Merge pull request #53 from wllm-rbnt/dev

Add support for IPv6 traffic dump
This commit is contained in:
Alexandre Dulaunoy 2021-04-10 22:54:49 +02:00 committed by GitHub
commit 1fd36db389
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 192 additions and 105 deletions

View file

@ -107,16 +107,18 @@ int network_handler_destroy(mod,handlerp)
return(0); return(0);
} }
int network_process_packet(handler,timestamp,data,length) int network_process_packet(handler,timestamp,data,length,af)
n_handler *handler; n_handler *handler;
struct timeval *timestamp; struct timeval *timestamp;
UCHAR *data; UCHAR *data;
int length; int length;
int af;
{ {
int r; int r;
int hlen; int hlen;
packet p; packet p;
u_short off; u_short off;
int proto;
/*We can pretty much ignore all the options*/ /*We can pretty much ignore all the options*/
memcpy(&p.ts,timestamp,sizeof(struct timeval)); memcpy(&p.ts,timestamp,sizeof(struct timeval));
@ -124,7 +126,7 @@ int network_process_packet(handler,timestamp,data,length)
p._len=length; p._len=length;
p.data=data; p.data=data;
p.len=length; p.len=length;
p.ip=(struct ip *)data; p.af=af;
if(p.len < 20) { if(p.len < 20) {
if(!(NET_print_flags & NET_PRINT_JSON)) if(!(NET_print_flags & NET_PRINT_JSON))
@ -132,37 +134,77 @@ int network_process_packet(handler,timestamp,data,length)
return(0); return(0);
} }
/*Handle, or rather mishandle, fragmentation*/ memset(&p.i_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
off=ntohs(p.ip->ip_off); memset(&p.r_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
if((off & 0x1fff) || /*Later fragment*/ if(af == AF_INET) {
(off & 0x2000)){ /*More fragments*/ p.l3_hdr.ip=(struct ip *)data;
/* fprintf(stderr,"Fragmented packet! rejecting\n"); */ memcpy(&p.i_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_src, sizeof(struct in_addr));
return(0); p.i_addr.so_in.sin_family = AF_INET;
memcpy(&p.r_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_dst, sizeof(struct in_addr));
p.r_addr.so_in.sin_family = AF_INET;
/*Handle, or rather mishandle, fragmentation*/
off=ntohs(p.l3_hdr.ip->ip_off);
if((off & 0x1fff) || /*Later fragment*/
(off & 0x2000)){ /*More fragments*/
/* fprintf(stderr,"Fragmented packet! rejecting\n"); */
return(0);
}
hlen=p.l3_hdr.ip->ip_hl * 4;
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip->ip_len);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n");
return(0);
}
if (p.len == 0) {
DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n"));
p.len = p._len;
}
p.len -= hlen;
proto = p.l3_hdr.ip->ip_p;
} else {
p.l3_hdr.ip6=(struct ip6_hdr *)data;
memcpy(&p.i_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_src, sizeof(struct in6_addr));
p.i_addr.so_in6.sin6_family = AF_INET6;
memcpy(&p.r_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_dst, sizeof(struct in6_addr));
p.r_addr.so_in6.sin6_family = AF_INET6;
// Skip packets with header extensions
if(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) {
return 0;
}
hlen=40; // Fixed header size with no extension
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n");
return(0);
}
if (p.len == 0) {
DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n"));
p.len = p._len;
}
proto = p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
} }
hlen=p.ip->ip_hl * 4; switch(proto){
p.data += hlen;
p.len = ntohs(p.ip->ip_len);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n");
return(0);
}
if (p.len == 0) {
DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n"));
p.len = p._len;
}
p.len -= hlen;
switch(p.ip->ip_p){
case IPPROTO_TCP: case IPPROTO_TCP:
if((r=process_tcp_packet(handler->mod,handler->ctx,&p))) if((r=process_tcp_packet(handler->mod,handler->ctx,&p)))
ERETURN(r); ERETURN(r);
break; break;
} }
return(0); return(0);
} }
@ -238,26 +280,43 @@ int timestamp_diff(t1,t0,diff)
int lookuphostname(addr,namep) int lookuphostname(so_st,namep)
struct in_addr *addr; struct sockaddr_storage *so_st;
char **namep; char **namep;
{ {
struct hostent *ne=0; int r = 1;
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)){ if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)) {
ne=gethostbyaddr((char *)addr,4,AF_INET); r = getnameinfo((struct sockaddr *) so_st, sizeof(struct sockaddr_storage), *namep, NI_MAXHOST, NULL, 0, 0);
} }
if(!ne){ if(r) {
*namep=strdup((char *)inet_ntoa(*addr)); if(so_st->ss_family == AF_INET) {
} addr = &((struct sockaddr_in *) so_st)->sin_addr;
else{ } else {
*namep=strdup(ne->h_name); addr = &((struct sockaddr_in6 *) so_st)->sin6_addr;
}
inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN);
} }
return(0); return(0);
} }
int addrtotext(so_st,namep)
struct sockaddr_storage *so_st;
char **namep;
{
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
if(so_st->ss_family == AF_INET) {
addr = &((struct sockaddr_in *) so_st)->sin_addr;
} else {
addr = &((struct sockaddr_in6 *) so_st)->sin6_addr;
}
inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN);
return(0);
}

