| author | mickeyl <mickeyl> | 2003-10-05 13:12:45 (UTC) |
|---|---|---|
| committer | mickeyl <mickeyl> | 2003-10-05 13:12:45 (UTC) |
| commit | 634a68b636a0fa24232029b79ffa915a5621b2be (patch) (side-by-side diff) | |
| tree | 3e4c58bebfd624e841c314f1db68d985d81cdc6c /libopie2 | |
| parent | dc9510f788212a6be063349461540e4bea690f51 (diff) | |
| download | opie-634a68b636a0fa24232029b79ffa915a5621b2be.zip opie-634a68b636a0fa24232029b79ffa915a5621b2be.tar.gz opie-634a68b636a0fa24232029b79ffa915a5621b2be.tar.bz2 | |
* start with preparations for scanning wired networks
* dhcp recognition now works nicely
| -rw-r--r-- | libopie2/opienet/onetutils.cpp | 7 | ||||
| -rw-r--r-- | libopie2/opienet/onetutils.h | 1 | ||||
| -rw-r--r-- | libopie2/opienet/opcap.cpp | 27 | ||||
| -rw-r--r-- | libopie2/opienet/opcap.h | 5 |
4 files changed, 38 insertions, 2 deletions
diff --git a/libopie2/opienet/onetutils.cpp b/libopie2/opienet/onetutils.cpp index 08c40b4..ad0e89d 100644 --- a/libopie2/opienet/onetutils.cpp +++ b/libopie2/opienet/onetutils.cpp @@ -1,210 +1,215 @@ /* This file is part of the Opie Project (C) 2003 Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de> =. .=l. .>+-= _;:, .> :=|. This program is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU Library General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This program is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU ..}^=.= = ; Library General Public License for more ++= -. .` .: details. : = ...= . :.=- -. .:....=;==+<; You should have received a copy of the GNU -_. . . )=. = Library General Public License along with -- :-=` this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <opie2/onetutils.h> #include <opie2/onetwork.h> #include <opie2/omanufacturerdb.h> #include <net/if.h> #include <cstdio> using namespace std; #define IW_PRIV_TYPE_MASK 0x7000 #define IW_PRIV_TYPE_NONE 0x0000 #define IW_PRIV_TYPE_BYTE 0x1000 #define IW_PRIV_TYPE_CHAR 0x2000 #define IW_PRIV_TYPE_INT 0x4000 #define IW_PRIV_TYPE_FLOAT 0x5000 #define IW_PRIV_TYPE_ADDR 0x6000 #define IW_PRIV_SIZE_FIXED 0x0800 #define IW_PRIV_SIZE_MASK 0x07FF /*====================================================================================== * OMacAddress *======================================================================================*/ // static initializer for broadcast and unknown MAC Adresses const unsigned char __broadcast[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; const OMacAddress& OMacAddress::broadcast = OMacAddress( __broadcast ); const unsigned char __unknown[6] = { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }; const OMacAddress& OMacAddress::unknown = OMacAddress( __unknown ); +//TODO: Incorporate Ethernet Manufacturer database here! (inline or so) + +OMacAddress::OMacAddress() +{ + memcpy( _bytes, __unknown, 6 ); +} -//TODO: Incorporate Ethernet Manufacturer database here! OMacAddress::OMacAddress( unsigned char* p ) { memcpy( _bytes, p, 6 ); } OMacAddress::OMacAddress( const unsigned char* p ) { memcpy( _bytes, p, 6 ); } OMacAddress::OMacAddress( struct ifreq& ifr ) { memcpy( _bytes, ifr.ifr_hwaddr.sa_data, 6 ); } OMacAddress::~OMacAddress() { } //#ifdef QT_NO_DEBUG //inline //#endif const unsigned char* OMacAddress::native() const { return (const unsigned char*) &_bytes; } OMacAddress OMacAddress::fromString( const QString& str ) { QString addr( str ); unsigned char buf[6]; bool ok = true; int index = 14; for ( int i = 5; i >= 0; --i ) { buf[i] = addr.right( 2 ).toUShort( &ok, 16 ); if ( !ok ) return OMacAddress::unknown; addr.truncate( index ); index -= 3; } return (const unsigned char*) &buf; } QString OMacAddress::toString( bool substitute ) const { QString manu; manu.sprintf( "%.2X:%.2X:%.2X", _bytes[0]&0xff, _bytes[1]&0xff, _bytes[2]&0xff ); QString serial; serial.sprintf( ":%.2X:%.2X:%.2X", _bytes[3]&0xff, _bytes[4]&0xff, _bytes[5]&0xff ); if ( !substitute ) return manu+serial; // fallback - if no vendor is found, just use the number QString textmanu = OManufacturerDB::instance()->lookup( manu ); return textmanu.isNull() ? manu+serial : textmanu+serial; } QString OMacAddress::manufacturer() const { return OManufacturerDB::instance()->lookupExt( toString() ); } bool operator==( const OMacAddress &m1, const OMacAddress &m2 ) { return memcmp( &m1._bytes, &m2._bytes, 6 ) == 0; } /*====================================================================================== * OHostAddress *======================================================================================*/ /*====================================================================================== * OPrivateIOCTL *======================================================================================*/ OPrivateIOCTL::OPrivateIOCTL( QObject* parent, const char* name, int cmd, int getargs, int setargs ) :QObject( parent, name ), _ioctl( cmd ), _getargs( getargs ), _setargs( setargs ) { } OPrivateIOCTL::~OPrivateIOCTL() { } int OPrivateIOCTL::numberGetArgs() const { return _getargs & IW_PRIV_SIZE_MASK; } int OPrivateIOCTL::typeGetArgs() const { return _getargs & IW_PRIV_TYPE_MASK >> 12; } int OPrivateIOCTL::numberSetArgs() const { return _setargs & IW_PRIV_SIZE_MASK; } int OPrivateIOCTL::typeSetArgs() const { return _setargs & IW_PRIV_TYPE_MASK >> 12; } void OPrivateIOCTL::invoke() const { ( (OWirelessNetworkInterface*) parent() )->wioctl( _ioctl ); } void OPrivateIOCTL::setParameter( int num, u_int32_t value ) { u_int32_t* arglist = (u_int32_t*) &( (OWirelessNetworkInterface*) parent() )->_iwr.u.name; arglist[num] = value; } /*====================================================================================== * assorted functions *======================================================================================*/ void dumpBytes( const unsigned char* data, int num ) { printf( "Dumping %d bytes @ %0x", num, data ); printf( "-------------------------------------------\n" ); for ( int i = 0; i < num; ++i ) { printf( "%02x ", data[i] ); if ( !((i+1) % 32) ) printf( "\n" ); } printf( "\n\n" ); } diff --git a/libopie2/opienet/onetutils.h b/libopie2/opienet/onetutils.h index 9611518..18731ba 100644 --- a/libopie2/opienet/onetutils.h +++ b/libopie2/opienet/onetutils.h @@ -1,161 +1,162 @@ /* This file is part of the Opie Project (C) 2003 Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de> =. .=l. .>+-= _;:, .> :=|. This program is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU Library General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This program is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU ..}^=.= = ; Library General Public License for more ++= -. .` .: details. : = ...= . :.=- -. .:....=;==+<; You should have received a copy of the GNU -_. . . )=. = Library General Public License along with -- :-=` this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef ONETUTILS_H #define ONETUTILS_H #include <qdict.h> #include <qmap.h> #include <qstring.h> #include <qhostaddress.h> #include <qobject.h> #include <sys/types.h> struct ifreq; class OWirelessNetworkInterface; /*====================================================================================== * OMacAddress *======================================================================================*/ class OMacAddress { public: // QString c'tor? -zecke + OMacAddress(); OMacAddress( unsigned char* ); OMacAddress( const unsigned char* ); OMacAddress( struct ifreq& ); ~OMacAddress(); QString manufacturer() const; QString toString( bool substitute = false ) const; const unsigned char* native() const; // no c'tor but this one why not make it a c'tor. it could also replace the others or is this the problem? static OMacAddress fromString( const QString& ); public: static const OMacAddress& broadcast; // ff:ff:ff:ff:ff:ff static const OMacAddress& unknown; // 44:44:44:44:44:44 private: unsigned char _bytes[6]; friend bool operator==( const OMacAddress &m1, const OMacAddress &m2 ); }; bool operator==( const OMacAddress &m1, const OMacAddress &m2 ); /*====================================================================================== * OHostAddress *======================================================================================*/ class OHostAddress : public QHostAddress { public: OHostAddress(); ~OHostAddress(); }; /*====================================================================================== * OPrivateIOCTL *======================================================================================*/ class OPrivateIOCTL : public QObject { public: OPrivateIOCTL( QObject* parent, const char* name, int cmd, int getargs, int setargs ); ~OPrivateIOCTL(); int numberGetArgs() const; int typeGetArgs() const; int numberSetArgs() const; int typeSetArgs() const; // FIXME return int? as ::ioctl does? -zecke void invoke() const; void setParameter( int, u_int32_t ); private: u_int32_t _ioctl; u_int16_t _getargs; u_int16_t _setargs; }; /*====================================================================================== * Miscellaneous *======================================================================================*/ /* dump bytes */ void dumpBytes( const unsigned char* data, int num ); /* Network to host order macros */ #ifdef LBL_ALIGN #define EXTRACT_16BITS(p) \ ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 0) << 8 | \ (u_int16_t)*((const u_int8_t *)(p) + 1))) #define EXTRACT_32BITS(p) \ ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 24 | \ (u_int32_t)*((const u_int8_t *)(p) + 1) << 16 | \ (u_int32_t)*((const u_int8_t *)(p) + 2) << 8 | \ (u_int32_t)*((const u_int8_t *)(p) + 3))) #else #define EXTRACT_16BITS(p) \ ((u_int16_t)ntohs(*(const u_int16_t *)(p))) #define EXTRACT_32BITS(p) \ ((u_int32_t)ntohl(*(const u_int32_t *)(p))) #endif #define EXTRACT_24BITS(p) \ ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 16 | \ (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \ (u_int32_t)*((const u_int8_t *)(p) + 2))) /* Little endian protocol host order macros */ #define EXTRACT_LE_8BITS(p) (*(p)) #define EXTRACT_LE_16BITS(p) \ ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 1) << 8 | \ (u_int16_t)*((const u_int8_t *)(p) + 0))) #define EXTRACT_LE_32BITS(p) \ ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 3) << 24 | \ (u_int32_t)*((const u_int8_t *)(p) + 2) << 16 | \ (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \ (u_int32_t)*((const u_int8_t *)(p) + 0))) #endif // ONETUTILS_H diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp index 7a6f61b..313f5bb 100644 --- a/libopie2/opienet/opcap.cpp +++ b/libopie2/opienet/opcap.cpp @@ -1,302 +1,325 @@ /* This file is part of the Opie Project Copyright (C) 2003 by the Wellenreiter team: Martin J. Muench <mjm@remote-exploit.org> Max Moser <mmo@remote-exploit.org Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de> =. .=l. .>+-= _;:, .> :=|. This program is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU Library General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This program is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU ..}^=.= = ; Library General Public License for more ++= -. .` .: details. : = ...= . :.=- -. .:....=;==+<; You should have received a copy of the GNU -_. . . )=. = Library General Public License along with -- :-=` this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* OPIE */ #include <opie2/opcap.h> /* QT */ #include <qapplication.h> // don't use oapplication here (will decrease reusability in other projects) #include <qsocketnotifier.h> #include <qobjectlist.h> #include "udp_ports.h" /*====================================================================================== * OPacket *======================================================================================*/ OPacket::OPacket( int datalink, packetheaderstruct header, const unsigned char* data, QObject* parent ) :QObject( parent, "Generic" ), _hdr( header ), _data( data ) { //qDebug( "OPacket::OPacket(): (Len %d, CapLen %d)" /*, ctime((const time_t*) header.ts.tv_sec)*/, header.len, header.caplen ); _end = (unsigned char*) data + header.len; //qDebug( "OPacket::data @ %0x, end @ %0x", data, _end ); switch ( datalink ) { case DLT_EN10MB: qDebug( "OPacket::OPacket(): Received Packet. Datalink = ETHERNET" ); new OEthernetPacket( _end, (const struct ether_header*) data, this ); break; case DLT_IEEE802_11: qDebug( "OPacket::OPacket(): Received Packet. Datalink = IEEE802.11" ); new OWaveLanPacket( _end, (const struct ieee_802_11_header*) data, this ); break; case DLT_PRISM_HEADER: qDebug( "OPacket::OPacket(): Received Packet. Datalink = PRISM_HEADER" ); new OPrismHeaderPacket( _end, (const struct prism_hdr*) (unsigned char*) data, this ); break; default: qWarning( "OPacket::OPacket(): Received Packet over unsupported datalink (type %d)!", datalink ); } } OPacket::~OPacket() { } timevalstruct OPacket::timeval() const { return _hdr.ts; } int OPacket::caplen() const { return _hdr.caplen; } void OPacket::updateStats( QMap<QString,int>& stats, QObjectList* l ) { if (!l) return; QObject* o = l->first(); while ( o ) { stats[o->name()]++; updateStats( stats, const_cast<QObjectList*>( o->children() ) ); o = l->next(); } } +void OPacket::dumpStructure( QObjectList* l ) +{ + QString packetString( "[ |" + _dumpStructure( l ) + " ]" ); + qDebug( "OPacket::dumpStructure: %s", (const char*) packetString ); +} + + +QString