1 /* ipguard.c
2 *
3 * Copyright (c) 2010 SeaD <sead at deep.perm.ru>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $Id: ipguard.c,v 1.18 2010/07/12 03:46:36 sead Exp $
27 *
28 */
29
30 #include "ipguard.h"
31
usage(char * name)32 void usage(char *name) {
33 fprintf(stdout, "%s v%s (c) %s <%s>\n\n", NAME, VERSION, AUTHOR, MAIL);
34 fprintf(stdout, "usage: %s [-h] [-ajgrxziovd]\n", name);
35 fprintf(stdout, " [-f ethers] [-l log] [-p pid] [-m mac] [-c filter] [-u seconds] [-k seconds]\n");
36 fprintf(stdout, " [-n fakes] [-t mseconds] [-b buf] [-s user] <iface>\n\n");
37 }
38
help(void)39 void help(void) {
40 fprintf(stdout, "available options:\n");
41 fprintf(stdout, " -f | -e <ethers> ethers file (" ETHERSFILE ")\n");
42 fprintf(stdout, " -l <log> log file (" LOGNAME "_<iface>.log)\n");
43 fprintf(stdout, " -p <pid> pid file (" PIDNAME "_<iface>.pid)\n");
44 fprintf(stdout, " -m <mac> fake mac (" FAKEMAC ")\n");
45 fprintf(stdout, " -c <filter> pcap expression (none)\n");
46 fprintf(stdout, " -u <seconds> update ethers interval (%d)\n", ETHERSTO);
47 fprintf(stdout, " -k <seconds> fake regenerate time (%d)\n", FAKEREGEN);
48 fprintf(stdout, " -n <fakes> fake replies number (%d)\n", FAKENUM);
49 fprintf(stdout, " -t <mseconds> time between fakes (%d)\n", FAKETIME);
50 fprintf(stdout, " -b <buf> mac-ip buffer size (%d)\n", BUFSIZE);
51 fprintf(stdout, " -s <user> set user (none)\n");
52 fprintf(stdout, " -a no address substitution\n");
53 fprintf(stdout, " -j disable first mac-ip\n");
54 fprintf(stdout, " -g default to grant\n");
55 fprintf(stdout, " -r read only\n");
56 fprintf(stdout, " -x duplex mode\n");
57 fprintf(stdout, " -z fix by broadcast\n");
58 fprintf(stdout, " -i hidden mode\n");
59 fprintf(stdout, " -o promiscuous mode\n");
60 fprintf(stdout, " -v be verbose\n");
61 fprintf(stdout, " -d[d[d]] don't fork [debug [more]]\n");
62 fprintf(stdout, " -h this help\n");
63 }
64
main(int argc,char * argv[])65 int main(int argc, char *argv[]) {
66 extern char *optarg;
67 extern int optind;
68 int n;
69
70 if (getuid()) {
71 fprintf(stderr, "error: must be run as root to init libnet\n");
72 exit(EXIT_FAILURE);
73 }
74
75 srand((unsigned int) getpid());
76
77 iface[0] = fmac[0] = pfmac[0] = pcapf[0] = log_name[0] = pid_name[0] = suser[0] = '\0';
78 strncpy(ethers_name, ETHERSFILE, PATH_MAX);
79 strncpy(fmac, FAKEMAC, 18);
80 ethers_update = ETHERSTO;
81 fake_regen = FAKEREGEN;
82 fake_num = FAKENUM;
83 fake_time = FAKETIME;
84 buffer_num = BUFSIZE;
85 addr_nosubst = nofirst = grant = read_only = duplex = fixbc = hidden =
86 promisc = debug = verbose = 0;
87
88 all = good = grat = wgrat = zmac = zip = bad = bmac = bsip =
89 btip = bnew = bgrat = mymac = fake = pfake = nzh = nbe = mis = 0;
90
91 /* Still unused letters: q:w:y and all of figures ;)
92 */
93
94 while ((n = getopt(argc, argv, "f:e:l:p:m:c:s:u:k:n:t:b:ajgrxziovdh")) != EOF) {
95 switch (n) {
96 case 'f':
97 case 'e': strncpy(ethers_name, optarg, PATH_MAX); break;
98 case 'l': strncpy(log_name, optarg, PATH_MAX); break;
99 case 'p': strncpy(pid_name, optarg, PATH_MAX); break;
100 case 'm': strncpy(fmac, optarg, 18); break;
101 case 'c': strncpy(pcapf, optarg, PCAPFSIZ); break;
102 case 's': strncpy(suser, optarg, MAXLOGNAME); break;
103 case 'u': ethers_update = atoi(optarg); break;
104 case 'k': fake_regen = atoi(optarg); break;
105 case 'n': fake_num = atoi(optarg); break;
106 case 't': fake_time = atoi(optarg); break;
107 case 'b': buffer_num = atoi(optarg); break;
108 case 'a': addr_nosubst++; break;
109 case 'j': nofirst++; break;
110 case 'g': grant++; break;
111 case 'r': read_only++; break;
112 case 'x': duplex++; break;
113 case 'z': fixbc++; break;
114 case 'i': hidden++; break;
115 case 'o': promisc++; break;
116 case 'v': verbose++; break;
117 case 'd': debug++; break;
118 case 'h': usage(argv[0]); help(); exit(EXIT_SUCCESS);
119 default: usage(argv[0]); exit(EXIT_FAILURE);
120 }
121 }
122 if (argc > optind) { strncpy(iface, argv[optind], IFNAMSIZ); }
123 else { usage(argv[0]); exit(EXIT_FAILURE); }
124
125 if (!log_name[0]) snprintf(log_name, PATH_MAX, "%s_%s.log", LOGNAME, iface);
126 if (!pid_name[0]) snprintf(pid_name, PATH_MAX, "%s_%s.pid", PIDNAME, iface);
127
128 if (!pcapf[0]) strncpy(pcapf, "arp", 3);
129 else { pcapf[PCAPFSIZ-10] = '\0'; strncat(pcapf, " and arp", 8); }
130
131 log_open();
132
133 if (verbose) { log_str(NOTICE, "Starting", argv[0]); }
134
135 if (debug > 1) {
136 fprintf(stderr, "PARAMS:");
137 for (n = 1; n < argc; n++) fprintf(stderr, " %s", argv[n]);
138 fprintf(stderr, "\n");
139 fprintf(stderr, "PCAP FILTER: %s\n", pcapf);
140 }
141
142 if (!debug) daemonize();
143 pid_creat();
144 packet_init(iface);
145 if (suser[0]) set_user();
146 sig_init();
147
148 while (1) packet_recv();
149
150 exit_ipguard(EXIT_SUCCESS);
151 return 0;
152 }
153