"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "base/pcap-snoop.c" between
ssldump-0.9b3.tar.gz and ssldump-1.3.tar.gz

About: ssldump is an SSLv3/TLS network protocol analyzer.

pcap-snoop.c  (ssldump-0.9b3):pcap-snoop.c  (ssldump-1.3)
/** /**
pcap-snoop.c pcap-snoop.c
Copyright (C) 1999-2001 RTFM, Inc. Copyright (C) 1999-2001 RTFM, Inc.
All Rights Reserved All Rights Reserved
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla This package is a SSLv3/TLS protocol analyzer written by Eric
<ekr@rtfm.com> and licensed by RTFM, Inc. Rescorla <ekr@rtfm.com> and licensed by RTFM, Inc.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions modification, are permitted provided that the following conditions
are met: are met:
1. Redistributions of source code must retain the above copyright 1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer. notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright 2. Redistributions in binary form must reproduce the above
notice, this list of conditions and the following disclaimer in the copyright notice, this list of conditions and the following
documentation and/or other materials provided with the distribution. disclaimer in the documentation and/or other materials provided
3. All advertising materials mentioning features or use of this software with the distribution.
must display the following acknowledgement: 3. All advertising materials mentioning features or use of this
software must display the following acknowledgement:
This product includes software developed by Eric Rescorla for This product includes software developed by Eric Rescorla for
RTFM, Inc. RTFM, Inc.
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may
used to endorse or promote products derived from this be used to endorse or promote products derived from this
software without specific prior written permission. software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS''
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMA OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
GE. OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
SUCH DAMAGE.
$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $ $Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $
ekr@rtfm.com Tue Dec 29 10:17:41 1998 ekr@rtfm.com Tue Dec 29 10:17:41 1998
*/ */
static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $";
#include <pcap.h> #include <pcap.h>
#include <unistd.h> #include <unistd.h>
#include <net/bpf.h> #include <pcap-bpf.h>
#ifndef _WIN32 #ifndef _WIN32
#include <sys/param.h> #include <sys/param.h>
#endif #endif
#include <sys/types.h> #include <sys/types.h>
#ifndef _WIN32 #ifndef _WIN32
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
#else #else
#include <winsock2.h> #include <winsock2.h>
#include <bittypes.h> #include <bittypes.h>
skipping to change at line 72 skipping to change at line 73
#include <net/if.h> #include <net/if.h>
#include <netinet/if_ether.h> #include <netinet/if_ether.h>
#include "network.h" #include "network.h"
#include <r_common.h> #include <r_common.h>
#include <r_time.h> #include <r_time.h>
#include "null_analyze.h" #include "null_analyze.h"
#include "ssl_analyze.h" #include "ssl_analyze.h"
#ifdef ENABLE_RECORD #ifdef ENABLE_RECORD
#include "record_analyze.h" #include "record_analyze.h"
#endif #endif
#include "pcap_logger.h"
#ifndef ETHERTYPE_8021Q #ifndef ETHERTYPE_8021Q
# define ETHERTYPE_8021Q 0x8100 # define ETHERTYPE_8021Q 0x8100
#endif #endif
char *collapse_args PROTO_LIST((int argc,char **argv)); char *collapse_args PROTO_LIST((int argc,char **argv));
static int pcap_if_type=DLT_NULL; static int pcap_if_type=DLT_NULL;
