1 /* 2 * Copyright (c) 2016-2021, OARC, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. Neither the name of the copyright holder nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 29 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 31 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #ifndef __dnscap_dnscap_h 36 #define __dnscap_dnscap_h 37 38 #ifdef __linux__ 39 #define _GNU_SOURCE 40 #endif 41 42 #include <sys/param.h> 43 #include <sys/types.h> 44 #include <sys/select.h> 45 #include <sys/socket.h> 46 #include <sys/fcntl.h> /* for open() */ 47 #include <sys/ioctl.h> /* for TIOCNOTTY */ 48 #include <stdarg.h> 49 #include <syslog.h> 50 #include <dlfcn.h> 51 #include <sys/stat.h> 52 #include <sys/resource.h> 53 #if HAVE_PTHREAD 54 #include <pthread.h> 55 #endif 56 57 #ifdef __linux__ 58 #define __FAVOR_BSD 59 #include <net/ethernet.h> 60 #ifdef USE_SECCOMP 61 #include <seccomp.h> 62 #endif 63 #endif 64 65 #ifdef __FreeBSD__ 66 #include <net/ethernet.h> 67 #endif 68 69 #ifdef __NetBSD__ 70 #include <net/ethertypes.h> 71 #include <net/if.h> 72 #include <net/if_ether.h> 73 #endif 74 75 #ifdef __OpenBSD__ 76 #include <net/ethertypes.h> 77 #include <net/if.h> 78 #include <netinet/in.h> 79 #include <netinet/in_var.h> 80 #include <netinet/if_ether.h> 81 #endif 82 83 #ifdef __APPLE__ 84 #include <net/ethernet.h> 85 #include <net/bpf.h> 86 #endif 87 88 #ifdef __hpux 89 #include <net/if.h> 90 #include <netinet/if_ether.h> 91 #define ETHER_HDR_LEN ETHER_HLEN 92 #define __BIT_TYPES_DEFINED 93 #define __HPLX 94 #endif 95 96 #ifdef __SVR4 97 #include <stdarg.h> 98 #include <net/if.h> 99 #include <net/if_arp.h> 100 #include <netinet/if_ether.h> 101 #include "snprintf.h" 102 #define IP_OFFMASK 0x1fff 103 #define u_int32_t uint32_t 104 #ifndef ETHER_HDR_LEN 105 #define ETHER_HDR_LEN 14 106 #endif 107 #endif 108 109 #ifndef MY_BPFTIMEVAL 110 #define MY_BPFTIMEVAL timeval 111 #endif 112 113 #include <netinet/in_systm.h> 114 #include <netinet/in.h> 115 #include <netinet/ip.h> 116 #include <netinet/ip6.h> 117 #include <netinet/udp.h> 118 #include <netinet/tcp.h> 119 #include <arpa/nameser.h> 120 #if HAVE_ARPA_NAMESER_COMPAT_H 121 #include <arpa/nameser_compat.h> 122 #endif 123 #include <arpa/inet.h> 124 125 #include <assert.h> 126 #include <errno.h> 127 #include <netdb.h> 128 #include <pcap.h> 129 #include <regex.h> 130 #include <signal.h> 131 #include <stdarg.h> 132 #include <stdio.h> 133 #include <stdlib.h> 134 #include <string.h> 135 #include <unistd.h> 136 #include <pwd.h> 137 #include <grp.h> 138 139 #if HAVE_ZLIB_H 140 #include <zlib.h> 141 #endif 142 143 #include <ldns/ldns.h> 144 145 #ifndef IPV6_VERSION 146 #define IPV6_VERSION 0x60 147 #endif 148 #ifndef IPV6_VERSION_MASK 149 #define IPV6_VERSION_MASK 0xf0 150 #endif 151 152 #define UDP10_QR_MASK 0x80 153 #define UDP10_QR_SHIFT 7 154 #define UDP10_OP_MASK 0x78 155 #define UDP10_OP_SHIFT 3 156 #define UDP10_AA_MASK 0x04 157 #define UDP10_AA_SHIFT 2 158 #define UDP10_TC_MASK 0x02 159 #define UDP10_TC_SHIFT 1 160 #define UDP10_RD_MASK 0x01 161 #define UDP10_RD_SHIFT 0 162 163 #define UDP11_RC_MASK 0x0f 164 #define UDP11_RC_SHIFT 0 165 166 #define MSG_QUERY 0x0001 167 #define MSG_UPDATE 0x0002 168 #define MSG_NOTIFY 0x0004 169 170 #define ERR_TRUNC 0x0001 171 #define ERR_RCODE_BASE 0x0002 172 #define ERR_NO (ERR_RCODE_BASE << 0) 173 #define ERR_FORMERR (ERR_RCODE_BASE << 