int main(int argc, char **argv)
{
struct producer_config pc;
struct consumer_config cc;
struct flow_table flowtable;
pthread_t tid[4];
int i;
if (argc != 2) {
fprintf(stderr, "Usage: %s <network_interface>\n", argv[0]);
fprintf(stderr, "For example: %s eth0\n", argv[0]);
fprintf(stderr, "\t see %s for results\n", EU_LOG);
return ERROR;
}
if(setup_packet_capture(&pc, argv[1], NETFILTER) != 0){
fprintf(stderr, "%s: error setting up packet capture interface!\n", argv[0]);
return ERROR;
}
if(listen_for_requests(&cc, SERVER_PORT) != 0){
fprintf(stderr, "%s: error listening for client requests!\n", argv[0]);
return ERROR;
}
if ((cc.model = svm_load_model(model_file)) == 0) {
fprintf(stderr, "could not open model file %s\n", model_file);
return ERROR;
}
signal(SIGINT, siginthandler);
signal(SIGPIPE, SIG_IGN);
#ifdef EU_STATS
signal(SIGALRM, sigalarmhandler);
alarm(STAT_TIME);
memset(&stats, 0, sizeof(struct eu_stats));
cc.stats= &stats; pc.stats= &stats;
pthread_mutex_init(&(update_mutex), NULL);
cc.update_mutex= &update_mutex; pc.update_mutex= &update_mutex;
#endif
/* everything is sent in network byte order */
cc.n_max_payload = htonl(MAX_PAYLOAD);
/* initialize tables and stuff */
flowtable_init(&flowtable, FLOW_ENTRIES);
cc.keep_going= &keep_going; pc.keep_going= &keep_going;
cc.flowtable= &flowtable; pc.flowtable= &flowtable;
if ((cc.x =
(struct svm_node *)malloc(max_nr_attr *
sizeof(struct svm_node))) == NULL) {
fprintf(stderr, "could not allocate memory for svm_node!\n");
flowtable_finit(&flowtable);
svm_destroy_model(cc.model);
close_pcap_interface(&pc.pcap);
return 1;
}
/* let the games begin! */
if (pthread_create(&tid[0], NULL, accept_connections_for_flows, (void *)&cc) != 0) {
fprintf(stderr, "%s: could not spawn thread\n", argv[0]);
return ERROR;
}
if (pthread_create(&tid[1], NULL, produce_flowtable, (void *)&pc) != 0) {
fprintf(stderr, "could not spawn thread\n");
return ERROR;
}
consume_flowtable(&cc);
fprintf(stderr, "waiting for threads to quit....\n");
/* done with everything */
for(i=0; i < 2; ++i)
if (pthread_join(tid[i], NULL) != 0)
fprintf(stderr, "%s: error waiting for thread %ld\n", argv[0], tid[i]);
svm_destroy_model(cc.model);
flowtable_finit(&flowtable);
print_pcap_stats(stdout, &pc.pcap);
close_pcap_interface(&pc.pcap);
return 0;
}
int
main(int argc, char **argv)
{
char *dev, *capfile, *bpf_prog;
extern char *optarg;
extern int optind;
extern char *__progname;
int ch, dontfork_flag, r;
pcap_t *pcap = NULL;
struct sockaddr_storage dest, src;
socklen_t destlen, srclen;
#ifdef NF9
int opt =0;
#endif
bpf_prog = NULL;
dev = capfile = NULL;
dontfork_flag = 0;
memset(&dest, '\0', sizeof(dest));
memset(&src, '\0', sizeof(src));
destlen = 0;
srclen = 0;
#ifdef NF9
while ((ch = getopt(argc, argv, "hdDi:n:r:S:s:v:m:p:e:")) != -1)
{
#else
while ((ch = getopt(argc, argv, "hdDi:n:r:S:v:")) != -1)
{
#endif /*NF9*/
switch (ch)
{
case 'h':
usage();
return (0);
case 'S':
if (strcasecmp(optarg, "any") == 0)
{
direction = 0;
break;
}
if (strcasecmp(optarg, "in") == 0)
{
direction = PF_IN;
break;
}
if (strcasecmp(optarg, "out") == 0)
{
direction = PF_OUT;
break;
}
usage();
return (0);
case 'D':
verbose_flag = 1;
/* FALLTHROUGH */
case 'd':
dontfork_flag = 1;
break;
case 'i':
if (capfile != NULL || dev != NULL)
{
fprintf(stderr, "Packet source already specified.\n\n");