int err_exit PROTO_LIST((char *str,int num)); int err_exit PROTO_LIST((char *str,int num));
int usage PROTO_LIST((void)); int usage PROTO_LIST((void));
int print_version PROTO_LIST((void)); int print_version PROTO_LIST((void));
RETSIGTYPE sig_handler PROTO_LIST((void)); void sig_handler PROTO_LIST((int sig));
void pcap_cb PROTO_LIST((u_char *ptr,struct pcap_pkthdr *hdr,u_char *data)); void pcap_cb PROTO_LIST((u_char *ptr,const struct pcap_pkthdr *hdr,const u_char
*data));
int main PROTO_LIST((int argc,char **argv)); int main PROTO_LIST((int argc,char **argv));
int packet_cnt = 0; // Packet counter used for connection pool cleaning
int conn_freq = 100; // Number of packets after which a connection pool
// cleaning is performed
int conn_ttl = 100; // TTL of inactive connections in connection pool
struct timeval last_packet_seen_time = // Timestamp of the last packet of the
(struct timeval) {0}; // last block of conn_freq packets seen
logger_mod *logger=NULL;
int err_exit(str,num) int err_exit(str,num)
char *str; char *str;
int num; int num;
{ {
fprintf(stderr,"ERROR: %s\n",str); fprintf(stderr,"ERROR: %s\n",str);
sig_handler(SIGQUIT);
exit(num); exit(num);
} }
int usage() int usage()
{ {
fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n"); fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] [-l sslkeylogfil e] [-w outpcapfile]\n");
fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n" ); fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n" );
fprintf(stderr," [filter]\n"); fprintf(stderr," [filter]\n");
exit(0); exit(0);
} }
int print_version() int print_version()
{ {
printf("ssldump 0.9b3\n"); printf(PACKAGE_STRING "\n");
printf("Maintained by a bunch of volunteers, see https://github.com/adulau/s
sldump/blob/master/CREDITS\n");
printf("Copyright (C) 2015-2021 the aforementioned volunteers\n");
printf("Copyright (C) 1998-2001 RTFM, Inc.\n"); printf("Copyright (C) 1998-2001 RTFM, Inc.\n");
printf("All rights reserved.\n"); printf("All rights reserved.\n");
#ifdef OPENSSL #ifdef OPENSSL
printf("Compiled with OpenSSL: decryption enabled\n"); printf("Compiled with OpenSSL: decryption enabled\n");
#endif #endif
exit(0); exit(0);
} }
RETSIGTYPE sig_handler() pcap_t *p;
proto_mod *mod=&ssl_mod;
n_handler *n;
char *interface_name=0;
char *file=0;
char *filter=0;
void sig_handler(int sig)
{ {
int freed_conn = 0;
fflush(stdout); fflush(stdout);
exit(0); if (logger)
logger->vtbl->deinit();
freed_conn = destroy_all_conn();
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n", free
d_conn);
network_handler_destroy(mod, &n);
if(p)
pcap_close(p);
if(interface_name)
free(interface_name);
if(filter)
free(filter);
if(file)
free(file);
exit(sig);
} }
void pcap_cb(ptr,hdr,data) void pcap_cb(ptr,hdr,data)
u_char *ptr; u_char *ptr;
struct pcap_pkthdr *hdr; const struct pcap_pkthdr *hdr;
u_char *data; const u_char *data;
{ {
n_handler *n; n_handler *n;
int len; int len;
struct ether_header *e_hdr=(struct ether_header *)data; struct ether_header *e_hdr=(struct ether_header *)data;
int type; int type, cleaned_conn;
n=(n_handler *)ptr; n=(n_handler *)ptr;
if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1); if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1);
len=hdr->len; len=hdr->len;
switch(pcap_if_type){ switch(pcap_if_type){
case DLT_RAW:
#ifdef DLT_LOOP
case DLT_LOOP:
#endif
case DLT_NULL: case DLT_NULL:
data+=4; data+=4;
len-=4; len-=4;
break; break;
case DLT_EN10MB: case DLT_EN10MB:
if(len < sizeof(struct ether_header)) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Frame size too small to contain Ethernet header, skipping ..
