/* returns 0 if file found, -1 if no files or negative error */
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1; /* default to no files found */
if (name)
*name = NULL;
if (ctx == NULL || path == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
#ifdef USE_WINDOWS_API
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 4);
XSTRNCAT(ctx->name, "\\*", 3);
ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData);
if (ctx->hFind == INVALID_HANDLE_VALUE) {
WOLFSSL_MSG("FindFirstFile for path verify locations failed");
return BAD_PATH_ERROR;
}
do {
if (ctx->FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 3);
XSTRNCAT(ctx->name, "\\", 2);
XSTRNCAT(ctx->name, ctx->FindFileData.cFileName, MAX_FILENAME_SZ/2);
if (name)
*name = ctx->name;
return 0;
}
} while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
#else
ctx->dir = opendir(path);
if (ctx->dir == NULL) {
WOLFSSL_MSG("opendir path verify locations failed");
return BAD_PATH_ERROR;
}
while ((ctx->entry = readdir(ctx->dir)) != NULL) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(ctx->name, "/", 1);
XSTRNCAT(ctx->name, ctx->entry->d_name, MAX_FILENAME_SZ/2);
if (stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (ctx->s.st_mode & S_IFREG) {
if (name)
*name = ctx->name;
return 0;
}
}
#endif
wc_ReadDirClose(ctx);
return ret;
}
static int build_http_request(const char* domainName, const char* path,
int ocspReqSz, byte* buf, int bufSize)
{
word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
char ocspReqSzStr[6];
domainNameLen = (word32)XSTRLEN(domainName);
pathLen = (word32)XSTRLEN(path);
ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);
completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
if (completeLen > (word32)bufSize)
return 0;
XSTRNCPY((char*)buf, "POST ", 5);
buf += 5;
XSTRNCPY((char*)buf, path, pathLen);
buf += pathLen;
XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
buf += 17;
XSTRNCPY((char*)buf, domainName, domainNameLen);
buf += domainNameLen;
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
buf += 18;
XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
buf += ocspReqSzStrLen;
XSTRNCPY((char*)buf,
"\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
return completeLen;
}
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
{
if (ocsp != NULL) {
int urlSz = (int)XSTRLEN(url);
if (urlSz < (int)sizeof(ocsp->overrideUrl)) {
XSTRNCPY(ocsp->overrideUrl, url, urlSz);
return 1;
}
}
return 0;
}
struct pdfFile *loadFile( char *fname ) {
FILE *inFile;
uint8_t inBuf[MAX_BUF_SIZE];
size_t rCount;
struct pdfFile *ptrPdf;
if ( ( ptrPdf = XMALLOC( sizeof( struct pdfFile ) ) ) EQ NULL ) {
display( LOG_ERR, "Unable to allocate memory" );
return NULL;
}
XMEMSET( ptrPdf, 0, sizeof( struct pdfFile ) );
if ( ( ptrPdf->fname = XMALLOC( MAXNAMELEN ) ) EQ NULL ) {
display( LOG_ERR, "Unable to allocate memory" );
return NULL;
}
XSTRNCPY( ptrPdf->fname, fname, MAXNAMELEN-1 );
#ifdef DEBUG
if ( config->debug >= 5 )
display( LOG_DEBUG, "Loading [%s] into RAM", ptrPdf->fname );
#endif
/* open file for read only */
if ( ( inFile = fopen( ptrPdf->fname, "ro" ) ) EQ NULL ) {
display( LOG_ERR, "Unable to open [%s] for read", ptrPdf->fname );
return NULL;
}
/* read the file into ram */
while( ( rCount = fread( inBuf, 1, sizeof( inBuf ), inFile ) ) > 0 ) {
if ( ( ptrPdf->fileBuf = XREALLOC( ptrPdf->fileBuf, ptrPdf->fileSize + rCount ) ) EQ NULL ) {
display( LOG_DEBUG, "Unable to grow file buffer" );
return NULL;
}
XMEMCPY( ptrPdf->fileBuf + ptrPdf->fileSize, inBuf, rCount );
ptrPdf->fileSize += rCount;
}
/* close file */
fclose( inFile );
#ifdef DEBUG
if ( config->debug >= 5 )
display( LOG_DEBUG, "Finished loading file into RAM" );
#endif
/* done */
return( ptrPdf );
}
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
static int IsValidCipherSuite(const char* line, char* suite)
{
int found = 0;
int valid = 0;
const char* find = "-l ";
const char* begin = strstr(line, find);
const char* end;
suite[0] = '\0';
if (begin) {
begin += 3;
end = XSTRSTR(begin, " ");
if (end) {
long len = end - begin;
if (len > MAX_SUITE_SZ) {
printf("suite too long!\n");
return 0;
}
XMEMCPY(suite, begin, len);
suite[len] = '\0';
}
else
XSTRNCPY(suite, begin, MAX_SUITE_SZ);
suite[MAX_SUITE_SZ] = '\0';
found = 1;
}
/* if QSH not enabled then do not use QSH suite */
#ifdef HAVE_QSH
if (XSTRNCMP(suite, "QSH", 3) == 0) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
!= SSL_SUCCESS)
return 0;
}
#endif
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
valid = 1;
}
return valid;
}
int parseFile( struct pdfFile *ptrPdf ) {
struct pdfObject *tmpPtr;
/* alloc base object */
if ( ( ptrPdf->head = XMALLOC( sizeof( struct pdfObject ) ) ) EQ NULL ) {
display( LOG_ERR, "Unable to allocate pdf object\n" );
