void parse_command_line_parameters(int argc, char **argv){
/* parse command line */
int c;
while ((c=getopt(argc, argv, "hf:v:")) != -1) {
switch (c) {
case 'f':
config_file = optarg;
break;
case 'v':
msg_setlevel(atoi(optarg));
break;
case 'h':
default:
/* print usage and quit vermont, if unknow switch */
usage();
exit(1);
}
}
if (config_file == NULL)
{
usage();
exit(1);
}
}
int main(int argc, char *argv[]) {
int lport = DEFAULT_LISTEN_PORT;
std::string proto = "udp";
msg_setlevel(MSG_DEBUG);
signal(SIGINT, sigint);
if (!(argc == 1 || argc == 2 || argc == 3)) {
usage();
return -1;
}
if (argc == 2)
proto = argv[1];
if (argc == 3)
lport = atoi(argv[2]);
IpfixReceiver* ipfixReceiver = 0;
if (proto == "udp") {
msg(MSG_INFO, "Creating UDP listener on port %i", lport);
ipfixReceiver = new IpfixReceiverUdpIpV4(lport);
} else if (proto == "sctp") {
#ifdef SUPPORT_SCTP
ipfixReceiver = new IpfixReceiverSctpIpV4(lport, "127.0.0.1");
#else
msg(MSG_FATAL, "testcollector has been compiled without sctp support");
return -1;
#endif
} else {
msg(MSG_FATAL, "Protocol %s is not supported as a transport protocol for IPFIX data", proto.c_str());
return -1;
}
IpfixCollector collector(ipfixReceiver);
ConnectionQueue<IpfixRecord*> queue(100);
IpfixPrinter printer;
collector.connectTo(&queue);
queue.connectTo(&printer);
printer.start();
queue.start();
collector.start();
msg(MSG_DIALOG, "Hit Ctrl+C to quit");
pause();
msg(MSG_DIALOG, "Stopping threads and tidying up.\n");
msg(MSG_DIALOG, "stopping collector\n");
collector.shutdown();
queue.shutdown();
printer.shutdown();
return 0;
}
int main(int argc, char *argv[]) {
int lport = DEFAULT_LISTEN_PORT;
msg_setlevel(MSG_DEFAULT);
signal(SIGINT, sigint);
if(argv[1]) {
lport=atoi(argv[1]);
}
initializeIpfixPrinters();
initializeIpfixCollectors();
IpfixPrinter* ipfixPrinter = createIpfixPrinter();
startIpfixPrinter(ipfixPrinter);
IpfixCollector* ipfixCollector = createIpfixCollector();
IpfixReceiver* ipfixReceiver = createIpfixReceiver(UDP_IPV4, lport);
addIpfixReceiver(ipfixCollector, ipfixReceiver);
IpfixPacketProcessor* ipfixPacketProcessor = createIpfixPacketProcessor();
IpfixParser* ipfixParser = createIpfixParser();
/* (not in this branch of rcvIpfix)
if (argc > 2) {
msg(MSG_DIALOG, "Adding %s to list of authorized hosts", argv[2]);
addIpfixReceiverAuthorizedHost(ipfixReceiver, argv[2]);
}
*/
addIpfixParserCallbacks(ipfixParser, getIpfixPrinterCallbackInfo(ipfixPrinter));
setIpfixParser(ipfixPacketProcessor, ipfixParser);
addIpfixPacketProcessor(ipfixCollector, ipfixPacketProcessor);
startIpfixCollector(ipfixCollector);
msg(MSG_DIALOG, "Listening on %d. Hit Ctrl+C to quit", lport);
pause();
msg(MSG_DIALOG, "Stopping threads and tidying up.");
stopIpfixCollector(ipfixCollector);
destroyIpfixCollector(ipfixCollector);
deinitializeIpfixReceivers();
stopIpfixPrinter(ipfixPrinter);
destroyIpfixPrinter(ipfixPrinter);
deinitializeIpfixPrinters();
return 0;
}
int main(int argc, char *argv[]) {
int lport = DEFAULT_LISTEN_PORT;
msg_setlevel(MSG_DEFAULT);
signal(SIGINT, sigint);
if(argv[1]) {
lport=atoi(argv[1]);
}
// needs to be a pointer because its freed in d'tor of IpfixCollector
IpfixReceiverUdpIpV4* ipfixReceiver = new IpfixReceiverUdpIpV4(lport);
IpfixCollector collector(ipfixReceiver);
ConnectionQueue<IpfixRecord*> queue(100);
IpfixPrinter printer;
collector.connectTo(&queue);
queue.connectTo(&printer);
printer.start();
queue.start();
