void ArpTest::testSetFunctions() { Arp arp2; arp2.setHardwareSize( hardwaresize::ETHERNET ); arp2.setHardwareType(hardwaretype::ETHERNET); arp2.setOpcode(arpopcode::request); arp2.setProtocolSize( protocolsize::IP ); arp2.setProtocolType( protocoltype::IP ); arp2.setSenderIPAddress( IPv4Address("192.168.1.1").makePacket() ); arp2.setTargetIPAddress( IPv4Address("172.16.23.1").makePacket() ); arp2.setSenderMacAddress( MACAddress("DE:AD:BE:EF:DE:AD").makePacket() ); arp2.setTargetMacAddress( MACAddress("CA:FE:BA:BE:BA:BE").makePacket() ); //check to size of raw contents in bytes QVERIFY( arp2.size() == 28 ); //check to see if arp QVERIFY( arp2.isArp() ); //check to see if the hardware values are correct QVERIFY( arp2.hardwareType() == hardwaretype::ETHERNET ); //check protocol QVERIFY( arp2.protocolType() == protocoltype::IP ); //check hardware size QVERIFY( arp2.hardwareSize() == hardwaresize::ETHERNET); //check protocol size QVERIFY( arp2.protocolSize() == protocolsize::IP ); arp2.setProtocolSize( protocolsize::IPv6 ); QVERIFY( arp2.protocolSize() == protocolsize::IPv6 ); //check opcode QVERIFY( arp2.opcode() == arpopcode::request ); //check Sender MAC QVERIFY( arp2.senderMacAddress().vector() == MACAddress("DE:AD:BE:EF:DE:AD").makePacket().vector() ); //check Sender IP QVERIFY( arp2.senderIPAddress().vector() == IPv4Address("192.168.1.1").makePacket().vector() ); //check target MAC QVERIFY( arp2.targetIPAddress().vector() == IPv4Address("172.16.23.1").makePacket().vector() ); //check target IP QVERIFY( arp2.targetMacAddress().vector() == MACAddress("CA:FE:BA:BE:BA:BE").makePacket().vector() ); }
void IPFilter::convertToIPAddressWithMask(std::string& ipAddrmodified, std::string& mask) { if (m_IPv4Mask == "") return; // Handle the mask // The following code lines verify both ipAddress and ipv4Mask are valid IPv4 addresses // The IPv4 limitation comes from the fact libPcap/WinPcap doesn't support mask for IPv6 addresses IPv4Address ipAddr(m_Address); if (!ipAddr.isValid()) { LOG_ERROR("IP filter with mask must be used with IPv4 valid address. Setting the mask to an empty value"); mask = ""; return; } IPv4Address maskAsAddr(m_IPv4Mask); if (!maskAsAddr.isValid()) { LOG_ERROR("Invalid IPv4 mask. Setting the mask to an empty"); mask = ""; return; } // If all addresses are IPv4 valid addresses, make sure ipAddress matches the mask. If it's not, mask the address with the mask // The reason for doing that is libPcap/WinPcap doesn't allow filtering an IP address that doesn't match the mask uint32_t addrAsIntAfterMask = ipAddr.toInt() & maskAsAddr.toInt(); ipAddrmodified = IPv4Address(addrAsIntAfterMask).toString(); }
void ArpListener::listenerThread() { if( arpFilter_.size() == 0 || device_.size() == 0 ) { MutexLocker lock( runningMutex_ ); running_ = false; return; } sniffer_.setFilter( arpFilter_ ); sniffer_.setInputDevice(device_); sniffer_.start(); while( true ) { Packet p = sniffer_.popPacket(); if( p.appSize() > 0 && p.appIs< Arp >() ) { Arp a = p.getApp<Arp>(); if( a.opcode() == arpopcode::response ) { MACAddress mac = MACAddress(a.senderMacAddress().vector()); IPv4Address ip = IPv4Address(a.senderIPAddress().vector()); cache_->addEntry( ip.toString(), mac ); sendAlert( ip.toString() ); } } MutexLocker lock2( stopMutex_ ); if( stop_ ) break; } }