.\n");
return;
}
type=ntohs(e_hdr->ether_type); type=ntohs(e_hdr->ether_type);
data+=sizeof(struct ether_header); data+=sizeof(struct ether_header);
len-=sizeof(struct ether_header); len-=sizeof(struct ether_header);
/* if vlans, push past VLAN header (4 bytes) */ /* if vlans, push past VLAN header (4 bytes) */
if(type==ETHERTYPE_8021Q) { if(type==ETHERTYPE_8021Q) {
type=ntohs(*(u_int16_t *)(data + 2)); type=ntohs(*(u_int16_t *)(data + 2));
data+=4; data+=4;
len+=4; len+=4;
} }
if(type!=ETHERTYPE_IP) if(type!=ETHERTYPE_IP)
return; return;
break; break;
case DLT_IEEE802:
data+=22;
len-=22;
break;
case DLT_FDDI:
data+=21;
len-=21;
break;
#ifdef __amigaos__
case DLT_MIAMI:
data+=16;
len-=16;
break;
#endif
case DLT_SLIP:
#ifdef DLT_SLIP_BSDOS
case DLT_SLIP_BSDOS:
#endif
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defin
ed(__bsdi__) || defined(__APPLE__)
data+=16;
len-=16;
#else
data+=24;
len-=24;
#endif
break;
case DLT_PPP:
#ifdef DLT_PPP_BSDOS
case DLT_PPP_BSDOS:
#endif
#ifdef DLT_PPP_SERIAL
case DLT_PPP_SERIAL:
#endif
#ifdef DLT_PPP_ETHER
case DLT_PPP_ETHER:
#endif
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defin
ed(__bsdi__) || defined(__APPLE__)
data+=4;
len-=4;
#else
#if defined(sun) || defined(__sun)
data+=8;
len-=8;
#else
data+=24;
len-=24;
#endif
#endif
break;
#ifdef DLT_ENC
case DLT_ENC:
data+=12;
len-=12;
break;
#endif
#ifdef DLT_LINUX_SLL
case DLT_LINUX_SLL:
data+=16;
len-=16;
break;
#endif
#ifdef DLT_IPNET
case DLT_IPNET:
data+=24;
len-=24;
break;
#endif
}
network_process_packet(n,(struct timeval *) &hdr->ts,(u_char *)data,len);
if(packet_cnt == conn_freq) {
packet_cnt = 0;
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
if((cleaned_conn = clean_old_conn()) && !(NET_print_flags & NET_PRINT_JS
ON))
printf("%d inactive connection(s) cleaned from connection pool\n", c
leaned_conn);
} else {
packet_cnt++;
} }
network_process_packet(n,&hdr->ts,data,len);
} }
typedef struct module_def_ { typedef struct module_def_ {
char *name; char *name;
proto_mod *mod; proto_mod *mod;
} module_def; } module_def;
static module_def modules[]={ static module_def modules[]={
{"SSL",&ssl_mod}, {"SSL",&ssl_mod},
{"NULL",&null_mod}, {"NULL",&null_mod},
skipping to change at line 181 skipping to change at line 306
#endif #endif
{0,0} {0,0}
}; };
int parse_ssl_flag PROTO_LIST((int c)); int parse_ssl_flag PROTO_LIST((int c));
int main(argc,argv) int main(argc,argv)
int argc; int argc;
char **argv; char **argv;
{ {
pcap_t *p;
int r; int r;
n_handler *n;
#ifdef _WIN32 #ifdef _WIN32
__declspec(dllimport) char *optarg; __declspec(dllimport) char *optarg;
__declspec(dllimport) int optind; __declspec(dllimport) int optind;
#else #else
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;
#endif #endif
char *interface_name=0; pcap_if_t *interfaces;
char *file=0;
char *filter=0;
proto_mod *mod=&ssl_mod;
bpf_u_int32 localnet,netmask; bpf_u_int32 localnet,netmask;
int c; int c;
module_def *m=0; module_def *m=0;
int no_promiscuous=0; int no_promiscuous=0;
int freed_conn=0;
char errbuf[PCAP_ERRBUF_SIZE]; char errbuf[PCAP_ERRBUF_SIZE];
signal(SIGINT,sig_handler); signal(SIGINT,sig_handler);
while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ while((c=getopt(argc,argv,"vr:F:f:S:jyTt:ai:k:l:w:p:nsAxXhHVNdqem:P"))!=EOF) {
switch(c){ switch(c){
case 'v': case 'v':
print_version(); print_version();
break; break;
case 'f': case 'f':
fprintf(stderr,"-f option replaced by -r. Use that in the future\n"); fprintf(stderr,"-f option replaced by -r. Use that in the future\n");
