[p0f-client-exim.git] / p0f-client-exim.c

/*
   p0f-client - simple API client
   ------------------------------

   Can be used to query p0f API sockets.

   Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>

   Distributed under the terms and conditions of GNU LGPL.

 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <errno.h>
#include <ctype.h>
#include <time.h>

#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "../types.h"
#include "../config.h"
#include "../alloc-inl.h"
#include "../debug.h"
#include "../api.h"

/* Parse IPv4 address into a buffer. */

static void parse_addr4(char* str, u8* ret) {

  u32 a1, a2, a3, a4;

  if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) {
    SAYF("Malformed IPv4 address.");
    exit(1);
  }

  if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255) {
    SAYF("Malformed IPv4 address.");
    exit(1);
  }

  ret[0] = a1;
  ret[1] = a2;
  ret[2] = a3;
  ret[3] = a4;

}


/* Parse IPv6 address into a buffer. */

static void parse_addr6(char* str, u8* ret) {

  u32 seg = 0;
  u32 val;

  while (*str) {

    if (seg == 8) {
			SAYF("Malformed IPv6 address (too many segments).");
			exit(1);
		}

    if      (*str == ':') { val = 0; }
    else if (sscanf((char*)str, "%x", &val) != 1 || val > 65535) {
      SAYF("Malformed IPv6 address (bad octet value).");
      exit(1);
    }

    ret[seg * 2] = val >> 8;
    ret[seg * 2 + 1] = val;

    seg++;

    while (isxdigit(*str)) str++;
    if (*str) str++;

  }

  if (seg != 6) {
    SAYF("Malformed IPv6 address (incorrect number of segments parsed)");
    exit(1);
  }
}


int main(int argc, char** argv) {

  u8 tmp[128];
  struct tm* t;

  static struct p0f_api_query q;
  static struct p0f_api_response r;

  static struct sockaddr_un sun;

  s32  sock;
  time_t ut;

  if (argc != 3) {
    ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
    exit(1);
  }

  q.magic = P0F_QUERY_MAGIC;

  if (strchr(argv[2], ':')) {

    parse_addr6(argv[2], q.addr);
    q.addr_type = P0F_ADDR_IPV6;

  } else {

    parse_addr4(argv[2], q.addr);
    q.addr_type = P0F_ADDR_IPV4;

  }

  sock = socket(PF_UNIX, SOCK_STREAM, 0);

  if (sock < 0) {
    SAYF("Call to socket() failed.");
		return 1;
	}

  sun.sun_family = AF_UNIX;

  if (strlen(argv[1]) >= sizeof(sun.sun_path)) {
    SAYF("API socket filename is too long for sockaddr_un (blame Unix).");
    return 1;
  }

  strcpy(sun.sun_path, argv[1]);

  if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) {
    SAYF("Can't connect to API socket.");
		return 1;
	}

  if (write(sock, &q, sizeof(struct p0f_api_query)) !=
      sizeof(struct p0f_api_query)) {
    SAYF("Short write to API socket.");
    return 1;
  }

  if (read(sock, &r, sizeof(struct p0f_api_response)) !=
      sizeof(struct p0f_api_response)) {
    SAYF("Short read from API socket.");
  }
  
  close(sock);

  if (r.magic != P0F_RESP_MAGIC) {
    SAYF("Bad response magic (0x%08x).\n", r.magic);
    return 1;
  }

  if (r.status == P0F_STATUS_BADQUERY) {
    SAYF("P0f did not understand the query.\n");
		return 1;
	}

  if (r.status == P0F_STATUS_NOMATCH) {
    SAYF("No matching host in p0f cache. That's all we know.\n");
    return 0;
  }

  ut = r.first_seen;
  t = localtime(&ut);
  strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);

//  SAYF("First seen    = %s\n", tmp);

  ut = r.last_seen;
  t = localtime(&ut);
  strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);

//  SAYF("Last update   = %s\n", tmp);

//  SAYF("Total flows   = %u\n", r.total_conn);

  if (!r.os_name[0])
    SAYF("Genre and OS details not recognized.");
  else
    SAYF("%s %s%s%s", r.os_name, r.os_flavor,
         (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
         (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");

