Пример #1
0
void DNS::FromRaw(const RawLayer& raw_layer) {
	/* Get size of the raw layer */
	size_t data_size = raw_layer.GetSize();

	/* Copy all the data */
	byte* data = new byte[data_size];
	raw_layer.GetData(data);

	/* Create the header */
	PutData(data);

	/* Initialize the response parser */
	ns_msg handle;
	if (ns_initparse(data,data_size,&handle) < 0)
		throw std::runtime_error("DNS::FromRaw() : Error initializing the parsing routines");

	char* buff = new char[MAXDNAME];

	/* First, parse the queries... Simple */
	for(size_t i = 0 ; i < GetTotalQuestions() ; i++) {
		/* RR data structure */
		ns_rr rr;
		/* Parse the data */
		if (ns_parserr(&handle,ns_s_qd,i,&rr) < 0)
			throw std::runtime_error("DNS::FromRaw() : Error Parsing the Queries");
		/* Set the Query name */
        string qname = string(ns_rr_name(rr));
        /* Create a DNS Query and push it into the container */
        DNSQuery dns_query(qname);
        /* Set the class */
        dns_query.SetClass(ns_rr_class(rr));
        /* Set the type */
        dns_query.SetType(ns_rr_type(rr));

        Queries.push_back(dns_query);
	}

	delete [] buff;

	SetContainerSection(Answers,ns_s_an,&handle);
	SetContainerSection(Authority,ns_s_ns,&handle);
	SetContainerSection(Additional,ns_s_ar,&handle);

	delete [] data;

	Craft();

}
Пример #2
0
/*
 * Adapted from dhcpdump code
 * http://dhcpdump.sourcearchive.com/documentation/1.8-2/dhcpdump_8c-source.html
 */
void DHCP::FromRaw(const RawLayer& raw_layer) {
	/* Get size of the raw layer */
	size_t data_size = raw_layer.GetSize();

	/* Copy all the data */
	byte* dhcp_data = new byte[data_size];
	raw_layer.GetData(dhcp_data);

	/* Create the header */
	PutData(dhcp_data);

	/* 236 bytes to reach the Magic Cookie*/
	size_t magicookie_shift = 236;

	/* Delete the Options */
	std::vector<DHCPOptions*>::const_iterator it_opt;

	for(it_opt = Options.begin() ; it_opt != Options.end() ; it_opt++)
		delete (*it_opt);
	Options.clear();

	byte* data = dhcp_data + magicookie_shift + 4;

	size_t j = 0 ;

	vector<string> ip_addr;
	int i = 0;
    while (j < data_size && data[j] != 255) {

		switch (data[j]) {

		default:
			Options.push_back(CreateDHCPOption(data[j],data + j + 2, data[j + 1]));
			break;

		case 0:           // pad
			break;

		case  1:    // Subnetmask
		case  3:    // Routers
		case 16:    // Swap server
		case 28:    // Broadcast address
		case 32:    // Router solicitation
		case 50:    // Requested IP address
		case 54:    // Server identifier
			ip_addr.clear();
			ip_addr.push_back(string(inet_ntoa( *((in_addr*)(data + j + 2)) )));
			Options.push_back(CreateDHCPOption(data[j],ip_addr));
			break;

		case 12:    // Hostname
		case 14:    // Merit dump file
		case 15:    // Domain name
		case 17:    // Root Path
		case 18:    // Extensions path
		case 40:    // NIS domain
		case 56:    // Message
		case 62:    // Netware/IP domain name
		case 64:    // NIS+ domain
		case 66:    // TFTP server name
		case 67:    // bootfile name
		case 60:    // Domain name
		case 86:    // NDS Tree name
		case 87:    // NDS context
			Options.push_back(CreateDHCPOption(data[j], string((char *)&data[j + 2], data[j + 1])) );
			break;

		case  4:    // Time servers
		case  5:    // Name servers
		case  6:    // DNS server
		case  7:    // Log server
		case  8:    // Cookie server
		case  9:    // LPR server
		case 10:    // Impress server
		case 11:    // Resource location server
		case 41:    // NIS servers
		case 42:    // NTP servers
		case 44:    // NetBIOS name server
		case 45:    // NetBIOS datagram distribution server
		case 48:    // X Window System font server
		case 49:    // X Window System display server
		case 65:    // NIS+ servers
		case 68:    // Mobile IP home agent
		case 69:    // SMTP server
		case 70:    // POP3 server
		case 71:    // NNTP server
		case 72:    // WWW server
		case 73:    // Finger server
		case 74:    // IRC server
		case 75:    // StreetTalk server
		case 76:    // StreetTalk directory assistance server
		case 85:    // NDS server
			ip_addr.clear();
			for (i = 0; i < data[j + 1] / 4; i++) {
				ip_addr.push_back(string(inet_ntoa( *((in_addr*)(data + j + 2 + i * 4)) )));
			}
			Options.push_back(CreateDHCPOption(data[j],ip_addr));
			break;

		case 13:    // bootfile size
		case 22:    // Maximum datagram reassembly size
		case 26:    // Interface MTU
		case 57:    // Maximum DHCP message size
			Options.push_back(CreateDHCPOption(data[j], *((short_word *)(data + j + 2)), DHCPOptions::SHORT));
			break;

		case 19:    // IP forwarding enabled/disable
		case 20:    // Non-local source routing
		case 23:    // Default IP TTL
		case 27:    // All subnets local
		case 29:    // Perform mask discovery
		case 30:    // Mask supplier
		case 31:    // Perform router discovery
		case 34:    // Trailer encapsulation
		case 36:    // Ethernet encapsulation
		case 37:    // TCP default TTL
		case 39:    // TCP keepalive garbage
		case 46:    // NetBIOS over TCP/IP node type
		case 52:    // Option overload
		case 53:    // DHCP message type
			Options.push_back(CreateDHCPOption(data[j], *((byte *)(data + j + 2)), DHCPOptions::BYTE));
			break;

		case  2:    // Time offset
		case 24:    // Path MTU aging timeout
		case 35:    // ARP cache timeout
		case 38:    // TCP keepalive interval
		case 51:    // IP address leasetime
		case 58:    // T1
		case 59:    // T2
			Options.push_back(CreateDHCPOption(data[j], *((word *)(data + j + 2)), DHCPOptions::WORD));
			break;
		}

		/*
		 * This might go wrong if a mallformed packet is received.
		 * Maybe from a bogus server which is instructed to reply
		 * with invalid data and thus causing an exploit.
		 * My head hurts... but I think it's solved by the checking
		 * for j<data_len at the begin of the while-loop.
		*/
		if (data[j]==0)         // padding
			j++;
		else
			j+=data[j + 1] + 2;
    }

    Craft();
}