diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2012-12-04 01:02:29 +0100 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2012-12-04 01:02:29 +0100 |
commit | 4b20c1c91aa0a6ad165f2fb81b90af0bb99f69ec (patch) | |
tree | 917b55583d2a977a3520271ffd9c4979a12f8122 | |
parent | explanation on libggnet (diff) | |
download | glouglou-4b20c1c91aa0a6ad165f2fb81b90af0bb99f69ec.tar.xz glouglou-4b20c1c91aa0a6ad165f2fb81b90af0bb99f69ec.zip |
work in progress on gg_sniff
-rw-r--r-- | gg_sniff/Makefile | 4 | ||||
-rw-r--r-- | gg_sniff/README.txt | 7 | ||||
-rw-r--r-- | gg_sniff/gg_sniff.c | 54 | ||||
-rw-r--r-- | gg_sniff/gg_sniff.h | 12 | ||||
-rw-r--r-- | gg_sniff/pcap.c | 41 |
5 files changed, 80 insertions, 38 deletions
diff --git a/gg_sniff/Makefile b/gg_sniff/Makefile index 1d93881..ad98c51 100644 --- a/gg_sniff/Makefile +++ b/gg_sniff/Makefile @@ -2,10 +2,10 @@ CFLAGS += $(shell pkg-config --cflags elementary evas ecore) LIBS += $(shell pkg-config --libs elementary evas ecore) CFLAGS += -Wall -O2 -BINARY=gg_sniff +BINARY = gg_sniff USER = _gg_sniff -PREFIX=/usr/local +PREFIX = /usr/local BINDIR=$(PREFIX)/bin $(BINARY): $(BINARY).o diff --git a/gg_sniff/README.txt b/gg_sniff/README.txt index dcf42e1..4f320cd 100644 --- a/gg_sniff/README.txt +++ b/gg_sniff/README.txt @@ -35,3 +35,10 @@ Note that gg_sniff activates extra protections on libpcap file descriptor, by setting it to readonly, for now on OpenBSD only. It does so by reimplementing some of libpcap functions, see pcap.c my_pcap_open_live() + +Limitations +=========== + +If your dns server changes during gg_sniff execution, gg_sniff will keep using +the old ones. +The only fix is to restart the gg_sniff process. diff --git a/gg_sniff/gg_sniff.c b/gg_sniff/gg_sniff.c index 1084b90..c07a1f4 100644 --- a/gg_sniff/gg_sniff.c +++ b/gg_sniff/gg_sniff.c @@ -18,14 +18,15 @@ #include <string.h> #include <libglouglou.h> +#include <libggnet.h> +#include "gg_sniff.h" + #if defined(__OpenBSD__) #include "pcap-int.h" #endif #define GG_SNIFF_USER "_gg_sniff" -int net_socket; - #if defined(__OpenBSD__) void __dead #else @@ -33,11 +34,10 @@ void #endif usage(void) { - extern char *__progname; + extern char *__progname; - fprintf(stderr, "usage: %s [-hv]", - __progname); - exit(1); + fprintf(stderr, "usage: %s [-hv]", __progname); + exit(1); } static void @@ -52,14 +52,12 @@ int main(int argc, char **argv) { struct event_base *ev_base; - struct sockaddr_in sock_addr; + struct ggnet *net; struct event ev_sigint, ev_sigterm, ev_sigchld, ev_sighup; - char errbuf[PCAP_ERRBUF_SIZE]; - struct bpf_program bprog; - pcap_t *pcap; - int loglevel = 0; - int op; - int sock_on = 1; + int pcap_init = 0; + int sniff_init = 0; + int loglevel = 0; + int op; if (geteuid() != 0) errx(1, "must be root"); @@ -82,11 +80,18 @@ main(int argc, char **argv) ev_base = event_base_new(); + net = ggnet_new(); + if (!net) + goto