;			/* IP frame length */
	uint16 iph_frag;

	ASSERT(osh && p);

	frame = PKTDATA(osh, p);
	length = PKTLEN(osh, p);

	/* Process Ethernet II or SNAP-encapsulated 802.3 frames */
	if (length < ETHER_HDR_LEN) {
		DHD_INFO(("%s: short eth frame (%d)\n", __FUNCTION__, length));
		return DHD_PKT_FRAG_NONE;
	} else if (ntoh16(*(uint16 *)(frame + ETHER_TYPE_OFFSET)) >= ETHER_TYPE_MIN) {
		/* Frame is Ethernet II */
		pt = frame + ETHER_TYPE_OFFSET;
	} else if (length >= ETHER_HDR_LEN + SNAP_HDR_LEN + ETHER_TYPE_LEN &&
	           !bcmp(llc_snap_hdr, frame + ETHER_HDR_LEN, SNAP_HDR_LEN)) {
		pt = frame + ETHER_HDR_LEN + SNAP_HDR_LEN;
	} else {
		DHD_INFO(("%s: non-SNAP 802.3 frame\n", __FUNCTION__));
		return DHD_PKT_FRAG_NONE;
	}

	ethertype = ntoh16(*(uint16 *)pt);

	/* Skip VLAN tag, if any */
	if (ethertype == ETHER_TYPE_8021Q) {
		pt += VLAN_TAG_LEN;

		if (pt + ETHER_TYPE_LEN > frame + length) {
			DHD_INFO(("%s: short VLAN frame (%d)\n", __FUNCTION__, length));
			return DHD_PKT_FRAG_NONE;
		}

		ethertype = ntoh16(*(uint16 *)pt);
	}

	if (ethertype != ETHER_TYPE_IP) {
		DHD_INFO(("%s: non-IP frame (ethertype 0x%x, length %d)\n",
			__FUNCTION__, ethertype, length));
		return DHD_PKT_FRAG_NONE;
	}

	iph = (struct ipv4_hdr *)(pt + ETHER_TYPE_LEN);
	ipl = (uint)(length - (pt + ETHER_TYPE_LEN - frame));

	/* We support IPv4 only */
	if ((ipl < IPV4_OPTIONS_OFFSET) || (IP_VER(iph) != IP_VER_4)) {
		DHD_INFO(("%s: short frame (%d) or non-IPv4\n", __FUNCTION__, ipl));
		return DHD_PKT_FRAG_NONE;
	}

	iph_frag = ntoh16(iph->frag);

	if (iph_frag & IPV4_FRAG_DONT) {
		return DHD_PKT_FRAG_NONE;
	} else if ((iph_frag & IPV4_FRAG_MORE) == 0) {
		return DHD_PKT_FRAG_LAST;
	} else {
		return (iph_frag & IPV4_FRAG_OFFSET_MASK)? DHD_PKT_FRAG_CONT : DHD_PKT_FRAG_FIRST;
	}
}
Exemple #7
0
static int packet_to_data(Packet *p, Event *event, idmef_alert_t *alert)
{
        int i;
        
        if ( ! p )
            return 0;

        add_int_data(alert, "snort_rule_sid", event->sig_id);
        add_int_data(alert, "snort_rule_rev", event->sig_rev);
        
        if ( p->iph ) {
                add_int_data(alert, "ip_ver", IP_VER(p->iph));
                add_int_data(alert, "ip_hlen", IP_HLEN(p->iph));
                add_int_data(alert, "ip_tos", p->iph->ip_tos);
                add_int_data(alert, "ip_len", ntohs(p->iph->ip_len));
                add_int_data(alert, "ip_id", ntohs(p->iph->ip_id));
                add_int_data(alert, "ip_off", ntohs(p->iph->ip_off));
                add_int_data(alert, "ip_ttl", p->iph->ip_ttl);
                add_int_data(alert, "ip_proto", p->iph->ip_proto);
                add_int_data(alert, "ip_sum", ntohs(p->iph->ip_csum));
                
                for ( i = 0; i < p->ip_option_count; i++ ) {
                        add_int_data(alert, "ip_option_code", p->ip_options[i].code);
                        add_byte_data(alert, "ip_option_data", p->ip_options[i].data, p->ip_options[i].len);        
                }
        }
        
        if ( p->tcph ) {
                add_int_data(alert, "tcp_seq", ntohl(p->tcph->th_seq));
                add_int_data(alert, "tcp_ack", ntohl(p->tcph->th_ack));
                
                add_int_data(alert, "tcp_off", TCP_OFFSET(p->tcph));
                add_int_data(alert, "tcp_res", TCP_X2(p->tcph));
                add_int_data(alert, "tcp_flags", p->tcph->th_flags);

                add_int_data(alert, "tcp_win", ntohs(p->tcph->th_win));
                add_int_data(alert, "tcp_sum", ntohs(p->tcph->th_sum));
                add_int_data(alert, "tcp_urp", ntohs(p->tcph->th_urp));

