C++ (Cpp) nDPIPacket Exemples

Langage de programmation: C++ (Cpp)

Méthode/Fonction: nDPIPacket

Exemples au hotexamples.com: 2

C++ (Cpp) nDPIPacket - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de nDPIPacket extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Exemple #1

0

Afficher le fichier

Fichier : tcp_analysis.c Projet : M0Rf30/xplico

static int TcpCaDisFlow(tca_flow *ifw, packet *pkt) { ftval lost, syn; bool clnt, ins; clnt = TcpCaClientPkt(&ifw->priv, pkt); ifw->flow_size += pkt->len; //ProtStackFrmDisp(pkt->stk, TRUE); ProtGetAttr(pkt->stk, lost_id, &lost); if (lost.uint8 == FALSE) { ins = TRUE; /* data */ if (pkt->len != 0) { if (clnt) { ifw->priv.bsent += pkt->len; ifw->priv.pkt_sent++; } else { ifw->priv.breceiv += pkt->len; ifw->priv.pkt_receiv++; } } else { ProtGetAttr(pkt->stk, syn_id, &syn); if (clnt) { if (syn.uint8 == TRUE) { if (ifw->syn_clt == FALSE) ifw->syn_clt = TRUE; else ins = FALSE; } } else { if (syn.uint8 == TRUE) { if (ifw->syn_srv == FALSE) ifw->syn_srv = TRUE; else ins = FALSE; } } } ifw->count++; ifw->end_cap = pkt->cap_sec; /* protocol type -ndpi- */ if (ifw->stage != 4 && (ifw->l7prot_type == NULL || ifw->l7prot_id.master_protocol == NDPI_PROTOCOL_HTTP) && ifw->l7flow != NULL && ins == TRUE) { if (clnt) { ifw->l7prot_id = nDPIPacket(pkt, ifw->l7flow, ifw->l7src, ifw->l7dst, ifw->priv.ipv6); } else { ifw->l7prot_id = nDPIPacket(pkt, ifw->l7flow, ifw->l7dst, ifw->l7src, ifw->priv.ipv6); } if (ifw->l7prot_id.protocol != NDPI_PROTOCOL_UNKNOWN) { ifw->stage++; ifw->l7prot_type = ndpi_protocol2name(ndpi, ifw->l7prot_id, ifw->buff, TCP_CA_LINE_MAX_SIZE); } } #ifdef XPL_CHECK_CODE if (pkt->raw_len != 0 && ((pkt->raw + pkt->raw_len) < pkt->data)) { LogPrintf(LV_OOPS, "TCP data location error %p %p %lu %lu", pkt->raw, pkt->data, pkt->raw_len, pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); exit(-1); } if (pkt->raw_len != 0 && (pkt->data + pkt->len) > (pkt->raw + pkt->raw_len)) { LogPrintf(LV_OOPS, "TCP data dim error %p %p %lu %lu", pkt->raw, pkt->data, pkt->raw_len, pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); exit(-1); } #endif } else { #if CA_CHECK_LOST LogPrintf(LV_WARNING, "Packet Lost (size:%lu)", pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); #endif if (clnt) { ifw->priv.blost_sent += pkt->len; if (ifw->priv.blost_sent == 0) ifw->priv.blost_sent = 1; } else { ifw->priv.blost_receiv += pkt->len; if (ifw->priv.blost_receiv == 0) ifw->priv.blost_receiv = 1; } } PktFree(pkt); return 0; }

Exemple #2

0

Afficher le fichier

Fichier : tcp_garbage.c Projet : Lingnutter/xplico

packet *TcpGrbDissector(int flow_id) { packet *pkt, *opkt; tgrb_priv *priv; const pstack_f *tcp, *ip; ftval port_src, port_dst, lost; struct in_addr ip_addr; struct in6_addr ipv6_addr; char ips_str[INET6_ADDRSTRLEN], ipd_str[INET6_ADDRSTRLEN]; bool ipv4; int dig_s, dig_d, *dig_x; int count, i, j, k; int threshold; bool txt_data; FILE *txt_fp; char txt_file[TCP_GRB_FILENAME_PATH_SIZE]; unsigned char *thrs; pei *ppei; time_t cap_sec, end_cap; #if GRB_FILE int fd_pcap; char filename[TCP_GRB_FILENAME_PATH_SIZE]; int prot; struct pcap_file_header fh; struct pcappkt_hdr pckt_header; #endif size_t flow_size; bool first_lost, dig_end; dig *dig_srch_a, *dig_srch_b, *dig_srch; char buff[TCP_CFG_LINE_MAX_SIZE]; char *l7prot_type; struct ndpi_flow_struct *l7flow; struct ndpi_id_struct *l7src, *l7dst; ndpi_protocol l7prot_id; unsigned char stage; LogPrintf(LV_DEBUG, "TCP garbage id: %d", flow_id); /* ndpi init */ l7flow = xcalloc(1, ndpi_flow_struct_size); if (l7flow == NULL) { LogPrintf(LV_ERROR, "Out of memory"); l7src = NULL; l7dst = NULL; } else { l7src = xcalloc(1, ndpi_proto_size); if (l7src != NULL) { l7dst = xcalloc(1, ndpi_proto_size); if (l7dst == NULL) { xfree(l7src); xfree(l7flow); l7src = NULL; l7flow = NULL; } } else { xfree(l7flow); l7flow = NULL; l7dst = NULL; } } /* dig init */ dig_srch_a = dig_srch_b = NULL; if (enable_dig) { dig_s = dig_d = -1; dig_x = NULL; dig_srch_a = xmalloc(sizeof(dig) * dig_type_dim); dig_srch_b = xmalloc(sizeof(dig) * dig_type_dim); if (dig_srch_a != NULL && dig_srch_b != NULL) { memset(dig_srch_a, 0, sizeof(dig) * dig_type_dim); memset(dig_srch_b, 0, sizeof(dig) * dig_type_dim); for (i=0; i!=dig_type_dim; i++) { dig_srch_a[i].ft = &(dig_tbl[i]); dig_srch_b[i].ft = &(dig_tbl[i]); dig_srch_a[i].dig_sync = -1; dig_srch_b[i].dig_sync = -1; } } else { if (dig_srch_a != NULL) xfree(dig_srch_a); if (dig_srch_b != NULL) xfree(dig_srch_b); dig_srch_a = dig_srch_b = NULL; } } /* init */ priv = DMemMalloc(sizeof(tgrb_priv)); memset(priv, 0, sizeof(tgrb_priv)); tcp = FlowStack(flow_id); ip = ProtGetNxtFrame(tcp); ProtGetAttr(tcp, port_src_id, &port_src); ProtGetAttr(tcp, port_dst_id, &port_dst); priv->port_s = port_src.uint16; priv->port_d = port_dst.uint16; priv->stack = tcp; if (priv->port_s != port_dst.uint16) priv->port_diff = TRUE; priv->ipv6 = TRUE; ipv4 = FALSE; first_lost = FALSE; stage = 0; if (ProtFrameProtocol(ip) == ip_id) { ipv4 = TRUE; priv->ipv6 = FALSE; } if (ipv4) { ProtGetAttr(ip, ip_src_id, &priv->ip_s); ProtGetAttr(ip, ip_dst_id, &priv->ip_d); ip_addr.s_addr = priv->ip_s.uint32; inet_ntop(AF_INET, &ip_addr, ips_str, INET6_ADDRSTRLEN); ip_addr.s_addr = priv->ip_d.uint32; inet_ntop(AF_INET, &ip_addr, ipd_str, INET6_ADDRSTRLEN); } else { ProtGetAttr(ip, ipv6_src_id, &priv->ip_s); ProtGetAttr(ip, ipv6_dst_id, &priv->ip_d); memcpy(ipv6_addr.s6_addr, priv->ip_s.ipv6, sizeof(priv->ip_s.ipv6)); inet_ntop(AF_INET6, &ipv6_addr, ips_str, INET6_ADDRSTRLEN); memcpy(ipv6_addr.s6_addr, priv->ip_d.ipv6, sizeof(priv->ip_d.ipv6)); inet_ntop(AF_INET6, &ipv6_addr, ipd_str, INET6_ADDRSTRLEN); } LogPrintf(LV_DEBUG, "\tSRC: %s:%d", ips_str, port_src.uint16); LogPrintf(LV_DEBUG, "\tDST: %s:%d", ipd_str, port_dst.uint16); /* file pcap */ #if GRB_FILE sprintf(filename, "%s/tcp_%d_grb_%s_%s.pcap", ProtTmpDir(), serial, ips_str, ipd_str); serial++; fd_pcap = open(filename, O_WRONLY | O_CREAT, 0x01B6); memset(&fh, 0, sizeof(struct pcap_file_header)); fh.magic = 0xA1B2C3D4; fh.version_major = PCAP_VERSION_MAJOR; fh.version_minor = PCAP_VERSION_MINOR; fh.snaplen = 65535; if (ProtGetNxtFrame(ip) != NULL) { prot = ProtFrameProtocol(ProtGetNxtFrame(ip)); if (prot == eth_id) fh.linktype = DLT_EN10MB; else if (prot == ppp_id) fh.linktype = DLT_PPP; else fh.linktype = DLT_RAW; } if (fd_pcap != -1) write(fd_pcap, (char *)&fh, sizeof(struct pcap_file_header)); #endif l7prot_type = NULL; flow_size = 0; count = 0; opkt = pkt = NULL; ppei = NULL; txt_data = FALSE; txt_fp = NULL; threshold = 0; #if GRB_TXT_ENABLE thrs = xmalloc(TCP_GRB_THRESHOLD+1); #else thrs = NULL; #endif do { pkt = FlowGetPkt(flow_id); if (pkt != NULL) { ProtGetAttr(pkt->stk, lost_id, &lost); if (lost.uint8 == FALSE) { /* create pei */ PeiNew(&ppei, tcp_grb_id); PeiCapTime(ppei, pkt->cap_sec); PeiMarker(ppei, pkt->serial); PeiStackFlow(ppei, tcp); cap_sec = pkt->cap_sec; end_cap = pkt->cap_sec; break; } else { first_lost = TRUE; } } } while (pkt != NULL); while (pkt != NULL) { flow_size += pkt->len; //ProtStackFrmDisp(pkt->stk, TRUE); ProtGetAttr(pkt->stk, lost_id, &lost); if (lost.uint8 == FALSE) { count++; end_cap = pkt->cap_sec; /* protocol type -ndpi- */ if (stage != 4 && (l7prot_type == NULL || l7prot_id.master_protocol == NDPI_PROTOCOL_HTTP) && l7flow != NULL) { if (TcpGrbClientPkt(priv, pkt)) { l7prot_id = nDPIPacket(pkt, l7flow, l7src, l7dst, ipv4); } else { l7prot_id = nDPIPacket(pkt, l7flow, l7dst, l7src, ipv4); } if (l7prot_id.protocol != NDPI_PROTOCOL_UNKNOWN) { stage++; l7prot_type = ndpi_protocol2name(ndpi, l7prot_id, buff, TCP_CFG_LINE_MAX_SIZE); } } #ifdef XPL_CHECK_CODE if (pkt->raw_len != 0 && ((pkt->raw + pkt->raw_len) < pkt->data)) { LogPrintf(LV_OOPS, "TCP data location error %p %p %lu %lu", pkt->raw, pkt->data, pkt->raw_len, pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); exit(-1); } if (pkt->raw_len != 0 && (pkt->data + pkt->len) > (pkt->raw + pkt->raw_len)) { LogPrintf(LV_OOPS, "TCP data dim error %p %p %lu %lu", pkt->raw, pkt->data, pkt->raw_len, pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); exit(-1); } #endif #if GRB_FILE pckt_header.caplen = pkt->raw_len; pckt_header.len = pkt->raw_len; pckt_header.tv_sec = pkt->cap_sec; pckt_header.tv_usec = pkt->cap_usec; if (fd_pcap != -1) { write(fd_pcap, (char *)&pckt_header, sizeof(struct pcappkt_hdr)); write(fd_pcap, (char *)pkt->raw, pkt->raw_len); } #endif } else { #if GRB_FILE || GRB_CHECK_LOST LogPrintf(LV_WARNING, "Packet Lost (size:%lu)", pkt->len); ProtStackFrmDisp(pkt->stk, TRUE); #endif } if (thrs != NULL) { /* check stream to find text */ if (lost.uint8 == FALSE && pkt->len != 0) { if (threshold + pkt->len >= TCP_GRB_THRESHOLD) { if (txt_data == FALSE) { /* text flow */ txt_data = TcpGrbMajorityText(thrs, threshold); if (txt_data == FALSE) { xfree(thrs); thrs = NULL; threshold = 0; } else { sprintf(txt_file, "%s/%s/tcp_grb_%lu_%p_%i.txt", ProtTmpDir(), TCP_GRB_TMP_DIR, time(NULL), txt_file, incr++); txt_fp = fopen(txt_file, "w"); if (txt_fp != NULL) { TcpGrbText(txt_fp, thrs, threshold); threshold = 0; memcpy(thrs+threshold, pkt->data, pkt->len); threshold += pkt->len; thrs[threshold] = '\0'; } else { LogPrintf(LV_ERROR, "Unable to open file: %s", txt_file); txt_data = FALSE; xfree(thrs); thrs = NULL; threshold = 0; } } } else { TcpGrbText(txt_fp, thrs, threshold); threshold = 0; if (pkt->len > TCP_GRB_THRESHOLD) { TcpGrbText(txt_fp, (unsigned char *)pkt->data, pkt->len); } else { memcpy(thrs+threshold, pkt->data, pkt->len); threshold += pkt->len; } thrs[threshold] = '\0'; } } else { memcpy(thrs+threshold, pkt->data, pkt->len); threshold += pkt->len; thrs[threshold] = '\0'; } } } /* dig */ if (dig_srch_a != NULL && pkt->len != 0) { if (TcpGrbClientPkt(priv, pkt)) { dig_srch = dig_srch_a; dig_x = &dig_s; } else { dig_srch = dig_srch_b; dig_x = &dig_d; } for (i=0; i!=dig_type_dim; i++) { #if 0 if (*dig_x != -1 && *dig_x != dig_srch[i].dig_sync) continue; #endif bool nmatch = FALSE; do { if (dig_srch[i].head == FALSE) { if (lost.uint8 == FALSE && (nmatch == TRUE || TcpGrbDigMatchStart(&(dig_srch[i]), pkt) == 1)) { nmatch = FALSE; *dig_x = i; dig_srch[i].head = TRUE; dig_srch[i].dig_sync = i; dig_srch[i].start_cap = pkt->cap_sec; dig_srch[i].serial = pkt->serial; j = 0; k = dig_srch[i].ft->end_id[0]; while (k != -1) { dig_srch[k].head = TRUE; dig_srch[k].dig_sync = i; j++; k = dig_srch[i].ft->end_id[j]; } /* save file */ sprintf(dig_srch[i].filename, "%s/%s/file_%lu%i.%s", ProtTmpDir(), TCP_GRB_TMP_DIR, time(NULL), incr_dig++, dig_srch[i].ft->ename); LogPrintf(LV_DEBUG, "File %s found (%s)", dig_srch[i].ft->ename, dig_srch[i].filename); dig_srch[i].fp = fopen(dig_srch[i].filename, "wb"); if (dig_srch[i].fp != NULL) { if (pkt == dig_srch[i].pkt) { //ProtStackFrmDisp(pkt->stk, TRUE); dig_srch[i].fsize = pkt->len - dig_srch[i].pkt_offset; fwrite(pkt->data + dig_srch[i].pkt_offset, 1, dig_srch[i].fsize, dig_srch[i].fp); } else { if (opkt == dig_srch[i].pkt) { //ProtStackFrmDisp(pkt->stk, TRUE); dig_srch[i].fsize = opkt->len - dig_srch[i].pkt_offset; fwrite(opkt->data + dig_srch[i].pkt_offset, 1, dig_srch[i].fsize, dig_srch[i].fp); } else { LogPrintf(LV_ERROR, "Improve dig code"); } fwrite(pkt->data, 1, pkt->len, dig_srch[i].fp); dig_srch[i].fsize = pkt->len; } } dig_srch[i].pkt_offset = 0; dig_srch[i].pkt = NULL; } } else { dig_end = FALSE; if (lost.uint8 == FALSE) { if (dig_srch[i].ft->elen != 0) { if (TcpGrbDigMatchEnd(&(dig_srch[i]), pkt) == 1) { ProtStackFrmDisp(pkt->stk, TRUE); dig_end = TRUE; k = dig_srch[i].dig_sync; dig_srch[k].fsize += dig_srch[i].pkt_offset + 1; if (dig_srch[k].fp != NULL) { fwrite(pkt->data, 1, dig_srch[i].pkt_offset + 1, dig_srch[k].fp); fclose(dig_srch[k].fp); } dig_srch[i].pkt_offset = 0; dig_srch[i].pkt = NULL; } if (dig_srch[i].ft->stend == TRUE) { if (TcpGrbDigMatchStart(&(dig_srch[i]), pkt) == 1) { dig_end = TRUE; nmatch = TRUE; k = dig_srch[i].dig_sync; dig_srch[k].fsize += dig_srch[i].pkt_offset; if (dig_srch[k].fp != NULL) { fwrite(pkt->data, 1, dig_srch[i].pkt_offset, dig_srch[k].fp); fclose(dig_srch[k].fp); } } } } if (dig_end == FALSE) { if (dig_srch[i].fsize + pkt->len >= dig_srch[i].ft->msize) { dig_end = TRUE; k = dig_srch[i].dig_sync; if (dig_srch[k].fp != NULL) { if (lost.uint8 == FALSE) fwrite(pkt->data, 1, dig_srch[i].ft->msize - dig_srch[i].fsize, dig_srch[k].fp); fclose(dig_srch[k].fp); dig_srch[k].fsize = dig_srch[i].ft->msize; } } } if (dig_end == TRUE) { dig_srch[i].head = FALSE; *dig_x = -1; j = 0; k = dig_srch[i].ft->end_id[0]; while (k != -1) { dig_srch[k].head = FALSE; if (k != i) { dig_srch[k].fs = 0; dig_srch[k].dig_sync = -1; } j++; k = dig_srch[i].ft->end_id[j]; } k = dig_srch[i].dig_sync; dig_srch[i].fs = 0; dig_srch[i].dig_sync = -1; LogPrintf(LV_DEBUG, "End file %s (%s)", dig_srch[i].ft->ename, dig_srch[k].filename); dig_srch[k].end_cap = pkt->cap_sec; GrbDigPei(&dig_srch[k], tcp); dig_srch[k].fsize = 0; dig_srch[k].fp = NULL; dig_srch[k].filename[0] = '\0'; } else if (i == dig_srch[i].dig_sync) { dig_srch[i].fsize += pkt->len; if (dig_srch[i].fp != NULL) { if (lost.uint8 == FALSE) fwrite(pkt->data, 1, pkt->len, dig_srch[i].fp); else { char *zero; zero = xmalloc(pkt->len); if (zero != NULL) { memset(zero, 0, pkt->len); fwrite(zero, 1, pkt->len, dig_srch[i].fp); xfree(zero); } } } } } } } while(nmatch == TRUE); } } if (opkt != NULL) PktFree(opkt); opkt = pkt; pkt = FlowGetPkt(flow_id); } if (opkt != NULL) { PktFree(opkt); opkt = NULL; } /* text flows */ if (thrs != NULL) { if (txt_data == FALSE) { /* text flow */ if (TcpGrbMajorityText(thrs, threshold) == TRUE) { sprintf(txt_file, "%s/%s/tcp_grb_%lu_%p_%i.txt", ProtTmpDir(), TCP_GRB_TMP_DIR, time(NULL), txt_file, incr++); txt_fp = fopen(txt_file, "w"); } } if (txt_fp != NULL) { TcpGrbText(txt_fp, thrs, threshold); } xfree(thrs); } /* ndpi free */ if (l7flow != NULL) { xfree(l7flow); xfree(l7src); xfree(l7dst); } if (l7prot_type == NULL) l7prot_type = "Unknown"; /* dig flow */ for (i=0; i!=dig_type_dim; i++) { if (dig_srch_a[i].head == TRUE) { if (i == dig_srch_a[i].dig_sync) { if (dig_srch_a[i].fp != NULL) fclose(dig_srch_a[i].fp); LogPrintf(LV_DEBUG, "End stream of file %s", dig_srch_a[i].ft->ename); dig_srch_a[i].end_cap = end_cap; GrbDigPei(&dig_srch_a[i], tcp); dig_srch_a[i].fsize = 0; dig_srch_a[i].fp = NULL; dig_srch_a[i].filename[0] = '\0'; } } if (dig_srch_b[i].head == TRUE) { if (i == dig_srch_b[i].dig_sync) { if (dig_srch_b[i].fp != NULL) fclose(dig_srch_b[i].fp); LogPrintf(LV_DEBUG, "End stream of file %s", dig_srch_b[i].ft->ename); dig_srch_b[i].end_cap = end_cap; GrbDigPei(&dig_srch_b[i], tcp); dig_srch_b[i].fsize = 0; dig_srch_b[i].fp = NULL; dig_srch_b[i].filename[0] = '\0'; } } } /* tcp reset */ if (first_lost && (count < 5 || flow_size == 0)) { if (txt_fp != NULL) { fclose(txt_fp); remove(txt_file); txt_fp = NULL; } } else { if (txt_fp != NULL) { fclose(txt_fp); /* insert data */ GrbPei(ppei, l7prot_type, flow_size, txt_file, &cap_sec, &end_cap); /* insert pei */ PeiIns(ppei); } else { /* insert data */ GrbPei(ppei, l7prot_type, flow_size, NULL, &cap_sec, &end_cap); /* insert pei */ PeiIns(ppei); } } /* end */ #if GRB_FILE if (fd_pcap != -1) close(fd_pcap); #endif if (dig_srch_a != NULL) { xfree(dig_srch_a); xfree(dig_srch_b); } DMemFree(priv); LogPrintf(LV_DEBUG, "TCP->%s garbage... bye bye fid:%d count:%i", l7prot_type, flow_id, count); return NULL; }