From a7f8d9988422822e07782c475b06db14dccb58c8 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 9 Jul 2009 10:23:49 +0200 Subject: moved udp spoofing code to its own output module (omudpspoof) --- tools/omfwd.c | 120 ++++++---------------------------------------------------- 1 file changed, 12 insertions(+), 108 deletions(-) (limited to 'tools/omfwd.c') diff --git a/tools/omfwd.c b/tools/omfwd.c index e00cd969..d0c45cba 100644 --- a/tools/omfwd.c +++ b/tools/omfwd.c @@ -10,7 +10,7 @@ * of the "old" message code without any modifications. However, it * helps to have things at the right place one we go to the meat of it. * - * Copyright 2007 Rainer Gerhards and Adiscon GmbH. + * Copyright 2007, 2009 Rainer Gerhards and Adiscon GmbH. * * This file is part of rsyslog. * @@ -63,17 +63,6 @@ #include "glbl.h" #include "errmsg.h" - -#include -#define HAVE_PACKET_SOCKET 1 -#define _BSD_SOURCE 1 -#define __BSD_SOURCE 1 -#define __FAVOR_BSD 1 -#define LIBNET_LIL_ENDIAN 1 -#define HAVE_LINUX_PROCFS 1 -#define HAVE_NET_ETHERNET_H 1 - - MODULE_TYPE_OUTPUT /* internal structures @@ -154,11 +143,6 @@ static char *getFwdPt(instanceData *pData) return(pData->port); } - /* add some variables needed for libnet */ - libnet_t *libnet_handle; - libnet_ptag_t ip, ipo; - libnet_ptag_t udp; - char errbuf[LIBNET_ERRBUF_SIZE]; /* destruct the TCP helper objects * This, for example, is needed after something went wrong. @@ -175,25 +159,8 @@ DestructTCPInstanceData(instanceData *pData) netstrms.Destruct(&pData->pNS); } -u_short source_port=32000; - BEGINcreateInstance CODESTARTcreateInstance - /* - * Initialize the libnet library. Root priviledges are required. - * this initializes a IPv4 socket to use for forging UDP packets - */ - libnet_handle = libnet_init( - LIBNET_RAW4, /* injection type */ - NULL, /* network interface */ - errbuf); /* errbuf */ - - if (libnet_handle == NULL) - { - fprintf(stderr, "libnet_init() failed: %s\n", errbuf); - exit(EXIT_FAILURE); - } - ENDcreateInstance @@ -218,10 +185,7 @@ CODESTARTfreeInstance free(pData->f_hname); free(pData->pszStrmDrvr); free(pData->pszStrmDrvrAuthMode); - if(pData->pPermPeers != NULL) - net.DestructPermittedPeers(&pData->pPermPeers); - /* destroy the libnet state needed for forged UDP sources */ - libnet_destroy(libnet_handle); + net.DestructPermittedPeers(&pData->pPermPeers); ENDfreeInstance @@ -238,26 +202,10 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len) { DEFiRet; struct addrinfo *r; + int i; unsigned lsent = 0; int bSendSuccess; - int j, build_ip; - u_char opt[20],*source_text_ip; - struct sockaddr_in *tempaddr,source_ip; - ip = ipo = udp = 0; - if(source_port++ >= (u_short)42000){ - source_port = 32000; - } - for(source_text_ip = msg; msg[0] != ' '; msg++ ,len--); - /* move the msg pointer to the first space in the message to strip off the IP address */ - msg[0]='\0'; - msg++; - inet_pton(AF_INET, source_text_ip, &(source_ip.sin_addr)); - - /* the rebind logic and the spoofing logic probably are mutally exclusive and need to be - * seperated by an if. - */ - dbgprintf("rebind logic: interval %d, curr %d, mod %d, if %d\n", pData->iUDPRebindInterval, pData->nXmit, (pData->nXmit % pData->iUDPRebindInterval), ((pData->nXmit % pData->iUDPRebindInterval) == 0)); if(pData->iUDPRebindInterval && (pData->nXmit++ % pData->iUDPRebindInterval == 0)) { @@ -280,62 +228,18 @@ dbgprintf("rebind logic: interval %d, curr %d, mod %d, if %d\n", pData->iUDPRebi */ bSendSuccess = FALSE; for (r = pData->f_addr; r; r = r->ai_next) { - tempaddr = (struct sockaddr_in *)r->ai_addr; - libnet_clear_packet(libnet_handle); - udp = libnet_build_udp( - source_port, /* source port */ - tempaddr->sin_port, /* destination port */ - LIBNET_UDP_H + len, /* packet length */ - 0, /* checksum */ - msg, /* payload */ - len, /* payload size */ - libnet_handle, /* libnet handle */ - udp); /* libnet id */ - if (udp == -1) { - dbgprintf("Can't build UDP header: %s\n", libnet_geterror(libnet_handle)); - } - - build_ip = 0; - /* this is not a legal options string */ - for (j = 0; j < 20; j++) { - opt[j] = libnet_get_prand(LIBNET_PR2); - } - ipo = libnet_build_ipv4_options( - opt, - 20, - libnet_handle, - ipo); - if (ipo == -1) { - dbgprintf("Can't build IP options: %s\n", libnet_geterror(libnet_handle)); - } - ip = libnet_build_ipv4( - LIBNET_IPV4_H + 20 + len + LIBNET_UDP_H, /* length */ - 0, /* TOS */ - 242, /* IP ID */ - 0, /* IP Frag */ - 64, /* TTL */ - IPPROTO_UDP, /* protocol */ - 0, /* checksum */ - source_ip.sin_addr.s_addr, - tempaddr->sin_addr.s_addr, - NULL, /* payload */ - 0, /* payload size */ - libnet_handle, /* libnet handle */ - ip); /* libnet id */ - if (ip == -1) { - dbgprintf("Can't build IP header: %s\n", libnet_geterror(libnet_handle)); - } - - /* - * Write it to the wire. - */ - lsent = libnet_write(libnet_handle); - if (lsent == -1) { - dbgprintf("Write error: %s\n", libnet_geterror(libnet_handle)); - } else { + for (i = 0; i < *pData->pSockArray; i++) { + lsent = sendto(pData->pSockArray[i+1], msg, len, 0, r->ai_addr, r->ai_addrlen); + if (lsent == len) { bSendSuccess = TRUE; break; + } else { + int eno = errno; + char errStr[1024]; + dbgprintf("sendto() error: %d = %s.\n", + eno, rs_strerror_r(eno, errStr, sizeof(errStr))); } + } if (lsent == len && !send_to_all) break; } -- cgit