case 'r': case 'r':
file=strdup(optarg); file=strdup(optarg);
break; break;
case 'S': case 'S':
ssl_mod.vtbl->parse_flags(optarg); ssl_mod.vtbl->parse_flags(optarg);
break; break;
case 'y': case 'y':
NET_print_flags|=NET_PRINT_TYPESET; NET_print_flags|=NET_PRINT_TYPESET;
/*Kludge*/ /*Kludge*/
SSL_print_flags |= SSL_PRINT_NROFF; SSL_print_flags |= SSL_PRINT_NROFF;
break; break;
case 'j':
NET_print_flags |= NET_PRINT_JSON;
SSL_print_flags |= SSL_PRINT_JSON;
break;
case 'a': case 'a':
NET_print_flags |= NET_PRINT_ACKS; NET_print_flags |= NET_PRINT_ACKS;
break; break;
case 'A':
SSL_print_flags |= SSL_PRINT_ALL_FIELDS;
break;
case 'T': case 'T':
NET_print_flags |= NET_PRINT_TCP_HDR; NET_print_flags |= NET_PRINT_TCP_HDR;
break; break;
case 'i': case 'i':
interface_name=strdup(optarg); interface_name=strdup(optarg);
break; break;
case 'k': case 'k':
SSL_keyfile=strdup(optarg); SSL_keyfile=strdup(optarg);
break; break;
case 'l':
SSL_keylogfile=strdup(optarg);
break;
case 'w':
logger=&pcap_mod;
if(logger->vtbl->init(optarg)!=0){
fprintf(stderr,"Can not open/create out pcap %s\n",
optarg);
exit(1);
}
break;
case 'p': case 'p':
SSL_password=strdup(optarg); SSL_password=strdup(optarg);
break; break;
case 'P': case 'P':
++no_promiscuous; ++no_promiscuous;
break; break;
case 'n': case 'n':
NET_print_flags |= NET_PRINT_NO_RESOLVE; NET_print_flags |= NET_PRINT_NO_RESOLVE;
break; break;
case 't':
conn_ttl=atoi(optarg);
break;
case 'F':
conn_freq=atoi(optarg);
break;
case 'm': case 'm':
for(m=modules;m->name!=0;m++){ for(m=modules;m->name!=0;m++){
if(!strcmp(m->name,optarg)){ if(!strcmp(m->name,optarg)){
mod=m->mod; mod=m->mod;
break; break;
} }
} }
if(!m->name){ if(!m->name){
fprintf(stderr,"Request analysis module %s not found\n", fprintf(stderr,"Request analysis module %s not found\n",
optarg); optarg);
skipping to change at line 278 skipping to change at line 423
parse_ssl_flag(c); parse_ssl_flag(c);
break; break;
} }
} }
argv+=optind; argv+=optind;
argc-=optind; argc-=optind;
if(!file){ if(!file){
if(!interface_name){ if(!interface_name){
interface_name=pcap_lookupdev(errbuf); if(pcap_findalldevs(&interfaces,errbuf)==-1) {
fprintf(stderr,"PCAP: %s\n",errbuf);
err_exit("Aborting",-1);
}
interface_name=interfaces->name;
if(!interface_name){ if(!interface_name){
fprintf(stderr,"PCAP: %s\n",errbuf); fprintf(stderr,"PCAP: %s\n",errbuf);
err_exit("Aborting",-1); err_exit("Aborting",-1);
} }
} }
if(!(p=pcap_open_live(interface_name,5000,!no_promiscuous,1000,errbuf))){ if(!(p=pcap_open_live(interface_name,65535,!no_promiscuous,1000,errbuf))){
fprintf(stderr,"PCAP: %s\n",errbuf); fprintf(stderr,"PCAP: %s\n",errbuf);
err_exit("Aborting",-1); err_exit("Aborting",-1);
} }
if (pcap_lookupnet(interface_name, &localnet, &netmask, errbuf) < 0) if (pcap_lookupnet(interface_name, &localnet, &netmask, errbuf) < 0)
verr_exit("PCAP: %s\n",errbuf); fprintf(stderr,"PCAP: %s\n", errbuf);
} }
else{ else{
if(!(p=pcap_open_offline(file,errbuf))){ if(!(p=pcap_open_offline(file,errbuf))){
fprintf(stderr,"PCAP: %s\n",errbuf); fprintf(stderr,"PCAP: %s\n",errbuf);
err_exit("Aborting",-1); err_exit("Aborting",-1);
} }
netmask=0; netmask=0;
localnet=0; localnet=0;
} }
if(argc!=0) if(argc!=0)
filter=collapse_args(argc,argv); filter=collapse_args(argc,argv);
if(filter){ if(filter){
struct bpf_program fp; struct bpf_program fp;
/* (F5 patch)
* reformat filter to include traffic with or without the 802.1q
* vlan header. for example, "port 80" becomes:
* "( port 80 ) or ( vlan and port 80 )".
