void nfs41_idmap_free(
struct idmap_context *context)
{
/* clean up the connection */
if (context->ldap)
ldap_unbind(context->ldap);
cache_cleanup(&context->users);
cache_cleanup(&context->groups);
free(context);
}
void psf2fs_delete(void *psf2fs) {
struct PSF2FS *fs = (struct PSF2FS*)psf2fs;
if(fs->sources) source_cleanup_free(fs->sources);
if(fs->dir) dir_cleanup_free(fs->dir);
cache_cleanup(&(fs->cacheblock));
free( fs );
}
int
main (int argc, char **argv) {
int c, valid, bnr = 9, showpopup = 0, flags = 0; /* temporary vars */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
libnet_t *l; /* libnet handle for address retrieval */
char libnet_errbuf[LIBNET_ERRBUF_SIZE]; /* libnet error messages */
char start_time[24], end_time[24];
time_t acurtime, bcurtime;
struct tm *aloctime, *bloctime;
struct configuration conf, *config=&conf; /* struct to hold config for current session */
struct validated_queue *start = NULL, *end = NULL; /* pointers to validated queue */
/* get current system time */
acurtime = time (NULL);
/* convert it to local time representation */
aloctime = localtime (&acurtime);
/* format time struct into a char array */
strftime (start_time, 24, "%d/%b/%Y %H:%M:%S", aloctime);
/* load default params in config struct */
config->flags = 0;
config->verbose = 0;
config->queue_size = 0;
config->dev = NULL;
config->dport = HTTP;
config->mode = DETECT;
config->gtimeout = TIME_OUT;
config->scan_type = SYN_SCAN;
config->a_port_name = "HTTP";
config->a_scan_type = "SYN_SCAN";
/* parse and load cmd-line params in config struct */
while ((c = getopt (argc, argv, "hi:p:Parsfuetvg:o")) != -1) {
switch (c) {
case 'h':
print_usage ();
exit (EXIT_SUCCESS);
case 'i':
config->dev = optarg;
break;
case 'p':
if (1 <= atoi (optarg) && 65535 >= atoi (optarg)) {
config->dport = atoi (optarg);
}
break;
case 'P':
config->mode = PREVENT;
break;
case 'a':
config->scan_type = ACK_SCAN;
config->flags = config->flags | ACK;
flags = flags | ACK;
break;
case 'r':
config->scan_type = RST_SCAN;
config->flags = config->flags | RST;
flags = flags | RST;
break;
case 's':
config->scan_type = SYN_SCAN;
config->flags = config->flags | SYN;
flags = flags | SYN;
break;
case 'f':
config->scan_type = FIN_SCAN;
config->flags = config->flags | FIN;
flags = flags | FIN;
break;
case 'u':
config->scan_type = UDP_SCAN;
config->a_scan_type = "UDP_SCAN";
break;
case 'e':
config->scan_type = ECHO_SCAN;
config->a_scan_type = "ECHO_SCAN";
break;
case 't':
config->scan_type = TSTAMP_SCAN;
config->a_scan_type = "TSTAMP_SCAN";
break;
case 'v':
config->verbose = 1;
break;
case 'g':
if (1 <= atoi (optarg) && 9 >= atoi (optarg)) {
config->gtimeout = atoi (optarg);
}
break;
case 'o':
showpopup = 1;
break;
case '?':
if ('i' == optopt || 'p' == optopt) {
print_usage ();
exit (EXIT_FAILURE);
} else if (isprint (optopt)) {
printf ("\n [-] unknown option `-%c'\n", optopt);
print_usage ();
exit (EXIT_FAILURE);
} else {
printf ("\n unknown option character `\\x%x'\n", optopt);
print_usage ();
exit (EXIT_FAILURE);
}
default:
print_usage ();
exit (EXIT_FAILURE);
}
}
if (0 == flags) { config->flags = SYN; }
else if (ACK == flags) { config->a_scan_type = "ACK_SCAN"; }
else if (RST == flags) { config->a_scan_type = "RST_SCAN"; }
else if (SYN == flags) { config->a_scan_type = "SYN_SCAN"; }
else if (FIN == flags) { config->a_scan_type = "FIN_SCAN"; }
/* print an ASCII-ART banner */
print_banner ();
switch (config->dport) {
case HTTP:
config->a_port_name = "HTTP";
break;
case FTP:
config->a_port_name = "FTP";
break;
case TELNET:
config->a_port_name = "TELNET";
break;
case SSH:
config->a_port_name = "SSH";
break;
case SMTP:
config->a_port_name = "SMTP";
break;
default:
config->a_port_name = "UNKNOWN";
break;
}
/* check if we are root, else exit */
if (0 != getuid ()) {
printf ("\n [!] you need to be root buddy...\n\n");
exit (EXIT_FAILURE);
}
/* find a capture device if not specified on command-line */
if (config->dev == NULL) {
config->dev = pcap_lookupdev (errbuf);
if (config->dev == NULL) {
printf ("\n [-] could not find default device: %s\n\n", errbuf);
exit (EXIT_FAILURE);
}
}
/* initialize libnet library to find local mac and ip addresses */
l = libnet_init (LIBNET_LINK, config->dev, libnet_errbuf);
if (NULL == l) {
printf ("\n [-] libnet_init() failed: %s\n\n", libnet_errbuf);
exit (EXIT_FAILURE);
}
/* fetch local mac address */
config->macaddr = libnet_get_hwaddr (l);
if (NULL == config->macaddr) {
printf ("\n [-] could not fetch local mac address: %s\n\n", libnet_geterror (l));
libnet_destroy (l);
exit (EXIT_FAILURE);
} else {
snprintf (config->llmac, 18, "%02x:%02x:%02x:%02x:%02x:%02x",
