--- /dev/null
+/*
+ p0f-client - simple API client
+ ------------------------------
+
+ Can be used to query p0f API sockets.
+
+ Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>
+
+ Distributed under the terms and conditions of GNU LGPL.
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <netdb.h>
+#include <errno.h>
+#include <ctype.h>
+#include <time.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include "../types.h"
+#include "../config.h"
+#include "../alloc-inl.h"
+#include "../debug.h"
+#include "../api.h"
+
+/* Parse IPv4 address into a buffer. */
+
+static void parse_addr4(char* str, u8* ret) {
+
+ u32 a1, a2, a3, a4;
+
+ if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) {
+ SAYF("Malformed IPv4 address.");
+ exit(1);
+ }
+
+ if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255) {
+ SAYF("Malformed IPv4 address.");
+ exit(1);
+ }
+
+ ret[0] = a1;
+ ret[1] = a2;
+ ret[2] = a3;
+ ret[3] = a4;
+
+}
+
+
+/* Parse IPv6 address into a buffer. */
+
+static void parse_addr6(char* str, u8* ret) {
+
+ u32 seg = 0;
+ u32 val;
+
+ while (*str) {
+
+ if (seg == 8) {
+ SAYF("Malformed IPv6 address (too many segments).");
+ exit(1);
+ }
+
+
+ if (*str == ':') { val = 0; }
+ else if (sscanf((char*)str, "%x", &val) != 1 || val > 65535) {
+ SAYF("Malformed IPv6 address (bad octet value).");
+ exit(1);
+ }
+
+ SAYF("str %s val %d\n", str, val);
+
+ ret[seg * 2] = val >> 8;
+ ret[seg * 2 + 1] = val;
+
+ seg++;
+
+ while (isxdigit(*str)) str++;
+ if (*str) str++;
+
+ }
+
+ if (seg != 6) {
+ SAYF("Malformed IPv6 address (incorrect number of segments parsed)");
+ exit(1);
+ }
+
+}
+
+
+int main(int argc, char** argv) {
+
+ u8 tmp[128];
+ struct tm* t;
+
+ static struct p0f_api_query q;
+ static struct p0f_api_response r;
+
+ static struct sockaddr_un sun;
+
+ s32 sock;
+ time_t ut;
+
+ if (argc != 3) {
+ ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
+ exit(1);
+ }
+
+ q.magic = P0F_QUERY_MAGIC;
+
+ if (strchr(argv[2], ':')) {
+
+ parse_addr6(argv[2], q.addr);
+ q.addr_type = P0F_ADDR_IPV6;
+
+ } else {
+
+ parse_addr4(argv[2], q.addr);
+ q.addr_type = P0F_ADDR_IPV4;
+
+ }
+
+ sock = socket(PF_UNIX, SOCK_STREAM, 0);
+
+ if (sock < 0) {
+ SAYF("Call to socket() failed.");
+ return 1;
+ }
+
+ sun.sun_family = AF_UNIX;
+
+ if (strlen(argv[1]) >= sizeof(sun.sun_path)) {
+ SAYF("API socket filename is too long for sockaddr_un (blame Unix).");
+ return 1;
+ }
+
+ strcpy(sun.sun_path, argv[1]);
+
+ if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) {
+ SAYF("Can't connect to API socket.");
+ return 1;
+ }
+
+ if (write(sock, &q, sizeof(struct p0f_api_query)) !=
+ sizeof(struct p0f_api_query)) {
+ SAYF("Short write to API socket.");
+ return 1;
+ }
+
+ if (read(sock, &r, sizeof(struct p0f_api_response)) !=
+ sizeof(struct p0f_api_response)) {
+ SAYF("Short read from API socket.");
+ }
+
+ close(sock);
+
+ if (r.magic != P0F_RESP_MAGIC) {
+ SAYF("Bad response magic (0x%08x).\n", r.magic);
+ return 1;
+ }
+
+ if (r.status == P0F_STATUS_BADQUERY) {
+ SAYF("P0f did not understand the query.\n");
+ return 1;
+ }
+
+ if (r.status == P0F_STATUS_NOMATCH) {
+ SAYF("No matching host in p0f cache. That's all we know.\n");
+ return 0;
+ }
+
+ ut = r.first_seen;
+ t = localtime(&ut);
+ strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
+
+// SAYF("First seen = %s\n", tmp);
+
+ ut = r.last_seen;
+ t = localtime(&ut);
+ strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
+
+// SAYF("Last update = %s\n", tmp);
+
+// SAYF("Total flows = %u\n", r.total_conn);
+
+ if (!r.os_name[0])
+ SAYF("Genre and OS details not recognized.");
+ else
+ SAYF("%s %s%s%s", r.os_name, r.os_flavor,
+ (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
+ (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");
+
+// if (!r.http_name[0])
+// SAYF("HTTP software = ???\n");
+// else
+// SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
+// (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));
+//
+// if (!r.link_type[0])
+// SAYF("Network link = ???\n");
+// else
+// SAYF("Network link = %s\n", r.link_type);
+//
+// if (!r.language[0])
+// SAYF("Language = ???\n");
+// else
+// SAYF("Language = %s\n", r.language);
+//
+//
+// if (r.distance == -1)
+// SAYF("Distance = ???\n");
+// else
+// SAYF("Distance = %u\n", r.distance);
+//
+// if (r.last_nat) {
+// ut = r.last_nat;
+// t = localtime(&ut);
+// strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
+// SAYF("IP sharing = %s\n", tmp);
+// }
+//
+// if (r.last_chg) {
+// ut = r.last_chg;
+// t = localtime(&ut);
+// strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
+// SAYF("Sys change = %s\n", tmp);
+// }
+//
+// if (r.uptime_min) {
+// SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n",
+// r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
+// r.up_mod_days);
+// }
+
+ return 0;
+
+}
+
projects / p0f-client-exim.git / commitdiff