void test_ip_proto(){
argc = generate_argv(argv, "programname", "--ip.proto", "tcp", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_IP_PROTO, filter.index);
CPPUNIT_ASSERT_EQUAL((uint32_t)6, (uint32_t)filter.ip_proto);
argc = generate_argv(argv, "programname", "--ip.proto", "6", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_IP_PROTO, filter.index);
CPPUNIT_ASSERT_EQUAL((uint32_t)6, (uint32_t)filter.ip_proto);
}
void test_tp_sport(){
argc = generate_argv(argv, "programname", "--tp.sport", "80/123", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_SRC_PORT, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)80, filter.src_port);
CPPUNIT_ASSERT_EQUAL((uint16_t)123, filter.src_port_mask);
argc = generate_argv(argv, "programname", "--tp.sport", "http/123", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_SRC_PORT, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)80, filter.src_port);
CPPUNIT_ASSERT_EQUAL((uint16_t)123, filter.src_port_mask);
}
void test_tp_dport(){
argc = generate_argv(argv, "programname", "--tp.dport", "22/123", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_DST_PORT, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)18, filter.dst_port);
CPPUNIT_ASSERT_EQUAL((uint16_t)123, filter.dst_port_mask);
argc = generate_argv(argv, "programname", "--tp.dport", "ssh/123", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_DST_PORT, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)18, filter.dst_port);
CPPUNIT_ASSERT_EQUAL((uint16_t)123, filter.dst_port_mask);
}
void test_eth_type(){
argc = generate_argv(argv, "programname", "--eth.type", "ip/1234", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_ETH_TYPE, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)ETH_P_IP, filter.eth_type);
CPPUNIT_ASSERT_EQUAL((uint16_t)1234, filter.eth_type_mask);
argc = generate_argv(argv, "programname", "--eth.type", "2048/0xffff", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_ETH_TYPE, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)ETH_P_IP, filter.eth_type);
CPPUNIT_ASSERT_EQUAL((uint16_t)0xffff, filter.eth_type_mask);
}
void test_mampid(){
argc = generate_argv(argv, "programname", "--mampid", "foobar", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_MAMPID, filter.index);
CPPUNIT_ASSERT(strcmp(filter.mampid, "foobar") == 0);
}
void test_iface(){
argc = generate_argv(argv, "programname", "--iface", "foobar", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_IFACE, filter.index);
CPPUNIT_ASSERT(strcmp(filter.iface, "foobar") == 0);
}
void test_equal_sign(){
argc = generate_argv(argv, "programname", "--endtime=123.4007", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_END_TIME, filter.index);
CPPUNIT_ASSERT_EQUAL((uint32_t)123, filter.endtime.tv_sec);
CPPUNIT_ASSERT_EQUAL((uint64_t)4007000000000, filter.endtime.tv_psec);
}
void test_eth_vlan(){
argc = generate_argv(argv, "programname", "--eth.vlan", "1234/4321", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_VLAN, filter.index);
CPPUNIT_ASSERT_EQUAL((uint16_t)1234, filter.vlan_tci);
CPPUNIT_ASSERT_EQUAL((uint16_t)4321, filter.vlan_tci_mask);
}
void test_ip_dst(){
in_addr addr = {inet_addr("1.2.3.0")};
in_addr mask = {inet_addr("255.255.255.192")};
argc = generate_argv(argv, "programname", "--ip.dst", "1.2.3.4/255.255.255.192", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_IP_DST, filter.index);
CPPUNIT_ASSERT_INET_ADDR(addr, filter.ip_dst);
CPPUNIT_ASSERT_INET_ADDR(mask, filter.ip_dst_mask);
argc = generate_argv(argv, "programname", "--ip.dst", "1.2.3.4/26", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_IP_DST, filter.index);
CPPUNIT_ASSERT_INET_ADDR(addr, filter.ip_dst);
CPPUNIT_ASSERT_INET_ADDR(mask, filter.ip_dst_mask);
}
void test_endtime(){
/**@todo Check all supported date formats */
argc = generate_argv(argv, "programname", "--end", "123.4007", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_END_TIME, filter.index);
CPPUNIT_ASSERT_EQUAL((uint32_t)123, filter.endtime.tv_sec);
CPPUNIT_ASSERT_EQUAL((uint64_t)4007000000000, filter.endtime.tv_psec);
}
void test_eth_src(){
struct ether_addr addr = *ether_aton("01:00:00:00:00:02");
struct ether_addr mask1 = *ether_aton("FF:FF:FF:FF:FF:FF");
struct ether_addr mask2 = *ether_aton("FF:00:00:00:00:FF");
argc = generate_argv(argv, "programname", "--eth.src", "01:00:00:00:00:02", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_ETH_SRC, filter.index);
CPPUNIT_ASSERT_ETH_ADDR(addr, filter.eth_src);
CPPUNIT_ASSERT_ETH_ADDR(mask1, filter.eth_src_mask);
argc = generate_argv(argv, "programname", "--eth.src", "01:00:00:00:00:02/FF:00:00:00:00:ff", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_ETH_SRC, filter.index);
CPPUNIT_ASSERT_ETH_ADDR(addr, filter.eth_src);
CPPUNIT_ASSERT_ETH_ADDR(mask2, filter.eth_src_mask);
}
void test_eth_dst(){
argc = generate_argv(argv, "programname", "--eth.dst", "01:00:00:00:00:02/FF:00:00:00:00:00", NULL);
CPPUNIT_ASSERT_SUCCESS(filter_from_argv(&argc, argv, &filter), 1);
struct ether_addr addr = *ether_aton("01:00:00:00:00:00");
struct ether_addr mask = *ether_aton("FF:00:00:00:00:00");
CPPUNIT_ASSERT_EQUAL((uint32_t)FILTER_ETH_DST, filter.index);
CPPUNIT_ASSERT_ETH_ADDR(addr, filter.eth_dst);
CPPUNIT_ASSERT_ETH_ADDR(mask, filter.eth_dst_mask);
}
void test_basic(){
const char* orig[] = {
"programname",
"--spam",
"fred",
"--ham",
"barney",
"bacon"
};
int argc = sizeof(orig) / sizeof(orig[0]);
char* argv[argc];
for ( int i = 0; i < argc; i++ ){
argv[i] = strdup(orig[i]);
}
CPPUNIT_ASSERT_EQUAL(0, filter_from_argv(&argc, argv, &filter));
CPPUNIT_ASSERT_EQUAL(6, argc);
for ( int i = 0; i < argc; i++ ){
CPPUNIT_ASSERT(strcmp(argv[i], orig[i]) == 0);
free(argv[i]);
}
}
int main(int argc, char **argv){
/* extract program name from path. e.g. /path/to/MArCd -> MArCd */
const char* separator = strrchr(argv[0], '/');
if ( separator ){
program_name = separator + 1;
} else {
program_name = argv[0];
}
struct filter filter;
if ( filter_from_argv(&argc, argv, &filter) != 0 ){
return 0; /* error already shown */
}
int op, option_index = -1;
while ( (op = getopt_long(argc, argv, shortopts, longopts, &option_index)) != -1 ){
switch (op){
case 0: /* long opt */
case '?': /* unknown opt */
break;
case '1':
case '2':
case '3':
case '4':
{
const unsigned int mask = (7<<FORMAT_LAYER_BIT);
flags &= ~mask; /* reset all layer bits */
flags |= (op-'0')<<FORMAT_LAYER_BIT;
break;
}
case 'd': /* --calender */
flags |= FORMAT_DATE_STR | FORMAT_DATE_UTC;
break;
case 'D': /* --localtime */
flags |= FORMAT_DATE_STR | FORMAT_DATE_LOCALTIME;
break;
case 'a': /* --absolute */
flags &= ~FORMAT_REL_TIMESTAMP;
break;
case 'r': /* --relative */
flags |= FORMAT_REL_TIMESTAMP;
break;
case 'H': /* --headers */
flags |= FORMAT_HEADER;
break;
case 'p': /* --packets */
max_packets = atoi(optarg);
break;
case 'c': /* --packets */
max_matched_packets = atoi(optarg);
break;
case 't': /* --timeout */
{
int tmp = atoi(optarg);
timeout.tv_sec = tmp / 1000;
timeout.tv_usec = tmp % 1000 * 1000;
}
break;
case 'x': /* --hexdump */
flags |= FORMAT_HEXDUMP;
break;
case 'i': /* --iface */
iface = optarg;
break;
case ARGUMENT_VERSION: /* --version */
show_version();
return 0;
case 'h': /* --help */
show_usage();
return 0;
default:
fprintf (stderr, "%s: argument '-%c' declared but not handled\n", argv[0], op);
}
}
int ret;
/* Open stream(s) */
struct stream* stream;
if ( (ret=stream_from_getopt(&stream, argv, optind, argc, iface, "-", program_name, 0)) != 0 ) {
return ret; /* Error already shown */
}
const stream_stat_t* stat = stream_get_stat(stream);
stream_print_info(stream, stderr);
/* handle C-c */
signal(SIGINT, handle_sigint);
/* setup formatter */
struct format format;
format_setup(&format, flags);
uint64_t matched = 0;
while ( keep_running ) {
/* A short timeout is used to allow the application to "breathe", i.e
* terminate if SIGINT was received. */
struct timeval tv = timeout;
/* Read the next packet */
cap_head* cp;
ret = stream_read(stream, &cp, NULL, &tv);
if ( ret == EAGAIN ){
continue; /* timeout */
} else if ( ret != 0 ){
break; /* shutdown or error */
}
/* identify connection even if filter doesn't match so id will be
* deterministic when changing the filter */
connection_id(cp);
if ( filter_match(&filter, cp->payload, cp) ){
format_pkg(stdout, &format, cp);
matched++;
} else {
format_ignore(stdout, &format, cp);
}
if ( max_packets > 0 && stat->matched >= max_packets) {
/* Read enough pkts lets break. */
break;
}
if ( max_matched_packets > 0 && matched >= max_matched_packets) {
/* Read enough pkts lets break. */
break;
}
}
/* if ret == -1 the stream was closed properly (e.g EOF or TCP shutdown)
* In addition EINTR should not give any errors because it is implied when the
* user presses C-c */
if ( ret > 0 && ret != EINTR ){
fprintf(stderr, "stream_read() returned 0x%08X: %s\n", ret, caputils_error_string(ret));
}
/* Write stats */
fprintf(stderr, "%"PRIu64" packets read.\n", stat->read);
fprintf(stderr, "%"PRIu64" packets matched filter.\n", matched);
/* Release resources */
stream_close(stream);
filter_close(&filter);
return 0;
}
void test_missing(){
argc = generate_argv(argv, "programname", "--starttime", NULL);
CPPUNIT_ASSERT_FAILURE(filter_from_argv(&argc, argv, &filter), 1);
}
void test_invalid_input(){
argc = 1;
CPPUNIT_ASSERT( filter_from_argv(NULL, NULL, NULL) == EINVAL );
CPPUNIT_ASSERT( filter_from_argv(&argc, NULL, NULL) == EINVAL );
CPPUNIT_ASSERT( filter_from_argv(&argc, NULL, &filter) == EINVAL );
}
void test_empty(){
argc = 0;
CPPUNIT_ASSERT( filter_from_argv(&argc, NULL, &filter) == 0 );
}