collector.start();
// FIXME: test temporarily deactivated
/*IpfixParser ipfixParser;
ipfixParser.addFlowSink(&ipfixPrinter);
IpfixCollector ipfixCollector;
ipfixCollector.addIpfixReceiver(&ipfixReceiver);
ipfixCollector.addIpfixPacketProcessor(&ipfixParser);
ipfixCollector.start();*/
msg(MSG_DIALOG, "Listening on %d. Hit Ctrl+C to quit\n", lport);
pause();
msg(MSG_DIALOG, "Stopping threads and tidying up.\n");
collector.shutdown();
queue.shutdown();
printer.shutdown();
return 0;
}
Test::TestResult BloomFilterTestSuite::execTest()
{
std::cout << "Running tests on BloomFilter classes" << std::endl;
msg_init();
msg_setlevel(100);
setupGlobalKey();
std::cout << "Testing BloomFilter..." << std::endl;
testBloomFilter();
std::cout << "Testing AgeBloomFilter..." << std::endl;
testAgeBloomFilter();
std::cout << "Testing CountBloomFilter..." << std::endl;
testCountBloomFilter();
std::cout << "All tests on all BloomFilter classes passed" << std::endl;
return PASSED;
}
Test::TestResult ConnectionFilterTestSuite::execTest()
{
std::cout << "running tests on ConnectionFilter" << std::endl;
msg_init();
msg_setlevel(100);
captureDevice = pcap_open_offline("data/connectionfiltertest.pcap", errorBuffer);
if (!captureDevice) {
ERROR(errorBuffer);
}
Packet* p;
ConnectionFilter connFilter(5, 100, 10, 1000);
// first packet is a udp packet
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
// process six packets that come from a connection that did not have any syn packet
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
// process a valid short 5 packets connection
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // SYN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // SYN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == true);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // FIN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // RST
// process a valid connection
// ignore the first syn packet
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // SYN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // SYN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == true);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == true);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == true);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // passed export limit
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false);
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // FIN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // FIN
p = getNextPacket(captureDevice);
REQUIRE(connFilter.processPacket(p) == false); // ACK
pcap_close(captureDevice);
std::cout << "All tests on ConnectionFilter passed" << std::endl;
return PASSED;
}
int main(int argc, char *argv[]) {
int lport = DEFAULT_LISTEN_PORT;
std::string proto = "udp";
std::string certificateChainFile, privateKeyFile, caFile, caPath, peername;
msg_setlevel(MSG_DEBUG);
signal(SIGINT, sigint);
int c;
while (1) {
static struct option long_options[] = {
{"help", no_argument, 0, 'h'},
{"port", required_argument, 0, 'p'},
{"protocol", required_argument, 0, 'o'},
{"cert", required_argument, 0, 'c'},
{"key", required_argument, 0, 'k'},
{"CAfile", required_argument, 0, 'a'},
{"CApath", required_argument, 0, 'b'},
{"peername", required_argument, 0, 'n'},
{0,0,0,0}
};
int option_index = 0;
c = getopt_long(argc, argv, "hp:", long_options, &option_index);
if (c==-1) break;
switch(c) {
case 'h':
