Commit | Line | Data |
---|---|---|
c3a49fd7 JD |
1 | /* |
2 | p0f-client - simple API client | |
3 | ------------------------------ | |
4 | ||
5 | Can be used to query p0f API sockets. | |
6 | ||
7 | Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx> | |
8 | ||
9 | Distributed under the terms and conditions of GNU LGPL. | |
10 | ||
11 | */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <unistd.h> | |
16 | #include <string.h> | |
17 | #include <netdb.h> | |
18 | #include <errno.h> | |
19 | #include <ctype.h> | |
20 | #include <time.h> | |
21 | ||
22 | #include <netinet/in.h> | |
23 | #include <arpa/inet.h> | |
24 | #include <sys/types.h> | |
25 | #include <sys/time.h> | |
26 | #include <sys/socket.h> | |
27 | #include <sys/un.h> | |
28 | ||
29 | #include "../types.h" | |
30 | #include "../config.h" | |
31 | #include "../alloc-inl.h" | |
32 | #include "../debug.h" | |
33 | #include "../api.h" | |
34 | ||
35 | /* Parse IPv4 address into a buffer. */ | |
36 | ||
37 | static void parse_addr4(char* str, u8* ret) { | |
38 | ||
39 | u32 a1, a2, a3, a4; | |
40 | ||
41 | if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) { | |
42 | SAYF("Malformed IPv4 address."); | |
bb1999ec JD |
43 | exit(1); |
44 | } | |
c3a49fd7 JD |
45 | |
46 | if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255) { | |
47 | SAYF("Malformed IPv4 address."); | |
bb1999ec JD |
48 | exit(1); |
49 | } | |
c3a49fd7 JD |
50 | |
51 | ret[0] = a1; | |
52 | ret[1] = a2; | |
53 | ret[2] = a3; | |
54 | ret[3] = a4; | |
55 | ||
56 | } | |
57 | ||
58 | ||
59 | /* Parse IPv6 address into a buffer. */ | |
60 | ||
61 | static void parse_addr6(char* str, u8* ret) { | |
62 | ||
63 | u32 seg = 0; | |
64 | u32 val; | |
65 | ||
66 | while (*str) { | |
67 | ||
68 | if (seg == 8) { | |
69 | SAYF("Malformed IPv6 address (too many segments)."); | |
70 | exit(1); | |
71 | } | |
72 | ||
c3a49fd7 JD |
73 | if (*str == ':') { val = 0; } |
74 | else if (sscanf((char*)str, "%x", &val) != 1 || val > 65535) { | |
75 | SAYF("Malformed IPv6 address (bad octet value)."); | |
76 | exit(1); | |
77 | } | |
78 | ||
c3a49fd7 JD |
79 | ret[seg * 2] = val >> 8; |
80 | ret[seg * 2 + 1] = val; | |
81 | ||
82 | seg++; | |
83 | ||
84 | while (isxdigit(*str)) str++; | |
85 | if (*str) str++; | |
86 | ||
87 | } | |
88 | ||
89 | if (seg != 6) { | |
90 | SAYF("Malformed IPv6 address (incorrect number of segments parsed)"); | |
91 | exit(1); | |
92 | } | |
c3a49fd7 JD |
93 | } |
94 | ||
95 | ||
96 | int main(int argc, char** argv) { | |
97 | ||
98 | u8 tmp[128]; | |
99 | struct tm* t; | |
100 | ||
101 | static struct p0f_api_query q; | |
102 | static struct p0f_api_response r; | |
103 | ||
104 | static struct sockaddr_un sun; | |
105 | ||
106 | s32 sock; | |
107 | time_t ut; | |
108 | ||
109 | if (argc != 3) { | |
110 | ERRORF("Usage: p0f-client /path/to/socket host_ip\n"); | |
111 | exit(1); | |
112 | } | |
113 | ||
114 | q.magic = P0F_QUERY_MAGIC; | |
115 | ||
116 | if (strchr(argv[2], ':')) { | |
117 | ||
118 | parse_addr6(argv[2], q.addr); | |
119 | q.addr_type = P0F_ADDR_IPV6; | |
120 | ||
121 | } else { | |
122 | ||
123 | parse_addr4(argv[2], q.addr); | |
124 | q.addr_type = P0F_ADDR_IPV4; | |
125 | ||
126 | } | |
127 | ||
128 | sock = socket(PF_UNIX, SOCK_STREAM, 0); | |
129 | ||
130 | if (sock < 0) { | |
131 | SAYF("Call to socket() failed."); | |
132 | return 1; | |
133 | } | |
134 | ||
135 | sun.sun_family = AF_UNIX; | |
136 | ||
