📄 ipa_ctl.c
字号:
//printf("sport[%d] dport[%d] seqnum[%u] acknum[%u]\n", tcph->sport, tcph->dport, tcph->seqnum, tcph->acknum);
// if ( (tcph->sport != 10001) && (tcph->dport != 10001) ) return;
reqheader = (Header_t *)reqbuf;
reqheader->buflen = sizeof(Header_t) + sizeof(REQUEST_RESET_TCP_t);
reqlen = reqheader->buflen;
reqheader->code = RESET_TCP;
reqheader->buflen = htonl(reqheader->buflen);
reqheader->code = htonl(reqheader->code );
prequest_reset_tcp = (REQUEST_RESET_TCP_t *)(reqbuf + sizeof(Header_t));
memcpy(&(prequest_reset_tcp->srcmac ),srcmac, sizeof(prequest_reset_tcp->srcmac ));
memcpy(&(prequest_reset_tcp->srcip ),&iph->saddr, sizeof(prequest_reset_tcp->srcip ));
prequest_reset_tcp->sport = tcph->sport;
memcpy(&(prequest_reset_tcp->destmac), destmac, sizeof(prequest_reset_tcp->destmac));
memcpy(&(prequest_reset_tcp->destip ), &iph->daddr, sizeof(prequest_reset_tcp->destip ));
prequest_reset_tcp->dport = tcph->dport;
prequest_reset_tcp->seqnum = tcph->acknum;
prequest_reset_tcp->win = tcph->win;
//交给复位进程
ret = writesock(gd_sockToKill, reqbuf, reqlen);
if (ret != 0)
{
close(gd_sockToKill);
logit(gd_SYS_LOG_FILE, "writesock(gd_sockToKill) fail[%d:%s]\n", errno, strerror(errno));
exit(1);
}
ret = readStream(gd_sockToKill, outbuf, &outlen);
if (ret < 0)
{
close(gd_sockToKill);
logit(gd_SYS_LOG_FILE, "readStream(gd_sockToKill) fail[%d:%s]\n", errno, strerror(errno));
exit(1);
}
}
}
int is_in_inner_net_or_in(u_int saddr , u_int daddr)
{
struct in_addr in;
char ssaddr[16];
char sdaddr[16];
in.s_addr = saddr;
strcpy(ssaddr, inet_ntoa(in) );
in.s_addr = daddr;
strcpy(sdaddr, inet_ntoa(in) );
if ( (memcmp(gd_self_net_addr, ssaddr, strlen(gd_self_net_addr)) == 0) &&
(memcmp(gd_self_net_addr, sdaddr, strlen(gd_self_net_addr)) == 0) )
return 1;
else if ( (memcmp(gd_self_net_addr, ssaddr, strlen(gd_self_net_addr)) != 0) &&
(memcmp(gd_self_net_addr, sdaddr, strlen(gd_self_net_addr)) == 0) )
return 1;
else if ( (memcmp(gd_self_net_addr, ssaddr, strlen(gd_self_net_addr)) != 0) &&
(memcmp(gd_self_net_addr, sdaddr, strlen(gd_self_net_addr)) != 0) )
return 1;
else
return 0;
}
int is_in_ip_list(u_int sipaddr, char *mac)
{
int i;
unsigned char s1[6], s2[6];
char saddr[16];
char saddr1[16];
for (i=0; i<gd_ip_list_len; i++)
{
memcpy(s1, mac, 6);
memcpy(s2, gd_ip_mac[i].mac, 6);
m_inet_ntoa((u_int *)&sipaddr, saddr);
m_inet_ntoa((u_int *)&(gd_ip_mac[i].ip), saddr1);
if ( (sipaddr == gd_ip_mac[i].ip) || (memcmp(mac, gd_ip_mac[i].mac, 6) == 0) )
{
return 1;
}
}
return 0;
}
int is_in_white_list(u_int sipaddr, char *mac)
{
int i;
for (i=0; i<gd_white_list_len; i++)
{
if ( (sipaddr == gd_white_ip_mac[i].ip) || (memcmp(mac, gd_white_ip_mac[i].mac, 6) == 0) )
{
return 1;
}
}
return 0;
}
