![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to hijack.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / util|
Return to hijack.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / util |
1.1 root 1: #include <stdio.h>
2: #include <stdlib.h>
3: #include <unistd.h>
4: #include <string.h>
5: #include <stdarg.h>
6: #include <errno.h>
7: #include <fcntl.h>
8: #include <libgen.h>
9: #include <signal.h>
10: #include <net/if.h>
11: #include <net/ethernet.h>
12: #include <sys/select.h>
13: #include <sys/socket.h>
14: #include <sys/stat.h>
15: #include <sys/un.h>
16: #include <syslog.h>
17: #include <getopt.h>
18: #include <pcap.h>
19:
20: #define SNAPLEN 1600
21:
22: /*
23: * FIXME: is there a way to detect the version of the libpcap library?
24: * Version 0.9 has pcap_inject; version 0.8 doesn't, but both report
25: * their version number as 2.4.
26: */
27: #define HAVE_PCAP_INJECT 0
28:
29: struct hijack {
30: pcap_t *pcap;
31: int fd;
32: int datalink;
33: int filtered;
34: unsigned long rx_count;
35: unsigned long tx_count;
36: };
37:
38: struct hijack_listener {
39: struct sockaddr_un sun;
40: int fd;
41: };
42:
43: struct hijack_options {
44: char interface[IF_NAMESIZE];
45: int daemonise;
46: };
47:
48: static int daemonised = 0;
49:
50: static int signalled = 0;
51:
52: static void flag_signalled ( int signal __attribute__ (( unused )) ) {
53: signalled = 1;
54: }
55:
56: #if ! HAVE_PCAP_INJECT
57: /**
58: * Substitute for pcap_inject(), if this version of libpcap doesn't
59: * have it. Will almost certainly only work under Linux.
60: *
61: */
62: int pcap_inject ( pcap_t *pcap, const void *data, size_t len ) {
63: int fd;
64: char *errbuf = pcap_geterr ( pcap );
65:
66: fd = pcap_get_selectable_fd ( pcap );
67: if ( fd < 0 ) {
68: snprintf ( errbuf, PCAP_ERRBUF_SIZE,
69: "could not get file descriptor" );
70: return -1;
71: }
72: if ( write ( fd, data, len ) != len ) {
73: snprintf ( errbuf, PCAP_ERRBUF_SIZE,
74: "could not write data: %s", strerror ( errno ) );
75: return -1;
76: }
77: return len;
78: }
79: #endif /* ! HAVE_PCAP_INJECT */
80:
81: /**
82: * Log error message
83: *
84: */
85: static __attribute__ (( format ( printf, 2, 3 ) )) void
86: logmsg ( int level, const char *format, ... ) {
87: va_list ap;
88:
89: va_start ( ap, format );
90: if ( daemonised ) {
91: vsyslog ( ( LOG_DAEMON | level ), format, ap );
92: } else {
93: vfprintf ( stderr, format, ap );
94: }
95: va_end ( ap );
96: }
97:
98: /**
99: * Open pcap device
100: *
101: */
102: static int hijack_open ( const char *interface, struct hijack *hijack ) {
103: char errbuf[PCAP_ERRBUF_SIZE];
104:
105: /* Open interface via pcap */
106: errbuf[0] = '\0';
107: hijack->pcap = pcap_open_live ( interface, SNAPLEN, 1, 0, errbuf );
108: if ( ! hijack->pcap ) {
109: logmsg ( LOG_ERR, "Failed to open %s: %s\n",
110: interface, errbuf );
111: goto err;
112: }