* note that if the filter includes the literals vlan, tagged, or
* untagged, then it is assumed that the user knows what she is
* doing, and the filter is not reformatted.
*/
if ((pcap_datalink(p) == DLT_EN10MB) &&
(filter != NULL) &&
(strstr(filter,"vlan") == NULL)) {
char *tmp_filter;
char *fmt = "( (not ether proto 0x8100) and (%s) ) or ( vlan and (%s)
)";
tmp_filter = (char *)malloc((strlen(filter) * 2) + strlen(fmt) + 1);
if (tmp_filter == NULL) {
fprintf(stderr,"PCAP: malloc failed\n");
err_exit("Aborting",-1);
}
sprintf(tmp_filter,fmt,filter,filter);
free(filter);
filter = tmp_filter;
}
if(pcap_compile(p,&fp,filter,0,netmask)<0) if(pcap_compile(p,&fp,filter,0,netmask)<0)
verr_exit("PCAP: %s\n",pcap_geterr(p)); verr_exit("PCAP: %s\n",pcap_geterr(p));
if(pcap_setfilter(p,&fp)<0) if(pcap_setfilter(p,&fp)<0)
verr_exit("PCAP: %s\n",pcap_geterr(p)); verr_exit("PCAP: %s\n",pcap_geterr(p));
} }
pcap_if_type=pcap_datalink(p); pcap_if_type=pcap_datalink(p);
if(NET_print_flags & NET_PRINT_TYPESET) if(!(NET_print_flags & NET_PRINT_JSON))
printf("\n.nf\n.ps -2\n"); if(NET_print_flags & NET_PRINT_TYPESET)
printf("\n.nf\n.ps -2\n");
if(r=network_handler_create(mod,&n)) if((r=network_handler_create(mod,&n)))
err_exit("Couldn't create network handler",r); err_exit("Couldn't create network handler",r);
pcap_loop(p,-1,pcap_cb,(u_char *)n); pcap_loop(p,-1,pcap_cb,(u_char *)n);
if(NET_print_flags & NET_PRINT_TYPESET) if(!(NET_print_flags & NET_PRINT_JSON))
printf("\n.ps\n.fi\n"); if(NET_print_flags & NET_PRINT_TYPESET)
printf("\n.ps\n.fi\n");
freed_conn = destroy_all_conn();
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n", free
d_conn);
network_handler_destroy(mod, &n);
pcap_close(p);
free(n);
if(filter)
free(filter);
if(file)
free(file);
if(interface_name)
free(interface_name);
if(SSL_keyfile)
free(SSL_keyfile);
if(SSL_keylogfile)
free(SSL_keylogfile);
if(SSL_password)
free(SSL_password);
if (logger)
{
logger->vtbl->deinit();
}
exit(0); exit(0);
} }
char *collapse_args(argc,argv) char *collapse_args(argc,argv)
int argc; int argc;
char **argv; char **argv;
{ {
int i,len=0; int i,len=0;
char *ret; char *ret;
 End of changes. 37 change blocks. 
49 lines changed or deleted 259 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)