                
                for ( i = 0; i < p->tcp_option_count; i++ ) {
                        add_int_data(alert, "tcp_option_code", p->tcp_options[i].code);
                        add_byte_data(alert, "tcp_option_data", p->tcp_options[i].data, p->tcp_options[i].len);        
                }
        }

        else if ( p->udph ) {
                add_int_data(alert, "udp_len", ntohs(p->udph->uh_len));
                add_int_data(alert, "udp_sum", ntohs(p->udph->uh_chk));
        }

        else if ( p->icmph ) {
                add_int_data(alert, "icmp_type", p->icmph->type);
                add_int_data(alert, "icmp_code", p->icmph->code);
                add_int_data(alert, "icmp_sum", ntohs(p->icmph->csum));

                switch ( p->icmph->type ) {
                        
                case ICMP_ECHO:
                case ICMP_ECHOREPLY:
                case ICMP_INFO_REQUEST:
                case ICMP_INFO_REPLY:
                case ICMP_ADDRESS:
                case ICMP_TIMESTAMP:
                        add_int_data(alert, "icmp_id", ntohs(p->icmph->s_icmp_id));
                        add_int_data(alert, "icmp_seq", ntohs(p->icmph->s_icmp_seq));
                        break;
                        
                case ICMP_ADDRESSREPLY:
                        add_int_data(alert, "icmp_id", ntohs(p->icmph->s_icmp_id));
                        add_int_data(alert, "icmp_seq", ntohs(p->icmph->s_icmp_seq));
                        add_int_data(alert, "icmp_mask", (uint32_t) ntohl(p->icmph->s_icmp_mask));
                        break;
                
                case ICMP_REDIRECT:
                        add_string_data(alert, "icmp_gwaddr", inet_ntoa(p->icmph->s_icmp_gwaddr));
                        break;
                
                case ICMP_ROUTER_ADVERTISE:
                        add_int_data(alert, "icmp_num_addrs", p->icmph->s_icmp_num_addrs);
                        add_int_data(alert, "icmp_wpa", p->icmph->s_icmp_wpa);
                        add_int_data(alert, "icmp_lifetime", ntohs(p->icmph->s_icmp_lifetime));
                        break;
                
                case ICMP_TIMESTAMPREPLY:
                        add_int_data(alert, "icmp_id", ntohs(p->icmph->s_icmp_id));
                        add_int_data(alert, "icmp_seq", ntohs(p->icmph->s_icmp_seq));
                        add_int_data(alert, "icmp_otime", p->icmph->s_icmp_otime);
                        add_int_data(alert, "icmp_rtime", p->icmph->s_icmp_rtime);
                        add_int_data(alert, "icmp_ttime", p->icmph->s_icmp_ttime);
                        break;
                }
        }

        add_byte_data(alert, "payload", p->data, p->dsize);
        
        return 0;
}
Exemple #8
0
static int event_to_source_target(Packet *p, idmef_alert_t *alert)
{
        int ret;
        idmef_node_t *node;
        idmef_source_t *source;
        idmef_target_t *target;
        idmef_address_t *address;
        idmef_service_t *service;
        prelude_string_t *string;
        static char saddr[128], daddr[128];

        if ( !p )
            return 0;

        if ( ! p->iph )
                return 0;
        
        ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
        if ( ret < 0 )
                return ret;

        if ( pv.interface ) {
                ret = idmef_source_new_interface(source, &string);
                if ( ret < 0 )
                        return ret;
                prelude_string_set_ref(string, pv.interface);
        }
        
        ret = idmef_source_new_service(source, &service);
        if ( ret < 0 )
                return ret;

        if ( p->tcph || p->udph )
                idmef_service_set_port(service, p->sp);
        
        idmef_service_set_ip_version(service, IP_VER(p->iph));
        idmef_service_set_iana_protocol_number(service, p->iph->ip_proto);
        
        ret = idmef_source_new_node(source, &node);
        if ( ret < 0 )
                return ret;

        ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
        if ( ret < 0 )
                return ret;

        ret = idmef_address_new_address(address, &string);
        if ( ret < 0 )
                return ret;
        
        SnortSnprintf(saddr, sizeof(saddr), "%s", inet_ntoa(p->iph->ip_src));
        prelude_string_set_ref(string, saddr);

        ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);
        if ( ret < 0 )
                return ret;

        if ( pv.interface ) {
                ret = idmef_target_new_interface(target, &string);
                if ( ret < 0 )
                        return ret;
                prelude_string_set_ref(string, pv.interface);
        }
        
        ret = idmef_target_new_service(target, &service);
        if ( ! ret < 0 )
                return ret;
        
        if ( p->tcph || p->udph )                
                idmef_service_set_port(service, p->dp);
        
        idmef_service_set_ip_version(service, IP_VER(p->iph));
        idmef_service_set_iana_protocol_number(service, p->iph->ip_proto);
        
        ret = idmef_target_new_node(target, &node);
        if ( ret < 0 )
                return ret;
        
        ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
        if ( ret < 0 )
                return ret;
        
        ret = idmef_address_new_address(address, &string);
        if ( ret < 0 )
                return ret;
                
