Improved pcap dumping support

2009-11-16 22:36:31 +01:00 · 2009-11-16 22:36:31 +01:00 · 02aecc1278
--- a/examples/sample.c
+++ b/examples/sample.c
@ -40,6 +40,12 @@ char *user;
 char *cmds[MAXCMD];
 struct termios terminal;
 #ifdef WITH_PCAP
 /* this header file won't be necessary in the future */
 #include <libssh/pcap.h>
 char *pcap_file=NULL;
 #endif
 static int auth_callback(const char *prompt, char *buf, size_t len,
    int echo, int verify, void *userdata) {
  char *answer = NULL;
@ -86,19 +92,27 @@ static void usage(){
    "  -l user : log in as user\n"
    "  -p port : connect to port\n"
    "  -d : use DSS to verify host public key\n"
-    "  -r : use RSA to verify host public key\n",
+    "  -r : use RSA to verify host public key\n"
 #ifdef WITH_PCAP
    "  -P file : create a pcap debugging file\n"
 #endif
    		,
    ssh_version(0));
    exit(0);
 }
 static int opts(int argc, char **argv){
    int i;
 //    for(i=0;i<argc;i++)
 //        printf("%d : %s\n",i,argv[i]);
    /* insert your own arguments here */
-    while((i=getopt(argc,argv,""))!=-1){
+    while((i=getopt(argc,argv,"P:"))!=-1){
        switch(i){
 #ifdef WITH_PCAP
        	case 'P':
        		pcap_file=optarg;
        		break;
 #endif
            default:
                fprintf(stderr,"unknown option %c\n",optopt);
                usage();
@ -446,6 +460,31 @@ static int client(ssh_session session){
  return 0;
 }
 #ifdef WITH_PCAP
 ssh_pcap_file pcap;
 void set_pcap(ssh_session session);
 void set_pcap(ssh_session session){
 	ssh_pcap_context ctx;
 	if(!pcap_file)
 		return;
 	pcap=ssh_pcap_file_new();
 	if(ssh_pcap_file_open(pcap,pcap_file) == SSH_ERROR){
 		printf("Error opening pcap file\n");
 		ssh_pcap_file_free(pcap);
 		pcap=NULL;
 		return;
 	}
 	ctx=ssh_pcap_context_new(session);
 	ssh_pcap_context_set_file(ctx,pcap);
 	ssh_set_pcap_context(session,ctx);
 }
 void cleanup_pcap(void);
 void cleanup_pcap(){
 	ssh_pcap_file_free(pcap);
 	pcap=NULL;
 }
 #endif
 int main(int argc, char **argv){
    ssh_session session;
@ -461,10 +500,17 @@ int main(int argc, char **argv){
    }
    opts(argc,argv);
    signal(SIGTERM, do_exit);
-
+#ifdef WITH_PCAP
    set_pcap(session);
 #endif
    client(session);
    ssh_disconnect(session);
    ssh_free(session);
 #ifdef WITH_PCAP
    cleanup_pcap();
 #endif
    ssh_finalize();
    return 0;
--- a/include/libssh/pcap.h
+++ b/include/libssh/pcap.h
@ -2,6 +2,7 @@
 #define PCAP_H_
 #include "config.h"
 #include "libssh/libssh.h"
 #ifdef WITH_PCAP
 typedef struct ssh_pcap_context_struct* ssh_pcap_context;
@ -10,7 +11,7 @@ typedef struct ssh_pcap_file_struct* ssh_pcap_file;
 ssh_pcap_file ssh_pcap_file_new(void);
 int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
 int ssh_pcap_file_close(ssh_pcap_file pcap);
-void ssh_pcap_free(ssh_pcap_file pcap);
+void ssh_pcap_file_free(ssh_pcap_file pcap);
 /* to be removed from here after tests */
 int ssh_pcap_file_write_packet(ssh_pcap_file pcap, ssh_buffer packet, u_int32_t original_len);
@ -25,6 +26,8 @@ void ssh_pcap_context_set_file(ssh_pcap_context, ssh_pcap_file);
 int ssh_pcap_context_write(ssh_pcap_context,enum ssh_pcap_direction direction, void *data,
 		u_int32_t len, u_int32_t origlen);
 void ssh_set_pcap_context(ssh_session session, ssh_pcap_context pcap);
 #endif /* WITH_PCAP */
 #endif /* PCAP_H_ */
 /* vim: set ts=2 sw=2 et cindent: */
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@ -23,6 +23,7 @@
 #define SESSION_H_
 #include "libssh/priv.h"
 #include "libssh/packet.h"
 #include "libssh/pcap.h"
 typedef struct ssh_kbdint_struct* ssh_kbdint;
@ -96,6 +97,9 @@ struct ssh_session_struct {
    ssh_callbacks callbacks; /* Callbacks to user functions */
    /* options */
 #ifdef WITH_PCAP
    ssh_pcap_context pcap_ctx; /* pcap debugging context */
 #endif
    char *username;
    char *host;
    char *bindaddr; /* TODO: check if needed */
--- a/libssh/client.c
+++ b/libssh/client.c
@ -66,7 +66,11 @@ char *ssh_get_banner(ssh_session session) {
      leave_function();
      return NULL;
    }
-
+#ifdef WITH_PCAP
    if(session->pcap_ctx && buffer[i] == '\n'){
    	ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_IN,buffer,i+1,i+1);
    }
 #endif
    if (buffer[i] == '\r') {
      buffer[i] = '\0';
    }
@ -197,7 +201,10 @@ int ssh_send_banner(ssh_session session, int server) {
    leave_function();
    return -1;
  }
-
+#ifdef WITH_PCAP
  if(session->pcap_ctx)
  	ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_OUT,buffer,strlen(buffer),strlen(buffer));
 #endif
  leave_function();
  return 0;
 }
--- a/libssh/packet.c
+++ b/libssh/packet.c
@ -42,6 +42,7 @@
 #include "libssh/channels.h"
 #include "libssh/session.h"
 #include "libssh/messages.h"
 #include "libssh/pcap.h"
 /* XXX include selected mac size */
 static int macsize=SHA_DIGEST_LEN;
@ -159,6 +160,14 @@ static int packet_read2(ssh_session session) {
          ssh_set_error(session, SSH_FATAL, "Decrypt error");
          goto error;
        }
 #ifdef WITH_PCAP
        if(session->pcap_ctx){
        	ssh_pcap_context_write(session->pcap_ctx,
        			SSH_PCAP_DIR_IN, buffer_get(session->in_buffer),
        			buffer_get_len(session->in_buffer),
        			buffer_get_len(session->in_buffer));
        }
 #endif
        ssh_socket_read(session->socket, mac, macsize);
        if (packet_hmac_verify(session, session->in_buffer, mac) < 0) {
@ -488,7 +497,13 @@ static int packet_send2(ssh_session session) {
  if (buffer_add_data(session->out_buffer, padstring, padding) < 0) {
    goto error;
  }
-
+#ifdef WITH_PCAP
  if(session->pcap_ctx){
  	ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_OUT,
  			buffer_get(session->out_buffer),buffer_get_len(session->out_buffer)
  			,buffer_get_len(session->out_buffer));
  }
 #endif
  hmac = packet_encrypt(session, buffer_get(session->out_buffer),
      buffer_get_len(session->out_buffer));
  if (hmac) {
--- a/libssh/pcap.c
+++ b/libssh/pcap.c
@ -26,16 +26,21 @@
 * \addtogroup ssh_pcap
 * @{ */
 #include "config.h"
 #ifdef WITH_PCAP
 #include <stdio.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <errno.h>
 #include "config.h"
 #include "libssh/libssh.h"
 #include "libssh/pcap.h"
 #include "libssh/session.h"
 #include "libssh/buffer.h"
 #include "libssh/socket.h"
 #ifdef WITH_PCAP
 /* The header of a pcap file is the following. We are not going to make it
 * very complicated.
 * Just for information.
@ -83,6 +88,7 @@ struct pcaprec_hdr_s {
 struct ssh_pcap_context_struct {
 	ssh_session session;
 	ssh_pcap_file file;
 	int connected;
 	/* All of these informations are useful to generate
 	 * the dummy IP and TCP packets
 	 */
@ -100,6 +106,7 @@ struct ssh_pcap_context_struct {
 */
 struct ssh_pcap_file_struct {
 	FILE *output;
 	u_int16_t ipsequence;
 };
 /**
@ -192,7 +199,7 @@ int ssh_pcap_file_close(ssh_pcap_file pcap){
 		return SSH_OK;
 }
-void ssh_pcap_free(ssh_pcap_file pcap){
+void ssh_pcap_file_free(ssh_pcap_file pcap){
 	ssh_pcap_file_close(pcap);
 	SAFE_FREE(pcap);
 }
@ -217,10 +224,69 @@ void ssh_pcap_context_set_file(ssh_pcap_context ctx, ssh_pcap_file pcap){
 	ctx->file=pcap;
 }
 /** @internal
 * @brief sets the IP and port parameters in the connection
 */
 static int ssh_pcap_context_connect(ssh_pcap_context ctx){
 	ssh_session session=ctx->session;
 	struct sockaddr_in local, remote;
 	socket_t fd;
 	socklen_t len;
 	if(session==NULL)
 		return SSH_ERROR;
 	if(session->socket==NULL)
 		return SSH_ERROR;
 	fd=ssh_socket_get_fd(session->socket);
 	/* TODO: adapt for windows */
 	if(fd<0)
 		return SSH_ERROR;
 	len=sizeof(local);
 	if(getsockname(fd,(struct sockaddr *)&local,&len)<0){
 		ssh_set_error(session,SSH_REQUEST_DENIED,"Getting local IP address: %s",strerror(errno));
 		return SSH_ERROR;
 	}
 	len=sizeof(remote);
 	if(getpeername(fd,(struct sockaddr *)&remote,&len)<0){
 		ssh_set_error(session,SSH_REQUEST_DENIED,"Getting remote IP address: %s",strerror(errno));
 		return SSH_ERROR;
 	}
 	if(local.sin_family != AF_INET){
 		ssh_set_error(session,SSH_REQUEST_DENIED,"Only IPv4 supported for pcap logging");
 		return SSH_ERROR;
 	}
 	memcpy(&ctx->ipsource,&local.sin_addr,sizeof(ctx->ipsource));
 	memcpy(&ctx->ipdest,&remote.sin_addr,sizeof(ctx->ipdest));
 	memcpy(&ctx->portsource,&local.sin_port,sizeof(ctx->portsource));
 	memcpy(&ctx->portdest,&remote.sin_port,sizeof(ctx->portdest));
 	ctx->connected=1;
 	return SSH_OK;
 }
 #define IPHDR_LEN 20
 #define TCPHDR_LEN 20
 #define TCPIPHDR_LEN (IPHDR_LEN + TCPHDR_LEN)
 /** @internal
 * @brief write a SSH packet as a TCP over IP in a pcap file
 * @param ctx open pcap context
 * @param direction SSH_PCAP_DIRECTION_IN if the packet has been received
 * @param direction SSH_PCAP_DIRECTION_OUT if the packet has been emitted
 * @param data pointer to the data to write
 * @param len data to write in the pcap file. May be smaller than origlen.
