void Reset_Domain_Query_Setting(void)
{
int opmode=-1;
int lan_dhcp_mode=0;
int wlan_mode_root=0;
struct sockaddr hwaddr;
unsigned char *pMacAddr;
unsigned char cmdBuffer[100];
char lan_domain_name[ MAX_NAME_LEN]={0};
apmib_get( MIB_DOMAIN_NAME, (void *)lan_domain_name);
apmib_get(MIB_OP_MODE,(void *)&opmode);
apmib_get(MIB_DHCP,(void *)&lan_dhcp_mode);
apmib_get( MIB_WLAN_MODE, (void *)&wlan_mode_root);
if(opmode==1 &&((wlan_mode_root==1 && lan_dhcp_mode==15) || (wlan_mode_root==0 && lan_dhcp_mode==15)) && lan_domain_name[0]){
system("echo 1 > /proc/pocket/en_filter");
if(getInAddr("br0", HW_ADDR, (void *)&hwaddr)){
pMacAddr = hwaddr.sa_data;
sprintf(cmdBuffer, "echo \"%s %02X%02X%02X%02X%02X%02X 0\" > /proc/pocket/filter_conf","00000000", pMacAddr[0], pMacAddr[1],pMacAddr[2], pMacAddr[3], pMacAddr[4], pMacAddr[5]);
}else{
sprintf(cmdBuffer, "echo \"%s 000000000000 0\" > /proc/pocket/filter_conf","00000000");
}
system(cmdBuffer);
}else{
system("echo 0 > /proc/pocket/en_filter");
}
}
void* routeRecordMain(void* arg){
randomValue = createLongRandomValue();
char* gatewayIP = getIPAddress(INTERFACE);
gatewayAddr = getInAddr(gatewayIP);
initializeRRFilterList();
struct nfq_handle* h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
//nfq_callback* cb = (nfq_callback*) calloc(1, sizeof(nfq_callback));
printf("binding this socket to queue '0'\n");
struct nfq_q_handle* qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("setting copy_packet mode\n");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "can't set packet_copy mode\n");
exit(1);
}
int fd = nfq_fd(h);
int rv = -1;
char* buf = (char*) calloc(1, 100001);
while ((rv = recv(fd, buf, 10000, 0)) >= 0) {
printf("pkt received\n received: [%d]\n\n", rv);
nfq_handle_packet(h, buf, rv);
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qh);
printf("closing library handle\n");
nfq_close(h);
pthread_exit(NULL);
}
int getLan_MacAddress(unsigned char *dst)
{
struct sockaddr hwaddr;
unsigned char *pMacAddr;
if(getInAddr("br0", HW_ADDR, (void *)&hwaddr)){
pMacAddr = hwaddr.sa_data;
sprintf(dst, "%02X%02X%02X%02X%02X%02X",pMacAddr[0], pMacAddr[1], pMacAddr[2], pMacAddr[3],pMacAddr[4],pMacAddr[5]);
return 1;
}
return 0;
}
int OSAPIUDPChannel::receive()
{
int numbytes;
addr_len = sizeof their_addr;
if ((numbytes = recvfrom(listenerSocket, buf, MAXBUFLEN-1 , 0,
(struct sockaddr *)&their_addr, &addr_len)) == -1)
return -1;
datagram.resize(numbytes);
datagram.setRawData(buf, numbytes);
QHostAddress senderAddress(inet_ntop(their_addr.ss_family,
getInAddr((struct sockaddr *)&their_addr),
s, sizeof s));
quint16 senderPort = getInPort((struct sockaddr *) &their_addr);
processTheDatagram(datagram,senderAddress,senderPort);
return numbytes;
}
struct tunnel *l2tp_call (char *host, int port, struct lac *lac,
struct lns *lns)
{
/*
* Establish a tunnel from us to host
* on port port
*/
struct call *tmp = NULL;
struct hostent *hp;
unsigned int addr;
//-------------------------------------------------
#if defined(CONFIG_RTL8186_TR) || defined(CONFIG_RTL865X_SC)
struct in_addr retval;
struct in_addr intaddr;
struct in_addr intmask;
char server_ip[100];
char l2tp_gw[30];
char l2tp_ipdyn[30];
char cmdBuffer[200];
FILE *fp1, *fp2;
#endif
//------------------------------------------------
port = htons (port);
hp = gethostbyname (host);
if (!hp)
{
log (LOG_WARN, "Host name lookup failed for %s.\n",
host);
return NULL;
}
#if defined(CONFIG_RTL8186_TR) || defined(CONFIG_RTL865X_SC)
//Brad add
//if l2tp server is not in the same subnet as l2tp client, we put l2tp server ip to /var/l2tp_server
memcpy(&retval.s_addr, hp->h_addr, sizeof(retval.s_addr));
if (getInAddr("eth1", IP_ADDR, (void *)&intaddr )){
if(getInAddr("eth1", SUBNET_MASK, (void *)&intmask)){
if((intaddr.s_addr & intmask.s_addr) != (retval.s_addr & intmask.s_addr)){
//warn("generate pptp server =%s\n", inet_ntoa(retval));
sprintf(server_ip, "echo %s > /var/l2tp_server", inet_ntoa(retval));
system(server_ip);
fp1= fopen("/var/l2tp_dyn", "r");
if(fp1 !=NULL){
fscanf(fp1, "%s", l2tp_ipdyn);
if(l2tp_ipdyn[0]=='1'){
fp2= fopen("/var/l2tp_gw", "r");
if (fp2 != NULL) {
fscanf(fp2, "%s", l2tp_gw);
sprintf(cmdBuffer, "route add -host %s gw %s", inet_ntoa(retval), l2tp_gw);
system(cmdBuffer);
fclose(fp2);
}
}else{
fp2= fopen("/var/eth1_gw", "r");
if (fp2 != NULL) {
fscanf(fp2, "%s", l2tp_gw);
sprintf(cmdBuffer, "route add -host %s gw %s", inet_ntoa(retval), l2tp_gw);
system(cmdBuffer);
fclose(fp2);
}
}
fclose(fp1);
}
}
}
}
#endif
bcopy (hp->h_addr, &addr, hp->h_length);
/* Force creation of a new tunnel
and set it's tid to 0 to cause
negotiation to occur */
/* XXX L2TP/IPSec: Set up SA to addr:port here? NTB 20011010
*/
tmp = get_call (0, 0, addr, port);
if (!tmp)
{
log (LOG_WARN, "%s: Unable to create tunnel to %s.\n", __FUNCTION__,
host);
return NULL;
}
tmp->container->tid = 0;
tmp->container->lac = lac;
tmp->container->lns = lns;
tmp->lac = lac;
tmp->lns = lns;
if (lac)
lac->t = tmp->container;
if (lns)
lns->t = tmp->container;
/*
* Since our state is 0, we will establish a tunnel now
*/
log (LOG_NOTICE, "Connecting to host %s, port %d\n", host,
ntohs (port));
control_finish (tmp->container, tmp);
return tmp->container;
}
int main(int argc, char* argv[]){
if(argc > 1){
printf("Arg detected\n");
}
char* hostIP = getIPAddress(INTERFACE);
printf("Host Interface (%s) Address: [%s]\n", INTERFACE, hostIP);
//Part of this is Recycled/Modified Code from cs4516
printf("Elevation Handler Started.\n");
int packet_socket = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
printf("FD: [%d]\n", packet_socket);
if(packet_socket == -1){
printf("Error [%s]\n", strerror(errno));
exit(1);
}
struct sockaddr_ll saddr;
unsigned int interface = if_nametoindex(INTERFACE);
printf("IF: [%u]\n", interface);
if(interface == 0){
printf("Interface not found./n");
exit(1);
}
saddr.sll_protocol = htons(ETH_P_ALL);
saddr.sll_ifindex = interface;
saddr.sll_family = AF_PACKET;
int bindInt = bind(packet_socket, (struct sockaddr*) &saddr, sizeof(saddr));
printf("BIND: [%d]\n", bindInt);
if(bindInt == -1){
printf("Error [%s]\n", strerror(errno));
exit(1);
}
char buffer[2000];
AttackList* attackList = NULL;
while(1){
int count = recv(packet_socket, buffer, 1500, 0);
buffer[count] = '\n';
buffer[count + 1] = '\0';
char srcIP[33];
inet_ntop(AF_INET, buffer+12, srcIP, INET_ADDRSTRLEN);
srcIP[32] = '\0';
char destIP[33];
inet_ntop(AF_INET, buffer+16, destIP, INET_ADDRSTRLEN);
destIP[32] = '\0';
int protocol = (int) buffer[9];
if(protocol == 17 && strcmp(hostIP, destIP) == 0){
AttackList** entry = (AttackList**) calloc(sizeof(AttackList*), 1);
attackList = updateAttackCount(attackList, srcIP, entry);
printf("UDP Packet Size: [%d]\n", count);
printf("UDP Packet Src: [%s]\n", srcIP);
printf("UDP Packet Dest: [%s]\n", destIP);
printf("Attack Count: [%d]\n\n", (*entry)->count);
if((*entry)->count > ATTACK_COUNT_THRESHOLD){
printf("Attack Threshold Met for [%s] - Reporting and resetting!\n\n", srcIP);
//Complain to Victim Gateway Here
//Create Flow struct based on received Route Record first
//TODO below: temporary implementation
RouteRecord* tempRR = readRouteRecord(buffer + 20);
struct in_addr* victimAddr = getInAddr(destIP);
struct in_addr* attackerAddr = getInAddr(srcIP);
Flow* flow = createFlowStruct(victimAddr, attackerAddr, tempRR, createNonce(victimAddr, attackerAddr), 0, AITF_BLOCKING_REQUEST);
sendFlow(VICTIM_GATEWAY_IP, TCP_SENDING_PORT, flow);
//Wait T-temp here
waitMilliseconds(T_TEMP);
(*entry)->count = 0;
}
}
}
}
// extern for P2P_SUPPORT
void set_lan_dhcpd(char *interface, int mode)
{
char tmpBuff1[32]={0}, tmpBuff2[32]={0};
int intValue=0, dns_mode=0;
char line_buffer[100]={0};
char tmp1[64]={0};
char tmp2[64]={0};
int opMode=-1;
int dhcpMode=-1;
struct in_addr lanIpAddr;
char *strtmp=NULL, *strtmp1=NULL;
//DHCPRSVDIP_T entry;
//int i, entry_Num=0;
#ifdef HOME_GATEWAY
char tmpBuff3[32]={0};
#endif
sprintf(line_buffer,"interface %s\n",interface);
write_line_to_file(DHCPD_CONF_FILE, 1, line_buffer);
apmib_get(MIB_DHCP_CLIENT_START, (void *)tmp1);
strtmp= inet_ntoa(*((struct in_addr *)tmp1));
sprintf(line_buffer,"start %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
apmib_get(MIB_DHCP_CLIENT_END, (void *)tmp1);
strtmp= inet_ntoa(*((struct in_addr *)tmp1));
sprintf(line_buffer,"end %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
apmib_get(MIB_SUBNET_MASK, (void *)tmp1);
strtmp= inet_ntoa(*((struct in_addr *)tmp1));
sprintf(line_buffer,"opt subnet %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
apmib_get( MIB_OP_MODE,&opMode);
apmib_get( MIB_DHCP,&dhcpMode);
if((opMode==1) && (dhcpMode==15))
{
if(check_upStream_connected())
{
getInAddr("br0", IP_ADDR, (void *)&tmp2);
}
else
{
apmib_get( MIB_IP_ADDR, (void *)tmp2);
if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){
strtmp= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(line_buffer,"opt router %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
}
if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){
strtmp= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(line_buffer,"opt dns %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
}
else
{
if(mode==1){//ap
apmib_get( MIB_DEFAULT_GATEWAY, (void *)tmp2);
if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){
strtmp= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(line_buffer,"opt router %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
}else{
apmib_get(MIB_IP_ADDR, (void *)tmp1);
strtmp= inet_ntoa(*((struct in_addr *)tmp1));
sprintf(line_buffer,"opt router %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
#ifdef HOME_GATEWAY
apmib_get( MIB_DNS_MODE, (void *)&dns_mode);
if(dns_mode==0){
sprintf(line_buffer,"opt dns %s\n",strtmp); /*now strtmp is ip address value */
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
#endif
}
if((mode==1)
