gfwleak/zhuzhenjun-libosfp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.0.3

Browse Source
This commit is contained in:
zhuzhenjun
2023-09-27 11:45:26 +08:00
parent eeb4cc0b6b
commit 15d4a2d271
27 changed files with 1702 additions and 1659 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
example/osfp_example.c
View File

@@ -14,9 +14,10 @@
#include <pcap.h>
#include "libosfp.h"
#include "libosfp_fingerprint.h"
#include "libosfp_score_db.h"
#include "osfp_common.h"
#include "osfp.h"
#include "osfp_fingerprint.h"
#include "osfp_score_db.h"
#define DEFAULT_FP_FILE_PATH "./fp.json"
@@ -434,82 +435,36 @@ const char *PrintInet(int af, const void *src, char *dst, socklen_t size)
return NULL;
}
void example_detect(libosfp_context_t *libosfp_context, Packet *p)
void example_detect(struct osfp_db *osfp_db, Packet *p)
{
int ret;
char str_buf[1024];
//unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
struct tcphdr *tcph;
unsigned int tcph_len;
struct osfp_result *result;
unsigned int os_class_flags = OSFP_OS_CLASS_FLAG_WINDOWS | OSFP_OS_CLASS_FLAG_LINUX | OSFP_OS_CLASS_FLAG_MAC_OS;
unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
unsigned char *tcph = (unsigned char *)p->tcph;
libosfp_result_t result;
unsigned int os_class_flags = LIBOSFP_OS_CLASS_FLAG_WINDOWS | LIBOSFP_OS_CLASS_FLAG_LINUX | LIBOSFP_OS_CLASS_FLAG_MAC_OS;
printf("Example ipv4 header detect: --------------------------\n");
printf("Example header detect: --------------------------\n");
if (p->iph == NULL) {
goto exit;
}
ret = libosfp_detect(libosfp_context, os_class_flags, iph, tcph, &result);
if (ret != 0) {
printf("libosfp header match failed, erro: %s\n", "?");
tcph = (struct tcphdr *)p->tcph;
tcph_len = tcph->doff << 2;
result = osfp_ipv4_identify(osfp_db, p->iph, tcph, tcph_len);
if (result == NULL) {
printf("osfp header match failed, erro: %s\n", "?");
goto exit;
}
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
printf("Most likely os class: %s\n", libosfp_result_likely_os_class_name_get(&result));
printf("Likely score: %u/100\n", result.score.likely_score);
printf("Most likely os class: %s\n", osfp_result_os_name_get(result));
printf("Details:\n");
if (libosfp_result_to_buf(&result, str_buf, sizeof(str_buf))) {
printf("%s", str_buf);
}
exit:
return;
}
void example_detect_fingerprint(libosfp_context_t *libosfp_context, Packet *p)
{
int ret;
char str_buf[1024];
unsigned char *iph = (unsigned char *)(p->iph != NULL ? (void *)p->iph : (void *)p->ip6h);
unsigned char *tcph = (unsigned char *)p->tcph;
libosfp_result_t result;
libosfp_fingerprint_t fp;
// fingerprinting
printf("Example fingerprint detect: --------------------------\n");
memset(&fp, 0, sizeof(libosfp_fingerprint_t));
ret = libosfp_fingerprinting(iph, tcph, &fp);
if (ret != 0) {
printf("libosfp fingerprinting failed\n");
goto exit;
}
libosfp_fingerprint_to_json_buf(&fp, str_buf, sizeof(str_buf), 1);
printf("%s\n", str_buf);
// output fingerprint with connection info line
if (fingerprinting_output_fp) {
fprintf(fingerprinting_output_fp, "Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
fprintf(fingerprinting_output_fp, "%s\n", str_buf);
fflush(fingerprinting_output_fp);
}
// score
memset(&result, 0, sizeof(libosfp_result_t));
ret = libosfp_score_db_score(libosfp_context->score_db, 0, &fp, &result.score);
if (ret != 0) {
printf("libosfp fingerprint score failed, error: %d\n", ret);
goto exit;
}
printf("Connection info: %s:%d -> %s:%d\n", p->srcip, p->sp, p->dstip, p->dp);
printf("Most likely os class: %s\n", libosfp_result_likely_os_class_name_get(&result));
printf("Likely score: %u/100\n", result.score.likely_score);
printf("Details:\n");
if (libosfp_result_to_buf(&result, str_buf, sizeof(str_buf))) {
printf("%s", str_buf);
}
printf("%s\n", osfp_result_score_detail_export(result));
exit:
return;
@@ -518,7 +473,7 @@ exit:
void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
{
int ret;
libosfp_context_t *libosfp_context = (libosfp_context_t *)user;
struct osfp_db *osfp_db = (struct osfp_db *)user;
Packet packet = {0}, *p = &packet;
// decode packet
@@ -540,11 +495,8 @@ void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
PrintInet(AF_INET6, (const void *)&(p->dst.address), p->dstip, sizeof(p->dstip));
}
// fingerprint detect example for libosfp developer
example_detect_fingerprint(libosfp_context, p);
// tcp/ip header detect example for user
example_detect(libosfp_context, p);
example_detect(osfp_db, p);
printf("--------------------------- processed packet count %d\n", ++processed_packet);
@@ -654,39 +606,31 @@ int main(int argc, char *argv[])
// get link type
link_type = pcap_datalink(pcap_handle);
// create libosfp context
// create osfp db
if (fp_file_path == NULL) {
fp_file_path = DEFAULT_FP_FILE_PATH;
}
//libosfp_context_t *libosfp_context = libosfp_context_create(fp_file_path);
libosfp_context_t *libosfp_context = libosfp_context_create(NULL);
if (libosfp_context == NULL) {
printf("could not create libosfp context. fingerprints file: %s\n", fp_file_path);
struct osfp_db *osfp_db = osfp_db_new(fp_file_path);
if (osfp_db == NULL) {
printf("could not create osfp context. fingerprints file: %s\n", fp_file_path);
exit(1);
}
// setup libosfp context
r = libosfp_context_setup(libosfp_context);
if (r != LIBOSFP_NOERR) {
printf("could not setup libosfp context. error: %d\n", LIBOSFP_NOERR);
libosfp_context_destroy(libosfp_context);
exit(1);
}
libosfp_score_db_debug_print(libosfp_context->score_db);
osfp_score_db_debug_print(osfp_db->score_db);
// loop
while (1) {
int r = pcap_dispatch(pcap_handle, 0, (pcap_handler)process_packet, (void*)libosfp_context);
int r = pcap_dispatch(pcap_handle, 0, (pcap_handler)process_packet, (void*)osfp_db);
if (r < 0) {
printf("error code: %d, error: %s\n", r, pcap_geterr(pcap_handle));
break;
}
}
// destroy libosfp context
libosfp_context_destroy(libosfp_context);
// destroy osfp db
osfp_db_free(osfp_db);
return 0;
}