int k_open(void) {
kinfo = xmalloc(sizeof(struct kainfo));
kinfo->kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL);
if (kinfo->kd == NULL) {
free(kinfo);
debug("kvm_open: %s", strerror(errno));
return (-1);
}
kinfo->nl[N_TCB].n_name = "_tcb";
#ifdef MASQ_SUPPORT
if (opt_enabled(MASQ))
kinfo->nl[N_NATLIST].n_name = "_nat_instances";
else
kinfo->nl[N_NATLIST].n_name = NULL;
#endif
kinfo->nl[N_TOTAL - 1].n_name = NULL;
if (kvm_nlist(kinfo->kd, kinfo->nl) != 0) {
kvm_close(kinfo->kd);
free(kinfo);
debug("kvm_nlist: %s", strerror(errno));
return (-1);
}
#ifdef MASQ_SUPPORT
if (kinfo->nl[N_NATLIST].n_value == 0)
disable_opt(MASQ);
#endif
return (0);
}
int k_open(void) {
kinfo = xmalloc(sizeof(struct kainfo));
kinfo->kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL);
if (kinfo->kd == NULL) {
free(kinfo);
debug("kvm_open: %s", strerror(errno));
return (-1);
}
kinfo->nl[N_TCB].n_name = "_tcbtable";
#ifdef WANT_IPV6
#if __NetBSD_Version__ >= 106250000 /* 1.6Y */
kinfo->nl[N_TCB6].n_name = "_tcbtable";
#else
kinfo->nl[N_TCB6].n_name = "_tcb6";
#endif
#else
kinfo->nl[N_TCB6].n_name = "_oidentd_nonexistent";
#endif
#ifdef MASQ_SUPPORT
if (opt_enabled(MASQ))
kinfo->nl[N_NATLIST].n_name = "_nat_instances";
else
kinfo->nl[N_NATLIST].n_name = "NULL";
#endif
kinfo->nl[N_TOTAL - 1].n_name = NULL;
if (kvm_nlist(kinfo->kd, kinfo->nl) == -1) {
kvm_close(kinfo->kd);
free(kinfo);
debug("kvm_nlist: %s", strerror(errno));
return (-1);
}
#ifdef MASQ_SUPPORT
if (kinfo->nl[N_NATLIST].n_value == 0)
disable_opt(MASQ);
#endif
return (0);
}
static struct socket *getlist4( struct inpcbtable *tcbtablep,
struct inpcbtable *ktcbtablep,
in_port_t lport,
in_port_t fport,
const struct in_addr *laddr,
const struct in_addr *faddr)
{
struct inpcb *kpcbp, pcb;
if (tcbtablep == NULL)
return (NULL);
kpcbp = (struct inpcb *) tcbtablep->inpt_queue.cqh_first;
while (kpcbp != (struct inpcb *) ktcbtablep) {
if (getbuf((u_long) kpcbp, &pcb, sizeof(struct inpcb)) == -1)
break;
if (opt_enabled(PROXY)) {
if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
pcb.inp_fport == fport &&
pcb.inp_lport == lport)
{
return (pcb.inp_socket);
}
}
if (pcb.inp_faddr.s_addr == faddr->s_addr &&
pcb.inp_laddr.s_addr == laddr->s_addr &&
pcb.inp_fport == fport &&
pcb.inp_lport == lport)
{
return (pcb.inp_socket);
}
kpcbp = (struct inpcb *) pcb.inp_queue.cqe_next;
}
return (NULL);
}
static struct socket *getlist4( struct inpcbhead *pcbhead,
in_port_t lport,
in_port_t fport,
const struct in_addr *laddr,
const struct in_addr *faddr)
{
struct inpcb *pcbp, pcb;
if (pcbhead == NULL)
return (NULL);
pcbp = pcbhead->lh_first;
while (pcbp != NULL) {
if (getbuf((u_long) pcbp, &pcb, sizeof(struct inpcb)) == -1)
break;
if (opt_enabled(PROXY)) {
if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
pcb.inp_fport == fport &&
pcb.inp_lport == lport)
{
return (pcb.inp_socket);
}
}
if (pcb.inp_faddr.s_addr == faddr->s_addr &&
pcb.inp_laddr.s_addr == laddr->s_addr &&
pcb.inp_fport == fport &&
pcb.inp_lport == lport)
{
return (pcb.inp_socket);
}
pcbp = pcb.inp_list.le_next;
}
return (NULL);
}
static struct socket *getlist( void *arg,
in_port_t lport,
in_port_t fport,
const struct sockaddr *laddr,
const struct sockaddr *faddr)
{
struct inpcb *pcbp = arg;
struct inpcb *head;
if (pcbp == NULL)
return (NULL);
head = pcbp->inp_prev;
do {
if (opt_enabled(PROXY)) {
if (SIN4(faddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
SIN4(laddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
pcbp->inp_fport == fport &&
pcbp->inp_lport == lport)
{
return (pcb.inp_socket);
}
}
if (pcbp->inp_faddr.s_addr == SIN4(faddr)->sin_addr.s_addr &&
pcbp->inp_laddr.s_addr == SIN4(laddr)->sin_addr.s_addr &&
pcbp->inp_fport == fport &&
pcbp->inp_lport == lport)
{
return (pcbp->inp_socket);
}
} while (pcbp->inp_next != head &&
getbuf((u_long) pcbp->inp_next, pcbp, sizeof(struct inpcb)) != -1);
return (NULL);
}
int masq( int sock,
in_port_t lport,
in_port_t fport,
struct sockaddr_storage *laddr,
struct sockaddr_storage *faddr)
{
nat_t *np;
nat_t nat;
char os[24];
char user[MAX_ULEN];
struct sockaddr_storage ss;
