static int dist_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int flow_descr)
{
mapiFunctArg* fargs=instance->args;
int fid,fd;
char *minstr, *maxstr, *intervalstr;
dist_internal_t *i=instance->internal_data=malloc(sizeof(dist_internal_t));
dist_t *dist=instance->result.data;
fd=getargint(&fargs);
fid=getargint(&fargs);
minstr = getargstr(&fargs);
maxstr = getargstr(&fargs);
intervalstr = getargstr(&fargs);
dist->min=fhlp_str2ull(minstr);
dist->max=fhlp_str2ull(maxstr);
i->interval=fhlp_str2ull(intervalstr);
i->num=ceil(((double)(dist->max-dist->min)/(double)i->interval));
i->res_instance=fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid);
dist->intervals=i->num;
DEBUG_CMD(Debug_Message("Distribution: num=%lld", i->num));
dist_reset(instance);
return 0;
}
static int dist_instance(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd,
MAPI_UNUSED mapidflib_flow_mod_t *flow_mod)
{
int afd,fid;
unsigned long long min,max,interval;
char *minstr, *maxstr, *intervalstr;
mapiFunctArg* fargs=instance->args;
afd=getargint(&fargs);
fid=getargint(&fargs);
minstr = getargstr(&fargs);
maxstr = getargstr(&fargs);
intervalstr = getargstr(&fargs);
if(fhlp_get_function_instance(instance->hwinfo->gflist,afd,fid)==NULL)
return MFUNCT_INVALID_ARGUMENT_1;
if(minstr)
min=fhlp_str2ull(minstr);
else
return MFUNCT_INVALID_ARGUMENT_3;
if(maxstr)
max=fhlp_str2ull(maxstr);
else
return MFUNCT_INVALID_ARGUMENT_4;
if(interval)
interval=fhlp_str2ull(intervalstr);
else
return MFUNCT_INVALID_ARGUMENT_5;
if(min>max)
return MFUNCT_INVALID_ARGUMENT;
if(interval>(max-min))
return MFUNCT_INVALID_ARGUMENT_4;
instance->def->shm_size=sizeof(unsigned long long)*(ceil((double)(max-min)/(double)interval)+1)+sizeof(dist_t);
DEBUG_CMD(Debug_Message("SIZE: %d", instance->def->shm_size));
return 0;
};
static int bpf_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd)
//Initializes the function
{
char* str;
mapiFunctArg* fargs;
int result;
fargs=instance->args;
str =(char*) getargstr(&fargs);
/* Should really apply fitlers here instead */
return 0;
}
static int anonymizeip_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int flow_descr)
{
anonip_inst_t *i=malloc(sizeof(anonip_inst_t));
mapiFunctArg* fargs=instance->args;
char *str;
instance->internal_data=i;
str=getargstr(&fargs);
PAnonymizer_Init(&i->anon_instance,str);
return 0;
}
static void
setatrange_impl(prop_dictionary_t env, prop_dictionary_t oenv,
struct netrange *nr)
{
char range[24];
u_short first = 123, last = 123;
if (getargstr(env, "range", range, sizeof(range)) == -1)
return;
if (sscanf(range, "%hu-%hu", &first, &last) != 2 ||
first == 0 || last == 0 || first > last)
errx(EXIT_FAILURE, "%s: illegal net range: %u-%u", range,
first, last);
nr->nr_firstnet = htons(first);
nr->nr_lastnet = htons(last);
}
static int
setifbssid(prop_dictionary_t env, prop_dictionary_t oenv)
{
char buf[24];
struct ieee80211_bssid bssid;
struct ether_addr *ea;
if (getargstr(env, "bssid", buf, sizeof(buf)) == -1)
errx(EXIT_FAILURE, "%s: BSSID too long", __func__);
ea = ether_aton(buf);
if (ea == NULL) {
errx(EXIT_FAILURE, "malformed BSSID: %s", buf);
return -1;
}
memcpy(&bssid.i_bssid, ea->ether_addr_octet,
sizeof(bssid.i_bssid));
if (direct_ioctl(env, SIOCS80211BSSID, &bssid) == -1)
err(EXIT_FAILURE, "SIOCS80211BSSID");
return 0;
}
static int strsearch_instance(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd,
