Ejemplo n.º 1
0
/* Initialise reassembly module */
eemo_rv eemo_reasm_init(void)
{
	int	i	= 0;

	if (eemo_conf_get_bool("ip", "reassemble", &ra_enabled, 1) != ERV_OK)
	{
		ERROR_MSG("Failed to retrieve configuration setting for IP reassembly");

		return ERV_CONFIG_ERROR;
	}

	if (!ra_enabled)
	{
		INFO_MSG("IP reassembly is disabled");

		return ERV_OK;
	}

	if ((eemo_conf_get_int("ip", "reassembly_timeout", &ra_timeout, 30) != ERV_OK) || (ra_timeout <= 0))
	{
		ERROR_MSG("Failed to retrieve configuration setting for IP reassembly timeout");

		return ERV_CONFIG_ERROR;
	}

	if (ra_timeout < 30)
	{
		WARNING_MSG("IP reassembly timeout is set to a value below that of most operating systems (%ds < 30s)", ra_timeout);
	}

	if ((eemo_conf_get_int("ip", "reassembly_buffers", &ra_buf_count, 1000) != ERV_OK) || (ra_buf_count <= 0))
	{
		ERROR_MSG("Failed to retrieve number of IP reassembly buffers from the configuration");

		return ERV_CONFIG_ERROR;
	}

	if (eemo_conf_get_bool("ip", "reassemble_log", &ra_log, 1) != ERV_OK)
	{
		ERROR_MSG("Failed to retrieve reassembly log setting from the configuration");

		return ERV_CONFIG_ERROR;
	}

	/* Allocate and clear reassembly buffers */
	ra_buffers = (ip_reasm_buf*) malloc(ra_buf_count * sizeof(ip_reasm_buf));

	for (i = 0; i < ra_buf_count; i++)
	{
		memset(&ra_buffers[i], 0, sizeof(ip_reasm_buf));
		ra_buffers[i].pkt_len = -1;
	}

	INFO_MSG("Initialised %d IP reassembly buffers", ra_buf_count);

	return ERV_OK;
}
Ejemplo n.º 2
0
/* Initialise direct capturing */
eemo_rv eemo_mux_capture_init(eemo_mux_capture_handle_pkt_fn handler_fn)
{
	assert(handler_fn != NULL);

	char*	client_cert	= NULL;
	char*	client_key	= NULL;
	char*	cert_dir	= NULL;
	char**	feeds_conf	= NULL;
	int	feeds_conf_ct	= 0;
	int	i		= 0;

	/* Initialise OpenSSL */
	SSL_library_init();
	SSL_load_error_strings();

	if (eemo_mt_openssl_init() != ERV_OK)
	{
		ERROR_MSG("Failed to initialise multi-threaded use of OpenSSL");

		return ERV_GENERAL_ERROR;
	}

	last_capture_stats = time(NULL);

	/* Retrieve configuration */
	eemo_conf_get_int("capture", "stats_interval", &capture_stats_interval, 0);

	if (capture_stats_interval > 0)
	{
		INFO_MSG("Emitting capture statistics every %ds", capture_stats_interval);
	}

	/* Retrieve configuration */
	if ((eemo_conf_get_string("capture", "mux", &mux_host, NULL) != ERV_OK) || (mux_host == NULL))
	{
		ERROR_MSG("Failed to retrieve the host name of the multiplexer from the configuration, giving up");

		return ERV_CONFIG_ERROR;
	}

	if ((eemo_conf_get_int("capture", "mux_port", &mux_port, -1) != ERV_OK) || (mux_port < 1))
	{
		ERROR_MSG("Failed to retrieve the multiplexer port number from the configuration, giving up");

		free(mux_host);

		return ERV_CONFIG_ERROR;
	}

	if ((eemo_conf_get_string("capture", "client_cert", &client_cert, NULL) != ERV_OK) || (client_cert == NULL))
	{
		ERROR_MSG("Failed to retrieve the path for the client certificate from the configuration, giving up");

		free(mux_host);

		return ERV_CONFIG_ERROR;
	}

	if ((eemo_conf_get_string("capture", "client_key", &client_key, NULL) != ERV_OK) || (client_key == NULL))
	{
		ERROR_MSG("Failed to retrieve the path for the client certificate private key from the configuration, giving up");

		free(mux_host);
		free(client_cert);

		return ERV_CONFIG_ERROR;
	}

	if ((eemo_conf_get_string("capture", "cert_dir", &cert_dir, NULL) != ERV_OK) || (cert_dir == NULL))
	{
		ERROR_MSG("Failed to retrieve the path to valid multiplexer certificates from the configuration, giving up");

		free(mux_host);
		free(client_cert);
		free(client_key);

		return ERV_CONFIG_ERROR;
	}

	if ((eemo_conf_get_string_array("capture", "mux_feeds", &feeds_conf, &feeds_conf_ct) != ERV_OK) || (feeds_conf == NULL) || (feeds_conf_ct <= 0))
	{
		ERROR_MSG("Failed to retrieve feeds to request from the multiplexer from the configuration, giving up");

		free(mux_host);
		free(client_cert);
		free(client_key);
		free(cert_dir);

		return ERV_CONFIG_ERROR;
	}

	/* Set up new TLS context */
	tls_ctx = SSL_CTX_new(TLSv1_2_client_method());
	
	if (tls_ctx == NULL)
	{
		ERROR_MSG("Failed to setup up TLS 1.2 context");

		free(client_cert);
		free(client_key);
		free(cert_dir);
			
		return ERV_TLS_ERROR;
	}
		
	/* Set renegotiation behaviour */
	SSL_CTX_set_mode(tls_ctx, SSL_MODE_AUTO_RETRY);

	/* Load the certificate and private key */
	if ((SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_PEM) != 1) &&
	    (SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_ASN1) != 1))
	{
		ERROR_MSG("Failed to load TLS certificate from %s", client_cert);
			
		SSL_CTX_free(tls_ctx);
		tls_ctx = NULL;

		free(client_cert);
		free(client_key);
		free(cert_dir);
			
		return ERV_TLS_ERROR;
	}
		
	INFO_MSG("Loaded TLS certificate");

	free(client_cert);
		
	if ((SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_PEM) != 1) &&
	    (SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_ASN1) != 1))
	{
		ERROR_MSG("Failed to load TLS key from %s", client_key);
			
		SSL_CTX_free(tls_ctx);
		tls_ctx = NULL;
			
		free(client_key);
		free(cert_dir);
			
		return ERV_TLS_ERROR;
	}
		
	INFO_MSG("Loaded TLS key");
	
	free(client_key);
		
	/* Set TLS options */
	if (SSL_CTX_set_cipher_list(tls_ctx, EEMO_MUX_CIPHERSUITES) != 1)
	{
		ERROR_MSG("Failed to select safe TLS ciphers, giving up");
			
		SSL_CTX_free(tls_ctx);
		tls_ctx = NULL;

		free(cert_dir);
			
		return ERV_TLS_ERROR;
	}

	INFO_MSG("Checking for valid mux server certificates in %s", cert_dir);
			
	SSL_CTX_load_verify_locations(tls_ctx, NULL, cert_dir);
			
	free(cert_dir);

	SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
	
	for (i = 0; i < feeds_conf_ct; i++)
	{
		feed_spec*	new_feed	= (feed_spec*) malloc(sizeof(feed_spec));

		new_feed->feed_guid = strdup(feeds_conf[i]);

		LL_APPEND(feeds, new_feed);
	}

	eemo_conf_free_string_array(feeds_conf, feeds_conf_ct);

	handler = handler_fn;

	return ERV_OK;
}