int DissectInit(void) { prot_id = ProtId("radiotap"); wlan_id = ProtId("wlan"); return 0; }
int DissectInit(void) { prot_id = ProtId("wlan"); llc_id = ProtId("llc"); return 0; }
int DissectInit(void) { int http_id; /* part of file name */ incr = 0; /* Http pei generator */ HttpPktDis = NULL; http_id = ProtId("http"); if (http_id != -1) { HttpPktDis = ProtPktDefaultDis(http_id); } /* protocols and attributes */ mms_id = ProtId("mms"); /* pei id */ pei_url_id = ProtPeiComptId(mms_id, "url"); pei_from_id = ProtPeiComptId(mms_id, "from"); pei_to_id = ProtPeiComptId(mms_id, "to"); pei_cc_id = ProtPeiComptId(mms_id, "cc"); pei_bcc_id = ProtPeiComptId(mms_id, "bcc"); pei_part_id = ProtPeiComptId(mms_id, "part"); pei_raw_id = ProtPeiComptId(mms_id, "raw"); /* ipp tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), MMS_TMP_DIR); mkdir(tmp_dir, 0x01FF); return 0; }
int DissectInit(void) { char telnet_dir[256]; /* part of file name */ incr = 0; /* info id */ ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); telnet_id = ProtId("telnet"); /* pei id */ pei_host_id = ProtPeiComptId(telnet_id, "host"); pei_user_id = ProtPeiComptId(telnet_id, "user"); pei_password_id= ProtPeiComptId(telnet_id, "password"); pei_cmd_id = ProtPeiComptId(telnet_id, "cmd"); /* telnet tmp directory */ sprintf(telnet_dir, "%s/%s", ProtTmpDir(), TELNET_TMP_DIR); mkdir(telnet_dir, 0x01FF); return 0; }
int DissectInit(void) { prot_id = ProtId("ip"); iphdr_len = sizeof(struct iphdr); ipv6_id = ProtId("ipv6"); return 0; }
int DissectInit(void) { char ipp_dir[256]; struct stat st; /* part of file name */ incr = 0; /* check local pcl6 */ if (stat("./pcl6", &st) == 0) { /* there is a local pcl6 application */ strcpy(pcl6_path, "./pcl6"); } /* protocols and attributes */ prot_id = ProtId("ipp"); /* pei id */ pei_url_id = ProtPeiComptId(prot_id, "url"); pei_pdffile_id = ProtPeiComptId(prot_id, "pdf"); pei_pclfile_id = ProtPeiComptId(prot_id, "pcl"); /* ipp tmp directory */ sprintf(ipp_dir, "%s/%s", ProtTmpDir(), IPP_TMP_DIR); mkdir(ipp_dir, 0x01FF); return 0; }
int DissectInit(void) { hweth_len = sizeof(struct ethhdr); prot_id = ProtId("eth"); return 0; }
int DissectInit(void) { prot_id = ProtId("arp"); /* pei id */ pei_mac_id = ProtPeiComptId(prot_id, "mac"); pei_ip_id = ProtPeiComptId(prot_id, "ip"); return 0; }
int DissectInit(void) { int http_id; prot_id = ProtId("httpfd"); /* Http pei generator */ HttpPktDis = NULL; http_id = ProtId("http"); if (http_id != -1) { HttpPktDis = ProtPktDefaultDis(http_id); } else { insert_http = FALSE; } /* pei id */ pei_url_id = ProtPeiComptId(prot_id, "url"); pei_file_id = ProtPeiComptId(prot_id, "file"); pei_range_id = ProtPeiComptId(prot_id, "range"); pei_content_type = ProtPeiComptId(prot_id, "content_type"); return 0; }
int DissectInit(void) { char rtp_dir[256]; /* part of file name */ incr = 0; /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); ipv6_id = ProtId("ipv6"); ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); udp_id = ProtId("udp"); uport_dst_id = ProtAttrId(udp_id, "udp.dstport"); uport_src_id = ProtAttrId(udp_id, "udp.srcport"); rtp_id = ProtId("rtp"); rtcp_id = ProtId("rtcp"); if (rtcp_id != -1) rtcp_phone_id = ProtAttrId(rtcp_id, "rtcp.phone"); /* pei id */ pei_from = ProtPeiComptId(rtp_id, "from"); pei_to = ProtPeiComptId(rtp_id, "to"); pei_audio_from = ProtPeiComptId(rtp_id, "audio_from"); pei_audio_to = ProtPeiComptId(rtp_id, "audio_to"); pei_audio_mix = ProtPeiComptId(rtp_id, "audio_mix"); pei_duration = ProtPeiComptId(rtp_id, "duration"); /* rtp tmp directory */ sprintf(rtp_dir, "%s/%s", ProtTmpDir(), RTP_TMP_DIR); mkdir(rtp_dir, 0x01FF); return 0; }
