2013-10-09 07:18:59 +04:00
|
|
|
/**
|
|
|
|
* WinPR: Windows Portable Runtime
|
|
|
|
* WinPR Logger
|
|
|
|
*
|
|
|
|
* Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2015-05-29 14:46:50 +03:00
|
|
|
* Copyright 2015 Thincast Technologies GmbH
|
|
|
|
* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
|
2013-10-09 07:18:59 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2022-02-16 12:08:00 +03:00
|
|
|
#include <winpr/config.h>
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2015-11-09 19:56:44 +03:00
|
|
|
#include "wlog.h"
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2022-02-14 16:59:22 +03:00
|
|
|
#include "PacketMessage.h"
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2017-08-29 10:09:38 +03:00
|
|
|
#include <winpr/wtypes.h>
|
2013-10-09 07:18:59 +04:00
|
|
|
#include <winpr/crt.h>
|
2021-05-25 20:27:13 +03:00
|
|
|
#include <winpr/file.h>
|
2013-10-09 21:37:53 +04:00
|
|
|
#include <winpr/stream.h>
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2014-08-18 19:11:40 +04:00
|
|
|
#include "../../log.h"
|
|
|
|
#define TAG WINPR_TAG("utils.wlog")
|
|
|
|
|
2013-10-09 07:18:59 +04:00
|
|
|
#ifndef _WIN32
|
|
|
|
#include <sys/time.h>
|
|
|
|
#else
|
|
|
|
#include <time.h>
|
|
|
|
#include <sys/timeb.h>
|
|
|
|
#include <winpr/windows.h>
|
|
|
|
|
|
|
|
static int gettimeofday(struct timeval* tp, void* tz)
|
|
|
|
{
|
|
|
|
struct _timeb timebuffer;
|
|
|
|
_ftime(&timebuffer);
|
2019-11-06 17:24:51 +03:00
|
|
|
tp->tv_sec = (long)timebuffer.time;
|
2013-10-09 07:18:59 +04:00
|
|
|
tp->tv_usec = timebuffer.millitm * 1000;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_Read_Header(wPcap* pcap, wPcapHeader* header)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (pcap && pcap->fp && fread((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
|
2015-06-26 16:58:01 +03:00
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
/* currently unused code */
|
2019-11-06 17:24:51 +03:00
|
|
|
#if 0
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_Read_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
|
2013-10-09 21:37:53 +04:00
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (pcap && pcap->fp && (fread((void*) record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1))
|
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_Read_Record(wPcap* pcap, wPcapRecord* record)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2014-08-14 12:38:02 +04:00
|
|
|
if (pcap && pcap->fp)
|
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!Pcap_Read_RecordHeader(pcap, &record->header))
|
|
|
|
return FALSE;
|
2014-08-14 12:38:02 +04:00
|
|
|
record->length = record->header.incl_len;
|
|
|
|
record->data = malloc(record->length);
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!record->data)
|
2015-06-14 01:55:09 +03:00
|
|
|
return FALSE;
|
2015-06-22 19:52:13 +03:00
|
|
|
if (fread(record->data, record->length, 1, pcap->fp) != 1)
|
|
|
|
{
|
|
|
|
free(record->data);
|
|
|
|
record->length = 0;
|
|
|
|
record->data = NULL;
|
|
|
|
return FALSE;
|
|
|
|
}
|
2014-08-14 12:38:02 +04:00
|
|
|
}
|
2015-06-14 01:55:09 +03:00
|
|
|
return TRUE;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_Add_Record(wPcap* pcap, void* data, UINT32 length)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