IPv4Range operator/(const IPv4Address& addr, int mask) { if (mask > 32) { throw logic_error("Prefix length cannot exceed 32"); } return IPv4Range::from_mask( addr, IPv4Address(Endian::host_to_be(0xffffffff << (32 - mask))) ); }
/** * @details Loads all available network devices from the host system, setting * each device's name, description, loopback status, network address * and network mask * @throws std::runtime_error if an error is encountered when attempting to * list all network devices with the details from libpcap */ void IPForensics::load_devices() { char error[PCAP_ERRBUF_SIZE]; pcap_if_t* alldevsp; if (pcap_findalldevs(&alldevsp, error) == 0) { pcap_if_t* devp = alldevsp; while (devp != NULL) { Device d = Device(this); unsigned int net {}, mask {}; d.set_name((devp->name == NULL) ? "" : devp->name); d.set_desc((devp->description == NULL) ? "" : devp->description); d.set_loopback(devp->flags & PCAP_IF_LOOPBACK); if (pcap_lookupnet(d.name().c_str(), &net, &mask, error) == 0) { d.set_net(IPv4Address(net)); d.set_mask(IPv4Address(mask)); } devices_.push_back(d); devp = devp->next; } } else { pcap_freealldevs(alldevsp); throw std::runtime_error(error); } pcap_freealldevs(alldevsp); }
IPv4Address IPv4Resolver::resolve(const String &ip_or_host){ struct ::hostent ret; int h_errnop; char *tmp_buf; int tmp_blen; int bmem; struct ::hostent *hp; struct ::sockaddr_in name; bzero(&name, sizeof(struct ::sockaddr_in)); int result; bmem = 4 * ip_or_host.size() + 2 * sizeof(hostent) ; tmp_blen = bmem; while(true){ tmp_buf = new char[tmp_blen]; result = gethostbyname_r(ip_or_host.toCharPtr(), &ret, tmp_buf, tmp_blen, &hp, &h_errnop); if(result == ERANGE){ tmp_blen += bmem; delete[] tmp_buf; continue; } switch(h_errnop){ case HOST_NOT_FOUND: delete[] tmp_buf; throw HostNotFound(); break; case TRY_AGAIN: delete[] tmp_buf; throw NSTryAgain(); break; case NO_RECOVERY: delete[] tmp_buf; throw NSFatal(); break; case NO_ADDRESS: delete[] tmp_buf; throw NoIPForYou(); break; } break; } if(hp != NULL){ name.sin_family = AF_INET; name.sin_addr = *(struct in_addr *) hp->h_addr; } delete[] tmp_buf; return IPv4Address(&name.sin_addr); }
void IPFilter::convertToIPAddressWithLen(std::string& ipAddrmodified, int& len) { if (m_Len == 0) return; // Handle the length // The following code lines verify IP address is valid (IPv4 or IPv6) std::auto_ptr<IPAddress> ipAddr = IPAddress::fromString(ipAddrmodified); if (ipAddr.get()->getType() == IPAddress::IPv4AddressType) { IPv4Address* ip4Addr = (IPv4Address*)ipAddr.get(); uint32_t addrAsInt = ip4Addr->toInt(); uint32_t mask = ((uint32_t)-1) >> ((sizeof(uint32_t)*8)-m_Len); addrAsInt &= mask; ipAddrmodified = IPv4Address(addrAsInt).toString(); }
void SkyLinesTracking::Glue::SetSettings(const Settings &settings) { if (!settings.enabled || settings.key == 0) { client.Close(); return; } client.SetKey(settings.key); interval = settings.interval; if (!client.IsDefined()) // TODO: fix hard-coded IP address: client.Open(IPv4Address(95, 128, 34, 172, Client::GetDefaultPort())); #ifdef HAVE_SKYLINES_TRACKING_HANDLER traffic_enabled = settings.traffic_enabled; #endif roaming = settings.roaming; }
