Commit | Line | Data |
---|---|---|
c3a49fd7 JD |
1 | /* |
2 | p0f-client - simple API client | |
3 | ------------------------------ | |
4 | ||
5 | Can be used to query p0f API sockets. | |
6 | ||
7 | Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx> | |
8 | ||
9 | Distributed under the terms and conditions of GNU LGPL. | |
10 | ||
11 | */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <unistd.h> | |
16 | #include <string.h> | |
17 | #include <netdb.h> | |
18 | #include <errno.h> | |
19 | #include <ctype.h> | |
20 | #include <time.h> | |
21 | ||
22 | #include <netinet/in.h> | |
23 | #include <arpa/inet.h> | |
24 | #include <sys/types.h> | |
25 | #include <sys/time.h> | |
26 | #include <sys/socket.h> | |
27 | #include <sys/un.h> | |
28 | ||
29 | #include "../types.h" | |
30 | #include "../config.h" | |
31 | #include "../alloc-inl.h" | |
32 | #include "../debug.h" | |
33 | #include "../api.h" | |
34 | ||
35 | /* Parse IPv4 address into a buffer. */ | |
36 | ||
37 | static void parse_addr4(char* str, u8* ret) { | |
38 | ||
39 | u32 a1, a2, a3, a4; | |
40 | ||
bdd1c87e IK |
41 | if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) |
42 | FATAL("Malformed IPv4 address."); | |
c3a49fd7 | 43 | |
bdd1c87e IK |
44 | if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255) |
45 | FATAL("Malformed IPv4 address."); | |
c3a49fd7 JD |
46 | |
47 | ret[0] = a1; | |
48 | ret[1] = a2; | |
49 | ret[2] = a3; | |
50 | ret[3] = a4; | |
51 | ||
52 | } | |
53 | ||
54 | ||
55 | /* Parse IPv6 address into a buffer. */ | |
56 | ||
57 | static void parse_addr6(char* str, u8* ret) { | |
bdd1c87e IK |
58 | |
59 | u32 seg = 0; | |
60 | u32 val; | |
61 | ||
62 | while (*str) { | |
63 | ||
64 | if (seg == 8) FATAL("Malformed IPv6 address (too many segments)."); | |
65 | ||
66 | if (sscanf((char*)str, "%x", &val) != 1 || | |
67 | val > 65535) FATAL("Malformed IPv6 address (bad octet value)."); | |
68 | ||
69 | ret[seg * 2] = val >> 8; | |
70 | ret[seg * 2 + 1] = val; | |
71 | ||
72 | seg++; | |
73 | ||
74 | while (isxdigit(*str)) str++; | |
75 | if (*str) str++; | |
20c93451 IK |
76 | // ian: added this to get beyond :: |
77 | if (*str && !isxdigit(*str)) str++; | |
bdd1c87e | 78 | |
52b56873 | 79 | } |
c3a49fd7 | 80 | |
20c93451 IK |
81 | // iank: commented. exim abbreviates but its consistent. and ip addr is only used |
82 | // to identify host, some misplaced leading zeros will not end up making 2 | |
83 | // ipv6 addresses from the internet be the same in practice. | |
84 | //if (seg != 8) FATAL("Malformed IPv6 address (don't abbreviate)."); | |
bdd1c87e | 85 | |
c3a49fd7 JD |
86 | } |
87 | ||
88 | ||
89 | int main(int argc, char** argv) { | |
90 | ||
91 | u8 tmp[128]; | |
92 | struct tm* t; | |
93 | ||
94 | static struct p0f_api_query q; | |
95 | static struct p0f_api_response r; | |
96 | ||
97 | static struct sockaddr_un sun; | |
98 | ||
99 | s32 sock; | |
100 | time_t ut; | |
101 | ||
102 | if (argc != 3) { | |
103 | ERRORF("Usage: p0f-client /path/to/socket host_ip\n"); | |
104 | exit(1); | |
105 | } | |
106 | ||
107 | q.magic = P0F_QUERY_MAGIC; | |
108 | ||
109 | if (strchr(argv[2], ':')) { | |
110 | ||
111 | parse_addr6(argv[2], q.addr); | |
112 | q.addr_type = P0F_ADDR_IPV6; | |
113 | ||
114 | } else { | |
115 | ||
116 | parse_addr4(argv[2], q.addr); | |
117 | q.addr_type = P0F_ADDR_IPV4; | |
118 | ||
119 | } | |
120 | ||
121 | sock = socket(PF_UNIX, SOCK_STREAM, 0); | |
122 | ||
bdd1c87e | 123 | if (sock < 0) PFATAL("Call to socket() failed."); |
c3a49fd7 JD |