int is_in_reset_port_list(unsigned short dport)
{
short i;
for (i=0; i<gd_portnum; i++)
{
if (gd_portsList[i] == ntohs(dport))
return 1;
}
return 0;
}
int is_win_update(u_int saddr, u_int daddr)
{
struct in_addr in1, in2;
char ssaddr[16];
char sdaddr[16];
in1.s_addr = saddr;
in2.s_addr = daddr;
strcpy(ssaddr, inet_ntoa(in1));
strcpy(sdaddr, inet_ntoa(in2));
//若无法连接公网,允许程序继续执行
if (strlen(gd_winupdateip) == 0) return 1;
if (memcmp(ssaddr, gd_winupdateip, strlen(gd_winupdateip)) == 0)
return 1;
if (memcmp(sdaddr, gd_winupdateip, strlen(gd_winupdateip)) == 0)
return 1;
return 0;
}
int is_for_myself(u_int saddr, u_int daddr)
{
int i;
for (i=0; i<gd_devnum; i++)
{
if ( (gd_devname[i].ip_addr == saddr) || (gd_devname[i].ip_addr == daddr) )
return 1;
}
return 0;
}
// Attempts to forge a RST packet and send it back to the source, resetting the TCP connection
void send_reset( mac_address_t *srcmac, ip_address_t *srcip, u_short sport, mac_address_t *destmac,
ip_address_t *destip, u_short dport, u_int seqnum, u_int win )
{
int ret;
struct sockaddr from;
int fromlen;
u_short tcp_hdrcrc[16];
u_short ip_hdrcrc[10];
u_short tcp_tos = htons(0x06);
u_short tcp_hlen = htons(0x14);
u_short ip_tos = htons(0x0800);
ip_header_t iph;
tcp_header_t tcph;
u_char pkt[54];
// Setup IP Header
iph.ver_ihl = 0x45;
iph.tos = 0x01;
iph.tlen = htons(40);
iph.identification = htons(0x0800);
iph.flags_fo = 0x0;
iph.ttl = 0xff;
iph.proto = 0x06;
iph.crc = 0x00;
iph.saddr = *destip; // swap the source & dest ips
iph.daddr = *srcip;
// Setup TCP Header
tcph.sport = dport; // swap the source & dest ports
tcph.dport = sport;
// tcph.seqnum = htonl(ntohl(seqnum) + ntohs(win) - 2);
tcph.seqnum = htonl(ntohl(seqnum) + ntohs(win) - 2 );
tcph.acknum = tcph.seqnum + htonl(0x1);
tcph.hlen = 0x50;
tcph.flags = 0x04;
tcph.win = win;
tcph.urgptr = 0x00;
tcph.crc = 0x00;
// Calculate the IP Header Checksum
memset(ip_hdrcrc, 0, 20);
memcpy(ip_hdrcrc, &iph, 20);
iph.crc = csum( ip_hdrcrc, 10 );
// Construct the tcp pseudo-header for checksum calculation
memset(tcp_hdrcrc, 0, 32);
memcpy(tcp_hdrcrc, &tcph, 20);
memcpy(&tcp_hdrcrc[10], &iph.saddr, 4);
memcpy(&tcp_hdrcrc[12], &iph.daddr, 4);
memcpy(&tcp_hdrcrc[14], &tcp_tos, 2);
memcpy(&tcp_hdrcrc[15], &tcp_hlen, 2);
tcph.crc = csum( tcp_hdrcrc, 16 );
// Assemble the packet
memcpy( pkt, (void *)srcmac, 6 );
memcpy( (void *)(pkt + 6), (void *)destmac, 6 );
memcpy( (void *)(pkt + 12), &ip_tos, 2);
memcpy( (void *)(pkt + 14), &iph, 20 );
memcpy( (void *)(pkt + 14 + sizeof( ip_header_t )), &tcph, 20 );
memset(&from, 0, sizeof(from));
from.sa_family = AF_INET;
strcpy(from.sa_data, gd_PACKET_dev);
fromlen = sizeof(from);
ret = sendto(gd_PACKET_sockfd, pkt, sizeof( pkt ), 0, &from, fromlen);
