123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216 |
- /*
- * ZMap Copyright 2013 Regents of the University of Michigan
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- */
- // probe module for performing ICMP echo request (ping) scans that allows calculation
- // of RTT
- #include <stdlib.h>
- #include <stdio.h>
- #include <stdint.h>
- #include <time.h>
- #include <unistd.h>
- #include <string.h>
- #include <sys/time.h>
- #include "../../lib/includes.h"
- #include "probe_modules.h"
- #include "../fieldset.h"
- #include "packet.h"
- #include "validate.h"
- #define ICMP_SMALLEST_SIZE 5
- #define ICMP_TIMXCEED_UNREACH_HEADER_SIZE 8
- probe_module_t module_icmp_echo_time;
- struct icmp_payload_for_rtt {
- uint32_t sent_tv_sec;
- uint32_t sent_tv_usec;
- ipaddr_n_t dst;
- };
- static int icmp_echo_init_perthread(void* buf, macaddr_t *src,
- macaddr_t *gw, __attribute__((unused)) port_h_t dst_port,
- __attribute__((unused)) void **arg_ptr)
- {
- memset(buf, 0, MAX_PACKET_SIZE);
- struct ether_header *eth_header = (struct ether_header *) buf;
- make_eth_header(eth_header, src, gw);
- struct ip *ip_header = (struct ip *) (ð_header[1]);
- uint16_t len = htons(sizeof(struct ip) + sizeof(struct icmp) - 8);
- make_ip_header(ip_header, IPPROTO_ICMP, len);
- struct icmp *icmp_header = (struct icmp*)(&ip_header[1]);
- make_icmp_header(icmp_header);
- return EXIT_SUCCESS;
- }
- static int icmp_echo_make_packet(void *buf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
- uint32_t *validation, __attribute__((unused)) int probe_num,
- __attribute__((unused)) void *arg)
- {
- struct ether_header *eth_header = (struct ether_header *) buf;
- struct ip *ip_header = (struct ip *)(ð_header[1]);
- struct icmp *icmp_header = (struct icmp*)(&ip_header[1]);
- struct icmp_payload_for_rtt *payload = (struct icmp_payload_for_rtt*)(((char *)icmp_header) + 8);
- uint16_t icmp_idnum = validation[2] & 0xFFFF;
- struct timeval tv;
- ip_header->ip_src.s_addr = src_ip;
- ip_header->ip_dst.s_addr = dst_ip;
- icmp_header->icmp_id = icmp_idnum;
- gettimeofday(&tv, NULL);
- payload->sent_tv_sec = tv.tv_sec;
- payload->sent_tv_usec = tv.tv_usec;
- payload->dst = dst_ip;
- icmp_header->icmp_cksum = 0;
- icmp_header->icmp_cksum = icmp_checksum((unsigned short *) icmp_header);
- ip_header->ip_sum = 0;
- ip_header->ip_sum = zmap_ip_checksum((unsigned short *) ip_header);
- return EXIT_SUCCESS;
- }
- static void icmp_echo_print_packet(FILE *fp, void* packet)
- {
- struct ether_header *ethh = (struct ether_header *) packet;
- struct ip *iph = (struct ip *) ðh[1];
- struct icmp *icmp_header = (struct icmp*) (&iph[1]);
- fprintf(fp, "icmp { type: %u | code: %u "
- "| checksum: %#04X | id: %u | seq: %u }\n",
- icmp_header->icmp_type,
- icmp_header->icmp_code,
- ntohs(icmp_header->icmp_cksum),
- ntohs(icmp_header->icmp_id),
- ntohs(icmp_header->icmp_seq));
- fprintf_ip_header(fp, iph);
- fprintf_eth_header(fp, ethh);
- fprintf(fp, "------------------------------------------------------\n");
- }
- static int icmp_validate_packet(const struct ip *ip_hdr,
- uint32_t len, uint32_t *src_ip, uint32_t *validation)
- {
- if (ip_hdr->ip_p != IPPROTO_ICMP) {
- return 0;
- }
- if (((uint32_t) 4 * ip_hdr->ip_hl + ICMP_SMALLEST_SIZE) > len) {
- // buffer not large enough to contain expected icmp header
- return 0;
- }
- struct icmp *icmp_h = (struct icmp *) ((char *) ip_hdr + 4*ip_hdr->ip_hl);
- uint16_t icmp_idnum = icmp_h->icmp_id;
- // ICMP validation is tricky: for some packet types, we must look inside
- // the payload
