Why this program which use BPF and RAW SOCKET just

2019-08-17 17:30发布

GOAL: write a simple packet filter using BPF. The packet filter should allow you to choose the interface.

PROBLEM: if I uncomment the third to last instruction in the code (where there is a call to recvfrom, the execution just hangs and I can't see no output (neither "buffer zeroed" which I should be able to see in the stdout).

QUESTIONS: 1) how can I fix it? 2) why the programs hangs during the execution and doesn't show the first printf output? 3) how can I receive from ANY interface?

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>

#include <arpa/inet.h>
#include <linux/filter.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
#include <net/if.h>

#define DEFAULT_IF   "wlan0"

/* definisco programma bpf */
/* tcpdump -i lo icmp -dd */
struct sock_filter bpfcode[] = {
    { 0x28, 0, 0, 0x0000000c },   /* (000) ldh      [12] */
    { 0x15, 0, 3, 0x00000800 },   /* (001) jeq      #0x800   jt 2   jf 5 */
    { 0x30, 0, 0, 0x00000017 },   /* (002) ldb      [23] */
    { 0x15, 0, 1, 0x00000001 },   /* (003) jeq      #0x1     jt 4   jf 5 */
    { 0x6, 0, 0, 0x00040000 },    /* (004) ret      #262144 */
    { 0x6, 0, 0, 0x00000000 },    /* (005) ret      #0 */
};

int main(int argc, char *argv[])
{
    struct sock_fprog bpf = {
        sizeof(bpfcode) / sizeof(struct sock_filter),
        bpfcode
    };
    socklen_t saddr_len = sizeof(struct sockaddr_ll);
    struct sockaddr_ll addr;
    unsigned char *buffer;
    char ifname[IFNAMSIZ];
    int ret, sfd, rval;

    buffer = calloc(1, 65536);
    if (!buffer) {
        perror("calloc");
        return -1;
    }

    // prendi nome interfaccia
    if (argc > 1)
        strcpy(ifname, argv[1]);
    else
        strcpy(ifname, DEFAULT_IF);

    // creazione raw socket
    sfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
    if (sfd < 0) {
        perror("socket");
        return -1;
    }

    // attacco filtro alla socket
    ret = setsockopt(sfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf));
    if (ret < 0) {
        perror("setsockopt");
        exit(EXIT_FAILURE);
    }

    // quando si usa packet socket bisogna settare sll_protocol e
    // sll_ifindex se si vuol fare il bind ad una specifica interfaccia
    memset(&addr, 0, sizeof(addr));
    addr.sll_family = AF_PACKET;
    addr.sll_protocol = htons(ETH_P_ALL);
    addr.sll_ifindex = if_nametoindex(ifname);
    printf("index %d", addr.sll_ifindex);

    //  viene assegnato un indirizzo al socket
    if (bind(sfd, (struct sockaddr *) &addr,
             sizeof(struct sockaddr_ll)) == -1) {
        perror("bind");
        exit(EXIT_FAILURE);
    }

    // ricevo traffico
    if (!buffer[0])
        printf("buffer zeroed");
    // rval = recvfrom(sfd, buffer, 65536, 0, (struct sockaddr *)&addr,
    //                 &saddr_len);
    if (buffer[0])
        printf("something was written in the buffer");

    return 0;
}

标签: sockets bpf
1条回答
smile是对你的礼貌
2楼-- · 2019-08-17 18:06
  1. How do I fix it?

    What do you want to fix exactly? See below.

  2. Why the programs hangs during the execution and doesn't show the first printf output?

    Both printf() do work, except you're not printing any line breaks ('\n') at the end of your messages, so the system does not flush your message to the console. Just end your messages with line breaks and you will see your messages as expected.

    As for the hang, this is simply because recvfrom() waits until a packet arrives. Well, not just any packet in your case, since you are filtering on ICMP. Ping your interface from the outside, and the program should resume. Alternatively, for debugging your C program, just keep { 0x6, 0, 0, 0x00040000 } (return non-zero) in your BPF program, and any received packet should do.

  3. How can I receive from ANY interface?

    How to bind a socket to multiple interfaces

查看更多
登录 后发表回答