        SnortSnprintf(daddr, sizeof(daddr), "%s", inet_ntoa(p->iph->ip_dst));
        prelude_string_set_ref(string, daddr);
        
        return 0;
}
Exemple #9
0
void *
netdev_tnl_ip_extract_tnl_md(struct dp_packet *packet, struct flow_tnl *tnl,
                  unsigned int *hlen)
{
    void *nh;
    struct ip_header *ip;
    struct ovs_16aligned_ip6_hdr *ip6;
    void *l4;
    int l3_size;

    nh = dp_packet_l3(packet);
    ip = nh;
    ip6 = nh;
    l4 = dp_packet_l4(packet);

    if (!nh || !l4) {
        return NULL;
    }

    *hlen = sizeof(struct eth_header);

    l3_size = dp_packet_size(packet) -
              ((char *)nh - (char *)dp_packet_data(packet));

    if (IP_VER(ip->ip_ihl_ver) == 4) {

        ovs_be32 ip_src, ip_dst;

        if (csum(ip, IP_IHL(ip->ip_ihl_ver) * 4)) {
            VLOG_WARN_RL(&err_rl, "ip packet has invalid checksum");
            return NULL;
        }

        if (ntohs(ip->ip_tot_len) > l3_size) {
            VLOG_WARN_RL(&err_rl, "ip packet is truncated (IP length %d, actual %d)",
                         ntohs(ip->ip_tot_len), l3_size);
            return NULL;
        }
        if (IP_IHL(ip->ip_ihl_ver) * 4 > sizeof(struct ip_header)) {
            VLOG_WARN_RL(&err_rl, "ip options not supported on tunnel packets "
                         "(%d bytes)", IP_IHL(ip->ip_ihl_ver) * 4);
            return NULL;
        }

        ip_src = get_16aligned_be32(&ip->ip_src);
        ip_dst = get_16aligned_be32(&ip->ip_dst);

        tnl->ip_src = ip_src;
        tnl->ip_dst = ip_dst;
        tnl->ip_tos = ip->ip_tos;
        tnl->ip_ttl = ip->ip_ttl;

        *hlen += IP_HEADER_LEN;

    } else if (IP_VER(ip->ip_ihl_ver) == 6) {
        ovs_be32 tc_flow = get_16aligned_be32(&ip6->ip6_flow);

        memcpy(tnl->ipv6_src.s6_addr, ip6->ip6_src.be16, sizeof ip6->ip6_src);
        memcpy(tnl->ipv6_dst.s6_addr, ip6->ip6_dst.be16, sizeof ip6->ip6_dst);

        tnl->ip_tos = ntohl(tc_flow) >> 20;
        tnl->ip_ttl = ip6->ip6_hlim;

        *hlen += IPV6_HEADER_LEN;

    } else {
bool
dhd_tcpack_hold(dhd_pub_t *dhdp, void *pkt, int ifidx)
{
	uint8 *new_ether_hdr;	/* Ethernet header of the new packet */
	uint16 new_ether_type;	/* Ethernet type of the new packet */
	uint8 *new_ip_hdr;		/* IP header of the new packet */
	uint8 *new_tcp_hdr;		/* TCP header of the new packet */
	uint32 new_ip_hdr_len;	/* IP header length of the new packet */
	uint32 cur_framelen;
	uint32 new_tcp_ack_num;		/* TCP acknowledge number of the new packet */
	uint16 new_ip_total_len;	/* Total length of IP packet for the new packet */
	uint32 new_tcp_hdr_len;		/* TCP header length of the new packet */
	tcpack_sup_module_t *tcpack_sup_mod;
	tcpack_info_t *tcpack_info_tbl;
	int i, free_slot = TCPACK_INFO_MAXNUM;
	bool hold = FALSE;
	unsigned long flags;

	if (dhdp->tcpack_sup_mode != TCPACK_SUP_HOLD) {
		goto exit;
	}

	if (dhdp->tcpack_sup_ratio == 1) {
		goto exit;
	}

	new_ether_hdr = PKTDATA(dhdp->osh, pkt);
	cur_framelen = PKTLEN(dhdp->osh, pkt);

	if (cur_framelen < TCPACKSZMIN || cur_framelen > TCPACKSZMAX) {
		DHD_TRACE(("%s %d: Too short or long length %d to be TCP ACK\n",
			__FUNCTION__, __LINE__, cur_framelen));
		goto exit;
	}

	new_ether_type = new_ether_hdr[12] << 8 | new_ether_hdr[13];

	if (new_ether_type != ETHER_TYPE_IP) {
		DHD_TRACE(("%s %d: Not a IP packet 0x%x\n",
			__FUNCTION__, __LINE__, new_ether_type));
		goto exit;
	}

	DHD_TRACE(("%s %d: IP pkt! 0x%x\n", __FUNCTION__, __LINE__, new_ether_type));

	new_ip_hdr = new_ether_hdr + ETHER_HDR_LEN;
	cur_framelen -= ETHER_HDR_LEN;

	ASSERT(cur_framelen >= IPV4_MIN_HEADER_LEN);

	new_ip_hdr_len = IPV4_HLEN(new_ip_hdr);
	if (IP_VER(new_ip_hdr) != IP_VER_4 || IPV4_PROT(new_ip_hdr) != IP_PROT_TCP) {
		DHD_TRACE(("%s %d: Not IPv4 nor TCP! ip ver %d, prot %d\n",
			__FUNCTION__, __LINE__, IP_VER(new_ip_hdr), IPV4_PROT(new_ip_hdr)));
		goto exit;
	}

	new_tcp_hdr = new_ip_hdr + new_ip_hdr_len;
	cur_framelen -= new_ip_hdr_len;

	ASSERT(cur_framelen >= TCP_MIN_HEADER_LEN);

	DHD_TRACE(("%s %d: TCP pkt!\n", __FUNCTION__, __LINE__));