1) 174 #define ERR_SERVFAIL (ERR_RCODE_BASE << 2) 175 #define ERR_NXDOMAIN (ERR_RCODE_BASE << 3) 176 #define ERR_NOTIMPL (ERR_RCODE_BASE << 4) 177 #define ERR_REFUSED (ERR_RCODE_BASE << 5) 178 #define ERR_YES (0xffffffff & ~ERR_NO) 179 180 #define END_INITIATOR 0x0001 181 #define END_RESPONDER 0x0002 182 183 #define HIDE_INET "\177\177\177\177" 184 #define HIDE_INET6 "\177\177\177\177\177\177\177\177" \ 185 "\177\177\177\177\177\177\177\177" 186 #define HIDE_PORT 54321 187 188 #ifndef ETHERTYPE_VLAN 189 #define ETHERTYPE_VLAN 0x8100 190 #endif 191 #ifndef ETHERTYPE_IPV6 192 #define ETHERTYPE_IPV6 0x86DD 193 #endif 194 195 #define THOUSAND 1000 196 #define MILLION (THOUSAND * THOUSAND) 197 #define MAX_VLAN 4095 198 #define DNS_PORT 53 199 #define TO_MS 1 200 #define SNAPLEN 65536 201 #define TRUE 1 202 #define FALSE 0 203 #define REGEX_CFLAGS (REG_EXTENDED | REG_ICASE | REG_NOSUB | REG_NEWLINE) 204 #define MAX_TCP_WINDOW (0xFFFF << 14) 205 #define MEM_MAX 20000000000 /* SETTING MAX MEMORY USAGE TO 2GB */ 206 207 #define ISC_CHECK_NONE 1 208 #include "isc/list.h" 209 #include "isc/assertions.h" 210 211 #include "dnscap_common.h" 212 213 #include "dump_dns.h" 214 #include "dump_cbor.h" 215 #include "dump_cds.h" 216 #include "options.h" 217 #include "pcap-thread/pcap_thread.h" 218 219 struct text { 220 LINK(struct text) 221 link; 222 size_t len; 223 char* text; 224 }; 225 typedef struct text* text_ptr; 226 typedef LIST(struct text) text_list; 227 #define text_size(len) (sizeof(struct text) + len) 228 229 struct mypcap { 230 LINK(struct mypcap) 231 link; 232 const char* name; 233 struct pcap_stat ps0, ps1; 234 uint64_t drops; 235 }; 236 typedef struct mypcap* mypcap_ptr; 237 typedef LIST(struct mypcap) mypcap_list; 238 239 struct vlan { 240 LINK(struct vlan) 241 link; 242 unsigned vlan; 243 }; 244 typedef struct vlan* vlan_ptr; 245 typedef LIST(struct vlan) vlan_list; 246 247 #define MAX_TCP_WINDOW_SIZE (0xFFFF << 14) 248 #define MAX_TCP_MSGS 8 249 #define MAX_TCP_SEGS 8 250 #define MAX_TCP_HOLES 8 251 #define MAX_TCP_DNS_MSG 8 252 253 typedef struct tcphole tcphole_t; 254 typedef struct tcp_msgbuf tcp_msgbuf_t; 255 typedef struct tcp_segbuf tcp_segbuf_t; 256 typedef struct tcpdnsmsg tcpdnsmsg_t; 257 typedef struct tcpreasm tcpreasm_t; 258 259 struct tcphole { 260 uint16_t start; 261 uint16_t len; 262 }; 263 264 struct tcp_msgbuf { 265 uint32_t seq; 266 uint16_t dnslen; 267 tcphole_t hole[MAX_TCP_HOLES]; 268 int holes; 269 u_char buf[]; 270 }; 271 272 struct tcp_segbuf { 273 uint32_t seq; 274 uint16_t len; 275 u_char buf[]; 276 }; 277 278 struct tcpdnsmsg { 279 size_t segments_seen; 280 uint16_t dnslen; 281 u_char dnspkt[]; 282 }; 283 284 struct tcpreasm { 285 uint32_t seq_start; 286 size_t msgbufs; 287 u_char dnslen_buf[2]; 288 u_char dnslen_bytes_seen_mask; 289 tcp_msgbuf_t* msgbuf[MAX_TCP_MSGS]; 290 tcp_segbuf_t* segbuf[MAX_TCP_SEGS]; 291 size_t segments_seen; 292 size_t dnsmsgs; 293 tcpdnsmsg_t* dnsmsg[MAX_TCP_DNS_MSG]; 294 uint32_t seq_bfb; 295 tcp_segbuf_t* bfb_seg[MAX_TCP_SEGS]; 296 u_char* bfb_buf; 297 size_t bfb_at; 298 }; 299 300 struct tcpstate { 301 LINK(struct tcpstate) 302 link; 303 iaddr saddr; 304 iaddr daddr; 305 uint16_t sport; 306 uint16_t dport; 307 uint32_t start; /* seq# of tcp payload start */ 308 uint32_t maxdiff; /* maximum (seq# - start) */ 309 uint16_t dnslen; 310 time_t last_use; 311 uint32_t lastdns; 