return FAILED;
}
XMEMSET( ptrPdf->head, 0, sizeof( struct pdfObject ) );
ptrPdf->head->type = -1;
XSTRNCPY( outFileName, ptrPdf->fname, MAXNAMELEN );
parsePdfObj( 0, ptrPdf->fileBuf, ptrPdf->fileSize, PDF_TYPE_NONE, ptrPdf->head );
showPdfObjects( ptrPdf->head );
/* cleanup object tree */
while ( ptrPdf->head != NULL ) {
if ( ptrPdf->head->child != NULL ) {
/* descend */
ptrPdf->head = ptrPdf->head->child;
} else if ( ptrPdf->head->next != NULL ) {
/* empty this level */
tmpPtr = ptrPdf->head;
#ifdef DEBUG
if ( config->debug >= 3 )
display( LOG_DEBUG, "Removing pdf object from memory chain [%s]", typeStrings[tmpPtr->type] );
#endif
ptrPdf->head = ptrPdf->head->next;
XFREE( tmpPtr );
} else if ( ptrPdf->head->parent != NULL ) {
/* ascend, removing the child */
tmpPtr = ptrPdf->head;
#ifdef DEBUG
if ( config->debug >= 3 )
display( LOG_DEBUG, "Removing child pdf object from memory chain [%s]", typeStrings[tmpPtr->type] );
#endif
ptrPdf->head->parent->child = NULL;
ptrPdf->head = ptrPdf->head->parent;
XFREE( tmpPtr );
} else {
/* at the root, time to stop */
ptrPdf->head = NULL;
}
}
}
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
#ifdef WOLFSSL_SMALL_STACK
char* name;
#else
char name[MAX_FILENAME_SZ];
#endif
WOLFSSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
WOLFSSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL)
return MEMORY_E;
#endif
while ( (entry = readdir(dir)) != NULL) {
struct stat s;
XMEMSET(name, 0, MAX_FILENAME_SZ);
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
WOLFSSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (XSTRSTR(entry->d_name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (XSTRSTR(entry->d_name, ".der") == NULL &&
XSTRSTR(entry->d_name, ".crl") == NULL) {
WOLFSSL_MSG("not .der or .crl file, skipping");
continue;
}
}
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
WOLFSSL_MSG("CRL file load failed, continuing");
}
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (monitor & WOLFSSL_CRL_MONITOR) {
word32 pathLen;
char* pathBuf;
WOLFSSL_MSG("monitor path requested");
pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) {
XSTRNCPY(pathBuf, path, pathLen);
pathBuf[pathLen] = '\0'; /* Null Terminate */
if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = pathBuf;
crl->monitors[0].type = SSL_FILETYPE_PEM;
} else {
crl->monitors[1].path = pathBuf;
crl->monitors[1].type = SSL_FILETYPE_ASN1;
}
if (monitor & WOLFSSL_CRL_START_MON) {
WOLFSSL_MSG("start monitoring requested");
ret = StartMonitorCRL(crl);
}
}
else {
ret = MEMORY_E;
}
}
closedir(dir);
return ret;
}
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
CYASSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
CYASSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
while ( (entry = readdir(dir)) != NULL) {
char name[MAX_FILENAME_SZ];
struct stat s;
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
CYASSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
CYASSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
CYASSL_MSG("not .der or .crl file, skipping");
continue;
}
}
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
CYASSL_MSG("CRL file load failed, continuing");
}
}
}
if (monitor & CYASSL_CRL_MONITOR) {
CYASSL_MSG("monitor path requested");
if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = strdup(path);
crl->monitors[0].type = SSL_FILETYPE_PEM;
if (crl->monitors[0].path == NULL)
ret = MEMORY_E;
} else {
crl->monitors[1].path = strdup(path);
crl->monitors[1].type = SSL_FILETYPE_ASN1;
if (crl->monitors[1].path == NULL)
ret = MEMORY_E;
}
if (monitor & CYASSL_CRL_START_MON) {
CYASSL_MSG("start monitoring requested");
ret = StartMonitorCRL(crl);
}
}
closedir(dir);
return ret;
}
void wc_ErrorString(int error, char* buffer)
{
XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
}
int main(int argc, char *argv[]) {
PRIVATE int pid = 0;
PRIVATE int c = 0, i = 0, fds = 0, status = 0;
int digit_optind = 0;
PRIVATE struct passwd *pwd_ent;
PRIVATE struct group *grp_ent;
PRIVATE char **ptr;
char *tmp_ptr = NULL;
char *pid_file = NULL;
char *user = NULL;
char *group = NULL;
#ifdef LINUX
struct rlimit rlim;
getrlimit( RLIMIT_CORE, &rlim );
#ifdef DEBUG
rlim.rlim_cur = rlim.rlim_max;
printf( "DEBUG - RLIMIT_CORE: %ld\n", rlim.rlim_cur );
#else
rlim.rlim_cur = 0;
#endif
setrlimit( RLIMIT_CORE, &rlim );
#endif
/* setup config */
config = ( Config_t * )XMALLOC( sizeof( Config_t ) );
XMEMSET( config, 0, sizeof( Config_t ) );
/* get real uid and gid, we may want to drop privs */
config->gid = getgid();
config->uid = getuid();
while (1) {
int this_option_optind = optind ? optind : 1;
#ifdef HAVE_GETOPT_LONG
int option_index = 0;
static struct option long_options[] = {
{"atime", no_argument, 0, 'a' },
{"debug", required_argument, 0, 'd' },
