static PyObject* p0fmod_mk_query(PyObject *self,PyObject *args) {
char *input;
if(!PyArg_ParseTuple(args, "s" , &input))
return NULL;
q = malloc(sizeof(struct p0f_api_query));
q->magic = P0F_QUERY_MAGIC;
if (strchr(input, ':')) {
parse_addr6(input, q->addr);
q->addr_type = P0F_ADDR_IPV6;
} else {
parse_addr4(input, q->addr);
q->addr_type = P0F_ADDR_IPV4;
}
buf = (char*)malloc(sizeof(*q));
memcpy(buf,q,sizeof(*q));
return Py_BuildValue("s",buf);
}
int main(int argc, char** argv) {
u8 tmp[128];
struct tm* t;
static struct p0f_api_query q;
static struct p0f_api_response r;
static struct sockaddr_un sun;
s32 sock;
time_t ut;
if (argc != 3) {
ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
exit(1);
}
q.magic = P0F_QUERY_MAGIC;
if (strchr(argv[2], ':')) {
parse_addr6(argv[2], q.addr);
q.addr_type = P0F_ADDR_IPV6;
} else {
parse_addr4(argv[2], q.addr);
q.addr_type = P0F_ADDR_IPV4;
}
sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) PFATAL("Call to socket() failed.");
sun.sun_family = AF_UNIX;
if (strlen(argv[1]) >= sizeof(sun.sun_path))
FATAL("API socket filename is too long for sockaddr_un (blame Unix).");
strcpy(sun.sun_path, argv[1]);
if (connect(sock, (struct sockaddr*)&sun, sizeof(sun)))
PFATAL("Can't connect to API socket.");
if (write(sock, &q, sizeof(struct p0f_api_query)) !=
sizeof(struct p0f_api_query)) FATAL("Short write to API socket.");
if (read(sock, &r, sizeof(struct p0f_api_response)) !=
sizeof(struct p0f_api_response)) FATAL("Short read from API socket.");
close(sock);
if (r.magic != P0F_RESP_MAGIC)
FATAL("Bad response magic (0x%08x).\n", r.magic);
if (r.status == P0F_STATUS_BADQUERY)
FATAL("P0f did not understand the query.\n");
if (r.status == P0F_STATUS_NOMATCH) {
SAYF("No matching host in p0f cache. That's all we know.\n");
return 0;
}
ut = r.first_seen;
t = localtime(&ut);
strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
SAYF("First seen = %s\n", tmp);
ut = r.last_seen;
t = localtime(&ut);
strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
SAYF("Last update = %s\n", tmp);
SAYF("Total flows = %u\n", r.total_conn);
if (!r.os_name[0])
SAYF("Detected OS = ???\n");
else
SAYF("Detected OS = %s %s%s%s\n", r.os_name, r.os_flavor,
(r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
(r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");
if (!r.http_name[0])
SAYF("HTTP software = ???\n");
else
SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
(r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));
if (!r.link_type[0])
SAYF("Network link = ???\n");
else
SAYF("Network link = %s\n", r.link_type);
if (!r.language[0])
SAYF("Language = ???\n");
else
SAYF("Language = %s\n", r.language);
if (r.distance == -1)
SAYF("Distance = ???\n");
else
SAYF("Distance = %u\n", r.distance);
if (r.last_nat) {
ut = r.last_nat;
t = localtime(&ut);
strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
SAYF("IP sharing = %s\n", tmp);
}
if (r.last_chg) {
ut = r.last_chg;
t = localtime(&ut);
strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
SAYF("Sys change = %s\n", tmp);
}
if (r.uptime_min) {
SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n",
r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
r.up_mod_days);
}
return 0;
}
