int DissectInit(void)
{
prot_id = ProtId("radiotap");
wlan_id = ProtId("wlan");
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("wlan");
llc_id = ProtId("llc");
return 0;
}
int DissectInit(void)
{
int http_id;
/* part of file name */
incr = 0;
/* Http pei generator */
HttpPktDis = NULL;
http_id = ProtId("http");
if (http_id != -1) {
HttpPktDis = ProtPktDefaultDis(http_id);
}
/* protocols and attributes */
mms_id = ProtId("mms");
/* pei id */
pei_url_id = ProtPeiComptId(mms_id, "url");
pei_from_id = ProtPeiComptId(mms_id, "from");
pei_to_id = ProtPeiComptId(mms_id, "to");
pei_cc_id = ProtPeiComptId(mms_id, "cc");
pei_bcc_id = ProtPeiComptId(mms_id, "bcc");
pei_part_id = ProtPeiComptId(mms_id, "part");
pei_raw_id = ProtPeiComptId(mms_id, "raw");
/* ipp tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), MMS_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
return 0;
}
int DissectInit(void)
{
char telnet_dir[256];
/* part of file name */
incr = 0;
/* info id */
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
telnet_id = ProtId("telnet");
/* pei id */
pei_host_id = ProtPeiComptId(telnet_id, "host");
pei_user_id = ProtPeiComptId(telnet_id, "user");
pei_password_id= ProtPeiComptId(telnet_id, "password");
pei_cmd_id = ProtPeiComptId(telnet_id, "cmd");
/* telnet tmp directory */
sprintf(telnet_dir, "%s/%s", ProtTmpDir(), TELNET_TMP_DIR);
mkdir(telnet_dir, 0x01FF);
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("ip");
iphdr_len = sizeof(struct iphdr);
ipv6_id = ProtId("ipv6");
return 0;
}
int DissectInit(void)
{
char ipp_dir[256];
struct stat st;
/* part of file name */
incr = 0;
/* check local pcl6 */
if (stat("./pcl6", &st) == 0) {
/* there is a local pcl6 application */
strcpy(pcl6_path, "./pcl6");
}
/* protocols and attributes */
prot_id = ProtId("ipp");
/* pei id */
pei_url_id = ProtPeiComptId(prot_id, "url");
pei_pdffile_id = ProtPeiComptId(prot_id, "pdf");
pei_pclfile_id = ProtPeiComptId(prot_id, "pcl");
/* ipp tmp directory */
sprintf(ipp_dir, "%s/%s", ProtTmpDir(), IPP_TMP_DIR);
mkdir(ipp_dir, 0x01FF);
return 0;
}
int DissectInit(void)
{
hweth_len = sizeof(struct ethhdr);
prot_id = ProtId("eth");
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("arp");
/* pei id */
pei_mac_id = ProtPeiComptId(prot_id, "mac");
pei_ip_id = ProtPeiComptId(prot_id, "ip");
return 0;
}
int DissectInit(void)
{
int http_id;
prot_id = ProtId("httpfd");
/* Http pei generator */
HttpPktDis = NULL;
http_id = ProtId("http");
if (http_id != -1) {
HttpPktDis = ProtPktDefaultDis(http_id);
}
else {
insert_http = FALSE;
}
/* pei id */
pei_url_id = ProtPeiComptId(prot_id, "url");
pei_file_id = ProtPeiComptId(prot_id, "file");
pei_range_id = ProtPeiComptId(prot_id, "range");
pei_content_type = ProtPeiComptId(prot_id, "content_type");
return 0;
}
int DissectInit(void)
{
char rtp_dir[256];
/* part of file name */
incr = 0;
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
