static int analyzer_docsis_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer *analyzer = obj;
struct analyzer_docsis_priv *priv = analyzer->priv;
if (has_listeners) {
// Check if we are already listening
if (priv->pkt_listener)
return POM_OK;
if (!priv->filter) {
priv->filter = packet_filter_compile("docsis_mgmt.type > 3");
if (!priv->filter) {
pomlog(POMLOG_ERR "Error while building filter");
return POM_ERR;
}
}
priv->pkt_listener = proto_packet_listener_register(proto_get("docsis_mgmt"), 0, obj, analyzer_docsis_pkt_process, priv->filter);
if (!priv->pkt_listener)
return POM_ERR;
} else {
if (event_has_listener(priv->evt_cm_new) || event_has_listener(priv->evt_cm_reg_status))
return POM_OK;
if (proto_packet_listener_unregister(priv->pkt_listener) != POM_OK)
return POM_ERR;
priv->pkt_listener = NULL;
}
return POM_OK;
}
int output_tap_open(void *output_priv) {
struct output_tap_priv *priv = output_priv;
priv->fd = open("/dev/net/tun", O_RDWR | O_SYNC);
if (priv->fd < 0) {
pomlog(POMLOG_ERR "Error while opening the tap device : %s", pom_strerror(errno));
return POM_ERR;
}
struct ifreq ifr;
memset(&ifr, 0, sizeof(struct ifreq));
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
strncpy(ifr.ifr_name, PTYPE_STRING_GETVAL(priv->p_ifname), IFNAMSIZ);
if (ioctl(priv->fd, TUNSETIFF, (void *) &ifr) < 0) {
pomlog(POMLOG_ERR "Unable to setup tap device %s : %s", PTYPE_STRING_GETVAL(priv->p_ifname), pom_strerror(errno));
return POM_ERR;
}
if (ioctl(priv->fd, TUNSETPERSIST, *PTYPE_BOOL_GETVAL(priv->p_persistent)) < 0) {
pomlog(POMLOG_WARN "Unable to set persistent mode to tap device %s : %s", PTYPE_STRING_GETVAL(priv->p_ifname), pom_strerror(errno));
}
priv->listener = proto_packet_listener_register(proto_get("ethernet"), 0, priv, output_tap_pkt_process, priv->filter);
if (!priv->listener)
goto err;
return POM_OK;
err:
close(priv->fd);
priv->fd = -1;
return POM_ERR;
}
static int analyzer_arp_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer *analyzer = obj;
struct analyzer_arp_priv *priv = analyzer->priv;
if (has_listeners) {
// Check if we are already listening
if (priv->pkt_listener)
return POM_OK;
priv->pkt_listener = proto_packet_listener_register(proto_get("arp"), 0, obj, analyzer_arp_pkt_process);
if (!priv->pkt_listener)
return POM_ERR;
} else {
// Check if there is still an event being listened
if (event_has_listener(priv->evt_new_sta) || event_has_listener(priv->evt_sta_changed))
return POM_OK;
if (proto_packet_listener_unregister(priv->pkt_listener) != POM_OK)
return POM_ERR;
priv->pkt_listener = NULL;
}
return POM_OK;
}
static int analyzer_rtp_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer *analyzer = obj;
struct analyzer_rtp_priv *priv = analyzer->priv;
if (has_listeners) {
priv->rtp_listener = proto_packet_listener_register(priv->proto_rtp, PROTO_PACKET_LISTENER_PLOAD_ONLY, analyzer, analyzer_rtp_pload_process, NULL);
if (!priv->rtp_listener)
return POM_ERR;
} else {
if (!priv->rtp_listener || proto_packet_listener_unregister(priv->rtp_listener) != POM_OK)
return POM_ERR;
}
return POM_OK;
}
static int analyzer_smtp_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer *analyzer = obj;
struct analyzer_smtp_priv *priv = analyzer->priv;
if (evt_reg == priv->evt_msg) {
if (has_listeners) {