	/* is it an ack ? Allow only ACK flag, not to suppress others. */
	if (new_tcp_hdr[TCP_FLAGS_OFFSET] != TCP_FLAG_ACK) {
		DHD_TRACE(("%s %d: Do not touch TCP flag 0x%x\n",
			__FUNCTION__, __LINE__, new_tcp_hdr[TCP_FLAGS_OFFSET]));
		goto exit;
	}

	new_ip_total_len = ntoh16_ua(&new_ip_hdr[IPV4_PKTLEN_OFFSET]);
	new_tcp_hdr_len = 4 * TCP_HDRLEN(new_tcp_hdr[TCP_HLEN_OFFSET]);

	/* This packet has TCP data, so just send */
	if (new_ip_total_len > new_ip_hdr_len + new_tcp_hdr_len) {
		DHD_TRACE(("%s %d: Do nothing for TCP DATA\n", __FUNCTION__, __LINE__));
		goto exit;
	}

	ASSERT(new_ip_total_len == new_ip_hdr_len + new_tcp_hdr_len);

	new_tcp_ack_num = ntoh32_ua(&new_tcp_hdr[TCP_ACK_NUM_OFFSET]);

	DHD_TRACE(("%s %d: TCP ACK with zero DATA length"
		" IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR" TCP port %d %d\n",
		__FUNCTION__, __LINE__,
		IPV4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_SRC_IP_OFFSET])),
		IPV4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_DEST_IP_OFFSET])),
		ntoh16_ua(&new_tcp_hdr[TCP_SRC_PORT_OFFSET]),
		ntoh16_ua(&new_tcp_hdr[TCP_DEST_PORT_OFFSET])));

	/* Look for tcp_ack_info that has the same ip src/dst addrs and tcp src/dst ports */
	flags = dhd_os_tcpacklock(dhdp);

	tcpack_sup_mod = dhdp->tcpack_sup_module;
	tcpack_info_tbl = tcpack_sup_mod->tcpack_info_tbl;

	if (!tcpack_sup_mod) {
		DHD_ERROR(("%s %d: tcpack suppress module NULL!!\n", __FUNCTION__, __LINE__));
		dhd_os_tcpackunlock(dhdp, flags);
		goto exit;
	}

	hold = TRUE;

	for (i = 0; i < TCPACK_INFO_MAXNUM; i++) {
		void *oldpkt;	/* TCPACK packet that is already in txq or DelayQ */
		uint8 *old_ether_hdr, *old_ip_hdr, *old_tcp_hdr;
		uint32 old_ip_hdr_len, old_tcp_hdr_len;
		uint32 old_tcpack_num;	/* TCP ACK number of old TCPACK packet in Q */

		if ((oldpkt = tcpack_info_tbl[i].pkt_in_q) == NULL) {
			if (free_slot == TCPACK_INFO_MAXNUM) {
				free_slot = i;
			}
			continue;
		}

		if (PKTDATA(dhdp->osh, oldpkt) == NULL) {
			DHD_ERROR(("%s %d: oldpkt data NULL!! cur idx %d\n",
				__FUNCTION__, __LINE__, i));
			hold = FALSE;
			dhd_os_tcpackunlock(dhdp, flags);
			goto exit;
		}

		old_ether_hdr = tcpack_info_tbl[i].pkt_ether_hdr;
		old_ip_hdr = old_ether_hdr + ETHER_HDR_LEN;
		old_ip_hdr_len = IPV4_HLEN(old_ip_hdr);
		old_tcp_hdr = old_ip_hdr + old_ip_hdr_len;
		old_tcp_hdr_len = 4 * TCP_HDRLEN(old_tcp_hdr[TCP_HLEN_OFFSET]);

		DHD_TRACE(("%s %d: oldpkt %p[%d], IP addr "IPV4_ADDR_STR" "IPV4_ADDR_STR
			" TCP port %d %d\n", __FUNCTION__, __LINE__, oldpkt, i,
			IPV4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_SRC_IP_OFFSET])),
			IPV4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_DEST_IP_OFFSET])),
			ntoh16_ua(&old_tcp_hdr[TCP_SRC_PORT_OFFSET]),
			ntoh16_ua(&old_tcp_hdr[TCP_DEST_PORT_OFFSET])));

		/* If either of IP address or TCP port number does not match, skip. */
		if (memcmp(&new_ip_hdr[IPV4_SRC_IP_OFFSET],
			&old_ip_hdr[IPV4_SRC_IP_OFFSET], IPV4_ADDR_LEN * 2) ||
			memcmp(&new_tcp_hdr[TCP_SRC_PORT_OFFSET],
			&old_tcp_hdr[TCP_SRC_PORT_OFFSET], TCP_PORT_LEN * 2)) {
			continue;
		}

		old_tcpack_num = ntoh32_ua(&old_tcp_hdr[TCP_ACK_NUM_OFFSET]);

		if (IS_TCPSEQ_GE(new_tcp_ack_num, old_tcpack_num)) {
			tcpack_info_tbl[i].supp_cnt++;
			if (tcpack_info_tbl[i].supp_cnt >= dhdp->tcpack_sup_ratio) {
				tcpack_info_tbl[i].pkt_in_q = NULL;
				tcpack_info_tbl[i].pkt_ether_hdr = NULL;
				tcpack_info_tbl[i].ifidx = 0;
				tcpack_info_tbl[i].supp_cnt = 0;
				hold = FALSE;
			} else {
				tcpack_info_tbl[i].pkt_in_q = pkt;
				tcpack_info_tbl[i].pkt_ether_hdr = new_ether_hdr;
				tcpack_info_tbl[i].ifidx = ifidx;
			}
			PKTFREE(dhdp->osh, oldpkt, TRUE);
		} else {
			PKTFREE(dhdp->osh, pkt, TRUE);
		}
		dhd_os_tcpackunlock(dhdp, flags);