ipv6_id = ProtId("ipv6");
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
udp_id = ProtId("udp");
uport_dst_id = ProtAttrId(udp_id, "udp.dstport");
uport_src_id = ProtAttrId(udp_id, "udp.srcport");
rtp_id = ProtId("rtp");
rtcp_id = ProtId("rtcp");
if (rtcp_id != -1)
rtcp_phone_id = ProtAttrId(rtcp_id, "rtcp.phone");
/* pei id */
pei_from = ProtPeiComptId(rtp_id, "from");
pei_to = ProtPeiComptId(rtp_id, "to");
pei_audio_from = ProtPeiComptId(rtp_id, "audio_from");
pei_audio_to = ProtPeiComptId(rtp_id, "audio_to");
pei_audio_mix = ProtPeiComptId(rtp_id, "audio_mix");
pei_duration = ProtPeiComptId(rtp_id, "duration");
/* rtp tmp directory */
sprintf(rtp_dir, "%s/%s", ProtTmpDir(), RTP_TMP_DIR);
mkdir(rtp_dir, 0x01FF);
return 0;
}
int DissectInit(void)
{
sdp_id = ProtId("sdp");
return 0;
}
int CaptDisMain(int argc, char *argv[])
{
char ifile[RLTM_POL_PATH_DIM];
char dirpath[RLTM_POL_PATH_DIM];
char tmp[RLTM_POL_PATH_DIM];
char errbuf[PCAP_ERRBUF_SIZE];
char intrf[RLTM_POL_PATH_DIM], filter_app[RLTM_POL_PATH_DIM];
struct bpf_program filter; /* The compiled filter */
pcap_t *cap = NULL;
char *param;
int ret;
struct pcap_ref ref;
FILE *fp;
bool end, ses_id, pol_id;
struct pcap_pkthdr *pkt_header;
const u_char *pkt_data;
static time_t tm = 0;
struct pcap_file_header fh;
end = FALSE;
ses_id = FALSE;
pol_id = FALSE;
savepcap = 0;
/* pcapfile protocol id */
pol_prot_id = ProtId("pol");
if (pol_prot_id == -1) {
return -1;
}
/* serial number of packet */
pkt_serial = 1;
/* interace & filter % pol dir name*/
intrf[0] = '\0';
filter_app[0] = '\0';
dirpath[0] = '\0';
ret = RltmPolParam(argc, argv, intrf, filter_app, dirpath);
if (ret != 0) {
return -1;
}
/* check name dir */
if (dirpath[0] == '\0') {
return -1;
}
/* read pol info */
sprintf(ifile, "%s/%s", dirpath, RLTM_POL_INIT_SESSION_FILE);
fp = fopen(ifile, "r");
if (fp == NULL) {
LogPrintf(LV_ERROR, "Pol info file (%s) not present!", ifile);
return -1;
}
while (fgets(tmp, CFG_LINE_MAX_SIZE, fp) != NULL) {
/* check if line is a comment */
if (!CfgParIsComment(tmp)) {
param = strstr(tmp, RLTM_POL_SESSION_ID);
if (param != NULL) {
ret = sscanf(param, RLTM_POL_SESSION_ID"=%lu", &ref.ses_id);
if (ret == 1) {
ses_id = TRUE;
}
}
param = strstr(tmp, RLTM_POL_ID);
if (param != NULL) {
ret = sscanf(param, RLTM_POL_ID"=%lu", &ref.pol_id);
if (ret == 1) {
pol_id = TRUE;
}
}
}
}
fclose(fp);
remove(ifile);
if (ses_id == FALSE || pol_id == FALSE) {
LogPrintf(LV_ERROR, "Pol info file (%s) incomplete!", tmp);
return -1;
}
errbuf[sizeof(errbuf) - 1] = '\0';
errbuf[0] = '\0';
/* open device in promiscuous mode */
#ifdef HAVE_PCAP_CREATE
cap = pcap_create(intrf, errbuf);
#else
cap = pcap_open_live(intrf, 102400, 1, 0, errbuf);
#endif
if (cap == NULL) {
printf("Error: %s\n", errbuf);
return -1;
}
else {
#ifdef HAVE_PCAP_CREATE
ret = pcap_set_snaplen(cap, 102400);
if (ret != 0) {
printf("You have an old version of libpcap\n");
return -1;
}
ret = pcap_set_promisc(cap, 1);