MAPI_UNUSED mapidflib_flow_mod_t *flow_mod)
{
mapiFunctArg* fargs=instance->args;
char *str = getargstr(&fargs);
int offset = getargint(&fargs);
int depth = getargint(&fargs);
if(!str)
return MFUNCT_INVALID_ARGUMENT_1;
if(str==NULL)
return MFUNCT_INVALID_ARGUMENT_1;
else if(strlen(str) < 1) // could also force a maximum length for the pattern
return MFUNCT_INVALID_ARGUMENT_1;
if(offset < 0)
return MFUNCT_INVALID_ARGUMENT_2;
if(depth < 0)
return MFUNCT_INVALID_ARGUMENT_3;
return 0;
}
static int
setifnwkey(prop_dictionary_t env, prop_dictionary_t oenv)
{
const char *val;
char buf[256];
struct ieee80211_nwkey nwkey;
int i;
u_int8_t keybuf[IEEE80211_WEP_NKID][16];
if (getargstr(env, "nwkey", buf, sizeof(buf)) == -1)
errx(EXIT_FAILURE, "%s: nwkey too long", __func__);
val = buf;
nwkey.i_wepon = IEEE80211_NWKEY_WEP;
nwkey.i_defkid = 1;
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
nwkey.i_key[i].i_keylen = sizeof(keybuf[i]);
nwkey.i_key[i].i_keydat = keybuf[i];
}
if (strcasecmp("persist", val) == 0) {
/* use all values from persistent memory */
nwkey.i_wepon |= IEEE80211_NWKEY_PERSIST;
nwkey.i_defkid = 0;
for (i = 0; i < IEEE80211_WEP_NKID; i++)
nwkey.i_key[i].i_keylen = -1;
} else if (strncasecmp("persist:", val, 8) == 0) {
val += 8;
/* program keys in persistent memory */
nwkey.i_wepon |= IEEE80211_NWKEY_PERSIST;
goto set_nwkey;
} else {
set_nwkey:
if (isdigit((unsigned char)val[0]) && val[1] == ':') {
/* specifying a full set of four keys */
nwkey.i_defkid = val[0] - '0';
val += 2;
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
val = get_string(val, ",", keybuf[i],
&nwkey.i_key[i].i_keylen, true);
if (val == NULL) {
errno = EINVAL;
return -1;
}
}
if (*val != '\0') {
errx(EXIT_FAILURE, "SIOCS80211NWKEY: too many keys.");
}
} else {
val = get_string(val, NULL, keybuf[0],
&nwkey.i_key[0].i_keylen, true);
if (val == NULL) {
errno = EINVAL;
return -1;
}
i = 1;
}
}
for (; i < IEEE80211_WEP_NKID; i++)
nwkey.i_key[i].i_keylen = 0;
if (direct_ioctl(env, SIOCS80211NWKEY, &nwkey) == -1)
err(EXIT_FAILURE, "SIOCS80211NWKEY");
return 0;
}
static int bpf_instance(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd,
MAPI_UNUSED mapidflib_flow_mod_t *flow_mod)
{
mapiFunctArg* fargs=instance->args;
char *str = getargstr(&fargs);
if (instance->hwinfo->offline != 0) // Cant use packet classification on offline streams
return -1; // FIXME: errorcode
/*
* Checking Arguments
*/
if(str == NULL)
return MFUNCT_INVALID_ARGUMENT_1;
if(strlen(str) < 1) // could also force a maximum length for the filter expression
return MFUNCT_INVALID_ARGUMENT_1;
/*
* Dummy BPF filter compilation in order to check filter is OK.
*/
/* if((pcap = pcap_open_dead(instance->hwinfo->link_type, instance->hwinfo->cap_length)) == NULL){
DEBUG_CMD(Debug_Message("pcap_open_dead failed"));
return PCAP_OPEN_DEAD_ERR;
}
temp = malloc(sizeof(struct bpf_filter));
if(pcap_compile(pcap, ((struct bpf_program*)&((struct bpf_filter *)temp)->compiled), str, 1, 0)) {
DEBUG_CMD(Debug_Message("bpf compilation error: %s str: \"%s\"", pcap_geterr(pcap), str));
free(temp);
return PCAP_BPF_ERR;
}
pcap_close(pcap);
pcap_freecode((struct bpf_program *)&((struct bpf_filter *)temp)->compiled);
free(temp);
*/
/*
NOTE: The filter should really be applied in init() and only checked for validity here,
but as there is no way to test-compile the expression and check for resources
it's done here.
