Branch data Line data Source code
1 : : /*
2 : : *****************************************************************************
3 : : *
4 : : * File: process_packet.c
5 : : *
6 : : * Purpose: Packet parser/decoder for fwknopd server. Takes the raw packet
7 : : * data from libpcap and parses/extracts the packet data payload,
8 : : * then creates an FKO context with that data. If the context
9 : : * creation is successful, it is queued for processing.
10 : : *
11 : : * Fwknop is developed primarily by the people listed in the file 'AUTHORS'.
12 : : * Copyright (C) 2009-2014 fwknop developers and contributors. For a full
13 : : * list of contributors, see the file 'CREDITS'.
14 : : *
15 : : * License (GNU General Public License):
16 : : *
17 : : * This program is free software; you can redistribute it and/or
18 : : * modify it under the terms of the GNU General Public License
19 : : * as published by the Free Software Foundation; either version 2
20 : : * of the License, or (at your option) any later version.
21 : : *
22 : : * This program is distributed in the hope that it will be useful,
23 : : * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 : : * GNU General Public License for more details.
26 : : *
27 : : * You should have received a copy of the GNU General Public License
28 : : * along with this program; if not, write to the Free Software
29 : : * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30 : : * USA
31 : : *
32 : : *****************************************************************************
33 : : */
34 : :
35 : : #if USE_LIBPCAP
36 : : #include <pcap.h>
37 : : #endif
38 : :
39 : : #include "fwknopd_common.h"
40 : : #include "netinet_common.h"
41 : : #include "process_packet.h"
42 : : #include "incoming_spa.h"
43 : : #include "utils.h"
44 : : #include "log_msg.h"
45 : :
46 : : #if USE_LIBPCAP
47 : :
48 : : void
49 : 17359 : process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
50 : : const unsigned char *packet)
51 : : {
52 : : struct ether_header *eth_p;
53 : : struct iphdr *iph_p;
54 : : struct tcphdr *tcph_p;
55 : : struct udphdr *udph_p;
56 : : struct icmphdr *icmph_p;
57 : :
58 : : unsigned char *pkt_data;
59 : : unsigned short pkt_data_len;
60 : : unsigned char *pkt_end;
61 : : unsigned char *fr_end;
62 : :
63 : : unsigned int ip_hdr_words;
64 : :
65 : : unsigned char proto;
66 : : unsigned int src_ip;
67 : : unsigned int dst_ip;
68 : :
69 : 17359 : unsigned short src_port = 0;
70 : 17359 : unsigned short dst_port = 0;
71 : :
72 : : unsigned short eth_type;
73 : :
74 : 17359 : fko_srv_options_t *opts = (fko_srv_options_t *)args;
75 : :
76 : 17359 : int offset = opts->data_link_offset;
77 : :
78 : 17359 : unsigned short pkt_len = packet_header->len;
79 : :
80 : : /* This is a hack to determine if we are using the linux cooked
81 : : * interface. We base it on the offset being 16 which is the
82 : : * value it would be if the datalink is DLT_LINUX_SLL. I don't
83 : : * know if this is the correct way to do this, but it seems to work.
84 : : */
85 : 17359 : unsigned char assume_cooked = (offset == 16 ? 1 : 0);
86 : :
87 : : /* Determine packet end.
88 : : */
89 : 17359 : fr_end = (unsigned char *) packet + packet_header->caplen;
90 : :
91 : : /* The ethernet header.
92 : : */
93 : 17359 : eth_p = (struct ether_header*) packet;
94 : :
95 : : /* Gotta have a complete ethernet header.
96 : : */
97 [ + - ]: 17359 : if (packet_header->caplen < ETHER_HDR_LEN)
98 : : return;
99 : :
100 [ - + ]: 17359 : eth_type = ntohs(*((unsigned short*)ð_p->ether_type));
101 : :
102 [ - + ]: 17359 : if(eth_type == 0x8100) /* 802.1q encapsulated */
103 : : {
104 : 0 : offset += 4;
105 [ # # ]: 0 : eth_type = ntohs(*(((unsigned short*)ð_p->ether_type)+2));
106 : : }
107 : :
108 : : /* When using libpcap, pkthdr->len for 802.3 frames include CRC_LEN,
109 : : * but Ethenet_II frames do not.
110 : : */
111 [ + - ]: 17359 : if (eth_type > 1500 || assume_cooked == 1)
112 : : {
113 : 17359 : pkt_len += ETHER_CRC_LEN;
114 : :
115 [ - + ]: 17359 : if(eth_type == 0xAAAA) /* 802.2 SNAP */
116 : 0 : offset += 5;
117 : : }
118 : : else /* 802.3 Frame */
119 : 0 : offset += 3;
120 : :
121 : : /* Make sure the packet length is still valid.
