void
sniff_callback (struct tcp_stream *a_tcp, void **this_time_not_needed)
{
int dest;
printf("sniff_callback \n");
if (a_tcp->nids_state == NIDS_JUST_EST)
{
dest = a_tcp->addr.dest;
if (dest == 21 || dest == 23 || dest == 110 || dest == 143 || dest == 513)
a_tcp->server.collect++;
return;
}
if (a_tcp->nids_state != NIDS_DATA)
{
// seems the stream is closing, log as much as possible
do_log (adres (a_tcp->addr), a_tcp->server.data,
a_tcp->server.count - a_tcp->server.offset);
return;
}
if (a_tcp->server.count - a_tcp->server.offset < LOG_MAX)
{
// we haven't got enough data yet; keep all of it
nids_discard (a_tcp, 0);
return;
}
// enough data
do_log (adres (a_tcp->addr), a_tcp->server.data, LOG_MAX);
// Now procedure sniff_callback doesn't want to see this stream anymore.
// So, we decrease all the "collect" fields we have previously increased.
// If there were other callbacks following a_tcp stream, they would still
// receive data
a_tcp->server.collect--;
}
void wczytaj_haslo(int indeks)
{
unsigned char Tekst[2];
int i=0;
char tab[5]={0,0,0,0,0};
Tekst[0]=0;
Tekst[1]=0;
while (i<4)
{
Tekst[0]=KBD_ReadKey();
if (Tekst[0] !=0 )
{
tab[i]=Tekst[0];
i++;
wyswietl_gwiazdki(i);
Tekst[0]=0;
}
delay_10us();
}
tab[4]=0;
i=0;
int dobrze=0;
char dane=0;
uint16_t adres_hasla=(adres(indeks)+4);
for(;i<4;i++)
{
dane=(Read_24Cxx(adres_hasla,M2404));
if(tab[i]==dane)
{
dobrze++;
}
adres_hasla++;
}
LCD_WriteCommand(HD44780_CLEAR);
LCD_GoTo(0,0);
if(dobrze==4)
{
LCD_WriteText((unsigned char *)"Otwieram drzwi");
Zamek1_On();
}
else
{
LCD_WriteText((unsigned char *)"Bledne haslo");
}
}
int znajdz_id(int num)//num jest szukanym id
{
// falsz=0, jesli >0 to jest to numer rekordu(0-15), blad odczytu eeprom =-1, jesli id nie istnieje=-2
int znaleziono=-2;
int i=0;
uint16_t adres_id=0;/////??
//
char tab[5]={0,0,0,0,0};
uint8_t dane=0xff;
int j=0;
for (; i < 16 ; i++)
{
adres_id=adres(i);
for(;j<4;j++)
{
delay_1ms();
delay_1ms();
dane=(Read_24Cxx(adres_id,M2404));
if(dane==0xff)//blad odczytu eeprom
{
return -1;
}
else
{
tab[j]=dane;
}
adres_id++;
}
j=0;
tab[4]=0;
int id_odczytany=atoi(tab);
if(num==id_odczytany)
{
znaleziono=i;
break;
}
}//for
return znaleziono;
}
void tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed) {
g_mutex_lock (table_mutex);
char buf[1024] = {0};
char *received_time = NULL;
struct half_stream *hlf_server=NULL, *hlf_client=NULL;
packets++;
received_time = timeval_to_char(nids_last_pcap_header->ts);
hlf_server = &a_tcp->server;
hlf_client = &a_tcp->client;
// if(a_tcp->nids_state == NIDS_EXITING) {
// fprintf(stream_out, COLOUR_RED "\nNIDS is closing!\n" COLOUR_NONE);
// }else
if(a_tcp->nids_state == NIDS_JUST_EST) {
// connexion described by a_tcp is established
// here we decide, if we wish to follow this stream
// sample condition: if (a_tcp->addr.dest!=23) return;
// in this simple app we follow each stream, so..