priv->pkt_listener = proto_packet_listener_register(proto_get("smtp"), PROTO_PACKET_LISTENER_PLOAD_ONLY, obj, analyzer_smtp_pkt_process, NULL);
if (!priv->pkt_listener)
return POM_ERR;
} else {
if (proto_packet_listener_unregister(priv->pkt_listener) != POM_OK)
return POM_ERR;
priv->pkt_listener = NULL;
}
}
if (!priv->listening && (event_has_listener(priv->evt_msg) || event_has_listener(priv->evt_auth))) {
if (event_listener_register(priv->evt_cmd, analyzer, analyzer_smtp_event_process_begin, analyzer_smtp_event_process_end) != POM_OK) {
return POM_ERR;
} else if (event_listener_register(priv->evt_reply, analyzer, analyzer_smtp_event_process_begin, analyzer_smtp_event_process_end) != POM_OK) {
event_listener_unregister(priv->evt_cmd, analyzer);
return POM_ERR;
}
priv->listening = 1;
} else if (priv->listening && !event_has_listener(priv->evt_msg) && !event_has_listener(priv->evt_auth)) {
event_listener_unregister(priv->evt_cmd, analyzer);
event_listener_unregister(priv->evt_reply, analyzer);
priv->listening = 0;
}
return POM_OK;
}
static int analyzer_tftp_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer_tftp_priv *priv = obj;
if (has_listeners) {
if (priv->pkt_listener)
return POM_OK;
priv->pkt_listener = proto_packet_listener_register(proto_get("tftp"), PROTO_PACKET_LISTENER_PLOAD_ONLY, obj, analyzer_tftp_pkt_process, NULL);
if (!priv->pkt_listener)
return POM_ERR;
} else {
if (proto_packet_listener_unregister(priv->pkt_listener) != POM_OK)
return POM_ERR;
priv->pkt_listener = NULL;
}
return POM_OK;
}
static int analyzer_docsis_event_listeners_notify(void *obj, struct event_reg *evt_reg, int has_listeners) {
struct analyzer *analyzer = obj;
struct analyzer_docsis_priv *priv = analyzer->priv;
if (has_listeners) {
// Check if we are already listening
if (priv->pkt_listener)
return POM_OK;
if (!priv->filter) {
priv->filter = filter_proto_build("docsis_mgmt", "type", PTYPE_OP_GT, "3");
if (!priv->filter) {
pomlog(POMLOG_ERR "Error while building filter");
return POM_ERR;
}
}
priv->pkt_listener = proto_packet_listener_register(proto_get("docsis_mgmt"), 0, obj, analyzer_docsis_pkt_process);
if (!priv->pkt_listener)
return POM_ERR;
// Filter out useless broadcast docsis_mgmt packets
proto_packet_listener_set_filter(priv->pkt_listener, priv->filter);
} else {
if (event_has_listener(priv->evt_cm_new) || event_has_listener(priv->evt_cm_reg_status))
return POM_OK;
if (proto_packet_listener_unregister(priv->pkt_listener) != POM_OK)
return POM_ERR;
priv->pkt_listener = NULL;
}
return POM_OK;
}
static int output_inject_open(void *output_priv) {
struct output_inject_priv *priv = output_priv;
struct proto *proto = proto_get("ethernet");
if (!proto) {
pomlog(POMLOG_ERR "Protocol ethernet not available !");
goto err;
}
int snaplen = 9999; // Not used anyway
char errbuf[PCAP_ERRBUF_SIZE] = { 0 };
priv->p = pcap_open_live(PTYPE_STRING_GETVAL(priv->p_interface), snaplen, 0, 0, errbuf);
if (!priv->p) {
pomlog(POMLOG_ERR "Cannot open interface %s with pcap : %s", PTYPE_STRING_GETVAL(priv->p_interface), errbuf);
goto err;
}
priv->listener = proto_packet_listener_register(proto, 0, priv, output_inject_process, priv->filter);
if (!priv->listener)
goto err;
return POM_OK;
err:
if (priv->p) {
pcap_close(priv->p);
priv->p = NULL;
}
return POM_ERR;
}