 * @param origlen number of bytes of complete data.
 * @returns SSH_OK write is successful
 * @returns SSH_ERROR an error happened.
 */
 int ssh_pcap_context_write(ssh_pcap_context ctx,enum ssh_pcap_direction direction
 		, void *data, u_int32_t len, u_int32_t origlen){
-	ssh_buffer ip=buffer_new();
+	ssh_buffer ip;
 	int err;
 	if(ctx==NULL || ctx->file ==NULL)
 		return SSH_ERROR;
 	if(ctx->connected==0)
 		if(ssh_pcap_context_connect(ctx)==SSH_ERROR)
 			return SSH_ERROR;
 	ip=buffer_new();
 	if(ip==NULL){
 		ssh_set_error_oom(ctx->session);
 		return SSH_ERROR;
@ -231,9 +297,10 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,enum ssh_pcap_direction directio
 	/* tos */
 	buffer_add_u8(ip,0);
 	/* total len */
-	buffer_add_u16(ip,htons(origlen + 40));
+	buffer_add_u16(ip,htons(origlen + TCPIPHDR_LEN));
-	/* id */
+	/* IP id number */
-	buffer_add_u16(ip,htons(1));
+	buffer_add_u16(ip,htons(ctx->file->ipsequence));
 	ctx->file->ipsequence++;
 	/* fragment offset */
 	buffer_add_u16(ip,htons(0));
 	/* TTL */
@ -251,17 +318,19 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,enum ssh_pcap_direction directio
 	}
 	/* TCP */
 	if(direction==SSH_PCAP_DIR_OUT){
-		buffer_add_u16(ip,ntohs(ctx->portsource));
+		buffer_add_u16(ip,ctx->portsource);
-		buffer_add_u16(ip,ntohs(ctx->portdest));
+		buffer_add_u16(ip,ctx->portdest);
 	} else {
-		buffer_add_u16(ip,ntohs(ctx->portdest));
+		buffer_add_u16(ip,ctx->portdest);
-		buffer_add_u16(ip,ntohs(ctx->portsource));
+		buffer_add_u16(ip,ctx->portsource);
 	}
 	/* sequence number */
 	if(direction==SSH_PCAP_DIR_OUT){
 		buffer_add_u32(ip,ntohl(ctx->outsequence));
 		ctx->outsequence+=origlen;
 	} else {
 		buffer_add_u32(ip,ntohl(ctx->insequence));
 		ctx->insequence+=origlen;
 	}
 	/* ack number */
 	if(direction==SSH_PCAP_DIR_OUT){
@ -269,7 +338,7 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,enum ssh_pcap_direction directio
 	} else {
 		buffer_add_u32(ip,ntohl(ctx->outsequence));
 	}
-	/* header len */
+	/* header len = 20 = 5 * 32 bits, at offset 4*/
 	buffer_add_u8(ip,5 << 4);
 	/* flags */
 	buffer_add_u8(ip,TH_PUSH | TH_ACK);
@ -281,11 +350,16 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,enum ssh_pcap_direction directio
 	buffer_add_u16(ip,0);
 	/* actual data */
 	buffer_add_data(ip,data,len);
-	err=ssh_pcap_file_write_packet(ctx->file,ip,origlen + 40);
+	err=ssh_pcap_file_write_packet(ctx->file,ip,origlen + TCPIPHDR_LEN);
 	buffer_free(ip);
 	return err;
 }
 void ssh_set_pcap_context(ssh_session session, ssh_pcap_context pcap){
 	session->pcap_ctx=pcap;
 }
 #endif /* WITH_PCAP */
 /** @} */
 /* vim: set ts=2 sw=2 et cindent: */