*/
int result;
PassFilter_t command;
command.WriteHW = TRUE;
sprintf(command.achFilterString, str); //"Capture[Priority=0;Feed=0]=ALL");
if((result = NTCI_PacketClassification(((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle,
STID_PASS_FILTER,
&command)) != NTCI_ERRCODE_SUCCESS) {
printf("----got errorcode %d\n",result);
FilterError_t error;
result = NTCI_PacketClassification(((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle,
STID_GET_FILTER_ERROR,
&error);
DEBUG_CMD(Debug_Message("%s",error.achFilterError1)); // stderr
DEBUG_CMD(Debug_Message("%s",error.achFilterError2)); // stderr
DEBUG_CMD(Debug_Message("%s",error.achFilterError3)); // stderr
return MFUNCT_COULD_NOT_APPLY_FUNCT; // FIXME: errorcode
}
instance->internal_data = malloc(sizeof(struct bpf_internal_data));
struct bpf_internal_data *idata = (struct bpf_internal_data *)instance->internal_data;
idata->napatechhandle = ((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle;
idata->expression = strdup(command.achFilterString);
idata->filter_id = command.ReturnData.u.FilterIndex.FilterId;
idata->group_index = command.ReturnData.u.FilterIndex.u.GroupIndex;
DEBUG_CMD(Debug_Message("BPF_NTPL: %s\n\tFilterId: %u GroupIndex: 0x%lx", idata->expression, idata->filter_id, idata->group_index));
return 0;
}
static int strsearch_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd)
//Initializes the function
{
char *str, *strbak;
int off, dpth;
unsigned char *tmpstr, *tstrbak;
unsigned char *ret; // holds the final parsed string
int len=0; // length of the final parsed string
unsigned short pattern_ctr = 0;
char hexpair[3];
mapiFunctArg* fargs;
struct mapid_strsearch_pattern *pattern = NULL;
struct mapid_strsearch_pattern *lastptrn, *tmpptrn = NULL;
fargs=instance->args;
str = getargstr(&fargs);
off = getargint(&fargs);
dpth = getargint(&fargs);
/* parse pattern
*
* Non printable characters or general binary content can be specified by
* using pipes enclosing the binary data which are represented in hex
* values for each byte. For example, 'abcd' is the same as '|61 62 63
* 64|' or 'ab|63 64|' or '|61|b|6364|. If the pipe character needs to be
* searched, it should be preceeded by a '\'.
*/
strbak = str; // backup pointer
tstrbak = tmpstr = (unsigned char *)malloc(strlen(str)*sizeof(char));
ret=tmpstr;
hexpair[2]='\0';
while(*str!='\0') {
// Two pipes "||" separates two match strings.
// A||B will match both a packet with either A or B in it.
if (*str == '|' && *(str+1) == '|') // Should be safe since last char will be '\0'
{
if (!isEscaped(str))
{
len=tmpstr-ret;
if (len <= 0)
{
// Empty OR node, skip
str += 2;
continue;
}
if((dpth > 0) && (dpth < len))
{
DEBUG_CMD(Debug_Message("The depth (%d) is less than the size of the pattern (%d)", dpth, len));
return MDLIB_STRSEARCH_DEPTH_LESS_THAN_PTRN_ERR;
}
tmpptrn = malloc(sizeof(struct mapid_strsearch_pattern));
tmpptrn->str = (unsigned char *)malloc(len * sizeof(char));
tmpptrn->slen = len;
tmpptrn->offset = off;
tmpptrn->depth = dpth;
memcpy(tmpptrn->str, ret, len);
//compute Boyer-Moore's shift and skip tables
tmpptrn->shift = make_shift((char *)ret, len);
tmpptrn->skip = make_skip((char *)ret, len);
tmpptrn->next = NULL;
if (pattern == NULL)
{
pattern = tmpptrn;
lastptrn = tmpptrn;
}
else
{
lastptrn->next = tmpptrn;
lastptrn = tmpptrn;
}
tmpptrn = NULL;
ret = tmpstr;