{"exdir", required_argument, 0, 'e' },
{"exfile", required_argument, 0, 'E' },
{"help", no_argument, 0, 'h' },
{"md5", no_argument, 0, 'm' },
{"preserve", no_argument, 0, 'p' },
{"quick", no_argument, 0, 'q' },
{"sha256", no_argument, 0, 's' },
{"version", no_argument, 0, 'v' },
{"write", required_argument, 0, 'w' },
{0, no_argument, 0, 0}
};
c = getopt_long(argc, argv, "ad:e:E:hmpqsvw:", long_options, &option_index);
#else
c = getopt( argc, argv, "ad:e:E:hmpqsvw:" );
#endif
if (c EQ -1)
break;
switch (c) {
case 'a':
/* enable atime change reporting */
config->show_atime = TRUE;
case 'p':
if ( config->uid != 0 ) {
fprintf( stderr, "ERR - Insufficient priviledges to preserve ATIME, aborting\n" );
print_help();
return( EXIT_FAILURE );
}
config->preserve_atime = TRUE;
break;
case 'd':
/* show debig info */
config->debug = atoi( optarg );
config->mode = MODE_INTERACTIVE;
break;
case 'e':
/* exclude a specific directory from the diff */
if ( ( config->exclusions = (char **)XMALLOC( sizeof( char * ) * 2 ) ) EQ NULL ) {
fprintf( stderr, "ERR - Unable to allocate memory for exclusion list\n" );
return( EXIT_FAILURE );
}
if ( ( config->exclusions[0] = XMALLOC( MAXPATHLEN + 1 ) ) EQ NULL ) {
fprintf( stderr, "ERR - Unable to allocate memory for exclusion list\n" );
XFREE( config->exclusions );
return( EXIT_FAILURE );
}
if ( optarg[0] != '/' ) {
config->exclusions[0][0] = '/';
XSTRNCPY( config->exclusions[0]+1, optarg, MAXPATHLEN - 1 );
} else
XSTRNCPY( config->exclusions[0], optarg, MAXPATHLEN );
config->exclusions[1] = 0;
break;
case 'E':
/* exclude a list of directories in the specific file */
//if ( loadExclusions( optarg ) != TRUE )
// return( EXIT_FAILURE );
//break;
fprintf( stderr, "ERR - Feature not currently supported\n" );
print_help();
return( EXIT_SUCCESS );
case 'h':
/* show help info */
print_help();
return( EXIT_SUCCESS );
case 'm':
/* md5 hash files */
config->hash = TRUE;
config->md5_hash = TRUE;
config->digest_size = 16;
config->sha256_hash = FALSE;
break;
case 'q':
/* do quick checks only */
config->quick = TRUE;
break;
case 's':
/* sha256 hash files */
config->hash = TRUE;
config->sha256_hash = TRUE;
config->digest_size = 32;
config->md5_hash = FALSE;
break;
case 'v':
/* show the version */
print_version();
return( EXIT_SUCCESS );
case 'w':
/* define the dir to store logs in */
if ( ( config->outfile = ( char * )XMALLOC( MAXPATHLEN + 1 ) ) EQ NULL ) {
/* XXX problem */
}
XMEMSET( config->outfile, 0, MAXPATHLEN + 1 );
XSTRNCPY( config->outfile, optarg, MAXPATHLEN );
break;
default:
fprintf( stderr, "Unknown option code [0%o]\n", c);
}
}
/* turn off quick mode if hash mode is enabled */
if ( config->hash )
config->quick = FALSE;
/* check dirs and files for danger */
if ( time( &config->current_time ) EQ -1 ) {
fprintf( stderr, "ERR - Unable to get current time\n" );
/* cleanup buffers */
cleanup();
return EXIT_FAILURE;
}
/* initialize program wide config options */
config->hostname = (char *)XMALLOC( MAXHOSTNAMELEN+1 );
/* get processor hostname */
if ( gethostname( config->hostname, MAXHOSTNAMELEN ) != 0 ) {
fprintf( stderr, "Unable to get hostname\n" );
strncpy( config->hostname, "unknown", MAXHOSTNAMELEN );
}
/* setup gracefull shutdown */
signal( SIGINT, sigint_handler );
signal( SIGTERM, sigterm_handler );
signal( SIGFPE, sigfpe_handler );
signal( SIGILL, sigill_handler );
signal( SIGSEGV, sigsegv_handler );
#ifndef MINGW
signal( SIGHUP, sighup_handler );
signal( SIGBUS, sigbus_handler );
#endif
/****
*
* lets get this party started
*
****/
show_info();
if ( ( baseDir = (char *)XMALLOC( PATH_MAX ) ) EQ NULL ) {
fprintf( stderr, "ERR - Unable to allocate memory for baseDir string\n" );
cleanup();
return( EXIT_FAILURE );
}
if ( ( compDir = (char *)XMALLOC( PATH_MAX ) ) EQ NULL ) {
fprintf( stderr, "ERR - Unable to allocate memory for compDir string\n" );
cleanup();
return( EXIT_FAILURE );
}
compDirHash = initHash( 52 );
while (optind < argc ) {
if ( ( compDirLen = strlen( argv[optind] ) ) >= PATH_MAX ) {
fprintf( stderr, "ERR - Argument too long\n" );
if ( baseDirHash != NULL )
freeHash( baseDirHash );
freeHash( compDirHash );
cleanup();
return( EXIT_FAILURE );
} else {
strncpy( compDir, argv[optind++], PATH_MAX-1 );
/* process directory tree */
if ( processDir( compDir ) EQ FAILED ) {
if ( baseDirHash != NULL )
freeHash( baseDirHash );
freeHash( compDirHash );
cleanup();
return( EXIT_FAILURE );
}
if ( baseDirHash != NULL ) {
/* compare the old tree to the new tree to find missing files */
if ( traverseHash( baseDirHash, findMissingFiles ) != TRUE ) {
freeHash( baseDirHash );
freeHash( compDirHash );
cleanup();
return( EXIT_FAILURE );
}
}
/* Prep for next dir to compare */
if ( baseDirHash != NULL )
freeHash( baseDirHash );
baseDirHash = compDirHash;
compDirHash = initHash( getHashSize( baseDirHash ) );
baseDirLen = compDirLen;
strncpy( baseDir, compDir, compDirLen );
}
}
if ( baseDirHash != NULL )
freeHash( baseDirHash );
if ( compDirHash != NULL )
freeHash( compDirHash );
/****
*
* we are done
*
****/
cleanup();
return( EXIT_SUCCESS );
}
void CTaoCryptErrorString(int error, char* buffer)
{
XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ);
}
static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
{
struct sockaddr_storage addr;
int sockaddr_len = sizeof(struct sockaddr_in);
XMEMSET(&addr, 0, sizeof(addr));
#ifdef HAVE_GETADDRINFO
{
struct addrinfo hints;
struct addrinfo* answer = NULL;
char strPort[6];
XMEMSET(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
if (Word16ToString(strPort, port) == 0) {
CYASSL_MSG("invalid port number for OCSP responder");
return -1;
}
if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
CYASSL_MSG("no addr info for OCSP responder");
return -1;
}
sockaddr_len = answer->ai_addrlen;
XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
freeaddrinfo(answer);
}
#else /* HAVE_GETADDRINFO */
{
struct hostent* entry = gethostbyname(ip);
struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
if (entry) {
sin->sin_family = AF_INET;
sin->sin_port = htons(port);
XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
entry->h_length);
}
else {
CYASSL_MSG("no addr info for OCSP responder");
return -1;
}
}
#endif /* HAVE_GETADDRINFO */
*sockfd = socket(addr.ss_family, SOCK_STREAM, 0);
#ifdef USE_WINDOWS_API
if (*sockfd == INVALID_SOCKET) {
#else /* USE_WINDOWS_API */
if (*sockfd < 0) {
#endif /* USE_WINDOWS_API */
CYASSL_MSG("bad socket fd, out of fds?");
return -1;
}
if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) {
CYASSL_MSG("OCSP responder tcp connect failed");
return -1;
}
return 0;
}
static int build_http_request(const char* domainName, const char* path,
int ocspReqSz, byte* buf, int bufSize)
{
word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
char ocspReqSzStr[6];
domainNameLen = (word32)XSTRLEN(domainName);
pathLen = (word32)XSTRLEN(path);
ocspReqSzStrLen = Word16ToString(ocspReqSzStr, ocspReqSz);
completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
if (completeLen > (word32)bufSize)
return 0;
XSTRNCPY((char*)buf, "POST ", 5);
buf += 5;
XSTRNCPY((char*)buf, path, pathLen);
buf += pathLen;
XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
buf += 17;
XSTRNCPY((char*)buf, domainName, domainNameLen);
buf += domainNameLen;
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
buf += 18;
XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
buf += ocspReqSzStrLen;
XSTRNCPY((char*)buf,
"\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
return completeLen;
}
int wolfsslSetup(int argc, char** argv, char action)
{
char outNameE[256]; /* default outFile for encrypt */
char outNameD[256]; /* default outfile for decrypt */
char inName[256]; /* name of the in File if not provided */
char* name = NULL; /* string of algorithm, mode, keysize */
char* alg = NULL; /* algorithm from name */
char* mode = NULL; /* mode from name */
char* out = outNameE; /* default output file name */
char* in = inName; /* default in data */
byte* pwdKey = NULL; /* password for generating pwdKey */
byte* key = NULL; /* user set key NOT PWDBASED */
byte* iv = NULL; /* iv for initial encryption */
int size = 0; /* keysize from name */
int ret = 0; /* return variable */
int block = 0; /* block size based on algorithm */
int pwdKeyChk = 0; /* if a pwdKey has been provided */
int ivCheck = 0; /* if the user sets the IV explicitly */
int keyCheck = 0; /* if ivCheck is 1 this should be set also */
int inCheck = 0; /* if input has been provided */
int outCheck = 0; /* if output has been provided */
int i = 0; /* loop counter */
int eCheck = 0; /* if user is encrypting data */
int dCheck = 0; /* if user is decrypting data */
int inputHex = 0; /* if user is encrypting hexidecimal stuff */
int keyType = 0; /* tells Decrypt which key it will be using
* 1 = password based key, 2 = user set key
*/
word32 ivSize = 0; /* IV if provided should be 2*block */
word32 numBits = 0; /* number of bits in argument from the user */
if (action == 'e')
eCheck = 1;
if (action == 'd')
dCheck = 1;
for (i = 2; i < argc; i++) {
if (strcmp(argv[i], "-help") == 0) {
if (eCheck == 1) {
/*wolfsslEncryptHelp*/
wolfsslEncryptHelp();
return 0;
} else {
/*wolfsslDecryptHelp*/
wolfsslDecryptHelp();
return 0;
}
}
}
name = argv[2];
/* gets blocksize, algorithm, mode, and key size from name argument */
block = wolfsslGetAlgo(name, &alg, &mode, &size);
if (block != FATAL_ERROR) {
pwdKey = (byte*) malloc(size);
iv = (byte*) malloc(block);
key = (byte*) malloc(size);
/* Start at the third flag entered */
i = 3;
do {
if (argv[i] == NULL){
break;
}
else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) {
/* output file */
out = argv[i+1];
outCheck = 1;
i+=2;
/* it is mandatory that this be set last */
continue;
}
else if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) {
/* input file/text */
in = argv[i+1];
inCheck = 1;
/* continue while out check not equal 1 */
i+=2;
continue;
}
else if (strcmp(argv[i], "-p") == 0 && argv[i+1] != NULL) {
/* password pwdKey */
XMEMCPY(pwdKey, argv[i+1], size);
pwdKeyChk = 1;
keyType = 1;
i+=2;
continue;
}
else if (strcmp(argv[i], "-x") == 0) {
/* using hexidecimal format */
inputHex = 1;
i++;
continue;
}
else if (strcmp(argv[i], "-V") == 0 && argv[i+1] != NULL) {
/* iv for encryption */
if (pwdKeyChk == 1) {
printf("Invalid option, attempting to use IV with password"
" based key.");
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
ivSize = block*2;
if (strlen(argv[i+1]) != ivSize) {
printf("Invalid IV. Must match algorithm block size.\n");
printf("Invalid IV size was: %d.\n",
(int) strlen(argv[i+1]));
printf("size of IV expected was: %d.\n", ivSize);
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
else {
char ivString[strlen(argv[i+1])];
XSTRNCPY(ivString, argv[i+1], XSTRLEN(argv[i+1]));
ret = wolfsslHexToBin(ivString, &iv, &ivSize,
NULL, NULL, NULL,
NULL, NULL, NULL,
NULL, NULL, NULL);
if (ret != 0) {
printf("failed during conversion of IV, ret = %d\n",
ret);
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return -1;
}
ivCheck = 1;
i+=2;
continue;
}
}
else if (strcmp(argv[i], "-K") == 0 && argv[i+1] != NULL) {
/* 2 characters = 1 byte. 1 byte = 8 bits
* number of characters / 2 = bytes
* bytes * 8 = bits
*/
numBits = (int) (strlen(argv[i+1]) / 2 ) * 8;
/* Key for encryption */
if ((int)numBits != size) {
printf("Length of key provided was: %d.\n", numBits);
printf("Length of key expected was: %d.\n", size);
printf("Invalid Key. Must match algorithm key size.\n");
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
else {
char keyString[strlen(argv[i+1])];
XSTRNCPY(keyString, argv[i+1], XSTRLEN(argv[i+1]));
ret = wolfsslHexToBin(keyString, &key, &numBits,
NULL, NULL, NULL,
NULL, NULL, NULL,
NULL, NULL, NULL);
if (ret != 0) {
printf("failed during conversion of Key, ret = %d\n",
ret);
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return -1;
}
keyCheck = 1;
keyType = 2;
i+=2;
continue;
}
}
else {
i++; continue;
}
}while(i < 15);
if (pwdKeyChk == 0 && keyCheck == 0) {
if (dCheck == 1) {
printf("\nDECRYPT ERROR:\n");
printf("Please type \"wolfssl -d -help\" for decryption usage."
"\n\n");
return 0;
}
/* if no pwdKey is provided */
else {
printf("No -p flag set, please enter a password to use for"
" encrypting.\n");
printf("Write your password down so you don't forget it.\n");
ret = wolfsslNoEcho((char*)pwdKey, size);
pwdKeyChk = 1;
}
}
if (inCheck == 0 && eCheck == 1) {
ret = 0;
while (ret == 0) {
printf("-i flag was not set, please enter a string or\n"
"file name to be encrypted: ");
ret = (int) scanf("%s", inName);
}
in = inName;
/* if no input is provided */
printf("Ok, We will encrypt:\"%s\" for you.\n", inName);
inCheck = 1;
}
if (eCheck == 1 && dCheck == 1) {
printf("You want to encrypt and decrypt simultaneously? That is"
"not possible...\n");
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
if (inCheck == 0 && dCheck == 1) {
printf("We are so sorry but you must specify what it is you are "
"trying to decrypt.\n");
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
if (ivCheck == 1) {
if (keyCheck == 0) {
printf("IV was explicitly set, but no -K <key> was set. User\n"
" needs to provide a non-password based key when setting"
" the IV.\n");
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
return FATAL_ERROR;
}
}
if (pwdKeyChk == 1 && keyCheck == 1) {
XMEMSET(pwdKey, 0, size);
}
/* encryption function call */
if (eCheck == 1) {
printf("\n");
if (outCheck == 0) {
ret = 0;
while (ret == 0) {
printf("Please enter a name for the output file: ");
ret = (int) scanf("%s", outNameE);
out = (ret > 0) ? outNameE : '\0';
}
}
ret = wolfsslEncrypt(alg, mode, pwdKey, key, size, in, out,
iv, block, ivCheck, inputHex);
}
/* decryption function call */
else if (dCheck == 1) {
if (outCheck == 0) {
ret = 0;
while (ret == 0) {
printf("Please enter a name for the output file: ");
ret = (int) scanf("%s", outNameD);
out = (ret > 0) ? outNameD : '\0';
}
}
ret = wolfsslDecrypt(alg, mode, pwdKey, key, size, in, out,
iv, block, keyType);
}
else {
wolfsslHelp();
}
/* clear and free data */
XMEMSET(key, 0, size);
XMEMSET(pwdKey, 0, size);
XMEMSET(iv, 0, block);
wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
}
else
ret = FATAL_ERROR;
return ret;
}
/*
* hash argument function
*/
int wolfsslHashSetup(int argc, char** argv)
{
int ret = 0; /* return variable, counter */
int i = 0; /* loop variable */
char* in; /* input variable */
char* out = NULL; /* output variable */
const char* algs[] = { /* list of acceptable algorithms */
#ifndef NO_MD5
"md5"
#endif
#ifndef NO_SHA
, "sha"
#endif
#ifndef NO_SHA256
, "sha256"
#endif
#ifdef WOLFSSL_SHA384
, "sha384"
#endif
#ifdef WOLFSSL_SHA512
, "sha512"
#endif
#ifdef HAVE_BLAKE2
, "blake2b"
#endif
};
char* alg; /* algorithm being used */
int algCheck= 0; /* acceptable algorithm check */
int inCheck = 0; /* input check */
int size = 0; /* message digest size */
#ifdef HAVE_BLAKE2
size = BLAKE_DIGEST_SIZE;
#endif
/* help checking */
if (argc == 2) {
wolfsslHashHelp();
return 0;
}
for (i = 2; i < argc; i++) {
if (strcmp(argv[i], "-help") == 0) {
wolfsslHashHelp();
return 0;
}
}
for (i = 0; i < (int) sizeof(algs)/(int) sizeof(algs[0]); i++) {
/* checks for acceptable algorithms */
if (strcmp(argv[2], algs[i]) == 0) {
alg = argv[2];
algCheck = 1;
}
}
if (algCheck == 0) {
printf("Invalid algorithm\n");
return FATAL_ERROR;
}
for (i = 3; i < argc; i++) {
if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) {
/* input file/text */
in = malloc(strlen(argv[i+1])+1);
XSTRNCPY(in, &argv[i+1][0], XSTRLEN(&argv[i+1][0]));
in[strlen(argv[i+1])] = '\0';
inCheck = 1;
i++;
}
else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) {
/* output file */
out = argv[i+1];
i++;
}
else if (strcmp(argv[i], "-s") == 0 && argv[i+1] != NULL) {
/* size of output */
#ifndef HAVE_BLAKE2
printf("Sorry, only to be used with Blake2b enabled\n");
#else
size = atoi(argv[i+1]);
if (size <= 0 || size > 64) {
printf("Invalid size, Must be between 1-64. Using default.\n");
size = BLAKE_DIGEST_SIZE;
}
#endif
i++;
}
else {
printf("Unknown argument %s. Ignoring\n", argv[i]);
}
}
if (inCheck == 0) {
printf("Must have input as either a file or standard I/O\n");
return FATAL_ERROR;
}
/* sets default size of algorithm */
#ifndef NO_MD5
if (strcmp(alg, "md5") == 0)
size = MD5_DIGEST_SIZE;
#endif
#ifndef NO_SHA
if (strcmp(alg, "sha") == 0)
size = SHA_DIGEST_SIZE;
#endif
#ifndef NO_SHA256
if (strcmp(alg, "sha256") == 0)
size = SHA256_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
if (strcmp(alg, "sha384") == 0)
size = SHA384_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA512
if (strcmp(alg, "sha512") == 0)
size = SHA512_DIGEST_SIZE;
#endif
/* hashing function */
wolfsslHash(in, out, alg, size);
free(in);
return ret;
}
void CTaoCryptErrorString(int error, char* buffer)
{
const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */
#ifdef NO_ERROR_STRINGS
(void)error;
XSTRNCPY(buffer, "no support for error strings built in", max);
#else
switch (error) {
case OPEN_RAN_E :
XSTRNCPY(buffer, "opening random device error", max);
break;
case READ_RAN_E :
XSTRNCPY(buffer, "reading random device error", max);
break;
case WINCRYPT_E :
XSTRNCPY(buffer, "windows crypt init error", max);
break;
case CRYPTGEN_E :
XSTRNCPY(buffer, "windows crypt generation error", max);
break;
case RAN_BLOCK_E :
XSTRNCPY(buffer, "random device read would block error", max);
break;
case BAD_MUTEX_E :
XSTRNCPY(buffer, "Bad mutex, operation failed", max);
break;
case MP_INIT_E :
XSTRNCPY(buffer, "mp_init error state", max);
break;
case MP_READ_E :
XSTRNCPY(buffer, "mp_read error state", max);
break;
case MP_EXPTMOD_E :
XSTRNCPY(buffer, "mp_exptmod error state", max);
break;
case MP_TO_E :
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
break;
case MP_SUB_E :
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
break;
case MP_ADD_E :
XSTRNCPY(buffer, "mp_add error state, can't add", max);
break;
case MP_MUL_E :
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
break;
case MP_MULMOD_E :
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
break;
case MP_MOD_E :
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
break;
case MP_INVMOD_E :
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
break;
case MP_CMP_E :
XSTRNCPY(buffer, "mp_cmp error state", max);
break;
case MP_ZERO_E :
XSTRNCPY(buffer, "mp zero result, not expected", max);
break;
case MEMORY_E :
XSTRNCPY(buffer, "out of memory error", max);
break;
case RSA_WRONG_TYPE_E :
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
break;
case RSA_BUFFER_E :
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
max);
break;
case BUFFER_E :
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
break;
case ALGO_ID_E :
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
break;
case PUBLIC_KEY_E :
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
break;
case DATE_E :
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
break;
case SUBJECT_E :
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
break;
case ISSUER_E :
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break;
case CA_TRUE_E :
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
case EXTENSIONS_E :
XSTRNCPY(buffer, "Setting extensions error", max);
break;
case ASN_PARSE_E :
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break;
case ASN_VERSION_E :
XSTRNCPY(buffer, "ASN version error, invalid number", max);
break;
case ASN_GETINT_E :
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
break;
case ASN_RSA_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_OBJECT_ID_E :
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
break;
case ASN_TAG_NULL_E :
XSTRNCPY(buffer, "ASN tag error, not null", max);
break;
case ASN_EXPECT_0_E :
XSTRNCPY(buffer, "ASN expect error, not zero", max);
break;
case ASN_BITSTR_E :
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
break;
case ASN_UNKNOWN_OID_E :
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
break;
case ASN_DATE_SZ_E :
XSTRNCPY(buffer, "ASN date error, bad size", max);
break;
case ASN_BEFORE_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date before", max);
break;
case ASN_AFTER_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date after", max);
break;
case ASN_SIG_OID_E :
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
break;
case ASN_TIME_E :
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
break;
case ASN_INPUT_E :
XSTRNCPY(buffer, "ASN input error, not enough data", max);
break;
case ASN_SIG_CONFIRM_E :
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
break;
case ASN_SIG_HASH_E :
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
break;
case ASN_SIG_KEY_E :
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
break;
case ASN_DH_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_NTRU_KEY_E :
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
break;
case ECC_BAD_ARG_E :
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
break;
case ASN_ECC_KEY_E :
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
break;
case ECC_CURVE_OID_E :
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
break;
case BAD_FUNC_ARG :
XSTRNCPY(buffer, "Bad function argument", max);
break;
case NOT_COMPILED_IN :
XSTRNCPY(buffer, "Feature not compiled in", max);
break;
case UNICODE_SIZE_E :
XSTRNCPY(buffer, "Unicode password too big", max);
break;
case NO_PASSWORD :
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
case AES_GCM_AUTH_E:
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
break;
case AES_CCM_AUTH_E:
XSTRNCPY(buffer, "AES-CCM Authentication check fail", max);
break;
case CAVIUM_INIT_E:
XSTRNCPY(buffer, "Cavium Init type error", max);
break;
case COMPRESS_INIT_E:
XSTRNCPY(buffer, "Compress Init error", max);
break;
case COMPRESS_E:
XSTRNCPY(buffer, "Compress error", max);
break;
case DECOMPRESS_INIT_E:
XSTRNCPY(buffer, "DeCompress Init error", max);
break;
case DECOMPRESS_E:
XSTRNCPY(buffer, "DeCompress error", max);
break;
case BAD_ALIGN_E:
XSTRNCPY(buffer, "Bad alignment error, no alloc help", max);
break;
case ASN_NO_SIGNER_E :
XSTRNCPY(buffer, "ASN no signer error to confirm failure", max);
break;
case ASN_CRL_CONFIRM_E :
XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max);
break;
case ASN_CRL_NO_SIGNER_E :
XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max);
break;
case ASN_OCSP_CONFIRM_E :
XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max);
break;
case BAD_ENC_STATE_E:
XSTRNCPY(buffer, "Bad ecc encrypt state operation", max);
break;
case BAD_PADDING_E:
XSTRNCPY(buffer, "Bad padding, message wrong length", max);
break;
case REQ_ATTRIBUTE_E:
XSTRNCPY(buffer, "Setting cert request attributes error", max);
break;
case PKCS7_OID_E:
XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max);
break;
case PKCS7_RECIP_E:
XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max);
break;
default:
XSTRNCPY(buffer, "unknown error number", max);
}
#endif /* NO_ERROR_STRINGS */
}
void dl_ethernet( u_char *args, const struct pcap_pkthdr *header, const u_char *packet ) {
const struct ether_header *ethernet_ptr;
const char *payload;
const char *tmp_ptr;
const int size_ethernet = sizeof( struct ether_header );
PRIVATE int bytes_sent;
/* this is easier to read */
PRIVATE char s_eth_addr_str[(ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN];
PRIVATE char d_eth_addr_str[(ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN];
/* libnet uses this format */
PRIVATE u_char s_eth_addr[ETHER_ADDR_LEN];
PRIVATE u_char d_eth_addr[ETHER_ADDR_LEN];
PRIVATE struct tm pkt_time;
PRIVATE int payload_size;
/* pre-allocated traffic record */
PRIVATE struct trafficRecord tr;
PRIVATE struct trafficRecord *tr_tmp;
PRIVATE struct tcpFlow *tf_ptr;
#ifdef DEBUG
if ( config->debug >= 4 ) {
display( LOG_DEBUG, "Packet of length [%d - %d]", header->caplen, header->len );
}
#endif
/* proto decode */
ethernet_ptr = (struct ether_header*)(packet);
/* convert packet time into something usable */
localtime_r((const time_t*)&header->ts.tv_sec, &pkt_time);
#ifdef DEBUG
if ( config->debug >= 5 ) {
display( LOG_DEBUG, "Received at [%04d/%02d/%02d %02d:%02d:%02d.%06d]",
pkt_time.tm_year+1900,
pkt_time.tm_mon+1,
pkt_time.tm_mday,
pkt_time.tm_hour,
pkt_time.tm_min,
pkt_time.tm_sec,
header->ts.tv_usec );
}
/* ether_ntoa issue */
XSTRNCPY( s_eth_addr_str, ether_ntoa((struct ether_addr *)ethernet_ptr->ether_shost), ((ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN)-1 );
XSTRNCPY( d_eth_addr_str, ether_ntoa((struct ether_addr *)ethernet_ptr->ether_dhost), ((ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN)-1 );
/* parse ether source/dest */
if ( config->debug >= 3 ) {
display( LOG_INFO, "ETHER: %s -> %s", s_eth_addr_str, d_eth_addr_str );
}
#endif
/* clear traffic report */
XMEMSET( &tr, 0, sizeof( tr ) );
XMEMCPY( &tr.wireTime, &pkt_time, sizeof( pkt_time ) );
tr.next = NULL;
tr.prev = NULL;
XMEMCPY( &tr.sMac, ethernet_ptr->ether_shost, ETHER_ADDR_LEN );
XMEMCPY( &tr.dMac, ethernet_ptr->ether_dhost, ETHER_ADDR_LEN );
tr.ethProto = ethernet_ptr->ether_type;
if (ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_IP ) { /* IP */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "ETHER: type 0x%04x is an IP packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/* process packet */
processIpPacket( header, size_ethernet, &tr, packet + size_ethernet );
/* done with the packet, fall through */
} else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_ARP ) { /* ARP */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x is an ARP packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/*
* done with packet, fall through
*/
} else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_REVARP ) { /* RARP */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x is an RARP packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/*
* done with packet, fall through
*/
} else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_PUP ) { /* PUP */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x is a Xerox PUP packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/*
* done with packet, fall through
*/
} else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_TRAIL ) { /* Trailer */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x is a trailer packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/*
* done with packet, fall through
*/
} else if ( ntohs( ethernet_ptr->ether_type ) EQ 50 ) { /* ipSec */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x is an ipSec packet", ntohs( ethernet_ptr->ether_type ) );
}
#endif
/*
* done with packet, fall through
*/
} else { /* Unknown */
#ifdef DEBUG
if ( config->debug >= 7 ) {
display( LOG_DEBUG, "Ethernet type 0x%04x unknown", ntohs( ethernet_ptr->ether_type ) );
}
#endif
}
/* XXX add a timer check and purge tcp flow linked list of dead flows */
/* cleanup, we will do nothing with this packet */
return;
}
void processUdpPacket( struct trafficRecord *tr, const u_char *packet ) {
const struct udphdr *udp_ptr;
const char *payload;
const char *tmp_ptr;
const int size_udp = sizeof( struct udphdr );
PRIVATE int bytes_sent;
PRIVATE u_int ip_hlen, ip_ver, ip_off, ip_offidx;
PRIVATE int ip_len;
PRIVATE char s_ip_addr_str[MAX_IP_ADDR_LEN+1];
PRIVATE char d_ip_addr_str[MAX_IP_ADDR_LEN+1];
PRIVATE struct in_addr addr;
PRIVATE struct tm pkt_time;
PRIVATE int payload_size;
/* pre-allocated traffic record */
PRIVATE struct trafficRecord *tr_tmp, *tmpTrPtr;
PRIVATE struct tcpFlow *tf_ptr;
time_t currentTime = time( NULL );
/* process packet */
/*
* udp decode
*/
#ifdef DEBUG
if ( config->debug >= 5 ) {
display( LOG_DEBUG, "UDP packet" );
}
#endif
/* pointers are fun */
udp_ptr = (struct udphdr*)( packet );
#ifdef BSD_DERIVED
tr->sPort = ntohs( udp_ptr->uh_sport );
tr->dPort = ntohs( udp_ptr->uh_dport );
#else
tr->sPort = ntohs( udp_ptr->source );
tr->dPort = ntohs( udp_ptr->dest );
#endif
#ifdef DEBUG
if ( config->debug >= 3 ) {
display( LOG_INFO, "UDP: S: %d D: %d", ntohs( tr->sPort ), ntohs( tr->dPort ) );
}
#endif
/*
* write to log
*/
XSTRNCPY( s_ip_addr_str, inet_ntoa( tr->sIp ), MAX_IP_ADDR_LEN );
XSTRNCPY( d_ip_addr_str, inet_ntoa( tr->dIp ), MAX_IP_ADDR_LEN );
fprintf( config->log_st, "[%04d/%02d/%02d %02d:%02d:%02d] %16s:%-5u -> %16s:%-5u UDP\n",
tr->wireTime.tm_year+1900,
tr->wireTime.tm_mon+1,
tr->wireTime.tm_mday,
tr->wireTime.tm_hour,
tr->wireTime.tm_min,
tr->wireTime.tm_sec,
s_ip_addr_str,
tr->sPort,
d_ip_addr_str,
tr->dPort
);
/*
* done with packet, fall through
*/
/* cleanup, we will do nothing with this packet */
return;
}
