Branch data Line data Source code
1 : : /*
2 : : *****************************************************************************
3 : : *
4 : : * File: process_packet.c
5 : : *
6 : : * Purpose: Packet parser/decoder for fwknopd server. Takes the raw packet
7 : : * data from libpcap and parses/extracts the packet data payload,
8 : : * then creates an FKO context with that data. If the context
9 : : * creation is successful, it is queued for processing.
10 : : *
11 : : * Fwknop is developed primarily by the people listed in the file 'AUTHORS'.
12 : : * Copyright (C) 2009-2014 fwknop developers and contributors. For a full
13 : : * list of contributors, see the file 'CREDITS'.
14 : : *
15 : : * License (GNU General Public License):
16 : : *
17 : : * This program is free software; you can redistribute it and/or
18 : : * modify it under the terms of the GNU General Public License
19 : : * as published by the Free Software Foundation; either version 2
20 : : * of the License, or (at your option) any later version.
21 : : *
22 : : * This program is distributed in the hope that it will be useful,
23 : : * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 : : * GNU General Public License for more details.
26 : : *
27 : : * You should have received a copy of the GNU General Public License
28 : : * along with this program; if not, write to the Free Software
29 : : * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30 : : * USA
31 : : *
32 : : *****************************************************************************
33 : : */
34 : :
35 : : #if USE_LIBPCAP
36 : : #include <pcap.h>
37 : : #endif
38 : :
39 : : #include "fwknopd_common.h"
40 : : #include "netinet_common.h"
41 : : #include "process_packet.h"
42 : : #include "incoming_spa.h"
43 : : #include "utils.h"
44 : : #include "log_msg.h"
45 : :
46 : : #if USE_LIBPCAP
47 : :
48 : : void
49 : 0 : process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
50 : : const unsigned char *packet)
51 : : {
52 : : struct ether_header *eth_p;
53 : : struct iphdr *iph_p;
54 : : struct tcphdr *tcph_p;
55 : : struct udphdr *udph_p;
56 : : struct icmphdr *icmph_p;
57 : :
58 : : unsigned char *pkt_data;
59 : : unsigned short pkt_data_len;
60 : : unsigned char *pkt_end;
61 : :
62 : : unsigned int ip_hdr_words;
63 : :
64 : : unsigned char proto;
65 : : unsigned int src_ip;
66 : : unsigned int dst_ip;
67 : :
68 : 0 : unsigned short src_port = 0;
69 : 0 : unsigned short dst_port = 0;
70 : :
71 : : unsigned short eth_type;
72 : :
73 : 0 : fko_srv_options_t *opts = (fko_srv_options_t *)args;
74 : :
75 : 0 : int offset = opts->data_link_offset;
76 : :
77 : 0 : unsigned short pkt_len = packet_header->len;
78 : :
79 : : /* This is a hack to determine if we are using the linux cooked
80 : : * interface. We base it on the offset being 16 which is the
81 : : * value it would be if the datalink is DLT_LINUX_SLL. I don't
82 : : * know if this is the correct way to do this, but it seems to work.
83 : : */
84 : 0 : unsigned char assume_cooked = (offset == 16 ? 1 : 0);
85 : :
86 : : /* Determine packet end.
87 : : */
88 : 0 : pkt_end = (unsigned char *) packet + packet_header->caplen;
89 : :
90 : : /* The ethernet header.
91 : : */
92 : 0 : eth_p = (struct ether_header*) packet;
93 : :
94 : : /* Gotta have a complete ethernet header.
95 : : */
96 [ # # ]: 0 : if (packet_header->caplen < ETHER_HDR_LEN)
97 : : return;
98 : :
99 [ # # ]: 0 : eth_type = ntohs(*((unsigned short*)ð_p->ether_type));
100 : :
101 [ # # ]: 0 : if(eth_type == 0x8100) /* 802.1q encapsulated */
102 : : {
103 : 0 : offset += 4;
104 [ # # ]: 0 : eth_type = ntohs(*(((unsigned short*)ð_p->ether_type)+2));
105 : : }
106 : :
107 : : /* When using libpcap, pkthdr->len for 802.3 frames include CRC_LEN,
108 : : * but Ethenet_II frames do not.
109 : : */
110 [ # # ]: 0 : if (eth_type > 1500 || assume_cooked == 1)
111 : : {
112 : 0 : pkt_len += ETHER_CRC_LEN;
113 : :
114 [ # # ]: 0 : if(eth_type == 0xAAAA) /* 802.2 SNAP */
115 : 0 : offset += 5;
116 : : }
117 : : else /* 802.3 Frame */
118 : 0 : offset += 3;
119 : :
120 : : /* Make sure the packet length is still valid.
121 : : */
122 [ # # ]: 0 : if (! ETHER_IS_VALID_LEN(pkt_len) )
123 : : return;
124 : :
125 : : /* Pull the IP header.
126 : : */
127 : 0 : iph_p = (struct iphdr*)(packet + offset);
128 : :
129 : : /* If IP header is past calculated packet end, bail.
