diff --git a/base/network.c b/base/network.c index fbbbbf0..3b96f6e 100644 --- a/base/network.c +++ b/base/network.c @@ -107,16 +107,18 @@ int network_handler_destroy(mod,handlerp) return(0); } -int network_process_packet(handler,timestamp,data,length) +int network_process_packet(handler,timestamp,data,length,af) n_handler *handler; struct timeval *timestamp; UCHAR *data; int length; + int af; { int r; int hlen; packet p; u_short off; + int proto; /*We can pretty much ignore all the options*/ memcpy(&p.ts,timestamp,sizeof(struct timeval)); @@ -124,7 +126,7 @@ int network_process_packet(handler,timestamp,data,length) p._len=length; p.data=data; p.len=length; - p.ip=(struct ip *)data; + p.af=af; if(p.len < 20) { if(!(NET_print_flags & NET_PRINT_JSON)) @@ -132,37 +134,77 @@ int network_process_packet(handler,timestamp,data,length) return(0); } - /*Handle, or rather mishandle, fragmentation*/ - off=ntohs(p.ip->ip_off); - - if((off & 0x1fff) || /*Later fragment*/ - (off & 0x2000)){ /*More fragments*/ -/* fprintf(stderr,"Fragmented packet! rejecting\n"); */ - return(0); + memset(&p.i_addr.so_st, 0x0, sizeof(struct sockaddr_storage)); + memset(&p.r_addr.so_st, 0x0, sizeof(struct sockaddr_storage)); + + if(af == AF_INET) { + p.l3_hdr.ip=(struct ip *)data; + memcpy(&p.i_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_src, sizeof(struct in_addr)); + p.i_addr.so_in.sin_family = AF_INET; + memcpy(&p.r_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_dst, sizeof(struct in_addr)); + p.r_addr.so_in.sin_family = AF_INET; + + /*Handle, or rather mishandle, fragmentation*/ + off=ntohs(p.l3_hdr.ip->ip_off); + + if((off & 0x1fff) || /*Later fragment*/ + (off & 0x2000)){ /*More fragments*/ + /* fprintf(stderr,"Fragmented packet! rejecting\n"); */ + return(0); + } + + hlen=p.l3_hdr.ip->ip_hl * 4; + p.data += hlen; + p.len = ntohs(p.l3_hdr.ip->ip_len); + + if(p.len > length) { + if(!(NET_print_flags & NET_PRINT_JSON)) + printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n"); + return(0); + } + + if (p.len == 0) { + DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n")); + p.len = p._len; + } + p.len -= hlen; + + proto = p.l3_hdr.ip->ip_p; + } else { + p.l3_hdr.ip6=(struct ip6_hdr *)data; + memcpy(&p.i_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_src, sizeof(struct in6_addr)); + p.i_addr.so_in6.sin6_family = AF_INET6; + memcpy(&p.r_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_dst, sizeof(struct in6_addr)); + p.r_addr.so_in6.sin6_family = AF_INET6; + // Skip packets with header extensions + if(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) { + return 0; + } + + hlen=40; // Fixed header size with no extension + p.data += hlen; + p.len = ntohs(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_plen); + if(p.len > length) { + if(!(NET_print_flags & NET_PRINT_JSON)) + printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n"); + return(0); + } + + if (p.len == 0) { + DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n")); + p.len = p._len; + } + + proto = p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt; } - hlen=p.ip->ip_hl * 4; - p.data += hlen; - p.len = ntohs(p.ip->ip_len); - - if(p.len > length) { - if(!(NET_print_flags & NET_PRINT_JSON)) - printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n"); - return(0); - } - - if (p.len == 0) { - DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n")); - p.len = p._len; - } - p.len -= hlen; - - switch(p.ip->ip_p){ + switch(proto){ case IPPROTO_TCP: - if((r=process_tcp_packet(handler->mod,handler->ctx,&p))) - ERETURN(r); - break; + if((r=process_tcp_packet(handler->mod,handler->ctx,&p))) + ERETURN(r); + break; } + return(0); } @@ -238,26 +280,43 @@ int timestamp_diff(t1,t0,diff) -int lookuphostname(addr,namep) - struct in_addr *addr; +int lookuphostname(so_st,namep) + struct sockaddr_storage *so_st; char **namep; { - struct hostent *ne=0; + int r = 1; + *namep = calloc(1, NI_MAXHOST); + void *addr = NULL; - if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)){ - ne=gethostbyaddr((char *)addr,4,AF_INET); + if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)) { + r = getnameinfo((struct sockaddr *) so_st, sizeof(struct sockaddr_storage), *namep, NI_MAXHOST, NULL, 0, 0); } - if(!ne){ - *namep=strdup((char *)inet_ntoa(*addr)); - } - else{ - *namep=strdup(ne->h_name); + if(r) { + if(so_st->ss_family == AF_INET) { + addr = &((struct sockaddr_in *) so_st)->sin_addr; + } else { + addr = &((struct sockaddr_in6 *) so_st)->sin6_addr; + } + inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN); } return(0); } - - - +int addrtotext(so_st,namep) + struct sockaddr_storage *so_st; + char **namep; + { + *namep = calloc(1, NI_MAXHOST); + void *addr = NULL; + + if(so_st->ss_family == AF_INET) { + addr = &((struct sockaddr_in *) so_st)->sin_addr; + } else { + addr = &((struct sockaddr_in6 *) so_st)->sin6_addr; + } + inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN); + + return(0); + } diff --git a/base/network.h b/base/network.h index 65cbb1c..e5a809a 100644 --- a/base/network.h +++ b/base/network.h @@ -64,6 +64,7 @@ #endif #include #include +#include #include #include #include @@ -77,12 +78,13 @@ int network_handler_create PROTO_LIST((proto_mod *mod, n_handler **handlerp)); int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp)); int network_process_packet PROTO_LIST((n_handler *handler, - struct timeval *timestamp,UCHAR *data,int length)); + struct timeval *timestamp,UCHAR *data,int length,int af)); int packet_copy PROTO_LIST((packet *in,packet **out)); int packet_destroy PROTO_LIST((packet *p)); int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0, struct timeval *diff)); -int lookuphostname PROTO_LIST((struct in_addr *addr,char **name)); +int lookuphostname PROTO_LIST((struct sockaddr_storage *addr,char **name)); +int addrtotext PROTO_LIST((struct sockaddr_storage *addr,char **name)); struct packet_ { struct timeval ts; @@ -94,7 +96,22 @@ struct packet_ { /*These just save us the effort of doing casts to the data segments*/ struct ip *ip; /*The IP header*/ + int af; + union { + struct ip *ip; /*The IP header*/ + struct ip6_hdr *ip6; /*The IP header*/ + } l3_hdr; struct tcphdr *tcp; /*The TCP header*/ + union { + struct sockaddr_storage so_st; + struct sockaddr_in so_in; + struct sockaddr_in6 so_in6; + } i_addr; + union { + struct sockaddr_storage so_st; + struct sockaddr_in so_in; + struct sockaddr_in6 so_in6; + } r_addr; }; #include "tcpconn.h" diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c index 0a02c35..96f11a1 100644 --- a/base/pcap-snoop.c +++ b/base/pcap-snoop.c @@ -204,9 +204,9 @@ void pcap_cb(ptr,hdr,data) len+=4; } - if(type!=ETHERTYPE_IP) + if(type!=ETHERTYPE_IP && type!=ETHERTYPE_IPV6) return; - + break; case DLT_IEEE802: data+=22; @@ -276,7 +276,11 @@ void pcap_cb(ptr,hdr,data) break; #endif } - network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len); + + if(type == ETHERTYPE_IPV6) + network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET6); + else + network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET); if(packet_cnt == conn_freq) { packet_cnt = 0; diff --git a/base/proto_mod.h b/base/proto_mod.h index db5502a..5e96c54 100644 --- a/base/proto_mod.h +++ b/base/proto_mod.h @@ -60,8 +60,8 @@ struct proto_mod_vtbl_ { int (*create) PROTO_LIST((void *handle,proto_ctx *ctx, tcp_conn *conn, proto_obj **objp, - struct in_addr *i_addr,u_short i_port, - struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); + struct sockaddr_storage *i_addr,u_short i_port, + struct sockaddr_storage *r_addr,u_short r_port,struct timeval *time_base)); int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp)); int (*destroy) PROTO_LIST((proto_obj **objp)); int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction)); @@ -89,8 +89,8 @@ struct logger_mod_vtbl_ { int (*init) PROTO_LIST((void *data)); //deinit must be async signal safe(!!!) int (*deinit) PROTO_LIST(()); - int (*create) PROTO_LIST((proto_obj **objp, struct in_addr *i_addr,u_short i_port, - struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); + int (*create) PROTO_LIST((proto_obj **objp, struct sockaddr_storage *i_addr,u_short i_port, + struct sockaddr_storage *r_addr,u_short r_port,struct timeval *time_base)); int (*destroy) PROTO_LIST((proto_obj **objp)); int (*data) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction)); int (*close) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction)); diff --git a/base/tcpconn.c b/base/tcpconn.c index 820f50c..2d00777 100644 --- a/base/tcpconn.c +++ b/base/tcpconn.c @@ -70,16 +70,16 @@ static int zero_conn(conn) return(0); } -int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr, - u_short sport, struct in_addr *daddr, u_short dport) +int tcp_find_conn(tcp_conn **connp, int *directionp,struct sockaddr_storage *saddr, + u_short sport, struct sockaddr_storage *daddr, u_short dport) { conn_struct *conn; for(conn=first_conn;conn;conn=conn->next){ if(sport == conn->conn.i_port && dport==conn->conn.r_port){ - if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct in_addr)) - && !memcmp(daddr,&conn->conn.r_addr,sizeof(struct in_addr))) + if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct sockaddr_storage)) + && !memcmp(daddr,&conn->conn.r_addr,sizeof(struct sockaddr_storage))) { *directionp=DIR_I2R; *connp=&(conn->conn); @@ -88,8 +88,8 @@ int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr, } if(dport == conn->conn.i_port && sport==conn->conn.r_port){ - if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct in_addr)) - && !memcmp(daddr,&conn->conn.i_addr,sizeof(struct in_addr))) + if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct sockaddr_storage)) + && !memcmp(daddr,&conn->conn.i_addr,sizeof(struct sockaddr_storage))) { *directionp=DIR_R2I; *connp=&(conn->conn); @@ -101,8 +101,8 @@ int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr, return(R_NOT_FOUND); } -int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr, - u_short i_port, struct in_addr *r_addr, u_short r_port) +int tcp_create_conn(tcp_conn **connp,struct sockaddr_storage *i_addr, + u_short i_port, struct sockaddr_storage *r_addr, u_short r_port) { conn_struct *conn=0; @@ -115,9 +115,9 @@ int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr, conn->conn.backptr=conn; conn->conn.conn_number=conn_number++; - memcpy(&conn->conn.i_addr,i_addr,sizeof(struct in_addr)); + memcpy(&conn->conn.i_addr,i_addr,sizeof(struct sockaddr_storage)); conn->conn.i_port=i_port; - memcpy(&conn->conn.r_addr,r_addr,sizeof(struct in_addr)); + memcpy(&conn->conn.r_addr,r_addr,sizeof(struct sockaddr_storage)); conn->conn.r_port=r_port; *connp=&(conn->conn); @@ -150,6 +150,10 @@ int tcp_destroy_conn(conn) destroy_proto_handler(&conn->analyzer); free_tcp_segment_queue(conn->i2r.oo_queue); free_tcp_segment_queue(conn->r2i.oo_queue); + free(conn->i_name); + free(conn->r_name); + free(conn->i_num); + free(conn->r_num); zero_conn(conn); free(conn->backptr); free(conn); diff --git a/base/tcpconn.h b/base/tcpconn.h index 957dce9..6748d6c 100644 --- a/base/tcpconn.h +++ b/base/tcpconn.h @@ -72,12 +72,16 @@ typedef struct tcp_conn_ { #define TCP_STATE_FIN1 5 #define TCP_STATE_CLOSED 6 /*The address which sent the first SYN*/ - struct in_addr i_addr; + struct sockaddr_storage i_addr; u_short i_port; + char *i_name; + char *i_num; /*The address which sent the second SYN*/ - struct in_addr r_addr; + struct sockaddr_storage r_addr; u_short r_port; + char *r_name; + char *r_num; stream_data i2r; /*The stream from initiator to responder*/ stream_data r2i; /*The stream from responder to initiator*/ @@ -90,12 +94,12 @@ typedef struct tcp_conn_ { int tcp_find_conn PROTO_LIST((tcp_conn **connp, int *directionp, - struct in_addr *src_addr, u_short src_port, - struct in_addr *dst_addr, u_short dst_port)); + struct sockaddr_storage *src_addr, u_short src_port, + struct sockaddr_storage *dst_addr, u_short