aboutsummaryrefslogtreecommitdiffstats
path: root/libglouglou/libglouglou.h
blob: 04ee77900d1a77a0e8cd1f0dc13780d1ba771d15 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

#include <sys/types.h>
#include <event.h>
/* XXX for now lets use the default sys/queue.h
 * maybe in the future it will become a pain on linux because they ship
 * an old version of it, and i'll need to ship the BSD version
 * #include "contrib/queue.h"
 */
#include <sys/queue.h>

#define GLOUGLOU_PROBE_DEFAULT_PORT 4430
#define GLOUGLOU_ANALY_DEFAULT_PORT 4431

#define PACKET_VERSION 1
#define PACKET_BUFFER_SIZE 16384
#define GG_PKTARG_MAX 30

struct gg_packet {
#define PACKET_HEADER_SIZE 2
	u_int8_t	ver;
	u_int8_t	type;
/* XXX nicer way for _SIZE ... ? */
#define PACKET_TYPE_MIN 0x00
#define PACKET_TYPE_MAX 0x11
#define PACKET_NEWCONN 0x00
#define PACKET_NEWCONN_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.newconn)
#define PACKET_DELCONN 0x01
#define PACKET_DELCONN_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.delconn)
#define PACKET_DATA 0x02
#define PACKET_DATA_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.data)
#define PACKET_NAME 0x03
#define PACKET_NAME_SIZE ((PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.name) - GG_PKTARG_MAX)
#define PACKET_PROC_FORK 0x10
#define PACKET_PROC_FORK_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.proc.ev.fork)
#define PACKET_PROC_EXEC 0x11
#define PACKET_PROC_EXEC_SIZE ((PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.proc.ev.exec) - GG_PKTARG_MAX)

	union {
		struct newconn {
			u_int16_t	id;
			u_int32_t	src;
			u_int32_t	dst;
			u_int8_t	proto;
			u_int8_t	size;
		} newconn;
		struct delconn {
			u_int16_t	id;
		} delconn;
		struct data {
			u_int16_t	connid;
			u_int8_t	size;
		} data;
		struct name {
			u_int32_t	addr;
			u_int8_t	len;
			u_char		fqdn[GG_PKTARG_MAX];
		} name;
		struct proc {
		  u_int32_t pid;
      union {
        struct fork {
          u_int32_t ppid;
          u_int32_t cpid;
          u_int32_t tgid;
        } fork;
        struct exec {
          u_int8_t cmdlen;
          u_char   cmd[GG_PKTARG_MAX];
        } exec;
      } ev;
    } proc;
	} pdat;
#define newconn_id	pdat.newconn.id
#define newconn_src	pdat.newconn.src
#define newconn_dst	pdat.newconn.dst
#define newconn_proto	pdat.newconn.proto
#define newconn_size	pdat.newconn.size
#define delconn_id	pdat.delconn.id
#define data_connid	pdat.data.connid
#define data_size	pdat.data.size
#define name_addr	pdat.name.addr
#define name_len	pdat.name.len
#define name_fqdn	pdat.name.fqdn
#define proc_pid pdat.proc.pid
#define proc_fork_ppid pdat.proc.ev.fork.ppid
#define proc_fork_cpid pdat.proc.ev.fork.cpid
#define proc_fork_tgid pdat.proc.ev.fork.tgid
#define proc_exec_cmdlen pdat.proc.ev.exec.cmdlen
#define proc_exec_cmd pdat.proc.ev.exec.cmd
};

struct gg_user {
	LIST_ENTRY(gg_user)	entry;
  int id;
  struct sockaddr_in addr;
  char *buf[16384];
};

struct gg_server {
  const char *ip;
  int port;
  struct sockaddr_in addr;
  struct event *ev;
  int sock;
  int (*handle_conn)(struct gg_server *, struct gg_user *);
  int (*handle_packet)(struct gg_server *, struct gg_user *, struct gg_packet *);
  void *usrdata;
  LIST_HEAD(, gg_user)	user_list;
  int user_id_count;
};

struct gg_client {
  const char *ip;
  int port;
  struct sockaddr_in addr;
  struct event *ev;
  int sock;
  int status;
#define GG_CLIENT_STATUS_DISCONNECTED 0
#define GG_CLIENT_STATUS_CONNECTED 1
  int (*handle_conn)(struct gg_client *);
  int (*handle_packet)(struct gg_client *, struct gg_packet *);
  void *usrdata;
};


struct gg_server *gg_server_start(struct event_base *, char *, int,
                                  int (*handle_conn)(struct gg_server *, struct gg_user *),
                                  int (*handle_packet)(struct gg_server *, struct gg_user *, struct gg_packet *),
                                  void *);
int               gg_server_send(struct gg_server *, struct gg_packet *, struct gg_user *);
void              gg_server_stop(struct gg_server *);

struct gg_client *gg_client_connect(struct event_base *, char *, int,
                                    int (*handle_conn)(struct gg_client *),
                                    int (*handle_packet)(struct gg_client *, struct gg_packet *),
                                    void *);
int    gg_client_send(struct gg_client *, struct gg_packet *);
void   gg_client_disconnect(struct gg_client *);

void *xmalloc(size_t);
void *xcalloc(size_t, size_t);
void fd_nonblock(int);
void addrcpy(struct sockaddr_in *, struct sockaddr_in *);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.