130 : : */
131 [ # # ]: 0 : if ((unsigned char*)(iph_p + 1) > pkt_end)
132 : : return;
133 : :
134 : : /* ip_hdr_words is the number of 32 bit words in the IP header. After
135 : : * masking of the IPV4 version bits, the number *must* be at least
136 : : * 5, even without options.
137 : : */
138 : 0 : ip_hdr_words = iph_p->ihl & IPV4_VER_MASK;
139 : :
140 [ # # ]: 0 : if (ip_hdr_words < MIN_IPV4_WORDS)
141 : : return;
142 : :
143 : : /* Support for the cases where libpcap returns the Ethernet Frame Check
144 : : * Sequence (4 bytes at the end of the Ethernet frame) as part of the
145 : : * capture. libpcap returning the FCS is fairly rare. Default settings on
146 : : * the following system included an Ethernet FCS in the libpcap capture:
147 : : * BeagleBone Black rev C running 3.8.13-bone50 #1 SMP Tue May 13
148 : : * 13:24:52 UTC 2014 armv7l GNU/Linux
149 : : *
150 : : * Calculate the new pkt_end from the length in the ip header.
151 : : */
152 [ # # ][ # # ]: 0 : if(((unsigned char*)iph_p)+ntohs(iph_p->tot_len) == pkt_end-FCS_HEADER_LEN) {
153 : 0 : log_msg(LOG_DEBUG, "Adjusting packet end to account for FCS header on Ethernet frame");
154 : 0 : pkt_end -= FCS_HEADER_LEN;
155 : : }
156 : :
157 : : /* Now, find the packet data payload (depending on IPPROTO).
158 : : */
159 : 0 : src_ip = iph_p->saddr;
160 : 0 : dst_ip = iph_p->daddr;
161 : :
162 : 0 : proto = iph_p->protocol;
163 : :
164 [ # # ]: 0 : if (proto == IPPROTO_TCP)
165 : : {
166 : : /* Process TCP packet
167 : : */
168 : 0 : tcph_p = (struct tcphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
169 : :
170 [ # # ]: 0 : src_port = ntohs(tcph_p->source);
171 [ # # ]: 0 : dst_port = ntohs(tcph_p->dest);
172 : :
173 : 0 : pkt_data = ((unsigned char*)(tcph_p+1))+((tcph_p->doff)<<2)-sizeof(struct tcphdr);
174 : :
175 : 0 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
176 : : }
177 [ # # ]: 0 : else if (proto == IPPROTO_UDP)
178 : : {
179 : : /* Process UDP packet
180 : : */
181 : 0 : udph_p = (struct udphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
182 : :
183 [ # # ]: 0 : src_port = ntohs(udph_p->source);
184 [ # # ]: 0 : dst_port = ntohs(udph_p->dest);
185 : :
186 : 0 : pkt_data = ((unsigned char*)(udph_p + 1));
187 : 0 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
188 : : }
189 [ # # ]: 0 : else if (proto == IPPROTO_ICMP)
190 : : {
191 : : /* Process ICMP packet
192 : : */
193 : 0 : icmph_p = (struct icmphdr*)((unsigned char*)iph_p + (ip_hdr_words << 2));
194 : :
195 : 0 : pkt_data = ((unsigned char*)(icmph_p + 1));
196 : 0 : pkt_data_len = (pkt_end-(unsigned char*)iph_p)-(pkt_data-(unsigned char*)iph_p);
197 : : }
198 : :
199 : : else
200 : : return;
201 : :
202 : : /*
203 : : * Now we have data. For now, we are not checking IP or port values. We
204 : : * are relying on the pcap filter. This may change so we do retain the IP
205 : : * addresses and ports just in case. We just go ahead and queue the
206 : : * data.
207 : : */
208 : :
209 : : /* Expect the data to be at least the minimum required size. This check
210 : : * will weed out a lot of things like small TCP ACK's if the user has a
211 : : * permissive pcap filter
212 : : */
213 [ # # ]: 0 : if(pkt_data_len < MIN_SPA_DATA_SIZE)
214 : : return;
215 : :
216 : : /* Expect the data to not be too large
217 : : */
218 [ # # ]: 0 : if(pkt_data_len > MAX_SPA_PACKET_LEN)
219 : : return;
220 : :
221 : : /* Copy the packet for SPA processing
222 : : */
223 : 0 : strlcpy((char *)opts->spa_pkt.packet_data, (char *)pkt_data, pkt_data_len+1);
224 : 0 : opts->spa_pkt.packet_data_len = pkt_data_len;
225 : 0 : opts->spa_pkt.packet_proto = proto;
226 : 0 : opts->spa_pkt.packet_src_ip = src_ip;
227 : 0 : opts->spa_pkt.packet_dst_ip = dst_ip;
228 : 0 : opts->spa_pkt.packet_src_port = src_port;
229 : 0 : opts->spa_pkt.packet_dst_port = dst_port;
230 : :
231 : 0 : incoming_spa(opts);
232 : :
233 : 0 : return;
234 : : }
235 : :
236 : : #endif /* USE_LIBPCAP */
237 : :
238 : : /***EOF***/
|