-
Notifications
You must be signed in to change notification settings - Fork 0
/
packet_snifferd.c
217 lines (171 loc) · 6.02 KB
/
packet_snifferd.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <pthread.h>
#include <signal.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <net/ethernet.h>
#include <unistd.h>
#include <glib.h>
#include <dbus/dbus-glib.h>
#include <dbus/dbus.h>
#include "config.h"
#include "statistic.h"
#include "packet_snifferd.h"
/* MTU is long enough to accomodate packets of
major link layer protocols (ethernet, wlan...) */
#define MTU 5000
#define MAX_FILTER_SIZE 200
static bool set_interface_mask(char *);
static bool update_iface(char *);
static void* listen_cli(void *);
static void terminate(int);
static int socket_fd;
static struct config *conf;
static DBusConnection *connection;
/* Terminate cleanly */
static void terminate(int status){
if (socket_fd) close(socket_fd);
if (conf != NULL) config_dispose(conf); free(conf);
if (connection != NULL) dbus_connection_flush(connection);
exit(status);
}
/* Terminate on SIGTERM */
void sig_term_handler(int sig_num){
printf ("SIGTERM recieved, stopping daemon gracefully\n");
terminate (0);
}
/* Reload configuration on SIGHUP */
void sig_hup_handler(int sig_num){
if (conf != NULL) {
config_dispose(conf);
free(conf);
}
conf = get_config();
printf ("Configuration reloaded after recieving SIGHUP");
}
/* Packet sniffer daemon. */
int main(void){
signal (SIGTERM, sig_term_handler);
signal (SIGHUP, sig_hup_handler);
signal (SIGINT, sig_term_handler);
// Open socket for receiving ip packets
socket_fd = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
if (socket_fd == -1){
perror ("[DAEMON] fatal: PACKET socket creation");
fprintf (stderr, "[DAEMON] Ensure daemon is run with superuser privileges\n");
return 1;
}
// Read configuration file to determine interface to sniff on
conf = get_config();
if (!set_interface_mask(conf->if_name)){
fprintf (stderr, "[DAEMON] fatal: can't bind to interface set in config file\n");
return 1;
}
// Connect to database to be able to store statistics
connect_to_db();
// Spawn thread which will receive signals from controlling cli
pthread_t signaller;
pthread_create (&signaller, NULL, listen_cli, NULL);
char frame_buffer[MTU];
struct sockaddr_ll packet_frame_info;
int packet_frame_info_len = sizeof packet_frame_info;
while (1) {
int received_bytes = recvfrom(socket_fd, frame_buffer, sizeof(frame_buffer), 0,
(struct sockaddr *) &packet_frame_info, &packet_frame_info_len);
if (received_bytes == -1){
perror ("Receiving packet from socket");
}
// We are interested in only incoming packets
if (packet_frame_info.sll_pkttype != PACKET_HOST)
continue;
struct iphdr *header = (struct iphdr *) frame_buffer;
struct in_addr source_addr, dest_addr;
source_addr.s_addr = header->saddr;
dest_addr.s_addr = header->daddr;
add_entry(inet_ntoa(source_addr), conf->if_name);
}
return 0;
}
/* Instructs socket to intercept only packets from particular interface */
static bool set_interface_mask(char *if_name){
printf ("[DAEMON] Directing sniffer on '%s' interface\n", if_name);
int if_index = if_nametoindex(if_name);
if (if_index == 0){
fprintf (stderr, "[DAEMON] No such device in the system %s\n", if_name);
return false;
}
struct sockaddr_ll if_mask;
memset(&if_mask, 0, sizeof if_mask);
if_mask.sll_protocol = htons(ETH_P_ALL);
if_mask.sll_ifindex = if_index;
if_mask.sll_family = AF_PACKET;
int ret = bind (socket_fd,
(const struct sockaddr *) &if_mask, sizeof if_mask);
if (ret == -1){
perror("[DAEMON] Binding socket to interface");
return false;
}
return true;
}
static bool update_iface(char *if_name){
if (!set_interface_mask(if_name))
return false;
free(conf->if_name);
conf->if_name = strdup(if_name);
return true;
}
static DBusHandlerResult message_receiver(DBusConnection *connection,
DBusMessage *message, void *aux){
GMainLoop *main_loop = aux;
DBusError error;
if (dbus_message_is_method_call(message, CHANGE_IFACE_INTERFACE, CHANGE_IFACE_METHOD)){
dbus_error_init (&error);
char *iface_name;
if (!dbus_message_get_args (message, &error, DBUS_TYPE_STRING,
&iface_name, DBUS_TYPE_INVALID)){
fprintf (stderr, "[DAEMON] Can't get argument of dbus method call\n");
dbus_error_free (&error);
} else {
if (!update_iface(iface_name)){
fprintf (stderr, "[DAEMON] No iterface with name %s\n", iface_name);
}
}
} else if (dbus_message_is_method_call(message, STOP_INTERFACE, STOP_METHOD)){
printf ("Terminating");
terminate(0);
}
return DBUS_HANDLER_RESULT_HANDLED;
}
/* Listen for dbus messages from controlling cli */
static void* listen_cli(void *data){
GMainLoop *loop;
DBusError error;
loop = g_main_loop_new (NULL, FALSE);
dbus_error_init (&error);
connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
if (connection == NULL) {
fprintf (stderr, "[DAEMON] fatal: Unable to acquire session bus: %s\n",
error.message);
dbus_error_free (&error);
exit(1);
}
dbus_bus_request_name(connection, SNIFFERD_DEST, 0, &error);
if (dbus_error_is_set(&error)){
fprintf (stderr, "[DAEMON] fatal: Name error %s\n", error.message);
dbus_error_free (&error);
exit(1);
}
dbus_connection_setup_with_g_main (connection, NULL);
dbus_connection_flush(connection);
dbus_connection_add_filter (connection, message_receiver, loop, NULL);
g_main_loop_run (loop);
return NULL;
}