![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to waitpacket.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / hping2|
Return to waitpacket.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / hping2 |
1.1 misho 1: /* waitpacket.c -- handle and print the incoming packet
2: * Copyright(C) 1999-2001 Salvatore Sanfilippo
3: * Under GPL, see the COPYING file for more information about
4: * the license. */
5:
6: #include <stdio.h>
7: #include <stdlib.h>
8: #include <string.h>
9: #include <sys/types.h>
10: #include <sys/socket.h>
11: #include <netinet/in.h>
12: #include <arpa/inet.h>
13: #include <errno.h>
14: #include <time.h>
15: #include <ctype.h>
16: #include <unistd.h>
17:
18: #include "hping2.h"
19: #include "globals.h"
20:
21: static int icmp_unreach_rtt(void *quoted_ip, int size,
22: int *seqp, float *ms_delay);
23: static void print_tcp_timestamp(void *tcp, int tcpsize);
24: static int recv_icmp(void *packet, size_t size);
25: static int recv_udp(void *packet, size_t size);
26: static int recv_tcp(void *packet, size_t size);
27: static void hex_dump(void *packet, int size);
28: static void human_dump(void *packet, int size);
29: static void handle_hcmp(char *packet, int size);
30:
31: static struct myiphdr ip;
32: static int ip_size;
33: static struct in_addr src, dst;
34:
35: void wait_packet(void)
36: {
37: int match = 0;
38: int size, iphdr_size, enc_size;
39: char packet [IP_MAX_SIZE+linkhdr_size];
40: char *ip_packet, *enc_packet;
41:
42: size = read_packet(packet, IP_MAX_SIZE+linkhdr_size);
43: switch(size) {
44: case 0:
45: return;
46: case -1:
47: exit(1);
48: }
49:
50: /* Check if the packet is shorter than the link header size */
51: if (size < linkhdr_size) {
52: if (opt_debug)
53: printf("DEBUG: WARNING: packet size < linkhdr_size\n");
54: return;
55: }
56:
57: /* IP packet pointer and len */
58: ip_packet = packet + linkhdr_size;
59: ip_size = size - linkhdr_size;
60:
61: /* Truncated IP header? */
62: if (ip_size < IPHDR_SIZE) {
63: if (opt_debug)
64: printf("[|ip fix]\n");
65: return;
66: }
67:
68: memcpy(&ip, packet+linkhdr_size, sizeof(ip));
69: iphdr_size = ip.ihl * 4;
70:
71: /* Bad IP header len? */
72: if (iphdr_size > ip_size) {
73: if (opt_debug)
74: printf("[|iphdr size]\n");
75: return;
76: }
77:
78: /* Handle the HCMP for almost safe file transfer with hping */
79: if (opt_sign)
80: handle_hcmp(ip_packet, ip_size);
81:
82: /* Check if the dest IP address is the one of our interface */
83: if (memcmp(&ip.daddr, &local.sin_addr, sizeof(ip.daddr)))
84: return;
85: /* If the packet isn't an ICMP error it should come from
86: * our target IP addresss. We accepts packets from all the
87: * source if the random destination option is active */
88: if (ip.protocol != IPPROTO_ICMP && !opt_rand_dest) {
89: if (memcmp(&ip.saddr, &remote.sin_addr, sizeof(ip.saddr)))
90: return;
91: }
92:
93: /* Get the encapsulated protocol offset and size */
94: enc_packet = ip_packet + iphdr_size;
95: enc_size = ip_size - iphdr_size;
96:
97: /* Put the IP source and dest addresses in a struct in_addr */
98: memcpy(&src, &(ip.saddr), sizeof(struct in_addr));
99: memcpy(&dst, &(ip.daddr), sizeof(struct in_addr));
100:
101: switch(ip.protocol) {
102: case IPPROTO_ICMP:
103: match = recv_icmp(enc_packet, enc_size);
104: break;
105: case IPPROTO_UDP:
106: match = recv_udp(enc_packet, enc_size);
107: break;
108: case IPPROTO_TCP:
109: match = recv_tcp(enc_packet, enc_size);
110: break;
111: default:
112: return;
113: }
114:
115: if (match)
116: recv_pkt++;
117:
118: /* Dump the packet in hex */
119: if (opt_hexdump && match && !opt_quiet)
120: hex_dump(ip_packet, ip_size);
121:
122: /* Dump printable characters inside the packet */
123: if (opt_contdump && match && !opt_quiet)
124: human_dump(ip_packet, ip_size);
125:
126: /* Display IP options */
127: if (match && opt_rroute && !opt_quiet)
128: display_ipopt(ip_packet);
129:
130: /* --stop-tr stops hping in traceroute mode when the
131: * first not ICMP time exceeded packet is received */
132: if (opt_traceroute && opt_tr_stop && match) {
133: struct myicmphdr icmp;
134:
135: if (ip.protocol != IPPROTO_ICMP)
136: print_statistics(0);
137: if (enc_size >= ICMPHDR_SIZE) {
138: memcpy(&icmp, enc_packet, sizeof(icmp));
139: if (icmp.type != 11)
140: print_statistics(0);
141: }
142: }
143:
144: /* if the count was reached exit now */
145: if (count != -1 && count == recv_pkt)
146: print_statistics(0);
147: }
148:
149: void log_ip(int status, int sequence)
150: {
151: int rel_id, ip_id;
152:
153: /* get ip->id */
154: if (opt_winid_order)
155: ip_id = ip.id;
156: else
157: ip_id = htons(ip.id);
158:
159: if (status == S_RECV)
160: printf("DUP! ");
161:
162: if (opt_relid)
163: rel_id = relativize_id(sequence, &ip_id);
164: else
165: rel_id = 0;
166: printf("len=%d ip=%s ttl=%d %sid%s%d ", ip_size, inet_ntoa(src),
167: ip.ttl,
168: (ntohs(ip.frag_off) ? "DF " : ""),
169: (rel_id ? "=+" : "="), ip_id);
170: if (opt_verbose && !opt_quiet)
171: printf("tos=%x iplen=%u\n", ip.tos, htons(ip.tot_len));
172: }
173:
174: void log_icmp_ts(void *ts)
175: {
176: struct icmp_tstamp_data icmp_tstamp;
177:
178: memcpy(&icmp_tstamp, ts, sizeof(icmp_tstamp));
179: printf("ICMP timestamp: Originate=%u Receive=%u Transmit=%u\n",
180: (unsigned int) ntohl(icmp_tstamp.orig),
181: (unsigned int) ntohl(icmp_tstamp.recv),
182: (unsigned int) ntohl(icmp_tstamp.tran));
183: printf("ICMP timestamp RTT tsrtt=%lu\n\n",
184: (long unsigned int) (get_midnight_ut_ms()
185: - ntohl(icmp_tstamp.orig)));
186: }
187:
188: void log_icmp_addr(void *addrptr)
189: {
190: unsigned char *addr = addrptr;
191: printf("ICMP address mask: icmpam=%u.%u.%u.%u\n\n",
192: addr[0], addr[1], addr[2], addr[3]);
193: }
194:
195: void log_traceroute(void *packet, int size, int icmp_code)
196: {
197: static unsigned char old_src_addr[4] = { 0, 0, 0, 0 };
198: int sequence = 0, retval;
199: float rtt;
200:
201: if (!opt_tr_keep_ttl && !memcmp(&ip.saddr, old_src_addr, 4))
202: return;
203:
204: retval = icmp_unreach_rtt(packet+ICMPHDR_SIZE, size-ICMPHDR_SIZE,
205: &sequence, &rtt);
206: memcpy(old_src_addr, &ip.saddr, sizeof(ip.saddr));
207: printf("hop=%d ", src_ttl);
208: fflush(stdout);
209: log_icmp_timeexc(inet_ntoa(src), icmp_code);
210: if (retval != -1)
211: printf("hop=%d hoprtt=%.1f ms\n",
212: src_ttl, rtt);
213: if (!opt_tr_keep_ttl)
214: src_ttl++;
215: }
216:
217: int recv_icmp(void *packet, size_t size)
218: {
219: struct myicmphdr icmp;
220: struct myiphdr quoted_ip;
221:
222: /* Check if the packet can contain the ICMP header */
223: if (size < ICMPHDR_SIZE) {
224: printf("[|icmp]\n");
225: return 0;
226: }
227: memcpy(&icmp, packet, sizeof(icmp));
228:
229: /* --------------------------- *
230: * ICMP ECHO/TIMESTAMP/ADDRESS *
231: * --------------------------- */
232: if ((icmp.type == ICMP_ECHOREPLY ||
233: icmp.type == ICMP_TIMESTAMPREPLY ||
234: icmp.type == ICMP_ADDRESSREPLY) &&
235: icmp.un.echo.id == (getpid() & 0xffff))
236: {
237: int icmp_seq = icmp.un.echo.sequence;
238: int status;
239: float ms_delay;
240:
241: /* obtain round trip time */
242: status = rtt(&icmp_seq, 0, &ms_delay);
243: log_ip(status, icmp_seq);
244:
245: printf("icmp_seq=%d rtt=%.1f ms\n", icmp_seq, ms_delay);
246: if (icmp.type == ICMP_TIMESTAMPREPLY) {
247: if ((size - ICMPHDR_SIZE) >= 12)
248: log_icmp_ts(packet+ICMPHDR_SIZE);
249: else
250: printf("[|icmp timestamp]\n");
251: } else if (icmp.type == ICMP_ADDRESSREPLY) {
252: if ((size - ICMPHDR_SIZE) >= 4)
253: log_icmp_addr(packet+ICMPHDR_SIZE);
254: else
255: printf("[|icmp subnet address]\n");
256: }
257: return 1;
258: }
259: /* ------------------------------------ *
260: * ICMP DEST UNREACHABLE, TIME EXCEEDED *
261: * ------------------------------------ */
262: else if (icmp.type == 3 || icmp.type == 11) {
263: if ((size - ICMPHDR_SIZE) < sizeof(struct myiphdr)) {
264: printf("[|icmp quoted ip]\n");
265: return 0;
266: }
267: memcpy("ed_ip, packet+ICMPHDR_SIZE, sizeof(quoted_ip));
268: if (memcmp("ed_ip.daddr, &remote.sin_addr,
269: sizeof(quoted_ip.daddr)) ||
270: memcmp(&ip.daddr, &local.sin_addr, sizeof(ip.daddr)))
271: return 0; /* addresses don't match */
272: /* Now we can handle the specific type */
273: switch(icmp.type) {
274: case 3:
275: if (!opt_quiet)
276: log_icmp_unreach(inet_ntoa(src), icmp.code);
277: return 1;
278: case 11:
279: if (opt_traceroute)
280: log_traceroute(packet, size, icmp.code);
281: else
282: log_icmp_timeexc(inet_ntoa(src), icmp.code);
283: return 1;
284: }
285: }
286:
287: return 0; /* don't match */
288: }
289:
290: int recv_udp(void *packet, size_t size)
291: {
292: struct myudphdr udp;
293: int sequence = 0, status;
294: float ms_delay;
295:
296: if (size < UDPHDR_SIZE) {
297: printf("[|udp]\n");
298: return 0;
299: }
300: memcpy(&udp, packet, sizeof(udp));
301:
302: /* check if the packet matches */
303: if ((ntohs(udp.uh_sport) == dst_port) ||
304: (opt_force_incdport &&
305: (ntohs(udp.uh_sport) >= base_dst_port &&
306: ntohs(udp.uh_sport) <= dst_port)))
307: {
308: status = rtt(&sequence, ntohs(udp.uh_dport), &ms_delay);
309: if (!opt_quiet) {
310: log_ip(status, sequence);
311: printf("seq=%d rtt=%.1f ms\n", sequence, ms_delay);
312: }
313: if (opt_incdport && !opt_force_incdport)
314: dst_port++;
315: return 1;
316: }
317: return 0;
318: }
319:
320: int recv_tcp(void *packet, size_t size)
321: {
322: struct mytcphdr tcp;
323: int sequence = 0, status;
324: float ms_delay;
325: char flags[16];
326:
327: if (size < TCPHDR_SIZE) {
328: printf("[|tcp]\n");
329: return 0;
330: }
331: memcpy(&tcp, packet, sizeof(tcp));
332:
333: /* check if the packet matches */
334: if ((ntohs(tcp.th_sport) == dst_port) ||
335: (opt_force_incdport &&
336: (ntohs(tcp.th_sport) >= base_dst_port &&
337: ntohs(tcp.th_sport) <= dst_port)))
338: {
339: tcp_exitcode = tcp.th_flags;
340:
341: status = rtt(&sequence, ntohs(tcp.th_dport), &ms_delay);
342:
343: if (opt_seqnum) {
344: static __u32 old_th_seq = 0;
345: __u32 seq_diff, tmp;
346:
347: tmp = ntohl(tcp.th_seq);
348: if (tmp >= old_th_seq)
349: seq_diff = tmp - old_th_seq;
350: else
351: seq_diff = (4294967295U - old_th_seq)
352: + tmp;
353: old_th_seq = tmp;
354: printf("%10lu +%lu\n",
355: (unsigned long) tmp,
356: (unsigned long) seq_diff);
357: goto out;
358: }
359:
360: if (opt_quiet)
361: goto out;
362:
363: flags[0] = '\0';
364: if (tcp.th_flags & TH_RST) strcat(flags, "R");
365: if (tcp.th_flags & TH_SYN) strcat(flags, "S");
366: if (tcp.th_flags & TH_ACK) strcat(flags, "A");
367: if (tcp.th_flags & TH_FIN) strcat(flags, "F");
368: if (tcp.th_flags & TH_PUSH) strcat(flags, "P");