if (gd_log_level > 2)
logit(gd_SYS_LOG_FILE, "Attempting to Reset: %d.%d.%d.%d:%d -> %d.%d.%d.%d:%d \n", srcip->byte1,
srcip->byte2, srcip->byte3, srcip->byte4, ntohs(sport),destip->byte1, destip->byte2,
destip->byte3, destip->byte4, ntohs(dport));
if (ret < 0)
{
printf("in send_reset(), sendto() error[%d:%s] \n", errno, strerror(errno));
logit(gd_SYS_LOG_FILE, "in send_reset(), sendto() error[%d:%s] \n", errno, strerror(errno));
}
// winpcap: Send the packet
//if (pcap_sendpacket(gd_adhandle, pkt, sizeof( pkt )) != 0)
//{
// printf("Error sending the packet[%s]\n", pcap_geterr(gd_adhandle));
// logit(gd_SYS_LOG_FILE, "Error sending the packet[%s]\n", pcap_geterr(gd_adhandle));
//}
}
int init_PACKET_sock()
{
gd_PACKET_sockfd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));
if (gd_PACKET_sockfd < 0)
{
printf("in init_PACKET_sock(), socket(SOCK_PACKET) error[%d:%s] \n", errno, strerror(errno));
logit(gd_SYS_LOG_FILE, "in init_PACKET_sock(), socket(SOCK_PACKET) error[%d:%s] \n", errno, strerror(errno));
return(-1);
}
return 0;
}
int get_all_dev()
{
struct ifreq ifaces[16];
struct ifreq ifr;
struct ifconf param;
struct in_addr in;
struct sockaddr from, to;
int fromlen;
struct sockaddr_in *sin_ptr;
u_char *ptr;
int n;
int i, j;
char saddr[16];
param.ifc_len = sizeof(ifaces);
param.ifc_req = ifaces;
if (ioctl(gd_PACKET_sockfd, SIOCGIFCONF, ¶m) != 0)
{
printf("1 ioctl error[%d:%s]\n", errno, strerror(errno));
return -1;
}
gd_devnum = param.ifc_len / sizeof(struct ifreq);
gd_devname = (m_dev_t *)calloc(sizeof(m_dev_t), gd_devnum);
j = 0;
memset(gd_PACKET_dev, 0, sizeof(gd_PACKET_dev));
memset(gd_SNIFFER_dev, 0, sizeof(gd_SNIFFER_dev));
printf("\n\nAvailabile device list:\n");
for (i = 0; i < gd_devnum; i++)
{
//printf("ifr.ifr_name[%s] i[%d]\n", ifaces[i].ifr_name, i);
if ( strcmp(ifaces[i].ifr_name, "lo") == 0 ) continue;
strcpy(gd_devname[j].devname, ifaces[i].ifr_name);
strcpy(ifr.ifr_name, ifaces[i].ifr_name);
if (ioctl(gd_PACKET_sockfd, SIOCGIFADDR, &ifr) < 0)
{
printf("2 ioctl error[%d:%s]\n", errno, strerror(errno));
return(-1);
}
sin_ptr = (struct sockaddr_in *)&ifr.ifr_addr;
memcpy(&(gd_devname[j].ip_addr), &(sin_ptr->sin_addr), sizeof(u_int));
// get mac address of the interface
if (ioctl(gd_PACKET_sockfd, SIOCGIFHWADDR, &ifr) < 0)
{
printf("3 ioctl error[%d:%s]\n", errno, strerror(errno));
return(-1);
}
memcpy( gd_devname[j].mac_addr, (u_char *)&ifr.ifr_ifru.ifru_hwaddr.sa_data[0], 6);
if (strcmp(gd_devname[j].devname, gd_ipa_conf.TCP_RESET_DEVICE) == 0)
{
strcpy(gd_PACKET_dev, gd_devname[j].devname);
}
if (strcmp(gd_devname[j].devname, gd_ipa_conf.SNIFFER_DEVICE) == 0)
{
strcpy(gd_SNIFFER_dev, gd_devname[j].devname);
}
m_inet_ntoa(&(gd_devname[j].ip_addr), saddr);
