Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <unistd.h>
  4. #include <string.h>
  5. #include <stdarg.h>
  6. #include <errno.h>
  7. #include <fcntl.h>
  8. #include <libgen.h>
  9. #include <signal.h>
  10. #include <net/if.h>
  11. #include <net/ethernet.h>
  12. #include <sys/select.h>
  13. #include <sys/socket.h>
  14. #include <sys/stat.h>
  15. #include <sys/un.h>
  16. #include <syslog.h>
  17. #include <getopt.h>
  18. #include <pcap.h>
  19. #define SNAPLEN 1600
  20. /*
  21. * FIXME: is there a way to detect the version of the libpcap library?
  22. * Version 0.9 has pcap_inject; version 0.8 doesn't, but both report
  23. * their version number as 2.4.
  24. */
  25. #define HAVE_PCAP_INJECT 0
  26. struct hijack {
  27. pcap_t *pcap;
  28. int fd;
  29. int datalink;
  30. int filtered;
  31. unsigned long rx_count;
  32. unsigned long tx_count;
  33. };
  34. struct hijack_listener {
  35. struct sockaddr_un sun;
  36. int fd;
  37. };
  38. struct hijack_options {
  39. char interface[IF_NAMESIZE];
  40. int daemonise;
  41. };
  42. static int daemonised = 0;
  43. static int signalled = 0;
  44. static void flag_signalled ( int signal __attribute__ (( unused )) ) {
  45. signalled = 1;
  46. }
  47. #if ! HAVE_PCAP_INJECT
  48. /**
  49. * Substitute for pcap_inject(), if this version of libpcap doesn't
  50. * have it. Will almost certainly only work under Linux.
  51. *
  52. */
  53. int pcap_inject ( pcap_t *pcap, const void *data, size_t len ) {
  54. int fd;
  55. char *errbuf = pcap_geterr ( pcap );
  56. fd = pcap_get_selectable_fd ( pcap );
  57. if ( fd < 0 ) {
  58. snprintf ( errbuf, PCAP_ERRBUF_SIZE,
  59. "could not get file descriptor" );
  60. return -1;
  61. }
  62. if ( write ( fd, data, len ) != len ) {
  63. snprintf ( errbuf, PCAP_ERRBUF_SIZE,
  64. "could not write data: %s", strerror ( errno ) );
  65. return -1;
  66. }
  67. return len;
  68. }
  69. #endif /* ! HAVE_PCAP_INJECT */
  70. /**
  71. * Log error message
  72. *
  73. */
  74. static __attribute__ (( format ( printf, 2, 3 ) )) void
  75. logmsg ( int level, const char *format, ... ) {
  76. va_list ap;
  77. va_start ( ap, format );
  78. if ( daemonised ) {
  79. vsyslog ( ( LOG_DAEMON | level ), format, ap );
  80. } else {
  81. vfprintf ( stderr, format, ap );
  82. }
  83. va_end ( ap );
  84. }
  85. /**
  86. * Open pcap device
  87. *
  88. */
  89. static int hijack_open ( const char *interface, struct hijack *hijack ) {
  90. char errbuf[PCAP_ERRBUF_SIZE];
  91. /* Open interface via pcap */
  92. errbuf[0] = '\0';
  93. hijack->pcap = pcap_open_live ( interface, SNAPLEN, 1, 0, errbuf );
  94. if ( ! hijack->pcap ) {
  95. logmsg ( LOG_ERR, "Failed to open %s: %s\n",
  96. interface, errbuf );
  97. goto err;
  98. }
  99. if ( errbuf[0] )
  100. logmsg ( LOG_WARNING, "Warning: %s\n", errbuf );
  101. /* Set capture interface to non-blocking mode */
  102. if ( pcap_setnonblock ( hijack->pcap, 1, errbuf ) < 0 ) {
  103. logmsg ( LOG_ERR, "Could not make %s non-blocking: %s\n",
  104. interface, errbuf );
  105. goto err;
  106. }
  107. /* Get file descriptor for select() */
  108. hijack->fd = pcap_get_selectable_fd ( hijack->pcap );
  109. if ( hijack->fd < 0 ) {
  110. logmsg ( LOG_ERR, "Cannot get selectable file descriptor "
  111. "for %s\n", interface );
  112. goto err;