369: if (tcp.th_flags & TH_URG) strcat(flags, "U");
370: if (tcp.th_flags & TH_X) strcat(flags, "X");
371: if (tcp.th_flags & TH_Y) strcat(flags, "Y");
372: if (flags[0] == '\0') strcat(flags, "none");
373:
374: log_ip(status, sequence);
375: printf("sport=%d flags=%s seq=%d win=%d rtt=%.1f ms\n",
376: ntohs(tcp.th_sport), flags, sequence,
377: ntohs(tcp.th_win), ms_delay);
378:
379: if (opt_verbose) {
380: printf("seq=%lu ack=%lu sum=%x urp=%u\n\n",
381: (unsigned long) ntohl(tcp.th_seq),
382: (unsigned long) ntohl(tcp.th_ack),
383: tcp.th_sum, ntohs(tcp.th_urp));
384: }
385:
386: /* Get and log the TCP timestamp */
387: if (opt_tcp_timestamp)
388: print_tcp_timestamp(packet, size);
389: out:
390: if (opt_incdport && !opt_force_incdport)
391: dst_port++;
392: return 1;
393: }
394: return 0;
395: }
396:
397: /* Try to extract information about the original packet from the
398: * ICMP error to obtain the round time trip
399: *
400: * Note that size is the the packet size starting from the
401: * IP packet quoted in the ICMP error, it may be negative
402: * if the ICMP is broken */
403: int icmp_unreach_rtt(void *quoted_ip, int size, int *seqp, float *ms_delay)
404: {
405: int src_port;
406: int sequence = 0;
407: int quoted_iphdr_size;
408: struct myudphdr udp;
409: struct myicmphdr icmp;
410: struct myiphdr qip;
411:
412: /* The user specified --no-rtt */
413: if (opt_tr_no_rtt)
414: return -1;
415:
416: if (size < sizeof(struct myiphdr))
417: return -1;
418: memcpy(&qip, quoted_ip, sizeof(struct myiphdr));
419: quoted_iphdr_size = qip.ihl << 2;
420: /* Ok, enough room, try to get the rtt,
421: * but check if the original packet was an UDP/TCP one */
422: if (qip.protocol == IPPROTO_TCP ||
423: qip.protocol == IPPROTO_UDP) {
424: /* We need at least 2 bytes of the quoted UDP/TCP header
425: * for the source port */
426: if ((size - quoted_iphdr_size) < 2)
427: return -1;
428:
429: /* Use the UDP header for both UDP and TCP, they are
430: * the same in the 4 first bytes (source and dest port) */
431: memcpy(&udp, quoted_ip+quoted_iphdr_size, sizeof(udp));
432: src_port = htons(udp.uh_sport);
433: return rtt(&sequence, src_port, ms_delay);
434: } else if (qip.protocol == IPPROTO_ICMP) {
435: int s;
436:
437: /* We need the whole 8 byte ICMP header to get
438: * the sequence field, also the type must be
439: * ICMP_ECHO */
440: memcpy(&icmp, quoted_ip+quoted_iphdr_size, sizeof(icmp));
441: if ((size - quoted_iphdr_size) < 8 ||
442: icmp.type != ICMP_ECHO)
443: return -1;
444:
445: s = icmp.un.echo.sequence;
446: return rtt(&s, 0, ms_delay);
447: }
448: return -1; /* no way */
449: }
450:
451: void print_tcp_timestamp(void *tcp, int tcpsize)
452: {
453: int optlen;
454: unsigned char *opt;
455: __u32 tstamp, echo;
456: static __u32 last_tstamp = 0;
457: struct mytcphdr tmptcphdr;
458: unsigned int tcphdrlen;
459:
460: if (tcpsize < TCPHDR_SIZE)
461: return;
462: memcpy(&tmptcphdr, tcp, sizeof(struct mytcphdr));
463: tcphdrlen = tmptcphdr.th_off * 4;
464:
465: /* bad len or no options in the TCP header */
466: if (tcphdrlen <= 20 || tcphdrlen < tcpsize)
467: return;
468: optlen = tcphdrlen - TCPHDR_SIZE;
469: opt = (unsigned char*)tcp + TCPHDR_SIZE; /* skips the TCP fix header */
470: while(optlen) {
471: switch(*opt) {
472: case 0: /* end of option */
473: return;
474: case 1: /* noop */
475: opt++;
476: optlen--;
477: continue;
478: default:
479: if (optlen < 2)
480: return;
481: if (opt[1] > optlen)
482: return;
483: if (opt[0] != 8) { /* not timestamp */