View file

@ -64,6 +64,7 @@
#endif #endif
#include <netinet/in_systm.h> #include <netinet/in_systm.h>
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <r_time.h> #include <r_time.h>
#include <r_data.h> #include <r_data.h>
@ -77,12 +78,13 @@ int network_handler_create PROTO_LIST((proto_mod *mod,
n_handler **handlerp)); n_handler **handlerp));
int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp)); int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp));
int network_process_packet PROTO_LIST((n_handler *handler, int network_process_packet PROTO_LIST((n_handler *handler,
struct timeval *timestamp,UCHAR *data,int length)); struct timeval *timestamp,UCHAR *data,int length,int af));
int packet_copy PROTO_LIST((packet *in,packet **out)); int packet_copy PROTO_LIST((packet *in,packet **out));
int packet_destroy PROTO_LIST((packet *p)); int packet_destroy PROTO_LIST((packet *p));
int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0, int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0,
struct timeval *diff)); struct timeval *diff));
int lookuphostname PROTO_LIST((struct in_addr *addr,char **name)); int lookuphostname PROTO_LIST((struct sockaddr_storage *addr,char **name));
int addrtotext PROTO_LIST((struct sockaddr_storage *addr,char **name));
struct packet_ { struct packet_ {
struct timeval ts; struct timeval ts;
@ -94,7 +96,22 @@ struct packet_ {
/*These just save us the effort of doing casts to the data /*These just save us the effort of doing casts to the data
segments*/ segments*/
struct ip *ip; /*The IP header*/ struct ip *ip; /*The IP header*/
int af;
union {
struct ip *ip; /*The IP header*/
struct ip6_hdr *ip6; /*The IP header*/
} l3_hdr;
struct tcphdr *tcp; /*The TCP header*/ struct tcphdr *tcp; /*The TCP header*/
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} i_addr;
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} r_addr;
}; };
#include "tcpconn.h" #include "tcpconn.h"

View file

@ -204,9 +204,9 @@ void pcap_cb(ptr,hdr,data)
len+=4; len+=4;
} }
if(type!=ETHERTYPE_IP) if(type!=ETHERTYPE_IP && type!=ETHERTYPE_IPV6)
return; return;
break; break;
case DLT_IEEE802: case DLT_IEEE802:
data+=22; data+=22;
@ -276,7 +276,11 @@ void pcap_cb(ptr,hdr,data)
break; break;
#endif #endif
} }
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len);
if(type == ETHERTYPE_IPV6)
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET6);
else
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET);
if(packet_cnt == conn_freq) { if(packet_cnt == conn_freq) {
packet_cnt = 0; packet_cnt = 0;

