/* Initialise reassembly module */
eemo_rv eemo_reasm_init(void)
{
int i = 0;
if (eemo_conf_get_bool("ip", "reassemble", &ra_enabled, 1) != ERV_OK)
{
ERROR_MSG("Failed to retrieve configuration setting for IP reassembly");
return ERV_CONFIG_ERROR;
}
if (!ra_enabled)
{
INFO_MSG("IP reassembly is disabled");
return ERV_OK;
}
if ((eemo_conf_get_int("ip", "reassembly_timeout", &ra_timeout, 30) != ERV_OK) || (ra_timeout <= 0))
{
ERROR_MSG("Failed to retrieve configuration setting for IP reassembly timeout");
return ERV_CONFIG_ERROR;
}
if (ra_timeout < 30)
{
WARNING_MSG("IP reassembly timeout is set to a value below that of most operating systems (%ds < 30s)", ra_timeout);
}
if ((eemo_conf_get_int("ip", "reassembly_buffers", &ra_buf_count, 1000) != ERV_OK) || (ra_buf_count <= 0))
{
ERROR_MSG("Failed to retrieve number of IP reassembly buffers from the configuration");
return ERV_CONFIG_ERROR;
}
if (eemo_conf_get_bool("ip", "reassemble_log", &ra_log, 1) != ERV_OK)
{
ERROR_MSG("Failed to retrieve reassembly log setting from the configuration");
return ERV_CONFIG_ERROR;
}
/* Allocate and clear reassembly buffers */
ra_buffers = (ip_reasm_buf*) malloc(ra_buf_count * sizeof(ip_reasm_buf));
for (i = 0; i < ra_buf_count; i++)
{
memset(&ra_buffers[i], 0, sizeof(ip_reasm_buf));
ra_buffers[i].pkt_len = -1;
}
INFO_MSG("Initialised %d IP reassembly buffers", ra_buf_count);
return ERV_OK;
}
/* Initialise direct capturing */
eemo_rv eemo_mux_capture_init(eemo_mux_capture_handle_pkt_fn handler_fn)
{
assert(handler_fn != NULL);
char* client_cert = NULL;
char* client_key = NULL;
char* cert_dir = NULL;
char** feeds_conf = NULL;
int feeds_conf_ct = 0;
int i = 0;
/* Initialise OpenSSL */
SSL_library_init();
SSL_load_error_strings();
if (eemo_mt_openssl_init() != ERV_OK)
{
ERROR_MSG("Failed to initialise multi-threaded use of OpenSSL");
return ERV_GENERAL_ERROR;
}
last_capture_stats = time(NULL);
/* Retrieve configuration */
eemo_conf_get_int("capture", "stats_interval", &capture_stats_interval, 0);
if (capture_stats_interval > 0)
{
INFO_MSG("Emitting capture statistics every %ds", capture_stats_interval);
}
/* Retrieve configuration */
if ((eemo_conf_get_string("capture", "mux", &mux_host, NULL) != ERV_OK) || (mux_host == NULL))
{
ERROR_MSG("Failed to retrieve the host name of the multiplexer from the configuration, giving up");
return ERV_CONFIG_ERROR;
}
if ((eemo_conf_get_int("capture", "mux_port", &mux_port, -1) != ERV_OK) || (mux_port < 1))
{
ERROR_MSG("Failed to retrieve the multiplexer port number from the configuration, giving up");
free(mux_host);
return ERV_CONFIG_ERROR;
}
if ((eemo_conf_get_string("capture", "client_cert", &client_cert, NULL) != ERV_OK) || (client_cert == NULL))
{
ERROR_MSG("Failed to retrieve the path for the client certificate from the configuration, giving up");
free(mux_host);
return ERV_CONFIG_ERROR;
}
if ((eemo_conf_get_string("capture", "client_key", &client_key, NULL) != ERV_OK) || (client_key == NULL))
{
ERROR_MSG("Failed to retrieve the path for the client certificate private key from the configuration, giving up");
free(mux_host);
free(client_cert);
return ERV_CONFIG_ERROR;
}
if ((eemo_conf_get_string("capture", "cert_dir", &cert_dir, NULL) != ERV_OK) || (cert_dir == NULL))
{
ERROR_MSG("Failed to retrieve the path to valid multiplexer certificates from the configuration, giving up");
free(mux_host);
free(client_cert);
free(client_key);
return ERV_CONFIG_ERROR;
}
if ((eemo_conf_get_string_array("capture", "mux_feeds", &feeds_conf, &feeds_conf_ct) != ERV_OK) || (feeds_conf == NULL) || (feeds_conf_ct <= 0))
{
ERROR_MSG("Failed to retrieve feeds to request from the multiplexer from the configuration, giving up");
free(mux_host);
free(client_cert);
free(client_key);
free(cert_dir);
return ERV_CONFIG_ERROR;
}
/* Set up new TLS context */
tls_ctx = SSL_CTX_new(TLSv1_2_client_method());
if (tls_ctx == NULL)
{
ERROR_MSG("Failed to setup up TLS 1.2 context");
free(client_cert);
free(client_key);
free(cert_dir);
return ERV_TLS_ERROR;
}
/* Set renegotiation behaviour */
SSL_CTX_set_mode(tls_ctx, SSL_MODE_AUTO_RETRY);
/* Load the certificate and private key */
if ((SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_PEM) != 1) &&
(SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_ASN1) != 1))
{
ERROR_MSG("Failed to load TLS certificate from %s", client_cert);
SSL_CTX_free(tls_ctx);
tls_ctx = NULL;
free(client_cert);
free(client_key);
free(cert_dir);
return ERV_TLS_ERROR;
}
INFO_MSG("Loaded TLS certificate");
free(client_cert);
if ((SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_PEM) != 1) &&
(SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_ASN1) != 1))
{
ERROR_MSG("Failed to load TLS key from %s", client_key);
SSL_CTX_free(tls_ctx);
tls_ctx = NULL;
free(client_key);
free(cert_dir);
return ERV_TLS_ERROR;
}
INFO_MSG("Loaded TLS key");
free(client_key);
/* Set TLS options */
if (SSL_CTX_set_cipher_list(tls_ctx, EEMO_MUX_CIPHERSUITES) != 1)
{
ERROR_MSG("Failed to select safe TLS ciphers, giving up");
SSL_CTX_free(tls_ctx);
tls_ctx = NULL;
free(cert_dir);
return ERV_TLS_ERROR;
}
INFO_MSG("Checking for valid mux server certificates in %s", cert_dir);
SSL_CTX_load_verify_locations(tls_ctx, NULL, cert_dir);
free(cert_dir);
SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
for (i = 0; i < feeds_conf_ct; i++)
{
feed_spec* new_feed = (feed_spec*) malloc(sizeof(feed_spec));
new_feed->feed_guid = strdup(feeds_conf[i]);
LL_APPEND(feeds, new_feed);
}
eemo_conf_free_string_array(feeds_conf, feeds_conf_ct);
handler = handler_fn;
return ERV_OK;
}