OPacket::_dumpStructure( QObjectList* l ) +{ + if (!l) return QString::null; + QObject* o = l->first(); + QString str(" "); + + while ( o ) + { + str.append( o->name() ); + str.append( " |" ); + str += _dumpStructure( const_cast<QObjectList*>( o->children() ) ); + o = l->next(); + } + return str; +} + QString OPacket::dump( int bpl ) const { static int index = 0; index++; int len = _hdr.caplen; QString str; str.sprintf( "\n<----- Packet #%04d Len = 0x%X (%d) ----->\n\n", index, len, len ); str.append( "0000: " ); QString tmp; QString bytes; QString chars; for ( int i = 0; i < len; ++i ) { tmp.sprintf( "%02X ", _data[i] ); bytes.append( tmp ); if ( (_data[i] > 31) && (_data[i]<128) ) chars.append( _data[i] ); else chars.append( '.' ); if ( !((i+1) % bpl) ) { str.append( bytes ); str.append( ' ' ); str.append( chars ); str.append( '\n' ); tmp.sprintf( "%04X: ", i+1 ); str.append( tmp ); bytes = ""; chars = ""; } } if ( (len % bpl) ) { str.append( bytes.leftJustify( 1 + 3*bpl ) ); str.append( chars ); } str.append( '\n' ); return str; } int OPacket::len() const { return _hdr.len; } /*====================================================================================== * OEthernetPacket *======================================================================================*/ OEthernetPacket::OEthernetPacket( const unsigned char* end, const struct ether_header* data, QObject* parent ) :QObject( parent, "Ethernet" ), _ether( data ) { qDebug( "Source = %s", (const char*) sourceAddress().toString() ); qDebug( "Destination = %s", (const char*) destinationAddress().toString() ); if ( sourceAddress() == OMacAddress::broadcast ) qDebug( "Source is broadcast address" ); if ( destinationAddress() == OMacAddress::broadcast ) qDebug( "Destination is broadcast address" ); switch ( type() ) { case ETHERTYPE_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break; case ETHERTYPE_ARP: { qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = ARP" ); break; } case ETHERTYPE_REVARP: { qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = RARP" ); break; } default: qDebug( "OPacket::OPacket(): Received Ethernet Packet : Type = UNKNOWN" ); } } OEthernetPacket::~OEthernetPacket() { } OMacAddress OEthernetPacket::sourceAddress() const { return OMacAddress( _ether->ether_shost ); } OMacAddress OEthernetPacket::destinationAddress() const { return OMacAddress( _ether->ether_dhost ); } int OEthernetPacket::type() const { return ntohs( _ether->ether_type ); } /*====================================================================================== * OIPPacket *======================================================================================*/ OIPPacket::OIPPacket( const unsigned char* end, const struct iphdr* data, QObject* parent ) :QObject( parent, "IP" ), _iphdr( data ) { qDebug( "OIPPacket::OIPPacket(): decoding IP header..." ); //qDebug( "FromAddress: %s", (const char*) inet_ntoa( *src ) ); //qDebug( " ToAddress: %s", (const char*) inet_ntoa( *dst ) ); qDebug( "FromAddress: %s", (const char*) fromIPAddress().toString() ); qDebug( " toAddress: %s", (const char*) toIPAddress().toString() ); switch ( protocol() ) { case IPPROTO_UDP: new OUDPPacket( end, (const struct udphdr*) (data+1), this ); break; case IPPROTO_TCP: new OTCPPacket( end, (const struct tcphdr*) (data+1), this ); break; default: qDebug( "OIPPacket::OIPPacket(): unknown IP protocol type = %d", protocol() ); } } OIPPacket::~OIPPacket() { } QHostAddress OIPPacket::fromIPAddress() const { return EXTRACT_32BITS( &_iphdr->saddr ); } QHostAddress OIPPacket::toIPAddress() const { return EXTRACT_32BITS( &_iphdr->saddr ); } int OIPPacket::tos() const { return _iphdr->tos; } int OIPPacket::len() const { return EXTRACT_16BITS( &_iphdr->tot_len ); } int OIPPacket::id() const { return EXTRACT_16BITS( &_iphdr->id ); } int OIPPacket::offset() const { return EXTRACT_16BITS( &_iphdr->frag_off ); } int OIPPacket::ttl() const { return _iphdr->ttl; } int OIPPacket::protocol() const { return _iphdr->protocol; } int OIPPacket::checksum() const { return EXTRACT_16BITS( &_iphdr->check ); } /*====================================================================================== * OARPPacket *======================================================================================*/ OARPPacket::OARPPacket( const unsigned char* end, const struct myarphdr* data, QObject* parent ) :QObject( parent, "ARP" ), _arphdr( data ) { qDebug( "OARPPacket::OARPPacket(): decoding