static int send_with_pcap(RADIUS_PACKET **reply, RADIUS_PACKET *request)
{
char ip[16];
char pcap_filter[255];
pcap = fr_pcap_init(NULL, iface, PCAP_INTERFACE_IN_OUT);
if (!pcap) {
ERROR("Failed creating pcap");
return -1;
}
if (fr_pcap_open(pcap) < 0) {
ERROR("Failed opening interface");
talloc_free(pcap);
return -1;
}
fr_inet_ntoh(&request->src_ipaddr, ip, sizeof(ip));
sprintf(pcap_filter, "udp and dst port %d", request->src_port);
if (fr_pcap_apply_filter(pcap, pcap_filter) < 0) {
ERROR("Failing setting filter");
talloc_free(pcap);
return -1;
}
if (fr_dhcpv4_pcap_send(pcap, eth_bcast, request) < 0) {
ERROR("Failed sending packet");
talloc_free(pcap);
return -1;
}
if (!reply_expected) return 0;
*reply = fr_dhcpv4_recv_raw_loop(pcap->fd,
#ifdef HAVE_LINUX_IF_PACKET_H
&ll,
#endif
request);
if (!*reply) {
ERROR("Error receiving reply");
talloc_free(pcap);
return -1;
}
talloc_free(pcap);
return 0;
}
static void send_with_pcap(void)
{
pcap = fr_pcap_init(NULL, iface, PCAP_INTERFACE_IN_OUT);
if (!pcap) {
fprintf(stderr, "Failed creating pcap \n");
fr_exit_now(1);
}
if (fr_pcap_open(pcap) < 0) {
fprintf(stderr, "Failed opening interface: %s", fr_strerror());
fr_exit_now(1);
}
char ip[16];
ip_ntoh(&request->src_ipaddr, ip, sizeof(ip));
char pcap_filter[255];
sprintf(pcap_filter, "udp and dst port %d", client_port);
if (fr_pcap_apply_filter(pcap, pcap_filter) < 0) {
fprintf(stderr, "Failed setting filter for interface: %s \n",
fr_strerror());
fr_exit_now(1);
}
if (fr_dhcp_send_pcap(pcap, eth_bcast, request) < 0) {
fprintf(stderr, "dhcpclient: failed sending: %s\n",
pcap_geterr(pcap->handle));
fr_exit_now(1);
}
if (!reply_expected) return;
reply = fr_dhcp_recv_raw_loop(pcap->fd,
#ifdef HAVE_LINUX_IF_PACKET_H
&ll,
#endif
request);
if (!reply) {
fprintf(stderr, "dhcpclient: Error receiving reply\n");
fr_exit_now(1);
}
}
int main(int argc, char *argv[])
{
rs_t *conf;
fr_pcap_t *in = NULL, *in_p;
fr_pcap_t **in_head = ∈
fr_pcap_t *out = NULL;
int ret = 1; /* Exit status */
int limit = -1; /* How many packets to sniff */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error buffer */
int port = 1812;
char buffer[1024];
int opt;
FR_TOKEN parsecode;
char const *radius_dir = RADIUS_DIR;
rs_stats_t stats;
fr_debug_flag = 2;
log_dst = stdout;
talloc_set_log_stderr();
conf = talloc_zero(NULL, rs_t);
if (!fr_assert(conf)) {
exit (1);
}
/*
* We don't really want probes taking down machines
*/
#ifdef HAVE_TALLOC_SET_MEMLIMIT
talloc_set_memlimit(conf, 52428800); /* 50 MB */
#endif
/*
* Get options
*/
while ((opt = getopt(argc, argv, "c:d:DFf:hi:I:p:qr:s:Svw:xXW:P:O:")) != EOF) {
switch (opt) {
case 'c':
limit = atoi(optarg);
if (limit <= 0) {
fprintf(stderr, "radsniff: Invalid number of packets \"%s\"", optarg);
exit(1);
}
break;
case 'd':
radius_dir = optarg;
break;
case 'D':
{
pcap_if_t *all_devices = NULL;
pcap_if_t *dev_p;
if (pcap_findalldevs(&all_devices, errbuf) < 0) {
ERROR("Error getting available capture devices: %s", errbuf);
goto finish;
}
int i = 1;
for (dev_p = all_devices;
dev_p;
dev_p = dev_p->next) {
INFO("%i.%s", i++, dev_p->name);
}
ret = 0;
goto finish;
}
case 'F':
conf->from_stdin = true;
conf->to_stdout = true;
break;
case 'f':
conf->pcap_filter = optarg;
break;
case 'h':
usage(0);
break;
case 'i':
*in_head = fr_pcap_init(conf, optarg, PCAP_INTERFACE_IN);
if (!*in_head) {
goto finish;
}
in_head = &(*in_head)->next;
conf->from_dev = true;
break;
case 'I':
*in_head = fr_pcap_init(conf, optarg, PCAP_FILE_IN);
if (!*in_head) {
goto finish;
}
in_head = &(*in_head)->next;
conf->from_file = true;
break;
case 'p':
port = atoi(optarg);
break;
case 'q':
if (fr_debug_flag > 0) {
fr_debug_flag--;
}
break;
case 'r':
conf->radius_filter = optarg;
break;
case 's':
conf->radius_secret = optarg;