#if 1
||(mode==2 && dns_mode==1)
#endif
){
if(intValue==0){ /*no dns option for dhcp server, use default gatewayfor dns opt*/
if(mode==1){
apmib_get( MIB_DEFAULT_GATEWAY, (void *)tmp2);
if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){
strtmp= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(line_buffer,"opt dns %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
}else {
apmib_get( MIB_IP_ADDR, (void *)tmp2);
if (memcmp(tmp2, "\x0\x0\x0\x0", 4)){
strtmp= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(line_buffer,"opt dns %s\n",strtmp);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
}
}
}
}
memset(tmp1, 0x00, 64);
apmib_get( MIB_DOMAIN_NAME, (void *)&tmp1);
if(tmp1[0]){
sprintf(line_buffer,"opt domain %s\n",tmp1);
write_line_to_file(DHCPD_CONF_FILE, 2, line_buffer);
}
/* may not need to set ip again*/
apmib_get(MIB_IP_ADDR, (void *)tmp1);
strtmp= inet_ntoa(*((struct in_addr *)tmp1));
sprintf(tmpBuff1, "%s", strtmp);
apmib_get(MIB_SUBNET_MASK, (void *)tmp2);
strtmp1= inet_ntoa(*((struct in_addr *)tmp2));
sprintf(tmpBuff2, "%s", strtmp1);
sprintf(line_buffer, "ifconfig %s %s netmask %s", interface, tmpBuff1, tmpBuff2);
system(line_buffer);
sprintf(line_buffer, "udhcpd %s", DHCPD_CONF_FILE);
system(line_buffer);
//start_dnrd();
}
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
struct nfq_data *nfa, void *data)
{
u_int32_t id = -1;
struct nfqnl_msg_packet_hdr* ph = nfq_get_msg_packet_hdr(nfa);
if (ph) {
id = ntohl(ph->packet_id);
printf("hw_protocol=0x%04x hook=%u id=%u ",
ntohs(ph->hw_protocol), ph->hook, id);
char* packet_data = (char*) calloc(1, 10000);
char* packet_data_2 = (char*) calloc(1, 10000);
int count = nfq_get_payload(nfa, (unsigned char**)&packet_data);
printf("count: [%d], ", count);
int protocol = (int) packet_data[9];
printf("protocol: [%d]", protocol);
//Get the source and destination IPs
char srcIP[33];
inet_ntop(AF_INET, packet_data+12, srcIP, INET_ADDRSTRLEN);
srcIP[32] = '\0';
char destIP[33];
inet_ntop(AF_INET, packet_data+16, destIP, INET_ADDRSTRLEN);
destIP[32] = '\0';
struct in_addr* destAddr = getInAddr(destIP);
struct in_addr* sourceAddr = getInAddr(srcIP);
//If we're blocking the flow, drop the packet.
if(checkForFilteredFlows(sourceAddr, destAddr) == TRUE){
return nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
}
//Means the route record shim is not already there, so add it.
if(protocol != ROUTE_RECORD_PROTOCOL){
RouteRecord* rr = createRouteRecord(gatewayAddr, randomValue);
char* rr_buf = writeRouteRecordAsNetworkBuffer(rr);
memcpy(packet_data_2, packet_data + 20, count - 20);
memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE);
memcpy(packet_data + 20 + MAX_RR_HEADER_SIZE, packet_data_2, count - 20);
packet_data[9] = (char) ROUTE_RECORD_PROTOCOL;
printf("Modifying Packet\n\n");
}
else{
// CHange the route record to add new gateway information
RouteRecord* rr = readRouteRecord(packet_data + 20);
addGatewayInfo(rr, gatewayAddr, -1l);
char* rr_buf = writeRouteRecordAsNetworkBuffer(rr);
memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE);
}
return nfq_set_verdict(qh, id, NF_ACCEPT, count + MAX_RR_HEADER_SIZE, (unsigned char*) packet_data);
}
printf("entering callback\n\n");
return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}