View file

@ -60,8 +60,8 @@ struct proto_mod_vtbl_ {
int (*create) PROTO_LIST((void *handle,proto_ctx *ctx, int (*create) PROTO_LIST((void *handle,proto_ctx *ctx,
tcp_conn *conn, tcp_conn *conn,
proto_obj **objp, proto_obj **objp,
struct in_addr *i_addr,u_short i_port, struct sockaddr_storage *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); struct sockaddr_storage *r_addr,u_short r_port,struct timeval *time_base));
int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp)); int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp));
int (*destroy) PROTO_LIST((proto_obj **objp)); int (*destroy) PROTO_LIST((proto_obj **objp));
int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction)); int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction));
@ -89,8 +89,8 @@ struct logger_mod_vtbl_ {
int (*init) PROTO_LIST((void *data)); int (*init) PROTO_LIST((void *data));
//deinit must be async signal safe(!!!) //deinit must be async signal safe(!!!)
int (*deinit) PROTO_LIST(()); int (*deinit) PROTO_LIST(());
int (*create) PROTO_LIST((proto_obj **objp, struct in_addr *i_addr,u_short i_port, int (*create) PROTO_LIST((proto_obj **objp, struct sockaddr_storage *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); struct sockaddr_storage *r_addr,u_short r_port,struct timeval *time_base));
int (*destroy) PROTO_LIST((proto_obj **objp)); int (*destroy) PROTO_LIST((proto_obj **objp));
int (*data) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction)); int (*data) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction));
int (*close) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction)); int (*close) PROTO_LIST((proto_obj *obj,unsigned char *data,unsigned int len,int direction));

View file

@ -70,16 +70,16 @@ static int zero_conn(conn)
return(0); return(0);
} }
int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr, int tcp_find_conn(tcp_conn **connp, int *directionp,struct sockaddr_storage *saddr,
u_short sport, struct in_addr *daddr, u_short dport) u_short sport, struct sockaddr_storage *daddr, u_short dport)
{ {
conn_struct *conn; conn_struct *conn;
for(conn=first_conn;conn;conn=conn->next){ for(conn=first_conn;conn;conn=conn->next){
if(sport == conn->conn.i_port && dport==conn->conn.r_port){ if(sport == conn->conn.i_port && dport==conn->conn.r_port){
if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct in_addr)) if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct sockaddr_storage))
&& !memcmp(daddr,&conn->conn.r_addr,sizeof(struct in_addr))) && !memcmp(daddr,&conn->conn.r_addr,sizeof(struct sockaddr_storage)))
{ {
*directionp=DIR_I2R; *directionp=DIR_I2R;
*connp=&(conn->conn); *connp=&(conn->conn);
@ -88,8 +88,8 @@ int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr,
} }
if(dport == conn->conn.i_port && sport==conn->conn.r_port){ if(dport == conn->conn.i_port && sport==conn->conn.r_port){
if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct in_addr)) if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct sockaddr_storage))
&& !memcmp(daddr,&conn->conn.i_addr,sizeof(struct in_addr))) && !memcmp(daddr,&conn->conn.i_addr,sizeof(struct sockaddr_storage)))
{ {
*directionp=DIR_R2I; *directionp=DIR_R2I;
*connp=&(conn->conn); *connp=&(conn->conn);
@ -101,8 +101,8 @@ int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr,
return(R_NOT_FOUND); return(R_NOT_FOUND);
} }
int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr, int tcp_create_conn(tcp_conn **connp,struct sockaddr_storage *i_addr,
u_short i_port, struct in_addr *r_addr, u_short r_port) u_short i_port, struct sockaddr_storage *r_addr, u_short r_port)
{ {
conn_struct *conn=0; conn_struct *conn=0;
@ -115,9 +115,9 @@ int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr,
conn->conn.backptr=conn; conn->conn.backptr=conn;
conn->conn.conn_number=conn_number++; conn->conn.conn_number=conn_number++;
memcpy(&conn->conn.i_addr,i_addr,sizeof(struct in_addr)); memcpy(&conn->conn.i_addr,i_addr,sizeof(struct sockaddr_storage));
conn->conn.i_port=i_port; conn->conn.i_port=i_port;
memcpy(&conn->conn.r_addr,r_addr,sizeof(struct in_addr)); memcpy(&conn->conn.r_addr,r_addr,sizeof(struct sockaddr_storage));
conn->conn.r_port=r_port; conn->conn.r_port=r_port;
*connp=&(conn->conn); *connp=&(conn->conn);
@ -150,6 +150,10 @@ int tcp_destroy_conn(conn)
destroy_proto_handler(&conn->analyzer); destroy_proto_handler(&conn->analyzer);
free_tcp_segment_queue(conn->i2r.oo_queue); free_tcp_segment_queue(conn->i2r.oo_queue);
free_tcp_segment_queue(conn->r2i.oo_queue); free_tcp_segment_queue(conn->r2i.oo_queue);
free(conn->i_name);
free(conn->r_name);
free(conn->i_num);
free(conn->r_num);
zero_conn(conn); zero_conn(conn);
free(conn->backptr); free(conn->backptr);
free(conn); free(conn);

