diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 53fcfd4..9156973 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -552,9 +552,11 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet) { - if(user_region-> drop_para != NULL){ - if(user_region->drop_para->send_icmp_unreachable_enable){ - send_icmp_unreachable(a_stream, a_packet); + if(user_region != NULL){ + if(user_region->drop_para != NULL){ + if(user_region->drop_para->send_icmp_unreachable_enable){ + send_icmp_unreachable(a_stream, a_packet); + } } } diff --git a/src/tsg_icmp.cpp b/src/tsg_icmp.cpp index 7d977ec..80b9813 100644 --- a/src/tsg_icmp.cpp +++ b/src/tsg_icmp.cpp @@ -23,6 +23,11 @@ #define ETH_IP_TYPE_LEN 2 #define ETH_LEN ((MAC_LEN_2)+(ETH_IP_TYPE_LEN)) + +#define TCP_MAX_LEN 60 +#define ICMP_IPV4_TCP_MAX_LEN 44 //64-20 = 44 +#define IPV4_SHAM_FIXED_LEN 12 + #define IPV4_LEN 20 #define IPV4_IP_LEN 4 #define IPV4_IP_LEN_INDEX 2 //eth_len(14)+ ip_len_index(2) @@ -36,9 +41,9 @@ #define IPV6_PESUDO_HEAD_LEN 40 //icmpv6的srcPacket len需要再确认 -#define ICMP_MAX_LEN 190 //eth_len(14) + ipv6_len(40) + ICMP_MAX_LEN(8+128) -#define ICMP_SRCPACKET_MAX_LEN 64 -#define ICMPV6_SRCPACKET_MAX_LEN 128 +#define ICMP_MAX_LEN 65535 //eth_len(14) + ipv6_len(40) + ICMP_MAX_LEN(8+128) +#define ICMP_SRCPACKET_MAX_LEN 548 // 548 == ipv4(max_len 576)-ip_len(20)-icmp_head_len(8) +#define ICMPV6_SRCPACKET_MAX_LEN 1232 // 1232 == ipv6(max_len 1280)-ipv6_len(40)-icmp_head_len(8) typedef struct icmpv4{ char type; @@ -87,7 +92,7 @@ static void format_icmpv4(const char *raw_pkt, char *buf, int *len){ short ipv4_checksum = 0; short sip_len = 12; //skip sip start index short dip_len = 16; //skip dip start index - + memcpy(&src_ipv4_total_len, &raw_pkt[IPV4_IP_LEN_INDEX], sizeof(short)); src_ipv4_total_len = htons(src_ipv4_total_len); @@ -106,7 +111,7 @@ static void format_icmpv4(const char *raw_pkt, char *buf, int *len){ memset(&icmpst, 0, sizeof(icmpv4_st)); memcpy(icmpst.srcPacket, raw_pkt, icmp_srcpacket_len); // icmpst.type = ICMPV4_UNREACHABLE; - icmpst.type = ICMPV4_PORT_UNREACHABLE; + icmpst.code = ICMPV4_PORT_UNREACHABLE; icmpst.checksum = in_checksum((void*)&icmpst, icmp_len); //format ipv4 @@ -128,8 +133,8 @@ static void format_icmpv4(const char *raw_pkt, char *buf, int *len){ return; } - //int format_icmpv6(char *icmp, short icmp_len, char *eth, const char *data){ +#if 0 static void format_icmpv6(const char *data, char *buf, int *len){ char checksum_str[ICMPV6_SRCPACKET_MAX_LEN] = {0}; char ipv6[IPV6_LEN] = {0}; @@ -144,7 +149,9 @@ static void format_icmpv6(const char *data, char *buf, int *len){ short dip_len = 24; //skip dip start index, 16+8 == 24 short ipv6_ip2 = IPV6_IP_LEN + IPV6_IP_LEN; short payload_len = 0; - + short fill_icmp_len = 0; + int checksum_payload_len = 0; + memcpy(&src_ipv6_total_len, &data[IPV6_IP_PAYLOAD_INDEX], sizeof(short)); //get ipv6_payload_len src_ipv6_total_len = htons(src_ipv6_total_len) + IPV6_LEN; @@ -172,10 +179,18 @@ static void format_icmpv6(const char *data, char *buf, int *len){ icmpst.code = ICMPV6_PORT_UNREACHABLE; memcpy(icmpst.srcPacket, data, icmp_srcpacket_len); + //补充为4字节 + checksum_payload_len = htonl((int)icmp_len); + fill_icmp_len = icmp_len % 4; + if( fill_icmp_len > 0){ + icmp_len = icmp_len + (4-fill_icmp_len); + checksum_len = checksum_len + (4-fill_icmp_len); + } + //calc icmpv6 checksum memcpy(checksum_str, &icmpst, icmp_len); memcpy(&checksum_str[icmp_len], &ipv6[8], ipv6_ip2); - memcpy(&checksum_str[icmp_len+ipv6_ip2+2], &ipv6[4], sizeof(short)); + memcpy(&checksum_str[icmp_len+ipv6_ip2], &checksum_payload_len, sizeof(int)); checksum_str[icmp_len+ipv6_ip2+7] = ICMPV6_PROTOCAL_TYPE; icmpst.checksum = in_checksum(checksum_str, checksum_len); @@ -186,13 +201,15 @@ static void format_icmpv6(const char *data, char *buf, int *len){ return; } +#endif static void format_icmp(const char *raw_pkt, char *icmp_buf, int *icmp_len, int ip_type){ if(IPV4_TYPE == ip_type) { format_icmpv4(raw_pkt, icmp_buf, icmp_len); - }else{ //IPV6_TYPE - format_icmpv6(raw_pkt, icmp_buf, icmp_len); } + //else{ //IPV6_TYPE + // format_icmpv6(raw_pkt, icmp_buf, icmp_len); + //} return; } @@ -200,13 +217,20 @@ static void format_icmp(const char *raw_pkt, char *icmp_buf, int *icmp_len, int unsigned char send_icmp_unreachable(const struct streaminfo *a_stream, const void *raw_pkt) { char icmp_buf[ICMP_MAX_LEN]; + unsigned char raw_route_dir = 0; int icmp_len = 0; - if(a_stream->curdir==DIR_S2C || raw_pkt == NULL){ - return 0; + if(a_stream == NULL){ + return STATE_DROPPKT; + } + + if((a_stream->curdir==DIR_S2C)||(raw_pkt==NULL)||(a_stream->addr.addrtype!=IPV4_TYPE)){ + return STATE_DROPPKT; } format_icmp((char *)raw_pkt, icmp_buf, &icmp_len, a_stream->addr.addrtype); - return tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, icmp_buf, icmp_len, DIR_S2C); + raw_route_dir = (a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + + return tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, icmp_buf, icmp_len, raw_route_dir); } diff --git a/src/tsg_tamper.cpp b/src/tsg_tamper.cpp index b3d100c..b12c4b8 100644 --- a/src/tsg_tamper.cpp +++ b/src/tsg_tamper.cpp @@ -31,6 +31,7 @@ #define IPV6_UDP_PALYLOAD_START_INDEX 48 //ipv6_len(40) + udp_len(8) #define IPV6_IP_PAYLOAD_INDEX 4 //ipv6_payload_index(4) + int tamper_calc(char *str, int startlen, int endlen) { int i = 0; @@ -39,136 +40,47 @@ int tamper_calc(char *str, int startlen, int endlen) //最小交换paythod的第2个字节和第四个字节,否则不处理 if ((endlen - startlen) < 4){ - return STATE_DROPPKT; + return -1; } //start_len+1 : 因为计算校验和是16bit为单位,这里调换16bit的低8bit。 - for(i = startlen+1; i < endlen; i++){ - for (j = i+2; j < endlen; j++){ + for(i=startlen+1; i>4)&0x0f)*4; - tcp_head_all_len = tcp_head_len + IPV4_LEN; - if(packet_len == tcp_head_all_len){ - return -1; - } - payload_start_index = IPV4_LEN + tcp_head_len; - }else if(protocol_type == UDP_TYPE){ - if(ETH_IPV4_IP_UPD_LEN == packet_len){ - return -1; - } - payload_start_index = ETH_IPV4_IP_UPD_LEN; - } - - *ret_len = packet_len-payload_start_index+1; - memcpy(ret_packet, &packet[payload_start_index], *ret_len); - return tamper_calc(ret_packet, payload_start_index, packet_len); -} - -//int tamper_ipv6(char *packet, int packet_len){ -int tamper_ipv6(const char *packet, char *ret_packet, int *ret_len){ - int packet_len = 0; - short src_ipv6_total_len = 0; - char tcp_head_len; - char protocol_type = packet[IPV6_PROTOCOL_INDEX]; - int payload_start_index = 0; - int packet_all_len = 0; - - memcpy(&src_ipv6_total_len, &packet[IPV6_IP_PAYLOAD_INDEX], sizeof(short)); //get ipv6_payload_len - packet_len = htons(src_ipv6_total_len) + IPV6_LEN; - *ret_len = packet_len; - - if(protocol_type == TCP_TYPE){ - tcp_head_len = ret_packet[IPV6_TCP_OPTION_LEN_INDEX]; - tcp_head_len = ((tcp_head_len>>4)&0x0f)*4; - packet_all_len = tcp_head_len + IPV6_LEN; - if(packet_len == packet_all_len){ - return -1; - } - payload_start_index = IPV6_LEN + tcp_head_len; - }else if(protocol_type == UDP_TYPE){ - if(IPV6_UDP_PALYLOAD_START_INDEX == packet_len){ - return -1; - } - payload_start_index = IPV6_UDP_PALYLOAD_START_INDEX; - } - - *ret_len = packet_len-payload_start_index+1; - memcpy(ret_packet, &packet[payload_start_index], *ret_len); - return tamper_calc(ret_packet, payload_start_index, packet_len); -} - -static int format_tamper(const char *packet, char *tamper_buf, int *tamper_len, int ip_type){ - int ret = 0; - - if(IPV4_TYPE == ip_type) { - ret = tamper_ipv4((char *)packet, tamper_buf, tamper_len); - }else{ - ret = tamper_ipv6((char *)packet, tamper_buf, tamper_len); - } - - return ret; + return -1; } unsigned char send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt) { + const char *p_trans_payload = (char *)a_stream->ptcpdetail->pdata; + int trans_layload_len = a_stream->ptcpdetail->datalen; char tamper_buf[MTU_LEN] = {0}; unsigned char raw_route_dir = 0; - int tamper_len = 0; int ret = 0; - - ret = format_tamper((char *)raw_pkt, tamper_buf, &tamper_len, a_stream->addr.addrtype); - if (ret < 0){ + + if(a_stream == NULL){ return STATE_DROPPKT; } - raw_route_dir=(a_stream->curdir==DIR_C2S) ? a_stream->routedir : MESA_dir_reverse(a_stream->routedir); - tsg_send_inject_packet(a_stream, SIO_DEFAULT, tamper_buf, tamper_len, raw_route_dir); + if((p_trans_payload==NULL)||(trans_layload_len<=0)||(a_stream->curdir== DIR_S2C)){ + return STATE_DROPPKT; + } - return STATE_DROPPKT|STATE_DROPME; + memcpy(tamper_buf, p_trans_payload, trans_layload_len); + ret = tamper_calc(tamper_buf, 0, trans_layload_len); + if (ret < 0){ + return STATE_DROPPKT; + } + + raw_route_dir = (a_stream->curdir==DIR_C2S) ? a_stream->routedir : MESA_dir_reverse(a_stream->routedir); + tsg_send_inject_packet(a_stream, SIO_DEFAULT, tamper_buf, trans_layload_len, raw_route_dir); + + return STATE_DROPPKT; } -