void cmd_sendbinq(ip_header_t * ip, udp_header_t * udp, command_t * command)
{
int numpackets, i;
unsigned char *ptr;
unsigned int bytes_left;
unsigned int bytes_thistime;
bytes_left = ntohl(command->size);
numpackets = (ntohl(command->size)+1023) / 1024;
ptr = (unsigned char *)ntohl(command->address);
memcpy(response->id, CMD_SENDBIN, 4);
for(i = 0; i < numpackets; i++) {
if (bytes_left >= 1024)
bytes_thistime = 1024;
else
bytes_thistime = bytes_left;
bytes_left -= bytes_thistime;
response->address = htonl((unsigned int)ptr);
memcpy(response->data, ptr, bytes_thistime);
response->size = htonl(bytes_thistime);
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN + bytes_thistime, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) response, COMMAND_LEN + bytes_thistime, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN + bytes_thistime);
ptr += bytes_thistime;
}
memcpy(response->id, CMD_DONEBIN, 4);
response->address = htonl(0);
response->size = htonl(0);
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) response, COMMAND_LEN, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN);
}
void IpGuard::updateRange(int aId, const string& aName, const string& aStart, const string& aEnd)
{
Lock l(cs);
unsigned int sa, sb, sc, sd, ea, eb, ec, ed;
// Validate parameters
if (sscanf(aStart.c_str(), "%u.%u.%u.%u", &sa, &sb, &sc, &sd) != 4 || sa > 255 || sb > 255 || sc > 255 || sd > 255)
throw Exception(STRING(IPGUARD_INVALID_START));
if (sscanf(aEnd.c_str(), "%u.%u.%u.%u", &ea, &eb, &ec, &ed) != 4 || ea > 255 || eb > 255 || ec > 255 || ed > 255)
throw Exception(STRING(IPGUARD_INVALID_END));
uint32_t start = make_ip(sa, sb, sc, sd);
uint32_t end = make_ip(ea, eb, ec, ed);
if (start == 0 || end == 0)
throw Exception(STRING(IPGUARD_INVALID_RANGE));
for (RangeList::iterator i = ranges.begin(); i != ranges.end(); ++i)
{
if (i->id == aId)
{
(*i).copy(aName, ip(std::min(start, end)), ip(std::max(start, end)));
break;
}
}
// Optimize ranges
ranges.sort();
ranges.unique(merger);
}
void list::_load_p2p(istream &stream) {
string line;
while(getline(stream, line)) {
string::size_type i=line.rfind(':');
if(i==string::npos) continue;
string name(line.c_str(), i);
line.erase(0, i+1);
unsigned int sa, sb, sc, sd;
unsigned int ea, eb, ec, ed;
if(sscanf(line.c_str(), "%u.%u.%u.%u-%u.%u.%u.%u",
&sa, &sb, &sc, &sd,
&ea, &eb, &ec, &ed)!=8 ||
sa>255 || sb>255 || sc>255 || sd>255 ||
ea>255 || eb>255 || ec>255 || ed>255) continue;
boost::trim(name);
range r;
// P2P format is expected to be ISO-8859-1 encoded.
r.name.reserve(name.size());
copy(name.begin(), name.end(), back_inserter(r.name));
unsigned int start=make_ip(sa, sb, sc, sd);
unsigned int end=make_ip(ea, eb, ec, ed);
r.start=min(start,end);
r.end=max(start,end);
this->insert(r);
}
}
bool IpGuard::check(const string& aIP, string& reason)
{
Lock l(cs);
if (aIP.empty() || ranges.size() == 0)
return false;
unsigned int a, b, c, d;
if (sscanf(aIP.c_str(), "%u.%u.%u.%u", &a, &b, &c, &d) != 4 || a > 255 || b > 255 || c > 255 || d > 255)
return false;
uint32_t iIP = make_ip(a, b, c, d);
if (iIP == 0)
return false;
RangeIter find;
if ((find = range_search(ranges.begin(), ranges.end(), ip(iIP))) != ranges.end())
{
reason = find->name;
return BOOLSETTING(DEFAULT_POLICY);
}
reason = STRING(IPGUARD_DEFAULT_POLICY);
return !BOOLSETTING(DEFAULT_POLICY);
}
void cmd_execute(ether_header_t * ether, ip_header_t * ip, udp_header_t * udp, command_t * command)
{
if (!running) {
tool_ip = ntohl(ip->src);
tool_port = ntohs(udp->src);
memcpy(tool_mac, ether->src, 6);
our_ip = ntohl(ip->dest);
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) command, COMMAND_LEN, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN);