dst_port)); int tcp_create_conn PROTO_LIST((tcp_conn **connp, - struct in_addr *initiator_addr, u_short initiator_port, - struct in_addr *responder_addr, u_short responder_port)); + struct sockaddr_storage *initiator_addr, u_short initiator_port, + struct sockaddr_storage *responder_addr, u_short responder_port)); int tcp_destroy_conn PROTO_LIST((tcp_conn *conn)); int free_tcp_segment_queue PROTO_LIST((segment *seg)); diff --git a/base/tcppack.c b/base/tcppack.c index 11c0edd..d06885f 100644 --- a/base/tcppack.c +++ b/base/tcppack.c @@ -88,8 +88,8 @@ int process_tcp_packet(handler,ctx,p) print_tcp_packet(p); - if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, - ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){ + if((r=tcp_find_conn(&conn,&direction,&p->i_addr.so_st, + ntohs(p->tcp->th_sport),&p->r_addr.so_st,ntohs(p->tcp->th_dport)))){ if(r!=R_NOT_FOUND) ABORT(r); @@ -126,26 +126,21 @@ int process_tcp_packet(handler,ctx,p) break; case TCP_STATE_ACK: { - char *sn=0,*dn=0; if(direction != DIR_I2R) break; DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq))); conn->i2r.ack=ntohl(p->tcp->th_ack)+1; - lookuphostname(&conn->i_addr,&sn); - lookuphostname(&conn->r_addr,&dn); if(!(NET_print_flags & NET_PRINT_JSON)) { if(NET_print_flags & NET_PRINT_TYPESET) printf("\\fC"); printf("New TCP connection #%d: %s(%d) <-> %s(%d)\n", conn->conn_number, - sn,conn->i_port, - dn,conn->r_port); + conn->i_name,conn->i_port, + conn->r_name,conn->r_port); if(NET_print_flags & NET_PRINT_TYPESET) printf("\\fR"); } conn->state=TCP_STATE_ESTABLISHED; - free(sn); - free(dn); } case TCP_STATE_ESTABLISHED: case TCP_STATE_FIN1: @@ -180,16 +175,16 @@ static int new_connection(handler,ctx,p,connp) tcp_conn *conn=0; if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) { - if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), - &p->ip->ip_dst,ntohs(p->tcp->th_dport)))) + if((r=tcp_create_conn(&conn,&p->i_addr.so_st,ntohs(p->tcp->th_sport), + &p->r_addr.so_st,ntohs(p->tcp->th_dport)))) ABORT(r); DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); conn->i2r.seq=ntohl(p->tcp->th_seq)+1; conn->i2r.ack=ntohl(p->tcp->th_ack)+1; conn->state=TCP_STATE_SYN1; } else { // SYN&ACK comes first somehow - if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport), - &p->ip->ip_src,ntohs(p->tcp->th_sport)))) + if((r=tcp_create_conn(&conn,&p->r_addr.so_st,ntohs(p->tcp->th_dport), + &p->i_addr.so_st,ntohs(p->tcp->th_sport)))) ABORT(r); DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); conn->r2i.seq=ntohl(p->tcp->th_seq)+1; @@ -198,6 +193,10 @@ static int new_connection(handler,ctx,p,connp) } memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval)); + lookuphostname(&conn->i_addr,&conn->i_name); + lookuphostname(&conn->r_addr,&conn->r_name); + addrtotext(&conn->i_addr,&conn->i_num); + addrtotext(&conn->r_addr,&conn->r_num); if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))) ABORT(r); @@ -402,8 +401,8 @@ static int print_tcp_packet(p) if(!(NET_print_flags & NET_PRINT_TCP_HDR)) return(0); - lookuphostname(&p->ip->ip_src,&src); - lookuphostname(&p->ip->ip_dst,&dst); + lookuphostname(&p->i_addr.so_st,&src); + lookuphostname(&p->r_addr.so_st,&dst); if(!(NET_print_flags & NET_PRINT_JSON)) { printf("TCP: %s(%d) -> %s(%d) ", diff --git a/null/null_analyze.c b/null/null_analyze.c index f12a6af..3933eb4 100644 --- a/null/null_analyze.c +++ b/null/null_analyze.c @@ -56,11 +56,11 @@ typedef struct null_analyzer_ { static int create_null_analyzer PROTO_LIST((void *handle, proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, - struct in_addr *i_addr,u_short i_port, - struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); + struct sockaddr_storage *i_addr,u_short i_port, + struct sockaddr_storage *r_addr,u_short r_port, struct timeval *base_time)); static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, - proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, + proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time) { null_analyzer *obj=0; diff --git a/pcap/pcap_logger.c b/pcap/pcap_logger.c index 647cba2..c594540 100644 --- a/pcap/pcap_logger.c +++ b/pcap/pcap_logger.c @@ -17,8 +17,8 @@ static int init_pcap_logger PROTO_LIST((void * data)); static int deinit_pcap_logger PROTO_LIST(()); -static int create_pcap_logger PROTO_LIST((proto_obj **objp, struct in_addr *i_addr, - u_short i_port,struct in_addr *r_addr, u_short r_port, struct timeval *base_time)); +static int create_pcap_logger PROTO_LIST((proto_obj **objp, struct sockaddr_storage *i_addr, + u_short i_port,struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time)); static int destroy_pcap_logger PROTO_LIST((proto_obj **objp)); static int data_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir)); static int close_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir)); @@ -52,7 +52,7 @@ static int deinit_pcap_logger() return 0; } -static int create_pcap_logger(proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, u_short r_port, struct timeval *base_time) +static int create_pcap_logger(proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time) { int r,_status; logpkt_ctx_t *pcap_obj=0; @@ -61,13 +61,15 @@ static int create_pcap_logger(proto_obj **objp, struct in_addr *i_addr, u_short if(!(pcap_obj=(logpkt_ctx_t *)calloc(1,sizeof(logpkt_ctx_t)))) ABORT(R_NO_MEMORY); - src_addr.sin_family = AF_INET; - src_addr.sin_port = htons(i_port); - src_addr.sin_addr = *i_addr; + //src_addr.sin_family = AF_INET; + //src_addr.sin_port = htons(i_port); + //src_addr.sin_addr = *i_addr; + memcpy(&src_addr, i_addr, sizeof(struct sockaddr_in)); - dst_addr.sin_family = AF_INET; - dst_addr.sin_port = htons(r_port); - dst_addr.sin_addr = *r_addr; + //dst_addr.sin_family = AF_INET; + //dst_addr.sin_port = htons(r_port); + //dst_addr.sin_addr = *r_addr; + memcpy(&dst_addr, r_addr, sizeof(struct sockaddr_in)); logpkt_ctx_init(pcap_obj,NULL,0,content_pcap_src_ether, content_pcap_dst_ether, (const struct sockaddr*)&src_addr, sizeof(src_addr), diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index 7184736..188f2b7 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -46,6 +46,7 @@ #include #include +#include #include "network.h" #include "debug.h" #include "sslprint.h" @@ -59,8 +60,8 @@ static int parse_ssl_flags PROTO_LIST((char *str)); static int create_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); static int create_ssl_analyzer PROTO_LIST((void *handle, proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, - struct in_addr *i_addr,u_short i_port, - struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); + struct sockaddr_storage *i_addr,u_short i_port, + struct sockaddr_storage *r_addr,u_short r_port, struct timeval *base_time)); static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp)); static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg, @@ -240,7 +241,7 @@ static int destroy_ssl_ctx(handle,ctxp) } static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, - proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, + proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time) { int r,_status; @@ -257,15 +258,12 @@ static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, if((r=create_r_queue(&obj->i2r_queue))) ABORT(r); - lookuphostname(i_addr,&obj->client_name); - if(!(obj->client_ip=(char *)calloc(1,INET_ADDRSTRLEN))) - ABORT(R_NO_MEMORY); - inet_ntop(AF_INET, i_addr, obj->client_ip, INET_ADDRSTRLEN); + obj->client_name = strndup(conn->i_name, NI_MAXHOST); + obj->client_ip = strndup(conn->i_num, INET6_ADDRSTRLEN); obj->client_port=i_port; - lookuphostname(r_addr,&obj->server_name); - if(!(obj->server_ip=(char *)calloc(1,INET_ADDRSTRLEN))) - ABORT(R_NO_MEMORY); - inet_ntop(AF_INET, r_addr, obj->server_ip, INET_ADDRSTRLEN); + + obj->server_name = strndup(conn->r_name, NI_MAXHOST); + obj->server_ip = strndup(conn->r_num, INET6_ADDRSTRLEN); obj->server_port=r_port; obj->i_state=SSL_ST_SENT_NOTHING;