Merge pull request #83 from wllm-rbnt/lint

Global code linting + various fixes
This commit is contained in:
Alexandre Dulaunoy 2023-08-14 22:08:48 +02:00 committed by GitHub
commit e1796a8851
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
96 changed files with 8504 additions and 15176 deletions

183
.clang-format Normal file
View file

@ -0,0 +1,183 @@
---
Language: Cpp
# BasedOnStyle: Chromium
# with a few modifications
AccessModifierOffset: -1
AlignAfterOpenBracket: Align
AlignConsecutiveMacros: false
AlignConsecutiveAssignments: false
AlignConsecutiveBitFields: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlines: Left
AlignOperands: Align
AlignTrailingComments: true
AllowAllArgumentsOnNextLine: true
AllowAllConstructorInitializersOnNextLine: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortEnumsOnASingleLine: true
AllowShortBlocksOnASingleLine: Never
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: Inline
AllowShortLambdasOnASingleLine: All
AllowShortIfStatementsOnASingleLine: Never
AllowShortLoopsOnASingleLine: false
AlwaysBreakAfterDefinitionReturnType: None
AlwaysBreakAfterReturnType: None
AlwaysBreakBeforeMultilineStrings: true
AlwaysBreakTemplateDeclarations: Yes
BinPackArguments: true
BinPackParameters: false
BraceWrapping:
AfterCaseLabel: false
AfterClass: false
AfterControlStatement: Never
AfterEnum: false
AfterFunction: false
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: false
AfterUnion: false
AfterExternBlock: false
BeforeCatch: false
BeforeElse: false
BeforeLambdaBody: false
BeforeWhile: false
IndentBraces: false
SplitEmptyFunction: true
SplitEmptyRecord: true
SplitEmptyNamespace: true
BreakBeforeBinaryOperators: None
BreakBeforeBraces: Attach
BreakBeforeInheritanceComma: false
BreakInheritanceList: BeforeColon
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakConstructorInitializers: BeforeColon
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
ColumnLimit: 80
CommentPragmas: '^ IWYU pragma:'
CompactNamespaces: false
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
Cpp11BracedListStyle: true
DeriveLineEnding: true
DerivePointerAlignment: false
DisableFormat: false
ExperimentalAutoDetectBinPacking: false
FixNamespaceComments: true
ForEachMacros:
- foreach
- Q_FOREACH
- BOOST_FOREACH
IncludeBlocks: Preserve
IncludeCategories:
- Regex: '^<ext/.*\.h>'
Priority: 2
SortPriority: 0
- Regex: '^<.*\.h>'
Priority: 1
SortPriority: 0
- Regex: '^<.*'
Priority: 2
SortPriority: 0
- Regex: '.*'
Priority: 3
SortPriority: 0
IncludeIsMainRegex: '([-_](test|unittest))?$'
IncludeIsMainSourceRegex: ''
IndentCaseLabels: true
IndentCaseBlocks: false
IndentGotoLabels: true
IndentPPDirectives: None
IndentExternBlock: AfterExternBlock
IndentWidth: 2
IndentWrappedFunctionNames: false
InsertTrailingCommas: None
JavaScriptQuotes: Leave
JavaScriptWrapImports: true
KeepEmptyLinesAtTheStartOfBlocks: false
MacroBlockBegin: ''
MacroBlockEnd: ''
MaxEmptyLinesToKeep: 1
NamespaceIndentation: None
ObjCBinPackProtocolList: Never
ObjCBlockIndentWidth: 2
ObjCBreakBeforeNestedBlockParam: true
ObjCSpaceAfterProperty: false
ObjCSpaceBeforeProtocolList: true
PenaltyBreakAssignment: 2
PenaltyBreakBeforeFirstCallParameter: 1
PenaltyBreakComment: 300
PenaltyBreakFirstLessLess: 120
PenaltyBreakString: 1000
PenaltyBreakTemplateDeclaration: 10
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 200
PointerAlignment: Right
RawStringFormats:
- Language: Cpp
Delimiters:
- cc
- CC
- cpp
- Cpp
- CPP
- 'c++'
- 'C++'
CanonicalDelimiter: ''
BasedOnStyle: google
- Language: TextProto
Delimiters:
- pb
- PB
- proto
- PROTO
EnclosingFunctions:
- EqualsProto
- EquivToProto
- PARSE_PARTIAL_TEXT_PROTO
- PARSE_TEST_PROTO
- PARSE_TEXT_PROTO
- ParseTextOrDie
- ParseTextProtoOrDie
- ParseTestProto
- ParsePartialTestProto
CanonicalDelimiter: ''
BasedOnStyle: google
ReflowComments: true
SortIncludes: false
SortUsingDeclarations: true
SpaceAfterCStyleCast: false
SpaceAfterLogicalNot: false
SpaceAfterTemplateKeyword: true
SpaceBeforeAssignmentOperators: true
SpaceBeforeCpp11BracedList: false
SpaceBeforeCtorInitializerColon: true
SpaceBeforeInheritanceColon: true
SpaceBeforeParens: Never
SpaceBeforeRangeBasedForLoopColon: true
SpaceInEmptyBlock: false
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 2
SpacesInAngles: false
SpacesInConditionalStatement: false
SpacesInContainerLiterals: true
SpacesInCStyleCastParentheses: false
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpaceBeforeSquareBrackets: false
Standard: Auto
StatementMacros:
- Q_UNUSED
- QT_REQUIRE_VERSION
TabWidth: 8
UseCRLF: false
UseTab: Never
WhitespaceSensitiveMacros:
- STRINGIZE
- PP_STRINGIZE
- BOOST_PP_STRINGIZE
...