if (ret != 0) {
printf("You have an old version of libpcap\n");
return -1;
}
ret = pcap_set_timeout(cap, 0);
if (ret != 0) {
printf("You have an old version of libpcap\n");
return -1;
}
/* set capture buffer size to 16 MB */
ret = pcap_set_buffer_size(cap, (1<<24));
if (ret != 0) {
printf("You have an old version of libpcap\n");
return -1;
}
ret = pcap_activate(cap);
if (ret != 0) {
printf("pcap_activate failed '%s'\n", pcap_geterr(cap));
return -1;
}
#endif
/* compile and apply the filter */
if (pcap_compile(cap, &filter, filter_app, 1, 0) < 0) {
printf("Bad filter %s\n", filter_app);
pcap_perror(cap, "Filter");
return -1;
}
pcap_setfilter(cap, &filter);
pcap_freecode(&filter);
/* interface */
ref.dev = intrf;
/* data link type */
ref.dlt = pcap_datalink(cap);
/* packet counter */
ref.cnt = 0;
/* end filename */
sprintf(ifile, "%s/%s", dirpath, RLTM_POL_END_SESSION_FILE);
if (savepcap) {
/* pcap file for debug */
sprintf(pcap_deb, "/opt/xplico/pol_%li/sol_%li/raw/interface_%s_%lu.pcap", ref.pol_id, ref.ses_id, intrf, time(NULL));
fp_pcap = fopen(pcap_deb, "w");
crash_ref_name = pcap_deb;
memset(&fh, 0, sizeof(struct pcap_file_header));
fh.magic = 0xA1B2C3D4;
fh.version_major = PCAP_VERSION_MAJOR;
fh.version_minor = PCAP_VERSION_MINOR;
fh.snaplen = 65535;
fh.linktype = ref.dlt;
if (fp_pcap != NULL) {
fwrite((char *)&fh, 1, sizeof(struct pcap_file_header), fp_pcap);
}
else {
LogPrintf(LV_ERROR, "Debug raw file failed: %s", pcap_deb);
sprintf(pcap_deb, "Real Time");
}
}
else {
fp_pcap = NULL;
}
do {
/* read data */
if (pcap_next_ex(cap, &pkt_header, &pkt_data) == -1) {
/* exit */
break;
}
else {
/* decode data */
RltmPolDissector((u_char *)&ref, pkt_header, pkt_data);
}
/* check the end */
if (time(NULL) > tm) {
tm = time(NULL) + 1;
fp = fopen(ifile, "r");
if (fp != NULL) {
end = TRUE;
fclose(fp);
}
}
} while (end == FALSE);
pcap_close(cap);
/* remove file */
remove(ifile);
}
if (fp_pcap != NULL)
fclose(fp_pcap);
return 0;
}
int CaptDisMain(int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char infile[PCAP_PATH_DIM], dirpath[PCAP_PATH_DIM];
char **list;
char *pcap_file;
int i, num;
pcap_t *cap = NULL;
int ret;
DIR *dir;
struct dirent *entry;
struct cap_ref ref;
FILE *fp;
struct snoop_file_header snooph;
static bool tresp;
/* pcapfile protocol id */
pcap_prot_id = ProtId("pcapf");
if (pcap_prot_id == -1) {
printf("It is necessary to load (from config file) the dissector pcapf\n");
return -1;
}
/* serial number of packet */
pkt_serial = 1;
/* pcap file/dir name */
infile[0] = '\0';
dirpath[0] = '\0';
tresp = FALSE;
ret = PcapParam(argc, argv, infile, dirpath, &tresp);
if (ret != 0) {
return -1;
}
/* ^C */
ciao = FALSE;
signal(SIGTERM, PcapCiao);
signal(SIGINT, PcapCiao);
list = NULL;
num = 0;
if (dirpath[0] != '\0') {
dir = opendir(dirpath);
if (dir == NULL) {
perror("");
return -1;
}
/* file list */
while((entry = readdir(dir)) != NULL) {
if (entry->d_name[0] == '.')