122 : : */
123 [ + + ]: 17359 : if (! ETHER_IS_VALID_LEN(pkt_len) )
124 : : return;
125 : :
126 : : /* Pull the IP header.
127 : : */
128 : 17350 : iph_p = (struct iphdr*)(packet + offset);
129 : :
130 : : /* If IP header is past calculated packet end, bail.
131 : : */
132 [ + - ]: 17350 : if ((unsigned char*)(iph_p + 1) > fr_end)
133 : : return;
134 : :
135 : : /* ip_hdr_words is the number of 32 bit words in the IP header. After
136 : : * masking of the IPV4 version bits, the number *must* be at least
137 : : * 5, even without options.
138 : : */
139 : 17350 : ip_hdr_words = iph_p->ihl & IPV4_VER_MASK;
140 : :
141 [ + + ]: 17350 : if (ip_hdr_words < MIN_IPV4_WORDS)
142 : : return;
143 : :
144 : : /* Make sure to calculate the packet end based on the length in the
145 : : * IP header. This allows additional bytes that may be added to the
146 : : * frame (such as a 4-byte Ethernet Frame Check Sequence) to not
147 : : * interfere with SPA operations.
148 : : */
149 [ - + ]: 17330 : pkt_end = ((unsigned char*)iph_p)+ntohs(iph_p->tot_len);
150 [ + - ]: 17330 : if(pkt_end > fr_end)
151 : : return;
152 : :
153 : : /* Now, find the packet data payload (depending on IPPROTO).
154 : : */
155 : 17330 : src_ip = iph_p->saddr;
156 : 17330 : dst_ip = iph_p->daddr;
157 : :
158 : 17330 : proto = iph_p->protocol;
159 : :
160 [ + + ]: 17330 : if (proto == IPPROTO_TCP)
161 : : {
162 : : /* Process TCP packet
163 : : */
164 : 18 : tcph_p = (struct tcphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
165 : :
166 [ - + ]: 18 : src_port = ntohs(tcph_p->source);
167 [ - + ]: 18 : dst_port = ntohs(tcph_p->dest);
168 : :
169 : 18 : pkt_data = ((unsigned char*)(tcph_p+1))+((tcph_p->doff)<<2)-sizeof(struct tcphdr);
170 : :
171 : 18 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
172 : : }
173 [ + + ]: 17312 : else if (proto == IPPROTO_UDP)
174 : : {
175 : : /* Process UDP packet
176 : : */
177 : 17310 : udph_p = (struct udphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
178 : :
179 [ - + ]: 17310 : src_port = ntohs(udph_p->source);
180 [ - + ]: 17310 : dst_port = ntohs(udph_p->dest);
181 : :
182 : 17310 : pkt_data = ((unsigned char*)(udph_p + 1));
183 : 17310 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
184 : : }
185 [ + - ]: 2 : else if (proto == IPPROTO_ICMP)
186 : : {
187 : : /* Process ICMP packet
188 : : */
189 : 2 : icmph_p = (struct icmphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
190 : :
191 : 2 : pkt_data = ((unsigned char*)(icmph_p + 1));
192 : 2 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
193 : : }
194 : :
195 : : else
196 : : return;
197 : :
198 : : /*
199 : : * Now we have data. For now, we are not checking IP or port values. We
200 : : * are relying on the pcap filter. This may change so we do retain the IP
201 : : * addresses and ports just in case. We just go ahead and queue the
202 : : * data.
203 : : */
204 : :
205 : : /* Expect the data to be at least the minimum required size. This check
206 : : * will weed out a lot of things like small TCP ACK's if the user has a
207 : : * permissive pcap filter
208 : : */
209 [ + + ]: 17330 : if(pkt_data_len < MIN_SPA_DATA_SIZE)
210 : : return;
211 : :
212 : : /* Expect the data to not be too large
213 : : */
214 [ + - ]: 17314 : if(pkt_data_len > MAX_SPA_PACKET_LEN)
215 : : return;
216 : :
217 : : /* Copy the packet for SPA processing
218 : : */
219 : 17314 : strlcpy((char *)opts->spa_pkt.packet_data, (char *)pkt_data, pkt_data_len+1);
220 : 17314 : opts->spa_pkt.packet_data_len = pkt_data_len;
221 : 17314 : opts->spa_pkt.packet_proto = proto;
222 : 17314 : opts->spa_pkt.packet_src_ip = src_ip;
223 : 17314 : opts->spa_pkt.packet_dst_ip = dst_ip;
224 : 17314 : opts->spa_pkt.packet_src_port = src_port;
225 : 17314 : opts->spa_pkt.packet_dst_port = dst_port;
226 : :
227 : 17314 : incoming_spa(opts);
228 : :
229 : 17314 : return;
230 : : }
231 : :
232 : : #endif /* USE_LIBPCAP */
233 : :
234 : : /***EOF***/
|