View file

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 3.16.3)
cmake_minimum_required(VERSION 3.13.4)
include(CheckSymbolExists)
project(

9
FILES
View file

@ -1,9 +0,0 @@
record-fmt.txt
record_analyze.c
record_analyze.h
targets.mk
CVS:
Entries
Repository
Root

View file

@ -29,7 +29,7 @@ For more details, check the man page.
This example will query ja3er.com service to display the known ja3 hashes from the TLS handshaked in the pcap.
`ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'`
`./ssldump -r yourcapture.pcap -j | jq -r 'select(.ja3_fp != null) | .ja3_fp' | parallel 'curl -s -X GET 'https://ja3er.com/search/{}' | jq .'`
# Why do you maintain this repository?

View file

@ -18,7 +18,7 @@
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Rescorla for
RTFM, Inc.
@ -35,7 +35,8 @@
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH
DAMAGE.
$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $
@ -43,8 +44,6 @@
ekr@rtfm.com Tue Dec 29 09:52:54 1998
*/
#include <sys/types.h>
#include <r_common.h>
#include "network.h"
@ -64,259 +63,251 @@
UINT4 NET_print_flags;
struct network_handler_ {
proto_mod *mod;
proto_ctx *ctx;
proto_mod *mod;
proto_ctx *ctx;
};
int network_handler_create(mod,handlerp)
proto_mod *mod;
n_handler **handlerp;
{
int r,_status;
n_handler *handler=0;
if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
ABORT(R_NO_MEMORY);
if(mod->vtbl->create_ctx){
if((r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)))
ABORT(r);
}
handler->mod=mod;
*handlerp=handler;
_status=0;
abort:
if(_status){
network_handler_destroy(mod, &handler);
}
return(_status);
int network_handler_create(proto_mod *mod, n_handler **handlerp) {
int r, _status;
n_handler *handler = 0;
if(!(handler = (n_handler *)malloc(sizeof(n_handler))))
ABORT(R_NO_MEMORY);
if(mod->vtbl->create_ctx) {
if((r = mod->vtbl->create_ctx(mod->handle, &handler->ctx)))
ABORT(r);
}
handler->mod = mod;
*handlerp = handler;
_status = 0;
abort:
if(_status) {
network_handler_destroy(mod, &handler);
}
return (_status);
}
int network_handler_destroy(proto_mod *mod, n_handler **handlerp) {
n_handler *handler = 0;
if(!handlerp || !*handlerp)
return (0);
handler = *handlerp;
mod->vtbl->destroy_ctx(mod->handle, &handler->ctx);
free(*handlerp);
*handlerp = 0;
return (0);
}
int network_process_packet(n_handler *handler,
struct timeval *timestamp,
UCHAR *data,
int length,
int af) {
int r;
int hlen;
packet p;
u_short off;
int proto;
/*We can pretty much ignore all the options*/
memcpy(&p.ts, timestamp, sizeof(struct timeval));
p.base = data;
p._len = length;
p.data = data;
p.len = length;
p.af = af;
if(p.len < 20) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf(
"Malformed packet, packet too small to contain IP header, skipping "
"...\n");
return (0);
}
int network_handler_destroy(mod,handlerp)
proto_mod *mod;
n_handler **handlerp;
{
n_handler *handler=0;
if(!handlerp || !*handlerp)
return(0);
memset(&p.i_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
memset(&p.r_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
handler = *handlerp;
if(af == AF_INET) {
p.l3_hdr.ip = (struct ip *)data;
memcpy(&p.i_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_src,
sizeof(struct in_addr));
p.i_addr.so_in.sin_family = AF_INET;
memcpy(&p.r_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_dst,
sizeof(struct in_addr));
p.r_addr.so_in.sin_family = AF_INET;
mod->vtbl->destroy_ctx(mod->handle,&handler->ctx);
free(*handlerp);
*handlerp=0;
return(0);
}
/*Handle, or rather mishandle, fragmentation*/
off = ntohs(p.l3_hdr.ip->ip_off);
int network_process_packet(handler,timestamp,data,length,af)
n_handler *handler;
struct timeval *timestamp;
UCHAR *data;
int length;
int af;
{
int r;
int hlen;
packet p;
u_short off;
int proto;
/*We can pretty much ignore all the options*/
memcpy(&p.ts,timestamp,sizeof(struct timeval));