usage();
exit(1);
}
dev = optarg;
break;
case 'n':
/* Will exit on failure */
destlen = sizeof(dest);
parse_hostport(optarg, (struct sockaddr *)&dest,
&destlen);
break;
case 'r':
if (capfile != NULL || dev != NULL)
{
fprintf(stderr, "Packet source already specified.\n\n");
usage();
exit(1);
}
capfile = optarg;
dontfork_flag = 1;
break;
case 's':
/* Will exit on failure */
srclen = sizeof(src);
parse_host(optarg, (struct sockaddr *)&src,
&srclen);
break;
case 'v':
switch((export_version = atoi(optarg)))
{
case 1:
case 5:
#ifdef NF9
case NF9_VERSION:
#endif /*NF9*/
break;
default:
fprintf(stderr, "Invalid NetFlow version\n");
exit(1);
}
break;
#ifdef NF9
case 'm':
{
opt= atoi(optarg);
if(opt>=0)
refresh_minutes_interval=opt;
}
break;
case 'p':
{
opt= atoi(optarg);
if(opt>0)
refresh_packets_interval=opt;
}
break;
case 'e':
source_id = atoi(optarg);
break;
#endif /*NF9*/
default:
fprintf(stderr, "Invalid commandline option.\n");
usage();
exit(1);
}
}
if (capfile == NULL && dev == NULL)
dev = DEFAULT_INTERFACE;
/* join remaining arguments (if any) into bpf program */
bpf_prog = argv_join(argc - optind, argv + optind);
/* Will exit on failure */
setup_packet_capture(&pcap, dev, capfile, bpf_prog);
/* Netflow send socket */
if (dest.ss_family != 0 && src.ss_family != 0)
netflow_socket = connsock_bind((struct sockaddr *)&dest, destlen, (struct sockaddr *)&src, srclen);
else if (dest.ss_family != 0)
netflow_socket = connsock((struct sockaddr *)&dest, destlen);
else
{
fprintf(stderr, "No export target defined\n");
if (!verbose_flag)
exit(1);
}
if (dontfork_flag)
{
if (!verbose_flag)
drop_privs();
openlog(__progname, LOG_PID|LOG_PERROR, LOG_DAEMON);
}
else
{
daemon(0, 0);
openlog(__progname, LOG_PID, LOG_DAEMON);
if (pidfile(NULL) == -1)
{
syslog(LOG_WARNING, "Couldn't write pidfile: %s",
strerror(errno));
}
/* Close and reopen syslog to pickup chrooted /dev/log */
closelog();
openlog(__progname, LOG_PID, LOG_DAEMON);
drop_privs();
signal(SIGINT, sighand_exit);
signal(SIGTERM, sighand_exit);
}
if (dev != NULL)
syslog(LOG_NOTICE, "%s listening on %s", __progname, dev);
/* Main processing loop */
gettimeofday(&start_time, NULL);
r = pcap_loop(pcap, -1, packet_cb, NULL);
if (r == -1)
{
syslog(LOG_ERR, "pcap_dispatch: %s", pcap_geterr(pcap));
exit(1);
}
if (r == 0 && capfile == NULL)
syslog(LOG_NOTICE, "Exiting on pcap EOF");
exit(0);
}
int main(int argc, char **argv)
{
struct producer_config pc;
struct consumer_config cc;
struct flow_table flowtable;
pthread_t tid[4];
if (argc != 2) {
fprintf(stderr, "usage: %s <model-file>\n", argv[0]);
return STATUS_ERROR;
}
if (setup_packet_capture(&pc, SENSOR_NETFILTER) != STATUS_OK) {
fprintf(stderr, "%s: could not setup packet capture interface!\n", argv[0]);
return STATUS_ERROR;
}
if (listen_for_requests(&cc, SENSOR_LISTEN_PORT) != STATUS_OK) {
fprintf(stderr, "%s: error listening for client requests!\n", argv[0]);
return STATUS_ERROR;
}
if ((cc.model = svm_load_model(argv[1])) == 0) {
fprintf(stderr, "%s: could not open model file %s\n", argv[0], argv[1]);
return STATUS_ERROR;
}
/* everything is sent in network byte order */
cc.n_max_payload = htonl(PAYLOAD_BUFFER_LENGTH);
/* initialize tables and stuff */
flowtable_init(&flowtable, FLOWTABLE_BUCKETS, FLOWTABLE_RECORDS);
cc.keep_going = &keep_going;