ARP header..." ); qDebug( "ARP type seems to be %02d - '%s'", EXTRACT_16BITS( &_arphdr->ar_op ), (const char*) type() ); qDebug( "Sender: MAC %s = IP %s", (const char*) senderMacAddress().toString(), (const char*) senderIPV4Address().toString() ); qDebug( "Target: MAC %s = IP %s", (const char*) targetMacAddress().toString(), (const char*) targetIPV4Address().toString() ); } @@ -927,344 +950,346 @@ OWaveLanManagementChallenge::~OWaveLanManagementChallenge() * OWaveLanDataPacket *======================================================================================*/ OWaveLanDataPacket::OWaveLanDataPacket( const unsigned char* end, const struct ieee_802_11_data_header* data, OWaveLanPacket* parent ) :QObject( parent, "802.11 Data" ), _header( data ) { qDebug( "OWaveLanDataPacket::OWaveLanDataPacket(): decoding frame..." ); const unsigned char* payload = (const unsigned char*) data + sizeof( struct ieee_802_11_data_header ); #warning The next line works for most cases, but can not be correct generally! if (!( ( (OWaveLanPacket*) this->parent())->duration() )) payload -= 6; // compensation for missing last address new OLLCPacket( end, (const struct ieee_802_11_802_2_header*) payload, this ); } OWaveLanDataPacket::~OWaveLanDataPacket() { } /*====================================================================================== * OLLCPacket *======================================================================================*/ OLLCPacket::OLLCPacket( const unsigned char* end, const struct ieee_802_11_802_2_header* data, QObject* parent ) :QObject( parent, "802.11 LLC" ), _header( data ) { qDebug( "OLLCPacket::OLLCPacket(): decoding frame..." ); if ( !(_header->oui[0] || _header->oui[1] || _header->oui[2]) ) { qDebug( "OLLCPacket::OLLCPacket(): contains an encapsulated Ethernet frame (type=%04X)", EXTRACT_16BITS( &_header->type ) ); switch ( EXTRACT_16BITS( &_header->type ) ) // defined in linux/if_ether.h { case ETH_P_IP: new OIPPacket( end, (const struct iphdr*) (data+1), this ); break; case ETH_P_ARP: new OARPPacket( end, (const struct myarphdr*) (data+1), this ); break; default: qWarning( "OLLCPacket::OLLCPacket(): Unknown Encapsulation (type=%04X)", EXTRACT_16BITS( &_header->type ) ); } } } OLLCPacket::~OLLCPacket() { } /*====================================================================================== * OWaveLanControlPacket *======================================================================================*/ OWaveLanControlPacket::OWaveLanControlPacket( const unsigned char* end, const struct ieee_802_11_control_header* data, OWaveLanPacket* parent ) :QObject( parent, "802.11 Control" ), _header( data ) { qDebug( "OWaveLanControlPacket::OWaveLanDataControl(): decoding frame..." ); //TODO: Implement this } OWaveLanControlPacket::~OWaveLanControlPacket() { } /*====================================================================================== * OPacketCapturer *======================================================================================*/ OPacketCapturer::OPacketCapturer( QObject* parent, const char* name ) :QObject( parent, name ), _name( QString::null ), _open( false ), _pch( 0 ), _pcd( 0 ), _sn( 0 ) { } OPacketCapturer::~OPacketCapturer() { if ( _open ) { qDebug( "OPacketCapturer::~OPacketCapturer(): pcap still open, autoclosing." ); close(); } } void OPacketCapturer::setBlocking( bool b ) { if ( pcap_setnonblock( _pch, 1-b, _errbuf ) != -1 ) { qDebug( "OPacketCapturer::setBlocking(): blocking mode changed successfully." ); } else { qDebug( "OPacketCapturer::setBlocking(): can't change blocking mode: %s", _errbuf ); } } bool OPacketCapturer::blocking() const { int b = pcap_getnonblock( _pch, _errbuf ); if ( b == -1 ) { qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf ); return -1; } return !b; } void OPacketCapturer::closeDumpFile() { if ( _pcd ) { pcap_dump_close( _pcd ); _pcd = 0; } pcap_close( _pch ); } void OPacketCapturer::close() { if ( _open ) { if ( _sn ) { _sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); delete _sn; } closeDumpFile(); _open = false; } qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." ); qDebug( "--------------------------------------------------" ); for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it ) qDebug( "%s : %d", (const char*) it.key(), it.data() ); qDebug( "--------------------------------------------------" ); } int OPacketCapturer::dataLink() const { return pcap_datalink( _pch ); } void OPacketCapturer::dump( OPacket* p ) { if ( !