p.base=data;
p._len=length;
p.data=data;
p.len=length;
p.af=af;
if((off & 0x1fff) || /*Later fragment*/
(off & 0x2000)) { /*More fragments*/
/* fprintf(stderr,"Fragmented packet! rejecting\n"); */
return (0);
}
if(p.len < 20) {
hlen = p.l3_hdr.ip->ip_hl * 4;
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip->ip_len);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, packet too small to contain IP header, skipping ...\n");
return(0);
printf(
"Malformed packet, size from IP header is larger than size "
"reported by libpcap, skipping ...\n");
return (0);
}
memset(&p.i_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
memset(&p.r_addr.so_st, 0x0, sizeof(struct sockaddr_storage));
if(p.len == 0) {
DBG((0,
"ip length reported as 0, presumed to be because of 'TCP "
"segmentation offload' (TSO)\n"));
p.len = p._len;
}
p.len -= hlen;
if(af == AF_INET) {
p.l3_hdr.ip=(struct ip *)data;
memcpy(&p.i_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_src, sizeof(struct in_addr));
p.i_addr.so_in.sin_family = AF_INET;
memcpy(&p.r_addr.so_in.sin_addr, &p.l3_hdr.ip->ip_dst, sizeof(struct in_addr));
p.r_addr.so_in.sin_family = AF_INET;
/*Handle, or rather mishandle, fragmentation*/
off=ntohs(p.l3_hdr.ip->ip_off);
if((off & 0x1fff) || /*Later fragment*/
(off & 0x2000)){ /*More fragments*/
/* fprintf(stderr,"Fragmented packet! rejecting\n"); */
return(0);
}
hlen=p.l3_hdr.ip->ip_hl * 4;
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip->ip_len);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n");
return(0);
}
if (p.len == 0) {
DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n"));
p.len = p._len;
}
p.len -= hlen;
proto = p.l3_hdr.ip->ip_p;
} else {
p.l3_hdr.ip6=(struct ip6_hdr *)data;
memcpy(&p.i_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_src, sizeof(struct in6_addr));
p.i_addr.so_in6.sin6_family = AF_INET6;
memcpy(&p.r_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_dst, sizeof(struct in6_addr));
p.r_addr.so_in6.sin6_family = AF_INET6;
// Skip packets with header extensions
if(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) {
return 0;
}
hlen=40; // Fixed header size with no extension
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, size from IP header is larger than size reported by libpcap, skipping ...\n");
return(0);
}
if (p.len == 0) {
DBG((0,"ip length reported as 0, presumed to be because of 'TCP segmentation offload' (TSO)\n"));
p.len = p._len;
}
proto = p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
proto = p.l3_hdr.ip->ip_p;
} else {
p.l3_hdr.ip6 = (struct ip6_hdr *)data;
memcpy(&p.i_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_src,
sizeof(struct in6_addr));
p.i_addr.so_in6.sin6_family = AF_INET6;
memcpy(&p.r_addr.so_in6.sin6_addr, &p.l3_hdr.ip6->ip6_dst,
sizeof(struct in6_addr));
p.r_addr.so_in6.sin6_family = AF_INET6;
// Skip packets with header extensions
if(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt != IPPROTO_TCP) {
return 0;
}
switch(proto){
case IPPROTO_TCP:
if((r=process_tcp_packet(handler->mod,handler->ctx,&p)))
ERETURN(r);
break;
hlen = 40; // Fixed header size with no extension
p.data += hlen;
p.len = ntohs(p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
if(p.len > length) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf(
"Malformed packet, size from IP header is larger than size "
"reported by libpcap, skipping ...\n");
return (0);
}
return(0);
if(p.len == 0) {
DBG((0,
"ip length reported as 0, presumed to be because of 'TCP "
"segmentation offload' (TSO)\n"));
p.len = p._len;
}
proto = p.l3_hdr.ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
}
int packet_copy(in,out)
packet *in;
packet **out;
{
int _status;
packet *p=0;
if(!(p=(packet *)calloc(1,sizeof(packet))))
ABORT(R_NO_MEMORY);
memcpy(&p->ts,&in->ts,sizeof(struct timeval));