usage(argv[0]); return -1;
case 'p':
char *endptr;
lport = strtol(optarg,&endptr,10);
if (*endptr != '\0' || lport <= 0 || lport > (1<<16) - 1) {
fprintf(stderr, "illegal port number\n");
usage(argv[0]); return -1;
}
break;
case 'o':
proto = optarg;
break;
case 'c':
certificateChainFile = optarg;
break;
case 'k':
privateKeyFile = optarg;
break;
case 'a':
caFile = optarg;
break;
case 'b':
caPath = optarg;
break;
case 'n':
peername = optarg;
break;
case '?':
break;
default:
abort();
}
}
if (optind != argc) {
fprintf(stderr,"unrecognized option '%s'\n",argv[optind]);
usage(argv[0]); return -1;
}
IpfixReceiver* ipfixReceiver = 0;
if (proto == "udp") {
msg(MSG_INFO, "Creating UDP listener on port %i", lport);
ipfixReceiver = new IpfixReceiverUdpIpV4(lport);
} else if (proto == "dtls_over_udp") {
#ifdef SUPPORT_DTLS
msg(MSG_INFO, "Creating DTLS over UDP listener on port %i", lport);
ipfixReceiver = new IpfixReceiverDtlsUdpIpV4(lport,"",certificateChainFile,privateKeyFile,caFile,caPath);
#else
msg(MSG_FATAL, "testcollector has been compiled without dtls/openssl support");
return -1;
#endif
} else if (proto == "sctp") {
#ifdef SUPPORT_SCTP
ipfixReceiver = new IpfixReceiverSctpIpV4(lport, "127.0.0.1");
#else
msg(MSG_FATAL, "testcollector has been compiled without sctp support");
return -1;
#endif
} else {
msg(MSG_FATAL, "Protocol %s is not supported as a transport protocol for IPFIX data", proto.c_str());
return -1;
}
IpfixCollector collector(ipfixReceiver);
ConnectionQueue<IpfixRecord*> queue(100);
IpfixPrinter printer;
collector.connectTo(&queue);
queue.connectTo(&printer);
printer.start();
queue.start();
collector.start();
msg(MSG_DIALOG, "Hit Ctrl+C to quit");
pause();
msg(MSG_DIALOG, "Stopping threads and tidying up.\n");
msg(MSG_DIALOG, "Stopping collector\n");
collector.shutdown();
queue.shutdown();
printer.shutdown();
return 0;
}
int main(int argc, char** argv)
{
const char* pcap_file;
const char* capture_interface;
const char* tmp;
int is_live = 0;
int snaplen = 65535;
uint32_t packet_pool_size = 1;
pthread_t worker_id;
uint32_t conn_no = 0;
uint32_t conn_max = 0;
uint32_t flow_timeout = 0;
int print_stats_enabled = 0;
if (argc != 2) {
usage(argv[0]);
return -1;
}
msg_setlevel(MSG_INFO);
// install signal handler
if (SIG_ERR == signal(SIGINT, sig_handler)) {
msg(MSG_ERROR, "Could not install signal handler for SIGINT.");
return -1;
}
if (SIG_ERR == signal(SIGCHLD, sig_chld_handler)) {
msg(MSG_ERROR, "Could not install signal handler for SIGCHLD");
return -1;
}
struct dumpers dumps;
dumpers_init(&dumps);
struct config* conf = config_new(argv[1]);
if (!conf) {
msg(MSG_ERROR, "Invalid config. Abort!");
return 0;
}
// check if we should have any output over msg
// quite mode is necessary when we are dumping to stdout
tmp = config_get_option(conf, MAIN_NAME, "quiet");
if (tmp) {
if (!strcmp(tmp, "yes")) {
msg_setlevel(-1);
}
}
// check if we have a config statement that changes message level
tmp = config_get_option(conf, MAIN_NAME, "msg_level");
if (tmp) {
if (!strcmp(tmp, "fatal")) {
msg_setlevel(MSG_FATAL);
} else if (!strcmp(tmp, "error")) {
msg_setlevel(MSG_ERROR);
} else if (!strcmp(tmp, "debug")) {
msg_setlevel(MSG_DEBUG);
} else if (!strcmp(tmp, "info")) {
msg_setlevel(MSG_INFO);
} else if (!strcmp(tmp, "stats")) {
msg_setlevel(MSG_STATS);
} else {
msg(MSG_FATAL, "Unknown msg level ...");
}
}
// do we want to periodically output statistics on dropped/received packets?