/*
** Only IPv4 is supported right now..
*/
if (faddr->ss_family != AF_INET || laddr->ss_family != AF_INET)
return (-1);
if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1)
return (-1);
for (; np != NULL ; np = nat.nat_next) {
int ret;
in_port_t masq_lport;
if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) {
debug("getbuf: %s", strerror(errno));
break;
}
if (nat.nat_p != IPPROTO_TCP)
continue;
if (lport != nat.nat_outport)
continue;
if (fport != nat.nat_oport)
continue;
if (SIN4(laddr)->sin_addr.s_addr != nat.nat_outip.s_addr)
continue;
if (SIN4(faddr)->sin_addr.s_addr != nat.nat_oip.s_addr) {
if (!opt_enabled(PROXY))
continue;
if (SIN4(faddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr)
continue;
if (SIN4(laddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr)
continue;
}
lport = ntohs(lport);
fport = ntohs(fport);
masq_lport = ntohs(nat.nat_inport);
sin_setv4(nat.nat_inip.s_addr, &ss);
if (opt_enabled(FORWARD)) {
ret = fwd_request(sock, lport, masq_lport, fport, &ss);
if (ret == 0)
return (0);
else {
char ipbuf[MAX_IPLEN];
get_ip(&ss, ipbuf, sizeof(ipbuf));
debug("Forward to %s (%d %d | %d %d) failed",
ipbuf, lport, fport, nat.nat_inport, nat.nat_outport);
}
}
ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os));
if (ret == 0) {
char ipbuf[MAX_IPLEN];
sockprintf(sock, "%d , %d : USERID : %s : %s\r\n",
lport, fport, os, user);
get_ip(faddr, ipbuf, sizeof(ipbuf));
o_log(NORMAL,
"[%s] (NAT) Successful lookup: %d , %d : %s",
ipbuf, lport, fport, user);
return (0);
}
}
return (-1);
}
static struct socket *getlist( void *arg,
in_port_t lport,
in_port_t fport,
const struct sockaddr *local,
const struct sockaddr *remote)
{
struct inpcb *head, pcbp;
struct inpcbhead *pcbhead = arg;
char *faddr, *laddr, *pfaddr, *pladdr;
int alen;
if (remote->sa_family != local->sa_family)
return (NULL);
switch (remote->sa_family) {
case AF_INET:
faddr = (char *)&SIN4(remote)->sin_addr;
laddr = (char *)&SIN4(local)->sin_addr;
break;
case AF_INET6:
faddr = (char *)&SIN6(remote)->sin6_addr;
laddr = (char *)&SIN6(local)->sin6_addr;
break;
default:
return (NULL);
}
head = pcbhead->lh_first;
if (head == NULL)
return (NULL);
do {
if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
break;
if (opt_enabled(PROXY) && remote->sa_family == AF_INET) {
if (SIN4(remote)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
SIN4(local)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
return (pcbp.inp_socket);
}
}
if (remote->sa_family == AF_INET)
{
pfaddr = (char *)&pcbp.inp_faddr;
pladdr = (char *)&pcbp.inp_laddr;
alen = sizeof(struct in_addr);
}
else if (remote->sa_family == AF_INET6)
{
pfaddr = (char *)&pcbp.in6p_faddr;
pladdr = (char *)&pcbp.in6p_laddr;
alen = sizeof(struct in6_addr);
}
else
continue;
if (memcmp(pfaddr, faddr, alen) == 0 &&
memcmp(pladdr, laddr, alen) == 0 &&
pcbp.inp_fport == fport &&
pcbp.inp_lport == lport)
{
return (pcbp.inp_socket);
}
head = pcbp.inp_list.le_next;
} while (head != NULL);
return (NULL);
}
void check_options(void) {
if (!opt_enabled(LOG_TCP | LOG_UDP | LOG_ICMP))
fatal("Told not to log anything. Exiting.");
if (opt_enabled(PROMISC) && opt_enabled(GET_IDENT))