|
|
|
wPcapRecord* record;
|
|
|
|
struct timeval tp;
|
|
|
|
|
|
|
|
if (!pcap->tail)
|
|
|
|
{
|
2015-04-03 17:21:01 +03:00
|
|
|
pcap->tail = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
|
|
|
|
if (!pcap->tail)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2013-10-09 07:18:59 +04:00
|
|
|
pcap->head = pcap->tail;
|
|
|
|
pcap->record = pcap->head;
|
|
|
|
record = pcap->tail;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2015-04-03 17:21:01 +03:00
|
|
|
record = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
|
|
|
|
if (!record)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2013-10-09 07:18:59 +04:00
|
|
|
pcap->tail->next = record;
|
|
|
|
pcap->tail = record;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!pcap->record)
|
|
|
|
pcap->record = record;
|
|
|
|
|
|
|
|
record->data = data;
|
|
|
|
record->length = length;
|
|
|
|
record->header.incl_len = length;
|
|
|
|
record->header.orig_len = length;
|
|
|
|
gettimeofday(&tp, 0);
|
|
|
|
record->header.ts_sec = tp.tv_sec;
|
|
|
|
record->header.ts_usec = tp.tv_usec;
|
2015-06-26 16:58:01 +03:00
|
|
|
return TRUE;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_HasNext_Record(wPcap* pcap)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2017-08-11 11:07:46 +03:00
|
|
|
if (pcap->file_size - (_ftelli64(pcap->fp)) <= 16)
|
2013-10-09 07:18:59 +04:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_GetNext_RecordHeader(wPcap* pcap, wPcapRecord* record)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!Pcap_HasNext_Record(pcap) || !Pcap_Read_RecordHeader(pcap, &record->header))
|
2013-10-09 07:18:59 +04:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
record->length = record->header.incl_len;
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_GetNext_RecordContent(wPcap* pcap, wPcapRecord* record)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (pcap && pcap->fp && fread(record->data, record->length, 1, pcap->fp) == 1)
|
2014-08-14 12:38:02 +04:00
|
|
|
return TRUE;
|
2014-08-18 21:34:47 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
return FALSE;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL Pcap_GetNext_Record(wPcap* pcap, wPcapRecord* record)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!Pcap_HasNext_Record(pcap))
|
2013-10-09 07:18:59 +04:00
|
|
|
return FALSE;
|
|
|
|
|
2015-06-14 01:55:09 +03:00
|
|
|
return Pcap_Read_Record(pcap, record);
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
2015-06-26 16:58:01 +03:00
|
|
|
#endif
|
|
|
|
|
|
|
|
static BOOL Pcap_Write_Header(wPcap* pcap, wPcapHeader* header)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (pcap && pcap->fp && fwrite((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
|
2015-06-26 16:58:01 +03:00
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BOOL Pcap_Write_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (pcap && pcap->fp && fwrite((void*)record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1)
|
2015-06-26 16:58:01 +03:00
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BOOL Pcap_Write_RecordContent(wPcap* pcap, wPcapRecord* record)
|
|
|
|
{
|
|
|
|
if (pcap && pcap->fp && fwrite(record->data, record->length, 1, pcap->fp) == 1)
|