if(!(p->base=(UCHAR *)malloc(in->_len)))
ABORT(R_NO_MEMORY);
memcpy(p->base,in->base,p->_len=in->_len);
p->data=p->base + (in->data - in->base);
p->len=in->len;
p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base));
p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base));
*out=p;
_status=0;
abort:
if(_status){
packet_destroy(p);
}
return(_status);
switch(proto) {
case IPPROTO_TCP:
if((r = process_tcp_packet(handler->mod, handler->ctx, &p)))
ERETURN(r);
break;
}
int packet_destroy(p)
packet *p;
{
if(!p)
return(0);
return (0);
}
FREE(p->base);
FREE(p);
return(0);
int packet_copy(packet *in, packet **out) {
int _status;
packet *p = 0;
if(!(p = (packet *)calloc(1, sizeof(packet))))
ABORT(R_NO_MEMORY);
memcpy(&p->ts, &in->ts, sizeof(struct timeval));
if(!(p->base = (UCHAR *)malloc(in->_len)))
ABORT(R_NO_MEMORY);
memcpy(p->base, in->base, p->_len = in->_len);
p->data = p->base + (in->data - in->base);
p->len = in->len;
p->ip = (struct ip *)(p->base + ((UCHAR *)in->ip - in->base));
p->tcp = (struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base));
*out = p;
_status = 0;
abort:
if(_status) {
packet_destroy(p);
}
int timestamp_diff(t1,t0,diff)
struct timeval *t1;
struct timeval *t0;
struct timeval *diff;
{
long d;
return (_status);
}
if(t0->tv_sec > t1->tv_sec)
ERETURN(R_BAD_ARGS);
int packet_destroy(packet *p) {
if(!p)
return (0);
/*Easy case*/
if(t0->tv_usec <= t1->tv_usec){
diff->tv_sec=t1->tv_sec - t0->tv_sec;
diff->tv_usec=t1->tv_usec - t0->tv_usec;
return(0);
}
FREE(p->base);
FREE(p);
return (0);
}
/*Hard case*/
d=t0->tv_usec - t1->tv_usec;
if(t1->tv_sec < (t0->tv_sec + 1))
ERETURN(R_BAD_ARGS);
diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1);
diff->tv_usec=1000000 - d;
int timestamp_diff(struct timeval *t1,
struct timeval *t0,
struct timeval *diff) {
long d;
return(0);
if(t0->tv_sec > t1->tv_sec)
ERETURN(R_BAD_ARGS);
/*Easy case*/
if(t0->tv_usec <= t1->tv_usec) {
diff->tv_sec = t1->tv_sec - t0->tv_sec;
diff->tv_usec = t1->tv_usec - t0->tv_usec;
return (0);
}
/*Hard case*/
d = t0->tv_usec - t1->tv_usec;
if(t1->tv_sec < (t0->tv_sec + 1))
ERETURN(R_BAD_ARGS);
diff->tv_sec = t1->tv_sec - (t0->tv_sec + 1);
diff->tv_usec = 1000000 - d;
int lookuphostname(so_st,namep)
struct sockaddr_storage *so_st;
char **namep;
{
int r = 1;
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
return (0);
}
if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)) {
r = getnameinfo((struct sockaddr *) so_st, sizeof(struct sockaddr_storage), *namep, NI_MAXHOST, NULL, 0, 0);
}
int lookuphostname(struct sockaddr_storage *so_st, char **namep) {
int r = 1;
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
if(r) {
if(so_st->ss_family == AF_INET) {
addr = &((struct sockaddr_in *) so_st)->sin_addr;
} else {
addr = &((struct sockaddr_in6 *) so_st)->sin6_addr;
}
inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN);
}
return(0);
if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)) {
r = getnameinfo((struct sockaddr *)so_st, sizeof(struct sockaddr_storage),
*namep, NI_MAXHOST, NULL, 0, 0);
}
int addrtotext(so_st,namep)
struct sockaddr_storage *so_st;
char **namep;
{
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
if(r) {
if(so_st->ss_family == AF_INET) {
addr = &((struct sockaddr_in *) so_st)->sin_addr;
addr = &((struct sockaddr_in *)so_st)->sin_addr;
} else {
addr = &((struct sockaddr_in6 *) so_st)->sin6_addr;
addr = &((struct sockaddr_in6 *)so_st)->sin6_addr;
}
inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN);
return(0);
}
return (0);
}
int addrtotext(struct sockaddr_storage *so_st, char **namep) {
*namep = calloc(1, NI_MAXHOST);
void *addr = NULL;
if(so_st->ss_family == AF_INET) {
addr = &((struct sockaddr_in *)so_st)->sin_addr;
} else {
addr = &((struct sockaddr_in6 *)so_st)->sin6_addr;
}
inet_ntop(so_st->ss_family, addr, *namep, INET6_ADDRSTRLEN);
return (0);
}