quit; ggcli = gg_client_connect(); - - ggsniff_pcap_init(); - - ggsniff_dns_init(); + if (!ggcli) + goto quit; + pcap_init = ggsniff_pcap_init(ev_base); + if (!pcap_init) + goto quit; + sniff_init = ggsniff_dns_init(ev_base); + if (!sniff_init) + goto quit; signal_set(&ev_sigint, SIGINT, sig_handler, NULL); signal_set(&ev_sigterm, SIGTERM, sig_handler, NULL); @@ -103,10 +108,19 @@ main(int argc, char **argv) log_info("entering event loop"); event_base_dispatch(ev_base); - ggsniff_dns_shutdown(); - ggsniff_pcap_shutdown(); - gg_client_disconnect(ggcli); +quit: + if (dns_init) + ggsniff_dns_shutdown(); + if (sniff_init) + ggsniff_pcap_shutdown(); + if (ggcli) + gg_client_disconnect(ggcli); + if (net) + ggnet_free(net); log_info("exiting"); + + gg_log_shutdown(); + exit(0); } diff --git a/gg_sniff/gg_sniff.h b/gg_sniff/gg_sniff.h index bbb9f10..da8c822 100644 --- a/gg_sniff/gg_sniff.h +++ b/gg_sniff/gg_sniff.h @@ -1,12 +1,10 @@ -/* gg_sniff.c */ - /* pcap.c */ -void ggsniff_pcap_init(); -void ggsniff_pcap_shutdown(); +void ggsniff_pcap_init(struct event_base *); +void ggsniff_pcap_shutdown(void); /* dns.c */ -void ggsniff_dns_init(); -void ggsniff_dns_shutdown(); - +void ggsniff_dns_init(struct event_base *); +void ggsniff_dns_shutdown(void); +int ggsniff_resolv(char *name, void (*cb)(char *name, char *ip)); diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c index b13a486..4a2d6fb 100644 --- a/gg_sniff/pcap.c +++ b/gg_sniff/pcap.c @@ -4,20 +4,43 @@ #define PCAP_COUNT 20 #define PCAP_TO 300 -static pcap_t * -ggsniff_pcap_init(void) +static pcap_t *my_pcap_open_live(const char *, int, int, int, + char *, u_int, u_int) + +static pcap_t *_pcap; +static struct event *_pcap_ev; + +int +ggsniff_pcap_init(struct event_base *ev_base) { + char errbuf[PCAP_ERRBUF_SIZE]; + struct bpf_program bprog; + int pcap_fd; + pcap = my_pcap_open_live(PCAP_INTERFACE, PCAP_SNAPLEN, 1, PCAP_TO, errbuf, -1, 0); if (pcap == NULL) - fatal("capture: pcap_open_live failed on interface %s\n" - "with snaplen %d : %s", - PCAP_INTERFACE, PCAP_SNAPLEN, errbuf); + gg_log_fatal("capture: pcap_open_live failed on interface %s\n" + "with snaplen %d : %s", + PCAP_INTERFACE, PCAP_SNAPLEN, errbuf); if (pcap_compile(pcap, &bprog, PCAP_FILTER, 0, 0) < 0) - fatal("capture: pcap_compile failed with filter %s : %s", - PCAP_FILTER, pcap_geterr(pcap)); + gg_log_fatal("capture: pcap_compile failed with filter %s : %s", + PCAP_FILTER, pcap_geterr(pcap)); if (pcap_setfilter(pcap, &bprog) < 0) - fatal("capture: pcap_setfilter failed : %s", - pcap_geterr(pcap)); + gg_log_fatal("capture: pcap_setfilter failed : %s", + pcap_geterr(pcap)); + pcap_fd = pcap_fileno(_pcap); + + _pcap_ev = event_new(ev_base, pcap_fd, EV_READ|EV_PERSIST, cb_pcap, NULL); + event_add(_pcap_ev, NULL); + + return 1; +} + +void +ggsniff_pcap_shutdown(void) +{ + event_del(_pcap_ev); + pcap_close(_pcap); } /* |