/*
* init the ICMP REDIRECT attack
*/
static int icmp_redirect_start(char *args)
{
struct ip_list *i;
char tmp[MAX_ASCII_ADDR_LEN];
DEBUG_MSG("icmp_redirect_start");
/* check the parameter */
if (!strcmp(args, "")) {
SEMIFATAL_ERROR("ICMP redirect needs a parameter.\n");
} else {
char tmp[strlen(args)+2];
/* add the / to be able to use the target parsing function */
sprintf(tmp, "%s/", args);
if (compile_target(tmp, &redirected_gw) != ESUCCESS)
SEMIFATAL_ERROR("Wrong target parameter");
}
/* we need both mac and ip addresses */
if (redirected_gw.all_mac || redirected_gw.all_ip)
SEMIFATAL_ERROR("You must specify both MAC and IP addresses for the GW");
i = LIST_FIRST(&redirected_gw.ips);
USER_MSG("ICMP redirect: victim GW %s\n", ip_addr_ntoa(&i->ip, tmp));
/* add the hook to receive all the tcp and udp packets */
hook_add(HOOK_PACKET_TCP, &icmp_redirect);
hook_add(HOOK_PACKET_UDP, &icmp_redirect);
return ESUCCESS;
}
/*
* set the encoding to use when converting to UTF-8
*/
int set_utf8_encoding(u_char *fromcode)
{
#ifndef HAVE_UTF8
USER_MSG("UTF-8 support not compiled in.");
return ESUCCESS;
#else
iconv_t cd;
DEBUG_MSG("set_utf8_encoding: %s", fromcode);
if (fromcode == NULL || strlen(fromcode) < 1)
return -EINVALID;
SAFE_FREE(utf8_encoding);
/* make sure encoding type is supported */
cd = iconv_open("UTF-8", fromcode);
if (cd == (iconv_t)(-1))
SEMIFATAL_ERROR("The conversion from %s to UTF-8 is not supported.", fromcode);
iconv_close(cd);
utf8_encoding = strdup(fromcode);
return ESUCCESS;
#endif
}
/*
* execute the given command
*/
static int func_exec(struct filter_op *fop)
{
pid_t pid;
DEBUG_MSG("filter engine: func_exec: %s", fop->op.func.string);
/*
* the command must be executed by a child.
* we are forwding packets, and we cannot wait
* for the execution of the command
*/
pid = fork();
/* check if the fork was successfull */
if (pid == -1)
SEMIFATAL_ERROR("filter engine: fork() failed, cannot execute %s", fop->op.func.string);
/* differentiate between the parent and the child */
if (!pid) {
char **param = NULL;
char *q = fop->op.func.string;
char *p;
int i = 0;
/* split the string */
for (p = strsep(&q, " "); p != NULL; p = strsep(&q, " ")) {
/* allocate the array */
SAFE_REALLOC(param, (i + 1) * sizeof(char *));
/* copy the tokens in the array */
param[i++] = strdup(p);
}
/* NULL terminate the array */
SAFE_REALLOC(param, (i + 1) * sizeof(char *));
param[i] = NULL;
/*
* close input, output and error.
* we don't want to clobber the interface
* with output from the child
*/
close(fileno(stdin));
close(fileno(stdout));
close(fileno(stderr));
/* execute the command */
execve(param[0], param, NULL);
/* reached on errors */
exit(-1);
}
return ESUCCESS;
}
/*
* open a file in the appropriate log_fd struct
*
* whether or not the log is compressed
* fd->fd becomes to always be a file descriptor of the opened file
* and fd->cfd is a non-NULL gzip stream descriptor when the log is to be compressed
*
* TODO: it is likely that we dont need 'type' field in 'log_fd' struct
* to mark a compressed log; non-NULL 'cfd' field becomes such a flag
*/
int log_open(struct log_fd *fd, char *filename)
{
fd->fd = open(filename, O_CREAT|O_TRUNC|O_RDWR|O_BINARY, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
if (fd->fd == -1)
SEMIFATAL_ERROR("Can't create %s: %s", filename, strerror(errno));
else
{
if (EC_GBL_OPTIONS->compress)
{
int zerr;
fd->cfd = gzdopen(fd->fd, "wb9");
if (fd->cfd == NULL)
SEMIFATAL_ERROR("%s", gzerror(fd->cfd, &zerr));
};
};
return E_SUCCESS;
}
/*
* open a file in the appropriate log_fd struct
*/
int log_open(struct log_fd *fd, char *filename)
{
int zerr;
if (fd->type == LOG_COMPRESSED) {
fd->cfd = gzopen(filename, "wb9");
if (fd->cfd == NULL)
SEMIFATAL_ERROR("%s", gzerror(fd->cfd, &zerr));
} else {
fd->fd = open(filename, O_CREAT | O_TRUNC | O_RDWR | O_BINARY, S_IRUSR | S_IWUSR);
if (fd->fd == -1)
SEMIFATAL_ERROR("Can't create %s: %s", filename, strerror(errno));
}
/* set the permissions */
chmod(filename, 0600);
return ESUCCESS;
}
/*
* init the ICMP REDIRECT attack
*/
static int dhcp_spoofing_start(char *args)
{
struct in_addr ipaddr;
char *p;
int i = 1;
DEBUG_MSG("dhcp_spoofing_start");
if (!strcmp(args, ""))
SEMIFATAL_ERROR("DHCP spoofing needs a parameter.\n");
/*
* Check to see if sniff has started
*/
if (!GBL_SNIFF->active)
SEMIFATAL_ERROR("DHCP spoofing requires sniffing to be active.\n");
/* check the parameter:
*
* ip_pool/netmask/dns
*/
for (p = strsep(&args, "/"); p != NULL; p = strsep(&args, "/")) {
/* first parameter (the ip_pool) */
if (i == 1) {
char tmp[strlen(p)+4];
/* add the / to be able to use the target parsing function */
snprintf(tmp, strlen(p)+4, "/%s//", p);
if (compile_target(tmp, &dhcp_ip_pool) != ESUCCESS)
break;
/* second parameter (the netmask) */
} else if (i == 2) {
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_netmask, AF_INET, (u_char *)&ipaddr);
/* third parameter (the dns server) */
} else if (i == 3) {
char tmp[MAX_ASCII_ADDR_LEN];
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_dns, AF_INET, (u_char *)&ipaddr);
/* all the parameters were parsed correctly... */
USER_MSG("DHCP spoofing: using specified ip_pool, netmask %s", ip_addr_ntoa(&dhcp_netmask, tmp));
USER_MSG(", dns %s\n", ip_addr_ntoa(&dhcp_dns, tmp));
/* add the hookpoints */
hook_add(HOOK_PROTO_DHCP_REQUEST, dhcp_spoofing_req);
hook_add(HOOK_PROTO_DHCP_DISCOVER, dhcp_spoofing_disc);
/* create the options */
dhcp_setup_options();
/* se the pointer to the first ip pool address */
dhcp_free_ip = LIST_FIRST(&dhcp_ip_pool.ips);
return ESUCCESS;
}
i++;
}
/* error parsing the parameter */
SEMIFATAL_ERROR("DHCP spoofing: parameter number %d is incorrect.\n", i);
return -EFATAL;
}