continue;
list = xrealloc(list, sizeof(char *)*(num+1));
list[num] = xmalloc(strlen(dirpath)+strlen(entry->d_name)+5);
sprintf(list[num], "%s/%s", dirpath, entry->d_name);
num++;
}
qsort(list, num, sizeof(char *), ListSort);
closedir(dir);
if (num == 0) {
printf("Directory without pcap/snoop file\n");
return -1;
}
#if 0
/* list debug */
printf("Files list:\n");
for (i=0; i!=num; i++) {
printf(" %s\n", list[i]);
}
#endif
pcap_file = list[0];
}
else
pcap_file = infile;
i = 0;
do {
errbuf[sizeof(errbuf) - 1] = '\0';
errbuf[0] = '\0';
/* open the input pcap file */
cap = pcap_open_offline(pcap_file, errbuf);
if (cap != NULL) {
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
ref.dlt = pcap_datalink(cap);
/* packet counter */
ref.cnt = 0;
/* let pcap loop over the input, passing data to the decryptor */
if (tresp)
pcap_loop(cap, -1, (pcap_handler)&PcapDissectorTsec, (u_char*)&ref);
else
pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref);
pcap_close(cap);
}
else {
/* try with snoop */
fp = fopen(pcap_file, "r");
if (fp != NULL) {
if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) {
if (strcmp(snooph.format_name, "snoop") != 0) {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
else {
snooph.version = ntohl(snooph.version);
snooph.mac = ntohl(snooph.mac);
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
switch (snooph.mac) {
case 0x04:
ref.dlt = DLT_EN10MB;
break;
case 0x08:
ref.dlt = DLT_FDDI;
break;
case 0x12:
ref.dlt = DLT_SUNATM;
break;
}
/* packet counter */
ref.cnt = 0;
SnoopDissector(fp, &ref);
fclose(fp);
fp = NULL;
}
}
else {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
else {
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
i++;
if (i < num)
pcap_file = list[i];
} while (i<num && !ciao);
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("chdlc");
return 0;
}
int CaptDisMain(int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char dirpath[PCAP_PATH_DIM];
char tmp[PCAP_PATH_DIM];
char ifile[PCAP_PATH_DIM];
char *pcap_file, *param;
bool end, ses_id, pol_id;
pcap_t *cap = NULL;
int res;
struct cap_ref ref;
struct timespec to;
FILE *fp;
struct stat info_a, info_b;
struct snoop_file_header snooph;
char *filter_app;
struct bpf_program filter; /* The compiled filter */
bool one;
end = FALSE;
ses_id = FALSE;
pol_id = FALSE;
pcap_file = NULL;
filter_app = NULL;
/* pol protocol id */
pol_prot_id = ProtId("pol");
if (pol_prot_id == -1) {
return -1;
}
/* serial number of packet */
pkt_serial = 1;
/* pol dir name */
dirpath[0] = '\0';
res = PolParam(argc, argv, dirpath, &filter_app);
if (res != 0) {
return -1;
}
/* check name dir */
if (dirpath[0] == '\0') {
return -1;
}
/* read pol info */
sprintf(ifile, "%s/%s", dirpath, POL_INIT_SESSION_FILE);
fp = fopen(ifile, "r");
if (fp == NULL) {
LogPrintf(LV_ERROR, "Pol info file (%s) not present!", ifile);
return -1;
}
while (fgets(tmp, CFG_LINE_MAX_SIZE, fp) != NULL) {
/* check if line is a comment */
if (!CfgParIsComment(tmp)) {
param = strstr(tmp, POL_SESSION_ID);
if (param != NULL) {
res = sscanf(param, POL_SESSION_ID"=%lu", &ref.ses_id);
if (res == 1) {
ses_id = TRUE;
}
}
param = strstr(tmp, POL_POL_ID);
if (param != NULL) {
res = sscanf(param, POL_POL_ID"=%lu", &ref.pol_id);
if (res == 1) {
pol_id = TRUE;
}
}
}
}
fclose(fp);
remove(ifile);
sprintf(file_status, "%s/../../tmp/%s", dirpath, POL_POL_STATUS);
if (ses_id == FALSE || pol_id == FALSE) {
LogPrintf(LV_ERROR, "Pol info file (%s) incomplete!", tmp);
return -1;
}
/* pcap file decoding */
do {
/* pcap file name */
do {
pcap_file = PolFile(dirpath, &one);
if (pcap_file == NULL) {
/* timeout */
to.tv_sec = 2;
to.tv_nsec = 1;
if (!end) {
/* wait new file */
while (nanosleep(&to, &to) != 0)
;
}
}
else {
/* check if the file is the end file flag */
if (strstr(pcap_file, POL_END_SESSION_FILE) != NULL) {