  113. }
  114. /* Get link layer type */
  115. hijack->datalink = pcap_datalink ( hijack->pcap );
  116. return 0;
  117. err:
  118. if ( hijack->pcap )
  119. pcap_close ( hijack->pcap );
  120. return -1;
  121. }
  122. /**
  123. * Close pcap device
  124. *
  125. */
  126. static void hijack_close ( struct hijack *hijack ) {
  127. pcap_close ( hijack->pcap );
  128. }
  129. /**
  130. * Install filter for hijacked connection
  131. *
  132. */
  133. static int hijack_install_filter ( struct hijack *hijack,
  134. char *filter ) {
  135. struct bpf_program program;
  136. /* Compile filter */
  137. if ( pcap_compile ( hijack->pcap, &program, filter, 1, 0 ) < 0 ) {
  138. logmsg ( LOG_ERR, "could not compile filter \"%s\": %s\n",
  139. filter, pcap_geterr ( hijack->pcap ) );
  140. goto err_nofree;
  141. }
  142. /* Install filter */
  143. if ( pcap_setfilter ( hijack->pcap, &program ) < 0 ) {
  144. logmsg ( LOG_ERR, "could not install filter \"%s\": %s\n",
  145. filter, pcap_geterr ( hijack->pcap ) );
  146. goto err;
  147. }
  148. logmsg ( LOG_INFO, "using filter \"%s\"\n", filter );
  149. pcap_freecode ( &program );
  150. return 0;
  151. err:
  152. pcap_freecode ( &program );
  153. err_nofree:
  154. return -1;
  155. }
  156. /**
  157. * Set up filter for hijacked ethernet connection
  158. *
  159. */
  160. static int hijack_filter_ethernet ( struct hijack *hijack, const char *buf,
  161. size_t len ) {
  162. char filter[55]; /* see format string */
  163. struct ether_header *ether_header = ( struct ether_header * ) buf;
  164. unsigned char *hwaddr = ether_header->ether_shost;
  165. if ( len < sizeof ( *ether_header ) )
  166. return -1;
  167. snprintf ( filter, sizeof ( filter ), "broadcast or multicast or "
  168. "ether host %02x:%02x:%02x:%02x:%02x:%02x", hwaddr[0],
  169. hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5] );
  170. return hijack_install_filter ( hijack, filter );
  171. }
  172. /**
  173. * Set up filter for hijacked connection
  174. *
  175. */
  176. static int hijack_filter ( struct hijack *hijack, const char *buf,
  177. size_t len ) {
  178. switch ( hijack->datalink ) {
  179. case DLT_EN10MB:
  180. return hijack_filter_ethernet ( hijack, buf, len );
  181. default:
  182. logmsg ( LOG_ERR, "unsupported protocol %s: cannot filter\n",
  183. ( pcap_datalink_val_to_name ( hijack->datalink ) ?
  184. pcap_datalink_val_to_name ( hijack->datalink ) :
  185. "UNKNOWN" ) );
  186. /* Return success so we don't get called again */
  187. return 0;
  188. }
  189. }
  190. /**
  191. * Forward data from hijacker
  192. *
  193. */
  194. static ssize_t forward_from_hijacker ( struct hijack *hijack, int fd ) {
  195. char buf[SNAPLEN];
  196. ssize_t len;
  197. /* Read packet from hijacker */
  198. len = read ( fd, buf, sizeof ( buf ) );
  199. if ( len < 0 ) {
  200. logmsg ( LOG_ERR, "read from hijacker failed: %s\n",
  201. strerror ( errno ) );
  202. return -1;
  203. }
  204. if ( len == 0 )
  205. return 0;
  206. /* Set up filter if not already in place */
  207. if ( ! hijack->filtered ) {
  208. if ( hijack_filter ( hijack, buf, len ) == 0 )
  209. hijack->filtered = 1;
  210. }
  211. /* Transmit packet to network */
  212. if ( pcap_inject ( hijack->pcap, buf, len ) != len ) {
  213. logmsg ( LOG_ERR, "write to hijacked port failed: %s\n",