bool switcher::on_client_pkt(const byte_t *data, size_t size) { vxlan_tuple tuple; int e = tuple.fill(data, size); if (e != 0) { return true; } auto sess = client_mgr_->client_tuple(tuple); if(unlikely(!sess)){ return false; } int next_way = path_mgr_->get_way(client_way, 1); switch (next_way){ case switch_way: break; case out_way: EthernetII eth = EthernetII()/tuple.inner_.ip_; nat_->nat_out(IPv4Address("10.0.0.167"), sess->uid(), eth); break; } return true; }
IPv4Address PcapLiveDevice::getIPv4Address() { for(std::vector<pcap_addr_t>::iterator addrIter = m_Addresses.begin(); addrIter != m_Addresses.end(); addrIter++) { if (LoggerPP::getInstance().isDebugEnabled(PcapLogModuleLiveDevice) && addrIter->addr != NULL) { char addrAsString[INET6_ADDRSTRLEN]; sockaddr2string(addrIter->addr, addrAsString); LOG_DEBUG("Searching address %s", addrAsString); } in_addr* currAddr = sockaddr2in_addr(addrIter->addr); if (currAddr == NULL) { LOG_DEBUG("Address is NULL"); continue; } return IPv4Address(currAddr); } return IPv4Address::Zero; }
bool decrement(IPv4Address& addr) { uint32_t addr_int = Endian::be_to_host<uint32_t>(addr); bool reached_end = --addr_int == 0; addr = IPv4Address(Endian::be_to_host<uint32_t>(addr_int)); return reached_end; }
static void dnsResponseRecieved(RawPacket* rawPacket, PcapLiveDevice* device, void* userCookie) { // extract timestamp of packet clock_t recieveTime = clock(); // get data from the main thread DNSRecievedData* data = (DNSRecievedData*)userCookie; // parse the response packet Packet packet(rawPacket); // verify that it's an DNS packet (although it must be because DNS port filter was set on the interface) if (!packet.isPacketOfType(DNS)) return; // extract the DNS layer from the packet DnsLayer* dnsResponseLayer = packet.getLayerOfType<DnsLayer>(); if (dnsResponseLayer == NULL) return; // verify it's the right DNS response if (dnsResponseLayer->getDnsHeader()->queryOrResponse != 1 /* DNS response */ || dnsResponseLayer->getDnsHeader()->numberOfAnswers < htons(1) || dnsResponseLayer->getDnsHeader()->transactionID != htons(data->transactionID)) { return; } // DNS resolving can be recursive as many DNS responses contain multiple answers with recursive canonical names (CNAME) for // the hostname. For example: a DNS response for www.a.com can have multiple answers: //- First with CNAME: www.a.com -> www.b.com //- Second with CNAME: www.b.com -> www.c.com //- Third with resolving: www.c.com -> 1.1.1.1 // So the search must be recursive until an IPv4 resolving is found or until no hostname or canonical name are found (and then return) std::string hostToFind = data->hostname; DnsResource* dnsAnswer = NULL; while (true) { dnsAnswer = dnsResponseLayer->getAnswer(hostToFind, true); // if response doesn't contain hostname or cname - return if (dnsAnswer == NULL) { LOG_DEBUG("DNS answer doesn't contain hostname '%s'", hostToFind.c_str()); return; } DnsType dnsType = dnsAnswer->getDnsType(); // if answer contains IPv4 resolving - break the loop and return the IP address if (dnsType == DNS_TYPE_A) { LOG_DEBUG("Found IPv4 resolving for hostname '%s'", hostToFind.c_str()); break; } // if answer contains