View file

@ -18,7 +18,7 @@
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Rescorla for
RTFM, Inc.
@ -35,7 +35,8 @@
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE.
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH
DAMAGE.
$Id: network.h,v 1.3 2001/09/14 22:29:14 ekr Exp $
@ -43,7 +44,6 @@
ekr@rtfm.com Tue Dec 29 09:53:50 1998
*/
#ifndef _network_h
#define _network_h
@ -74,44 +74,47 @@ typedef struct proto_mod_ proto_mod;
typedef struct proto_handler_ proto_handler;
typedef struct packet_ packet;
int network_handler_create PROTO_LIST((proto_mod *mod,
n_handler **handlerp));
int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp));
int network_process_packet PROTO_LIST((n_handler *handler,
struct timeval *timestamp,UCHAR *data,int length,int af));
int packet_copy PROTO_LIST((packet *in,packet **out));
int packet_destroy PROTO_LIST((packet *p));
int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0,
struct timeval *diff));
int lookuphostname PROTO_LIST((struct sockaddr_storage *addr,char **name));
int addrtotext PROTO_LIST((struct sockaddr_storage *addr,char **name));
int network_handler_create PROTO_LIST((proto_mod * mod, n_handler **handlerp));
int network_handler_destroy PROTO_LIST((proto_mod * mod, n_handler **handlerp));
int network_process_packet PROTO_LIST((n_handler * handler,
struct timeval *timestamp,
UCHAR *data,
int length,
int af));
int packet_copy PROTO_LIST((packet * in, packet **out));
int packet_destroy PROTO_LIST((packet * p));
int timestamp_diff PROTO_LIST((struct timeval * t1,
struct timeval *t0,
struct timeval *diff));
int lookuphostname PROTO_LIST((struct sockaddr_storage * addr, char **name));
int addrtotext PROTO_LIST((struct sockaddr_storage * addr, char **name));
struct packet_ {
struct timeval ts;
UCHAR *base; /*The base of the packet*/
int _len;
UCHAR *data; /*The data ptr appropriate to this layer*/
int len; /*The length of the data segment*/
/*These just save us the effort of doing casts to the data
segments*/
struct ip *ip; /*The IP header*/
int af;
union {
struct ip *ip; /*The IP header*/
struct ip6_hdr *ip6; /*The IP header*/
} l3_hdr;
struct tcphdr *tcp; /*The TCP header*/
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} i_addr;
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} r_addr;
struct timeval ts;
UCHAR *base; /*The base of the packet*/
int _len;
UCHAR *data; /*The data ptr appropriate to this layer*/
int len; /*The length of the data segment*/
/*These just save us the effort of doing casts to the data
segments*/
struct ip *ip; /*The IP header*/
int af;
union {
struct ip *ip; /*The IP header*/
struct ip6_hdr *ip6; /*The IP header*/
} l3_hdr;
struct tcphdr *tcp; /*The TCP header*/
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} i_addr;
union {
struct sockaddr_storage so_st;
struct sockaddr_in so_in;
struct sockaddr_in6 so_in6;
} r_addr;
};
#include "tcpconn.h"
@ -119,11 +122,10 @@ struct packet_ {
extern UINT4 NET_print_flags;
#define NET_PRINT_TCP_HDR 1
#define NET_PRINT_TYPESET 2
#define NET_PRINT_ACKS 4
#define NET_PRINT_NO_RESOLVE 8
#define NET_PRINT_JSON 16
#define NET_PRINT_TS 32
#define NET_PRINT_TCP_HDR 1
#define NET_PRINT_TYPESET 2
#define NET_PRINT_ACKS 4
#define NET_PRINT_NO_RESOLVE 8
#define NET_PRINT_JSON 16
#define NET_PRINT_TS 32
#endif