_pcd ) { qWarning( "OPacketCapturer::dump() - cannot dump without open capture file!" ); return; } pcap_dump( (u_char*) _pcd, &p->_hdr, p->_data ); } int OPacketCapturer::fileno() const { if ( _open ) { return pcap_fileno( _pch ); } else { return -1; } } OPacket* OPacketCapturer::next() { packetheaderstruct header; qDebug( "==> OPacketCapturer::next()" ); const unsigned char* pdata = pcap_next( _pch, &header ); qDebug( "<== OPacketCapturer::next()" ); if ( pdata && header.len ) { OPacket* p = new OPacket( dataLink(), header, pdata, 0 ); // packets shouldn't be inserted in the QObject child-parent hierarchy, // because due to memory constraints they will be deleted as soon // as possible - that is right after they have been processed // by emit() [ see below ] //TODO: make gathering statistics optional, because it takes time p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) ); - + #ifndef NODEBUG + p->dumpStructure( const_cast<QObjectList*>( p->children() ) ); + #endif return p; } else { qWarning( "OPacketCapturer::next() - no packet received!" ); return 0; } } bool OPacketCapturer::open( const QString& name ) { if ( _open ) { if ( name == _name ) // ignore opening an already openend device { return true; } else // close the last opened device { close(); } } _name = name; // open libpcap pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] ); if ( !handle ) { qWarning( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf ); return false; } qDebug( "OPacketCapturer::open(): libpcap [%s] opened successfully.", (const char*) name ); _pch = handle; _open = true; _stats.clear(); // in case we have an application object, create a socket notifier if ( qApp ) //TODO: I don't like this here... { _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); } return true; } bool OPacketCapturer::openDumpFile( const QString& filename ) { pcap_dumper_t* dump = pcap_dump_open( _pch, const_cast<char*>( (const char*) filename ) ); if ( !dump ) { qWarning( "OPacketCapturer::open(): can't open dump with '%s': %s", (const char*) filename, _errbuf ); return false; } qDebug( "OPacketCapturer::open(): dump [%s] opened successfully.", (const char*) filename ); _pcd = dump; return true; } bool OPacketCapturer::open( const QFile& file ) { QString name = file.name(); if ( _open ) { close(); if ( name == _name ) // ignore opening an already openend device { return true; } else // close the last opened device { close(); } } _name = name; pcap_t* handle = pcap_open_offline( const_cast<char*>( (const char*) name ), &_errbuf[0] ); if ( handle ) { qDebug( "OPacketCapturer::open(): libpcap opened successfully." ); _pch = handle; _open = true; // in case we have an application object, create a socket notifier if ( qApp ) { _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read ); connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) ); } return true; } else { qDebug( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf ); return false; } } bool OPacketCapturer::isOpen() const { return _open; } void OPacketCapturer::readyToReceive() { qDebug( "OPacketCapturer::readyToReceive(): about to emit 'receivePacket(p)'" ); OPacket* p = next(); emit receivedPacket( p ); // emit is synchronous - packet has been dealt with, now it's safe to delete delete p; } const QMap<QString,int>& OPacketCapturer::statistics() const { return _stats; } int OPacketCapturer::snapShot() const { return pcap_snapshot( _pch ); } bool OPacketCapturer::swapped() const { return pcap_is_swapped( _pch ); } QString OPacketCapturer::version() const { return QString().sprintf( "%s.%s", pcap_major_version( _pch ), pcap_minor_version( _pch ) ); } diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h index a031dd1..f0d1d81 100644 --- a/libopie2/opienet/opcap.h +++ b/libopie2/opienet/opcap.h @@ -1,327 +1,332 @@ /* This file is part of the Opie Project Copyright (C) 2003 by the Wellenreiter team: Martin J. Muench <mjm@remote-exploit.org> Max Moser <mmo@remote-exploit.org Michael 'Mickey' Lauer <mickey@tm.informatik.uni-frankfurt.de> =. .=l. .>+-= _;:, .> :=|. This program is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU Library General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This program is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU ..}^=.= = ; Library General Public License for more ++= -. .` .: details. : = ...= . :.=- -. .:....=;==+<; You should have received a copy of the GNU -_. . . )=. = Library General Public License along with -- :-=` this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef OPCAP_H #define OPCAP_H /* LINUX */ extern "C" // work around a bpf/pcap conflict in recent headers { #include <pcap.h> } #include <netinet/ether.h> #include <netinet/ip.h> #include <netinet/udp.h> #include <netinet/tcp.h> #include <time.h> /* QT */ #include <qevent.h> #include <qfile.h> #include <qhostaddress.h> #include <qobject.h> #include <qstring.h> #include <qmap.h> /* OPIE */ #include <opie2/onetutils.h> /* Custom Network Includes */ #include "802_11_user.h" #include "dhcp.h" /* TYPEDEFS */ typedef struct timeval timevalstruct; typedef struct pcap_pkthdr packetheaderstruct; /* FORWARDS */ class OPacketCapturer; class QSocketNotifier; /*====================================================================================== * OPacket - A frame on the wire *======================================================================================*/ /** @brief A class representing a data frame on the wire. * * The whole family of the packet classes are used when capturing frames from a network. * Most standard network protocols in use share a common architecture, which mostly is * a packet header and then the packet payload. In layered architectures, each lower layer * encapsulates data from its upper layer - that is it * treats the data from its upper layer as payload and prepends an own header to the packet, * which - again - is treated as the payload for the layer below. The figure below is an * example for how such a data frame is composed out of packets, e.g. when sending a mail. * * <pre> * | User Data | == Mail Data * | SMTP Header | User Data | == SMTP * | TCP Header | SMTP Header | User Data | == TCP * | IP Header | TCP Header | SMTP Header | User Data | == IP * | MAC Header | IP Header | TCP Header | SMTP Header | User Data | == MAC * * </pre> * * The example is trimmed for simplicity, because the MAC (Medium Access Control) layer * also contains a few more levels of encapsulation. * Since the type of the payload is more or less independent from the encapsulating protocol, * the header must be inspected before attempting to decode the payload. Hence, the * encapsulation level varies and can't be deduced without actually looking into the packets. * * For actually working with captured frames, it's useful to identify the packets via names and * insert them into a parent/child - relationship based on the encapsulation. This is why * all packet classes derive from QObject. The amount of overhead caused by the QObject is * not a problem in this case, because we're talking about a theoratical maximum of about * 10 packets per captured frame. We need to stuff them into a searchable list anyway and the * QObject also cares about destroying the sub-, (child-) packets. * * This enables us to perform a simple look for packets of a certain type: * @code * OPacketCapturer* pcap = new OPacketCapturer(); * pcap->open( "eth0" ); * OPacket* p = pcap->next(); * OIPPacket* ip = (OIPPacket*) p->child( "IP" ); // returns 0, if no such child exists * odebug << "got ip packet from " << ip->fromIPAddress().toString() << " to " << ip->toIPAddress().toString() << oendl; * */ class OPacket : public QObject { Q_OBJECT friend class OPacketCapturer; public: OPacket( int datalink, packetheaderstruct, const unsigned char*, QObject* parent ); virtual ~OPacket(); timevalstruct timeval() const; int caplen() const; int len() const; QString dump( int = 32 ) const; void updateStats( QMap<QString,int>&, QObjectList* ); private: + + void dumpStructure( QObjectList* ); + QString _dumpStructure( QObjectList* ); + + private: const packetheaderstruct _hdr; // pcap packet header const unsigned char* _data; // pcap packet data const unsigned char* _end; // end of pcap packet data }; /*====================================================================================== * OEthernetPacket - DLT_EN10MB frame *======================================================================================*/ class OEthernetPacket : public QObject { Q_OBJECT public: OEthernetPacket( const unsigned char*, const struct ether_header*, QObject* parent = 0 ); virtual ~OEthernetPacket(); OMacAddress sourceAddress() const; OMacAddress destinationAddress() const; int type() const; private: const struct ether_header* _ether; }; /*====================================================================================== * OPrismHeaderPacket - DLT_PRISM_HEADER frame *======================================================================================*/ class OPrismHeaderPacket : public QObject { Q_OBJECT public: OPrismHeaderPacket( const unsigned char*, const struct prism_hdr*, QObject* parent = 0 ); virtual ~OPrismHeaderPacket(); unsigned int signalStrength() const; private: const struct prism_hdr* _header; }; /*====================================================================================== * OWaveLanPacket - DLT_IEEE802_11 frame *======================================================================================*/ class OWaveLanPacket : public QObject { Q_OBJECT public: OWaveLanPacket( const unsigned char*, const struct ieee_802_11_header*, QObject* parent = 0 ); virtual ~OWaveLanPacket(); int duration() const; bool fromDS() const; bool toDS() const; virtual OMacAddress macAddress1() const; virtual OMacAddress macAddress2() const; virtual OMacAddress macAddress3() const; virtual OMacAddress macAddress4() const; bool usesPowerManagement() const; int type() const; int subType() const; int version() const; bool usesWep() const; private: const struct ieee_802_11_header* _wlanhdr; }; /*====================================================================================== * OWaveLanManagementPacket - type: management (T_MGMT) *======================================================================================*/ class OWaveLanManagementPacket : public QObject { Q_OBJECT public: OWaveLanManagementPacket( const unsigned char*, const struct ieee_802_11_mgmt_header*, OWaveLanPacket* parent = 0 ); virtual ~OWaveLanManagementPacket(); QString managementType() const; int beaconInterval() const; int capabilities() const; // generic bool canESS() const; bool canIBSS() const; bool canCFP() const; bool canCFP_REQ() const; bool canPrivacy() const; private: const struct ieee_802_11_mgmt_header* _header; const struct ieee_802_11_mgmt_body* _body; }; /*====================================================================================== * OWaveLanManagementSSID *======================================================================================*/ class OWaveLanManagementSSID : public QObject { Q_OBJECT public: OWaveLanManagementSSID( const unsigned char*, const struct ssid_t*, QObject* parent = 0 ); virtual ~OWaveLanManagementSSID(); QString ID() const; private: const struct ssid_t* _data; }; /*====================================================================================== * OWaveLanManagementRates *======================================================================================*/ class OWaveLanManagementRates : public QObject { Q_OBJECT public: OWaveLanManagementRates( const unsigned char*, const struct rates_t*, QObject* parent = 0 ); virtual ~OWaveLanManagementRates(); private: const struct rates_t* _data; }; /*====================================================================================== * OWaveLanManagementCF *======================================================================================*/ class OWaveLanManagementCF : public QObject { Q_OBJECT public: OWaveLanManagementCF( const unsigned char*, const struct cf_t*, QObject* parent = 0 ); virtual ~OWaveLanManagementCF(); private: const struct cf_t* _data; }; /*====================================================================================== * OWaveLanManagementFH *======================================================================================*/ class OWaveLanManagementFH : public QObject { Q_OBJECT public: OWaveLanManagementFH( const unsigned char*, const struct fh_t*, QObject* parent = 0 ); virtual ~OWaveLanManagementFH(); private: const struct fh_t* _data; }; /*====================================================================================== * OWaveLanManagementDS *======================================================================================*/ class OWaveLanManagementDS : public QObject { Q_OBJECT public: OWaveLanManagementDS( const unsigned char*, const struct ds_t*, QObject* parent = 0 ); virtual ~OWaveLanManagementDS(); int channel() const; private: const struct ds_t* _data; }; /*====================================================================================== * OWaveLanManagementTim *======================================================================================*/ class OWaveLanManagementTim : public QObject { |