int DissectInit(void) { sdp_id = ProtId("sdp"); return 0; }
int CaptDisMain(int argc, char *argv[]) { char ifile[RLTM_POL_PATH_DIM]; char dirpath[RLTM_POL_PATH_DIM]; char tmp[RLTM_POL_PATH_DIM]; char errbuf[PCAP_ERRBUF_SIZE]; char intrf[RLTM_POL_PATH_DIM], filter_app[RLTM_POL_PATH_DIM]; struct bpf_program filter; /* The compiled filter */ pcap_t *cap = NULL; char *param; int ret; struct pcap_ref ref; FILE *fp; bool end, ses_id, pol_id; struct pcap_pkthdr *pkt_header; const u_char *pkt_data; static time_t tm = 0; struct pcap_file_header fh; end = FALSE; ses_id = FALSE; pol_id = FALSE; savepcap = 0; /* pcapfile protocol id */ pol_prot_id = ProtId("pol"); if (pol_prot_id == -1) { return -1; } /* serial number of packet */ pkt_serial = 1; /* interace & filter % pol dir name*/ intrf[0] = '\0'; filter_app[0] = '\0'; dirpath[0] = '\0'; ret = RltmPolParam(argc, argv, intrf, filter_app, dirpath); if (ret != 0) { return -1; } /* check name dir */ if (dirpath[0] == '\0') { return -1; } /* read pol info */ sprintf(ifile, "%s/%s", dirpath, RLTM_POL_INIT_SESSION_FILE); fp = fopen(ifile, "r"); if (fp == NULL) { LogPrintf(LV_ERROR, "Pol info file (%s) not present!", ifile); return -1; } while (fgets(tmp, CFG_LINE_MAX_SIZE, fp) != NULL) { /* check if line is a comment */ if (!CfgParIsComment(tmp)) { param = strstr(tmp, RLTM_POL_SESSION_ID); if (param != NULL) { ret = sscanf(param, RLTM_POL_SESSION_ID"=%lu", &ref.ses_id); if (ret == 1) { ses_id = TRUE; } } param = strstr(tmp, RLTM_POL_ID); if (param != NULL) { ret = sscanf(param, RLTM_POL_ID"=%lu", &ref.pol_id); if (ret == 1) { pol_id = TRUE; } } } } fclose(fp); remove(ifile); if (ses_id == FALSE || pol_id == FALSE) { LogPrintf(LV_ERROR, "Pol info file (%s) incomplete!", tmp); return -1; } errbuf[sizeof(errbuf) - 1] = '\0'; errbuf[0] = '\0'; /* open device in promiscuous mode */ #ifdef HAVE_PCAP_CREATE cap = pcap_create(intrf, errbuf); #else cap = pcap_open_live(intrf, 102400, 1, 0, errbuf); #endif if (cap == NULL) { printf("Error: %s\n", errbuf); return -1; } else { #ifdef HAVE_PCAP_CREATE ret = pcap_set_snaplen(cap, 102400); if (ret != 0) { printf("You have an old version of libpcap\n"); return -1; } ret = pcap_set_promisc(cap, 1); if (ret != 0) { printf("You have an old version of libpcap\n"); return -1; } ret = pcap_set_timeout(cap, 0); if (ret != 0) { printf("You have an old version of libpcap\n"); return -1; } /* set capture buffer size to 16 MB */ ret = pcap_set_buffer_size(cap, (1<<24)); if (ret != 0) { printf("You have an old version of libpcap\n"); return -1; } ret = pcap_activate(cap); if (ret != 0) { printf("pcap_activate failed '%s'\n", pcap_geterr(cap)); return -1; } #endif /* compile and apply the filter */ if (pcap_compile(cap, &filter, filter_app, 1, 0) < 0) { printf("Bad filter %s\n", filter_app); pcap_perror(cap, "Filter"); return -1; } pcap_setfilter(cap, &filter); pcap_freecode(&filter); /* interface */ ref.dev = intrf; /* data link type */ ref.dlt = pcap_datalink(cap); /* packet counter */ ref.cnt = 0; /* end filename */ sprintf(ifile, "%s/%s", dirpath, RLTM_POL_END_SESSION_FILE); if (savepcap) { /* pcap file for debug */ sprintf(pcap_deb, "/opt/xplico/pol_%li/sol_%li/raw/interface_%s_%lu.pcap", ref.pol_id, ref.ses_id, intrf, time(NULL)); fp_pcap = fopen(pcap_deb, "w"); crash_ref_name = pcap_deb; memset(&fh, 0, sizeof(struct pcap_file_header)); fh.magic = 0xA1B2C3D4; fh.version_major = PCAP_VERSION_MAJOR; fh.version_minor = PCAP_VERSION_MINOR; fh.snaplen = 65535; fh.linktype = ref.dlt; if (fp_pcap != NULL) { fwrite((char *)&fh, 1, sizeof(struct pcap_file_header), fp_pcap); } else { LogPrintf(LV_ERROR, "Debug raw file failed: %s", pcap_deb); sprintf(pcap_deb, "Real Time"); } } else { fp_pcap = NULL; } do { /* read data */ if (pcap_next_ex(cap, &pkt_header, &pkt_data) == -1) { /* exit */ break; } else { /* decode data */ RltmPolDissector((u_char *)&ref, pkt_header, pkt_data); } /* check the end */ if (time(NULL) > tm) { tm = time(NULL) + 1; fp = fopen(ifile, "r"); if (fp != NULL) { end = TRUE; fclose(fp); } } } while (end == FALSE); pcap_close(cap); /* remove file */ remove(ifile); } if (fp_pcap != NULL) fclose(fp_pcap); return 0; }
int CaptDisMain(int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; char infile[PCAP_PATH_DIM], dirpath[PCAP_PATH_DIM]; char **list; char *pcap_file; int i, num; pcap_t *cap = NULL; int ret; DIR *dir; struct dirent *entry; struct cap_ref ref; FILE *fp; struct snoop_file_header snooph; static bool tresp; /* pcapfile protocol id */ pcap_prot_id = ProtId("pcapf"); if (pcap_prot_id == -1) { printf("It is necessary to load (from config file) the dissector pcapf\n"); return -1; } /* serial number of packet */ pkt_serial = 1; /* pcap file/dir name */ infile[0] = '\0'; dirpath[0] = '\0'; tresp = FALSE; ret = PcapParam(argc, argv, infile, dirpath, &tresp); if (ret != 0) { return -1; } /* ^C */ ciao = FALSE; signal(SIGTERM, PcapCiao); signal(SIGINT, PcapCiao); list = NULL; num = 0; if (dirpath[0] != '\0') { dir = opendir(dirpath); if (dir == NULL) { perror(""); return -1; } /* file list */ while((entry = readdir(dir)) != NULL) { if (entry->d_name[0] == '.') continue; list = xrealloc(list, sizeof(char *)*(num+1)); list[num] = xmalloc(strlen(dirpath)+strlen(entry->d_name)+5); sprintf(list[num], "%s/%s", dirpath, entry->d_name); num++; } qsort(list, num, sizeof(char *), ListSort); closedir(dir); if (num == 0) { printf("Directory without pcap/snoop file\n"); return -1; } #if 0 /* list debug */ printf("Files list:\n"); for (i=0; i!=num; i++) { printf(" %s\n", list[i]); } #endif pcap_file = list[0]; } else pcap_file = infile; i = 0; do { errbuf[sizeof(errbuf) - 1] = '\0'; errbuf[0] = '\0'; /* open the input pcap file */ cap = pcap_open_offline(pcap_file, errbuf); if (cap != NULL) { /* file name */ ref.file_name = pcap_file; strncpy(file_source, pcap_file, PCAP_PATH_DIM); /* data link type */ ref.dlt = pcap_datalink(cap); /* packet counter */ ref.cnt = 0; /* let pcap loop over the input, passing data to the decryptor */ if (tresp) pcap_loop(cap, -1, (pcap_handler)&PcapDissectorTsec, (u_char*)&ref); else pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref); pcap_close(cap); } else { /* try with snoop */ fp = fopen(pcap_file, "r"); if (fp != NULL) { if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) { if (strcmp(snooph.format_name, "snoop") != 0) { fclose(fp); fp = NULL; LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } else { snooph.version = ntohl(snooph.version); snooph.mac = ntohl(snooph.mac); /* file name */ ref.file_name = pcap_file; strncpy(file_source, pcap_file, PCAP_PATH_DIM); /* data link type */ switch (snooph.mac) { case 0x04: ref.dlt = DLT_EN10MB; break; case 0x08: ref.dlt = DLT_FDDI; break; case 0x12: ref.dlt = DLT_SUNATM; break; } /* packet counter */ ref.cnt = 0; SnoopDissector(fp, &ref); fclose(fp); fp = NULL; } } else { fclose(fp); fp = NULL; LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } } else { LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } } i++; if (i < num) pcap_file = list[i]; } while (i<num && !ciao); return 0; }