View file

@ -19,7 +19,7 @@
with the distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgement:
This product includes software developed by Eric Rescorla for
RTFM, Inc.
@ -46,9 +46,6 @@
ekr@rtfm.com Tue Dec 29 10:17:41 1998
*/
#include <pcap.h>
#include <unistd.h>
#ifndef __OpenBSD__
@ -80,497 +77,491 @@
#include "pcap_logger.h"
#ifndef ETHERTYPE_8021Q
# define ETHERTYPE_8021Q 0x8100
#define ETHERTYPE_8021Q 0x8100
#endif
char *collapse_args PROTO_LIST((int argc,char **argv));
static int pcap_if_type=DLT_NULL;
int err_exit PROTO_LIST((char *str,int num));
char *collapse_args PROTO_LIST((int argc, char **argv));
static int pcap_if_type = DLT_NULL;
int err_exit PROTO_LIST((char *str, int num));
int usage PROTO_LIST((void));
int print_version PROTO_LIST((void));
void sig_handler PROTO_LIST((int sig));
void pcap_cb PROTO_LIST((u_char *ptr,const struct pcap_pkthdr *hdr,const u_char *data));
int main PROTO_LIST((int argc,char **argv));
void pcap_cb PROTO_LIST((u_char * ptr,
const struct pcap_pkthdr *hdr,
const u_char *data));
int main PROTO_LIST((int argc, char **argv));
int packet_cnt = 0; // Packet counter used for connection pool cleaning
int conn_freq = 100; // Number of packets after which a connection pool
// cleaning is performed
int conn_ttl = 100; // TTL of inactive connections in connection pool
struct timeval last_packet_seen_time = // Timestamp of the last packet of the
(struct timeval) {0}; // last block of conn_freq packets seen
int packet_cnt = 0; // Packet counter used for connection pool cleaning
int conn_freq = 100; // Number of packets after which a connection pool
// cleaning is performed
int conn_ttl = 100; // TTL of inactive connections in connection pool
struct timeval last_packet_seen_time = // Timestamp of the last packet of the
(struct timeval){0}; // last block of conn_freq packets seen
logger_mod *logger=NULL;
logger_mod *logger = NULL;
int err_exit(str,num)
char *str;
int num;
{
fprintf(stderr,"ERROR: %s\n",str);
sig_handler(SIGQUIT);
exit(num);
}
int err_exit(char *str, int num) {
fprintf(stderr, "ERROR: %s\n", str);
sig_handler(SIGQUIT);
exit(num);
}
int usage()
{
fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] [-l sslkeylogfile] [-w outpcapfile]\n");
fprintf(stderr," [-k keyfile] [-p password] [-vtaTznsAxVNde]\n");
fprintf(stderr," [filter]\n");
exit(0);
}
int usage(void) {
fprintf(stderr,
"Usage: ssldump [-r dumpfile] [-i interface] [-l sslkeylogfile] [-w "
"outpcapfile]\n");
fprintf(stderr,
" [-k keyfile] [-p password] [-vtaTznsAxVNde]\n");
fprintf(stderr, " [filter]\n");
exit(0);
}
int print_version()
{
printf("Version: @ssldump_VERSION@ (@ssldump_DESCRIPTION@)\n");
printf("Maintained by a bunch of volunteers, see https://github.com/adulau/ssldump/blob/master/CREDITS\n");
printf("Copyright (C) 2015-2023 the aforementioned volunteers\n");
printf("Copyright (C) 1998-2001 RTFM, Inc.\n");
printf("All rights reserved.\n");
#ifdef OPENSSL
printf("Compiled with OpenSSL: decryption enabled\n");
#endif
exit(0);
}
int print_version(void) {
printf("Version: @ssldump_VERSION@ (@ssldump_DESCRIPTION@)\n");
printf(
"Maintained by a bunch of volunteers, see "
"https://github.com/adulau/ssldump/blob/master/CREDITS\n");
printf("Copyright (C) 2015-2023 the aforementioned volunteers\n");
printf("Copyright (C) 1998-2001 RTFM, Inc.\n");
printf("All rights reserved.\n");
#ifdef OPENSSL
printf("Compiled with OpenSSL: decryption enabled\n");
#endif
exit(0);
}
pcap_t *p;
proto_mod *mod=&ssl_mod;
proto_mod *mod = &ssl_mod;
n_handler *n;
char *interface_name=0;
char *file=0;
char *filter=0;
void sig_handler(int sig)
{
int freed_conn = 0;
fflush(stdout);
if (logger)
logger->vtbl->deinit();
char *interface_name = 0;
char *file = 0;
char *filter = 0;
void sig_handler(int sig) {
int freed_conn = 0;
fflush(stdout);
if(logger)
logger->vtbl->deinit();
freed_conn = destroy_all_conn();
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
freed_conn = destroy_all_conn();
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n",
freed_conn);
network_handler_destroy(mod, &n);
network_handler_destroy(mod, &n);
if(p)
pcap_close(p);