484: optlen -= opt[1];
485: opt += opt[1];
486: continue;
487: }
488: /* timestamp found */
489: if (opt[1] != 10) /* bad len */
490: return;
491: memcpy(&tstamp, opt+2, 4);
492: memcpy(&echo, opt+6, 4);
493: tstamp = ntohl(tstamp);
494: echo = ntohl(echo);
495: goto found;
496: }
497: }
498: found:
499: printf(" TCP timestamp: tcpts=%u\n", tstamp);
500: if (last_tstamp && !opt_waitinusec) {
501: int tsdiff = (tstamp - last_tstamp) / sending_wait;
502: int hz_set[] = { 2, 10, 100, 1000, 0 };
503: int hzdiff = -1;
504: int hz = 0, sec;
505: int days, hours, minutes;
506: if (tsdiff > 0) {
507: int i = 0;
508: while(hz_set[i]) {
509: if (hzdiff == -1) {
510: hzdiff = ABS(tsdiff-hz_set[i]);
511: hz = hz_set[i];
512: } else if (hzdiff > ABS(tsdiff-hz_set[i])) {
513: hzdiff = ABS(tsdiff-hz_set[i]);
514: hz = hz_set[i];
515: }
516: i++;
517: }
518: printf(" HZ seems hz=%d\n", hz);
519: sec = tstamp/hz; /* Get the uptime in seconds */
520: days = sec / (3600*24);
521: sec %= 3600*24;
522: hours = sec / 3600;
523: sec %= 3600;
524: minutes = sec / 60;
525: sec %= 60;
526: printf(" System uptime seems: %d days, %d hours, "
527: "%d minutes, %d seconds\n",
528: days, hours, minutes, sec);
529: }
530: }
531: printf("\n");
532: last_tstamp = tstamp;
533: }
534:
535: /* This function is exported to listen.c also */
536: int read_packet(void *packet, int size)
537: {
538: #if (!defined OSTYPE_LINUX) || (defined FORCE_LIBPCAP)
539: size = pcap_recv(packet, size);
540: if (size == -1)
541: perror("[wait_packet] pcap_recv()");
542: #else
543: size = recv(sockpacket, packet, size, 0);
544: if (size == -1) {
545: if (errno != EINTR)
546: perror("[wait_packet] recv");
547: else
548: return 0;
549: }
550: #endif
551: return size;
552: }
553:
554: void hex_dump(void *packet, int size)
555: {
556: unsigned char *byte = packet;
557: int count = 0;
558:
559: printf("\t\t");
560: for (; byte < (unsigned char*) (packet+size); byte++) {
561: count++;
562: printf("%02x", *byte);
563: if (count % 2 == 0) printf(" ");
564: if (count % 16 == 0) printf("\n\t\t");
565: }
566: printf("\n\n");
567: }
568:
569: void human_dump(void *packet, int size)
570: {
571: unsigned char *byte = packet;
572: int count = 0;
573:
574: printf("\t\t");
575: for (; byte < (unsigned char*) (packet+size); byte++) {
576: count ++;
577: if (isprint(*byte))
578: printf("%c", *byte);
579: else
580: printf(".");
581: if (count % 32 == 0) printf("\n\t\t");
582: }
583: printf("\n\n");
584: }
585:
586: void handle_hcmp(char *packet, int size)
587: {
588: char *p;
589: struct hcmphdr hcmph;
590: unsigned int seq;
591:
592: /* Search for the reverse signature inside the packet */
593: if ((p = memstr(packet, rsign, size)) == NULL)
594: return;
595:
596: if (opt_debug)
597: fprintf(stderr, "DEBUG: HCMP received\n");
598:
599: p+=strlen(rsign);
600: if ((size-(packet-p)) < sizeof(struct hcmphdr)) {
601: if (opt_verbose || opt_debug)
602: fprintf(stderr, "bad HCMP len received\n");
603: return;
604: }
605:
606: memcpy(&hcmph, p, sizeof(hcmph));
607:
608: switch(hcmph.type) {
609: case HCMP_RESTART:
610: seq = ntohs(hcmph.typedep.seqnum);
611: src_id = seq; /* set the id */
612: datafiller(NULL, seq); /* data seek */
613: if (opt_debug)
614: printf("DEBUG: HCMP restart from %d\n",
615: seq);
616: return;
617: case HCMP_SOURCE_QUENCH:
618: case HCMP_SOURCE_STIRUP:
619: printf("HCMP source quench/stirup received\n");
620: return;
621: default:
622: if (opt_verbose || opt_debug)
623: fprintf(stderr, "bad HCMP type received\n");
624: return;
625: }
626: }