#if 0
printf("executing %p ...", ntohl(command->address));
if (ntohl(command->size)&1)
*(unsigned int *)0x8c004004 = 0xdeadbeef; /* enable console */
else
*(unsigned int *)0x8c004004 = 0xfeedface; /* disable console */
irq_disable();
disable_cache();
go(ntohl(command->address));
#endif
}
}
const char * mysocket::get_remote_name()
{
// strncpy(client_ip,inet_ntoa(addr.sin_addr),16);
make_ip(addr.sin_addr.s_addr,client_ip);
return client_ip;
}
void cmd_donebin(ip_header_t * ip, udp_header_t * udp, command_t * command)
{
int i;
for(i = 0; i < (bin_info.load_size + 1023)/1024; i++)
if (!bin_info.map[i])
break;
if ( i == (bin_info.load_size + 1023)/1024 ) {
command->address = htonl(0);
command->size = htonl(0);
} else {
command->address = htonl( bin_info.load_address + i * 1024);
command->size = htonl(min(bin_info.load_size - i * 1024, 1024));
}
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) command, COMMAND_LEN, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN);
/* if (!running) { */
/* if (!booted) */
/* disp_info(); */
/* disp_status("idle..."); */
/* } */
}
const char * mysocket::get_self_name()
{
struct sockaddr_in s_sockaddr;
socklen_t addr_len=sizeof(s_sockaddr);
::getsockname(new_socket,(struct sockaddr *)&s_sockaddr,&addr_len);
make_ip(s_sockaddr.sin_addr.s_addr,client_ip);
return client_ip;
}
void sntp_send_request( void )
{
sntp_t request = { 0x61, 0 };
udp_send( sock, make_ip( timeserver[0], timeserver[1], timeserver[2], timeserver[3] ),
SNTP_PORT, (u08 const *)&request, sizeof( sntp_t ) );
log_printf( "sntp: request sent\n" );
}
static void build_send_packet(int dport, int sport, int command_len)
{
unsigned char * command = udp->data;
make_ether(broadcast, eth_mac, ether);
make_ip(0xffffffff, /*our_ip*/ 0, UDP_H_LEN + command_len, /*UDP*/ 17, ip);
make_udp(dport, sport, command, command_len, ip, udp);
eth_txts((uint8 *) ether, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + command_len);
}
void cmd_version(ip_header_t * ip, udp_header_t * udp, command_t * command)
{
int i;
i = strlen("DCLOAD-IP " DCLOAD_VERSION) + 1;
memcpy(response, command, COMMAND_LEN);
strcpy(response->data, "DCLOAD-IP " DCLOAD_VERSION);
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN + i, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) response, COMMAND_LEN + i, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN + i);
}
void cmd_retval(ip_header_t * ip, udp_header_t * udp, command_t * command)
{
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) command, COMMAND_LEN, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN);
syscall_retval = ntohl(command->address);
escape_loop = 1;
sem_signal(result_sema);
if (waiting_thd) {
thd_schedule_next(waiting_thd);
waiting_thd = NULL;
} else
thd_schedule(1, 0);
}
void IpGuard::addRange(const string& aName, const string& aStart, const string& aEnd)
{
Lock l(cs);
unsigned int sa, sb, sc, sd, ea, eb, ec, ed;
// Validate parameters
if (sscanf(aStart.c_str(), "%u.%u.%u.%u", &sa, &sb, &sc, &sd) != 4 || sa > 255 || sb > 255 || sc > 255 || sd > 255)
throw Exception(STRING(IPGUARD_INVALID_START));
if (sscanf(aEnd.c_str(), "%u.%u.%u.%u", &ea, &eb, &ec, &ed) != 4 || ea > 255 || eb > 255 || ec > 255 || ed > 255)
throw Exception(STRING(IPGUARD_INVALID_END));
uint32_t start = make_ip(sa, sb, sc, sd);
uint32_t end = make_ip(ea, eb, ec, ed);
if (start == 0 || end == 0)
throw Exception(STRING(IPGUARD_INVALID_RANGE));
ranges.push_front(range(++lastRange, aName, ip(std::min(start, end)), ip(std::max(start, end))));
// Optimize ranges
ranges.sort();
ranges.unique(merger);
}
void cmd_loadbin(ip_header_t * ip, udp_header_t * udp, command_t * command)
{
bin_info.load_address = ntohl(command->address);
bin_info.load_size = ntohl(command->size);
//memset(bin_info.map, 0, 16384);
memset(bin_info.map, 0, (bin_info.load_size + 1023)/1024);
our_ip = ntohl(ip->dest);
make_ip(ntohl(ip->src), ntohl(ip->dest), UDP_H_LEN + COMMAND_LEN, 17, (ip_header_t *)(pkt_buf + ETHER_H_LEN));
make_udp(ntohs(udp->src), ntohs(udp->dest),(unsigned char *) command, COMMAND_LEN, (ip_header_t *)(pkt_buf + ETHER_H_LEN), (udp_header_t *)(pkt_buf + ETHER_H_LEN + IP_H_LEN));
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + COMMAND_LEN);
/* if (!running) { */
/* if (!booted) */
/* disp_info(); */
/* disp_status("receiving data..."); */
/* } */
}
uint16_t send(SOCKET s, const uint8_t *bufferToSend, uint16_t length) {
uint8_t destinationPortH = 0;
uint8_t destinationPortL = 0;
uint32_t seq=0, ack=0;
// Hack to wait for the ACK every 2 packets sent
while(_SOCKETS[s].packets >= 2)
{
flushSockets();
if(_SOCKETS[s].packets == 0)
{
make_eth_ip_new(buffer, _SOCKETS[s].destinationMac);
make_ip(buffer);
//TODO: Change to _SOCKETS
destinationPortH = buffer[TCP_DST_PORT_H_P];
destinationPortL = buffer[TCP_DST_PORT_L_P];
buffer[TCP_DST_PORT_H_P] = buffer[TCP_SRC_PORT_H_P];
buffer[TCP_DST_PORT_L_P] = buffer[TCP_SRC_PORT_L_P];
buffer[TCP_SRC_PORT_H_P] = destinationPortH;
buffer[TCP_SRC_PORT_L_P] = destinationPortL;
seq = (uint32_t)buffer[TCP_SEQ_H_P] << 24 | (uint32_t)buffer[TCP_SEQ_H_P + 1] << 16 | (uint16_t)buffer[TCP_SEQ_L_P] << 8 | (uint8_t)buffer[TCP_SEQ_L_P + 1];
ack = (uint32_t)buffer[TCP_SEQACK_H_P] << 24 | (uint32_t)buffer[TCP_SEQACK_H_P + 1] << 16 | (uint16_t)buffer[TCP_SEQACK_L_P] << 8 | (uint8_t)buffer[TCP_SEQACK_L_P + 1];
buffer[TCP_SEQACK_H_P] = (uint8_t)((seq >> 24) & 0xFF);
buffer[TCP_SEQACK_H_P+1] = (uint8_t)((seq >> 16) & 0xFF);
buffer[TCP_SEQACK_L_P] = (uint8_t)((seq >> 8) & 0xFF);
buffer[TCP_SEQACK_L_P+1] = (uint8_t)(seq & 0xFF);
buffer[TCP_SEQ_H_P] = (uint8_t)((ack >> 24) & 0xFF);
buffer[TCP_SEQ_H_P+1] = (uint8_t)((ack >> 16) & 0xFF);
buffer[TCP_SEQ_L_P] = (uint8_t)((ack >> 8) & 0xFF);
buffer[TCP_SEQ_L_P+1] = (uint8_t)(ack & 0xFF);
make_tcphead3(buffer,0);
head = 0;
_SOCKETS[s].sentData = 0;
}
}
static void build_send_packet(int command_len)
{
unsigned char * command = pkt_buf + ETHER_H_LEN + IP_H_LEN + UDP_H_LEN;
/*
scif_puts("build_send_packet\n");
scif_putchar(command[0]);
scif_putchar(command[1]);
scif_putchar(command[2]);
scif_putchar(command[3]);
scif_puts("\n");
*/
if (!tool_ip) {
printf("Calling BBA syscall without dc-load client attached !\n");
return;
}
make_ether(tool_mac, eth_mac, ether);
make_ip(tool_ip, our_ip, UDP_H_LEN + command_len, 17, ip);
make_udp(tool_port, 31313, command, command_len, ip, udp);
//bb->start();
eth_txts(pkt_buf, ETHER_H_LEN + IP_H_LEN + UDP_H_LEN + command_len);
}
static int make_connection_real(const char *soname, conn_t *conn)
{
int s;
struct timeval tv;
char *port=NULL;
char *name, *pt = strdup(soname);
const char *host = pt;
struct addrinfo hints, *res=NULL, *p;
int err;
conn->tcp = 0;
#ifndef _WIN32
if(cli_is_abspath(soname) || (access(soname, F_OK) == 0)) {
struct sockaddr_un addr;
s = socket(AF_UNIX, SOCK_STREAM, 0);
if(s < 0) {
perror("socket");
return -1;
}
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, soname, sizeof(addr.sun_path));
addr.sun_path[sizeof(addr.sun_path) - 1] = 0x0;
print_con_info(conn, "Connecting to: %s\n", soname);
if (connect(s, (struct sockaddr *)&addr, sizeof(addr))) {
perror("connect");
close(s);
return -1;
}
goto end;
}
#endif
memset(&hints, 0x00, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE;
host = get_ip(soname);
if (!(host))
return -1;
port = get_port(soname);
conn->tcp=1;