if(interface_name)
free(interface_name);
if(filter)
free(filter);
if(file)
free(file);
if(p)
pcap_close(p);
if(interface_name)
free(interface_name);
if(filter)
free(filter);
if(file)
free(file);
exit(sig);
}
void pcap_cb(ptr,hdr,data)
u_char *ptr;
const struct pcap_pkthdr *hdr;
const u_char *data;
{
n_handler *n;
int len;
struct ether_header *e_hdr=(struct ether_header *)data;
int type, cleaned_conn;
n=(n_handler *)ptr;
if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1);
exit(sig);
}
len=hdr->len;
switch(pcap_if_type){
case DLT_RAW:
void pcap_cb(u_char *ptr, const struct pcap_pkthdr *hdr, const u_char *data) {
n_handler *n;
int len;
struct ether_header *e_hdr = (struct ether_header *)data;
int type, cleaned_conn;
n = (n_handler *)ptr;
if(hdr->caplen != hdr->len)
err_exit("Length mismatch", -1);
len = hdr->len;
switch(pcap_if_type) {
case DLT_RAW:
#ifdef DLT_LOOP
case DLT_LOOP:
case DLT_LOOP:
#endif
case DLT_NULL:
data+=4;
len-=4;
break;
case DLT_EN10MB:
if(len < sizeof(struct ether_header)) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Frame size too small to contain Ethernet header, skipping ...\n");
return;
}
case DLT_NULL:
data += 4;
len -= 4;
break;
case DLT_EN10MB:
if(len < sizeof(struct ether_header)) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf(
"Frame size too small to contain Ethernet header, skipping "
"...\n");
return;
}
type=ntohs(e_hdr->ether_type);
type = ntohs(e_hdr->ether_type);
data+=sizeof(struct ether_header);
len-=sizeof(struct ether_header);
data += sizeof(struct ether_header);
len -= sizeof(struct ether_header);
/* if vlans, push past VLAN header (4 bytes) */
if(type==ETHERTYPE_8021Q) {
type=ntohs(*(u_int16_t *)(data + 2));
/* if vlans, push past VLAN header (4 bytes) */
if(type == ETHERTYPE_8021Q) {
type = ntohs(*(u_int16_t *)(data + 2));
data+=4;
len+=4;
}
data += 4;
len += 4;
}
if(type!=ETHERTYPE_IP && type!=ETHERTYPE_IPV6)
return;
if(type != ETHERTYPE_IP && type != ETHERTYPE_IPV6)
return;
break;
case DLT_IEEE802:
data+=22;
len-=22;
break;
case DLT_FDDI:
data+=21;
len-=21;
break;
break;
case DLT_IEEE802:
data += 22;
len -= 22;
break;
case DLT_FDDI:
data += 21;
len -= 21;
break;
#ifdef __amigaos__
case DLT_MIAMI:
data+=16;
len-=16;
break;
case DLT_MIAMI:
data += 16;
len -= 16;
break;
#endif
case DLT_SLIP:
case DLT_SLIP:
#ifdef DLT_SLIP_BSDOS
case DLT_SLIP_BSDOS:
case DLT_SLIP_BSDOS:
#endif
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
data+=16;
len-=16;
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \
defined(__bsdi__) || defined(__APPLE__)
data += 16;
len -= 16;
#else
data+=24;
len-=24;
data += 24;
len -= 24;
#endif
break;
case DLT_PPP:
break;
case DLT_PPP:
#ifdef DLT_PPP_BSDOS
case DLT_PPP_BSDOS:
case DLT_PPP_BSDOS:
#endif
#ifdef DLT_PPP_SERIAL
case DLT_PPP_SERIAL:
case DLT_PPP_SERIAL:
#endif
#ifdef DLT_PPP_ETHER
case DLT_PPP_ETHER:
case DLT_PPP_ETHER:
#endif
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
data+=4;
len-=4;
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \
defined(__bsdi__) || defined(__APPLE__)
data += 4;
len -= 4;
#else
#if defined(sun) || defined(__sun)
data+=8;
len-=8;
data += 8;
len -= 8;
#else
data+=24;
len-=24;
data += 24;
len -= 24;
#endif
#endif
break;
break;
#ifdef DLT_ENC
case DLT_ENC:
data+=12;
len-=12;
break;
case DLT_ENC:
data += 12;
len -= 12;
break;
#endif
#ifdef DLT_LINUX_SLL
case DLT_LINUX_SLL:
data+=16;
len-=16;
break;
case DLT_LINUX_SLL:
data += 16;
len -= 16;
break;
#endif
#ifdef DLT_IPNET
case DLT_IPNET:
data+=24;
len-=24;
break;
case DLT_IPNET:
data += 24;
len -= 24;
break;
#endif
}
if(type == ETHERTYPE_IPV6)
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET6);
else
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len, AF_INET);
if(packet_cnt == conn_freq) {
packet_cnt = 0;
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
if((cleaned_conn = clean_old_conn()) && !(NET_print_flags & NET_PRINT_JSON))
printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn);
} else {
packet_cnt++;
}
}
if(type == ETHERTYPE_IPV6)
network_process_packet(n, (struct timeval *)&hdr->ts, (u_char *)data, len,
AF_INET6);
else