pattern_ctr++;
}
else
{
*tmpstr=*str;
tmpstr++;
}
str++;
}
// '|' means that hex mode begins unless it is escaped \|
// every hex number consists of two characters ,e.g A is written as 0A
else if(*str=='|') {
if(!isEscaped(str)) {
int hexcount=0;
str++;
//parse until closing '|'
while(*str!='|') {
if(*str=='\0') {
return MDLIB_STRSEARCH_UNTERMINATED_PIPE_ERR;
}
// |AC DE| => ignore white spaces between hex numbers
if(*str==' ') {
str++;
continue;
}
//convert hex to character
hexpair[hexcount++]=*str;
if(hexcount==2) {
hexcount=0;
sscanf(hexpair,"%x",(int *)tmpstr);
tmpstr++;
}
str++;
}
}
else {
*tmpstr=*str;
tmpstr++;
}
}
// special case for escape character '\\'
else if(*str=='\\') {
if(isEscaped(str)) {
*tmpstr=*str;
tmpstr++;
}
}
else {
*tmpstr=*str;
tmpstr++;
}
str++;
}
len=tmpstr-ret;
/* end of pattern parsing */
/*
Arne: Will fix it later
funct = fhlp_get_first();
while (funct) {
if(strcmp(funct->name,"STR_SEARCH")==0)
if(funct->internal_data)
if(memcmp(((struct mapid_strsearch *)funct->internal_data)->str, ret,
((struct mapid_strsearch *)funct->internal_data)->slen) == 0)
if(((struct mapid_strsearch *)funct->internal_data)->offset == off &&
((struct mapid_strsearch *)funct->internal_data)->depth == dpth){
instance->internal_data = funct->internal_data;
printf("added optimised string search: %s offset: %d depth: %d\n",strbak, off, dpth);
return 0;
}
funct = funct->next;
}
*/
if((dpth > 0) && (dpth < len)) {
DEBUG_CMD(Debug_Message("The depth (%d) is less than the size of the pattern (%d)", dpth, len));
return MDLIB_STRSEARCH_DEPTH_LESS_THAN_PTRN_ERR;
}
if (len > 0)
{
tmpptrn = malloc(sizeof(struct mapid_strsearch_pattern));
tmpptrn->str = (unsigned char *)malloc(len * sizeof(char));
tmpptrn->slen = len;
tmpptrn->offset = off;
tmpptrn->depth = dpth;
memcpy(tmpptrn->str, ret, len);
//compute Boyer-Moore's shift and skip tables
tmpptrn->shift = make_shift((char *)ret, len);
tmpptrn->skip = make_skip((char *)ret, len);
tmpptrn->next = NULL;
if (pattern == NULL)
pattern = tmpptrn;
else
lastptrn->next = tmpptrn;
pattern_ctr++;
}
if (pattern == NULL)
{
// Invalid search term
return MDLIB_STRSEARCH_NOT_A_VALID_SEARCH_STRING;
}
instance->internal_data = malloc(sizeof(struct mapid_strsearch));
/*
((struct mapid_strsearch *)instance->internal_data)->str = (unsigned char *)malloc(len * sizeof(char));
((struct mapid_strsearch *)instance->internal_data)->slen = len;
((struct mapid_strsearch *)instance->internal_data)->offset = off;
((struct mapid_strsearch *)instance->internal_data)->depth = dpth;
memcpy(((struct mapid_strsearch *)instance->internal_data)->str, ret, len);
//compute Boyer-Moore's shift and skip tables
((struct mapid_strsearch *)instance->internal_data)->shift = make_shift((char *)ret, len);
((struct mapid_strsearch *)instance->internal_data)->skip = make_skip((char *)ret, len);
*/
((struct mapid_strsearch *)instance->internal_data)->pattern = pattern;
((struct mapid_strsearch *)instance->internal_data)->num_patterns = pattern_ctr;
((struct mapid_strsearch *)instance->internal_data)->currentIteration = 0;
DEBUG_CMD(Debug_Message("added string search: %s offset: %d depth: %d nodes: %u", strbak, off, dpth, pattern_ctr));
free(tstrbak);
return 0;
}
static int res2file_instance(mapidflib_function_instance_t *instance,
MAPI_UNUSED int flow_descr,
mapidflib_flow_mod_t *flow_mod)
{