printf("DeviceName[%s] IP[%s] order[%d]\n", gd_devname[j].devname, saddr, j+1);
j ++;
}
printf("\n\n");
gd_devnum = j;
in.s_addr = gd_devname[0].ip_addr;
memset(gd_self_net_addr, 0, sizeof(gd_self_net_addr));
getNetAddr(inet_ntoa(in), gd_self_net_addr);
if ( strlen(gd_PACKET_dev) == 0 )
{
printf("TCP_RESET_DEVICE [%s] in ipa.conf is not exist!\n", gd_ipa_conf.TCP_RESET_DEVICE);
return -1;
}
if ( strlen(gd_SNIFFER_dev) == 0 )
{
printf("SNIFFER_DEVICE [%s] in ipa.conf is not exist!\n", gd_ipa_conf.SNIFFER_DEVICE);
return -1;
}
return 0;
}
int getWinUpdateip(char *url, char *winupdateip)
{
struct hostent *phe;
struct sockaddr_in sin;
int ret, i, j;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
phe = gethostbyname(url);
if(phe == NULL)
{
printf("gethostbyname()[%s] fail[%s]\n", "windowsupdate.microsoft.nsatc.net", strerror(errno));
return -1;
}
memcpy(&sin.sin_addr, phe->h_addr, phe->h_length);
//printf("h_name [%s]\n", phe->h_name );
//printf("h_length [%d]\n", phe->h_length );
//struct hostent
//{
// char *h_name; /* Official name of host. */
// char **h_aliases; /* Alias list. */
// int h_addrtype; /* Host address type. */
// int h_length; /* Length of address. */
// char **h_addr_list; /* List of addresses from name server. */
//#define h_addr h_addr_list[0] /* Address, for backward compatibility. */
//};
memcpy(&sin.sin_addr, phe->h_addr_list[0], phe->h_length);
strcpy(winupdateip, inet_ntoa(sin.sin_addr));
j = 0;
for (i=0; i<strlen(winupdateip); i++)
{
if (winupdateip[i] == '.')
{
j ++;
if (j == 2) break;
}
}
winupdateip[i] = 0;
return(0);
}
/*read_smg_conf--读配置文件
*/
int read_ipa_conf(char *filename, ipa_conf_t *pipa_conf, unsigned short **ports, short *portnum)
{
int ret;
FILE *fp;
char aline[4096];
char field1[1024];
char field2[1024];
char field3[1024];
int hadWINDOWSUPDATE_ADDRESS = 0;
int hadSNIFFER_DEVICE = 0;
int hadTCP_RESET_DEVICE = 0;
int hadIPA_LOG_LEVEL = 0;
int hadRESET_PORTS_LIST_part = 0;
fp = fopen(filename, "r");
if (fp == NULL)
{
printf("fopen(%s, 'r') fail[%d:%s]\n", filename, errno, strerror(errno));
return -1;
}
//printf("11111\n");
memset(pipa_conf, 0, sizeof(ipa_conf_t));
for (;;)
{
memset(aline, 0, sizeof(aline));
fgets(aline, sizeof(aline)-1, fp);
if ( feof(fp) ) break;
rtrim(aline, ' ');
if (strlen(aline) == 0) continue;
ltrim(aline);
if (strlen(aline) == 0) continue;
//若为注释
if (aline[0] == '#') continue;
memset(field1, 0, sizeof(field1));
memset(field2, 0, sizeof(field2));
memset(field3, 0, sizeof(field3));
sscanf(aline, "%s%s%s", field1, field2, field3);
if (strcmp(field1, "RESET_PORTS_LIST") == 0)
{
hadRESET_PORTS_LIST_part = 1;
ret = read_RESET_PORTS_LIST_part(filename, fp, ports, portnum);
if (ret < 0)
{
return -1;
}
break;
}
