p0f-client-exim.c

   1 /*
   2    p0f-client - simple API client
   3    ------------------------------
   4
   5    Can be used to query p0f API sockets.
   6
   7    Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>
   8
   9    Distributed under the terms and conditions of GNU LGPL.
  10
  11  */
  12
  13 #include <stdio.h>
  14 #include <stdlib.h>
  15 #include <unistd.h>
  16 #include <string.h>
  17 #include <netdb.h>
  18 #include <errno.h>
  19 #include <ctype.h>
  20 #include <time.h>
  21
  22 #include <netinet/in.h>
  23 #include <arpa/inet.h>
  24 #include <sys/types.h>
  25 #include <sys/time.h>
  26 #include <sys/socket.h>
  27 #include <sys/un.h>
  28
  29 #include "../types.h"
  30 #include "../config.h"
  31 #include "../alloc-inl.h"
  32 #include "../debug.h"
  33 #include "../api.h"
  34
  35 /* Parse IPv4 address into a buffer. */
  36
  37 static void parse_addr4(char* str, u8* ret) {
  38
  39   u32 a1, a2, a3, a4;
  40
  41   if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4) {
  42     SAYF("Malformed IPv4 address.");
  43     exit(1);
  44   }
  45
  46   if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255) {
  47     SAYF("Malformed IPv4 address.");
  48     exit(1);
  49   }
  50
  51   ret[0] = a1;
  52   ret[1] = a2;
  53   ret[2] = a3;
  54   ret[3] = a4;
  55
  56 }
  57
  58
  59 /* Parse IPv6 address into a buffer. */
  60
  61 static void parse_addr6(char* str, u8* ret) {
  62   struct in6_addr ip;
  63   int8_t r = inet_pton(AF_INET6, str, &ip);
  64   if    (r == -1) {
  65     SAYF("parse_addr6: error while converting IPv6 address to binary format: %s", strerror(errno));
  66   }
  67   else if (r == 0) {
  68     SAYF("parse_addr6: passed invalid IPv6 address");
  69   }
  70   memcpy(ret, &ip, 16);
  71
  72   return;
  73 }
  74
  75
  76 int main(int argc, char** argv) {
  77
  78   u8 tmp[128];
  79   struct tm* t;
  80
  81   static struct p0f_api_query q;
  82   static struct p0f_api_response r;
  83
  84   static struct sockaddr_un sun;
  85
  86   s32  sock;
  87   time_t ut;
  88
  89   if (argc != 3) {
  90     ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
  91     exit(1);
  92   }
  93
  94   q.magic = P0F_QUERY_MAGIC;
  95
  96   if (strchr(argv[2], ':')) {
  97
  98     parse_addr6(argv[2], q.addr);
  99     q.addr_type = P0F_ADDR_IPV6;
 100
 101   } else {
 102
 103     parse_addr4(argv[2], q.addr);
 104     q.addr_type = P0F_ADDR_IPV4;
 105
 106   }
 107
 108   sock = socket(PF_UNIX, SOCK_STREAM, 0);
 109
 110   if (sock < 0) {
 111     SAYF("Call to socket() failed.");
 112                 return 1;
 113         }
 114
 115   sun.sun_family = AF_UNIX;
 116
 117   if (strlen(argv[1]) >= sizeof(sun.sun_path)) {
 118     SAYF("API socket filename is too long for sockaddr_un (blame Unix).");
 119     return 1;
 120   }
 121
 122   strcpy(sun.sun_path, argv[1]);
 123
 124   if (connect(sock, (struct sockaddr*)&sun, sizeof(sun))) {
 125     SAYF("Can't connect to API socket.");
 126                 return 1;
 127         }
 128
 129   if (write(sock, &q, sizeof(struct p0f_api_query)) !=
 130       sizeof(struct p0f_api_query)) {
 131     SAYF("Short write to API socket.");
 132     return 1;
 133   }
 134
 135   if (read(sock, &r, sizeof(struct p0f_api_response)) !=
 136       sizeof(struct p0f_api_response)) {
 137     SAYF("Short read from API socket.");
 138   }
 139
 140   close(sock);
 141
 142   if (r.magic != P0F_RESP_MAGIC) {
 143     SAYF("Bad response magic (0x%08x).\n", r.magic);
 144     return 1;
 145   }
 146
 147   if (r.status == P0F_STATUS_BADQUERY) {
 148     SAYF("P0f did not understand the query.\n");
 149                 return 1;
 150         }
 151
 152   if (r.status == P0F_STATUS_NOMATCH) {
 153     SAYF("No matching host in p0f cache. That's all we know.\n");
 154     return 0;
 155   }
 156
 157   ut = r.first_seen;
 158   t = localtime(&ut);
 159   strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
 160
 161 //  SAYF("First seen    = %s\n", tmp);
 162
 163   ut = r.last_seen;
 164   t = localtime(&ut);
 165   strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
 166
 167 //  SAYF("Last update   = %s\n", tmp);
 168
 169 //  SAYF("Total flows   = %u\n", r.total_conn);
 170
 171   if (!r.os_name[0])
 172     SAYF("Genre and OS details not recognized.");
 173   else
 174     SAYF("%s %s%s%s", r.os_name, r.os_flavor,
 175          (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
 176          (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");
 177
 178 //  if (!r.http_name[0])
 179 //    SAYF("HTTP software = ???\n");
 180 //  else
 181 //    SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
 182 //         (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));
 183 //
 184 //  if (!r.link_type[0])
 185 //    SAYF("Network link  = ???\n");
 186 //  else
 187 //    SAYF("Network link  = %s\n", r.link_type);
 188 //
 189 //  if (!r.language[0])
 190 //    SAYF("Language      = ???\n");
 191 //  else
 192 //    SAYF("Language      = %s\n", r.language);
 193 //
 194 //
 195 //  if (r.distance == -1)
 196 //    SAYF("Distance      = ???\n");
 197 //  else
 198 //    SAYF("Distance      = %u\n", r.distance);
 199 //
 200 //  if (r.last_nat) {
 201 //    ut = r.last_nat;
 202 //    t = localtime(&ut);
 203 //    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
 204 //    SAYF("IP sharing    = %s\n", tmp);
 205 //  }
 206 //
 207 //  if (r.last_chg) {
 208 //    ut = r.last_chg;
 209 //    t = localtime(&ut);
 210 //    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
 211 //    SAYF("Sys change    = %s\n", tmp);
 212 //  }
 213 //
 214 //  if (r.uptime_min) {
 215 //    SAYF("Uptime        = %u days %u hrs %u min (modulo %u days)\n",
 216 //         r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
 217 //         r.up_mod_days);
 218 //  }
 219
 220   return 0;
 221
 222 }
 223