int DissectInit(void) { prot_id = ProtId("chdlc"); return 0; }
int CaptDisMain(int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; char dirpath[PCAP_PATH_DIM]; char tmp[PCAP_PATH_DIM]; char ifile[PCAP_PATH_DIM]; char *pcap_file, *param; bool end, ses_id, pol_id; pcap_t *cap = NULL; int res; struct cap_ref ref; struct timespec to; FILE *fp; struct stat info_a, info_b; struct snoop_file_header snooph; char *filter_app; struct bpf_program filter; /* The compiled filter */ bool one; end = FALSE; ses_id = FALSE; pol_id = FALSE; pcap_file = NULL; filter_app = NULL; /* pol protocol id */ pol_prot_id = ProtId("pol"); if (pol_prot_id == -1) { return -1; } /* serial number of packet */ pkt_serial = 1; /* pol dir name */ dirpath[0] = '\0'; res = PolParam(argc, argv, dirpath, &filter_app); if (res != 0) { return -1; } /* check name dir */ if (dirpath[0] == '\0') { return -1; } /* read pol info */ sprintf(ifile, "%s/%s", dirpath, POL_INIT_SESSION_FILE); fp = fopen(ifile, "r"); if (fp == NULL) { LogPrintf(LV_ERROR, "Pol info file (%s) not present!", ifile); return -1; } while (fgets(tmp, CFG_LINE_MAX_SIZE, fp) != NULL) { /* check if line is a comment */ if (!CfgParIsComment(tmp)) { param = strstr(tmp, POL_SESSION_ID); if (param != NULL) { res = sscanf(param, POL_SESSION_ID"=%lu", &ref.ses_id); if (res == 1) { ses_id = TRUE; } } param = strstr(tmp, POL_POL_ID); if (param != NULL) { res = sscanf(param, POL_POL_ID"=%lu", &ref.pol_id); if (res == 1) { pol_id = TRUE; } } } } fclose(fp); remove(ifile); sprintf(file_status, "%s/../../tmp/%s", dirpath, POL_POL_STATUS); if (ses_id == FALSE || pol_id == FALSE) { LogPrintf(LV_ERROR, "Pol info file (%s) incomplete!", tmp); return -1; } /* pcap file decoding */ do { /* pcap file name */ do { pcap_file = PolFile(dirpath, &one); if (pcap_file == NULL) { /* timeout */ to.tv_sec = 2; to.tv_nsec = 1; if (!end) { /* wait new file */ while (nanosleep(&to, &to) != 0) ; } } else { /* check if the file is the end file flag */ if (strstr(pcap_file, POL_END_SESSION_FILE) != NULL) { end = TRUE; remove(pcap_file); xfree(pcap_file); pcap_file = PolFile(dirpath, &one); } } } while (pcap_file == NULL && end == FALSE); if (pcap_file != NULL) { /* wait file download completition */ if (one) { do { /* timeout */ to.tv_sec = 5; to.tv_nsec = 1; stat(pcap_file, &info_a); nanosleep(&to, NULL); stat(pcap_file, &info_b); } while (info_a.st_size != info_b.st_size); } errbuf[sizeof(errbuf) - 1] = '\0'; errbuf[0] = '\0'; /* open the input pcap file (or stdin) */ cap = pcap_open_offline(pcap_file, errbuf); if (cap != NULL) { /* compile and apply the filter */ if (filter_app != NULL) { if (pcap_compile(cap, &filter, filter_app, 1, 0) < 0) { printf("Bad filter %s\n", filter_app); pcap_perror(cap, "Filter"); return -1; } pcap_setfilter(cap, &filter); pcap_freecode(&filter); } /* file name */ ref.file_name = pcap_file; strncpy(file_source, pcap_file, PCAP_PATH_DIM); /* data link type */ ref.dlt = pcap_datalink(cap); /* packet counter */ ref.cnt = 0; /* let pcap loop over the input, passing data to the decryptor */ pcap_loop(cap, -1, (pcap_handler)&PcapDissector, (u_char*)&ref); pcap_close(cap); } else { /* try with snoop */ fp = fopen(pcap_file, "r"); if (fp != NULL) { if (fread(&snooph, 1, sizeof(snooph), fp) == sizeof(snooph)) { if (strcmp(snooph.format_name, "snoop") != 0) { fclose(fp); fp = NULL; LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } else { snooph.version = ntohl(snooph.version); snooph.mac = ntohl(snooph.mac); /* file name */ ref.file_name = pcap_file; strncpy(file_source, pcap_file, PCAP_PATH_DIM); /* data link type */ switch (snooph.mac) { case 0x04: ref.dlt = DLT_EN10MB; break; case 0x08: ref.dlt = DLT_FDDI; break; case 0x12: ref.dlt = DLT_SUNATM; break; } /* packet counter */ ref.cnt = 0; SnoopDissector(fp , &ref); fclose(fp); fp = NULL; } } else { fclose(fp); fp = NULL; LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } } else { LogPrintf(LV_ERROR, "File %s: %s", pcap_file, errbuf); } } /* remove file */ remove(pcap_file); xfree(pcap_file); } } while (pcap_file); if (filter_app != NULL) xfree(filter_app); return 0; }
int DissectInit(void) { prot_id = ProtId("pppoe"); return 0; }
int DissectInit(void) { prot_id = ProtId("gtp"); return 0; }
int DispatchInit(const char *file_cfg) { FILE *fp; char module_dir[CFG_LINE_MAX_SIZE]; char buffer[CFG_LINE_MAX_SIZE]; char bufcpy[CFG_LINE_MAX_SIZE]; char module_path[CFG_LINE_MAX_SIZE]; char module_name[CFG_LINE_MAX_SIZE]; char mask[CFG_LINE_MAX_SIZE]; char manip_name[CFG_LINE_MAX_SIZE]; char manip_host[CFG_LINE_MAX_SIZE]; char manip_bin[CFG_LINE_MAX_SIZE]; unsigned int manip_port; char *param; unsigned short logm; int res, nl, val, i; pthread_t pid; /* default */ parallel = FALSE; pei_ins = 0; pei_pend = 0; manip = NULL; manip_num = 0; /* find directory location of module from config file */ fp = fopen(file_cfg, "r"); if (fp == NULL) { LogPrintf(LV_ERROR, "Config file can't be opened"); return -1; } /* copy path */ config_path = xmalloc(strlen(file_cfg) + 1); strcpy(config_path, file_cfg); /* modules */ module_dir[0] = '\0'; module_name[0] = '\0'; manip_bin[0] = '\0'; manip_host[0] = '\0'; nl = 0; while (fgets(buffer, CFG_LINE_MAX_SIZE, fp) != NULL) { nl++; /* check all line */ if (strlen(buffer)+1 == CFG_LINE_MAX_SIZE) { LogPrintf(LV_ERROR, "Config file line more length to %d characters", CFG_LINE_MAX_SIZE); return -1; } /* check if line is a comment */ if (!CfgParIsComment(buffer)) { /* modules directory */ param = strstr(buffer, CFG_PAR_MODULES_DIR); if (param != NULL) { if (module_dir[0] != '\0') { LogPrintf(LV_ERROR, "Config param error: param '%s' defined two times", CFG_PAR_MODULES_DIR); return -1; } res = sscanf(param, CFG_PAR_MODULES_DIR"=%s %s", module_dir, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } } } /* dispatcher module name */ param = strstr(buffer, CFG_PAR_DISPATCH"="); if (param != NULL) { if (module_name[0] != '\0') { LogPrintf(LV_ERROR, "Config param error: param '%s' defined two times", CFG_PAR_DISPATCH); return -1; } res = sscanf(param, CFG_PAR_DISPATCH"=%s %s", module_name, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { /* log mask */ res = strncmp(bufcpy, CFG_PAR_MODULE_LOG, strlen(CFG_PAR_MODULE_LOG)); if (res != 0) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } param = strstr(param, CFG_PAR_MODULE_LOG); res = sscanf(param, CFG_PAR_MODULE_LOG"=%s %s", mask, bufcpy); logm = LV_BASE; if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } logm |= CfgParLogMask(mask, nl); } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } /* set mask */ LogSetMask(LOG_COMPONENT, logm); } } } /* parallel o serial insert */ param = strstr(buffer, CFG_PAR_DISPATCH_PARAL); if (param != NULL) { res = sscanf(param, CFG_PAR_DISPATCH_PARAL"=%i %s", &val, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } else { if (val == 1) parallel = TRUE; else parallel = FALSE; } } } /* manipulator connection info */ param = strstr(buffer, CFG_PAR_DISPATCH_MANIP_NAME"="); if (param != NULL) { res = sscanf(param, CFG_PAR_DISPATCH_MANIP_NAME"=%s %s", manip_name, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { /* manipulator host */ res = strncmp(bufcpy, CFG_PAR_DISPATCH_MANIP_HOST, strlen(CFG_PAR_DISPATCH_MANIP_HOST)); if (res != 0) { param = strstr(param, CFG_PAR_DISPATCH_MANIP_BIN); if (param != NULL) { res = sscanf(param, CFG_PAR_DISPATCH_MANIP_BIN"=%s %s", manip_bin, bufcpy); if (res > 0) { /* inset manip in table */ manip = xrealloc(manip, sizeof(manip_con)*(manip_num + 1)); memset(&(manip[manip_num]), 0, sizeof(manip_con)); strcpy(manip[manip_num].name, manip_name); strcpy(manip[manip_num].host, manip_host); strcpy(manip[manip_num].bin, manip_bin); manip[manip_num].port = 0; manip[manip_num].sock = -1; manip[manip_num].wait = FALSE; manip[manip_num].peil = NULL; manip[manip_num].peilast = NULL; /* check pei of protocol */ manip[manip_num].pid = ProtId(manip[manip_num].name); manip[manip_num].mux = xmalloc(sizeof(pthread_mutex_t)); pthread_mutex_init(manip[manip_num].mux, NULL); if (manip[manip_num].pid == -1) { LogPrintf(LV_WARNING, "Protocol Manipulator %s haven't PEI", manip[manip_num].name); } manip_num++; } } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } } else { param = strstr(param, CFG_PAR_DISPATCH_MANIP_HOST); res = sscanf(param, CFG_PAR_DISPATCH_MANIP_HOST"=%s %s", manip_host, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { res = strncmp(bufcpy, CFG_PAR_DISPATCH_MANIP_PORT, strlen(CFG_PAR_DISPATCH_MANIP_PORT)); if (res != 0) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, bufcpy); return -1; } param = strstr(param, CFG_PAR_DISPATCH_MANIP_PORT); res = sscanf(param, CFG_PAR_DISPATCH_MANIP_PORT"=%d %s", &manip_port, bufcpy); if (res > 0) { if (res == 2 && !CfgParIsComment(bufcpy)) { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } /* inset manip in table */ manip = xrealloc(manip, sizeof(manip_con)*(manip_num + 1)); memset(&(manip[manip_num]), 0, sizeof(manip_con)); strcpy(manip[manip_num].name, manip_name); strcpy(manip[manip_num].host, manip_host); manip[manip_num].bin[0] = '\0'; manip[manip_num].port = manip_port; manip[manip_num].sock = -1; manip[manip_num].wait = FALSE; manip[manip_num].peil = NULL; manip[manip_num].peilast = NULL; /* check pei of protocol */ manip[manip_num].pid = ProtId(manip[manip_num].name); manip[manip_num].mux = xmalloc(sizeof(pthread_mutex_t)); pthread_mutex_init(manip[manip_num].mux, NULL); if (manip[manip_num].pid == -1) { LogPrintf(LV_WARNING, "Protocol Manipulator %s haven't PEI", manip[manip_num].name); } manip_num++; } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } } } else { LogPrintf(LV_ERROR, "Config param error in line %d. Unknow param: %s", nl, buffer); return -1; } } } } } fclose(fp); /* check name */ if (module_name[0] == '\0') { LogPrintf(LV_WARNING, "The dispatch module isn't defined, will be used 'none' dispatch module"); printf("The dispatch module isn't defined, will be used 'none' dispatch module\n"); /* default dispatcher */ strcpy(module_name, "disp_none.so"); } /* module path */ sprintf(module_path, "%s/%s", module_dir, module_name); /* open module */ handle = dlopen(module_path, RTLD_LAZY); if (handle == NULL) { printf("Can't load dispatch module %s\n", dlerror()); return -1; } /* inizilizations of all software that can be used in dispatcer modules */ /* gearth initialization */ if (GearthInit(file_cfg) == -1) { return -1; } /* end inizilizations of all software that can be used in dispatcer modules */ /* attach functions */ DispInit = dlsym(handle, DISP_INIT_FUN); if (DispInit == NULL) { printf("Dispatch module don't contain function %s\n", DISP_INIT_FUN); return -1; } DispEnd = dlsym(handle, DISP_END_FUN); if (DispEnd == NULL) { printf("Dispatch module don't contain function %s\n", DISP_END_FUN); return -1; } DispInsPei = dlsym(handle, DISP_INDPEI_FUN); if (DispInsPei == NULL) { printf("Dispatch module don't contain function %s\n", DISP_INDPEI_FUN); return -1; } /* initialize dispatcher module */ if (DispInit(file_cfg) == -1) { printf("Dispatch module initialization error\n"); return -1; } if (DispManipInit() == -1) { printf("Dispatch to manipulator initialization error\n"); return -1; } /* parallel or serial */ pthread_mutex_init(&plist_mux, NULL); if (parallel == FALSE) { /* in this case single dissector that generate and insert one PEI call 'directly' the insert function of dispatcher module, otherwise a thread is the middelware from dissectors and dispatch function module */ pthread_cond_init(&plist_cond, NULL); plist = NULL; plist_end = NULL; res = pthread_create(&pid, NULL, DispatchAgent, NULL); if (res != 0) { printf("Dispatch Agent setup failed"); LogPrintf(LV_ERROR, "Dispatch Agent setup failed"); return -1; } pthread_detach(pid); } /* manipeagtor info */ for (i=0; i!=manip_num; i++) { LogPrintf(LV_START, "Manipulator ---> %s host:%s port:%d", manip[i].name, manip[i].host, manip[i].port); } return 0; }
int DissectInit(void) { char tmp_dir[256]; int i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; pthrs_ins = 0; pthread_mutex_init(&pthrs_mux, NULL); prl_thrs = xmalloc(pthrs_dim*sizeof(tca_flow *)); prl_thrs_en = xmalloc(pthrs_dim*sizeof(char)); if (prl_thrs != NULL) { memset(prl_thrs, 0, pthrs_dim*sizeof(tca_flow *)); for (i=0; i!=pthrs_dim; i++) { prl_thrs_en[i] = 0; } } /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); syn_id = ProtAttrId(tcp_id, "tcp.syn"); } tcp_ca_id = ProtId("tcp-ca"); /* pei id */ pei_ip_src_id = ProtPeiComptId(tcp_ca_id, "ip.src"); pei_ip_dst_id = ProtPeiComptId(tcp_ca_id, "ip.dst"); pei_dns_id = ProtPeiComptId(tcp_ca_id, "dns"); pei_port_src_id = ProtPeiComptId(tcp_ca_id, "port.src"); pei_port_dst_id = ProtPeiComptId(tcp_ca_id, "port.dst"); pei_l7protocol_id = ProtPeiComptId(tcp_ca_id, "l7prot"); pei_lat_id = ProtPeiComptId(tcp_ca_id, "lat"); pei_long_id = ProtPeiComptId(tcp_ca_id, "long"); pei_country_code_id = ProtPeiComptId(tcp_ca_id, "country_code"); pei_bsent_id = ProtPeiComptId(tcp_ca_id, "byte.sent"); pei_brecv_id = ProtPeiComptId(tcp_ca_id, "byte.receiv"); pei_blost_sent_id = ProtPeiComptId(tcp_ca_id, "byte.lost.sent"); pei_blost_recv_id = ProtPeiComptId(tcp_ca_id, "byte.lost.receiv"); pei_pkt_sent_id = ProtPeiComptId(tcp_ca_id, "pkt.sent"); pei_pkt_recv_id = ProtPeiComptId(tcp_ca_id, "pkt.receiv"); pei_trace_sent = ProtPeiComptId(tcp_ca_id, "trace.sent"); pei_trace_recv = ProtPeiComptId(tcp_ca_id, "trace.receiv"); pei_metadata = ProtPeiComptId(tcp_ca_id, "metadata"); pei_trace_img = ProtPeiComptId(tcp_ca_id, "trace.img"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_CA_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* ndpi */ ndpi = ndpi_init_detection_module(); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }
int DispInit(const char *cfg_file) { char buffer[CFG_LINE_MAX_SIZE]; char bufcpy[CFG_LINE_MAX_SIZE]; char *param; FILE *fp; int res, i; LogPrintf(LV_DEBUG, "PCAP2WAV Dispatcher"); nrtp = 0; /* read configuration file */ fp = fopen(cfg_file, "r"); if (fp == NULL) { LogPrintf(LV_ERROR, "Config file can't be opened"); return -1; } res = 0; while (fgets(buffer, CFG_LINE_MAX_SIZE, fp) != NULL) { /* check if line is a comment */ if (!CfgParIsComment(buffer)) { param = strstr(buffer, CFG_PAR_XDECODE); if (param != NULL) { res = sscanf(param, CFG_PAR_XDECODE"=%s %s", xdecode, bufcpy); if (res > 0) { break; } } } } fclose(fp); if (!res) { strcpy(xdecode, XCLI_BASE_DIR); } else { i = 0; while (xdecode[i] != '\0' && xdecode[i] != '\0') i++; xdecode[i] = '\0'; } tstart = time(NULL); ip_id = ProtId("ip"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); } ipv6_id = ProtId("ipv6"); if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); } /* pei id */ rtp_id = ProtId("rtp"); if (rtp_id != -1) { pei_rtp_from = ProtPeiComptId(rtp_id, "from"); pei_rtp_to = ProtPeiComptId(rtp_id, "to"); pei_rtp_audio_from = ProtPeiComptId(rtp_id, "audio_from"); pei_rtp_audio_to = ProtPeiComptId(rtp_id, "audio_to"); pei_rtp_audio_mix = ProtPeiComptId(rtp_id, "audio_mix"); pei_rtp_duration = ProtPeiComptId(rtp_id, "duration"); } /* directory for repository */ mkdir(xdecode, 0x01FF); return 0; }
int DissectInit(void) { char tmp_dir[256]; unsigned short i; NDPI_PROTOCOL_BITMASK all; /* part of file name */ incr = 0; incr_dig = 0; /* info id */ ppp_id = ProtId("ppp"); eth_id = ProtId("eth"); ip_id = ProtId("ip"); ipv6_id = ProtId("ipv6"); tcp_id = ProtId("tcp"); if (ip_id != -1) { ip_dst_id = ProtAttrId(ip_id, "ip.dst"); ip_src_id = ProtAttrId(ip_id, "ip.src"); ip_offset_id = ProtAttrId(ip_id, "ip.offset"); } if (ipv6_id != -1) { ipv6_dst_id = ProtAttrId(ipv6_id, "ipv6.dst"); ipv6_src_id = ProtAttrId(ipv6_id, "ipv6.src"); ipv6_offset_id = ProtAttrId(ipv6_id, "ipv6.offset"); } if (tcp_id != -1) { port_dst_id = ProtAttrId(tcp_id, "tcp.dstport"); port_src_id = ProtAttrId(tcp_id, "tcp.srcport"); lost_id = ProtAttrId(tcp_id, "tcp.lost"); } tcp_grb_id = ProtId("tcp-grb"); /* pei id */ pei_l7protocol_id = ProtPeiComptId(tcp_grb_id, "l7prot"); pei_txt_id = ProtPeiComptId(tcp_grb_id, "txt"); pei_size_id = ProtPeiComptId(tcp_grb_id, "size"); pei_file_id = ProtPeiComptId(tcp_grb_id, "file"); pei_file_type_id = ProtPeiComptId(tcp_grb_id, "ftype"); /* tmp directory */ sprintf(tmp_dir, "%s/%s", ProtTmpDir(), TCP_GRB_TMP_DIR); mkdir(tmp_dir, 0x01FF); /* init dig */ if (enable_dig) { for (i=0; i!=dig_type_dim; i++) { if (!dig_tbl[i].sreg && dig_tbl[i].starttxt != NULL) { dig_tbl[i].start = strdup(dig_tbl[i].starttxt); if (dig_tbl[i].start == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].slen = TcpGrbDigConvert(dig_tbl[i].start); } if (!dig_tbl[i].ereg && dig_tbl[i].endtxt != NULL) { dig_tbl[i].end = strdup(dig_tbl[i].endtxt); if (dig_tbl[i].end == NULL) { LogPrintf(LV_FATAL, "No memory!"); return -1; } dig_tbl[i].elen = TcpGrbDigConvert(dig_tbl[i].end); } //printf("File %s slen:%i elen: %i\n", dig_tbl[i].ename, dig_tbl[i].slen, dig_tbl[i].elen); } } /* ndpi */ pthread_mutex_init(&ndpi_mux, NULL); ndpi = ndpi_init_detection_module(NDPI_TICK_RES, nDPImalloc, nDPIfree, nDPIPrintf); if (ndpi == NULL) { LogPrintf(LV_ERROR, "nDPi initializzation failed"); return -1; } /* enable all protocols */ NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi, &all); ndpi_proto_size = ndpi_detection_get_sizeof_ndpi_id_struct(); ndpi_flow_struct_size = ndpi_detection_get_sizeof_ndpi_flow_struct(); return 0; }