  214. pcap_geterr ( hijack->pcap ) );
  215. return -1;
  216. }
  217. hijack->tx_count++;
  218. return len;
  219. };
  220. /**
  221. * Forward data to hijacker
  222. *
  223. */
  224. static ssize_t forward_to_hijacker ( int fd, struct hijack *hijack ) {
  225. struct pcap_pkthdr *pkt_header;
  226. const unsigned char *pkt_data;
  227. ssize_t len;
  228. /* Receive packet from network */
  229. if ( pcap_next_ex ( hijack->pcap, &pkt_header, &pkt_data ) < 0 ) {
  230. logmsg ( LOG_ERR, "read from hijacked port failed: %s\n",
  231. pcap_geterr ( hijack->pcap ) );
  232. return -1;
  233. }
  234. if ( pkt_header->caplen != pkt_header->len ) {
  235. logmsg ( LOG_ERR, "read partial packet (%d of %d bytes)\n",
  236. pkt_header->caplen, pkt_header->len );
  237. return -1;
  238. }
  239. if ( pkt_header->caplen == 0 )
  240. return 0;
  241. len = pkt_header->caplen;
  242. /* Write packet to hijacker */
  243. if ( write ( fd, pkt_data, len ) != len ) {
  244. logmsg ( LOG_ERR, "write to hijacker failed: %s\n",
  245. strerror ( errno ) );
  246. return -1;
  247. }
  248. hijack->rx_count++;
  249. return len;
  250. };
  251. /**
  252. * Run hijacker
  253. *
  254. */
  255. static int run_hijacker ( const char *interface, int fd ) {
  256. struct hijack hijack;
  257. fd_set fdset;
  258. int max_fd;
  259. ssize_t len;
  260. logmsg ( LOG_INFO, "new connection for %s\n", interface );
  261. /* Open connection to network */
  262. memset ( &hijack, 0, sizeof ( hijack ) );
  263. if ( hijack_open ( interface, &hijack ) < 0 )
  264. goto err;
  265. /* Do the forwarding */
  266. max_fd = ( ( fd > hijack.fd ) ? fd : hijack.fd );
  267. while ( 1 ) {
  268. /* Wait for available data */
  269. FD_ZERO ( &fdset );
  270. FD_SET ( fd, &fdset );
  271. FD_SET ( hijack.fd, &fdset );
  272. if ( select ( ( max_fd + 1 ), &fdset, NULL, NULL, 0 ) < 0 ) {
  273. logmsg ( LOG_ERR, "select failed: %s\n",
  274. strerror ( errno ) );
  275. goto err;
  276. }
  277. if ( FD_ISSET ( fd, &fdset ) ) {
  278. len = forward_from_hijacker ( &hijack, fd );
  279. if ( len < 0 )
  280. goto err;
  281. if ( len == 0 )
  282. break;
  283. }
  284. if ( FD_ISSET ( hijack.fd, &fdset ) ) {
  285. len = forward_to_hijacker ( fd, &hijack );
  286. if ( len < 0 )
  287. goto err;
  288. if ( len == 0 )
  289. break;
  290. }
  291. }
  292. hijack_close ( &hijack );
  293. logmsg ( LOG_INFO, "closed connection for %s\n", interface );
  294. logmsg ( LOG_INFO, "received %ld packets, sent %ld packets\n",
  295. hijack.rx_count, hijack.tx_count );
  296. return 0;
  297. err:
  298. if ( hijack.pcap )
  299. hijack_close ( &hijack );
  300. return -1;
  301. }
  302. /**
  303. * Open listener socket
  304. *
  305. */
  306. static int open_listener ( const char *interface,
  307. struct hijack_listener *listener ) {
  308. /* Create socket */
  309. listener->fd = socket ( PF_UNIX, SOCK_SEQPACKET, 0 );
  310. if ( listener->fd < 0 ) {
  311. logmsg ( LOG_ERR, "Could not create socket: %s\n",
  312. strerror ( errno ) );
  313. goto err;
  314. }
  315. /* Bind to local filename */
  316. listener->sun.sun_family = AF_UNIX,
  317. snprintf ( listener->sun.sun_path, sizeof ( listener->sun.sun_path ),
  318. "/var/run/hijack-%s", interface );
  319. if ( bind ( listener->fd, ( struct sockaddr * ) &listener->sun,
  320. sizeof ( listener->sun ) ) < 0 ) {
  321. logmsg ( LOG_ERR, "Could not bind socket to %s: %s\n",
  322. listener->sun.sun_path, strerror ( errno ) );
  323. goto err;
  324. }
  325. /* Set as a listening socket */
  326. if ( listen ( listener->fd, 0 ) < 0 ) {
  327. logmsg ( LOG_ERR, "Could not listen to %s: %s\n",
  328. listener->sun.sun_path, strerror ( errno ) );
  329. goto err;
  330. }
  331. return 0;
  332. err:
  333. if ( listener->fd >= 0 )
  334. close ( listener->fd );
  335. return -1;
  336. }
  337. /**
  338. * Listen on listener socket
  339. *
  340. */
  341. static int listen_for_hijackers ( struct hijack_listener *listener,
  342. const char *interface ) {
  343. int fd;
  344. pid_t child;
  345. int rc;
  346. logmsg ( LOG_INFO, "Listening on %s\n", listener->sun.sun_path );
  347. while ( ! signalled ) {
  348. /* Accept new connection, interruptibly */
  349. siginterrupt ( SIGINT, 1 );
  350. siginterrupt ( SIGHUP, 1 );
  351. fd = accept ( listener->fd, NULL, 0 );
  352. siginterrupt ( SIGINT, 0 );
  353. siginterrupt ( SIGHUP, 0 );
  354. if ( fd < 0 ) {
  355. if ( errno == EINTR ) {
  356. continue;
  357. } else {
  358. logmsg ( LOG_ERR, "accept failed: %s\n",
  359. strerror ( errno ) );
  360. goto err;
  361. }
  362. }
  363. /* Fork child process */
  364. child = fork();
  365. if ( child < 0 ) {
  366. logmsg ( LOG_ERR, "fork failed: %s\n",
  367. strerror ( errno ) );
  368. goto err;
  369. }
  370. if ( child == 0 ) {
  371. /* I am the child; run the hijacker */
  372. rc = run_hijacker ( interface, fd );
  373. close ( fd );
  374. exit ( rc );
  375. }
  376. close ( fd );
  377. }
  378. logmsg ( LOG_INFO, "Stopped listening on %s\n",
  379. listener->sun.sun_path );
  380. return 0;
  381. err:
  382. if ( fd >= 0 )
  383. close ( fd );
  384. return -1;
  385. }
  386. /**
  387. * Close listener socket
  388. *
  389. */
  390. static void close_listener ( struct hijack_listener *listener ) {
  391. close ( listener->fd );
  392. unlink ( listener->sun.sun_path );
  393. }
  394. /**
  395. * Print usage
  396. *
  397. */
  398. static void usage ( char **argv ) {
  399. logmsg ( LOG_ERR,
  400. "Usage: %s [options]\n"
  401. "\n"
  402. "Options:\n"
  403. " -h|--help Print this help message\n"
  404. " -i|--interface intf Use specified network interface\n"
  405. " -n|--nodaemon Run in foreground\n",
  406. argv[0] );
  407. }
  408. /**
  409. * Parse command-line options
  410. *
  411. */
  412. static int parse_options ( int argc, char **argv,
  413. struct hijack_options *options ) {
  414. static struct option long_options[] = {
  415. { "interface", 1, NULL, 'i' },
  416. { "nodaemon", 0, NULL, 'n' },
  417. { "help", 0, NULL, 'h' },
  418. { },
  419. };
  420. int c;
  421. /* Set default options */
  422. memset ( options, 0, sizeof ( *options ) );
  423. strncpy ( options->interface, "eth0", sizeof ( options->interface ) );
  424. options->daemonise = 1;
  425. /* Parse command-line options */
  426. while ( 1 ) {
  427. int option_index = 0;
  428. c = getopt_long ( argc, argv, "i:hn", long_options,
  429. &option_index );
  430. if ( c < 0 )
  431. break;
  432. switch ( c ) {
  433. case 'i':
  434. strncpy ( options->interface, optarg,
  435. sizeof ( options->interface ) );
  436. break;