break;
case 'S':
conf->do_sort = true;
break;
case 'v':
#ifdef HAVE_COLLECTDC_H
INFO("%s, %s, collectdclient version %s", radsniff_version, pcap_lib_version(),
lcc_version_string());
#else
INFO("%s %s", radsniff_version, pcap_lib_version());
#endif
exit(0);
break;
case 'w':
out = fr_pcap_init(conf, optarg, PCAP_FILE_OUT);
conf->to_file = true;
break;
case 'x':
case 'X':
fr_debug_flag++;
break;
case 'W':
conf->stats.interval = atoi(optarg);
if (conf->stats.interval <= 0) {
ERROR("Stats interval must be > 0");
usage(64);
}
break;
case 'T':
conf->stats.timeout = atoi(optarg);
if (conf->stats.timeout <= 0) {
ERROR("Timeout value must be > 0");
usage(64);
}
break;
#ifdef HAVE_COLLECTDC_H
case 'P':
conf->stats.prefix = optarg;
break;
case 'O':
conf->stats.collectd = optarg;
conf->stats.out = RS_STATS_OUT_COLLECTD;
break;
#endif
default:
usage(64);
}
}
/* What's the point in specifying -F ?! */
if (conf->from_stdin && conf->from_file && conf->to_file) {
usage(64);
}
/* Can't read from both... */
if (conf->from_file && conf->from_dev) {
usage(64);
}
/* Reading from file overrides stdin */
if (conf->from_stdin && (conf->from_file || conf->from_dev)) {
conf->from_stdin = false;
}
/* Writing to file overrides stdout */
if (conf->to_file && conf->to_stdout) {
conf->to_stdout = false;
}
if (conf->to_stdout) {
out = fr_pcap_init(conf, "stdout", PCAP_STDIO_OUT);
if (!out) {
goto finish;
}
}
if (conf->from_stdin) {
*in_head = fr_pcap_init(conf, "stdin", PCAP_STDIO_IN);
if (!*in_head) {
goto finish;
}
in_head = &(*in_head)->next;
}
if (!conf->radius_secret) {
conf->radius_secret = RS_DEFAULT_SECRET;
}
if (conf->stats.interval && !conf->stats.out) {
conf->stats.out = RS_STATS_OUT_STDIO;
}
if (conf->stats.timeout == 0) {
conf->stats.timeout = RS_DEFAULT_TIMEOUT;
}
/*
* If were writing pcap data stdout we *really* don't want to send
* logging there as well.
*/
log_dst = conf->to_stdout ? stderr : stdout;
#if !defined(HAVE_PCAP_FOPEN_OFFLINE) || !defined(HAVE_PCAP_DUMP_FOPEN)
if (conf->from_stdin || conf->to_stdout) {
ERROR("PCAP streams not supported");
goto finish;
}
#endif
if (!conf->pcap_filter) {
snprintf(buffer, sizeof(buffer), "udp port %d or %d or %d",
port, port + 1, 3799);
conf->pcap_filter = buffer;
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
fr_perror("radsniff");
ret = 64;
goto finish;
}
fr_strerror(); /* Clear out any non-fatal errors */
if (conf->radius_filter) {
parsecode = userparse(NULL, conf->radius_filter, &filter_vps);
if (parsecode == T_OP_INVALID) {
ERROR("Invalid RADIUS filter \"%s\" (%s)", conf->radius_filter, fr_strerror());
ret = 64;
goto finish;
}
if (!filter_vps) {
ERROR("Empty RADIUS filter \"%s\"", conf->radius_filter);
ret = 64;
goto finish;
}
filter_tree = rbtree_create((rbcmp) fr_packet_cmp, _rb_rad_free, 0);
if (!filter_tree) {
ERROR("Failed creating filter tree");
ret = 64;
goto finish;
}
}
/*
* Setup the request tree
*/
request_tree = rbtree_create((rbcmp) fr_packet_cmp, _rb_rad_free, 0);
if (!request_tree) {
ERROR("Failed creating request tree");
goto finish;
}
/*
* Allocate a null packet for decrypting attributes in CoA requests
*/
nullpacket = rad_alloc(conf, 0);
if (!nullpacket) {
ERROR("Out of memory");
goto finish;
}
/*
* Get the default capture device
*/
if (!conf->from_stdin && !conf->from_file && !conf->from_dev) {
pcap_if_t *all_devices; /* List of all devices libpcap can listen on */
pcap_if_t *dev_p;
if (pcap_findalldevs(&all_devices, errbuf) < 0) {
ERROR("Error getting available capture devices: %s", errbuf);
goto finish;
}
if (!all_devices) {
ERROR("No capture files specified and no live interfaces available");
ret = 64;
goto finish;
}
for (dev_p = all_devices;
dev_p;
dev_p = dev_p->next) {
