#include "icsneo/platform/windows/pcap.h" #include "icsneo/communication/network.h" #include "icsneo/communication/communication.h" #include "icsneo/communication/packetizer.h" #include #include #pragma comment(lib, "IPHLPAPI.lib") #include #include #include using namespace icsneo; static std::wstring_convert> converter; static const uint8_t BROADCAST_MAC[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; std::vector PCAP::knownInterfaces; std::vector PCAP::FindAll() { std::vector foundDevices; PCAPDLL pcap; if(!pcap.ok()) { ErrorManager::GetInstance().add(APIError::PCAPCouldNotStart); return std::vector(); } // First we ask WinPCAP to give us all of the devices pcap_if_t* alldevs; char errbuf[PCAP_ERRBUF_SIZE] = { 0 }; bool success = false; // Calling pcap.findalldevs_ex too quickly can cause various errors. Retry a few times in this case. for(auto retry = 0; retry < 10; retry++) { auto ret = pcap.findalldevs_ex(PCAP_SRC_IF_STRING, nullptr, &alldevs, errbuf); if(ret == 0) { success = true; break; } } if(!success) { ErrorManager::GetInstance().add(APIError::PCAPCouldNotFindDevices); return std::vector(); } std::vector interfaces; for(pcap_if_t* dev = alldevs; dev != nullptr; dev = dev->next) { NetworkInterface netif; netif.nameFromWinPCAP = dev->name; netif.descriptionFromWinPCAP = dev->description; interfaces.push_back(netif); } pcap.freealldevs(alldevs); // Now we're going to ask Win32 for the information as well ULONG size = 0; if(GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX, nullptr, nullptr, &size) != ERROR_BUFFER_OVERFLOW) { ErrorManager::GetInstance().add(APIError::PCAPCouldNotFindDevices); return std::vector(); } std::vector adapterAddressBuffer; adapterAddressBuffer.resize(size); if(GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX, nullptr, (IP_ADAPTER_ADDRESSES*)adapterAddressBuffer.data(), &size) != ERROR_SUCCESS) { ErrorManager::GetInstance().add(APIError::PCAPCouldNotFindDevices); return std::vector(); } // aa->AdapterName constains a unique name of the interface like "{3B1D2791-435A-456F-8A7B-9CB0EEE5DAB3}" // interface.nameFromWinPCAP has "rpcap://\Device\NPF_{3B1D2791-435A-456F-8A7B-9CB0EEE5DAB3}" // We're comparing strings to match the Win32 info with the WinPCAP info for(IP_ADAPTER_ADDRESSES* aa = (IP_ADAPTER_ADDRESSES*)adapterAddressBuffer.data(); aa != nullptr; aa = aa->Next) { for(auto& interface : interfaces) { if(interface.nameFromWinPCAP.find(aa->AdapterName) == std::string::npos) continue; // This is not the interface that corresponds memcpy(interface.macAddress, aa->PhysicalAddress, sizeof(interface.macAddress)); interface.nameFromWin32API = aa->AdapterName; interface.descriptionFromWin32API = converter.to_bytes(aa->Description); interface.friendlyNameFromWin32API = converter.to_bytes(aa->FriendlyName); if(interface.descriptionFromWin32API.find("LAN9512/LAN9514") != std::string::npos) { // This is an Ethernet EVB device interface.fullName = "Intrepid Ethernet EVB ( " + interface.friendlyNameFromWin32API + " : " + interface.descriptionFromWin32API + " )"; } else { interface.fullName = interface.friendlyNameFromWin32API + " : " + interface.descriptionFromWin32API; } } } for(auto& interface : interfaces) { bool exists = false; for(auto& known : knownInterfaces) if(memcmp(interface.macAddress, known.macAddress, sizeof(interface.macAddress)) == 0) exists = true; if(!exists) knownInterfaces.emplace_back(interface); } constexpr auto openflags = (PCAP_OPENFLAG_PROMISCUOUS | PCAP_OPENFLAG_MAX_RESPONSIVENESS | PCAP_OPENFLAG_NOCAPTURE_LOCAL); for(size_t i = 0; i < knownInterfaces.size(); i++) { auto& interface = knownInterfaces[i]; if(interface.fullName.length() == 0) continue; // Win32 did not find this interface in the previous step interface.fp = pcap.open(interface.nameFromWinPCAP.c_str(), 30, openflags, 1, nullptr, errbuf); if(interface.fp == nullptr) continue; // Could not open the interface EthernetPacket requestPacket; requestPacket.payload.reserve(4); requestPacket.payload = { ((1 << 4) | (uint8_t)Network::NetID::Main51), // Packet size of 1 on NETID_MAIN51 (uint8_t)Command::RequestSerialNumber }; requestPacket.payload.push_back(Packetizer::ICSChecksum(requestPacket.payload)); requestPacket.payload.insert(requestPacket.payload.begin(), 0xAA); auto bs = requestPacket.getBytestream(); pcap.sendpacket(interface.fp, bs.data(), (int)bs.size()); auto timeout = std::chrono::high_resolution_clock::now() + std::chrono::milliseconds(5); while(std::chrono::high_resolution_clock::now() <= timeout) { // Wait up to 5ms for the response struct pcap_pkthdr* header; const uint8_t* data; auto res = pcap.next_ex(interface.fp, &header, &data); if(res < 0) { //std::cout << "pcapnextex failed with " << res << std::endl; break; } if(res == 0) continue; // Keep waiting for that packet EthernetPacket packet(data, header->caplen); // Is this an ICS response packet (0xCAB2) from an ICS MAC, either to broadcast or directly to us? if(packet.etherType == 0xCAB2 && packet.srcMAC[0] == 0x00 && packet.srcMAC[1] == 0xFC && packet.srcMAC[2] == 0x70 && ( memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) == 0 || memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) == 0 )) { /* We have received a packet from a device. We don't know if this is the device we're * looking for, we don't know if it's actually a response to our RequestSerialNumber * or not, we just know we got something. * * Unlike most transport layers, we can't get the serial number here as we actually * need to parse this message that has been returned. Some devices parse messages * differently, so we need to use their communication layer. We could technically * create a communication layer to parse the packet we have in `payload` here, but * we'd need to be given a packetizer and decoder for the device. I'm intentionally * avoiding passing that information down here for code quality's sake. Instead, pass * the packet we received back up so the device can handle it. */ neodevice_handle_t handle = (neodevice_handle_t)((i << 24) | (packet.srcMAC[3] << 16) | (packet.srcMAC[4] << 8) | (packet.srcMAC[5])); PCAPFoundDevice* alreadyExists = nullptr; for(auto& dev : foundDevices) if(dev.device.handle == handle) alreadyExists = &dev; if(alreadyExists == nullptr) { PCAPFoundDevice foundDevice; foundDevice.device.handle = handle; foundDevice.discoveryPackets.push_back(std::move(packet.payload)); foundDevices.push_back(foundDevice); } else { alreadyExists->discoveryPackets.push_back(std::move(packet.payload)); } } } pcap.close(interface.fp); interface.fp = nullptr; } return foundDevices; } bool PCAP::IsHandleValid(neodevice_handle_t handle) { uint8_t netifIndex = (uint8_t)(handle >> 24); return (netifIndex < knownInterfaces.size()); } PCAP::PCAP(device_errorhandler_t err, neodevice_t& forDevice) : device(forDevice), err(err) { if(IsHandleValid(device.handle)) { interface = knownInterfaces[(device.handle >> 24) & 0xFF]; interface.fp = nullptr; // We're going to open our own connection to the interface. This should already be nullptr but just in case. deviceMAC[0] = 0x00; deviceMAC[1] = 0xFC; deviceMAC[2] = 0x70; deviceMAC[3] = (device.handle >> 16) & 0xFF; deviceMAC[4] = (device.handle >> 8) & 0xFF; deviceMAC[5] = device.handle & 0xFF; } else { openable = false; } } bool PCAP::open() { if(!openable) return false; if(!pcap.ok()) return false; if(isOpen()) return false; // Open the interface interface.fp = pcap.open(interface.nameFromWinPCAP.c_str(), 100, PCAP_OPENFLAG_PROMISCUOUS | PCAP_OPENFLAG_MAX_RESPONSIVENESS, 1, nullptr, errbuf); if(interface.fp == nullptr) { err(APIError::DriverFailedToOpen); return false; } // Create threads readThread = std::thread(&PCAP::readTask, this); writeThread = std::thread(&PCAP::writeTask, this); return true; } bool PCAP::isOpen() { return interface.fp != nullptr; } bool PCAP::close() { if(!isOpen()) return false; closing = true; // Signal the threads that we are closing readThread.join(); writeThread.join(); pcap.close(interface.fp); interface.fp = nullptr; return true; } void PCAP::readTask() { struct pcap_pkthdr* header; const uint8_t* data; while(!closing) { auto readBytes = pcap.next_ex(interface.fp, &header, &data); if(readBytes < 0) { err(APIError::FailedToRead); break; } if(readBytes == 0) continue; // Keep waiting for that packet EthernetPacket packet(data, header->caplen); if(packet.etherType != 0xCAB2) continue; // Not a packet to host if(memcmp(packet.destMAC, interface.macAddress, sizeof(packet.destMAC)) != 0 && memcmp(packet.destMAC, BROADCAST_MAC, sizeof(packet.destMAC)) != 0) continue; // Packet is not addressed to us or broadcast if(memcmp(packet.srcMAC, deviceMAC, sizeof(deviceMAC)) != 0) continue; // Not a packet from the device we're concerned with readQueue.enqueue_bulk(packet.payload.data(), packet.payload.size()); } } void PCAP::writeTask() { WriteOperation writeOp; uint16_t sequence = 0; EthernetPacket sendPacket; // Set MAC address of packet memcpy(sendPacket.srcMAC, interface.macAddress, sizeof(sendPacket.srcMAC)); memcpy(sendPacket.destMAC, deviceMAC, sizeof(deviceMAC)); while(!closing) { if(!writeQueue.wait_dequeue_timed(writeOp, std::chrono::milliseconds(100))) continue; sendPacket.packetNumber = sequence++; sendPacket.payload = std::move(writeOp.bytes); auto bs = sendPacket.getBytestream(); if(!closing) pcap.sendpacket(interface.fp, bs.data(), (int)bs.size()); // TODO Handle packet send errors } } PCAP::EthernetPacket::EthernetPacket(const std::vector& bytestream) { loadBytestream(bytestream); } PCAP::EthernetPacket::EthernetPacket(const uint8_t* data, size_t size) { std::vector bs(size); for(size_t i = 0; i < size; i++) bs[i] = data[i]; loadBytestream(bs); } int PCAP::EthernetPacket::loadBytestream(const std::vector& bytestream) { errorWhileDecodingFromBytestream = 0; for(size_t i = 0; i < 6; i++) destMAC[i] = bytestream[i]; for(size_t i = 0; i < 6; i++) srcMAC[i] = bytestream[i + 6]; etherType = (bytestream[12] << 8) | bytestream[13]; icsEthernetHeader = (bytestream[14] << 24) | (bytestream[15] << 16) | (bytestream[16] << 8) | bytestream[17]; uint16_t payloadSize = bytestream[18] | (bytestream[19] << 8); packetNumber = bytestream[20] | (bytestream[21] << 8); uint16_t packetInfo = bytestream[22] | (bytestream[23] << 8); firstPiece = packetInfo & 1; lastPiece = (packetInfo >> 1) & 1; bufferHalfFull = (packetInfo >> 2) & 2; payload = std::vector(bytestream.begin() + 24, bytestream.end()); size_t payloadActualSize = payload.size(); if(payloadActualSize < payloadSize) errorWhileDecodingFromBytestream = 1; payload.resize(payloadSize); return errorWhileDecodingFromBytestream; } std::vector PCAP::EthernetPacket::getBytestream() const { size_t payloadSize = payload.size(); std::vector bytestream; bytestream.reserve(6 + 6 + 2 + 4 + 2 + 2 + 2 + payloadSize); for(size_t i = 0; i < 6; i++) bytestream.push_back(destMAC[i]); for(size_t i = 0; i < 6; i++) bytestream.push_back(srcMAC[i]); // EtherType should be put into the bytestream as big endian bytestream.push_back((uint8_t)(etherType >> 8)); bytestream.push_back((uint8_t)(etherType)); // Our Ethernet header should be put into the bytestream as big endian bytestream.push_back((uint8_t)(icsEthernetHeader >> 24)); bytestream.push_back((uint8_t)(icsEthernetHeader >> 16)); bytestream.push_back((uint8_t)(icsEthernetHeader >> 8)); bytestream.push_back((uint8_t)(icsEthernetHeader)); // The payload size comes next, it's little endian bytestream.push_back((uint8_t)(payloadSize)); bytestream.push_back((uint8_t)(payloadSize >> 8)); // Packet number is little endian bytestream.push_back((uint8_t)(packetNumber)); bytestream.push_back((uint8_t)(packetNumber >> 8)); // Packet info gets assembled into a bitfield uint16_t packetInfo = 0; packetInfo |= firstPiece & 1; packetInfo |= (lastPiece & 1) << 1; packetInfo |= (bufferHalfFull & 1) << 2; bytestream.push_back((uint8_t)(packetInfo)); bytestream.push_back((uint8_t)(packetInfo >> 8)); bytestream.insert(bytestream.end(), payload.begin(), payload.end()); return bytestream; }