print_con_info(conn, "Looking up: %s:%s\n", host, port ? port : "3310");
if ((err = getaddrinfo(host, (port != NULL) ? port : "3310", &hints, &res))) {
print_con_info(conn, "Could not look up %s:%s, getaddrinfo returned: %s\n", host, port ? port : "3310", gai_strerror(err));
return -1;
}
for (p = res; p != NULL; p = p->ai_next) {
if ((s = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) < 0) {
perror("socket");
continue;
}
print_con_info(conn, "Connecting to: %s\n", soname);
if (connect(s, p->ai_addr, p->ai_addrlen)) {
perror("connect");
close(s);
continue;
}
break;
}
free(pt);
if (res)
freeaddrinfo(res);
if (p == NULL)
return -1;
end:
if (conn->remote != soname) {
/* when we reconnect, they are the same */
if (conn->remote)
free(conn->remote);
conn->remote = make_ip(host, (port != NULL) ? port : "3310");
}
if (port)
free(port);
conn->sd = s;
gettimeofday(&conn->tv_conn, NULL);
tv.tv_sec = 30;
tv.tv_usec = 0;
setsockopt(conn->sd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
return 0;
}
/* -------------------------- Initialization ---------------- */
static void setup_connections(int argc, char *argv[])
{
struct optstruct *opts;
struct optstruct *clamd_opts;
unsigned i;
char *conn = NULL;
opts = optparse(NULL, argc, argv, 1, OPT_CLAMDTOP, 0, NULL);
if (!opts) {
fprintf(stderr, "ERROR: Can't parse command line options\n");
EXIT_PROGRAM(FAIL_CMDLINE);
}
if(optget(opts, "help")->enabled) {
optfree(opts);
help();
normal_exit = 1;
exit(0);
}
if(optget(opts, "version")->enabled) {
printf("Clam AntiVirus Monitoring Tool %s\n", get_version());
optfree(opts);
normal_exit = 1;
exit(0);
}
if(optget(opts, "defaultcolors")->enabled)
default_colors = 1;
memset(&global, 0, sizeof(global));
if (!opts->filename || !opts->filename[0]) {
const struct optstruct *opt;
const char *clamd_conf = optget(opts, "config-file")->strarg;
if ((clamd_opts = optparse(clamd_conf, 0, NULL, 1, OPT_CLAMD, 0, NULL)) == NULL) {
fprintf(stderr, "Can't parse clamd configuration file %s\n", clamd_conf);
EXIT_PROGRAM(FAIL_CMDLINE);
}
if((opt = optget(clamd_opts, "LocalSocket"))->enabled) {
conn = strdup(opt->strarg);
if (!conn) {
fprintf(stderr, "Can't strdup LocalSocket value\n");
EXIT_PROGRAM(FAIL_INITIAL_CONN);
}
} else if ((opt = optget(clamd_opts, "TCPSocket"))->enabled) {
char buf[512];
const struct optstruct *opt_addr;
const char *host = "localhost";
if ((opt_addr = optget(clamd_opts, "TCPAddr"))->enabled) {
host = opt_addr->strarg;
}
snprintf(buf, sizeof(buf), "%lld", opt->numarg);
conn = make_ip(host, buf);
} else {
fprintf(stderr, "Can't find how to connect to clamd\n");
EXIT_PROGRAM(FAIL_INITIAL_CONN);
}
optfree(clamd_opts);
global.num_clamd = 1;
} else {
unsigned i = 0;
while (opts->filename[i]) { i++; }
global.num_clamd = i;
}
#ifdef _WIN32
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) {
fprintf(stderr, "Error at WSAStartup(): %d\n", WSAGetLastError());
EXIT_PROGRAM(FAIL_INITIAL_CONN);
}
#endif
/* clamdtop */
puts( " __ ____");
puts(" _____/ /___ _____ ___ ____/ / /_____ ____");
puts(" / ___/ / __ `/ __ `__ \\/ __ / __/ __ \\/ __ \\");
puts("/ /__/ / /_/ / / / / / / /_/ / /_/ /_/ / /_/ /");
puts("\\___/_/\\__,_/_/ /_/ /_/\\__,_/\\__/\\____/ .___/");
puts(" /_/");
global.all_stats = calloc(global.num_clamd, sizeof(*global.all_stats));
OOM_CHECK(global.all_stats);
global.conn = calloc(global.num_clamd, sizeof(*global.conn));
OOM_CHECK(global.conn);
for (i=0;i < global.num_clamd;i++) {
const char *soname = conn ? conn : opts->filename[i];
global.conn[i].line = i+1;
if (make_connection(soname, &global.conn[i]) < 0) {
EXIT_PROGRAM(FAIL_INITIAL_CONN);
}
}
optfree(opts);
free(conn);
#ifndef _WIN32
signal(SIGPIPE, SIG_IGN);
signal(SIGINT, sigint);
#endif
}