end = TRUE;
remove(pcap_file);
xfree(pcap_file);
pcap_file = PolFile(dirpath, &one);
}
}
} while (pcap_file == NULL && end == FALSE);
if (pcap_file != NULL) {
/* wait file download completition */
if (one) {
do {
/* timeout */
to.tv_sec = 5;
to.tv_nsec = 1;
stat(pcap_file, &info_a);
nanosleep(&to, NULL);
stat(pcap_file, &info_b);
} while (info_a.st_size != info_b.st_size);
}
errbuf[sizeof(errbuf) - 1] = '\0';
errbuf[0] = '\0';
/* open the input pcap file (or stdin) */
cap = pcap_open_offline(pcap_file, errbuf);
if (cap != NULL) {
/* compile and apply the filter */
if (filter_app != NULL) {
if (pcap_compile(cap, &filter, filter_app, 1, 0) < 0) {
printf("Bad filter %s\n", filter_app);
pcap_perror(cap, "Filter");
return -1;
}
pcap_setfilter(cap, &filter);
pcap_freecode(&filter);
}
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
ref.dlt = pcap_datalink(cap);
/* packet counter */
ref.cnt = 0;
/* let pcap loop over the input, passing data to the decryptor */
pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref);
pcap_close(cap);
}
else {
/* try with snoop */
fp = fopen(pcap_file, "r");
if (fp != NULL) {
if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) {
if (strcmp(snooph.format_name, "snoop") != 0) {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
else {
snooph.version = ntohl(snooph.version);
snooph.mac = ntohl(snooph.mac);
/* file name */
ref.file_name = pcap_file;
strncpy(file_source, pcap_file, PCAP_PATH_DIM);
/* data link type */
switch (snooph.mac) {
case 0x04:
ref.dlt = DLT_EN10MB;
break;
case 0x08:
ref.dlt = DLT_FDDI;
break;
case 0x12:
ref.dlt = DLT_SUNATM;
break;
}
/* packet counter */
ref.cnt = 0;
SnoopDissector(fp , &ref);
fclose(fp);
fp = NULL;
}
}
else {
fclose(fp);
fp = NULL;
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
else {
LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf);
}
}
/* remove file */
remove(pcap_file);
xfree(pcap_file);
}
} while (pcap_file);
if (filter_app != NULL)
xfree(filter_app);
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("pppoe");
return 0;
}
int DissectInit(void)
{
prot_id = ProtId("gtp");
return 0;
}
int DispatchInit(const char *file_cfg)
{
FILE *fp;
char module_dir[CFG_LINE_MAX_SIZE];
char buffer[CFG_LINE_MAX_SIZE];
char bufcpy[CFG_LINE_MAX_SIZE];
char module_path[CFG_LINE_MAX_SIZE];
char module_name[CFG_LINE_MAX_SIZE];
char mask[CFG_LINE_MAX_SIZE];
char manip_name[CFG_LINE_MAX_SIZE];
char manip_host[CFG_LINE_MAX_SIZE];
char manip_bin[CFG_LINE_MAX_SIZE];
unsigned int manip_port;
char *param;
unsigned short logm;
int res, nl, val, i;
pthread_t pid;
/* default */
parallel = FALSE;
pei_ins = 0;
pei_pend = 0;
manip = NULL;
manip_num = 0;
/* find directory location of module from config file */
fp = fopen(file_cfg, "r");
if (fp == NULL) {
LogPrintf(LV_ERROR, "Config file can't be opened");
return -1;
}
/* copy path */
config_path = xmalloc(strlen(file_cfg) + 1);
strcpy(config_path, file_cfg);
/* modules */
module_dir[0] = '\0';
module_name[0] = '\0';
manip_bin[0] = '\0';
manip_host[0] = '\0';
nl = 0;
while (fgets(buffer, CFG_LINE_MAX_SIZE, fp) != NULL) {
nl++;
/* check all line */
if (strlen(buffer)+1 == CFG_LINE_MAX_SIZE) {
LogPrintf(LV_ERROR, "Config file line more length to %d characters", CFG_LINE_MAX_SIZE);
return -1;
}
/* check if line is a comment */
if (!CfgParIsComment(buffer)) {
/* modules directory */
param = strstr(buffer, CFG_PAR_MODULES_DIR);
if (param != NULL) {
if (module_dir[0] != '\0') {
LogPrintf(LV_ERROR, "Config param error: param '%s' defined two times", CFG_PAR_MODULES_DIR);
return -1;
}
res = sscanf(param, CFG_PAR_MODULES_DIR"=%s %s", module_dir, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
}
}
/* dispatcher module name */
param = strstr(buffer, CFG_PAR_DISPATCH"=");
if (param != NULL) {
