int CaptDisMain(int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char infile[PCAP_PATH_DIM], dirpath[PCAP_PATH_DIM];
char **list;
char *pcap_file;
int i, num;
pcap_t *cap = NULL;
int ret;
DIR *dir;
struct dirent *entry;
struct cap_ref ref;
FILE *fp;
struct snoop_file_header snooph;
static bool tresp;
/* pcapfile protocol id */
pcap_prot_id = ProtId("pcapf");
if (pcap_prot_id == -1) {
printf("It is necessary to load (from config file) the dissector pcapf\n");
return -1;
}
/* serial number of packet */
pkt_serial = 1;
/* pcap file/dir name */
infile[0] = '\0';
dirpath[0] = '\0';
tresp = FALSE;
ret = PcapParam(argc, argv, infile, dirpath, &tresp);
if (ret != 0) {
return -1;
}
/* ^C */
ciao = FALSE;
signal(SIGTERM, PcapCiao);
signal(SIGINT, PcapCiao);
list = NULL;
num = 0;
if (dirpath[0] != '\0') {
dir = opendir(dirpath);
if (dir == NULL) {
perror("");
return -1;
}
/* file list */
while((entry = readdir(dir)) != NULL) {
if (entry->d_name[0] == '.')
continue;
list = xrealloc(list, sizeof(char *)*(num+1));
list[num] = xmalloc(strlen(dirpath)+strlen(entry->d_name)+5);
sprintf(list[num], "%s/%s", dirpath, entry->d_name);
num++;
}
qsort(list, num, sizeof(char *), ListSort);
closedir(dir);
if (num == 0) {
printf("Directory without pcap/snoop file\n");
return -1;
}
#if 0
/* list debug */
printf("Files list:\n");
for (i=0; i!=num; i++) {
printf(" %s\n", list[i]);
}
#endif
pcap_file = list[0];
}
else
pcap_file = infile;
i = 0;
do {
errbuf[sizeof(errbuf) - 1] = '\0';
errbuf[0] = '\0';
/* open the input pcap file */
cap = pcap_open_offline(pcap_file, errbuf);
if (cap != NULL) {
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
ref.dlt = pcap_datalink(cap);
/* packet counter */
ref.cnt = 0;
/* let pcap loop over the input, passing data to the decryptor */
if (tresp)
pcap_loop(cap, -1, (pcap_handler)&PcapDissectorTsec, (u_char*)&ref);
else
pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref);
pcap_close(cap);
}
else {
/* try with snoop */
fp = fopen(pcap_file, "r");
if (fp != NULL) {
if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) {
if (strcmp(snooph.format_name, "snoop") != 0) {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
else {
snooph.version = ntohl(snooph.version);
snooph.mac = ntohl(snooph.mac);
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
switch (snooph.mac) {
case 0x04:
ref.dlt = DLT_EN10MB;
break;
case 0x08:
ref.dlt = DLT_FDDI;
break;
case 0x12:
ref.dlt = DLT_SUNATM;
break;
}
/* packet counter */
ref.cnt = 0;
SnoopDissector(fp, &ref);
fclose(fp);
fp = NULL;
}
}
else {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
else {
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
i++;
if (i < num)
pcap_file = list[i];
} while (i<num && !ciao);
return 0;
}
int CaptDisMain(int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char dirpath[PCAP_PATH_DIM];
char tmp[PCAP_PATH_DIM];
char ifile[PCAP_PATH_DIM];
char *pcap_file, *param;
bool end, ses_id, pol_id;
pcap_t *cap = NULL;
int res;
struct cap_ref ref;
struct timespec to;
FILE *fp;
struct stat info_a, info_b;
struct snoop_file_header snooph;
char *filter_app;
struct bpf_program filter; /* The compiled filter */
bool one;
end = FALSE;
ses_id = FALSE;
pol_id = FALSE;
pcap_file = NULL;
filter_app = NULL;
/* pol protocol id */
pol_prot_id = ProtId("pol");
if (pol_prot_id == -1) {
return -1;
}
/* serial number of packet */
pkt_serial = 1;
/* pol dir name */
dirpath[0] = '\0';
res = PolParam(argc, argv, dirpath, &filter_app);
if (res != 0) {
return -1;
}
/* check name dir */
if (dirpath[0] == '\0') {
return -1;
}
/* read pol info */
sprintf(ifile, "%s/%s", dirpath, POL_INIT_SESSION_FILE);
fp = fopen(ifile, "r");
if (fp == NULL) {
LogPrintf(LV_ERROR, "Pol info file (%s) not present!", ifile);
return -1;
}
while (fgets(tmp, CFG_LINE_MAX_SIZE, fp) != NULL) {
/* check if line is a comment */
if (!CfgParIsComment(tmp)) {
param = strstr(tmp, POL_SESSION_ID);
if (param != NULL) {
res = sscanf(param, POL_SESSION_ID"=%lu", &ref.ses_id);
if (res == 1) {
ses_id = TRUE;
}
}
param = strstr(tmp, POL_POL_ID);
if (param != NULL) {
res = sscanf(param, POL_POL_ID"=%lu", &ref.pol_id);
if (res == 1) {
pol_id = TRUE;
}
}
}
}
fclose(fp);
remove(ifile);
sprintf(file_status, "%s/../../tmp/%s", dirpath, POL_POL_STATUS);
if (ses_id == FALSE || pol_id == FALSE) {
LogPrintf(LV_ERROR, "Pol info file (%s) incomplete!", tmp);
return -1;
}
/* pcap file decoding */
do {
/* pcap file name */
do {
pcap_file = PolFile(dirpath, &one);
if (pcap_file == NULL) {
/* timeout */
to.tv_sec = 2;
to.tv_nsec = 1;
if (!end) {
/* wait new file */
while (nanosleep(&to, &to) != 0)
;
}
}
else {
/* check if the file is the end file flag */
if (strstr(pcap_file, POL_END_SESSION_FILE) != NULL) {
end = TRUE;
remove(pcap_file);
xfree(pcap_file);
pcap_file = PolFile(dirpath, &one);
}
}
} while (pcap_file == NULL && end == FALSE);
if (pcap_file != NULL) {
/* wait file download completition */
if (one) {
do {
/* timeout */
to.tv_sec = 5;
to.tv_nsec = 1;
stat(pcap_file, &info_a);
nanosleep(&to, NULL);
stat(pcap_file, &info_b);
} while (info_a.st_size != info_b.st_size);
}
errbuf[sizeof(errbuf) - 1] = '\0';
errbuf[0] = '\0';
/* open the input pcap file (or stdin) */
cap = pcap_open_offline(pcap_file, errbuf);
if (cap != NULL) {
/* compile and apply the filter */
if (filter_app != NULL) {
if (pcap_compile(cap, &filter, filter_app, 1, 0) < 0) {
printf("Bad filter %s\n", filter_app);
pcap_perror(cap, "Filter");
return -1;
}
pcap_setfilter(cap, &filter);
pcap_freecode(&filter);
}
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
ref.dlt = pcap_datalink(cap);
/* packet counter */
ref.cnt = 0;
/* let pcap loop over the input, passing data to the decryptor */
pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref);
pcap_close(cap);
}
else {
/* try with snoop */
fp = fopen(pcap_file, "r");
if (fp != NULL) {
if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) {
if (strcmp(snooph.format_name, "snoop") != 0) {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
else {
snooph.version = ntohl(snooph.version);
snooph.mac = ntohl(snooph.mac);
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
switch (snooph.mac) {
case 0x04:
ref.dlt = DLT_EN10MB;
break;
case 0x08:
ref.dlt = DLT_FDDI;
break;
case 0x12:
ref.dlt = DLT_SUNATM;
break;
}
/* packet counter */
ref.cnt = 0;
SnoopDissector(fp , &ref);
fclose(fp);
fp = NULL;
}
}
else {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
else {
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
/* remove file */
remove(pcap_file);
xfree(pcap_file);
}
} while (pcap_file);
if (filter_app != NULL)
xfree(filter_app);
return 0;
}