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BOOL Pcap_Write_Record(wPcap* pcap, wPcapRecord* record)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
return Pcap_Write_RecordHeader(pcap, &record->header) && Pcap_Write_RecordContent(pcap, record);
|
2015-06-26 16:58:01 +03:00
|
|
|
}
|
2013-10-09 07:18:59 +04:00
|
|
|
|
|
|
|
wPcap* Pcap_Open(char* name, BOOL write)
|
|
|
|
{
|
2015-04-03 17:21:01 +03:00
|
|
|
wPcap* pcap = NULL;
|
2021-05-25 20:27:13 +03:00
|
|
|
FILE* pcap_fp = winpr_fopen(name, write ? "w+b" : "rb");
|
2013-10-09 07:18:59 +04:00
|
|
|
|
|
|
|
if (!pcap_fp)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_ERR(TAG, "opening pcap file");
|
2013-10-09 07:18:59 +04:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
pcap = (wPcap*)calloc(1, sizeof(wPcap));
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!pcap)
|
2015-09-01 12:31:12 +03:00
|
|
|
goto out_fail;
|
2013-10-09 07:18:59 +04:00
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
pcap->name = name;
|
|
|
|
pcap->write = write;
|
|
|
|
pcap->record_count = 0;
|
|
|
|
pcap->fp = pcap_fp;
|
|
|
|
|
|
|
|
if (write)
|
|
|
|
{
|
|
|
|
pcap->header.magic_number = PCAP_MAGIC_NUMBER;
|
|
|
|
pcap->header.version_major = 2;
|
|
|
|
pcap->header.version_minor = 4;
|
|
|
|
pcap->header.thiszone = 0;
|
|
|
|
pcap->header.sigfigs = 0;
|
|
|
|
pcap->header.snaplen = 0xFFFFFFFF;
|
|
|
|
pcap->header.network = 1; /* ethernet */
|
|
|
|
if (!Pcap_Write_Header(pcap, &pcap->header))
|
|
|
|
goto out_fail;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
2015-06-26 16:58:01 +03:00
|
|
|
else
|
|
|
|
{
|
2017-08-11 11:07:46 +03:00
|
|
|
if (_fseeki64(pcap->fp, 0, SEEK_END) < 0)
|
2015-06-26 16:58:01 +03:00
|
|
|
goto out_fail;
|
2021-06-16 15:43:07 +03:00
|
|
|
pcap->file_size = (SSIZE_T)_ftelli64(pcap->fp);
|
2015-06-26 16:58:01 +03:00
|
|
|
if (pcap->file_size < 0)
|
|
|
|
goto out_fail;
|
2017-08-11 11:07:46 +03:00
|
|
|
if (_fseeki64(pcap->fp, 0, SEEK_SET) < 0)
|
2015-06-26 16:58:01 +03:00
|
|
|
goto out_fail;
|
|
|
|
if (!Pcap_Read_Header(pcap, &pcap->header))
|
|
|
|
goto out_fail;
|
|
|
|
}
|
|
|
|
|
2013-10-09 07:18:59 +04:00
|
|
|
return pcap;
|
2015-06-26 16:58:01 +03:00
|
|
|
|
|
|
|
out_fail:
|
|
|
|
fclose(pcap_fp);
|
|
|
|
free(pcap);
|
|
|
|
return NULL;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void Pcap_Flush(wPcap* pcap)
|
|
|
|
{
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp)
|
|
|
|
return;
|
|
|
|
|
2013-10-09 07:18:59 +04:00
|
|
|
while (pcap->record)
|
|
|
|
{
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!Pcap_Write_Record(pcap, pcap->record))
|
|
|
|
return;
|
2013-10-09 07:18:59 +04:00
|
|
|
pcap->record = pcap->record->next;
|
|
|
|
}
|
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
fflush(pcap->fp);
|
2015-06-26 16:58:01 +03:00
|
|
|
return;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void Pcap_Close(wPcap* pcap)
|
|
|
|
{
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp)
|
|
|
|
return;
|
|
|
|
|
2013-10-09 07:18:59 +04:00
|
|
|
Pcap_Flush(pcap);
|
2014-08-14 12:38:02 +04:00
|
|
|
fclose(pcap->fp);
|
2013-10-09 07:18:59 +04:00
|
|
|
free(pcap);
|
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL WLog_PacketMessage_Write_EthernetHeader(wPcap* pcap, wEthernetHeader* ethernet)
|
2013-10-09 21:37:53 +04:00
|
|
|
{
|
|
|
|
wStream* s;
|
|
|
|
BYTE buffer[14];
|
2015-06-26 16:58:01 +03:00
|
|
|
BOOL ret = TRUE;
|
2013-10-09 21:37:53 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp || !ethernet)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2014-08-14 12:38:02 +04:00
|
|
|
|
2013-10-09 21:37:53 +04:00
|
|
|
s = Stream_New(buffer, 14);
|
2015-05-29 14:46:50 +03:00
|
|
|
if (!s)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Write(s, ethernet->Destination, 6);
|
|
|
|
Stream_Write(s, ethernet->Source, 6);
|
|
|
|
Stream_Write_UINT16_BE(s, ethernet->Type);
|
2015-06-26 16:58:01 +03:00
|
|
|
if (fwrite(buffer, 14, 1, pcap->fp) != 1)
|
|
|
|
ret = FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2015-06-26 16:58:01 +03:00
|
|
|
return ret;
|
2013-10-09 21:37:53 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static UINT16 IPv4Checksum(BYTE* ipv4, int length)
|
2013-10-09 23:11:56 +04:00
|
|
|
{
|
2013-10-10 00:37:45 +04:00
|
|
|
UINT16 tmp16;
|
|
|
|
long checksum = 0;
|
|
|
|
|
|
|
|
while (length > 1)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
tmp16 = *((UINT16*)ipv4);
|
2013-10-10 00:37:45 +04:00
|
|
|
checksum += tmp16;
|
|
|
|
length -= 2;
|
|
|
|
ipv4 += 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (length > 0)
|
|
|
|
checksum += *ipv4;
|
|
|
|
|
|
|
|
while (checksum >> 16)
|
|
|
|
checksum = (checksum & 0xFFFF) + (checksum >> 16);
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
return (UINT16)(~checksum);
|
2013-10-09 23:11:56 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL WLog_PacketMessage_Write_IPv4Header(wPcap* pcap, wIPv4Header* ipv4)
|
2013-10-09 21:37:53 +04:00
|
|
|
{
|
|
|
|
wStream* s;
|
|
|
|
BYTE buffer[20];
|
2015-06-26 16:58:01 +03:00
|
|
|
int ret = TRUE;
|
2013-10-09 21:37:53 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp || !ipv4)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2014-08-14 12:38:02 +04:00
|
|
|
|
2013-10-09 21:37:53 +04:00
|
|
|
s = Stream_New(buffer, 20);
|
2015-05-29 14:46:50 +03:00
|
|
|
if (!s)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Write_UINT8(s, (ipv4->Version << 4) | ipv4->InternetHeaderLength);
|
|
|
|
Stream_Write_UINT8(s, ipv4->TypeOfService);
|
2013-10-09 22:23:38 +04:00
|
|
|
Stream_Write_UINT16_BE(s, ipv4->TotalLength);
|
|
|
|
Stream_Write_UINT16_BE(s, ipv4->Identification);
|
2013-10-09 23:11:56 +04:00
|
|
|
Stream_Write_UINT16_BE(s, (ipv4->InternetProtocolFlags << 13) | ipv4->FragmentOffset);
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Write_UINT8(s, ipv4->TimeToLive);
|
|
|
|
Stream_Write_UINT8(s, ipv4->Protocol);
|
2013-10-10 00:37:45 +04:00
|
|
|
Stream_Write_UINT16(s, ipv4->HeaderChecksum);
|
2013-10-09 22:23:38 +04:00
|
|
|
Stream_Write_UINT32_BE(s, ipv4->SourceAddress);
|
|
|
|
Stream_Write_UINT32_BE(s, ipv4->DestinationAddress);
|
2019-11-06 17:24:51 +03:00
|
|
|
ipv4->HeaderChecksum = IPv4Checksum((BYTE*)buffer, 20);
|
2013-10-09 23:11:56 +04:00
|
|
|
Stream_Rewind(s, 10);
|
2013-10-10 00:37:45 +04:00
|
|
|
Stream_Write_UINT16(s, ipv4->HeaderChecksum);
|
2013-10-09 23:11:56 +04:00
|
|
|
Stream_Seek(s, 8);
|
2015-06-26 16:58:01 +03:00
|
|
|
if (fwrite(buffer, 20, 1, pcap->fp) != 1)
|
|
|
|
ret = FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2015-06-26 16:58:01 +03:00
|
|
|
return ret;
|
2013-10-09 21:37:53 +04:00
|
|
|
}
|
|
|
|
|
2015-06-26 16:58:01 +03:00
|
|
|
static BOOL WLog_PacketMessage_Write_TcpHeader(wPcap* pcap, wTcpHeader* tcp)
|
2013-10-09 21:37:53 +04:00
|
|
|
{
|
|
|
|
wStream* s;
|
|
|
|
BYTE buffer[20];
|
2015-06-26 16:58:01 +03:00
|
|
|
BOOL ret = TRUE;
|
2013-10-09 21:37:53 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp || !tcp)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2014-08-14 12:38:02 +04:00
|
|
|
|
2013-10-09 21:37:53 +04:00
|
|
|
s = Stream_New(buffer, 20);
|
2015-05-29 14:46:50 +03:00
|
|
|
if (!s)
|
2015-06-26 16:58:01 +03:00
|
|
|
return FALSE;
|
2013-10-09 22:23:38 +04:00
|
|
|
Stream_Write_UINT16_BE(s, tcp->SourcePort);
|
|
|
|
Stream_Write_UINT16_BE(s, tcp->DestinationPort);
|
|
|
|
Stream_Write_UINT32_BE(s, tcp->SequenceNumber);
|
|
|
|
Stream_Write_UINT32_BE(s, tcp->AcknowledgementNumber);
|
2013-10-09 21:37:53 +04:00
|
|
|
Stream_Write_UINT8(s, (tcp->Offset << 4) | tcp->Reserved);
|
|
|
|
Stream_Write_UINT8(s, tcp->TcpFlags);
|
2013-10-09 22:23:38 +04:00
|
|
|
Stream_Write_UINT16_BE(s, tcp->Window);
|
|
|
|
Stream_Write_UINT16_BE(s, tcp->Checksum);
|
|
|
|
Stream_Write_UINT16_BE(s, tcp->UrgentPointer);
|
2013-10-09 21:37:53 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
if (pcap->fp)
|
2015-06-26 16:58:01 +03:00
|
|
|
{
|
|
|
|
if (fwrite(buffer, 20, 1, pcap->fp) != 1)
|
|
|
|
ret = FALSE;
|
|
|
|
}
|
2013-10-09 21:37:53 +04:00
|
|
|
|
|
|
|
Stream_Free(s, FALSE);
|
2015-06-26 16:58:01 +03:00
|
|
|
return ret;
|
2013-10-09 21:37:53 +04:00
|
|
|
}
|
|
|
|
|
2013-10-10 00:37:45 +04:00
|
|
|
static UINT32 g_InboundSequenceNumber = 0;
|
|
|
|
static UINT32 g_OutboundSequenceNumber = 0;
|
|
|
|
|
2021-06-16 19:09:14 +03:00
|
|
|
BOOL WLog_PacketMessage_Write(wPcap* pcap, void* data, size_t length, DWORD flags)
|
2013-10-09 07:18:59 +04:00
|
|
|
{
|
2013-10-09 21:37:53 +04:00
|
|
|
wTcpHeader tcp;
|
|
|
|
wIPv4Header ipv4;
|
2013-10-09 07:18:59 +04:00
|
|
|
struct timeval tp;
|
|
|
|
wPcapRecord record;
|
2013-10-09 21:37:53 +04:00
|
|
|
wEthernetHeader ethernet;
|
|
|
|
ethernet.Type = 0x0800;
|
2013-10-09 22:23:38 +04:00
|
|
|
|
2014-08-14 12:38:02 +04:00
|
|
|
if (!pcap || !pcap->fp)
|
2015-10-21 11:11:06 +03:00
|
|
|
return FALSE;
|
2014-08-14 12:38:02 +04:00
|
|
|
|
2013-10-09 23:11:56 +04:00
|
|
|
if (flags & WLOG_PACKET_OUTBOUND)
|
2013-10-09 22:23:38 +04:00
|
|
|
{
|
2013-10-09 23:11:56 +04:00
|
|
|
/* 00:15:5D:01:64:04 */
|
|
|
|
ethernet.Source[0] = 0x00;
|
|
|
|
ethernet.Source[1] = 0x15;
|
|
|
|
ethernet.Source[2] = 0x5D;
|
|
|
|
ethernet.Source[3] = 0x01;
|
|
|
|
ethernet.Source[4] = 0x64;
|
|
|
|
ethernet.Source[5] = 0x04;
|
|
|
|
/* 00:15:5D:01:64:01 */
|
|
|
|
ethernet.Destination[0] = 0x00;
|
|
|
|
ethernet.Destination[1] = 0x15;
|
|
|
|
ethernet.Destination[2] = 0x5D;
|
|
|
|
ethernet.Destination[3] = 0x01;
|
|
|
|
ethernet.Destination[4] = 0x64;
|
|
|
|
ethernet.Destination[5] = 0x01;
|
2013-10-09 22:23:38 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2013-10-09 23:11:56 +04:00
|
|
|
/* 00:15:5D:01:64:01 */
|
|
|
|
ethernet.Source[0] = 0x00;
|
|
|
|
ethernet.Source[1] = 0x15;
|
|
|
|
ethernet.Source[2] = 0x5D;
|
|
|
|
ethernet.Source[3] = 0x01;
|
|
|
|
ethernet.Source[4] = 0x64;
|
|
|
|
ethernet.Source[5] = 0x01;
|
|
|
|
/* 00:15:5D:01:64:04 */
|
|
|
|
ethernet.Destination[0] = 0x00;
|
|
|
|
ethernet.Destination[1] = 0x15;
|
|
|
|
ethernet.Destination[2] = 0x5D;
|
|
|
|
ethernet.Destination[3] = 0x01;
|
|
|
|
ethernet.Destination[4] = 0x64;
|
|
|
|
ethernet.Destination[5] = 0x04;
|
2013-10-09 22:23:38 +04:00
|
|
|
}
|
2013-10-09 21:37:53 +04:00
|
|
|
|
|
|
|
ipv4.Version = 4;
|
|
|
|
ipv4.InternetHeaderLength = 5;
|
|
|
|
ipv4.TypeOfService = 0;
|
2014-08-18 21:34:47 +04:00
|
|
|
ipv4.TotalLength = (UINT16)(length + 20 + 20);
|
2013-10-09 21:37:53 +04:00
|
|
|
ipv4.Identification = 0;
|
2013-10-09 22:23:38 +04:00
|
|
|
ipv4.InternetProtocolFlags = 0x02;
|
2013-10-09 21:37:53 +04:00
|
|
|
ipv4.FragmentOffset = 0;
|
2013-10-09 22:23:38 +04:00
|
|
|
ipv4.TimeToLive = 128;
|
|
|
|
ipv4.Protocol = 6; /* TCP */
|
2013-10-09 21:37:53 +04:00
|
|
|
ipv4.HeaderChecksum = 0;
|
2013-10-09 22:23:38 +04:00
|
|
|
|
2013-10-09 23:11:56 +04:00
|
|
|
if (flags & WLOG_PACKET_OUTBOUND)
|
2013-10-09 22:23:38 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
ipv4.SourceAddress = 0xC0A80196; /* 192.168.1.150 */
|
2013-10-09 22:23:38 +04:00
|
|
|
ipv4.DestinationAddress = 0x4A7D64C8; /* 74.125.100.200 */
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
ipv4.SourceAddress = 0x4A7D64C8; /* 74.125.100.200 */
|
2013-10-09 22:23:38 +04:00
|
|
|
ipv4.DestinationAddress = 0xC0A80196; /* 192.168.1.150 */
|
|
|
|
}
|
2013-10-09 21:37:53 +04:00
|
|
|
|
|
|
|
tcp.SourcePort = 3389;
|
|
|
|
tcp.DestinationPort = 3389;
|
2013-10-10 00:37:45 +04:00
|
|
|
|
|
|
|
if (flags & WLOG_PACKET_OUTBOUND)
|
|
|
|
{
|
|
|
|
tcp.SequenceNumber = g_OutboundSequenceNumber;
|
|
|
|
tcp.AcknowledgementNumber = g_InboundSequenceNumber;
|
|
|
|
g_OutboundSequenceNumber += length;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
tcp.SequenceNumber = g_InboundSequenceNumber;
|
|
|
|
tcp.AcknowledgementNumber = g_OutboundSequenceNumber;
|
|
|
|
g_InboundSequenceNumber += length;
|
|
|
|
}
|
|
|
|
|
2013-10-09 22:23:38 +04:00
|
|
|
tcp.Offset = 5;
|
2013-10-09 21:37:53 +04:00
|
|
|
tcp.Reserved = 0;
|
2013-10-10 00:37:45 +04:00
|
|
|
tcp.TcpFlags = 0x0018;
|
|
|
|
tcp.Window = 0x7FFF;
|
2013-10-09 21:37:53 +04:00
|
|
|
tcp.Checksum = 0;
|
|
|
|
tcp.UrgentPointer = 0;
|
2013-10-09 07:18:59 +04:00
|
|
|
record.data = data;
|
2013-10-09 22:23:38 +04:00
|
|
|
record.length = length;
|
|
|
|
record.header.incl_len = record.length + 14 + 20 + 20;
|
|
|
|
record.header.orig_len = record.length + 14 + 20 + 20;
|
2013-10-09 07:18:59 +04:00
|
|
|
record.next = NULL;
|
|
|
|
gettimeofday(&tp, 0);
|
|
|
|
record.header.ts_sec = tp.tv_sec;
|
|
|
|
record.header.ts_usec = tp.tv_usec;
|
2015-06-26 16:58:01 +03:00
|
|
|
if (!Pcap_Write_RecordHeader(pcap, &record.header) ||
|
2019-11-06 17:24:51 +03:00
|
|
|
!WLog_PacketMessage_Write_EthernetHeader(pcap, ðernet) ||
|
|
|
|
!WLog_PacketMessage_Write_IPv4Header(pcap, &ipv4) ||
|
|
|
|
!WLog_PacketMessage_Write_TcpHeader(pcap, &tcp) || !Pcap_Write_RecordContent(pcap, &record))
|
2015-10-21 11:11:06 +03:00
|
|
|
return FALSE;
|
2013-10-09 21:37:53 +04:00
|
|
|
fflush(pcap->fp);
|
2015-10-21 11:11:06 +03:00
|
|
|
return TRUE;
|
2013-10-09 07:18:59 +04:00
|
|
|
}
|