137 | if (strlen(argv[1]) >= sizeof(sun.sun_path)) { | |
138 | SAYF("API socket filename is too long for sockaddr_un (blame Unix)."); | |
139 | return 1; | |
140 | } | |
141 | ||
142 | strcpy(sun.sun_path, argv[1]); | |
143 | ||
144 | if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) { | |
145 | SAYF("Can't connect to API socket."); | |
146 | return 1; | |
147 | } | |
148 | ||
149 | if (write(sock, &q, sizeof(struct p0f_api_query)) != | |
150 | sizeof(struct p0f_api_query)) { | |
151 | SAYF("Short write to API socket."); | |
152 | return 1; | |
153 | } | |
154 | ||
155 | if (read(sock, &r, sizeof(struct p0f_api_response)) != | |
156 | sizeof(struct p0f_api_response)) { | |
157 | SAYF("Short read from API socket."); | |
158 | } | |
159 | ||
160 | close(sock); | |
161 | ||
162 | if (r.magic != P0F_RESP_MAGIC) { | |
163 | SAYF("Bad response magic (0x%08x).\n", r.magic); | |
164 | return 1; | |
165 | } | |
166 | ||
167 | if (r.status == P0F_STATUS_BADQUERY) { | |
168 | SAYF("P0f did not understand the query.\n"); | |
169 | return 1; | |
170 | } | |
171 | ||
172 | if (r.status == P0F_STATUS_NOMATCH) { | |
173 | SAYF("No matching host in p0f cache. That's all we know.\n"); | |
174 | return 0; | |
175 | } | |
176 | ||
177 | ut = r.first_seen; | |
178 | t = localtime(&ut); | |
179 | strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
180 | ||
181 | // SAYF("First seen = %s\n", tmp); | |
182 | ||
183 | ut = r.last_seen; | |
184 | t = localtime(&ut); | |
185 | strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
186 | ||
187 | // SAYF("Last update = %s\n", tmp); | |
188 | ||
189 | // SAYF("Total flows = %u\n", r.total_conn); | |
190 | ||
191 | if (!r.os_name[0]) | |
192 | SAYF("Genre and OS details not recognized."); | |
193 | else | |
194 | SAYF("%s %s%s%s", r.os_name, r.os_flavor, | |
195 | (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "", | |
196 | (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : ""); | |
197 | ||
198 | // if (!r.http_name[0]) | |
199 | // SAYF("HTTP software = ???\n"); | |
200 | // else | |
201 | // SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor, | |
202 | // (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit")); | |
203 | // | |
204 | // if (!r.link_type[0]) | |
205 | // SAYF("Network link = ???\n"); | |
206 | // else | |
207 | // SAYF("Network link = %s\n", r.link_type); | |
208 | // | |
209 | // if (!r.language[0]) | |
210 | // SAYF("Language = ???\n"); | |
211 | // else | |
212 | // SAYF("Language = %s\n", r.language); | |
213 | // | |
214 | // | |
215 | // if (r.distance == -1) | |
216 | // SAYF("Distance = ???\n"); | |
217 | // else | |
218 | // SAYF("Distance = %u\n", r.distance); | |
219 | // | |
220 | // if (r.last_nat) { | |
221 | // ut = r.last_nat; | |
222 | // t = localtime(&ut); | |
223 | // strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
224 | // SAYF("IP sharing = %s\n", tmp); | |
225 | // } | |
226 | // | |
227 | // if (r.last_chg) { | |
228 | // ut = r.last_chg; | |
229 | // t = localtime(&ut); | |
230 | // strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
231 | // SAYF("Sys change = %s\n", tmp); | |
232 | // } | |
233 | // | |
234 | // if (r.uptime_min) { | |
235 | // SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n", | |
236 | // r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60, | |
237 | // r.up_mod_days); | |
238 | // } | |
239 | ||
240 | return 0; | |
241 | ||
242 | } | |
243 |