//  if (!r.http_name[0])
//    SAYF("HTTP software = ???\n");
//  else
//    SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
//         (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));
//
//  if (!r.link_type[0])
//    SAYF("Network link  = ???\n");
//  else
//    SAYF("Network link  = %s\n", r.link_type);
//
//  if (!r.language[0])
//    SAYF("Language      = ???\n");
//  else
//    SAYF("Language      = %s\n", r.language);
//
//
//  if (r.distance == -1)
//    SAYF("Distance      = ???\n");
//  else
//    SAYF("Distance      = %u\n", r.distance);
//
//  if (r.last_nat) {
//    ut = r.last_nat;
//    t = localtime(&ut);
//    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
//    SAYF("IP sharing    = %s\n", tmp);
//  }
//
//  if (r.last_chg) {
//    ut = r.last_chg;
//    t = localtime(&ut);
//    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
//    SAYF("Sys change    = %s\n", tmp);
//  }
//
//  if (r.uptime_min) {
//    SAYF("Uptime        = %u days %u hrs %u min (modulo %u days)\n", 
//         r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
//         r.up_mod_days);
//  }

  return 0;

}
Commit	Line	Data
c3a49fd7 JD	1	/*
	2	p0f-client - simple API client
	3	------------------------------
	4
	5	Can be used to query p0f API sockets.
	6
	7	Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>
	8
	9	Distributed under the terms and conditions of GNU LGPL.
	10
	11	*/
	12
	13	#include <stdio.h>
	14	#include <stdlib.h>
	15	#include <unistd.h>
	16	#include <string.h>
	17	#include <netdb.h>
	18	#include <errno.h>
	19	#include <ctype.h>
	20	#include <time.h>
	21
	22	#include <netinet/in.h>
	23	#include <arpa/inet.h>
	24	#include <sys/types.h>
	25	#include <sys/time.h>
	26	#include <sys/socket.h>
	27	#include <sys/un.h>
	28
	29	#include "../types.h"
	30	#include "../config.h"
	31	#include "../alloc-inl.h"
	32	#include "../debug.h"
	33	#include "../api.h"
	34
	35	/* Parse IPv4 address into a buffer. */
	36
	37	static void parse_addr4(char* str, u8* ret) {
	38
	39	u32 a1, a2, a3, a4;
	40
	41	if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) {
	42	SAYF("Malformed IPv4 address.");
bb1999ec JD	43	exit(1);
bb1999ec JD	44	}
c3a49fd7 JD	45
	46	if (a1 > 255 \|\| a2 > 255 \|\| a3 > 255 \|\| a4 > 255) {
	47	SAYF("Malformed IPv4 address.");
bb1999ec JD	48	exit(1);
bb1999ec JD	49	}
c3a49fd7 JD	50
	51	ret[0] = a1;
	52	ret[1] = a2;
	53	ret[2] = a3;
	54	ret[3] = a4;
	55
	56	}
	57
	58
	59	/* Parse IPv6 address into a buffer. */
	60
	61	static void parse_addr6(char* str, u8* ret) {
	62
	63	u32 seg = 0;
	64	u32 val;
	65
	66	while (*str) {
	67
	68	if (seg == 8) {
	69	SAYF("Malformed IPv6 address (too many segments).");
	70	exit(1);
	71	}
	72
c3a49fd7 JD	73	if (*str == ':') { val = 0; }
	74	else if (sscanf((char*)str, "%x", &val) != 1 \|\| val > 65535) {
	75	SAYF("Malformed IPv6 address (bad octet value).");
	76	exit(1);
	77	}
	78
c3a49fd7 JD	79	ret[seg * 2] = val >> 8;
	80	ret[seg * 2 + 1] = val;
	81
	82	seg++;
	83
	84	while (isxdigit(*str)) str++;
	85	if (*str) str++;
	86
	87	}
	88
	89	if (seg != 6) {
	90	SAYF("Malformed IPv6 address (incorrect number of segments parsed)");
	91	exit(1);
	92	}
c3a49fd7 JD	93	}
	94
	95
	96	int main(int argc, char** argv) {
	97
	98	u8 tmp[128];
	99	struct tm* t;
	100
	101	static struct p0f_api_query q;
	102	static struct p0f_api_response r;
	103
	104	static struct sockaddr_un sun;
	105
	106	s32 sock;