if (strcmp(field1, "WINDOWSUPDATE_ADDRESS") == 0)
{
if ( (strlen(field2) > 255) || (strlen(field2) < 1) )
{
printf("WINDOWSUPDATE_ADDRESS is invalid[%s], length should be 1-255\n", field2);
fclose(fp);
return -1;
}
strcpy(pipa_conf->WINDOWSUPDATE_ADDRESS, field2);
hadWINDOWSUPDATE_ADDRESS = 1;
}
else if (strcmp(field1, "SNIFFER_DEVICE") == 0)
{
if ( (strlen(field2) > 255) || (strlen(field2) < 1) )
{
printf("SNIFFER_DEVICE is invalid[%s], length should be 1-15\n", field2);
fclose(fp);
return -1;
}
strcpy(pipa_conf->SNIFFER_DEVICE, field2);
hadSNIFFER_DEVICE = 1;
}
else if (strcmp(field1, "TCP_RESET_DEVICE") == 0)
{
if ( (strlen(field2) > 255) || (strlen(field2) < 1) )
{
printf("TCP_RESET_DEVICE is invalid[%s], length should be 1-15\n", field2);
fclose(fp);
return -1;
}
strcpy(pipa_conf->TCP_RESET_DEVICE, field2);
hadTCP_RESET_DEVICE = 1;
}
else if (strcmp(field1, "IPA_LOG_LEVEL") == 0)
{
if ( (atoi(field2) > 10) || (atoi(field2) < 1) )
{
printf("IPA_LOG_LEVEL is invalid[%s], should be 1-10\n", atoi(field2));
fclose(fp);
return -1;
}
pipa_conf->IPA_LOG_LEVEL = atoi(field2);
hadIPA_LOG_LEVEL = 1;
}
//printf("FILELD1[%s] 2[%s]\n", field1, field2);
}
fclose(fp);
if (hadRESET_PORTS_LIST_part == 0)
{
printf("No RESET_PORTS_LIST part!\n");
return -1;
}
if (hadWINDOWSUPDATE_ADDRESS == 0 ||
hadSNIFFER_DEVICE == 0 ||
hadTCP_RESET_DEVICE == 0 ||
hadIPA_LOG_LEVEL == 0 )
{
if (hadWINDOWSUPDATE_ADDRESS == 0 ) { printf("scare WINDOWSUPDATE_ADDRESS!\n"); }
if (hadSNIFFER_DEVICE == 0 ) { printf("scare SNIFFER_DEVICE !\n"); }
if (hadTCP_RESET_DEVICE == 0 ) { printf("scare TCP_RESET_DEVICE !\n"); }
if (hadIPA_LOG_LEVEL == 0 ) { printf("scare IPA_LOG_LEVEL !\n"); }
return -1;
}
return 0;
}
int read_RESET_PORTS_LIST_part(char *filename, FILE *fp, unsigned short **ports, short *portnum)
{
int ret;
int i;
char aline[1024];
char field1[512];
char field2[512];
*ports = NULL;
*portnum = 0;
//printf("11111\n");
i = 0;
for (;;)
{
memset(aline, 0, sizeof(aline));
fgets(aline, sizeof(aline)-1, fp);
if ( feof(fp) ) break;
if (strlen(aline) == 0) continue;
ltrim(aline);
rtrim(aline, ' ');
rtrim(aline, '\t');
if (strlen(aline) == 0) continue;
//若为注释
if (aline[0] == '#') continue;
memset(field1, 0, sizeof(field1));
memset(field2, 0, sizeof(field2));
sscanf(aline, "%s%s", field1, field2);
if ( (strlen(field1) == 0) || (strlen(field2) == 0) ) continue;
if ( (atoi(field1) < 1) || (atoi(field1) > 256*256) ) continue;
*ports = (unsigned short *)realloc( (void *)*ports, (i+1)*sizeof(short));
(*ports)[i] = atoi(field1);
//printf("i[%d] port[%d]\n", i, (*ports)[i]);
i ++;
}
if (i == 0)
{
printf("none valid <Port service> in file [%s]!\n", filename);
return 1;
}
*portnum = i;
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -