tpotce/docker/p0f/tools/p0f-client.c

/*
   p0f-client - simple API client
   ------------------------------

   Can be used to query p0f API sockets.

   Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>

   Distributed under the terms and conditions of GNU LGPL.

 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <errno.h>
#include <ctype.h>
#include <time.h>

#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "../types.h"
#include "../config.h"
#include "../alloc-inl.h"
#include "../debug.h"
#include "../api.h"

/* Parse IPv4 address into a buffer. */

static void parse_addr4(char* str, u8* ret) {

  u32 a1, a2, a3, a4;

  if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4)
    FATAL("Malformed IPv4 address.");

  if (a1 > 255 || a2 > 255 || a3 > 255 || a4 > 255)
    FATAL("Malformed IPv4 address.");

  ret[0] = a1;
  ret[1] = a2;
  ret[2] = a3;
  ret[3] = a4;

}


/* Parse IPv6 address into a buffer. */

static void parse_addr6(char* str, u8* ret) {

  u32 seg = 0;
  u32 val;

  while (*str) {

    if (seg == 8) FATAL("Malformed IPv6 address (too many segments).");

    if (sscanf((char*)str, "%x", &val) != 1 ||
        val > 65535) FATAL("Malformed IPv6 address (bad octet value).");

    ret[seg * 2] = val >> 8;
    ret[seg * 2 + 1] = val;

    seg++;

    while (isxdigit(*str)) str++;
    if (*str) str++;

  }

  if (seg != 8) FATAL("Malformed IPv6 address (don't abbreviate).");

}


int main(int argc, char** argv) {

  u8 tmp[128];
  struct tm* t;

  static struct p0f_api_query q;
  static struct p0f_api_response r;

  static struct sockaddr_un sun;

  s32  sock;
  time_t ut;

  if (argc != 3) {
    ERRORF("Usage: p0f-client /path/to/socket host_ip\n");
    exit(1);
  }

  q.magic = P0F_QUERY_MAGIC;

  if (strchr(argv[2], ':')) {

    parse_addr6(argv[2], q.addr);
    q.addr_type = P0F_ADDR_IPV6;

  } else {

    parse_addr4(argv[2], q.addr);
    q.addr_type = P0F_ADDR_IPV4;

  }

  sock = socket(PF_UNIX, SOCK_STREAM, 0);

  if (sock < 0) PFATAL("Call to socket() failed.");

  sun.sun_family = AF_UNIX;

  if (strlen(argv[1]) >= sizeof(sun.sun_path))
    FATAL("API socket filename is too long for sockaddr_un (blame Unix).");

  strcpy(sun.sun_path, argv[1]);

  if (connect(sock, (struct sockaddr*)&sun, sizeof(sun)))
    PFATAL("Can't connect to API socket.");

  if (write(sock, &q, sizeof(struct p0f_api_query)) !=
      sizeof(struct p0f_api_query)) FATAL("Short write to API socket.");

  if (read(sock, &r, sizeof(struct p0f_api_response)) !=
      sizeof(struct p0f_api_response)) FATAL("Short read from API socket.");
  
  close(sock);

  if (r.magic != P0F_RESP_MAGIC)
    FATAL("Bad response magic (0x%08x).\n", r.magic);

  if (r.status == P0F_STATUS_BADQUERY)
    FATAL("P0f did not understand the query.\n");

  if (r.status == P0F_STATUS_NOMATCH) {
    SAYF("No matching host in p0f cache. That's all we know.\n");
    return 0;
  }

  ut = r.first_seen;
  t = localtime(&ut);
  strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);

  SAYF("First seen    = %s\n", tmp);

  ut = r.last_seen;
  t = localtime(&ut);
  strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);

  SAYF("Last update   = %s\n", tmp);

  SAYF("Total flows   = %u\n", r.total_conn);

  if (!r.os_name[0])
    SAYF("Detected OS   = ???\n");
  else
    SAYF("Detected OS   = %s %s%s%s\n", r.os_name, r.os_flavor,
         (r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",
         (r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");

  if (!r.http_name[0])
    SAYF("HTTP software = ???\n");
  else
    SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,
         (r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));

  if (!r.link_type[0])
    SAYF("Network link  = ???\n");
  else
    SAYF("Network link  = %s\n", r.link_type);

  if (!r.language[0])
    SAYF("Language      = ???\n");
  else
    SAYF("Language      = %s\n", r.language);


  if (r.distance == -1)
    SAYF("Distance      = ???\n");
  else
    SAYF("Distance      = %u\n", r.distance);

  if (r.last_nat) {
    ut = r.last_nat;
    t = localtime(&ut);
    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
    SAYF("IP sharing    = %s\n", tmp);
  }

  if (r.last_chg) {
    ut = r.last_chg;
    t = localtime(&ut);
    strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);
    SAYF("Sys change    = %s\n", tmp);
  }

  if (r.uptime_min) {
    SAYF("Uptime        = %u days %u hrs %u min (modulo %u days)\n", 
         r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,
         r.up_mod_days);
  }

  return 0;

}
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`/*`
			`p0f-client - simple API client`
			`------------------------------`

			`Can be used to query p0f API sockets.`

			`Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>`

			`Distributed under the terms and conditions of GNU LGPL.`

			`*/`

			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <unistd.h>`
			`#include <string.h>`
			`#include <netdb.h>`
			`#include <errno.h>`
			`#include <ctype.h>`
			`#include <time.h>`

			`#include <netinet/in.h>`
			`#include <arpa/inet.h>`
			`#include <sys/types.h>`
			`#include <sys/time.h>`
			`#include <sys/socket.h>`
			`#include <sys/un.h>`

			`#include "../types.h"`
			`#include "../config.h"`
			`#include "../alloc-inl.h"`
			`#include "../debug.h"`
			`#include "../api.h"`

			`/* Parse IPv4 address into a buffer. */`

			`static void parse_addr4(char* str, u8* ret) {`

			`u32 a1, a2, a3, a4;`

			`if (sscanf(str, "%u.%u.%u.%u", &a1, &a2, &a3, &a4) != 4)`
			`FATAL("Malformed IPv4 address.");`

			`if (a1 > 255 \|\| a2 > 255 \|\| a3 > 255 \|\| a4 > 255)`
			`FATAL("Malformed IPv4 address.");`

			`ret[0] = a1;`
			`ret[1] = a2;`
			`ret[2] = a3;`
			`ret[3] = a4;`

			`}`


			`/* Parse IPv6 address into a buffer. */`

			`static void parse_addr6(char* str, u8* ret) {`

			`u32 seg = 0;`
			`u32 val;`

			`while (*str) {`

			`if (seg == 8) FATAL("Malformed IPv6 address (too many segments).");`

			`if (sscanf((char*)str, "%x", &val) != 1 \|\|`
			`val > 65535) FATAL("Malformed IPv6 address (bad octet value).");`

			`ret[seg * 2] = val >> 8;`
			`ret[seg * 2 + 1] = val;`

			`seg++;`

			`while (isxdigit(*str)) str++;`
			`if (*str) str++;`

			`}`

			`if (seg != 8) FATAL("Malformed IPv6 address (don't abbreviate).");`

			`}`


			`int main(int argc, char** argv) {`

			`u8 tmp[128];`
			`struct tm* t;`

			`static struct p0f_api_query q;`
			`static struct p0f_api_response r;`

			`static struct sockaddr_un sun;`

			`s32 sock;`
			`time_t ut;`

			`if (argc != 3) {`
			`ERRORF("Usage: p0f-client /path/to/socket host_ip\n");`
			`exit(1);`
			`}`

			`q.magic = P0F_QUERY_MAGIC;`

			`if (strchr(argv[2], ':')) {`

			`parse_addr6(argv[2], q.addr);`
			`q.addr_type = P0F_ADDR_IPV6;`

			`} else {`

			`parse_addr4(argv[2], q.addr);`
			`q.addr_type = P0F_ADDR_IPV4;`

			`}`

			`sock = socket(PF_UNIX, SOCK_STREAM, 0);`

			`if (sock < 0) PFATAL("Call to socket() failed.");`

			`sun.sun_family = AF_UNIX;`

			`if (strlen(argv[1]) >= sizeof(sun.sun_path))`
			`FATAL("API socket filename is too long for sockaddr_un (blame Unix).");`

			`strcpy(sun.sun_path, argv[1]);`

			`if (connect(sock, (struct sockaddr*)&sun, sizeof(sun)))`
			`PFATAL("Can't connect to API socket.");`

			`if (write(sock, &q, sizeof(struct p0f_api_query)) !=`
			`sizeof(struct p0f_api_query)) FATAL("Short write to API socket.");`

			`if (read(sock, &r, sizeof(struct p0f_api_response)) !=`
			`sizeof(struct p0f_api_response)) FATAL("Short read from API socket.");`

			`close(sock);`

			`if (r.magic != P0F_RESP_MAGIC)`
			`FATAL("Bad response magic (0x%08x).\n", r.magic);`

			`if (r.status == P0F_STATUS_BADQUERY)`
			`FATAL("P0f did not understand the query.\n");`

			`if (r.status == P0F_STATUS_NOMATCH) {`
			`SAYF("No matching host in p0f cache. That's all we know.\n");`
			`return 0;`
			`}`

			`ut = r.first_seen;`
			`t = localtime(&ut);`
			`strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);`

			`SAYF("First seen = %s\n", tmp);`

			`ut = r.last_seen;`
			`t = localtime(&ut);`
			`strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);`

			`SAYF("Last update = %s\n", tmp);`

			`SAYF("Total flows = %u\n", r.total_conn);`

			`if (!r.os_name[0])`
			`SAYF("Detected OS = ???\n");`
			`else`
			`SAYF("Detected OS = %s %s%s%s\n", r.os_name, r.os_flavor,`
			`(r.os_match_q & P0F_MATCH_GENERIC) ? " [generic]" : "",`
			`(r.os_match_q & P0F_MATCH_FUZZY) ? " [fuzzy]" : "");`

			`if (!r.http_name[0])`
			`SAYF("HTTP software = ???\n");`
			`else`
			`SAYF("HTTP software = %s %s (ID %s)\n", r.http_name, r.http_flavor,`
			`(r.bad_sw == 2) ? "is fake" : (r.bad_sw ? "OS mismatch" : "seems legit"));`

			`if (!r.link_type[0])`
			`SAYF("Network link = ???\n");`
			`else`
			`SAYF("Network link = %s\n", r.link_type);`

			`if (!r.language[0])`
			`SAYF("Language = ???\n");`
			`else`
			`SAYF("Language = %s\n", r.language);`


			`if (r.distance == -1)`
			`SAYF("Distance = ???\n");`
			`else`
			`SAYF("Distance = %u\n", r.distance);`

			`if (r.last_nat) {`
			`ut = r.last_nat;`
			`t = localtime(&ut);`
			`strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);`
			`SAYF("IP sharing = %s\n", tmp);`
			`}`

			`if (r.last_chg) {`
			`ut = r.last_chg;`
			`t = localtime(&ut);`
			`strftime((char*)tmp, 128, "%Y/%m/%d %H:%M:%S", t);`
			`SAYF("Sys change = %s\n", tmp);`
			`}`

			`if (r.uptime_min) {`
			`SAYF("Uptime = %u days %u hrs %u min (modulo %u days)\n",`
			`r.uptime_min / 60 / 24, (r.uptime_min / 60) % 24, r.uptime_min % 60,`
			`r.up_mod_days);`
			`}`

			`return 0;`

			`}`