config->macaddr->ether_addr_octet[0], config->macaddr->ether_addr_octet[1],
config->macaddr->ether_addr_octet[2], config->macaddr->ether_addr_octet[3],
config->macaddr->ether_addr_octet[4], config->macaddr->ether_addr_octet[5]);
}
/* fetch local ip address */
config->ipaddr = libnet_get_ipaddr4 (l);
if (-1 == config->ipaddr) {
printf ("\n [-] could not fetch local ip address: %s\n\n", libnet_geterror (l));
libnet_destroy (l);
exit (EXIT_FAILURE);
} else {
snprintf (config->llip, 16, "%s", libnet_addr2name4 (config->ipaddr, LIBNET_DONT_RESOLVE));
}
printf (" [+] session started at %s \n", start_time);
printf (" [+] default configuration and cmd-line parameters loaded\n");
printf (" [+] device: \"%s\", mode: \"%s\", port: \"%s\", scan-type: \"%s\"\n",
config->dev, (config->mode)? "PREVENT" : "DETECT", config->a_port_name, config->a_scan_type);
/* start repeat loop */
/* call sniffer module to fill up our config struct with packet fields */
printf (" [+] calling arp-sniffer module to capture incoming arp packets\n");
config = sniffer (config);
printf ("\n [+] above arp packet was captured and respective fields were saved for analysis\n");
printf (" [+] calling anamoly-detection module to perform static analysis on saved packet fields\n");
/* call static_analysis module to perform some static checks on packet fields */
valid = static_analysis (conf);
if (EXIT_FAILURE == valid) {
printf (" [+] analyzed arp packet seems to be specially-crafted. kernel might have added the"
" poisonous SIP-SMAC entry in arp cache\n");
if (DETECT == conf.mode) {
printf (" [+] you need to clean up arp cache manually. delete entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
printf (" [+] to automate this process, please terminate this session and restart arp-secur"
" in PREVENT mode, i.e with -P switch\n");
} else if (PREVENT == conf.mode) {
printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
cache_cleanup (conf.a_sip, conf.a_sha);
}
} else {
printf (" [+] analyzed arp packet does not seem to be specially-crafted\n");
/* check if we have already processed (and validated) the ip-mac pair... */
if (0 < conf.queue_size) {
printf (" [+] calling known-traffic-filter module to check if we have validated"
" IP - MAC (%s - %s) pair earlier (queue_size: %d)\n",
conf.a_sip, conf.a_sha, conf.queue_size);
known_traffic_filter (start, conf.a_sip, conf.a_sha, conf.queue_size);
} else {
printf (" [+] no IP-MAC pairs have been validated yet (queue_size: %d)\n", conf.queue_size);
}
/* ...hmmm, seems to be a new mac-ip pair. let's validate it then... */
printf (" [+] calling spoof-detection module to validate IP - MAC (%s - %s) pair\n", conf.a_sip, conf.a_sha);
valid = spoof_detector (conf, start, end);
if (0 == valid) {
printf ("\n [+] try other scan types before determining the validity of the IP - MAC (%s - %s)\n",
conf.a_sip, conf.a_sha);
if (DETECT == conf.mode) {
printf (" [+] for safety reasons, you need to clean up arp cache manually."
" delete entry for (%s - %s)\n", conf.a_sip, conf.a_sha);
printf (" [+] to automate this process from now onwards,"
" restart arp-secur in PREVENT mode, i.e with -P switch\n");
} else if (PREVENT == conf.mode) {
printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
cache_cleanup (conf.a_sip, conf.a_sha);
}
}
/* display session summary in a system popup notification */
if (1 == showpopup) {
alert (conf.a_sip, conf.a_sha, valid);
}
/* end repeat loop */
/* end arp-secur session */
bcurtime = time (NULL);
bloctime = localtime (&bcurtime);
strftime (end_time, 24, "%d/%b/%Y %H:%M:%S", bloctime);
printf ("\n [+] session finished at %s\n\n", end_time);
}
return 0;
}//main
int main(int argc, char* argv[]) {
int opt;
uint64_t c = DEFAULT_C;
uint64_t b = DEFAULT_B;
uint64_t s = DEFAULT_S;
FILE* fin = stdin;
/* Read arguments */
while(-1 != (opt = getopt(argc, argv, "c:b:s:i:h"))) {
switch(opt) {
case 'c':
c = atoi(optarg);
break;
case 'b':
b = atoi(optarg);
break;
case 's':
s = atoi(optarg);
break;
case 'i':
fin = fopen(optarg, "r");
break;
case 'h':
default:
print_help_and_exit();
break;
}
}
printf("Cache Settings\n");
printf("C: %" PRIu64 "\n", c);
printf("B: %" PRIu64 "\n", b);
printf("S: %" PRIu64 "\n", s);
printf("\n");
/* Setup the cache */
cache_init(c, s, b);
/* Setup statistics */
struct cache_stats_t stats;
memset(&stats, 0, sizeof(struct cache_stats_t));
stats.miss_penalty = 100;
stats.access_time = 2;
/* Begin reading the file */
char rw;
uint64_t address;
while (!feof(fin)) {
int ret = fscanf(fin, "%c %" PRIx64 "\n", &rw, &address);
if(ret == 2) {
cache_access(rw, address, &stats);
}
}
/* Make sure to free up memory here */
cache_cleanup(&stats);
print_statistics(&stats);
fclose(fin);
return 0;
}
