Context Navigation

source: bootcd/isolinux/syslinux-6.03/gpxe/src/util/hijack.c

Last change on this file was e16e8f2, checked in by Edwin Eefting <edwin@datux.nl>, 3 years ago
bootstuff
Property mode set to `100644`
File size: 13.7 KB

Rev	Line
[e16e8f2]	1	#include <stdio.h>
	2	#include <stdlib.h>
	3	#include <unistd.h>
	4	#include <string.h>
	5	#include <stdarg.h>
	6	#include <errno.h>
	7	#include <fcntl.h>
	8	#include <libgen.h>
	9	#include <signal.h>
	10	#include <net/if.h>
	11	#include <net/ethernet.h>
	12	#include <sys/select.h>
	13	#include <sys/socket.h>
	14	#include <sys/stat.h>
	15	#include <sys/un.h>
	16	#include <syslog.h>
	17	#include <getopt.h>
	18	#include <pcap.h>
	19
	20	#define SNAPLEN 1600
	21
	22	/*
	23	* FIXME: is there a way to detect the version of the libpcap library?
	24	* Version 0.9 has pcap_inject; version 0.8 doesn't, but both report
	25	* their version number as 2.4.
	26	*/
	27	#define HAVE_PCAP_INJECT 0
	28
	29	struct hijack {
	30	pcap_t *pcap;
	31	int fd;
	32	int datalink;
	33	int filtered;
	34	unsigned long rx_count;
	35	unsigned long tx_count;
	36	};
	37
	38	struct hijack_listener {
	39	struct sockaddr_un sun;
	40	int fd;
	41	};
	42
	43	struct hijack_options {
	44	char interface[IF_NAMESIZE];
	45	int daemonise;
	46	};
	47
	48	static int daemonised = 0;
	49
	50	static int signalled = 0;
	51
	52	static void flag_signalled ( int signal __attribute__ (( unused )) ) {
	53	signalled = 1;
	54	}
	55
	56	#if ! HAVE_PCAP_INJECT
	57	/**
	58	* Substitute for pcap_inject(), if this version of libpcap doesn't
	59	* have it. Will almost certainly only work under Linux.
	60	*
	61	*/
	62	int pcap_inject ( pcap_t pcap, const void data, size_t len ) {
	63	int fd;
	64	char *errbuf = pcap_geterr ( pcap );
	65
	66	fd = pcap_get_selectable_fd ( pcap );
	67	if ( fd < 0 ) {
	68	snprintf ( errbuf, PCAP_ERRBUF_SIZE,
	69	"could not get file descriptor" );
	70	return -1;
	71	}
	72	if ( write ( fd, data, len ) != len ) {
	73	snprintf ( errbuf, PCAP_ERRBUF_SIZE,
	74	"could not write data: %s", strerror ( errno ) );
	75	return -1;
	76	}
	77	return len;
	78	}
	79	#endif /* ! HAVE_PCAP_INJECT */
	80
	81	/**
	82	* Log error message
	83	*
	84	*/
	85	static __attribute__ (( format ( printf, 2, 3 ) )) void
	86	logmsg ( int level, const char *format, ... ) {
	87	va_list ap;
	88
	89	va_start ( ap, format );
	90	if ( daemonised ) {
	91	vsyslog ( ( LOG_DAEMON \| level ), format, ap );
	92	} else {
	93	vfprintf ( stderr, format, ap );
	94	}
	95	va_end ( ap );
	96	}
	97
	98	/**
	99	* Open pcap device
	100	*
	101	*/
	102	static int hijack_open ( const char interface, struct hijack hijack ) {
	103	char errbuf[PCAP_ERRBUF_SIZE];
	104
	105	/* Open interface via pcap */
	106	errbuf[0] = '\0';
	107	hijack->pcap = pcap_open_live ( interface, SNAPLEN, 1, 0, errbuf );
	108	if ( ! hijack->pcap ) {
	109	logmsg ( LOG_ERR, "Failed to open %s: %s\n",
	110	interface, errbuf );