fatal("The promisc and get_ident flags are not compatible.");
if (opt_enabled(NO_RESOLV))
flags &= ~(TCP_RES | UDP_RES | ICMP_RES);
else if (!(flags & (TCP_RES | UDP_RES | ICMP_RES)))
flags |= NO_RESOLV;
if (!opt_enabled(TCP_RES))
flags &= ~SYN_FLOOD;
if (opt_enabled(DNS_CACHE) && opt_enabled(NO_RESOLV))
flags ^= DNS_CACHE;
if (opt_enabled(SMURF) && !opt_enabled(LOG_ICMP | LOG_UDP))
flags ^= SMURF;
if (!opt_enabled(LOG_TCP))
flags &= ~(PORTSCAN | NULL_SCAN | FIN_SCAN | XMAS_SCAN);
if (!opt_enabled(LOG_ICMP))
flags &= ~PING_FLOOD;
if (!opt_enabled(LOG_UDP))
flags &= ~(UDP_SCAN | IGNORE_NS);
if (opt_enabled(FOOL_NMAP) && get_raw_sock() == false)
flags ^= FOOL_NMAP;
}
void get_options(int argc, char *const argv[]) {
extern u_char *logfile, *lockfile, *user, *group, *ifstring;
int opt;
while ((opt = getopt_long(argc, argv, opts, longopts, NULL)) != EOF) {
switch (opt) {
case 10:
enable(optarg, LOG_TCP);
break;
case 11:
enable(optarg, LOG_UDP);
break;
case 12:
enable(optarg, LOG_ICMP);
break;
case 13:
facility = get_facility(optarg);
break;
case 14:
priority = get_priority(optarg);
break;
case 15:
if (lockfile != NULL)
free(lockfile);
lockfile = xstrdup(optarg);
break;
case 'w':
enable(optarg, LOG_IP);
break;
case 'd':
flags |= IGNORE_NS;
break;
case 'u':
if (user != NULL)
free(user);
user = xstrdup(optarg);
break;
case 'g':
if (group != NULL)
free(group);
group = xstrdup(optarg);
break;
case 'k':
kill_iplog(15, lockfile);
break;
case 'l':
if (opt_enabled(LOG_STDOUT)) {
mysyslog("Warning: Overriding --stdout");
flags &= ~LOG_STDOUT;
} else if (logfile != NULL)
free(logfile);
logfile = xstrdup(optarg);
break;
case 'L':
if (logfile != NULL) {
mysyslog("Warning: Overriding --logfile");
xfree(logfile);
}
flags |= LOG_STDOUT;
break;
case 'm':
enable(optarg, SCANS_ONLY);
break;
case 'o':
flags |= NO_FORK;
break;
case 'c':
enable(optarg, DNS_CACHE);
break;
case 'y':
enable(optarg, LOG_FRAG);
break;
case 'a':
flags |= (PROMISC | LOG_DEST);
if (pcap_network != NULL)
free(pcap_network);
pcap_network = xstrdup(optarg);
break;
case 'D':
enable(optarg, LOG_DEST);
break;
case 'e':
#ifdef __linux__
enable(optarg, GET_IDENT);
#else
mysyslog("Ident lookups are only supported on Linux.");
#endif
break;
case 'T':
enable(optarg, TCP_RES);
break;
case 'U':
enable(optarg, UDP_RES);
break;
case 'V':
enable(optarg, VERBOSE);
break;
case 'I':
enable(optarg, ICMP_RES);
break;
case 'S':
enable(optarg, SMURF);
break;
case 'b':
enable(optarg, BOGUS);
break;
case 'P':
enable(optarg, PING_FLOOD);
break;
case 'p':
enable(optarg, PORTSCAN);
break;
case 'x':
enable(optarg, XMAS_SCAN);
break;
case 'f':
enable(optarg, FIN_SCAN);
break;
case 'q':
enable(optarg, SYN_SCAN);
break;
case 'F':
enable(optarg, UDP_SCAN);
break;
case 'N':
flags |= NO_RESOLV;
break;
case 'n':
enable(optarg, NULL_SCAN);
break;
case 's':
enable(optarg, SYN_FLOOD);
break;
case 't':
enable(optarg, TRACEROUTE);
break;
case 'i':
if (ifstring != NULL)
free(ifstring);
ifstring = xstrdup(optarg);
break;
case 'R':
kill_iplog(1, lockfile);
break;
case 'z':
enable(optarg, FOOL_NMAP);
break;
case 'v':
mysyslog("iplog version %s\nby %s\n%s",
VERSION, AUTHORS, WEBPAGE);
exit(0);
case 'h':
default:
print_help();
break;
}
}
}