		if (!hold) {
			del_timer_sync(&tcpack_info_tbl[i].timer);
		}
		goto exit;
	}

	if (free_slot < TCPACK_INFO_MAXNUM) {
		/* No TCPACK packet with the same IP addr and TCP port is found
		 * in tcp_ack_info_tbl. So add this packet to the table.
		 */
		DHD_TRACE(("%s %d: Add pkt 0x%p(ether_hdr 0x%p) to tbl[%d]\n",
			__FUNCTION__, __LINE__, pkt, new_ether_hdr,
			free_slot));

		tcpack_info_tbl[free_slot].pkt_in_q = pkt;
		tcpack_info_tbl[free_slot].pkt_ether_hdr = new_ether_hdr;
		tcpack_info_tbl[free_slot].ifidx = ifidx;
		tcpack_info_tbl[free_slot].supp_cnt = 1;
		mod_timer(&tcpack_sup_mod->tcpack_info_tbl[free_slot].timer,
			jiffies + msecs_to_jiffies(dhdp->tcpack_sup_delay));
		tcpack_sup_mod->tcpack_info_cnt++;
	} else {
		DHD_TRACE(("%s %d: No empty tcp ack info tbl\n",
			__FUNCTION__, __LINE__));
	}
	dhd_os_tcpackunlock(dhdp, flags);

exit:
	return hold;
}
Exemple #11
0
uint8_t orig_ip4_ret_ver(const Packet *p)
{
    return IP_VER(p->orig_iph);
}
Exemple #12
0
uint8_t ip4_ret_ver(const Packet *p)
{
    return IP_VER(p->iph);
}
bool
dhd_tcpack_suppress(dhd_pub_t *dhdp, void *pkt)
{
    uint8 *new_ether_hdr;	/* Ethernet header of the new packet */
    uint16 new_ether_type;	/* Ethernet type of the new packet */
    uint8 *new_ip_hdr;		/* IP header of the new packet */
    uint8 *new_tcp_hdr;		/* TCP header of the new packet */
    uint32 new_ip_hdr_len;	/* IP header length of the new packet */
    uint32 cur_framelen;
#if defined(DHD_DEBUG)
    uint32 new_tcp_seq_num;		/* TCP sequence number of the new packet */
#endif
    uint32 new_tcp_ack_num;		/* TCP acknowledge number of the new packet */
    uint16 new_ip_total_len;	/* Total length of IP packet for the new packet */
    uint32 new_tcp_hdr_len;		/* TCP header length of the new packet */
    int i;
    bool ret = FALSE;

    if (!dhdp->tcpack_sup_enabled)
        goto exit;

    new_ether_hdr = PKTDATA(dhdp->osh, pkt);
    cur_framelen = PKTLEN(dhdp->osh, pkt);

    if (cur_framelen < TCPACKSZMIN || cur_framelen > TCPACKSZMAX) {
        DHD_TRACE(("%s %d: Too short or long length %d to be TCP ACK\n",
                   __FUNCTION__, __LINE__, cur_framelen));
        goto exit;
    }

    new_ether_type = new_ether_hdr[12] << 8 | new_ether_hdr[13];

    if (new_ether_type != ETHER_TYPE_IP) {
        DHD_TRACE(("%s %d: Not a IP packet 0x%x\n",
                   __FUNCTION__, __LINE__, new_ether_type));
        goto exit;
    }

    DHD_TRACE(("%s %d: IP pkt! 0x%x\n", __FUNCTION__, __LINE__, new_ether_type));

    new_ip_hdr = new_ether_hdr + ETHER_HDR_LEN;
    cur_framelen -= ETHER_HDR_LEN;

    ASSERT(cur_framelen >= IPV4_MIN_HEADER_LEN);

    new_ip_hdr_len = IPV4_HLEN(new_ip_hdr);
    if (IP_VER(new_ip_hdr) != IP_VER_4 || IPV4_PROT(new_ip_hdr) != IP_PROT_TCP) {
        DHD_TRACE(("%s %d: Not IPv4 nor TCP! ip ver %d, prot %d\n",
                   __FUNCTION__, __LINE__, IP_VER(new_ip_hdr), IPV4_PROT(new_ip_hdr)));
        goto exit;
    }

    new_tcp_hdr = new_ip_hdr + new_ip_hdr_len;
    cur_framelen -= new_ip_hdr_len;

    ASSERT(cur_framelen >= TCP_MIN_HEADER_LEN);

    DHD_TRACE(("%s %d: TCP pkt!\n", __FUNCTION__, __LINE__));

    /* is it an ack ? Allow only ACK flag, not to suppress others. */
    if (new_tcp_hdr[TCP_FLAGS_OFFSET] != TCP_FLAG_ACK) {
        DHD_TRACE(("%s %d: Do not touch TCP flag 0x%x\n",
                   __FUNCTION__, __LINE__, new_tcp_hdr[TCP_FLAGS_OFFSET]));
        goto exit;
    }

    new_ip_total_len = ntoh16_ua(&new_ip_hdr[IPV4_PKTLEN_OFFSET]);
    new_tcp_hdr_len = 4 * TCP_HDRLEN(new_tcp_hdr[TCP_HLEN_OFFSET]);

    /* This packet has TCP data, so just send */
    if (new_ip_total_len > new_ip_hdr_len + new_tcp_hdr_len) {
        DHD_TRACE(("%s %d: Do nothing for TCP DATA\n", __FUNCTION__, __LINE__));
        goto exit;
    }

    ASSERT(new_ip_total_len == new_ip_hdr_len + new_tcp_hdr_len);

    new_tcp_ack_num = ntoh32_ua(&new_tcp_hdr[TCP_ACK_NUM_OFFSET]);
#if defined(DHD_DEBUG)
    new_tcp_seq_num = ntoh32_ua(&new_tcp_hdr[TCP_SEQ_NUM_OFFSET]);
    DHD_TRACE(("%s %d: TCP ACK seq %u ack %u\n", __FUNCTION__, __LINE__,
               new_tcp_seq_num, new_tcp_ack_num));
#endif

    DHD_TRACE(("%s %d: TCP ACK with zero DATA length"
               " IP addr "IPv4_ADDR_STR" "IPv4_ADDR_STR" TCP port %d %d\n",
               __FUNCTION__, __LINE__,
               IPv4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_SRC_IP_OFFSET])),
               IPv4_ADDR_TO_STR(ntoh32_ua(&new_ip_hdr[IPV4_DEST_IP_OFFSET])),
               ntoh16_ua(&new_tcp_hdr[TCP_SRC_PORT_OFFSET]),
               ntoh16_ua(&new_tcp_hdr[TCP_DEST_PORT_OFFSET])));

    /* Look for tcp_ack_info that has the same ip src/dst addrs and tcp src/dst ports */
    dhd_os_tcpacklock(dhdp);
    for (i = 0; i < dhdp->tcp_ack_info_cnt; i++) {
        void *oldpkt;	/* TCPACK packet that is already in txq or DelayQ */
        uint8 *old_ether_hdr, *old_ip_hdr, *old_tcp_hdr;
        uint32 old_ip_hdr_len, old_tcp_hdr_len;
        uint32 old_tcpack_num;	/* TCP ACK number of old TCPACK packet in Q */

        if ((oldpkt = dhdp->tcp_ack_info_tbl[i].pkt_in_q) == NULL) {
            DHD_ERROR(("%s %d: Unexpected error!! cur idx %d, ttl cnt %d\n",
                       __FUNCTION__, __LINE__, i, dhdp->tcp_ack_info_cnt));
            break;
        }

        if (PKTDATA(dhdp->osh, oldpkt) == NULL) {
            DHD_ERROR(("%s %d: oldpkt data NULL!! cur idx %d, ttl cnt %d\n",
                       __FUNCTION__, __LINE__, i, dhdp->tcp_ack_info_cnt));
            break;
        }

        old_ether_hdr = dhdp->tcp_ack_info_tbl[i].pkt_ether_hdr;
        old_ip_hdr = old_ether_hdr + ETHER_HDR_LEN;
        old_ip_hdr_len = IPV4_HLEN(old_ip_hdr);
        old_tcp_hdr = old_ip_hdr + old_ip_hdr_len;
        old_tcp_hdr_len = 4 * TCP_HDRLEN(old_tcp_hdr[TCP_HLEN_OFFSET]);

        DHD_TRACE(("%s %d: oldpkt %p[%d], IP addr "IPv4_ADDR_STR" "IPv4_ADDR_STR
                   " TCP port %d %d\n", __FUNCTION__, __LINE__, oldpkt, i,
                   IPv4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_SRC_IP_OFFSET])),
                   IPv4_ADDR_TO_STR(ntoh32_ua(&old_ip_hdr[IPV4_DEST_IP_OFFSET])),
                   ntoh16_ua(&old_tcp_hdr[TCP_SRC_PORT_OFFSET]),
                   ntoh16_ua(&old_tcp_hdr[TCP_DEST_PORT_OFFSET])));

        /* If either of IP address or TCP port number does not match, skip. */
        if (memcmp(&new_ip_hdr[IPV4_SRC_IP_OFFSET],
                   &old_ip_hdr[IPV4_SRC_IP_OFFSET], IPV4_ADDR_LEN * 2) ||
                memcmp(&new_tcp_hdr[TCP_SRC_PORT_OFFSET],
                       &old_tcp_hdr[TCP_SRC_PORT_OFFSET], TCP_PORT_LEN * 2))
            continue;