	111	goto err;
	112	}
	113	if ( errbuf[0] )
	114	logmsg ( LOG_WARNING, "Warning: %s\n", errbuf );
	115
	116	/* Set capture interface to non-blocking mode */
	117	if ( pcap_setnonblock ( hijack->pcap, 1, errbuf ) < 0 ) {
	118	logmsg ( LOG_ERR, "Could not make %s non-blocking: %s\n",
	119	interface, errbuf );
	120	goto err;
	121	}
	122
	123	/* Get file descriptor for select() */
	124	hijack->fd = pcap_get_selectable_fd ( hijack->pcap );
	125	if ( hijack->fd < 0 ) {
	126	logmsg ( LOG_ERR, "Cannot get selectable file descriptor "
	127	"for %s\n", interface );
	128	goto err;
	129	}
	130
	131	/* Get link layer type */
	132	hijack->datalink = pcap_datalink ( hijack->pcap );
	133
	134	return 0;
	135
	136	err:
	137	if ( hijack->pcap )
	138	pcap_close ( hijack->pcap );
	139	return -1;
	140	}
	141
	142	/**
	143	* Close pcap device
	144	*
	145	*/
	146	static void hijack_close ( struct hijack *hijack ) {
	147	pcap_close ( hijack->pcap );
	148	}
	149
	150	/**
	151	* Install filter for hijacked connection
	152	*
	153	*/
	154	static int hijack_install_filter ( struct hijack *hijack,
	155	char *filter ) {
	156	struct bpf_program program;
	157
	158	/* Compile filter */
	159	if ( pcap_compile ( hijack->pcap, &program, filter, 1, 0 ) < 0 ) {
	160	logmsg ( LOG_ERR, "could not compile filter \"%s\": %s\n",
	161	filter, pcap_geterr ( hijack->pcap ) );
	162	goto err_nofree;
	163	}
	164
	165	/* Install filter */
	166	if ( pcap_setfilter ( hijack->pcap, &program ) < 0 ) {
	167	logmsg ( LOG_ERR, "could not install filter \"%s\": %s\n",
	168	filter, pcap_geterr ( hijack->pcap ) );
	169	goto err;
	170	}
	171
	172	logmsg ( LOG_INFO, "using filter \"%s\"\n", filter );
	173
	174	pcap_freecode ( &program );
	175	return 0;
	176
	177	err:
	178	pcap_freecode ( &program );
	179	err_nofree:
	180	return -1;
	181	}
	182
	183	/**
	184	* Set up filter for hijacked ethernet connection
	185	*
	186	*/
	187	static int hijack_filter_ethernet ( struct hijack hijack, const char buf,
	188	size_t len ) {
	189	char filter[55]; /* see format string */
	190	struct ether_header ether_header = ( struct ether_header ) buf;
	191	unsigned char *hwaddr = ether_header->ether_shost;
	192
	193	if ( len < sizeof ( *ether_header ) )
	194	return -1;
	195
	196	snprintf ( filter, sizeof ( filter ), "broadcast or multicast or "
	197	"ether host %02x:%02x:%02x:%02x:%02x:%02x", hwaddr[0],
	198	hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5] );
	199
	200	return hijack_install_filter ( hijack, filter );
	201	}
	202
	203	/**
	204	* Set up filter for hijacked connection
	205	*
	206	*/
	207	static int hijack_filter ( struct hijack hijack, const char buf,
	208	size_t len ) {
	209	switch ( hijack->datalink ) {
	210	case DLT_EN10MB:
	211	return hijack_filter_ethernet ( hijack, buf, len );
	212	default:
	213	logmsg ( LOG_ERR, "unsupported protocol %s: cannot filter\n",
	214	( pcap_datalink_val_to_name ( hijack->datalink ) ?