a cname - continue to search this cname in the packet - hopefully find the IP resolving else if (dnsType == DNS_TYPE_CNAME) { LOG_DEBUG("Got a DNS response for hostname '%s' with CNAME '%s'", hostToFind.c_str(), dnsAnswer->getDataAsString().c_str()); hostToFind = dnsAnswer->getDataAsString(); } // if answer is of type other than A or CNAME (for example AAAA - IPv6) - type is not supported - return else { LOG_DEBUG("Got a DNS response with type which is not A or CNAME"); return; } } // if we got here it means an IPv4 resolving was found // measure response time clock_t diffticks = recieveTime-data->start; double diffms = (diffticks*1000)/CLOCKS_PER_SEC; data->dnsResponseTime = diffms; data->result = IPv4Address(dnsAnswer->getDataAsString()); data->ttl = dnsAnswer->getTTL(); // signal the main thread the ARP reply was received pthread_mutex_lock(data->mutex); pthread_cond_signal(data->cond); pthread_mutex_unlock(data->mutex); }
bool SocketDescriptor::BindPort(unsigned port) { return Bind(IPv4Address(port)); }
void PcapLiveDevice::setDefaultGateway() { #ifdef WIN32 ULONG outBufLen = sizeof (IP_ADAPTER_INFO); uint8_t buffer[outBufLen]; PIP_ADAPTER_INFO adapterInfo = (IP_ADAPTER_INFO*)buffer; DWORD retVal = 0; retVal = GetAdaptersInfo(adapterInfo, &outBufLen); uint8_t buffer2[outBufLen]; if (retVal == ERROR_BUFFER_OVERFLOW) adapterInfo = (IP_ADAPTER_INFO *)buffer2; retVal = GetAdaptersInfo(adapterInfo, &outBufLen); if (retVal == NO_ERROR) { PIP_ADAPTER_INFO curAdapterInfo = adapterInfo; while (curAdapterInfo != NULL) { std::string name(m_Name); if (name.find(curAdapterInfo->AdapterName) != std::string::npos) m_DefaultGateway = IPv4Address(curAdapterInfo->GatewayList.IpAddress.String); curAdapterInfo = curAdapterInfo->Next; } } else { LOG_ERROR("Error retrieving default gateway address"); } #elif LINUX std::ifstream routeFile("/proc/net/route"); std::string line; while (std::getline(routeFile, line)) { std::stringstream lineStream(line); std::string interfaceName; std::getline(lineStream, interfaceName, '\t'); if (interfaceName != std::string(m_Name)) continue; std::string interfaceDest; std::getline(lineStream, interfaceDest, '\t'); if (interfaceDest != "00000000") continue; std::string interfaceGateway; std::getline(lineStream, interfaceGateway, '\t'); uint32_t interfaceGatewayIPInt; std::stringstream interfaceGatewayStream; interfaceGatewayStream << std::hex << interfaceGateway; interfaceGatewayStream >> interfaceGatewayIPInt; m_DefaultGateway = IPv4Address(interfaceGatewayIPInt); } #elif MAC_OS_X std::string ifaceStr = std::string(m_Name); std::string command = "netstat -nr | grep default | grep " + ifaceStr; std::string ifaceInfo = executeShellCommand(command); if (ifaceInfo == "") { LOG_DEBUG("Error retrieving default gateway address: couldn't get netstat output"); return; } // remove the word "default" ifaceInfo.erase(0, 7); // remove spaces while (ifaceInfo.at(0) == ' ') ifaceInfo.erase(0,1); // erase string after gateway IP address ifaceInfo.resize(ifaceInfo.find(' ', 0)); m_DefaultGateway = IPv4Address(ifaceInfo); #endif }
IPv4Address last_address_from_mask(IPv4Address addr, IPv4Address mask) { uint32_t addr_int = Endian::be_to_host<uint32_t>(addr), mask_int = Endian::be_to_host<uint32_t>(mask); return IPv4Address(Endian::host_to_be(addr_int | ~mask_int)); }
IPv4Address icmp_router_address_structure::getAddress() { return IPv4Address(routerAddress); }
void PcapLiveDeviceList::setDnsServers() { #ifdef WIN32 FIXED_INFO * fixedInfo; ULONG ulOutBufLen; DWORD dwRetVal; IP_ADDR_STRING * pIPAddr; uint8_t buf1[sizeof(FIXED_INFO)]; fixedInfo = (FIXED_INFO *) buf1; ulOutBufLen = sizeof( FIXED_INFO ); dwRetVal = GetNetworkParams( fixedInfo, &ulOutBufLen ); uint8_t buf2[ulOutBufLen]; if(ERROR_BUFFER_OVERFLOW == dwRetVal) { fixedInfo = (FIXED_INFO *)buf2; } if ((dwRetVal = GetNetworkParams( fixedInfo, &ulOutBufLen )) != 0) LOG_ERROR("Call to GetNetworkParams failed. Return Value: %08lx\n", dwRetVal); else { m_DnsServers.push_back(IPv4Address(fixedInfo->DnsServerList.IpAddress.String)); int i = 1; LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, fixedInfo->DnsServerList.IpAddress.String ); pIPAddr = fixedInfo->DnsServerList.Next; while ( pIPAddr ) { m_DnsServers.push_back(IPv4Address(pIPAddr->IpAddress.String)); LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, pIPAddr->IpAddress.String); pIPAddr = pIPAddr -> Next; } } #elif LINUX std::string command = "nmcli dev list | grep IP4.DNS"; std::string dnsServersInfo = executeShellCommand(command); if (dnsServersInfo == "") { LOG_DEBUG("Error retrieving DNS server list: call to nmcli gave no output"); return; } std::istringstream stream(dnsServersInfo); std::string line; int i = 1; while(std::getline(stream, line)) { std::istringstream lineStream(line); std::string headline; std::string dnsIP; lineStream >> headline; lineStream >> dnsIP; IPv4Address dnsIPAddr(dnsIP); if (!dnsIPAddr.isValid()) continue; if (std::find(m_DnsServers.begin(), m_DnsServers.end(), dnsIPAddr) == m_DnsServers.end()) { m_DnsServers.push_back(dnsIPAddr); LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, dnsIPAddr.toString().c_str()); } } #elif MAC_OS_X SCDynamicStoreRef dynRef = SCDynamicStoreCreate(kCFAllocatorSystemDefault, CFSTR("iked"), NULL, NULL); if (dynRef == NULL) { LOG_DEBUG("Couldn't set DNS server list: failed to retrieve SCDynamicStore"); return; } CFDictionaryRef dnsDict = (CFDictionaryRef)SCDynamicStoreCopyValue(dynRef,CFSTR("State:/Network/Global/DNS")); if (dnsDict == NULL) { LOG_DEBUG("Couldn't set DNS server list: failed to get DNS dictionary"); CFRelease(dynRef); return; } CFArrayRef serverAddresses = (CFArrayRef)CFDictionaryGetValue(dnsDict, CFSTR("ServerAddresses")); if (serverAddresses == NULL) { LOG_DEBUG("Couldn't set DNS server list: server addresses array is null"); CFRelease(dynRef); CFRelease(dnsDict); return; } CFIndex count = CFArrayGetCount(serverAddresses); for (CFIndex i = 0; i < count; i++) { CFStringRef serverAddress = (CFStringRef)CFArrayGetValueAtIndex(serverAddresses, i); if (serverAddress == NULL) continue; uint8_t buf[20]; char* serverAddressCString = (char*)buf; CFStringGetCString(serverAddress, serverAddressCString, 20, kCFStringEncodingUTF8); m_DnsServers.push_back(IPv4Address(serverAddressCString)); LOG_DEBUG("Default DNS server IP #%d: %s\n", (int)(i+1), serverAddressCString); } CFRelease(dynRef); CFRelease(dnsDict); #endif }