        old_tcpack_num = ntoh32_ua(&old_tcp_hdr[TCP_ACK_NUM_OFFSET]);
        if (new_tcp_ack_num > old_tcpack_num) {
            /* New packet has higher TCP ACK number, so it replaces the old packet */
            if (new_ip_hdr_len == old_ip_hdr_len &&
                    new_tcp_hdr_len == old_tcp_hdr_len) {
                ASSERT(memcmp(new_ether_hdr, old_ether_hdr, ETHER_HDR_LEN) == 0);
                bcopy(new_ip_hdr, old_ip_hdr, new_ip_total_len);
                PKTFREE(dhdp->osh, pkt, FALSE);
                DHD_TRACE(("%s %d: TCP ACK replace %u -> %u\n",
                           __FUNCTION__, __LINE__, old_tcpack_num, new_tcp_ack_num));
                ret = TRUE;
            } else
                DHD_TRACE(("%s %d: lenth mismatch %d != %d || %d != %d\n",
                           __FUNCTION__, __LINE__, new_ip_hdr_len, old_ip_hdr_len,
                           new_tcp_hdr_len, old_tcp_hdr_len));
        } else {
            DHD_TRACE(("%s %d: ACK number reverse old %u(0x%p) new %u(0x%p)\n",
                       __FUNCTION__, __LINE__, old_tcpack_num, oldpkt,
                       new_tcp_ack_num, pkt));
#ifdef TCPACK_TEST
            if (new_ip_hdr_len == old_ip_hdr_len &&
                    new_tcp_hdr_len == old_tcp_hdr_len) {
                PKTFREE(dhdp->osh, pkt, FALSE);
                ret = TRUE;
            }
#endif
        }
        dhd_os_tcpackunlock(dhdp);
        goto exit;
    }

    if (i == dhdp->tcp_ack_info_cnt && i < MAXTCPSTREAMS) {
        /* No TCPACK packet with the same IP addr and TCP port is found
         * in tcp_ack_info_tbl. So add this packet to the table.
         */
        DHD_TRACE(("%s %d: Add pkt 0x%p(ether_hdr 0x%p) to tbl[%d]\n",
                   __FUNCTION__, __LINE__, pkt, new_ether_hdr, dhdp->tcp_ack_info_cnt));

        dhdp->tcp_ack_info_tbl[dhdp->tcp_ack_info_cnt].pkt_in_q = pkt;
        dhdp->tcp_ack_info_tbl[dhdp->tcp_ack_info_cnt].pkt_ether_hdr = new_ether_hdr;
        dhdp->tcp_ack_info_cnt++;
    } else {
        ASSERT(i == dhdp->tcp_ack_info_cnt);
        DHD_TRACE(("%s %d: No empty tcp ack info tbl\n",
                   __FUNCTION__, __LINE__));
    }
    dhd_os_tcpackunlock(dhdp);

exit:
    return ret;
}
Exemple #14
0
/* sguil only uses log */
int OpSguil_Log(void *context, void *data)
{
    char timestamp[TIMEBUF_SIZE];
    char syslogMessage[SYSLOG_BUF];
    char eventInfo[SYSLOG_BUF];
    //int MAX_INSERT_LEN = 1024;
    char insertColumns[MAX_QUERY_SIZE];
    char insertValues[MAX_QUERY_SIZE];
    char valuesTemp[MAX_QUERY_SIZE];
    char ipInfo[38];
    char portInfo[16];
    char *esc_message;
    Sid *sid = NULL;
    ClassType *class_type;
    UnifiedLogRecord *record = (UnifiedLogRecord *)data; 
    OpSguil_Data *op_data = (OpSguil_Data *)context;
    Packet p;

    bzero(syslogMessage, SYSLOG_BUF);
    bzero(insertColumns, MAX_QUERY_SIZE);
    bzero(insertValues, MAX_QUERY_SIZE);

#if 0 /* this is broken */
    /* skip tagged packets, since the db does not have a mechanism to 
     * deal with them properly
     */
    if(record->log.event.event_reference)
    {
        LogMessage("Skipping tagged packet %i\n", record->log.event.event_reference);
        return 0;
    }
#endif


    RenderTimestamp(record->log.pkth.ts.tv_sec, timestamp, TIMEBUF_SIZE);
    //fprintf(stdout, "Timestamp: %lu\n", GetMilliseconds());
    //fflush(stdout);
    sid = GetSid(record->log.event.sig_generator, record->log.event.sig_id);
    if(sid == NULL)
        sid = FakeSid(record->log.event.sig_generator, record->log.event.sig_id);
    class_type = GetClassType(record->log.event.classification);

    //sgBeginTransaction(op_data); /* XXX: Error checking */
    /* Build the event insert. */
    snprintf(insertColumns, MAX_QUERY_SIZE,
            "INSERT INTO event (status, sid, cid, signature_id, signature_rev, signature, timestamp, priority, class");

    esc_message = malloc(strlen(sid->msg)*2+1);
    mysql_real_escape_string(op_data->mysql, esc_message, sid->msg, strlen(sid->msg));

    if(class_type == NULL)
    {
        snprintf(valuesTemp, MAX_QUERY_SIZE,
                "VALUES ('0', '%u', '%u', '%d', '%d', '%s', '%s', '%u', 'unknown'",
                op_data->sensor_id, op_data->event_id, sid->sid, sid->rev, esc_message, timestamp, 
                record->log.event.priority);
        snprintf(eventInfo, SYSLOG_BUF, "RTEvent |0|%u|unknown|%s|%s|%u|%u|%s",
                record->log.event.priority, 
                pv.hostname, timestamp, op_data->sensor_id, op_data->event_id,
                sid->msg);
    }
    else
    {
        snprintf(valuesTemp, MAX_QUERY_SIZE,
                "VALUES ('0', '%u', '%u', '%d', '%d', '%s', '%s', '%u', '%s'",
                op_data->sensor_id, op_data->event_id, sid->sid, sid->rev, esc_message, timestamp, 
                record->log.event.priority, class_type->type);
        snprintf(eventInfo, SYSLOG_BUF, "RTEvent |0|%u|%s|%s|%s|%u|%u|%s",
                record->log.event.priority, class_type->type,
                pv.hostname, timestamp, op_data->sensor_id, op_data->event_id,
                sid->msg);
    }