113: if ( errbuf[0] )
114: logmsg ( LOG_WARNING, "Warning: %s\n", errbuf );
115:
116: /* Set capture interface to non-blocking mode */
117: if ( pcap_setnonblock ( hijack->pcap, 1, errbuf ) < 0 ) {
118: logmsg ( LOG_ERR, "Could not make %s non-blocking: %s\n",
119: interface, errbuf );
120: goto err;
121: }
122:
123: /* Get file descriptor for select() */
124: hijack->fd = pcap_get_selectable_fd ( hijack->pcap );
125: if ( hijack->fd < 0 ) {
126: logmsg ( LOG_ERR, "Cannot get selectable file descriptor "
127: "for %s\n", interface );
128: goto err;
129: }
130:
131: /* Get link layer type */
132: hijack->datalink = pcap_datalink ( hijack->pcap );
133:
134: return 0;
135:
136: err:
137: if ( hijack->pcap )
138: pcap_close ( hijack->pcap );
139: return -1;
140: }
141:
142: /**
143: * Close pcap device
144: *
145: */
146: static void hijack_close ( struct hijack *hijack ) {
147: pcap_close ( hijack->pcap );
148: }
149:
150: /**
151: * Install filter for hijacked connection
152: *
153: */
154: static int hijack_install_filter ( struct hijack *hijack,
155: char *filter ) {
156: struct bpf_program program;
157:
158: /* Compile filter */
159: if ( pcap_compile ( hijack->pcap, &program, filter, 1, 0 ) < 0 ) {
160: logmsg ( LOG_ERR, "could not compile filter \"%s\": %s\n",
161: filter, pcap_geterr ( hijack->pcap ) );
162: goto err_nofree;
163: }
164:
165: /* Install filter */
166: if ( pcap_setfilter ( hijack->pcap, &program ) < 0 ) {
167: logmsg ( LOG_ERR, "could not install filter \"%s\": %s\n",
168: filter, pcap_geterr ( hijack->pcap ) );
169: goto err;
170: }
171:
172: logmsg ( LOG_INFO, "using filter \"%s\"\n", filter );
173:
174: pcap_freecode ( &program );
175: return 0;
176:
177: err:
178: pcap_freecode ( &program );
179: err_nofree:
180: return -1;
181: }
182:
183: /**
184: * Set up filter for hijacked ethernet connection
185: *
186: */
187: static int hijack_filter_ethernet ( struct hijack *hijack, const char *buf,
188: size_t len ) {
189: char filter[55]; /* see format string */
190: struct ether_header *ether_header = ( struct ether_header * ) buf;
191: unsigned char *hwaddr = ether_header->ether_shost;
192:
193: if ( len < sizeof ( *ether_header ) )
194: return -1;
195:
196: snprintf ( filter, sizeof ( filter ), "broadcast or multicast or "
197: "ether host %02x:%02x:%02x:%02x:%02x:%02x", hwaddr[0],
198: hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5] );
199:
200: return hijack_install_filter ( hijack, filter );
201: }
202:
203: /**
204: * Set up filter for hijacked connection
205: *
206: */
207: static int hijack_filter ( struct hijack *hijack, const char *buf,
208: size_t len ) {
209: switch ( hijack->datalink ) {
210: case DLT_EN10MB:
211: return hijack_filter_ethernet ( hijack, buf, len );
212: default:
213: logmsg ( LOG_ERR, "unsupported protocol %s: cannot filter\n",
214: ( pcap_datalink_val_to_name ( hijack->datalink ) ?
