示例#1
0
void ArpTest::testSetFunctions()
{
    Arp arp2;

    arp2.setHardwareSize( hardwaresize::ETHERNET );
    arp2.setHardwareType(hardwaretype::ETHERNET);
    arp2.setOpcode(arpopcode::request);
    arp2.setProtocolSize( protocolsize::IP );
    arp2.setProtocolType( protocoltype::IP );
    arp2.setSenderIPAddress( IPv4Address("192.168.1.1").makePacket() );
    arp2.setTargetIPAddress( IPv4Address("172.16.23.1").makePacket() );
    arp2.setSenderMacAddress( MACAddress("DE:AD:BE:EF:DE:AD").makePacket() );
    arp2.setTargetMacAddress( MACAddress("CA:FE:BA:BE:BA:BE").makePacket() );

    //check to size of raw contents in bytes
    QVERIFY( arp2.size() == 28 );

    //check to see if arp
    QVERIFY( arp2.isArp() );

    //check to see if the hardware values are correct
    QVERIFY( arp2.hardwareType() == hardwaretype::ETHERNET );

    //check protocol
    QVERIFY( arp2.protocolType() == protocoltype::IP );

    //check hardware size
    QVERIFY( arp2.hardwareSize() == hardwaresize::ETHERNET);

    //check protocol size
    QVERIFY( arp2.protocolSize() == protocolsize::IP );
    arp2.setProtocolSize( protocolsize::IPv6 );
    QVERIFY( arp2.protocolSize() == protocolsize::IPv6 );

    //check opcode
    QVERIFY( arp2.opcode() == arpopcode::request );

    //check Sender MAC
    QVERIFY( arp2.senderMacAddress().vector() ==  MACAddress("DE:AD:BE:EF:DE:AD").makePacket().vector() );

    //check Sender IP
    QVERIFY( arp2.senderIPAddress().vector() == IPv4Address("192.168.1.1").makePacket().vector() );

    //check target MAC
    QVERIFY( arp2.targetIPAddress().vector() == IPv4Address("172.16.23.1").makePacket().vector() );

    //check target IP
    QVERIFY( arp2.targetMacAddress().vector() == MACAddress("CA:FE:BA:BE:BA:BE").makePacket().vector() );


}
示例#2
0
void IPFilter::convertToIPAddressWithMask(std::string& ipAddrmodified, std::string& mask)
{
	if (m_IPv4Mask == "")

		return;

	// Handle the mask

	// The following code lines verify both ipAddress and ipv4Mask are valid IPv4 addresses
	// The IPv4 limitation comes from the fact libPcap/WinPcap doesn't support mask for IPv6 addresses

	IPv4Address ipAddr(m_Address);
	if (!ipAddr.isValid())
	{
		LOG_ERROR("IP filter with mask must be used with IPv4 valid address. Setting the mask to an empty value");
		mask = "";
		return;
	}

	IPv4Address maskAsAddr(m_IPv4Mask);
	if (!maskAsAddr.isValid())
	{
		LOG_ERROR("Invalid IPv4 mask. Setting the mask to an empty");
		mask = "";
		return;
	}

	// If all addresses are IPv4 valid addresses, make sure ipAddress matches the mask. If it's not, mask the address with the mask
	// The reason for doing that is libPcap/WinPcap doesn't allow filtering an IP address that doesn't match the mask

	uint32_t addrAsIntAfterMask = ipAddr.toInt() & maskAsAddr.toInt();
	ipAddrmodified = IPv4Address(addrAsIntAfterMask).toString();
}
示例#3
0
void ArpListener::listenerThread()
{
  if( arpFilter_.size() == 0 || device_.size() == 0 )
  {
    MutexLocker lock( runningMutex_ );
    running_ = false;
    return;
  }

  sniffer_.setFilter( arpFilter_ );
  sniffer_.setInputDevice(device_);
  sniffer_.start();