	107	time_t ut;
	108
	109	if (argc != 3) {
	110	ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
	111	exit(1);
	112	}
	113
	114	q.magic = P0F_QUERY_MAGIC;
	115
	116	if (strchr(argv[2], ':')) {
	117
	118	parse_addr6(argv[2], q.addr);
	119	q.addr_type = P0F_ADDR_IPV6;
	120
	121	} else {
	122
	123	parse_addr4(argv[2], q.addr);
	124	q.addr_type = P0F_ADDR_IPV4;
	125
	126	}
	127
	128	sock = socket(PF_UNIX, SOCK_STREAM, 0);
	129
	130	if (sock < 0) {
	131	SAYF("Call to socket() failed.");
	132	return 1;
	133	}
	134
	135	sun.sun_family = AF_UNIX;
	136
	137	if (strlen(argv[1]) >= sizeof(sun.sun_path)) {
	138	SAYF("API socket filename is too long for sockaddr_un (blame Unix).");
	139	return 1;
	140	}
	141
	142	strcpy(sun.sun_path, argv[1]);
	143
	144	if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) {
	145	SAYF("Can't connect to API socket.");
	146	return 1;
	147	}
	148
	149	if (write(sock, &q, sizeof(struct p0f_api_query)) !=
	150	sizeof(struct p0f_api_query)) {
	151	SAYF("Short write to API socket.");
	152	return 1;
	153	}
	154
	155	if (read(sock, &r, sizeof(struct p0f_api_response)) !=
	156	sizeof(struct p0f_api_response)) {
157	SAYF("Short read from API socket.");
158	}
159
160	close(sock);
161
162	if (r.magic != P0F_RESP_MAGIC) {
163	SAYF("Bad response magic (0x%08x).\n", r.magic);
164	return 1;
165	}
166
167	if (r.status == P0F_STATUS_BADQUERY) {
168	SAYF("P0f did not understand the query.\n");
169	return 1;
170	}
171
172	if (r.status == P0F_STATUS_NOMATCH) {
173	SAYF("No matching host in p0f cache. That's all we know.\n");
174	return 0;
175	}
176
177	ut = r.first_seen;
178	t = localtime(&ut);
179	strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
180
181	// SAYF("First seen = %s\n", tmp);
182
183	ut = r.last_seen;
184	t = localtime(&ut);
185	strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
186
187	// SAYF("Last update = %s\n", tmp);
188
189	// SAYF("Total flows = %u\n", r.total_conn);
190
191	if (!r.os_name[0])
192	SAYF("Genre and OS details not recognized.");
193	else
194	SAYF("%s %s%s%s", r.os_name, r.os_flavor,
195	(r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
196	(r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");
197
198	// if (!r.http_name[0])
199	// SAYF("HTTP software = ???\n");
200	// else
201	// SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
202	// (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));
203	//
204	// if (!r.link_type[0])
205	// SAYF("Network link = ???\n");
206	// else
207	// SAYF("Network link = %s\n", r.link_type);
208	//
209	// if (!r.language[0])
210	// SAYF("Language = ???\n");
211	// else
212	// SAYF("Language = %s\n", r.language);
213	//
214	//
215	// if (r.distance == -1)
216	// SAYF("Distance = ???\n");
217	// else
218	// SAYF("Distance = %u\n", r.distance);
219	//
220	// if (r.last_nat) {
221	// ut = r.last_nat;
222	// t = localtime(&ut);
223	// strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
224	// SAYF("IP sharing = %s\n", tmp);
225	// }
226	//
227	// if (r.last_chg) {
228	// ut = r.last_chg;
229	// t = localtime(&ut);
230	// strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
231	// SAYF("Sys change = %s\n", tmp);
232	// }
233	//
234	// if (r.uptime_min) {
235	// SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n",
236	// r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
237	// r.up_mod_days);
238	// }
239
240	return 0;
241
242	}
243