/* Don't use the any devices, it's horribly broken */
if (!strcmp(dev_p->name, "any")) continue;
*in_head = fr_pcap_init(conf, dev_p->name, PCAP_INTERFACE_IN);
in_head = &(*in_head)->next;
}
conf->from_auto = true;
conf->from_dev = true;
INFO("Defaulting to capture on all interfaces");
}
/*
* Print captures values which will be used
*/
if (fr_debug_flag > 2) {
DEBUG1("Sniffing with options:");
if (conf->from_dev) {
char *buff = fr_pcap_device_names(conf, in, ' ');
DEBUG1(" Device(s) : [%s]", buff);
talloc_free(buff);
}
if (conf->to_file || conf->to_stdout) {
DEBUG1(" Writing to : [%s]", out->name);
}
if (limit > 0) {
DEBUG1(" Capture limit (packets) : [%d]", limit);
}
DEBUG1(" PCAP filter : [%s]", conf->pcap_filter);
DEBUG1(" RADIUS secret : [%s]", conf->radius_secret);
if (filter_vps){
DEBUG1(" RADIUS filter :");
vp_printlist(log_dst, filter_vps);
}
}
/*
* Open our interface to collectd
*/
#ifdef HAVE_COLLECTDC_H
if (conf->stats.out == RS_STATS_OUT_COLLECTD) {
size_t i;
rs_stats_tmpl_t *tmpl, **next;
if (rs_stats_collectd_open(conf) < 0) {
exit(1);
}
next = &conf->stats.tmpl;
for (i = 0; i < (sizeof(rs_useful_codes) / sizeof(*rs_useful_codes)); i++) {
tmpl = rs_stats_collectd_init_latency(conf, next, conf, "radius_pkt_ex",
&stats.exchange[rs_useful_codes[i]],
rs_useful_codes[i]);
if (!tmpl) {
goto tmpl_error;
}
next = &(tmpl->next);
tmpl = rs_stats_collectd_init_counter(conf, next, conf, "radius_pkt",
&stats.gauge.type[rs_useful_codes[i]],
rs_useful_codes[i]);
if (!tmpl) {
tmpl_error:
ERROR("Error allocating memory for stats template");
goto finish;
}
next = &(tmpl->next);
}
}
#endif
/*
* This actually opens the capture interfaces/files (we just allocated the memory earlier)
*/
{
fr_pcap_t *prev = NULL;
for (in_p = in;
in_p;
in_p = in_p->next) {
if (fr_pcap_open(in_p) < 0) {
if (!conf->from_auto) {
ERROR("Failed opening pcap handle for %s", in_p->name);
goto finish;
}
DEBUG("Failed opening pcap handle: %s", fr_strerror());
/* Unlink it from the list */
if (prev) {
prev->next = in_p->next;
talloc_free(in_p);
in_p = prev;
} else {
in = in_p->next;
talloc_free(in_p);
in_p = in;
}
goto next;
}
if (conf->pcap_filter) {
if (fr_pcap_apply_filter(in_p, conf->pcap_filter) < 0) {
ERROR("Failed applying filter");
goto finish;
}
}
next:
prev = in_p;
}
}
/*
* Open our output interface (if we have one);
*/
if (out) {
if (fr_pcap_open(out) < 0) {
ERROR("Failed opening pcap output");
goto finish;
}
}
/*
* Setup and enter the main event loop. Who needs libev when you can roll your own...
*/
{
struct timeval now;
fr_event_list_t *events;
rs_update_t update;
char *buff;
memset(&stats, 0, sizeof(stats));
memset(&update, 0, sizeof(update));
events = fr_event_list_create(conf, _rs_event_status);
if (!events) {
ERROR();
goto finish;
}
for (in_p = in;
in_p;
in_p = in_p->next) {
rs_event_t *event;
event = talloc_zero(events, rs_event_t);
event->conf = conf;
event->in = in_p;
event->out = out;
event->stats = &stats;
if (!fr_event_fd_insert(events, 0, in_p->fd, rs_got_packet, event)) {
ERROR("Failed inserting file descriptor");
goto finish;
}
}
buff = fr_pcap_device_names(conf, in, ' ');
INFO("Sniffing on (%s)", buff);
talloc_free(buff);
gettimeofday(&now, NULL);
start_pcap = now;
/*
* Insert our stats processor
*/
if (conf->stats.interval) {
update.list = events;
update.conf = conf;
update.stats = &stats;
update.in = in;
now.tv_sec += conf->stats.interval;
now.tv_usec = 0;
fr_event_insert(events, rs_stats_process, (void *) &update, &now, NULL);
}
ret = fr_event_loop(events); /* Enter the main event loop */
}
INFO("Done sniffing");
finish:
if (filter_tree) {
rbtree_free(filter_tree);
}
INFO("Exiting...");
/*
* Free all the things! This also closes all the sockets and file descriptors
*/
talloc_free(conf);
return ret;
}