  while( true )
  {
    Packet p = sniffer_.popPacket();
    if( p.appSize() > 0 && p.appIs< Arp >() )
    {
      Arp a = p.getApp<Arp>();
      if( a.opcode() == arpopcode::response )
      {
        MACAddress mac = MACAddress(a.senderMacAddress().vector());
        IPv4Address ip = IPv4Address(a.senderIPAddress().vector());
        cache_->addEntry( ip.toString(), mac );
        sendAlert( ip.toString() );
      }
    }
    MutexLocker lock2( stopMutex_ );
    if( stop_ )
      break;
  }
}
示例#4
0
IPv4Range operator/(const IPv4Address& addr, int mask) {
    if (mask > 32) {
        throw logic_error("Prefix length cannot exceed 32");
    }
    return IPv4Range::from_mask(
               addr,
               IPv4Address(Endian::host_to_be(0xffffffff << (32 - mask)))
           );
}
示例#5
0
/**
 *  @details Loads all available network devices from the host system, setting
 *           each device's name, description, loopback status, network address
 *           and network mask
 *  @throws std::runtime_error if an error is encountered when attempting to 
 *          list all network devices with the details from libpcap
 */
void IPForensics::load_devices() {
  char error[PCAP_ERRBUF_SIZE];
  pcap_if_t* alldevsp;
  if (pcap_findalldevs(&alldevsp, error) == 0) {
    pcap_if_t* devp = alldevsp;
    while (devp != NULL) {
      Device d = Device(this);
      unsigned int net {}, mask {};
      d.set_name((devp->name == NULL) ? "" : devp->name);
      d.set_desc((devp->description == NULL) ? "" : devp->description);
      d.set_loopback(devp->flags & PCAP_IF_LOOPBACK);
      if (pcap_lookupnet(d.name().c_str(), &net, &mask, error) == 0) {
        d.set_net(IPv4Address(net));
        d.set_mask(IPv4Address(mask));
      }
      devices_.push_back(d);
      devp = devp->next;
    }
  } else {
    pcap_freealldevs(alldevsp);
    throw std::runtime_error(error);
  }
  pcap_freealldevs(alldevsp);
}
示例#6
0
		IPv4Address IPv4Resolver::resolve(const String &ip_or_host){
			struct ::hostent ret;
			int h_errnop;
			char *tmp_buf;
			int tmp_blen;
			int bmem;
			struct ::hostent *hp;
			struct ::sockaddr_in name;
			bzero(&name, sizeof(struct ::sockaddr_in));
			int result;
			bmem = 4 * ip_or_host.size() + 2 * sizeof(hostent) ;
			tmp_blen = bmem;
			while(true){
				tmp_buf = new char[tmp_blen];
				result = gethostbyname_r(ip_or_host.toCharPtr(), &ret, tmp_buf, tmp_blen, &hp, &h_errnop);
				if(result == ERANGE){
					tmp_blen += bmem;
					delete[] tmp_buf;
					continue;
				}
				switch(h_errnop){
					case HOST_NOT_FOUND:
						delete[] tmp_buf;
						throw HostNotFound();
						break;
					case TRY_AGAIN:
						delete[] tmp_buf;
						throw NSTryAgain();
						break;
					case NO_RECOVERY:
						delete[] tmp_buf;
						throw NSFatal();
						break;
					case NO_ADDRESS:
						delete[] tmp_buf;
						throw NoIPForYou();
						break;
				}
				break;
			}
			if(hp != NULL){
				name.sin_family = AF_INET;
				name.sin_addr = *(struct in_addr *) hp->h_addr;
			}
			delete[] tmp_buf;
			return IPv4Address(&name.sin_addr);
		}
示例#7
0
void IPFilter::convertToIPAddressWithLen(std::string& ipAddrmodified, int& len)
{
	if (m_Len == 0)
		return;

	// Handle the length

	// The following code lines verify IP address is valid (IPv4 or IPv6)

	std::auto_ptr<IPAddress> ipAddr = IPAddress::fromString(ipAddrmodified);
	if (ipAddr.get()->getType() == IPAddress::IPv4AddressType)
	{
		IPv4Address* ip4Addr = (IPv4Address*)ipAddr.get();
		uint32_t addrAsInt = ip4Addr->toInt();
		uint32_t mask = ((uint32_t)-1) >> ((sizeof(uint32_t)*8)-m_Len);
		addrAsInt &= mask;
		ipAddrmodified = IPv4Address(addrAsInt).toString();
	}
示例#8
0
void
SkyLinesTracking::Glue::SetSettings(const Settings &settings)
{
  if (!settings.enabled || settings.key == 0) {
    client.Close();
    return;
  }

  client.SetKey(settings.key);

  interval = settings.interval;

  if (!client.IsDefined())
    // TODO: fix hard-coded IP address:
    client.Open(IPv4Address(95, 128, 34, 172, Client::GetDefaultPort()));

#ifdef HAVE_SKYLINES_TRACKING_HANDLER
  traffic_enabled = settings.traffic_enabled;
#endif

  roaming = settings.roaming;
}
示例#9
0
文件: switcher.cpp 项目: voidhao/L2 
    bool switcher::on_client_pkt(const byte_t *data, size_t size) {
        vxlan_tuple tuple;
        int e = tuple.fill(data, size);
        if (e != 0) {
            return true;
        }
        auto sess = client_mgr_->client_tuple(tuple);
        if(unlikely(!sess)){
        	return false;
        }
        int next_way = path_mgr_->get_way(client_way, 1);
        switch (next_way){
        case switch_way:
        	break;
        case out_way:
        	EthernetII eth = EthernetII()/tuple.inner_.ip_;
        	nat_->nat_out(IPv4Address("10.0.0.167"), sess->uid(), eth);
        	break;
        }


        return true;
    }
示例#10
0
IPv4Address PcapLiveDevice::getIPv4Address()
{
	for(std::vector<pcap_addr_t>::iterator addrIter = m_Addresses.begin(); addrIter != m_Addresses.end(); addrIter++)
	{
		if (LoggerPP::getInstance().isDebugEnabled(PcapLogModuleLiveDevice) && addrIter->addr != NULL)
		{
			char addrAsString[INET6_ADDRSTRLEN];
			sockaddr2string(addrIter->addr, addrAsString);
			LOG_DEBUG("Searching address %s", addrAsString);
		}

		in_addr* currAddr = sockaddr2in_addr(addrIter->addr);
		if (currAddr == NULL)
		{
			LOG_DEBUG("Address is NULL");
			continue;
		}

		return IPv4Address(currAddr);
	}

	return IPv4Address::Zero;
}
示例#11
0
bool decrement(IPv4Address& addr) {
    uint32_t addr_int = Endian::be_to_host<uint32_t>(addr);
    bool reached_end = --addr_int == 0;
    addr = IPv4Address(Endian::be_to_host<uint32_t>(addr_int));
    return reached_end;
}
示例#12
0
static void dnsResponseRecieved(RawPacket* rawPacket, PcapLiveDevice* device, void* userCookie)
{
	// extract timestamp of packet
	clock_t recieveTime = clock();

	// get data from the main thread
	DNSRecievedData* data = (DNSRecievedData*)userCookie;

	// parse the response packet
	Packet packet(rawPacket);

	// verify that it's an DNS packet (although it must be because DNS port filter was set on the interface)
	if (!packet.isPacketOfType(DNS))
		return;

	// extract the DNS layer from the packet
	DnsLayer* dnsResponseLayer = packet.getLayerOfType<DnsLayer>();
	if (dnsResponseLayer == NULL)
		return;

	// verify it's the right DNS response
	if (dnsResponseLayer->getDnsHeader()->queryOrResponse != 1 /* DNS response */
			|| dnsResponseLayer->getDnsHeader()->numberOfAnswers < htons(1)
			|| dnsResponseLayer->getDnsHeader()->transactionID != htons(data->transactionID))
	{
		return;
	}

	// DNS resolving can be recursive as many DNS responses contain multiple answers with recursive canonical names (CNAME) for
	// the hostname. For example: a DNS response for www.a.com can have multiple answers:
	//- First with CNAME: www.a.com -> www.b.com
	//- Second with CNAME: www.b.com -> www.c.com
	//- Third with resolving: www.c.com -> 1.1.1.1
	// So the search must be recursive until an IPv4 resolving is found or until no hostname or canonical name are found (and then return)

	std::string hostToFind = data->hostname;

	DnsResource* dnsAnswer = NULL;

	while (true)
	{
		dnsAnswer = dnsResponseLayer->getAnswer(hostToFind, true);

		// if response doesn't contain hostname or cname - return
		if (dnsAnswer == NULL)
		{
			LOG_DEBUG("DNS answer doesn't contain hostname '%s'", hostToFind.c_str());
			return;
		}

		DnsType dnsType = dnsAnswer->getDnsType();
		// if answer contains IPv4 resolving - break the loop and return the IP address
		if (dnsType == DNS_TYPE_A)
		{
			LOG_DEBUG("Found IPv4 resolving for hostname '%s'", hostToFind.c_str());
			break;
		}
		// if answer contains a cname - continue to search this cname in the packet - hopefully find the IP resolving
		else if (dnsType == DNS_TYPE_CNAME)
		{
			LOG_DEBUG("Got a DNS response for hostname '%s' with CNAME '%s'", hostToFind.c_str(), dnsAnswer->getDataAsString().c_str());
			hostToFind = dnsAnswer->getDataAsString();
		}
		// if answer is of type other than A or CNAME (for example AAAA - IPv6) - type is not supported - return
		else
		{
			LOG_DEBUG("Got a DNS response with type which is not A or CNAME");
			return;
		}
	}
	// if we got here it means an IPv4 resolving was found

	// measure response time
	clock_t diffticks = recieveTime-data->start;
	double diffms = (diffticks*1000)/CLOCKS_PER_SEC;

	data->dnsResponseTime = diffms;
	data->result = IPv4Address(dnsAnswer->getDataAsString());
	data->ttl = dnsAnswer->getTTL();

	// signal the main thread the ARP reply was received
	pthread_mutex_lock(data->mutex);
	pthread_cond_signal(data->cond);
    pthread_mutex_unlock(data->mutex);
}
示例#13
0
bool
SocketDescriptor::BindPort(unsigned port)
{
  return Bind(IPv4Address(port));
}
示例#14
0
void PcapLiveDevice::setDefaultGateway()
{
#ifdef WIN32
	ULONG outBufLen = sizeof (IP_ADAPTER_INFO);
	uint8_t buffer[outBufLen];
	PIP_ADAPTER_INFO adapterInfo = (IP_ADAPTER_INFO*)buffer;
	DWORD retVal = 0;

	retVal = GetAdaptersInfo(adapterInfo, &outBufLen);
	uint8_t buffer2[outBufLen];
    if (retVal == ERROR_BUFFER_OVERFLOW)
        adapterInfo = (IP_ADAPTER_INFO *)buffer2;

    retVal = GetAdaptersInfo(adapterInfo, &outBufLen);

	if (retVal == NO_ERROR)
	{
		PIP_ADAPTER_INFO curAdapterInfo = adapterInfo;
		while (curAdapterInfo != NULL)
		{
			std::string name(m_Name);
			if (name.find(curAdapterInfo->AdapterName) != std::string::npos)
				m_DefaultGateway = IPv4Address(curAdapterInfo->GatewayList.IpAddress.String);

            curAdapterInfo = curAdapterInfo->Next;
		}
	}
	else
	{
		LOG_ERROR("Error retrieving default gateway address");
	}
#elif LINUX
	std::ifstream routeFile("/proc/net/route");
	std::string line;
	while (std::getline(routeFile, line))
	{
	    std::stringstream lineStream(line);
	    std::string interfaceName;
	    std::getline(lineStream, interfaceName, '\t');
	    if (interfaceName != std::string(m_Name))
	    	continue;

	    std::string interfaceDest;
	    std::getline(lineStream, interfaceDest, '\t');
	    if (interfaceDest != "00000000")
	    	continue;

	    std::string interfaceGateway;
	    std::getline(lineStream, interfaceGateway, '\t');

	    uint32_t interfaceGatewayIPInt;
	    std::stringstream interfaceGatewayStream;
	    interfaceGatewayStream << std::hex << interfaceGateway;
	    interfaceGatewayStream >> interfaceGatewayIPInt;
	    m_DefaultGateway = IPv4Address(interfaceGatewayIPInt);
	}
#elif MAC_OS_X
	std::string ifaceStr = std::string(m_Name);
	std::string command = "netstat -nr | grep default | grep " + ifaceStr;
	std::string ifaceInfo = executeShellCommand(command);
	if (ifaceInfo == "")
	{
		LOG_DEBUG("Error retrieving default gateway address: couldn't get netstat output");
		return;
	}

	// remove the word "default"
	ifaceInfo.erase(0, 7);

	// remove spaces
	while (ifaceInfo.at(0) == ' ')
		ifaceInfo.erase(0,1);

	// erase string after gateway IP address
	ifaceInfo.resize(ifaceInfo.find(' ', 0));

	m_DefaultGateway = IPv4Address(ifaceInfo);
#endif
}
示例#15
0
IPv4Address last_address_from_mask(IPv4Address addr, IPv4Address mask) {
    uint32_t addr_int = Endian::be_to_host<uint32_t>(addr),
             mask_int = Endian::be_to_host<uint32_t>(mask);
    return IPv4Address(Endian::host_to_be(addr_int | ~mask_int));
}
示例#16
0
IPv4Address icmp_router_address_structure::getAddress()
{
	return IPv4Address(routerAddress);
}
示例#17
0
void PcapLiveDeviceList::setDnsServers()
{
#ifdef WIN32
	FIXED_INFO * fixedInfo;
	ULONG    ulOutBufLen;
	DWORD    dwRetVal;
	IP_ADDR_STRING * pIPAddr;

	uint8_t buf1[sizeof(FIXED_INFO)];
	fixedInfo = (FIXED_INFO *) buf1;
	ulOutBufLen = sizeof( FIXED_INFO );

	dwRetVal = GetNetworkParams( fixedInfo, &ulOutBufLen );
	uint8_t buf2[ulOutBufLen];
	if(ERROR_BUFFER_OVERFLOW == dwRetVal)
	{
		fixedInfo = (FIXED_INFO *)buf2;
	}

	if ((dwRetVal = GetNetworkParams( fixedInfo, &ulOutBufLen )) != 0)
		LOG_ERROR("Call to GetNetworkParams failed. Return Value: %08lx\n", dwRetVal);
	else
	{
		m_DnsServers.push_back(IPv4Address(fixedInfo->DnsServerList.IpAddress.String));
		int i = 1;
		LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, fixedInfo->DnsServerList.IpAddress.String );

		pIPAddr = fixedInfo->DnsServerList.Next;
		while ( pIPAddr )
		{
			m_DnsServers.push_back(IPv4Address(pIPAddr->IpAddress.String));
			LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, pIPAddr->IpAddress.String);
			pIPAddr = pIPAddr -> Next;
		}
	}
#elif LINUX
	std::string command = "nmcli dev list | grep IP4.DNS";
	std::string dnsServersInfo = executeShellCommand(command);
	if (dnsServersInfo == "")
	{
		LOG_DEBUG("Error retrieving DNS server list: call to nmcli gave no output");
		return;
	}

	std::istringstream stream(dnsServersInfo);
	std::string line;
	int i = 1;
	while(std::getline(stream, line))
	{
		std::istringstream lineStream(line);
		std::string headline;
		std::string dnsIP;
		lineStream >> headline;
		lineStream >> dnsIP;
		IPv4Address dnsIPAddr(dnsIP);
		if (!dnsIPAddr.isValid())
			continue;

		if (std::find(m_DnsServers.begin(), m_DnsServers.end(), dnsIPAddr) == m_DnsServers.end())
		{
			m_DnsServers.push_back(dnsIPAddr);
			LOG_DEBUG("Default DNS server IP #%d: %s\n", i++, dnsIPAddr.toString().c_str());
		}
	}
#elif MAC_OS_X

	SCDynamicStoreRef dynRef = SCDynamicStoreCreate(kCFAllocatorSystemDefault, CFSTR("iked"), NULL, NULL);
	if (dynRef == NULL)
	{
		LOG_DEBUG("Couldn't set DNS server list: failed to retrieve SCDynamicStore");
		return;
	}

	CFDictionaryRef dnsDict = (CFDictionaryRef)SCDynamicStoreCopyValue(dynRef,CFSTR("State:/Network/Global/DNS"));

	if (dnsDict == NULL)
	{
		LOG_DEBUG("Couldn't set DNS server list: failed to get DNS dictionary");
		CFRelease(dynRef);
		return;
	}

	CFArrayRef serverAddresses = (CFArrayRef)CFDictionaryGetValue(dnsDict, CFSTR("ServerAddresses"));

	if (serverAddresses == NULL)
	{
		LOG_DEBUG("Couldn't set DNS server list: server addresses array is null");
		CFRelease(dynRef);
		CFRelease(dnsDict);
		return;
	}

	CFIndex count = CFArrayGetCount(serverAddresses);
	for (CFIndex i = 0; i < count; i++)
	{
		CFStringRef serverAddress = (CFStringRef)CFArrayGetValueAtIndex(serverAddresses, i);

		if (serverAddress == NULL)
			continue;

		uint8_t buf[20];
		char* serverAddressCString = (char*)buf;
		CFStringGetCString(serverAddress, serverAddressCString, 20, kCFStringEncodingUTF8);
		m_DnsServers.push_back(IPv4Address(serverAddressCString));
		LOG_DEBUG("Default DNS server IP #%d: %s\n", (int)(i+1), serverAddressCString);
	}

	CFRelease(dynRef);
	CFRelease(dnsDict);
#endif
}