a_tcp->client.collect++; // we want data received by a client
a_tcp->server.collect++; // and by a server, too
fprintf(stream_out, COLOUR_B_GREEN "#%d\tSYN\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s", adres(a_tcp->addr, "\t"));
fprintf(stream_out, "\t%s\n", received_time);
}else if(a_tcp->nids_state == NIDS_RESET) {
fprintf(stream_out, COLOUR_B_YELLOW "#%d\tRST\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s", adres(a_tcp->addr, "\t"));
fprintf(stream_out, "\t%s\n", received_time);
}else if(a_tcp->nids_state == NIDS_CLOSE || a_tcp->nids_state == NIDS_EXITING) {
fprintf(stream_out, COLOUR_B_RED "#%d\tFIN\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s\n", adres(a_tcp->addr, "\t"));
char *clave_hash = hash_key(a_tcp);
g_hash_table_remove(table, clave_hash);
if(clave_hash != NULL){
free(clave_hash);
}
a_tcp->client.collect--;
a_tcp->server.collect--;
//LLEGA PAQUETE TCP CON PAYLOAD
}else if(a_tcp->nids_state == NIDS_DATA) {
/*** PACKETES TCP CON PAYLOAD
*
* |¯¯¯¯\ /¯¯¯¯¯| |¯¯¯¯¯| /¯¯¯¯¯|
* | x \ / ! | | | / ! |
* |_____/ /__/¯|__' ¯|_|¯ /__/¯|__|
*/
http_packet http = NULL;
if(hlf_client->count_new){ //RESPONSE
// fprintf(stderr, COLOUR_B_YELLOW "\n|%s - (%u, %u, %u, %d)|\n" COLOUR_NONE, received_time, hlf_client->seq, hlf_client->ack_seq, hlf_client->curr_ts, hlf_client->count_new);
// fprintf(stderr, "|");
// write(2, hlf_client->data, 130);
// fprintf(stderr, "|\n" );
http_parse_packet(hlf_client->data, hlf_client->count_new, &http);
}else if(hlf_server->count_new){ //PETICION
// fprintf(stderr, COLOUR_B_GREEN "\n|%s - (%u, %u, %u, %d)|\n" COLOUR_NONE, received_time, hlf_server->seq, hlf_server->ack_seq, hlf_server->curr_ts, hlf_server->count_new);
// fprintf(stderr, "|");
// write(2, hlf_server->data, 130);
// fprintf(stderr, "|\n" );
http_parse_packet(hlf_server->data, hlf_server->count_new, &http);
}
//RESPUESTA Y QUE COINCIDA QUE ES PRIMER PAQUETE DE RESPUESTA
if(hlf_client->count_new && http_get_op(http) == RESPONSE){ //RESPONSE
char *hashkey = hash_key(a_tcp);
hash_value *hashvalue = NULL;
gpointer gkey = NULL, gval = NULL;
intercambio *peticion = NULL;
g_hash_table_lookup_extended(table, hashkey, &gkey, &gval);
hashvalue = (hash_value *) gval;
//Si hay una entrada en la tabla hash
if(hashvalue != NULL){
//peticion = hashvalue->last;
hashvalue->n_respuestas++;
//Obtener el par peticion/respuesta correspondiente
peticion = get_n_intercambio(hashvalue->array, hashvalue->n_respuestas, hashvalue->n_peticiones);
if(peticion==NULL){
fprintf(stream_out, COLOUR_B_RED "ERROR OBTAINING REQUEST!! \t%d\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s:%u\t", int_ntoa (a_tcp->addr.daddr), a_tcp->addr.dest);
fprintf(stream_out, "%s:%u ", int_ntoa (a_tcp->addr.saddr), a_tcp->addr.source);
fprintf(stream_out, "\t%s\n", received_time);
free(hashkey);
free(received_time);
g_mutex_unlock (table_mutex);
return;
}
//Copiar timestamp
peticion->ts_response = nids_last_pcap_header->ts;
peticion->ts_last_response = nids_last_pcap_header->ts;
peticion->chunks += 1;
//copiar los datos de la respuesta a la estructura
// ===================================
//DESCARTADOS PARA AHORRAR MEMORIA
peticion->response = (char *) realloc(peticion->response, hlf_client->count_new);
strncpy(peticion->response, hlf_client->data, hlf_client->count_new);
//FIN DESCARTADOS PARA AHORRAR MEMORIA
// ===================================
peticion->n_response_pkt = packets;
peticion->response_bytes = hlf_client->count_new;
}else{ //NO HAY ENTRADA EN LA TABLA HASH
fprintf(stream_out, COLOUR_B_RED "RESPONSE WITHOUT REQUEST!! \t%d\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s:%u\t", int_ntoa (a_tcp->addr.daddr), a_tcp->addr.dest);
fprintf(stream_out, "%s:%u ", int_ntoa (a_tcp->addr.saddr), a_tcp->addr.source);
fprintf(stream_out, "\t%s\n", received_time);
free(hashkey);
free(received_time);
g_mutex_unlock (table_mutex);
return;
}
g_hash_table_steal(table, hashkey);
g_hash_table_insert(table, gkey, hashvalue);
free(hashkey);
//Datos de la peticion
http_packet http_request = NULL;
http_parse_packet(peticion->request, peticion->request_bytes, &http_request);
//Preparacion para imprimir los datos y tiempos junto con el RTT
struct timeval time_last = peticion->ts_request;
struct timeval res;
timersub(&nids_last_pcap_header->ts, &time_last, &res);
char *received_rq_time = timeval_to_char(time_last);
fprintf(stream_out, "———————————————————————————————————————————————————————————————————————————————————————————————————————\n");
fprintf(stream_out, COLOUR_B_BLUE "#%d\t%s\t" COLOUR_NONE, peticion->n_request_pkt, http_get_method(http_request));
fprintf(stream_out, "%s:%u\t", int_ntoa (a_tcp->addr.saddr), a_tcp->addr.source);
fprintf(stream_out, "%s:%u", int_ntoa (a_tcp->addr.daddr), a_tcp->addr.dest);
fprintf(stream_out, "\t%s\n", received_rq_time);
fprintf(stream_out, COLOUR_B_BLUE "#%d\tDATA\t" COLOUR_NONE, packets);
fprintf(stream_out, "%s:%u\t", int_ntoa (a_tcp->addr.daddr), a_tcp->addr.dest);
fprintf(stream_out, "%s:%u ", int_ntoa (a_tcp->addr.saddr), a_tcp->addr.source);
fprintf(stream_out, "\t%s\t%ld.%ld\n", received_time, res.tv_sec, res.tv_usec);
fprintf(stream_out, "———————————————————————————————————————————————————————————————————————————————————————————————————————\n");
strcpy (buf, adres (a_tcp->addr, "<==")); // we put conn params into buf
if(peticion->prev != NULL){
if(timercmp(&peticion->ts_response, &peticion->prev->ts_response, ==)){
fprintf(stream_out, COLOUR_B_RED "Possible packet reordering due to an unordered response.\n" COLOUR_NONE);
}
}
free(received_rq_time);
http_free_packet(&http_request);
}else if(hlf_client->count_new){