215: pcap_datalink_val_to_name ( hijack->datalink ) :
216: "UNKNOWN" ) );
217: /* Return success so we don't get called again */
218: return 0;
219: }
220: }
221:
222: /**
223: * Forward data from hijacker
224: *
225: */
226: static ssize_t forward_from_hijacker ( struct hijack *hijack, int fd ) {
227: char buf[SNAPLEN];
228: ssize_t len;
229:
230: /* Read packet from hijacker */
231: len = read ( fd, buf, sizeof ( buf ) );
232: if ( len < 0 ) {
233: logmsg ( LOG_ERR, "read from hijacker failed: %s\n",
234: strerror ( errno ) );
235: return -1;
236: }
237: if ( len == 0 )
238: return 0;
239:
240: /* Set up filter if not already in place */
241: if ( ! hijack->filtered ) {
242: if ( hijack_filter ( hijack, buf, len ) == 0 )
243: hijack->filtered = 1;
244: }
245:
246: /* Transmit packet to network */
247: if ( pcap_inject ( hijack->pcap, buf, len ) != len ) {
248: logmsg ( LOG_ERR, "write to hijacked port failed: %s\n",
249: pcap_geterr ( hijack->pcap ) );
250: return -1;
251: }
252:
253: hijack->tx_count++;
254: return len;
255: };
256:
257: /**
258: * Forward data to hijacker
259: *
260: */
261: static ssize_t forward_to_hijacker ( int fd, struct hijack *hijack ) {
262: struct pcap_pkthdr *pkt_header;
263: const unsigned char *pkt_data;
264: ssize_t len;
265:
266: /* Receive packet from network */
267: if ( pcap_next_ex ( hijack->pcap, &pkt_header, &pkt_data ) < 0 ) {
268: logmsg ( LOG_ERR, "read from hijacked port failed: %s\n",
269: pcap_geterr ( hijack->pcap ) );
270: return -1;
271: }
272: if ( pkt_header->caplen != pkt_header->len ) {
273: logmsg ( LOG_ERR, "read partial packet (%d of %d bytes)\n",
274: pkt_header->caplen, pkt_header->len );
275: return -1;
276: }
277: if ( pkt_header->caplen == 0 )
278: return 0;
279: len = pkt_header->caplen;
280:
281: /* Write packet to hijacker */
282: if ( write ( fd, pkt_data, len ) != len ) {
283: logmsg ( LOG_ERR, "write to hijacker failed: %s\n",
284: strerror ( errno ) );
285: return -1;
286: }
287:
288: hijack->rx_count++;
289: return len;
290: };
291:
292:
293: /**
294: * Run hijacker
295: *
296: */
297: static int run_hijacker ( const char *interface, int fd ) {
298: struct hijack hijack;
299: fd_set fdset;
300: int max_fd;
301: ssize_t len;
302:
303: logmsg ( LOG_INFO, "new connection for %s\n", interface );
304:
305: /* Open connection to network */
306: memset ( &hijack, 0, sizeof ( hijack ) );
307: if ( hijack_open ( interface, &hijack ) < 0 )
308: goto err;
309:
310: /* Do the forwarding */
311: max_fd = ( ( fd > hijack.fd ) ? fd : hijack.fd );
312: while ( 1 ) {
313: /* Wait for available data */
314: FD_ZERO ( &fdset );
315: FD_SET ( fd, &fdset );
316: FD_SET ( hijack.fd, &fdset );
317: if ( select ( ( max_fd + 1 ), &fdset, NULL, NULL, 0 ) < 0 ) {
318: logmsg ( LOG_ERR, "select failed: %s\n",
319: strerror ( errno ) );
320: goto err;
321: }
322: if ( FD_ISSET ( fd, &fdset ) ) {
323: len = forward_from_hijacker ( &hijack, fd );
324: if ( len < 0 )
325: goto err;
326: if ( len == 0 )
327: break;
328: }
329: if ( FD_ISSET ( hijack.fd, &fdset ) ) {
330: len = forward_to_hijacker ( fd, &hijack );
331: if ( len < 0 )
332: goto err;
333: if ( len == 0 )
334: break;
335: }
336: }
337:
338: hijack_close ( &hijack );
339: logmsg ( LOG_INFO, "closed connection for %s\n", interface );
340: logmsg ( LOG_INFO, "received %ld packets, sent %ld packets\n",
341: hijack.rx_count, hijack.tx_count );
342:
343: return 0;
344:
345: err:
346: if ( hijack.pcap )
347: hijack_close ( &hijack );
348: return -1;
349: }
350:
351: /**
352: * Open listener socket
353: *
354: */
355: static int open_listener ( const char *interface,
356: struct hijack_listener *listener ) {
357:
358: /* Create socket */
359: listener->fd = socket ( PF_UNIX, SOCK_SEQPACKET, 0 );
360: if ( listener->fd < 0 ) {
361: logmsg ( LOG_ERR, "Could not create socket: %s\n",
362: strerror ( errno ) );
363: goto err;
364: }
365:
366: /* Bind to local filename */
367: listener->sun.sun_family = AF_UNIX,
368: snprintf ( listener->sun.sun_path, sizeof ( listener->sun.sun_path ),
369: "/var/run/hijack-%s", interface );
370: if ( bind ( listener->fd, ( struct sockaddr * ) &listener->sun,
371: sizeof ( listener->sun ) ) < 0 ) {
372: logmsg ( LOG_ERR, "Could not bind socket to %s: %s\n",
373: listener->sun.sun_path, strerror ( errno ) );
374: goto err;
375: }
376:
377: /* Set as a listening socket */
378: if ( listen ( listener->fd, 0 ) < 0 ) {
379: logmsg ( LOG_ERR, "Could not listen to %s: %s\n",
380: listener->sun.sun_path, strerror ( errno ) );
381: goto err;
382: }
383:
384: return 0;
385:
386: err:
387: if ( listener->fd >= 0 )
388: close ( listener->fd );
389: return -1;
390: }
391:
392: /**
393: * Listen on listener socket
394: *
395: */
396: static int listen_for_hijackers ( struct hijack_listener *listener,
397: const char *interface ) {
398: int fd;
399: pid_t child;
400: int rc;
401:
402: logmsg ( LOG_INFO, "Listening on %s\n", listener->sun.sun_path );
403:
404: while ( ! signalled ) {
405: /* Accept new connection, interruptibly */
406: siginterrupt ( SIGINT, 1 );
407: siginterrupt ( SIGHUP, 1 );
408: fd = accept ( listener->fd, NULL, 0 );
409: siginterrupt ( SIGINT, 0 );
410: siginterrupt ( SIGHUP, 0 );
411: if ( fd < 0 ) {
412: if ( errno == EINTR ) {
413: continue;
414: } else {
415: logmsg ( LOG_ERR, "accept failed: %s\n",
416: strerror ( errno ) );
417: goto err;
418: }
419: }
420:
421: /* Fork child process */
422: child = fork();
423: if ( child < 0 ) {
424: logmsg ( LOG_ERR, "fork failed: %s\n",
425: strerror ( errno ) );
426: goto err;
427: }
428: if ( child == 0 ) {
429: /* I am the child; run the hijacker */
430: rc = run_hijacker ( interface, fd );
431: close ( fd );
432: exit ( rc );
433: }
434:
435: close ( fd );
436: }
437:
438: logmsg ( LOG_INFO, "Stopped listening on %s\n",
439: listener->sun.sun_path );
440: return 0;
441:
442: err:
443: if ( fd >= 0 )
444: close ( fd );
445: return -1;
446: }
447:
448: /**
449: * Close listener socket
450: *
451: */
452: static void close_listener ( struct hijack_listener *listener ) {
453: close ( listener->fd );
454: unlink ( listener->sun.sun_path );
455: }
456:
457: /**
458: * Print usage
459: *
460: */
461: static void usage ( char **argv ) {
462: logmsg ( LOG_ERR,
463: "Usage: %s [options]\n"
464: "\n"
465: "Options:\n"
466: " -h|--help Print this help message\n"
467: " -i|--interface intf Use specified network interface\n"
468: " -n|--nodaemon Run in foreground\n",
469: argv[0] );
470: }
471:
472: /**
473: * Parse command-line options
474: *
475: */
476: static int parse_options ( int argc, char **argv,
477: struct hijack_options *options ) {
478: static struct option long_options[] = {
479: { "interface", 1, NULL, 'i' },
480: { "nodaemon", 0, NULL, 'n' },
481: { "help", 0, NULL, 'h' },
482: { },
483: };
484: int c;
485:
486: /* Set default options */
487: memset ( options, 0, sizeof ( *options ) );
488: strncpy ( options->interface, "eth0", sizeof ( options->interface ) );
489: options->daemonise = 1;
490:
491: /* Parse command-line options */
492: while ( 1 ) {
493: int option_index = 0;
494:
495: c = getopt_long ( argc, argv, "i:hn", long_options,
496: &option_index );
497: if ( c < 0 )
498: break;
499:
500: switch ( c ) {
501: case 'i':
502: strncpy ( options->interface, optarg,
503: sizeof ( options->interface ) );
504: break;
505: case 'n':
506: options->daemonise = 0;
507: break;
508: case 'h':
509: usage( argv );
510: return -1;
511: case '?':
512: /* Unrecognised option */
513: return -1;
514: default:
515: logmsg ( LOG_ERR, "Unrecognised option '-%c'\n", c );
516: return -1;
517: }
518: }
519:
520: /* Check there's nothing left over on the command line */
521: if ( optind != argc ) {
522: usage ( argv );
523: return -1;
524: }
525:
526: return 0;
527: }
528:
529: /**
530: * Daemonise
531: *
532: */
533: static int daemonise ( const char *interface ) {
534: char pidfile[16 + IF_NAMESIZE + 4]; /* "/var/run/hijack-<intf>.pid" */
535: char pid[16];
536: int pidlen;
537: int fd = -1;
538:
539: /* Daemonise */
540: if ( daemon ( 0, 0 ) < 0 ) {
541: logmsg ( LOG_ERR, "Could not daemonise: %s\n",
542: strerror ( errno ) );
543: goto err;
544: }
545: daemonised = 1; /* Direct messages to syslog now */
546:
547: /* Open pid file */
548: snprintf ( pidfile, sizeof ( pidfile ), "/var/run/hijack-%s.pid",
549: interface );
550: fd = open ( pidfile, ( O_WRONLY | O_CREAT | O_TRUNC ),
551: ( S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ) );
552: if ( fd < 0 ) {
553: logmsg ( LOG_ERR, "Could not open %s for writing: %s\n",
554: pidfile, strerror ( errno ) );
555: goto err;
556: }
557:
558: /* Write pid to file */
559: pidlen = snprintf ( pid, sizeof ( pid ), "%d\n", getpid() );
560: if ( write ( fd, pid, pidlen ) != pidlen ) {
561: logmsg ( LOG_ERR, "Could not write %s: %s\n",
562: pidfile, strerror ( errno ) );
563: goto err;
564: }
565:
566: close ( fd );
567: return 0;
568:
569: err:
570: if ( fd >= 0 )
571: close ( fd );
572: return -1;
573: }
574:
575: int main ( int argc, char **argv ) {
576: struct hijack_options options;
577: struct hijack_listener listener;
578: struct sigaction sa;
579:
580: /* Parse command-line options */
581: if ( parse_options ( argc, argv, &options ) < 0 )
582: exit ( 1 );
583:
584: /* Set up syslog connection */
585: openlog ( basename ( argv[0] ), LOG_PID, LOG_DAEMON );
586:
587: /* Set up listening socket */
588: if ( open_listener ( options.interface, &listener ) < 0 )
589: exit ( 1 );
590:
591: /* Daemonise on demand */
592: if ( options.daemonise ) {
593: if ( daemonise ( options.interface ) < 0 )
594: exit ( 1 );
595: }
596:
597: /* Avoid creating zombies */
598: memset ( &sa, 0, sizeof ( sa ) );
599: sa.sa_handler = SIG_IGN;
600: sa.sa_flags = SA_RESTART | SA_NOCLDWAIT;
601: if ( sigaction ( SIGCHLD, &sa, NULL ) < 0 ) {
602: logmsg ( LOG_ERR, "Could not set SIGCHLD handler: %s",
603: strerror ( errno ) );
604: exit ( 1 );
605: }
606:
607: /* Set 'signalled' flag on SIGINT or SIGHUP */
608: sa.sa_handler = flag_signalled;
609: sa.sa_flags = SA_RESTART | SA_RESETHAND;
610: if ( sigaction ( SIGINT, &sa, NULL ) < 0 ) {
611: logmsg ( LOG_ERR, "Could not set SIGINT handler: %s",
612: strerror ( errno ) );
613: exit ( 1 );
614: }
615: if ( sigaction ( SIGHUP, &sa, NULL ) < 0 ) {
616: logmsg ( LOG_ERR, "Could not set SIGHUP handler: %s",
617: strerror ( errno ) );
618: exit ( 1 );
619: }
620:
621: /* Listen for hijackers */
622: if ( listen_for_hijackers ( &listener, options.interface ) < 0 )
623: exit ( 1 );
624:
625: close_listener ( &listener );
626:
627: return 0;
628: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.