- if (icmp_h->icmp_type == ICMP_TIMXCEED || icmp_h->icmp_type == ICMP_UNREACH) {
- // Should have 16B TimeExceeded/Dest_Unreachable header + original IP header
- // + 1st 8B of original ICMP frame
- if ((4*ip_hdr->ip_hl + ICMP_TIMXCEED_UNREACH_HEADER_SIZE +
- sizeof(struct ip)) > len) {
- return 0;
- }
- struct ip *ip_inner = (struct ip *)(icmp_h + 1);
- if (((uint32_t) 4 * ip_hdr->ip_hl + ICMP_TIMXCEED_UNREACH_HEADER_SIZE +
- 4*ip_inner->ip_hl + 8 /*1st 8 bytes of original*/ ) > len) {
- return 0;
- }
- struct icmp *icmp_inner = (struct icmp *)((char *) ip_inner + 4*ip_hdr->ip_hl);
- // Regenerate validation and icmp id based off inner payload
- icmp_idnum = icmp_inner->icmp_id;
- *src_ip = ip_inner->ip_dst.s_addr;
- validate_gen(ip_hdr->ip_dst.s_addr, ip_inner->ip_dst.s_addr,
- (uint8_t *) validation);
- }
- return 1;
- }
- static void icmp_echo_process_packet(const u_char *packet,
- __attribute__((unused)) uint32_t len, fieldset_t *fs)
- {
- struct ip *ip_hdr = (struct ip *) &packet[sizeof(struct ether_header)];
- struct icmp *icmp_hdr = (struct icmp *) ((char *) ip_hdr + 4*ip_hdr->ip_hl);
- fs_add_uint64(fs, "type", icmp_hdr->icmp_type);
- fs_add_uint64(fs, "code", icmp_hdr->icmp_code);
- fs_add_uint64(fs, "icmp-id", ntohs(icmp_hdr->icmp_id));
- fs_add_uint64(fs, "seq", ntohs(icmp_hdr->icmp_seq));
- struct icmp_payload_for_rtt *payload = (struct icmp_payload_for_rtt *)(((char *)icmp_hdr) + 8);
- fs_add_uint64(fs, "sent-timestamp-ts", (uint64_t)payload->sent_tv_sec);
- fs_add_uint64(fs, "sent-timestamp-us", (uint64_t)payload->sent_tv_usec);
- fs_add_uint64(fs, "dst-raw", (uint64_t)payload->dst);
- switch (icmp_hdr->icmp_type) {
- case ICMP_ECHOREPLY:
- fs_add_string(fs, "classification", (char*) "echoreply", 0);
- fs_add_uint64(fs, "success", 1);
- break;
- case ICMP_UNREACH:
- fs_add_string(fs, "classification", (char*) "unreach", 0);
- fs_add_uint64(fs, "success", 0);
- break;
- case ICMP_SOURCEQUENCH:
- fs_add_string(fs, "classification", (char*) "sourcequench", 0);
- fs_add_uint64(fs, "success", 0);
- break;
- case ICMP_REDIRECT:
- fs_add_string(fs, "classification", (char*) "redirect", 0);
- fs_add_uint64(fs, "success", 0);
- break;
- case ICMP_TIMXCEED:
- fs_add_string(fs, "classification", (char*) "timxceed", 0);
- fs_add_uint64(fs, "success", 0);
- break;
- default:
- fs_add_string(fs, "classification", (char*) "other", 0);
- fs_add_uint64(fs, "success", 0);
- break;
- }
- }
- static fielddef_t fields[] = {
- {.name="type", .type="int", .desc="icmp message type"},
- {.name="code", .type="int", .desc="icmp message sub type code"},
- {.name="icmp-id", .type="int", .desc="icmp id number"},
- {.name="seq", .type="int", .desc="icmp sequence number"},
- {.name="sent-timestamp-ts", .type="int", .desc="timestamp of sent probe in seconds since Epoch"},
- {.name="sent-timestamp-us", .type="int", .desc="microsecond part of sent timestamp"},
- {.name="dst-raw", .type="int", .desc="raw destination IP address of sent probe"},
- {.name="classification", .type="string", .desc="probe module classification"},
- {.name="success", .type="int", .desc="did probe module classify response as success"}
- };
- probe_module_t module_icmp_echo_time = {
- .name = "icmp_echo_time",
- .packet_length = 62,
- .pcap_filter = "icmp and icmp[0]!=8",
- .pcap_snaplen = 96,
- .port_args = 0,
- .thread_initialize = &icmp_echo_init_perthread,
- .make_packet = &icmp_echo_make_packet,
- .print_packet = &icmp_echo_print_packet,
- .process_packet = &icmp_echo_process_packet,
- .validate_packet = &icmp_validate_packet,
- .close = NULL,
- .fields = fields,
- .numfields = 9};
|