tmp = config_get_option(conf, "MAIN_NAME", "packet_stats");
if (tmp) {
if (!strcmp(tmp, "yes")) {
print_stats_enabled = 1;
}
}
msg(MSG_INFO, "%s is initializing ...", argv[2]);
pcap_file = config_get_option(conf, MAIN_NAME, "pcapfile");
capture_interface = config_get_option(conf, MAIN_NAME, "interface");
if (!pcap_file && !capture_interface) {
msg(MSG_FATAL, "main: Neither \"pcapfile\" nor \"interface\" given in config file.");
exit(-1);
} if (pcap_file && capture_interface) {
msg(MSG_FATAL, "main: Got \'pcapfile\" *and* \"interface\". Please decide whether you want to work on- or offline!");
exit(-1);
}
tmp = config_get_option(conf, MAIN_NAME, "max_packet_size");
if (tmp) {
snaplen = atoi(tmp);
}
tmp = config_get_option(conf, MAIN_NAME, "packet_pool");
if (tmp) {
packet_pool_size = atoi(tmp);
}
// init connection pool
if (!config_get_option(conf, MAIN_NAME, "init_connection_pool")) {
msg(MSG_ERROR, "main: \"init_connection_pool\" missing in section %s", MAIN_NAME);
return -1;
}
conn_no = atoi(config_get_option(conf, MAIN_NAME, "init_connection_pool"));
if (!config_get_option(conf, MAIN_NAME, "max_connection_pool")) {
msg(MSG_ERROR, "main: \"max_connection_pool\" missing in section %s", MAIN_NAME);
return -1;
}
conn_max = atoi(config_get_option(conf, MAIN_NAME, "max_connection_pool"));
if (!config_get_option(conf, MAIN_NAME, "flow_timeout")) {
msg(MSG_ERROR, "main: \"flow_timeout\" missing in section %s", MAIN_NAME);
return -1;
}
flow_timeout = atoi(config_get_option(conf, MAIN_NAME, "flow_timeout"));
connection_init_pool(conn_no, conn_max, flow_timeout);
struct packet_pool* packet_pool = packet_pool_init(packet_pool_size, snaplen);
struct thread_data worker_data;
worker_data.pool = packet_pool;
worker_data.dumpers = &dumps;
pcap_t* pfile;
if (pcap_file) {
pfile = open_pcap(pcap_file, 0, snaplen);
dumpers_create_all(&dumps, conf, pcap_datalink(pfile), snaplen);
if (!dumps.count) {
msg(MSG_FATAL, "Could not configure any modules.");
return -1;
}
if (pthread_create(&worker_id, NULL, worker_thread, &worker_data)) {
msg(MSG_FATAL, "Could not create worker thread: %s", strerror(errno));
return -1;
}
} else {
is_live = 1;
pfile = open_pcap(capture_interface, 1, snaplen);
dumpers_create_all(&dumps, conf, pcap_datalink(pfile), snaplen);
if (!dumps.count) {
msg(MSG_FATAL, "Could not configure any modules.");
return -1;
}
// the dumper creating can take a significant amount of time.
// We could not read any packets during this initialization phase and
// could therefore drop a significant amount of packets (depending on
// the link speed). We therefore close and reopen the pcap descriptor
// in order to reset the statistics and get more accurate packet
// drop statistice (we had to open the pcap interface for retrieving the
// interface link type which is important for module initialization
pcap_close(pfile);
if (pthread_create(&worker_id, NULL, worker_thread, &worker_data)) {
msg(MSG_FATAL, "Could not create worker thread: %s", strerror(errno));
return -1;
}
pfile = open_pcap(capture_interface, 1, snaplen);
}
msg(MSG_INFO, "%s is up and running. Starting to consume packets ...", argv[0]);
struct pcap_pkthdr pcap_hdr;
time_t last_stats = 0;
time_t stats_interval = 10;
uint64_t captured = 0;
const unsigned char* data = NULL;
while (running) {
if (NULL != (data = pcap_next(pfile, &pcap_hdr))) {
captured++;
if (print_stats_enabled) {
if (pcap_hdr.ts.tv_sec - last_stats > stats_interval && is_live) {
last_stats = pcap_hdr.ts.tv_sec;
print_stats(pfile, captured, packet_pool);
}
}
packet_new(packet_pool, &pcap_hdr, data);
} else {
if (!is_live)
running = 0;
}
}
msg(MSG_INFO, "%s finished reading packets ...", argv[0]);
// TODO: this is a hack! we might need to wake the worker thread
// because it might be blocked at a mutex waiting for new packets
// we have to insert a packet in order to wake the thread from the
// mutex. Hence, we re-include the last packet into the pool again ...
// FIXME: The hack can result in a segmentation fault if no packet
// has been read from the pcap_t ...
unsigned char* useless = malloc(snaplen);
packet_new(packet_pool, &pcap_hdr, useless);
free(useless);
pthread_join(worker_id, NULL);
// ok, the second worker is stopped right now
// we are therefore the only thread that works on the connection pool.
// lets timeout all active connnections to update the statistics (e.g. for stats_module)
connection_flush_all_active_conns();
dumpers_finish(&dumps);
connection_deinit_pool();
packet_pool_deinit(packet_pool);
config_free(conf);
return 0;
}