char *head, *savestr;
int file;
char *fids,*s;
int type,fd,fid,save;
char buf[DATA_SIZE],*cfids;
char *types,*t,*t2,buf2[DATA_SIZE];
int min=0;
int reset = -1;
mapiFunctArg* fargs=instance->args;
if(!(types = getargstr(&fargs)))
return(MFUNCT_INVALID_ARGUMENT_1);
if(!(fids = getargstr(&fargs)))
return(MFUNCT_INVALID_ARGUMENT_2);
if(!(head = getargstr(&fargs)))
return(MFUNCT_INVALID_ARGUMENT_3);
if((file = getargint(&fargs)) < 0)
return(MFUNCT_INVALID_ARGUMENT_4);
else
{
struct stat sbuf;
if(fstat(file, &sbuf) == -1)
{
DEBUG_CMD(Debug_Message("Cannot fstat() file descriptor %d", file));
return(MFUNCT_INVALID_ARGUMENT_4);
}
}
if((savestr = getargstr(&fargs)) == NULL)
return(MFUNCT_INVALID_ARGUMENT_5);
if((save=parse_save(savestr))<0)
return MFUNCT_INVALID_ARGUMENT_5;
reset = getargint(&fargs);
if(!(reset == 0 || reset == 1))
return(MFUNCT_INVALID_ARGUMENT_6);
//Loop through fids and types and verify
strncpy(buf,fids,DATA_SIZE);
cfids=buf;
strncpy(buf2,types,DATA_SIZE);
t=buf2;
while((s=strchr(cfids,','))!=NULL) {
*s='\0';
if((t2=strchr(t,','))==NULL)
return MFUNCT_INVALID_ARGUMENT_1;
*t2='\0';
sscanf(cfids,"%d@%d",&fid,&fd);
if(fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid)==NULL)
return MFUNCT_INVALID_ARGUMENT_2;
if(min==0 || min>fid)
min=fid;
sscanf(t,"%d",&type);
if(type!=R2F_RAW && type!=R2F_ULLSTR && type!=R2F_ULLSEC &&
type!=R2F_STATS)
return MFUNCT_INVALID_ARGUMENT_2;
cfids=s+1;
t=t2+1;
}
sscanf(cfids,"%d@%d",&fid,&fd);
if(fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid)==NULL)
return MFUNCT_INVALID_ARGUMENT_2;
if(save==PERIODIC) {
//Move res2file in front of the other functions results are read from
flow_mod->reorder=min;
}
return 0;
};
static int res2file_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int flow_descr)
{
res2file_inst_t *i;
char *fids,*s,*f;
int type,fd,fid,c;
char *head;
char buf[DATA_SIZE],*cfids;
char *types,*t,*t2,buf2[DATA_SIZE];
mapiFunctArg* fargs=instance->args;
i=instance->internal_data=malloc(sizeof(res2file_inst_t));
mapidflib_function_instance_t *function;
types=getargstr(&fargs);
fids=getargstr(&fargs);
head=getargstr(&fargs);
i->file=getargint(&fargs);
i->save=parse_save((s=getargstr(&fargs)));
if(i->save==PERIODIC) {
i->ticks=fhlp_str2ull(s);
if(i->ticks==0)
return MFUNCT_INVALID_ARGUMENT_5;
}
i->reset=getargint(&fargs);
//Count number of fids
c=0;
f=fids;
while((s=strchr(f,','))!=NULL) {
f=s+1;
c++;
}
c++;
i->functs=malloc(sizeof(mapidflib_function_instance_t*)*c);
i->types=malloc(sizeof(int)*c);
i->numfuncts=c;
i->last=0;
//Loop through fids and types and verify
strncpy(buf,fids,DATA_SIZE);
cfids=buf;
strncpy(buf2,types,DATA_SIZE);
t=buf2;
c=0;
while((s=strchr(cfids,','))!=NULL) {
*s='\0';
if((t2=strchr(t,','))==NULL)
return MFUNCT_INVALID_ARGUMENT_1;
*t2='\0';
sscanf(cfids,"%d@%d",&fid,&fd);
function=fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid);
i->functs[c]=function;
if(function==NULL)
return MFUNCT_INVALID_ARGUMENT_2;
sscanf(t,"%d",&type);
i->types[c++]=type;
if(type!=R2F_RAW && type!=R2F_ULLSTR && type!=R2F_ULLSEC &&
type!=R2F_STATS)
return MFUNCT_INVALID_ARGUMENT_1;
cfids=s+1;
t=t2+1;
}
sscanf(cfids,"%d@%d",&fid,&fd);
function=fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid);
i->functs[c]=function;
sscanf(t,"%d",&type);
i->types[c++]=type;
write(i->file,head,strlen(head));
write(i->file,"\n",1);
return 0;
}