	215	pcap_datalink_val_to_name ( hijack->datalink ) :
	216	"UNKNOWN" ) );
	217	/* Return success so we don't get called again */
	218	return 0;
	219	}
	220	}
	221
	222	/**
	223	* Forward data from hijacker
	224	*
	225	*/
	226	static ssize_t forward_from_hijacker ( struct hijack *hijack, int fd ) {
	227	char buf[SNAPLEN];
	228	ssize_t len;
	229
	230	/* Read packet from hijacker */
	231	len = read ( fd, buf, sizeof ( buf ) );
	232	if ( len < 0 ) {
	233	logmsg ( LOG_ERR, "read from hijacker failed: %s\n",
	234	strerror ( errno ) );
	235	return -1;
	236	}
	237	if ( len == 0 )
	238	return 0;
	239
	240	/* Set up filter if not already in place */
	241	if ( ! hijack->filtered ) {
	242	if ( hijack_filter ( hijack, buf, len ) == 0 )
	243	hijack->filtered = 1;
	244	}
	245
	246	/* Transmit packet to network */
	247	if ( pcap_inject ( hijack->pcap, buf, len ) != len ) {
	248	logmsg ( LOG_ERR, "write to hijacked port failed: %s\n",
	249	pcap_geterr ( hijack->pcap ) );
	250	return -1;
	251	}
	252
	253	hijack->tx_count++;
	254	return len;
	255	};
	256
	257	/**
	258	* Forward data to hijacker
	259	*
	260	*/
	261	static ssize_t forward_to_hijacker ( int fd, struct hijack *hijack ) {
	262	struct pcap_pkthdr *pkt_header;
	263	const unsigned char *pkt_data;
	264	ssize_t len;
	265
	266	/* Receive packet from network */
	267	if ( pcap_next_ex ( hijack->pcap, &pkt_header, &pkt_data ) < 0 ) {
	268	logmsg ( LOG_ERR, "read from hijacked port failed: %s\n",
	269	pcap_geterr ( hijack->pcap ) );
	270	return -1;
	271	}
	272	if ( pkt_header->caplen != pkt_header->len ) {
	273	logmsg ( LOG_ERR, "read partial packet (%d of %d bytes)\n",
	274	pkt_header->caplen, pkt_header->len );
	275	return -1;
	276	}
	277	if ( pkt_header->caplen == 0 )
	278	return 0;
	279	len = pkt_header->caplen;
	280
	281	/* Write packet to hijacker */
	282	if ( write ( fd, pkt_data, len ) != len ) {
	283	logmsg ( LOG_ERR, "write to hijacker failed: %s\n",
	284	strerror ( errno ) );
	285	return -1;
	286	}
	287
	288	hijack->rx_count++;
	289	return len;
	290	};
	291
	292
	293	/**
	294	* Run hijacker
	295	*
	296	*/
	297	static int run_hijacker ( const char *interface, int fd ) {
	298	struct hijack hijack;
	299	fd_set fdset;
	300	int max_fd;
	301	ssize_t len;
	302
	303	logmsg ( LOG_INFO, "new connection for %s\n", interface );
	304
	305	/* Open connection to network */
	306	memset ( &hijack, 0, sizeof ( hijack ) );
	307	if ( hijack_open ( interface, &hijack ) < 0 )
	308	goto err;
	309
	310	/* Do the forwarding */
	311	max_fd = ( ( fd > hijack.fd ) ? fd : hijack.fd );
	312	while ( 1 ) {
	313	/* Wait for available data */
	314	FD_ZERO ( &fdset );
	315	FD_SET ( fd, &fdset );
	316	FD_SET ( hijack.fd, &fdset );
	317	if ( select ( ( max_fd + 1 ), &fdset, NULL, NULL, 0 ) < 0 ) {
	318	logmsg ( LOG_ERR, "select failed: %s\n",
	319	strerror ( errno ) );
	320	goto err;
	321	}
	322	if ( FD_ISSET ( fd, &fdset ) ) {
	323	len = forward_from_hijacker ( &hijack, fd );
	324	if ( len < 0 )
	325	goto err;
	326	if ( len == 0 )
	327	break;
	328	}
	329	if ( FD_ISSET ( hijack.fd, &fdset ) ) {
	330	len = forward_to_hijacker ( fd, &hijack );
	331	if ( len < 0 )
	332	goto err;
	333	if ( len == 0 )
	334	break;
	335	}
	336	}
	337
	338	hijack_close ( &hijack );
	339	logmsg ( LOG_INFO, "closed connection for %s\n", interface );
	340	logmsg ( LOG_INFO, "received %ld packets, sent %ld packets\n",
	341	hijack.rx_count, hijack.tx_count );
	342
	343	return 0;
	344
	345	err:
	346	if ( hijack.pcap )
	347	hijack_close ( &hijack );
	348	return -1;
	349	}
	350
	351	/**
	352	* Open listener socket
	353	*
	354	*/
	355	static int open_listener ( const char *interface,
	356	struct hijack_listener *listener ) {
	357
	358	/* Create socket */
	359	listener->fd = socket ( PF_UNIX, SOCK_SEQPACKET, 0 );
	360	if ( listener->fd < 0 ) {
	361	logmsg ( LOG_ERR, "Could not create socket: %s\n",
	362	strerror ( errno ) );
	363	goto err;
	364	}
	365
	366	/* Bind to local filename */
	367	listener->sun.sun_family = AF_UNIX,
	368	snprintf ( listener->sun.sun_path, sizeof ( listener->sun.sun_path ),
	369	"/var/run/hijack-%s", interface );
	370	if ( bind ( listener->fd, ( struct sockaddr * ) &listener->sun,
	371	sizeof ( listener->sun ) ) < 0 ) {
	372	logmsg ( LOG_ERR, "Could not bind socket to %s: %s\n",
	373	listener->sun.sun_path, strerror ( errno ) );
	374	goto err;
	375	}
	376
	377	/* Set as a listening socket */
	378	if ( listen ( listener->fd, 0 ) < 0 ) {
	379	logmsg ( LOG_ERR, "Could not listen to %s: %s\n",
	380	listener->sun.sun_path, strerror ( errno ) );
	381	goto err;
	382	}
	383
	384	return 0;
	385
	386	err:
	387	if ( listener->fd >= 0 )
	388	close ( listener->fd );
	389	return -1;
	390	}
	391
	392	/**
	393	* Listen on listener socket
	394	*
	395	*/
	396	static int listen_for_hijackers ( struct hijack_listener *listener,
	397	const char *interface ) {
	398	int fd;
	399	pid_t child;
	400	int rc;
	401
	402	logmsg ( LOG_INFO, "Listening on %s\n", listener->sun.sun_path );
	403
	404	while ( ! signalled ) {
	405	/* Accept new connection, interruptibly */
	406	siginterrupt ( SIGINT, 1 );
	407	siginterrupt ( SIGHUP, 1 );
	408	fd = accept ( listener->fd, NULL, 0 );
	409	siginterrupt ( SIGINT, 0 );
	410	siginterrupt ( SIGHUP, 0 );
	411	if ( fd < 0 ) {
	412	if ( errno == EINTR ) {
	413	continue;
	414	} else {
	415	logmsg ( LOG_ERR, "accept failed: %s\n",
	416	strerror ( errno ) );
	417	goto err;
	418	}
	419	}
	420
	421	/* Fork child process */
	422	child = fork();
	423	if ( child < 0 ) {
	424	logmsg ( LOG_ERR, "fork failed: %s\n",
	425	strerror ( errno ) );
	426	goto err;
	427	}
	428	if ( child == 0 ) {
	429	/* I am the child; run the hijacker */
	430	rc = run_hijacker ( interface, fd );
	431	close ( fd );
	432	exit ( rc );
	433	}
	434
	435	close ( fd );
	436	}
	437
	438	logmsg ( LOG_INFO, "Stopped listening on %s\n",
	439	listener->sun.sun_path );
	440	return 0;
	441
	442	err:
	443	if ( fd >= 0 )
	444	close ( fd );
	445	return -1;
	446	}
	447
	448	/**
	449	* Close listener socket
	450	*
	451	*/
	452	static void close_listener ( struct hijack_listener *listener ) {
	453	close ( listener->fd );
	454	unlink ( listener->sun.sun_path );
	455	}
	456
	457	/**
	458	* Print usage
	459	*
	460	*/
	461	static void usage ( char **argv ) {
	462	logmsg ( LOG_ERR,
	463	"Usage: %s [options]\n"
	464	"\n"
	465	"Options:\n"
	466	" -h\|--help Print this help message\n"
	467	" -i\|--interface intf Use specified network interface\n"
	468	" -n\|--nodaemon Run in foreground\n",
	469	argv[0] );
	470	}
	471
	472	/**
	473	* Parse command-line options
	474	*
	475	*/
	476	static int parse_options ( int argc, char **argv,
	477	struct hijack_options *options ) {
	478	static struct option long_options[] = {
	479	{ "interface", 1, NULL, 'i' },
	480	{ "nodaemon", 0, NULL, 'n' },
	481	{ "help", 0, NULL, 'h' },
	482	{ },
	483	};
	484	int c;
	485
	486	/* Set default options */
	487	memset ( options, 0, sizeof ( *options ) );
	488	strncpy ( options->interface, "eth0", sizeof ( options->interface ) );
	489	options->daemonise = 1;
	490
	491	/* Parse command-line options */
	492	while ( 1 ) {
	493	int option_index = 0;
	494
	495	c = getopt_long ( argc, argv, "i:hn", long_options,
	496	&option_index );
	497	if ( c < 0 )
	498	break;
	499
	500	switch ( c ) {
	501	case 'i':
	502	strncpy ( options->interface, optarg,
	503	sizeof ( options->interface ) );
	504	break;
	505	case 'n':
	506	options->daemonise = 0;
	507	break;
	508	case 'h':
	509	usage( argv );
	510	return -1;
	511	case '?':
	512	/* Unrecognised option */
	513	return -1;
	514	default:
	515	logmsg ( LOG_ERR, "Unrecognised option '-%c'\n", c );
	516	return -1;
	517	}
	518	}
	519
	520	/* Check there's nothing left over on the command line */
	521	if ( optind != argc ) {
	522	usage ( argv );
	523	return -1;
	524	}
	525
	526	return 0;
	527	}
	528
	529	/**
	530	* Daemonise
	531	*
	532	*/
	533	static int daemonise ( const char *interface ) {
	534	char pidfile[16 + IF_NAMESIZE + 4]; /* "/var/run/hijack-<intf>.pid" */
	535	char pid[16];
	536	int pidlen;
	537	int fd = -1;
	538
	539	/* Daemonise */
	540	if ( daemon ( 0, 0 ) < 0 ) {
	541	logmsg ( LOG_ERR, "Could not daemonise: %s\n",
	542	strerror ( errno ) );
	543	goto err;
	544	}
	545	daemonised = 1; /* Direct messages to syslog now */
	546
	547	/* Open pid file */
	548	snprintf ( pidfile, sizeof ( pidfile ), "/var/run/hijack-%s.pid",
	549	interface );
	550	fd = open ( pidfile, ( O_WRONLY \| O_CREAT \| O_TRUNC ),
	551	( S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH ) );
	552	if ( fd < 0 ) {
	553	logmsg ( LOG_ERR, "Could not open %s for writing: %s\n",
	554	pidfile, strerror ( errno ) );
	555	goto err;
	556	}
	557
	558	/* Write pid to file */
	559	pidlen = snprintf ( pid, sizeof ( pid ), "%d\n", getpid() );
	560	if ( write ( fd, pid, pidlen ) != pidlen ) {
	561	logmsg ( LOG_ERR, "Could not write %s: %s\n",
	562	pidfile, strerror ( errno ) );
	563	goto err;
	564	}
	565
	566	close ( fd );
	567	return 0;
	568
	569	err:
	570	if ( fd >= 0 )
	571	close ( fd );
	572	return -1;
	573	}
	574
	575	int main ( int argc, char **argv ) {
	576	struct hijack_options options;
	577	struct hijack_listener listener;
	578	struct sigaction sa;
	579
	580	/* Parse command-line options */
	581	if ( parse_options ( argc, argv, &options ) < 0 )
	582	exit ( 1 );
	583
	584	/* Set up syslog connection */
	585	openlog ( basename ( argv[0] ), LOG_PID, LOG_DAEMON );
	586
	587	/* Set up listening socket */
	588	if ( open_listener ( options.interface, &listener ) < 0 )
	589	exit ( 1 );
	590
	591	/* Daemonise on demand */
	592	if ( options.daemonise ) {
	593	if ( daemonise ( options.interface ) < 0 )
	594	exit ( 1 );
	595	}
	596
	597	/* Avoid creating zombies */
	598	memset ( &sa, 0, sizeof ( sa ) );
	599	sa.sa_handler = SIG_IGN;
	600	sa.sa_flags = SA_RESTART \| SA_NOCLDWAIT;
	601	if ( sigaction ( SIGCHLD, &sa, NULL ) < 0 ) {
	602	logmsg ( LOG_ERR, "Could not set SIGCHLD handler: %s",
	603	strerror ( errno ) );
	604	exit ( 1 );
	605	}
	606
	607	/* Set 'signalled' flag on SIGINT or SIGHUP */
	608	sa.sa_handler = flag_signalled;
	609	sa.sa_flags = SA_RESTART \| SA_RESETHAND;
	610	if ( sigaction ( SIGINT, &sa, NULL ) < 0 ) {
	611	logmsg ( LOG_ERR, "Could not set SIGINT handler: %s",
	612	strerror ( errno ) );
	613	exit ( 1 );
	614	}
	615	if ( sigaction ( SIGHUP, &sa, NULL ) < 0 ) {
	616	logmsg ( LOG_ERR, "Could not set SIGHUP handler: %s",
	617	strerror ( errno ) );
	618	exit ( 1 );
	619	}
	620
	621	/* Listen for hijackers */
	622	if ( listen_for_hijackers ( &listener, options.interface ) < 0 )
	623	exit ( 1 );
	624
	625	close_listener ( &listener );
	626
	627	return 0;
	628	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: