int
elf_fix_phdr(Elf_Phdr *ph, void *v)
{
ph->p_type = swap32(ph->p_type);
ph->p_flags = swap32(ph->p_flags);
ph->p_offset = swap_off(ph->p_offset);
ph->p_vaddr = swap_addr(ph->p_vaddr);
ph->p_paddr = swap_addr(ph->p_paddr);
ph->p_filesz = swap_xword(ph->p_filesz);
ph->p_memsz = swap_xword(ph->p_memsz);
ph->p_align = swap_xword(ph->p_align);
return 1;
}
int
elf_fix_rel(Elf_Ehdr *eh, Elf_Rel *rel)
{
/* nothing to do */
if (eh->e_ident[EI_DATA] == ELF_TARG_DATA)
return (0);
rel->r_offset = swap_addr(rel->r_offset);
rel->r_info = swap_xword(rel->r_info);
return (1);
}
int
elf_fix_sym(const Elf_Ehdr *eh, Elf_Sym *sym)
{
/* nothing to do */
if (eh->e_ident[EI_DATA] == ELF_TARG_DATA)
return (0);
sym->st_name = swap32(sym->st_name);
sym->st_shndx = swap16(sym->st_shndx);
sym->st_value = swap_addr(sym->st_value);
sym->st_size = swap_xword(sym->st_size);
return (1);
}
int
elf_fix_header(Elf_Ehdr *eh)
{
/* nothing to do */
if (eh->e_ident[EI_DATA] == ELF_TARG_DATA)
return (0);
eh->e_type = swap16(eh->e_type);
eh->e_machine = swap16(eh->e_machine);
eh->e_version = swap32(eh->e_version);
eh->e_entry = swap_addr(eh->e_entry);
eh->e_phoff = swap_off(eh->e_phoff);
eh->e_shoff = swap_off(eh->e_shoff);
eh->e_flags = swap32(eh->e_flags);
eh->e_ehsize = swap16(eh->e_ehsize);
eh->e_phentsize = swap16(eh->e_phentsize);
eh->e_phnum = swap16(eh->e_phnum);
eh->e_shentsize = swap16(eh->e_shentsize);
eh->e_shnum = swap16(eh->e_shnum);
eh->e_shstrndx = swap16(eh->e_shstrndx);
return (1);
}
/**
* Callback for TCP data assembled by LibNIDS
* @param tcp Pointer to stream struct
* @param param Additional parameter associated with TCP stream
*/
void net_tcp(struct tcp_stream *tcp, void **param)
{
struct half_stream *hlf = NULL;
struct tuple4 addr;
/* Local copy of address */
memcpy(&addr, &tcp->addr, sizeof(struct tuple4));
/* TCP connection established */
if (tcp->nids_state == NIDS_JUST_EST) {
/* Enable monitoring of data */
tcp->client.collect++;
tcp->server.collect++;
if (!merge_tcp_payloads)
log_write(net_time(), "T+", addr, "", 0);
return;
}
/* Disable monitoring if stream too long */
if (max_tcp_bytes
&& tcp->client.count + tcp->server.count > max_tcp_bytes) {
/* Disable monitoring */
tcp->client.collect = 0;
tcp->server.collect = 0;
}
/* New data is available */
if (tcp->nids_state == NIDS_DATA) {
/* Skip if payloads should be merged */
if (merge_tcp_payloads) {
nids_discard(tcp, 0);
return;
}
/* Check which end has sent data */
if (tcp->client.count_new) {
hlf = &tcp->client;
swap_addr(&addr);
} else {
hlf = &tcp->server;
}
log_write(net_time(), "T", addr, hlf->data, hlf->count_new);
return;
}
/* TCP connection closed */
if (tcp->nids_state == NIDS_CLOSE || tcp->nids_state == NIDS_RESET ||
tcp->nids_state == NIDS_TIMED_OUT) {
/* Skip if payloads should not be merged */
if (!merge_tcp_payloads) {
log_write(net_time(), "T-", addr, "", 0);
return;
}
/* Log merged payloads */
if (tcp->server.count)
log_write(net_time(), "T", addr, tcp->server.data,
tcp->server.count);
swap_addr(&addr);
if (tcp->client.count)
log_write(net_time(), "T", addr, tcp->client.data,
tcp->client.count);
return;
}
}
