123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 |
- /*
- * ZMap Copyright 2013 Regents of the University of Michigan
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- */
- #include "recv.h"
- #include <assert.h>
- #include "../lib/includes.h"
- #include "../lib/logger.h"
- #include "../lib/pbm.h"
- #include <pthread.h>
- #include <unistd.h>
- #include "recv-internal.h"
- #include "state.h"
- #include "validate.h"
- #include "fieldset.h"
- #include "expression.h"
- #include "probe_modules/probe_modules.h"
- #include "output_modules/output_modules.h"
- static u_char fake_eth_hdr[65535];
- // bitmap of observed IP addresses
- static uint8_t **seen = NULL;
- void handle_packet(uint32_t buflen, const u_char *bytes) {
- if ((sizeof(struct ip) + (zconf.send_ip_pkts ? 0 : sizeof(struct ether_header))) > buflen) {
- // buffer not large enough to contain ethernet
- // and ip headers. further action would overrun buf
- return;
- }
- struct ip *ip_hdr = (struct ip *) &bytes[(zconf.send_ip_pkts ? 0 : sizeof(struct ether_header))];
- uint32_t src_ip = ip_hdr->ip_src.s_addr;
- uint32_t validation[VALIDATE_BYTES/sizeof(uint8_t)];
- // TODO: for TTL exceeded messages, ip_hdr->saddr is going to be different
- // and we must calculate off potential payload message instead
- validate_gen(ip_hdr->ip_dst.s_addr, ip_hdr->ip_src.s_addr, (uint8_t *) validation);
- if (!zconf.probe_module->validate_packet(ip_hdr, buflen - (zconf.send_ip_pkts ? 0 : sizeof(struct ether_header)),
- &src_ip, validation)) {
- return;
- }
- int is_repeat = pbm_check(seen, ntohl(src_ip));
- fieldset_t *fs = fs_new_fieldset();
- fs_add_ip_fields(fs, ip_hdr);
- // HACK:
- // probe modules (for whatever reason) expect the full ethernet frame
- // in process_packet. For VPN, we only get back an IP frame.
- // Here, we fake an ethernet frame (which is initialized to
- // have ETH_P_IP proto and 00s for dest/src).
- if (zconf.send_ip_pkts) {
- if (buflen > sizeof(fake_eth_hdr)) {
- buflen = sizeof(fake_eth_hdr);
- }
- memcpy(&fake_eth_hdr[sizeof(struct ether_header)], bytes, buflen);
- bytes = fake_eth_hdr;
- }
- zconf.probe_module->process_packet(bytes, buflen, fs);
- fs_add_system_fields(fs, is_repeat, zsend.complete);
- int success_index = zconf.fsconf.success_index;
- assert(success_index < fs->len);
- int is_success = fs_get_uint64_by_index(fs, success_index);
- if (is_success) {
- zrecv.success_total++;
- if (!is_repeat) {
- zrecv.success_unique++;
- pbm_set(seen, ntohl(src_ip));
- }
- if (zsend.complete) {
- zrecv.cooldown_total++;
- if (!is_repeat) {
- zrecv.cooldown_unique++;
- }
- }
- } else {
- zrecv.failure_total++;
- }
- // probe module includes app_success field
- if (zconf.fsconf.app_success_index >= 0) {
- int is_app_success = fs_get_uint64_by_index(fs,
- zconf.fsconf.app_success_index);
- if (is_app_success) {
- zrecv.app_success_total++;
- if (!is_repeat) {
- zrecv.app_success_unique++;
- }
- }
- }
- fieldset_t *o = NULL;
- // we need to translate the data provided by the probe module
- // into a fieldset that can be used by the output module
- if (!is_success && zconf.filter_unsuccessful) {
- goto cleanup;
- }
- if (is_repeat && zconf.filter_duplicates) {
- goto cleanup;
- }
- if (!evaluate_expression(zconf.filter.expression, fs)) {
- goto cleanup;
- }
- o = translate_fieldset(fs, &zconf.fsconf.translation);
- if (zconf.output_module && zconf.output_module->process_ip) {
- zconf.output_module->process_ip(o);
- }
- cleanup:
- fs_free(fs);
- free(o);
- if (zconf.output_module && zconf.output_module->update
- && !(zrecv.success_unique % zconf.output_module->update_interval)) {
- zconf.output_module->update(&zconf, &zsend, &zrecv);
- }
- }
- int recv_run(pthread_mutex_t *recv_ready_mutex)
- {
- log_trace("recv", "recv thread started");
- log_debug("recv", "capturing responses on %s", zconf.iface);
- if (!zconf.dryrun) {
- recv_init();
- }
- if (zconf.send_ip_pkts) {
- struct ether_header *eth = (struct ether_header *) fake_eth_hdr;
- memset(fake_eth_hdr, 0, sizeof(fake_eth_hdr));
- eth->ether_type = htons(ETHERTYPE_IP);
- }
- // initialize paged bitmap
- seen = pbm_init();
- if (zconf.filter_duplicates) {
- log_debug("recv", "duplicate responses will be excluded from output");
- } else {
- log_debug("recv", "duplicate responses will be included in output");
- }
- if (zconf.filter_unsuccessful) {
- log_debug("recv", "unsuccessful responses will be excluded from output");
- } else {
- log_debug("recv", "unsuccessful responses will be included in output");
- }
- pthread_mutex_lock(recv_ready_mutex);
- zconf.recv_ready = 1;
- pthread_mutex_unlock(recv_ready_mutex);
- zrecv.start = now();
- if (zconf.max_results == 0) {
- zconf.max_results = -1;
- }
- do {
- if (zconf.dryrun) {
- sleep(1);
- } else {
- recv_packets();
- if (zconf.max_results && zrecv.success_unique >= zconf.max_results) {
- break;
- }
- }
- } while (!(zsend.complete && (now()-zsend.finish > zconf.cooldown_secs)));
- zrecv.finish = now();
- // get final pcap statistics before closing
- recv_update_stats();
- if (!zconf.dryrun) {
- pthread_mutex_lock(recv_ready_mutex);
- recv_cleanup();
- pthread_mutex_unlock(recv_ready_mutex);
- }
- zrecv.complete = 1;
- log_debug("recv", "thread finished");
- return 0;
- }
|