network_process_packet(n, (struct timeval *)&hdr->ts, (u_char *)data, len,
AF_INET);
if(packet_cnt == conn_freq) {
packet_cnt = 0;
memcpy(&last_packet_seen_time, &hdr->ts, sizeof(struct timeval));
if((cleaned_conn = clean_old_conn()) && !(NET_print_flags & NET_PRINT_JSON))
printf("%d inactive connection(s) cleaned from connection pool\n",
cleaned_conn);
} else {
packet_cnt++;
}
}
typedef struct module_def_ {
char *name;
proto_mod *mod;
char *name;
proto_mod *mod;
} module_def;
static module_def modules[]={
{"SSL",&ssl_mod},
{"NULL",&null_mod},
static module_def modules[] = {{"SSL", &ssl_mod},
{"NULL", &null_mod},
#ifdef ENABLE_RECORD
{"RECORD",&record_mod},
{"RECORD", &record_mod},
#endif
{0,0}
};
{0, 0}};
int parse_ssl_flag PROTO_LIST((int c));
int main(argc,argv)
int argc;
char **argv;
{
int r;
int main(int argc, char **argv) {
int r;
#ifdef _WIN32
__declspec(dllimport) char *optarg;
__declspec(dllimport) int optind;
__declspec(dllimport) char *optarg;
__declspec(dllimport) int optind;
#else
extern char *optarg;
extern int optind;
extern char *optarg;
extern int optind;
#endif
pcap_if_t *interfaces;
bpf_u_int32 localnet,netmask;
int c;
module_def *m=0;
int no_promiscuous=0;
int freed_conn=0;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_if_t *interfaces;
bpf_u_int32 localnet, netmask;
int c;
module_def *m = 0;
int no_promiscuous = 0;
int freed_conn = 0;
signal(SIGINT,sig_handler);
while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:znsAxXhHVNdqem:P"))!=EOF){
switch(c){
case 'v':
print_version();
break;
case 'f':
fprintf(stderr,"-f option replaced by -r. Use that in the future\n");
case 'r':
file=strdup(optarg);
break;
case 'S':
ssl_mod.vtbl->parse_flags(optarg);
break;
case 'y':
NET_print_flags|=NET_PRINT_TYPESET;
/*Kludge*/
SSL_print_flags |= SSL_PRINT_NROFF;
break;
case 'j':
NET_print_flags |= NET_PRINT_JSON;
SSL_print_flags |= SSL_PRINT_JSON;
break;
case 'z':
NET_print_flags |= NET_PRINT_TS;
break;
case 'a':
NET_print_flags |= NET_PRINT_ACKS;
break;
case 'A':
SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
break;
case 'T':
NET_print_flags |= NET_PRINT_TCP_HDR;
break;
case 'i':
interface_name=strdup(optarg);
break;
case 'k':
SSL_keyfile=strdup(optarg);
break;
case 'l':
SSL_keylogfile=strdup(optarg);
break;
case 'w':
logger=&pcap_mod;
if(logger->vtbl->init(optarg)!=0){
fprintf(stderr,"Can not open/create out pcap %s\n",
optarg);
exit(1);
}
break;
case 'p':
SSL_password=strdup(optarg);
break;
case 'P':
++no_promiscuous;
break;
case 'n':
NET_print_flags |= NET_PRINT_NO_RESOLVE;
break;
case 't':
conn_ttl=atoi(optarg);
break;
case 'F':
conn_freq=atoi(optarg);
break;
case 'm':
for(m=modules;m->name!=0;m++){
if(!strcmp(m->name,optarg)){
mod=m->mod;
break;
}
}
if(!m->name){
fprintf(stderr,"Request analysis module %s not found\n",
optarg);
exit(1);
}
break;
case 'h':
usage();
printf("Do 'man ssldump' for documentation\n");
char errbuf[PCAP_ERRBUF_SIZE];
signal(SIGINT, sig_handler);
while((c = getopt(argc, argv, "vr:F:f:S:jyTt:ai:k:l:w:p:znsAxXhHVNdqem:P")) !=
EOF) {
switch(c) {
case 'v':
print_version();
break;
case 'f':
fprintf(stderr, "-f option replaced by -r. Use that in the future\n");
case 'r':
file = strdup(optarg);
break;
case 'S':
ssl_mod.vtbl->parse_flags(optarg);
break;
case 'y':
NET_print_flags |= NET_PRINT_TYPESET;
/*Kludge*/
SSL_print_flags |= SSL_PRINT_NROFF;
break;
case 'j':
NET_print_flags |= NET_PRINT_JSON;
SSL_print_flags |= SSL_PRINT_JSON;
break;
case 'z':
NET_print_flags |= NET_PRINT_TS;
break;
case 'a':
NET_print_flags |= NET_PRINT_ACKS;
break;
case 'A':
SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
break;
case 'T':
NET_print_flags |= NET_PRINT_TCP_HDR;
break;
case 'i':
interface_name = strdup(optarg);
break;
case 'k':
SSL_keyfile = strdup(optarg);
break;
case 'l':
SSL_keylogfile = strdup(optarg);
break;
case 'w':
logger = &pcap_mod;
if(logger->vtbl->init(optarg) != 0) {
fprintf(stderr, "Can not open/create out pcap %s\n", optarg);
exit(1);
case '?':
usage();
exit(1);
/* must be an SSL flag. This is kind of a gross
special case */
default:
parse_ssl_flag(c);
break;
}
}
argv+=optind;
argc-=optind;
if(!file){