pc.keep_going = &keep_going;
cc.flowtable = &flowtable;
pc.flowtable = &flowtable;
if ((cc.x = (struct svm_node *)malloc(max_nr_attr * sizeof(struct svm_node))) == NULL) {
fprintf(stderr, "%s: could not allocate memory for classifier!\n", argv[0]);
flowtable_finit(&flowtable);
svm_destroy_model(cc.model);
close_pcap_interface(&pc.pcap);
return STATUS_ERROR;
}
signal(SIGINT, siginthandler);
signal(SIGPIPE, SIG_IGN);
/* let the games begin! */
if (pthread_create(&tid[0], NULL, produce_flowtable, (void *)&pc) != 0) {
fprintf(stderr, "%s: could not spawn thread!\n", argv[0]);
return STATUS_ERROR;
}
if (pthread_create(&tid[1], NULL, accept_connections_for_flows, (void *)&cc) != 0) {
fprintf(stderr, "%s: could not spawn thread\n", argv[0]);
return STATUS_ERROR;
}
consume_flowtable((void *)&cc);
flowtable_finit(&flowtable);
print_pcap_stats(stderr, &pc.pcap);
close_pcap_interface(&pc.pcap);
return STATUS_OK;
}
int main(int argc, char **argv)
{
struct producer_config pc;
struct consumer_config cc;
struct flow_table flowtable;
pthread_t tid[4];
if (argc != 2) {
fprintf(stderr, "usage: %s <model-file>\n", argv[0]);
return ERROR;
}
if (setup_packet_capture(&pc, NETFILTER) != 0) {
fprintf(stderr,
"%s: error setting up packet capture interface!\n",
argv[0]);
return ERROR;
}
if (listen_for_requests(&cc, SERVER_PORT) != 0) {
fprintf(stderr, "%s: error listening for client requests!\n",
argv[0]);
return ERROR;
}
if ((cc.model = svm_load_model(argv[1])) == 0) {
fprintf(stderr, "could not open model file %s\n", argv[1]);
return ERROR;
}
/* everything is sent in network byte order */
cc.n_max_payload = htonl(MAX_PAYLOAD);
/* initialize tables and stuff */
flowtable_init(&flowtable, FLOW_ENTRIES);
cc.keep_going = &keep_going;
pc.keep_going = &keep_going;
cc.flowtable = &flowtable;
pc.flowtable = &flowtable;
if ((cc.x =
(struct svm_node *)malloc(max_nr_attr *
sizeof(struct svm_node))) == NULL) {
fprintf(stderr, "could not allocate memory for svm_node!\n");
flowtable_finit(&flowtable);
svm_destroy_model(cc.model);
close_pcap_interface(&pc.pcap);
return 1;
}
if (init_send_buffers(&cc.sb, SEND_BUFFER_SIZE, SEND_BUFFERS) != 0) {
fprintf(stderr, "could not initialize send buffers!\n");
free(cc.x);
flowtable_finit(&flowtable);
svm_destroy_model(cc.model);
close_pcap_interface(&pc.pcap);
return 1;
}
signal(SIGINT, siginthandler);
signal(SIGPIPE, SIG_IGN);
/* let the games begin! */
if (pthread_create(&tid[0], NULL, produce_flowtable, (void *)&pc) != 0) {
fprintf(stderr, "could not spawn thread\n");
return ERROR;
}
if (pthread_create(&tid[1], NULL, consume_flowtable, (void *)&cc) != 0) {
fprintf(stderr, "could not spawn thread\n");
return ERROR;
}
if (pthread_create
(&tid[2], NULL, accept_connections_for_flows, (void *)&cc) != 0) {
fprintf(stderr, "%s: could not spawn thread\n", argv[0]);
return ERROR;
}
#if 0
if (pthread_create(&tid[3], NULL, write_to_clients, (void *)&cc) != 0) {
fprintf(stderr, "could not spawn thread\n");
return ERROR;
}
/* done with everything */
for (i = 0; i < 4; ++i)
if (pthread_join(tid[i], NULL) != 0)
fprintf(stderr, "%s: error waiting for thread %ld\n",
argv[0], tid[i]);
#endif
write_to_clients((void *)&cc);
svm_destroy_model(cc.model);
flowtable_finit(&flowtable);
print_pcap_stats(stdout, &pc.pcap);
close_pcap_interface(&pc.pcap);
return 0;
}