312 uint32_t currseq; 313 size_t currlen; 314 315 tcpreasm_t* reasm; 316 size_t reasm_faults; 317 }; 318 typedef struct tcpstate* tcpstate_ptr; 319 typedef LIST(struct tcpstate) tcpstate_list; 320 321 struct endpoint { 322 LINK(struct endpoint) 323 link; 324 iaddr ia; 325 }; 326 typedef struct endpoint* endpoint_ptr; 327 typedef LIST(struct endpoint) endpoint_list; 328 329 struct myregex { 330 LINK(struct myregex) 331 link; 332 regex_t reg; 333 char* str; 334 int not ; 335 }; 336 typedef struct myregex* myregex_ptr; 337 typedef LIST(struct myregex) myregex_list; 338 339 struct plugin { 340 LINK(struct plugin) 341 link; 342 343 char* name; 344 void* handle; 345 enum plugin_type pt; 346 347 type_t(*type); 348 int (*start)(logerr_t*); 349 void (*stop)(); 350 int (*open)(my_bpftimeval); 351 int (*close)(); 352 output_t(*output); 353 filter_t(*filter); 354 void (*getopt)(int*, char**[]); 355 void (*usage)(); 356 void (*extension)(int, void*); 357 }; 358 typedef LIST(struct plugin) plugin_list; 359 360 enum dump_type { 361 nowhere, 362 to_stdout, 363 to_file 364 }; 365 enum dump_state { 366 dumper_opened, 367 dumper_closed 368 }; 369 370 extern plugin_list plugins; 371 extern const char* ProgramName; 372 extern char* dump_suffix; 373 extern int wantgzip; 374 375 extern plugin_list plugins; 376 extern const char* ProgramName; 377 extern int dumptrace; 378 extern int flush; 379 extern vlan_list vlans_excl; 380 extern vlan_list vlans_incl; 381 extern unsigned msg_wanted; 382 extern unsigned dir_wanted; 383 extern unsigned end_hide; 384 extern unsigned err_wanted; 385 extern tcpstate_list tcpstates; 386 extern int tcpstate_count; 387 extern endpoint_list initiators, not_initiators; 388 extern endpoint_list responders, not_responders; 389 extern endpoint_list drop_responders; 390 extern myregex_list myregexes; 391 extern mypcap_list mypcaps; 392 extern mypcap_ptr pcap_offline; 393 extern const char* dump_base; 394 extern char* dump_suffix; 395 extern char* extra_bpf; 396 extern enum dump_type dump_type; 397 extern enum dump_state dump_state; 398 extern const char* kick_cmd; 399 extern unsigned limit_seconds; 400 extern time_t next_interval; 401 extern unsigned limit_packets; 402 extern size_t limit_pcapfilesize; 403 extern pcap_t* pcap_dead; 404 extern pcap_dumper_t* dumper; 405 extern time_t dumpstart; 406 extern unsigned msgcount; 407 extern size_t capturedbytes; 408 extern char * dumpname, *dumpnamepart; 409 extern char* bpft; 410 extern unsigned dns_port; 411 extern int promisc; 412 extern int monitor_mode; 413 extern int immediate_mode; 414 extern int background; 415 extern char errbuf[PCAP_ERRBUF_SIZE]; 416 extern int wantgzip; 417 extern int wantfrags; 418 extern int wanticmp; 419 extern int wanttcp; 420 extern int preso; 421 #ifdef USE_SECCOMP 422 extern int use_seccomp; 423 #endif 424 extern int main_exit; 425 extern int alarm_set; 426 extern time_t start_time; 427 extern time_t stop_time; 428 extern int print_pcap_stats; 429 extern uint64_t pcap_drops; 430 extern my_bpftimeval last_ts; 431 extern unsigned long long mem_limit; 432 extern int mem_limit_set; 433 extern const char DROPTOUSER[]; 434 extern pcap_thread_t pcap_thread; 435 extern int only_offline_pcaps; 436 extern int dont_drop_privileges; 437 extern options_t options; 438 439 extern ldns_rr_type match_qtype, nmatch_qtype; 440 441 #endif /* __dnscap_dnscap_h */ 442