View file

@ -72,12 +72,16 @@ typedef struct tcp_conn_ {
#define TCP_STATE_FIN1 5 #define TCP_STATE_FIN1 5
#define TCP_STATE_CLOSED 6 #define TCP_STATE_CLOSED 6
/*The address which sent the first SYN*/ /*The address which sent the first SYN*/
struct in_addr i_addr; struct sockaddr_storage i_addr;
u_short i_port; u_short i_port;
char *i_name;
char *i_num;
/*The address which sent the second SYN*/ /*The address which sent the second SYN*/
struct in_addr r_addr; struct sockaddr_storage r_addr;
u_short r_port; u_short r_port;
char *r_name;
char *r_num;
stream_data i2r; /*The stream from initiator to responder*/ stream_data i2r; /*The stream from initiator to responder*/
stream_data r2i; /*The stream from responder to initiator*/ stream_data r2i; /*The stream from responder to initiator*/
@ -90,12 +94,12 @@ typedef struct tcp_conn_ {
int tcp_find_conn PROTO_LIST((tcp_conn **connp, int tcp_find_conn PROTO_LIST((tcp_conn **connp,
int *directionp, int *directionp,
struct in_addr *src_addr, u_short src_port, struct sockaddr_storage *src_addr, u_short src_port,
struct in_addr *dst_addr, u_short dst_port)); struct sockaddr_storage *dst_addr, u_short dst_port));
int tcp_create_conn PROTO_LIST((tcp_conn **connp, int tcp_create_conn PROTO_LIST((tcp_conn **connp,
struct in_addr *initiator_addr, u_short initiator_port, struct sockaddr_storage *initiator_addr, u_short initiator_port,
struct in_addr *responder_addr, u_short responder_port)); struct sockaddr_storage *responder_addr, u_short responder_port));
int tcp_destroy_conn PROTO_LIST((tcp_conn *conn)); int tcp_destroy_conn PROTO_LIST((tcp_conn *conn));
int free_tcp_segment_queue PROTO_LIST((segment *seg)); int free_tcp_segment_queue PROTO_LIST((segment *seg));

View file

@ -88,8 +88,8 @@ int process_tcp_packet(handler,ctx,p)
print_tcp_packet(p); print_tcp_packet(p);
if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, if((r=tcp_find_conn(&conn,&direction,&p->i_addr.so_st,
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){ ntohs(p->tcp->th_sport),&p->r_addr.so_st,ntohs(p->tcp->th_dport)))){
if(r!=R_NOT_FOUND) if(r!=R_NOT_FOUND)
ABORT(r); ABORT(r);
@ -126,26 +126,21 @@ int process_tcp_packet(handler,ctx,p)
break; break;
case TCP_STATE_ACK: case TCP_STATE_ACK:
{ {
char *sn=0,*dn=0;
if(direction != DIR_I2R) if(direction != DIR_I2R)
break; break;
DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq))); DBG((0,"ACK seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.ack=ntohl(p->tcp->th_ack)+1; conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
lookuphostname(&conn->i_addr,&sn);
lookuphostname(&conn->r_addr,&dn);
if(!(NET_print_flags & NET_PRINT_JSON)) { if(!(NET_print_flags & NET_PRINT_JSON)) {
if(NET_print_flags & NET_PRINT_TYPESET) if(NET_print_flags & NET_PRINT_TYPESET)
printf("\\fC"); printf("\\fC");
printf("New TCP connection #%d: %s(%d) <-> %s(%d)\n", printf("New TCP connection #%d: %s(%d) <-> %s(%d)\n",
conn->conn_number, conn->conn_number,
sn,conn->i_port, conn->i_name,conn->i_port,
dn,conn->r_port); conn->r_name,conn->r_port);
if(NET_print_flags & NET_PRINT_TYPESET) if(NET_print_flags & NET_PRINT_TYPESET)
printf("\\fR"); printf("\\fR");
} }
conn->state=TCP_STATE_ESTABLISHED; conn->state=TCP_STATE_ESTABLISHED;
free(sn);
free(dn);
} }
case TCP_STATE_ESTABLISHED: case TCP_STATE_ESTABLISHED:
case TCP_STATE_FIN1: case TCP_STATE_FIN1:
@ -180,16 +175,16 @@ static int new_connection(handler,ctx,p,connp)
tcp_conn *conn=0; tcp_conn *conn=0;
if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) { if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) {
if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), if((r=tcp_create_conn(&conn,&p->i_addr.so_st,ntohs(p->tcp->th_sport),
&p->ip->ip_dst,ntohs(p->tcp->th_dport)))) &p->r_addr.so_st,ntohs(p->tcp->th_dport))))
ABORT(r); ABORT(r);
DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.seq=ntohl(p->tcp->th_seq)+1; conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
conn->i2r.ack=ntohl(p->tcp->th_ack)+1; conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN1; conn->state=TCP_STATE_SYN1;
} else { // SYN&ACK comes first somehow } else { // SYN&ACK comes first somehow
if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport), if((r=tcp_create_conn(&conn,&p->r_addr.so_st,ntohs(p->tcp->th_dport),
&p->ip->ip_src,ntohs(p->tcp->th_sport)))) &p->i_addr.so_st,ntohs(p->tcp->th_sport))))
ABORT(r); ABORT(r);
DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
conn->r2i.seq=ntohl(p->tcp->th_seq)+1; conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
@ -198,6 +193,10 @@ static int new_connection(handler,ctx,p,connp)
} }
memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval));
lookuphostname(&conn->i_addr,&conn->i_name);
lookuphostname(&conn->r_addr,&conn->r_name);
addrtotext(&conn->i_addr,&conn->i_num);
addrtotext(&conn->r_addr,&conn->r_num);
if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))) if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)))
ABORT(r); ABORT(r);
@ -402,8 +401,8 @@ static int print_tcp_packet(p)
if(!(NET_print_flags & NET_PRINT_TCP_HDR)) if(!(NET_print_flags & NET_PRINT_TCP_HDR))
return(0); return(0);
lookuphostname(&p->ip->ip_src,&src); lookuphostname(&p->i_addr.so_st,&src);
lookuphostname(&p->ip->ip_dst,&dst); lookuphostname(&p->r_addr.so_st,&dst);
if(!(NET_print_flags & NET_PRINT_JSON)) { if(!(NET_print_flags & NET_PRINT_JSON)) {
printf("TCP: %s(%d) -> %s(%d) ", printf("TCP: %s(%d) -> %s(%d) ",

View file

@ -56,11 +56,11 @@ typedef struct null_analyzer_ {
static int create_null_analyzer PROTO_LIST((void *handle, static int create_null_analyzer PROTO_LIST((void *handle,
proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
struct in_addr *i_addr,u_short i_port, struct sockaddr_storage *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); struct sockaddr_storage *r_addr,u_short r_port, struct timeval *base_time));
static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr,
u_short r_port, struct timeval *base_time) u_short r_port, struct timeval *base_time)
{ {
null_analyzer *obj=0; null_analyzer *obj=0;

View file

@ -17,8 +17,8 @@
static int init_pcap_logger PROTO_LIST((void * data)); static int init_pcap_logger PROTO_LIST((void * data));
static int deinit_pcap_logger PROTO_LIST(()); static int deinit_pcap_logger PROTO_LIST(());
static int create_pcap_logger PROTO_LIST((proto_obj **objp, struct in_addr *i_addr, static int create_pcap_logger PROTO_LIST((proto_obj **objp, struct sockaddr_storage *i_addr,
u_short i_port,struct in_addr *r_addr, u_short r_port, struct timeval *base_time)); u_short i_port,struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time));
static int destroy_pcap_logger PROTO_LIST((proto_obj **objp)); static int destroy_pcap_logger PROTO_LIST((proto_obj **objp));
static int data_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir)); static int data_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir));
static int close_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir)); static int close_pcap_logger PROTO_LIST((proto_obj *_obj, unsigned char *data,unsigned int len, int dir));
@ -52,7 +52,7 @@ static int deinit_pcap_logger()
return 0; return 0;
} }
static int create_pcap_logger(proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, u_short r_port, struct timeval *base_time) static int create_pcap_logger(proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr, u_short r_port, struct timeval *base_time)
{ {
int r,_status; int r,_status;
logpkt_ctx_t *pcap_obj=0; logpkt_ctx_t *pcap_obj=0;
@ -61,13 +61,15 @@ static int create_pcap_logger(proto_obj **objp, struct in_addr *i_addr, u_short
if(!(pcap_obj=(logpkt_ctx_t *)calloc(1,sizeof(logpkt_ctx_t)))) if(!(pcap_obj=(logpkt_ctx_t *)calloc(1,sizeof(logpkt_ctx_t))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
src_addr.sin_family = AF_INET; //src_addr.sin_family = AF_INET;
src_addr.sin_port = htons(i_port); //src_addr.sin_port = htons(i_port);
src_addr.sin_addr = *i_addr; //src_addr.sin_addr = *i_addr;
memcpy(&src_addr, i_addr, sizeof(struct sockaddr_in));
dst_addr.sin_family = AF_INET; //dst_addr.sin_family = AF_INET;
dst_addr.sin_port = htons(r_port); //dst_addr.sin_port = htons(r_port);
dst_addr.sin_addr = *r_addr; //dst_addr.sin_addr = *r_addr;
memcpy(&dst_addr, r_addr, sizeof(struct sockaddr_in));
logpkt_ctx_init(pcap_obj,NULL,0,content_pcap_src_ether, content_pcap_dst_ether, logpkt_ctx_init(pcap_obj,NULL,0,content_pcap_src_ether, content_pcap_dst_ether,
(const struct sockaddr*)&src_addr, sizeof(src_addr), (const struct sockaddr*)&src_addr, sizeof(src_addr),

View file

@ -46,6 +46,7 @@
#include <json-c/json.h> #include <json-c/json.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <netdb.h>
#include "network.h" #include "network.h"
#include "debug.h" #include "debug.h"
#include "sslprint.h" #include "sslprint.h"
@ -59,8 +60,8 @@ static int parse_ssl_flags PROTO_LIST((char *str));
static int create_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); static int create_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp));
static int create_ssl_analyzer PROTO_LIST((void *handle, static int create_ssl_analyzer PROTO_LIST((void *handle,
proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
struct in_addr *i_addr,u_short i_port, struct sockaddr_storage *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); struct sockaddr_storage *r_addr,u_short r_port, struct timeval *base_time));
static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp));
static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp)); static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp));
static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg, static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg,
@ -240,7 +241,7 @@ static int destroy_ssl_ctx(handle,ctxp)
} }
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, proto_obj **objp, struct sockaddr_storage *i_addr, u_short i_port, struct sockaddr_storage *r_addr,
u_short r_port, struct timeval *base_time) u_short r_port, struct timeval *base_time)
{ {
int r,_status; int r,_status;
@ -257,15 +258,12 @@ static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
if((r=create_r_queue(&obj->i2r_queue))) if((r=create_r_queue(&obj->i2r_queue)))
ABORT(r); ABORT(r);
lookuphostname(i_addr,&obj->client_name); obj->client_name = strndup(conn->i_name, NI_MAXHOST);
if(!(obj->client_ip=(char *)calloc(1,INET_ADDRSTRLEN))) obj->client_ip = strndup(conn->i_num, INET6_ADDRSTRLEN);
ABORT(R_NO_MEMORY);
inet_ntop(AF_INET, i_addr, obj->client_ip, INET_ADDRSTRLEN);
obj->client_port=i_port; obj->client_port=i_port;
lookuphostname(r_addr,&obj->server_name);
if(!(obj->server_ip=(char *)calloc(1,INET_ADDRSTRLEN))) obj->server_name = strndup(conn->r_name, NI_MAXHOST);
ABORT(R_NO_MEMORY); obj->server_ip = strndup(conn->r_num, INET6_ADDRSTRLEN);
inet_ntop(AF_INET, r_addr, obj->server_ip, INET_ADDRSTRLEN);
obj->server_port=r_port; obj->server_port=r_port;
obj->i_state=SSL_ST_SENT_NOTHING; obj->i_state=SSL_ST_SENT_NOTHING;