if (module_name[0] != '\0') {
LogPrintf(LV_ERROR, "Config param error: param '%s' defined two times", CFG_PAR_DISPATCH);
return -1;
}
res = sscanf(param, CFG_PAR_DISPATCH"=%s %s", module_name, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
/* log mask */
res = strncmp(bufcpy, CFG_PAR_MODULE_LOG, strlen(CFG_PAR_MODULE_LOG));
if (res != 0) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
param = strstr(param, CFG_PAR_MODULE_LOG);
res = sscanf(param, CFG_PAR_MODULE_LOG"=%s %s", mask, bufcpy);
logm = LV_BASE;
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
logm |= CfgParLogMask(mask, nl);
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
/* set mask */
LogSetMask(LOG_COMPONENT, logm);
}
}
}
/* parallel o serial insert */
param = strstr(buffer, CFG_PAR_DISPATCH_PARAL);
if (param != NULL) {
res = sscanf(param, CFG_PAR_DISPATCH_PARAL"=%i %s", &val, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
else {
if (val == 1)
parallel = TRUE;
else
parallel = FALSE;
}
}
}
/* manipulator connection info */
param = strstr(buffer, CFG_PAR_DISPATCH_MANIP_NAME"=");
if (param != NULL) {
res = sscanf(param, CFG_PAR_DISPATCH_MANIP_NAME"=%s %s", manip_name, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
/* manipulator host */
res = strncmp(bufcpy, CFG_PAR_DISPATCH_MANIP_HOST, strlen(CFG_PAR_DISPATCH_MANIP_HOST));
if (res != 0) {
param = strstr(param, CFG_PAR_DISPATCH_MANIP_BIN);
if (param != NULL) {
res = sscanf(param, CFG_PAR_DISPATCH_MANIP_BIN"=%s %s", manip_bin, bufcpy);
if (res > 0) {
/* inset manip in table */
manip = xrealloc(manip, sizeof(manip_con)*(manip_num + 1));
memset(&(manip[manip_num]), 0, sizeof(manip_con));
strcpy(manip[manip_num].name, manip_name);
strcpy(manip[manip_num].host, manip_host);
strcpy(manip[manip_num].bin, manip_bin);
manip[manip_num].port = 0;
manip[manip_num].sock = -1;
manip[manip_num].wait = FALSE;
manip[manip_num].peil = NULL;
manip[manip_num].peilast = NULL;
/* check pei of protocol */
manip[manip_num].pid = ProtId(manip[manip_num].name);
manip[manip_num].mux = xmalloc(sizeof(pthread_mutex_t));
pthread_mutex_init(manip[manip_num].mux, NULL);
if (manip[manip_num].pid == -1) {
LogPrintf(LV_WARNING, "Protocol Manipulator %s haven't PEI", manip[manip_num].name);
}
manip_num++;
}
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
}
else {
param = strstr(param, CFG_PAR_DISPATCH_MANIP_HOST);
res = sscanf(param, CFG_PAR_DISPATCH_MANIP_HOST"=%s %s", manip_host, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
res = strncmp(bufcpy, CFG_PAR_DISPATCH_MANIP_PORT, strlen(CFG_PAR_DISPATCH_MANIP_PORT));
if (res != 0) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy);
return -1;
}
param = strstr(param, CFG_PAR_DISPATCH_MANIP_PORT);
res = sscanf(param, CFG_PAR_DISPATCH_MANIP_PORT"=%d %s", &manip_port, bufcpy);
if (res > 0) {
if (res == 2 && !CfgParIsComment(bufcpy)) {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
/* inset manip in table */
manip = xrealloc(manip, sizeof(manip_con)*(manip_num + 1));
memset(&(manip[manip_num]), 0, sizeof(manip_con));
strcpy(manip[manip_num].name, manip_name);
strcpy(manip[manip_num].host, manip_host);
manip[manip_num].bin[0] = '\0';
manip[manip_num].port = manip_port;
manip[manip_num].sock = -1;
manip[manip_num].wait = FALSE;
manip[manip_num].peil = NULL;
manip[manip_num].peilast = NULL;
/* check pei of protocol */
manip[manip_num].pid = ProtId(manip[manip_num].name);
manip[manip_num].mux = xmalloc(sizeof(pthread_mutex_t));
pthread_mutex_init(manip[manip_num].mux, NULL);
if (manip[manip_num].pid == -1) {
LogPrintf(LV_WARNING, "Protocol Manipulator %s haven't PEI", manip[manip_num].name);
}
manip_num++;
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
}
}
else {
LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer);
return -1;