    free(esc_message);

    insertValues[0] = '\0';
    strcat(insertValues, valuesTemp);

    syslogMessage[0] = '\0';
    strcat(syslogMessage, eventInfo);
    /* decode the packet */
    if(DecodePacket(&p, &record->log.pkth, record->pkt + 2) == 0)
    {

        if(p.iph)
        {
            /* Insert ip header information */
            //InsertIPData(op_data, &p);
            strcat(insertColumns,
                    ",src_ip, dst_ip, ip_proto, ip_ver, ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off, ip_ttl, ip_csum");
            snprintf(valuesTemp, MAX_QUERY_SIZE,
                    ",'%u', '%u', '%u', '%u', '%u', '%u', '%u', '%u', '%u', '%u', '%u', '%u'",
                    ntohl(p.iph->ip_src.s_addr), ntohl(p.iph->ip_dst.s_addr), p.iph->ip_proto, IP_VER(p.iph),
                    IP_HLEN(p.iph), p.iph->ip_tos, ntohs(p.iph->ip_len), ntohs(p.iph->ip_id),
#if defined(WORDS_BIGENDIAN)
                    ((p.iph->ip_off & 0xE000) >> 13),
                    htons(p.iph->ip_off & 0x1FFF),
#else
                    ((p.iph->ip_off & 0x00E0) >> 5),
                    htons(p.iph->ip_off & 0xFF1F),
#endif
                    p.iph->ip_ttl,
                    htons(p.iph->ip_csum) < MAX_QUERY_SIZE);

            strcat(insertValues, valuesTemp);


            /* SYSLOG - Changed to SguilSendEvent*/
            snprintf(ipInfo, 38, "|%u.%u.%u.%u|%u.%u.%u.%u|%u",
#if defined(WORDS_BIGENDIAN)
                    (p.iph->ip_src.s_addr & 0xff000000) >> 24,
                    (p.iph->ip_src.s_addr & 0x00ff0000) >> 16,
                    (p.iph->ip_src.s_addr & 0x0000ff00) >> 8,
                    (p.iph->ip_src.s_addr & 0x000000ff),
                    (p.iph->ip_dst.s_addr & 0xff000000) >> 24,
                    (p.iph->ip_dst.s_addr & 0x00ff0000) >> 16,
                    (p.iph->ip_dst.s_addr & 0x0000ff00) >> 8,
                    (p.iph->ip_dst.s_addr & 0x000000ff),
#else
                    (p.iph->ip_src.s_addr & 0x000000ff),
                    (p.iph->ip_src.s_addr & 0x0000ff00) >> 8,
                    (p.iph->ip_src.s_addr & 0x00ff0000) >> 16,
                    (p.iph->ip_src.s_addr & 0xff000000) >> 24,
                    (p.iph->ip_dst.s_addr & 0x000000ff),
                    (p.iph->ip_dst.s_addr & 0x0000ff00) >> 8,
                    (p.iph->ip_dst.s_addr & 0x00ff0000) >> 16,
                    (p.iph->ip_dst.s_addr & 0xff000000) >> 24,
#endif
                    p.iph->ip_proto);
            strcat(syslogMessage, ipInfo);

            /* store layer 4 data for non fragmented packets */
            if(!(p.pkt_flags & PKT_FRAG_FLAG))
            {
                switch(p.iph->ip_proto)
                {
                    case IPPROTO_ICMP:
                        snprintf(portInfo, 16, "|||");
                        if(!p.icmph) 
                            break;
                        strcat(insertColumns,
                                ", icmp_type, icmp_code)");
                        snprintf(valuesTemp, MAX_QUERY_SIZE,
                                ", '%u', '%u')", p.icmph->icmp_type,
                                p.icmph->icmp_code);
                        strcat(insertValues, valuesTemp);
                        strcat(insertColumns, insertValues);
                        sgInsert(op_data, insertColumns, NULL);
                        sgInsertICMPData(op_data, &p);
                        break;
                    case IPPROTO_TCP:
                        strcat(insertColumns,
                                ", src_port, dst_port)");
                        snprintf(valuesTemp, MAX_QUERY_SIZE,
                                ", '%u', '%u')", p.sp, p.dp);
                        strcat(insertValues, valuesTemp);
                        strcat(insertColumns, insertValues);
                        sgInsert(op_data, insertColumns, NULL);
                        sgInsertTCPData(op_data, &p);
                        snprintf(portInfo, 16, "|%u|%u|",
                                p.sp, p.dp);
                        break;
                    case IPPROTO_UDP:
                        strcat(insertColumns,
                                ", src_port, dst_port)");
                        snprintf(valuesTemp, MAX_QUERY_SIZE,
                                ", '%u', '%u')", p.sp, p.dp);
                        strcat(insertValues, valuesTemp);
                        strcat(insertColumns, insertValues);
                        sgInsert(op_data, insertColumns, NULL);
                        sgInsertUDPData(op_data, &p);
                        snprintf(portInfo, 16, "|%u|%u|",
                                p.sp, p.dp);
                        break;
                }
                strcat(syslogMessage, portInfo);
            }
            else
            {
                strcat(syslogMessage, "|||");
            }


            /* Insert payload data */
            sgInsertPayloadData(op_data, &p);
        }
        else
        {