static nmsg_res
ncap_get_dstip(nmsg_message_t m,
struct nmsg_msgmod_field *field,
unsigned val_idx,
void **data,
size_t *len,
void *msg_clos)
{
Nmsg__Isc__Ncap *ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m);
struct ncap_priv *p = msg_clos;
if (ncap == NULL || p == NULL)
return (nmsg_res_failure);
if (val_idx == 0) {
switch (ncap->type) {
case NMSG__ISC__NCAP_TYPE__IPV4:
case NMSG__ISC__NCAP_TYPE__IPV6:
*data = p->dstip.data;
if (len)
*len = p->dstip.len;
break;
case NMSG__ISC__NCAP_TYPE__Legacy:
if (ncap->has_dstip) {
*data = ncap->dstip.data;
if (len)
*len = ncap->dstip.len;
}
break;
}
return (nmsg_res_success);
}
return (nmsg_res_failure);
}
static void
process_msg(nmsg_message_t msg) {
Nmsg__Isc__Pkt *pkt;
int rc;
pkt = (Nmsg__Isc__Pkt *) nmsg_message_get_payload(msg);
assert(pkt != NULL);
assert(pkt->has_len_frame);
assert(pkt->payload.data != NULL);
assert(pkt->payload.len == pkt->len_frame);
memcpy(pkt->payload.data, eth_broadcast, 6);
rc = pcap_inject(pcap, pkt->payload.data, pkt->payload.len);
if (rc == -1) {
pcap_perror(pcap, argv_program);
exit(EXIT_FAILURE);
}
atomic_inc(&count_output);
}
static nmsg_res
ncap_get_dns(nmsg_message_t m,
struct nmsg_msgmod_field *field,
unsigned val_idx,
void **data,
size_t *len,
void *msg_clos)
{
Nmsg__Isc__Ncap *ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m);
struct ncap_priv *p = msg_clos;
if (ncap == NULL || p == NULL)
return (nmsg_res_failure);
if (val_idx != 0)
return (nmsg_res_failure);
if (p->srcport == 53 || p->srcport == 5353 ||
p->dstport == 53 || p->dstport == 5353)
{
switch (ncap->type) {
case NMSG__ISC__NCAP_TYPE__IPV4:
case NMSG__ISC__NCAP_TYPE__IPV6:
*data = (void *) p->dg.payload;
if (len)
*len = p->dg.len_payload;
return (nmsg_res_success);
break;
case NMSG__ISC__NCAP_TYPE__Legacy:
*data = (void *) ncap->payload.data;
if (len)
*len = ncap->payload.len;
return (nmsg_res_success);
break;
}
}
return (nmsg_res_failure);
}
static nmsg_res
ncap_msg_load(nmsg_message_t m, void **msg_clos) {
Nmsg__Isc__Ncap *ncap;
const struct nmsg_iphdr *ip;
const struct ip6_hdr *ip6;
const struct nmsg_udphdr *udp;
struct ncap_priv *p;
unsigned etype;
ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m);
if (ncap == NULL || ncap->payload.data == NULL || ncap->payload.len == 0)
return (nmsg_res_failure);
*msg_clos = p = calloc(1, sizeof(struct ncap_priv));
if (p == NULL)
return (nmsg_res_memfail);
/* source and destination IPs */
switch (ncap->type) {
case NMSG__ISC__NCAP_TYPE__IPV4:
etype = ETHERTYPE_IP;
nmsg_ipdg_parse(&p->dg, etype, ncap->payload.len, ncap->payload.data);
ip = (const struct nmsg_iphdr *) p->dg.network;
p->has_srcip = true;
p->has_dstip = true;
p->srcip.len = 4;
p->dstip.len = 4;
p->srcip.data = (uint8_t *) &ip->ip_src;
p->dstip.data = (uint8_t *) &ip->ip_dst;
p->proto = ip->ip_p;
break;
case NMSG__ISC__NCAP_TYPE__IPV6:
etype = ETHERTYPE_IPV6;
nmsg_ipdg_parse(&p->dg, etype, ncap->payload.len, ncap->payload.data);
ip6 = (const struct ip6_hdr *) p->dg.network;
p->has_srcip = true;
p->has_dstip = true;
p->srcip.len = 16;
p->dstip.len = 16;
p->srcip.data = (uint8_t *) &ip6->ip6_src;
p->dstip.data = (uint8_t *) &ip6->ip6_dst;
p->proto = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
break;
case NMSG__ISC__NCAP_TYPE__Legacy:
break;
}
/* source and destination ports */
switch (ncap->type) {
case NMSG__ISC__NCAP_TYPE__IPV4:
case NMSG__ISC__NCAP_TYPE__IPV6:
switch (p->dg.proto_transport) {
case IPPROTO_UDP:
udp = (const struct nmsg_udphdr *) p->dg.transport;
p->has_srcport = true;
p->has_dstport = true;
p->srcport = ntohs(udp->uh_sport);
p->dstport = ntohs(udp->uh_dport);
break;
}
break;
case NMSG__ISC__NCAP_TYPE__Legacy:
switch (ncap->ltype) {
case NMSG__ISC__NCAP_LEGACY_TYPE__UDP:
case NMSG__ISC__NCAP_LEGACY_TYPE__TCP:
if (ncap->has_lint0) {
p->has_srcport = true;
p->srcport = ncap->lint0;
}
if (ncap->has_lint1) {
p->has_dstport = true;
p->dstport = ncap->lint1;
}
case NMSG__ISC__NCAP_LEGACY_TYPE__ICMP:
break;
}
switch (ncap->ltype) {
case NMSG__ISC__NCAP_LEGACY_TYPE__UDP:
p->proto = IPPROTO_UDP;
break;
case NMSG__ISC__NCAP_LEGACY_TYPE__TCP:
p->proto = IPPROTO_TCP;
break;
case NMSG__ISC__NCAP_LEGACY_TYPE__ICMP:
p->proto = IPPROTO_ICMP;
break;
}
break;
}
return (nmsg_res_success);
}
void *ptr __attribute__((unused)),
nmsg_strbuf_t sb,
const char *endline)
{
Nmsg__Isc__Ncap *ncap;
char dstip[INET6_ADDRSTRLEN];
char srcip[INET6_ADDRSTRLEN];
const char *err_str = "unknown";
const struct nmsg_iphdr *ip;
const struct ip6_hdr *ip6;
const struct nmsg_udphdr *udp;
nmsg_res res;
struct nmsg_ipdg dg;
unsigned etype;
ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(msg);
if (ncap == NULL || ncap->payload.data == NULL || ncap->payload.len == 0) {
res = nmsg_strbuf_append(sb, "payload: <DECODING ERROR>%s", endline);
return (res);
}
dstip[0] = '\0';
srcip[0] = '\0';
res = nmsg_strbuf_append(sb, "payload:%s", endline);
if (res != nmsg_res_success)
return (res);
/* parse header fields */
switch (ncap->type) {
case NMSG__ISC__NCAP_TYPE__IPV4:
