static bool
restore_values(struct diag_values *data, int data_length, int fd)
{
int i;
void *delayed_rsp_id_address;
delayed_rsp_id_address = get_delayed_rsp_id_addresses();
if (!delayed_rsp_id_address) {
printf("Can't restore values because delayed_rsp_id address is unknown.\n");
return false;
}
for (i = 0; i < data_length; i++) {
data[i].value = data[i].original_value + 1;
if (!inject_value(&data[i], fd, delayed_rsp_id_address)) {
return false;
}
}
return true;
}
bool
diag_inject_with_fd(struct diag_values *data, int data_length, int fd)
{
int i;
void *delayed_rsp_id_address;
int16_t dummy_delayed_rsp_id_address = 0;
delayed_rsp_id_address = get_delayed_rsp_id_addresses();
if (!delayed_rsp_id_address) {
printf("Attempting to inject code...\n");
printf("This works only once a boot.\n");
delayed_rsp_id_address = &dummy_delayed_rsp_id_address;
}
for (i = 0; i < data_length; i++) {
if (!inject_value(&data[i], fd, delayed_rsp_id_address)) {
return false;
}
}
return true;
}
void pget(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {
char httpbuf[MAX_HTTP_SIZE]; // HTTP packet buffer
char request[MAX_REQ_SIZE]; // Buffer for extract HTTP request
char host[MAX_FIELD_SIZE]; // Buffer for extract HTTP Host
char useragent[MAX_FIELD_SIZE]; // Buffer for extract HTTP User-Agent
struct iphdr* ipheader = NULL; // Pointer to the IP header
struct tcphdr* tcpheader = NULL; // Pointer to the TCP header
char* field = NULL; // Pointer to field begin
int iphdr_size, packet_size, tcphdr_size, htpkt_size;
iphdr_size = packet_size = tcphdr_size = htpkt_size = 0;
memset(httpbuf, 0, MAX_HTTP_SIZE);
// Query buffer
char query[2048] = "INSERT INTO headers VALUES('";
// Print timestamp
/*
fprintf(stderr, "Packet captured\n");
fprintf(stderr, "Timestamp: %d.%d\n", header->ts->tv_sec, header->ts->tv_usec);
*/
// Append timestamp to query
inject_value(query, header->ts.tv_sec);
inject_value(query, header->ts.tv_usec);
// Extract IP header
ipheader = (struct iphdr *)(packet + ETH_HDR_SIZE);
iphdr_size = ipheader->ihl * 4;
packet_size = ntohs(ipheader->tot_len);
// Print IP Header fields (uncomment for debug)
/*
printf("IP header lengh: %d\n", iphdr_size);
printf("Packet size: %d\n", packet_size);
printf("TTL: %d\n", ipheader->ttl);
printf("Source IP: %s\n", inet_ntoa( *(struct in_addr *) &ipheader->saddr));
printf("Destination IP: %s\n", inet_ntoa( *(struct in_addr *) &ipheader->daddr));
*/
// Appent IP Header to query
inject_value(query, (int)iphdr_size);
inject_value(query, (int)packet_size);
inject_value(query, (int)ipheader->ttl);
inject_value(query, ntohl(ipheader->saddr));
inject_value(query, ntohl(ipheader->daddr));
// Extract TCP header
tcpheader = (struct tcphdr *)(packet + ETH_HDR_SIZE + iphdr_size);
tcphdr_size = tcpheader->doff * 4;
// Calculate HTTP packet's size
htpkt_size = packet_size - (iphdr_size + tcphdr_size);
// Print TCP Header fields (uncomment for debug)
/*
printf("TCP header lengh: %d\n", tcphdr_size);
printf("Source port: %d\n", ntohs(tcpheader->source));
printf("Destination port: %d\n", ntohs(tcpheader->dest));
printf("Flags: ");
if (tcpheader->syn)
printf("SYN ");
if (tcpheader->ack)
printf("ACK ");
if (tcpheader->fin)
printf("FYN ");
printf("\n");
printf("Window: %d\n", ntohs(tcpheader->window));
*/
// Appent IP Header to query
inject_value(query, (int)tcphdr_size);
inject_value(query, (int)ntohs(tcpheader->source));
inject_value(query, (int)ntohs(tcpheader->dest));
inject_value(query, (int)tcpheader->syn);
inject_value(query, (int)tcpheader->ack);
inject_value(query, (int)tcpheader->fin);
inject_value(query, (int)tcpheader->window);
//printf("HTTP packet size: %d\n", htpkt_size);
// Append HTTP packet lengh to query
inject_value(query, (htpkt_size));
// Extract HTTP packet
if (htpkt_size > 0) {
memset(httpbuf, 0, MAX_HTTP_SIZE);
memcpy(httpbuf, packet + ETH_HDR_SIZE + iphdr_size + tcphdr_size, htpkt_size);
// Request string
if (strstr(httpbuf, "GET") || strstr(httpbuf, "PUT")) {
memset(request, 0, MAX_FIELD_SIZE);
memccpy(request, httpbuf, '\r', MIN(MAX_REQ_SIZE,htpkt_size));
request[strlen(request) - 1] = 0;
//printf("Request string: %s", request);
strcat(query, request);
strcat(query, "', '");
}
// Host
if ( (field = strstr(httpbuf, "Host:"))) {
memset(host, 0, MAX_FIELD_SIZE);
memccpy(host, field + 6, '\r', MIN(MAX_FIELD_SIZE,htpkt_size - (field - httpbuf)));
host[strlen(host) - 1] = 0;
//printf("%s", host);
strcat(query, host);
strcat(query, "', '");
}
// User-Agent
if ( (field = strstr(httpbuf, "User-Agent:"))) {
memset(useragent, 0, MAX_FIELD_SIZE);
memccpy(useragent, field + 12, '\r', MIN(MAX_FIELD_SIZE,htpkt_size - (field - httpbuf)));
useragent[strlen(useragent) - 1] = 0;
//printf("%s", useragent);
strcat(query, useragent);
strcat(query, "');");
}
// Print HTTP packet
/*
printf("Entire HTTP packet:\n");
printf("%s\n", httpbuf);
*/
} else {
query[strlen(query) - 1] = 0;
strcat(query, "NULL, NULL, NULL);");
}
// Send INSERT query
//printf("%s\n", query);
strcat(data, query);
strcat(data, "\n");
// mysql_query(conn, query);
}