}
}
}
}
}
fclose(fp);
/* check name */
if (module_name[0] == '\0') {
LogPrintf(LV_WARNING, "The dispatch module isn't defined, will be used 'none' dispatch module");
printf("The dispatch module isn't defined, will be used 'none' dispatch module\n");
/* default dispatcher */
strcpy(module_name, "disp_none.so");
}
/* module path */
sprintf(module_path, "%s/%s", module_dir, module_name);
/* open module */
handle = dlopen(module_path, RTLD_LAZY);
if (handle == NULL) {
printf("Can't load dispatch module %s\n", dlerror());
return -1;
}
/* inizilizations of all software that can be used in dispatcer modules */
/* gearth initialization */
if (GearthInit(file_cfg) == -1) {
return -1;
}
/* end inizilizations of all software that can be used in dispatcer modules */
/* attach functions */
DispInit = dlsym(handle, DISP_INIT_FUN);
if (DispInit == NULL) {
printf("Dispatch module don't contain function %s\n", DISP_INIT_FUN);
return -1;
}
DispEnd = dlsym(handle, DISP_END_FUN);
if (DispEnd == NULL) {
printf("Dispatch module don't contain function %s\n", DISP_END_FUN);
return -1;
}
DispInsPei = dlsym(handle, DISP_INDPEI_FUN);
if (DispInsPei == NULL) {
printf("Dispatch module don't contain function %s\n", DISP_INDPEI_FUN);
return -1;
}
/* initialize dispatcher module */
if (DispInit(file_cfg) == -1) {
printf("Dispatch module initialization error\n");
return -1;
}
if (DispManipInit() == -1) {
printf("Dispatch to manipulator initialization error\n");
return -1;
}
/* parallel or serial */
pthread_mutex_init(&plist_mux, NULL);
if (parallel == FALSE) {
/* in this case single dissector that generate and insert one PEI call 'directly' the
insert function of dispatcher module, otherwise a thread is the middelware from dissectors
and dispatch function module */
pthread_cond_init(&plist_cond, NULL);
plist = NULL;
plist_end = NULL;
res = pthread_create(&pid, NULL, DispatchAgent, NULL);
if (res != 0) {
printf("Dispatch Agent setup failed");
LogPrintf(LV_ERROR, "Dispatch Agent setup failed");
return -1;
}
pthread_detach(pid);
}
/* manipeagtor info */
for (i=0; i!=manip_num; i++) {
LogPrintf(LV_START, "Manipulator ---> %s host:%s port:%d", manip[i].name, manip[i].host, manip[i].port);
}
return 0;
}
int DissectInit(void)
{
char tmp_dir[256];
int i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
pthrs_ins = 0;
pthread_mutex_init(&pthrs_mux, NULL);
prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *));
prl_thrs_en = xmalloc(pthrs_dim*sizeof(char));
if (prl_thrs != NULL) {
memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *));
for (i=0; i!=pthrs_dim; i++) {
prl_thrs_en[i] = 0;
}
}
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
syn_id = ProtAttrId(tcp_id, "tcp.syn");
}
tcp_ca_id = ProtId("tcp-ca");
/* pei id */
pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src");
pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst");
pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns");
pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src");
pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst");
pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot");
pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat");
pei_long_id = ProtPeiComptId(tcp_ca_id, "long");
pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code");
pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent");
pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv");
pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent");
pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv");
pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent");
pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv");
pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent");
pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv");
pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata");
pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* ndpi */
ndpi = ndpi_init_detection_module();
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}
int DispInit(const char *cfg_file)
{
char buffer[CFG_LINE_MAX_SIZE];
char bufcpy[CFG_LINE_MAX_SIZE];
char *param;
FILE *fp;
int res, i;
LogPrintf(LV_DEBUG, "PCAP2WAV Dispatcher");
nrtp = 0;
/* read configuration file */
fp = fopen(cfg_file, "r");
if (fp == NULL) {
LogPrintf(LV_ERROR, "Config file can't be opened");
return -1;
}
res = 0;
while (fgets(buffer, CFG_LINE_MAX_SIZE, fp) != NULL) {
/* check if line is a comment */
if (!CfgParIsComment(buffer)) {
param = strstr(buffer, CFG_PAR_XDECODE);
if (param != NULL) {
res = sscanf(param, CFG_PAR_XDECODE"=%s %s", xdecode, bufcpy);
if (res > 0) {
break;
}
}
}
}
fclose(fp);
if (!res) {
strcpy(xdecode, XCLI_BASE_DIR);
}
else {
i = 0;
while (xdecode[i] != '\0' && xdecode[i] != '\0')
i++;
xdecode[i] = '\0';
}
tstart = time(NULL);
ip_id = ProtId("ip");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
}
ipv6_id = ProtId("ipv6");
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
}
/* pei id */
rtp_id = ProtId("rtp");
if (rtp_id != -1) {
pei_rtp_from = ProtPeiComptId(rtp_id, "from");
pei_rtp_to = ProtPeiComptId(rtp_id, "to");
pei_rtp_audio_from = ProtPeiComptId(rtp_id, "audio_from");
pei_rtp_audio_to = ProtPeiComptId(rtp_id, "audio_to");
pei_rtp_audio_mix = ProtPeiComptId(rtp_id, "audio_mix");
pei_rtp_duration = ProtPeiComptId(rtp_id, "duration");
}
/* directory for repository */
mkdir(xdecode, 0x01FF);
return 0;
}
int DissectInit(void)
{
char tmp_dir[256];
unsigned short i;
NDPI_PROTOCOL_BITMASK all;
/* part of file name */
incr = 0;
incr_dig = 0;
/* info id */
ppp_id = ProtId("ppp");
eth_id = ProtId("eth");
ip_id = ProtId("ip");
ipv6_id = ProtId("ipv6");
tcp_id = ProtId("tcp");
if (ip_id != -1) {
ip_dst_id = ProtAttrId(ip_id, "ip.dst");
ip_src_id = ProtAttrId(ip_id, "ip.src");
ip_offset_id = ProtAttrId(ip_id, "ip.offset");
}
if (ipv6_id != -1) {
ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst");
ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src");
ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset");
}
if (tcp_id != -1) {
port_dst_id = ProtAttrId(tcp_id, "tcp.dstport");
port_src_id = ProtAttrId(tcp_id, "tcp.srcport");
lost_id = ProtAttrId(tcp_id, "tcp.lost");
}
tcp_grb_id = ProtId("tcp-grb");
/* pei id */
pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot");
pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt");
pei_size_id = ProtPeiComptId(tcp_grb_id, "size");
pei_file_id = ProtPeiComptId(tcp_grb_id, "file");
pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype");
/* tmp directory */
sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR);
mkdir(tmp_dir, 0x01FF);
/* init dig */
if (enable_dig) {
for (i=0; i!=dig_type_dim; i++) {
if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) {
dig_tbl[i].start = strdup(dig_tbl[i].starttxt);
if (dig_tbl[i].start == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start);
}
if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) {
dig_tbl[i].end = strdup(dig_tbl[i].endtxt);
if (dig_tbl[i].end == NULL) {
LogPrintf(LV_FATAL, "No memory!");
return -1;
}
dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end);
}
//printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen);
}
}
/* ndpi */
pthread_mutex_init(&ndpi_mux, NULL);
ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf);
if (ndpi == NULL) {
LogPrintf(LV_ERROR, "nDPi initializzation failed");
return -1;
}
/* enable all protocols */
NDPI_BITMASK_SET_ALL(all);
ndpi_set_protocol_detection_bitmask2(ndpi, &all);
ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct();
ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct();
return 0;
}