  437. case 'n':
  438. options->daemonise = 0;
  439. break;
  440. case 'h':
  441. usage( argv );
  442. return -1;
  443. case '?':
  444. /* Unrecognised option */
  445. return -1;
  446. default:
  447. logmsg ( LOG_ERR, "Unrecognised option '-%c'\n", c );
  448. return -1;
  449. }
  450. }
  451. /* Check there's nothing left over on the command line */
  452. if ( optind != argc ) {
  453. usage ( argv );
  454. return -1;
  455. }
  456. return 0;
  457. }
  458. /**
  459. * Daemonise
  460. *
  461. */
  462. static int daemonise ( const char *interface ) {
  463. char pidfile[16 + IF_NAMESIZE + 4]; /* "/var/run/hijack-<intf>.pid" */
  464. char pid[16];
  465. int pidlen;
  466. int fd = -1;
  467. /* Daemonise */
  468. if ( daemon ( 0, 0 ) < 0 ) {
  469. logmsg ( LOG_ERR, "Could not daemonise: %s\n",
  470. strerror ( errno ) );
  471. goto err;
  472. }
  473. daemonised = 1; /* Direct messages to syslog now */
  474. /* Open pid file */
  475. snprintf ( pidfile, sizeof ( pidfile ), "/var/run/hijack-%s.pid",
  476. interface );
  477. fd = open ( pidfile, ( O_WRONLY | O_CREAT | O_TRUNC ),
  478. ( S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ) );
  479. if ( fd < 0 ) {
  480. logmsg ( LOG_ERR, "Could not open %s for writing: %s\n",
  481. pidfile, strerror ( errno ) );
  482. goto err;
  483. }
  484. /* Write pid to file */
  485. pidlen = snprintf ( pid, sizeof ( pid ), "%d\n", getpid() );
  486. if ( write ( fd, pid, pidlen ) != pidlen ) {
  487. logmsg ( LOG_ERR, "Could not write %s: %s\n",
  488. pidfile, strerror ( errno ) );
  489. goto err;
  490. }
  491. close ( fd );
  492. return 0;
  493. err:
  494. if ( fd >= 0 )
  495. close ( fd );
  496. return -1;
  497. }
  498. int main ( int argc, char **argv ) {
  499. struct hijack_options options;
  500. struct hijack_listener listener;
  501. struct sigaction sa;
  502. /* Parse command-line options */
  503. if ( parse_options ( argc, argv, &options ) < 0 )
  504. exit ( 1 );
  505. /* Set up syslog connection */
  506. openlog ( basename ( argv[0] ), LOG_PID, LOG_DAEMON );
  507. /* Set up listening socket */
  508. if ( open_listener ( options.interface, &listener ) < 0 )
  509. exit ( 1 );
  510. /* Daemonise on demand */
  511. if ( options.daemonise ) {
  512. if ( daemonise ( options.interface ) < 0 )
  513. exit ( 1 );
  514. }
  515. /* Avoid creating zombies */
  516. memset ( &sa, 0, sizeof ( sa ) );
  517. sa.sa_handler = SIG_IGN;
  518. sa.sa_flags = SA_RESTART | SA_NOCLDWAIT;
  519. if ( sigaction ( SIGCHLD, &sa, NULL ) < 0 ) {
  520. logmsg ( LOG_ERR, "Could not set SIGCHLD handler: %s",
  521. strerror ( errno ) );
  522. exit ( 1 );
  523. }
  524. /* Set 'signalled' flag on SIGINT or SIGHUP */
  525. sa.sa_handler = flag_signalled;
  526. sa.sa_flags = SA_RESTART | SA_RESETHAND;
  527. if ( sigaction ( SIGINT, &sa, NULL ) < 0 ) {
  528. logmsg ( LOG_ERR, "Could not set SIGINT handler: %s",
  529. strerror ( errno ) );
  530. exit ( 1 );
  531. }
  532. if ( sigaction ( SIGHUP, &sa, NULL ) < 0 ) {
  533. logmsg ( LOG_ERR, "Could not set SIGHUP handler: %s",
  534. strerror ( errno ) );
  535. exit ( 1 );
  536. }
  537. /* Listen for hijackers */
  538. if ( listen_for_hijackers ( &listener, options.interface ) < 0 )
  539. exit ( 1 );
  540. close_listener ( &listener );
  541. return 0;
  542. }