/* Initialise reassembly module */ eemo_rv eemo_reasm_init(void) { int i = 0; if (eemo_conf_get_bool("ip", "reassemble", &ra_enabled, 1) != ERV_OK) { ERROR_MSG("Failed to retrieve configuration setting for IP reassembly"); return ERV_CONFIG_ERROR; } if (!ra_enabled) { INFO_MSG("IP reassembly is disabled"); return ERV_OK; } if ((eemo_conf_get_int("ip", "reassembly_timeout", &ra_timeout, 30) != ERV_OK) || (ra_timeout <= 0)) { ERROR_MSG("Failed to retrieve configuration setting for IP reassembly timeout"); return ERV_CONFIG_ERROR; } if (ra_timeout < 30) { WARNING_MSG("IP reassembly timeout is set to a value below that of most operating systems (%ds < 30s)", ra_timeout); } if ((eemo_conf_get_int("ip", "reassembly_buffers", &ra_buf_count, 1000) != ERV_OK) || (ra_buf_count <= 0)) { ERROR_MSG("Failed to retrieve number of IP reassembly buffers from the configuration"); return ERV_CONFIG_ERROR; } if (eemo_conf_get_bool("ip", "reassemble_log", &ra_log, 1) != ERV_OK) { ERROR_MSG("Failed to retrieve reassembly log setting from the configuration"); return ERV_CONFIG_ERROR; } /* Allocate and clear reassembly buffers */ ra_buffers = (ip_reasm_buf*) malloc(ra_buf_count * sizeof(ip_reasm_buf)); for (i = 0; i < ra_buf_count; i++) { memset(&ra_buffers[i], 0, sizeof(ip_reasm_buf)); ra_buffers[i].pkt_len = -1; } INFO_MSG("Initialised %d IP reassembly buffers", ra_buf_count); return ERV_OK; }
/* Initialise direct capturing */ eemo_rv eemo_mux_capture_init(eemo_mux_capture_handle_pkt_fn handler_fn) { assert(handler_fn != NULL); char* client_cert = NULL; char* client_key = NULL; char* cert_dir = NULL; char** feeds_conf = NULL; int feeds_conf_ct = 0; int i = 0; /* Initialise OpenSSL */ SSL_library_init(); SSL_load_error_strings(); if (eemo_mt_openssl_init() != ERV_OK) { ERROR_MSG("Failed to initialise multi-threaded use of OpenSSL"); return ERV_GENERAL_ERROR; } last_capture_stats = time(NULL); /* Retrieve configuration */ eemo_conf_get_int("capture", "stats_interval", &capture_stats_interval, 0); if (capture_stats_interval > 0) { INFO_MSG("Emitting capture statistics every %ds", capture_stats_interval); } /* Retrieve configuration */ if ((eemo_conf_get_string("capture", "mux", &mux_host, NULL) != ERV_OK) || (mux_host == NULL)) { ERROR_MSG("Failed to retrieve the host name of the multiplexer from the configuration, giving up"); return ERV_CONFIG_ERROR; } if ((eemo_conf_get_int("capture", "mux_port", &mux_port, -1) != ERV_OK) || (mux_port < 1)) { ERROR_MSG("Failed to retrieve the multiplexer port number from the configuration, giving up"); free(mux_host); return ERV_CONFIG_ERROR; } if ((eemo_conf_get_string("capture", "client_cert", &client_cert, NULL) != ERV_OK) || (client_cert == NULL)) { ERROR_MSG("Failed to retrieve the path for the client certificate from the configuration, giving up"); free(mux_host); return ERV_CONFIG_ERROR; } if ((eemo_conf_get_string("capture", "client_key", &client_key, NULL) != ERV_OK) || (client_key == NULL)) { ERROR_MSG("Failed to retrieve the path for the client certificate private key from the configuration, giving up"); free(mux_host); free(client_cert); return ERV_CONFIG_ERROR; } if ((eemo_conf_get_string("capture", "cert_dir", &cert_dir, NULL) != ERV_OK) || (cert_dir == NULL)) { ERROR_MSG("Failed to retrieve the path to valid multiplexer certificates from the configuration, giving up"); free(mux_host); free(client_cert); free(client_key); return ERV_CONFIG_ERROR; } if ((eemo_conf_get_string_array("capture", "mux_feeds", &feeds_conf, &feeds_conf_ct) != ERV_OK) || (feeds_conf == NULL) || (feeds_conf_ct <= 0)) { ERROR_MSG("Failed to retrieve feeds to request from the multiplexer from the configuration, giving up"); free(mux_host); free(client_cert); free(client_key); free(cert_dir); return ERV_CONFIG_ERROR; } /* Set up new TLS context */ tls_ctx = SSL_CTX_new(TLSv1_2_client_method()); if (tls_ctx == NULL) { ERROR_MSG("Failed to setup up TLS 1.2 context"); free(client_cert); free(client_key); free(cert_dir); return ERV_TLS_ERROR; } /* Set renegotiation behaviour */ SSL_CTX_set_mode(tls_ctx, SSL_MODE_AUTO_RETRY); /* Load the certificate and private key */ if ((SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_PEM) != 1) && (SSL_CTX_use_certificate_file(tls_ctx, client_cert, SSL_FILETYPE_ASN1) != 1)) { ERROR_MSG("Failed to load TLS certificate from %s", client_cert); SSL_CTX_free(tls_ctx); tls_ctx = NULL; free(client_cert); free(client_key); free(cert_dir); return ERV_TLS_ERROR; } INFO_MSG("Loaded TLS certificate"); free(client_cert); if ((SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_PEM) != 1) && (SSL_CTX_use_PrivateKey_file(tls_ctx, client_key, SSL_FILETYPE_ASN1) != 1)) { ERROR_MSG("Failed to load TLS key from %s", client_key); SSL_CTX_free(tls_ctx); tls_ctx = NULL; free(client_key); free(cert_dir); return ERV_TLS_ERROR; } INFO_MSG("Loaded TLS key"); free(client_key); /* Set TLS options */ if (SSL_CTX_set_cipher_list(tls_ctx, EEMO_MUX_CIPHERSUITES) != 1) { ERROR_MSG("Failed to select safe TLS ciphers, giving up"); SSL_CTX_free(tls_ctx); tls_ctx = NULL; free(cert_dir); return ERV_TLS_ERROR; } INFO_MSG("Checking for valid mux server certificates in %s", cert_dir); SSL_CTX_load_verify_locations(tls_ctx, NULL, cert_dir); free(cert_dir); SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); for (i = 0; i < feeds_conf_ct; i++) { feed_spec* new_feed = (feed_spec*) malloc(sizeof(feed_spec)); new_feed->feed_guid = strdup(feeds_conf[i]); LL_APPEND(feeds, new_feed); } eemo_conf_free_string_array(feeds_conf, feeds_conf_ct); handler = handler_fn; return ERV_OK; }