124 | |
125 | sun.sun_family = AF_UNIX; | |
126 | ||
bdd1c87e IK |
127 | if (strlen(argv[1]) >= sizeof(sun.sun_path)) |
128 | FATAL("API socket filename is too long for sockaddr_un (blame Unix)."); | |
c3a49fd7 JD |
129 | |
130 | strcpy(sun.sun_path, argv[1]); | |
131 | ||
bdd1c87e IK |
132 | if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) |
133 | PFATAL("Can't connect to API socket."); | |
c3a49fd7 JD |
134 | |
135 | if (write(sock, &q, sizeof(struct p0f_api_query)) != | |
bdd1c87e | 136 | sizeof(struct p0f_api_query)) FATAL("Short write to API socket."); |
c3a49fd7 JD |
137 | |
138 | if (read(sock, &r, sizeof(struct p0f_api_response)) != | |
bdd1c87e IK |
139 | sizeof(struct p0f_api_response)) FATAL("Short read from API socket."); |
140 | ||
c3a49fd7 JD |
141 | close(sock); |
142 | ||
bdd1c87e IK |
143 | if (r.magic != P0F_RESP_MAGIC) |
144 | FATAL("Bad response magic (0x%08x).\n", r.magic); | |
c3a49fd7 | 145 | |
bdd1c87e IK |
146 | if (r.status == P0F_STATUS_BADQUERY) |
147 | FATAL("P0f did not understand the query.\n"); | |
c3a49fd7 JD |
148 | |
149 | if (r.status == P0F_STATUS_NOMATCH) { | |
150 | SAYF("No matching host in p0f cache. That's all we know.\n"); | |
151 | return 0; | |
152 | } | |
153 | ||
154 | ut = r.first_seen; | |
155 | t = localtime(&ut); | |
156 | strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
157 | ||
bdd1c87e | 158 | SAYF("First seen = %s\n", tmp); |
c3a49fd7 JD |
159 | |
160 | ut = r.last_seen; | |
161 | t = localtime(&ut); | |
162 | strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
163 | ||
164 | // SAYF("Last update = %s\n", tmp); | |
165 | ||
166 | // SAYF("Total flows = %u\n", r.total_conn); | |
167 | ||
168 | if (!r.os_name[0]) | |
bdd1c87e | 169 | SAYF("Detected OS = ???\n"); |
c3a49fd7 | 170 | else |
bdd1c87e | 171 | SAYF("Detected OS = %s %s%s%s\n", r.os_name, r.os_flavor, |
c3a49fd7 JD |
172 | (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "", |
173 | (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : ""); | |
174 | ||
175 | // if (!r.http_name[0]) | |
176 | // SAYF("HTTP software = ???\n"); | |
177 | // else | |
178 | // SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor, | |
179 | // (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit")); | |
180 | // | |
181 | // if (!r.link_type[0]) | |
182 | // SAYF("Network link = ???\n"); | |
183 | // else | |
184 | // SAYF("Network link = %s\n", r.link_type); | |
185 | // | |
186 | // if (!r.language[0]) | |
187 | // SAYF("Language = ???\n"); | |
188 | // else | |
189 | // SAYF("Language = %s\n", r.language); | |
190 | // | |
191 | // | |
192 | // if (r.distance == -1) | |
193 | // SAYF("Distance = ???\n"); | |
194 | // else | |
195 | // SAYF("Distance = %u\n", r.distance); | |
196 | // | |
197 | // if (r.last_nat) { | |
198 | // ut = r.last_nat; | |
199 | // t = localtime(&ut); | |
200 | // strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
201 | // SAYF("IP sharing = %s\n", tmp); | |
202 | // } | |
203 | // | |
204 | // if (r.last_chg) { | |
205 | // ut = r.last_chg; | |
206 | // t = localtime(&ut); | |
207 | // strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t); | |
208 | // SAYF("Sys change = %s\n", tmp); | |
209 | // } | |
210 | // | |
211 | // if (r.uptime_min) { | |
bdd1c87e | 212 | // SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n", |
c3a49fd7 JD |
213 | // r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60, |
214 | // r.up_mod_days); | |
215 | // } | |
216 | ||
217 | return 0; | |
218 | ||
219 | } |