ettercap-0.8.3.1.tar.gz: .../ec_sniff_unified.c

"Fossies" - the Fresh Open Source Software Archive

Member "ettercap-0.8.3.1/src/ec_sniff_unified.c" (1 Aug 2020, 5128 Bytes) of package /linux/privat/ettercap-0.8.3.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ec_sniff_unified.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report:

0.8.3_vs_0.8.3.1.

1 /* 2 ettercap -- unified sniffing method module 3 4 Copyright (C) ALoR & NaGA 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program; if not, write to the Free Software 18 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 20 */ 21 22 #include <ec.h> 23 #include <ec_capture.h> 24 #include <ec_send.h> 25 #include <ec_threads.h> 26 #include <ec_inject.h> 27 #include <ec_conntrack.h> 28 #include <ec_sslwrap.h> 29 30 /* proto */ 31 void start_unified_sniff(void); 32 void stop_unified_sniff(void); 33 void forward_unified_sniff(struct packet_object *po); 34 void unified_check_forwarded(struct packet_object *po); 35 void unified_set_forwardable(struct packet_object *po); 36 37 /*******************************************/ 38 39 /* 40 * creates the threads for capturing 41 */ 42 void start_unified_sniff(void) 43 { 44 DEBUG_MSG("start_unified_sniff"); 45 if (EC_GBL_SNIFF->active == 1) { 46 USER_MSG("Unified sniffing already started...\n"); 47 return; 48 } 49 50 USER_MSG("Starting Unified sniffing...\n\n"); 51 52 /* create the timeouter thread */ 53 if (!EC_GBL_OPTIONS->read) { 54 pthread_t pid; 55 56 pid = ec_thread_getpid("timer"); 57 if (pthread_equal(pid, ec_thread_getpid(NULL))) 58 ec_thread_new("timer", "conntrack timeouter", &conntrack_timeouter, NULL); 59 } 60 61 /* create the thread for packet capture */ 62 capture_start(EC_GBL_IFACE); 63 64 if(EC_GBL_OPTIONS->secondary) 65 secondary_sources_foreach(capture_start); 66 67 /* start ssl_wrapper thread */ 68 if (!EC_GBL_OPTIONS->read && !EC_GBL_OPTIONS->unoffensive && !EC_GBL_OPTIONS->only_mitm && EC_GBL_OPTIONS->ssl_mitm) 69 ec_thread_new("sslwrap", "wrapper for ssl connections", &sslw_start, NULL); 70 71 EC_GBL_SNIFF->active = 1; 72 } 73 74 75 /* 76 * kill the capturing threads, but leave untouched the others 77 */ 78 void stop_unified_sniff(void) 79 { 80 pthread_t pid; 81 82 DEBUG_MSG("stop_unified_sniff"); 83 84 if (EC_GBL_SNIFF->active == 0) { 85 USER_MSG("Unified sniffing is not running...\n"); 86 return; 87 } 88 89 /* kill it */ 90 capture_stop(EC_GBL_IFACE); 91 92 if(EC_GBL_OPTIONS->secondary) 93 secondary_sources_foreach(capture_stop); 94 95 pid = ec_thread_getpid("sslwrap"); 96 if (!pthread_equal(pid, ec_thread_getpid(NULL))) 97 ec_thread_destroy(pid); 98 99 USER_MSG("Unified sniffing was stopped.\n"); 100 101 EC_GBL_SNIFF->active = 0; 102 } 103 104 105 void forward_unified_sniff(struct packet_object *po) 106 { 107 /* if it was not initialized, no packet are forwardable */ 108 switch(ntohs(po->L3.proto)) { 109 case LL_TYPE_IP: 110 if(!EC_GBL_LNET->lnet_IP4) 111 return; 112 if(!(EC_GBL_IFACE->has_ipv4)) 113 return; 114 break; 115 case LL_TYPE_IP6: 116 if(!EC_GBL_LNET->lnet_IP6) 117 return; 118 if(!(EC_GBL_IFACE->has_ipv6)) 119 return; 120 break; 121 } 122 123 /* if unoffensive is set, don't forward any packet */ 124 if (EC_GBL_OPTIONS->unoffensive || EC_GBL_OPTIONS->read) 125 return; 126 127 /* 128 * forward the packet to Layer 3, the kernel 129 * will route them to the correct destination (host or gw) 130 */ 131 132 /* don't forward dropped packets */ 133 if ((po->flags & PO_DROPPED) == 0) 134 send_to_L3(po); 135 136 /* 137 * if the packet was modified and it exceeded the mtu, 138 * we have to inject the exceeded data 139 */ 140 if (po->DATA.inject) 141 inject_buffer(po); 142 } 143 144 /* 145 * check if the packet has been forwarded by us 146 * the source mac address is our, but the ip address is different 147 */ 148 void unified_check_forwarded(struct packet_object *po) 149 { 150 /* the interface was not configured, the packets are not forwardable */ 151 if (!EC_GBL_IFACE->is_ready) 152 return; 153 154 /* 155 * dont sniff forwarded packets (equal mac, different ip) 156 * but only if we are on live connections 157 */ 158 if (EC_GBL_CONF->skip_forwarded && !EC_GBL_OPTIONS->read && 159 !memcmp(EC_GBL_IFACE->mac, po->L2.src, MEDIA_ADDR_LEN) && 160 ip_addr_is_ours(&po->L3.src) != E_FOUND) { 161 po->flags |= PO_FORWARDED; 162 } 163 } 164 165 /* 166 * if the dest mac address of the packet is 167 * the same of EC_GBL_IFACE->mac but the dest ip is 168 * not the same as EC_GBL_IFACE->ip, the packet is not 169 * for us and we can do mitm on it before forwarding. 170 */ 171 void unified_set_forwardable(struct packet_object *po) 172 { 173 /* 174 * if the mac is our, but the ip is not... 175 * it has to be forwarded 176 */ 177 if (!memcmp(EC_GBL_IFACE->mac, po->L2.dst, MEDIA_ADDR_LEN) && 178 memcmp(EC_GBL_IFACE->mac, po->L2.src, MEDIA_ADDR_LEN) && 179 ip_addr_is_ours(&po->L3.dst) != E_FOUND) { 180 po->flags |= PO_FORWARDABLE; 181 } 182 183 } 184 185 186 /* EOF */ 187 188 // vim:ts=3:expandtab 189