nmsg_pcap_t nmsg_pcap_input_open(pcap_t *phandle) { struct nmsg_pcap *pcap; pcap = calloc(1, sizeof(*pcap)); if (pcap == NULL) return (NULL); pcap->handle = phandle; pcap->datalink = pcap_datalink(phandle); pcap->new_pkt = calloc(1, NMSG_IPSZ_MAX); pcap->reasm = reasm_ip_new(); if (pcap->reasm == NULL) { free(pcap->new_pkt); free(pcap); return (NULL); } reasm_ip_set_timeout(pcap->reasm, 60); if (pcap_file(phandle) == NULL) pcap->type = nmsg_pcap_type_live; else pcap->type = nmsg_pcap_type_file; return (pcap); }
static int load_module(xml_node *config) { char errbuf[PCAP_ERRBUF_SIZE]; xml_node *params, *profile=NULL, *settings; char *key, *value = NULL; unsigned int i = 0; char loadplan[1024]; FILE* cfg_stream; LNOTICE("Loaded %s", module_name); load_module_xml_config(); /* READ CONFIG */ profile = module_xml_config; /* reset profile */ profile_size = 0; memset(sniffer_proto, 0, sizeof sniffer_proto); //global_scripts_path while (profile) { profile = xml_get("profile", profile, 1); if (profile == NULL) break; if (!profile->attr[4] || strncmp(profile->attr[4], "enable", 6)) { goto nextprofile; } /* if not equals "true" */ if (!profile->attr[5] || strncmp(profile->attr[5], "true", 4)) { goto nextprofile; } if(profile_size == MAX_SOCKETS) { break; } memset(&profile_socket[profile_size], 0, sizeof(profile_socket_t)); /* set values */ profile_socket[profile_size].name = strdup(profile->attr[1]); profile_socket[profile_size].description = strdup(profile->attr[3]); profile_socket[profile_size].serial = atoi(profile->attr[7]); profile_socket[profile_size].capture_plan = NULL; profile_socket[profile_size].capture_filter = NULL; profile_socket[profile_size].action = -1; profile_socket[profile_size].ring_buffer = 12; profile_socket[profile_size].snap_len = 3200; profile_socket[profile_size].promisc = 1; profile_socket[profile_size].timeout = 100; profile_socket[profile_size].full_packet = 0; profile_socket[profile_size].reasm = 0; profile_socket[profile_size].erspan = 0; /* SETTINGS */ settings = xml_get("settings", profile, 1); if (settings != NULL) { params = settings; while (params) { params = xml_get("param", params, 1); if (params == NULL) break; if (params->attr[0] != NULL) { /* bad parser */ if (strncmp(params->attr[0], "name", 4)) { LERR("bad keys in the config"); goto nextparam; } key = params->attr[1]; if (params->attr[2] && params->attr[3] && !strncmp(params->attr[2], "value", 5)) { value = params->attr[3]; } else { value = params->child->value; } if (key == NULL || value == NULL) { LERR("bad values in the config"); goto nextparam; } if (!usefile && !strncmp(key, "dev", 3)) profile_socket[profile_size].device = strdup(value); else if (!strncmp(key, "reasm", 5) && !strncmp(value, "true", 4)) profile_socket[profile_size].reasm = +1; else if (!strncmp(key, "ipv4fragments", 13) && !strncmp(value, "true", 4)) ipv4fragments = 1; else if (!strncmp(key, "ipv6fragments", 13) && !strncmp(value, "true", 4)) ipv6fragments = 1; else if(!strncmp(key, "tcpdefrag", 9) && !strncmp(value, "true", 4)) profile_socket[profile_size].reasm +=2; else if (!strncmp(key, "ring-buffer", 11)) profile_socket[profile_size].ring_buffer = atoi(value); else if (!strncmp(key, "full-packet",11) && !strncmp(value, "true", 4)) profile_socket[profile_size].full_packet = 1; else if (!strncmp(key, "timeout", 7)) profile_socket[profile_size].timeout = atoi(value); else if (!strncmp(key, "snap-len", 8)) profile_socket[profile_size].snap_len = atoi(value); else if (!strncmp(key, "promisc", 7) && !strncmp(value, "true", 4)) profile_socket[profile_size].promisc = 1; else if (!strncmp(key, "filter", 6)) profile_socket[profile_size].filter = strdup(value); else if (!strncmp(key, "capture-plan", 12)) profile_socket[profile_size].capture_plan = strdup(value); else if (!strncmp(key, "capture-filter", 14)) profile_socket[profile_size].capture_filter = strdup(value); else if(!strncmp(key, "debug", 5) && !strncmp(value, "true", 4)) debug_socket_pcap_enable = 1; else if (!strncmp(key, "erspan", 6) && !strncmp(value, "true", 4)) profile_socket[profile_size].erspan = 1; } nextparam: params = params->next; } } profile_size++; nextprofile: profile = profile->next; } /* free */ free_module_xml_config(); for (i = 0; i < profile_size; i++) { unsigned int *arg = malloc(sizeof(arg)); *arg = i; /* DEV || FILE */ if (!usefile) { if (!profile_socket[i].device) profile_socket[i].device = pcap_lookupdev(errbuf); if (!profile_socket[i].device) { perror(errbuf); exit(-1); } } // start thread if (!init_socket(i)) { LERR("couldn't init pcap"); return -1; } /* REASM */ if (profile_socket[i].reasm == 1 || profile_socket[i].reasm == 3) { reasm[i] = reasm_ip_new(); reasm_ip_set_timeout(reasm[i], 30000000); } else reasm[i] = NULL; /* TCPREASM */ if (profile_socket[i].reasm == 2 || profile_socket[i].reasm == 3) { tcpreasm[i] = tcpreasm_ip_new (); tcpreasm_ip_set_timeout(tcpreasm[i], 30000000); } else tcpreasm[i] = NULL; if(profile_socket[i].capture_plan != NULL) { snprintf(loadplan, sizeof(loadplan), "%s/%s", global_capture_plan_path, profile_socket[i].capture_plan); cfg_stream=fopen (loadplan, "r"); if (cfg_stream==0){ fprintf(stderr, "ERROR: loading config file(%s): %s\n", loadplan, strerror(errno)); } yyin=cfg_stream; if ((yyparse()!=0)||(cfg_errors)){ fprintf(stderr, "ERROR: bad config file (%d errors)\n", cfg_errors); //goto error; } profile_socket[i].action = main_ct.idx; } pthread_create(&call_thread[i], NULL, proto_collect, arg); } return 0; }