void AnonymizerCfg::initInstance(CfgBase* c, AnonModule* module, XMLNode::XMLSet<XMLElement*> set) { for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("anonField")) { InfoElementCfg* cfg = NULL; std::string method; std::string method_parameter; XMLNode::XMLSet<XMLElement*> set = e->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator jt = set.begin(); jt != set.end(); ++jt) { XMLElement* e = *jt; if (e->matches("anonIE")) { if(cfg) { THROWEXCEPTION("Only on anonIE tag per anonField tag allowed"); } cfg = new InfoElementCfg(*jt); } else if (e->matches("anonMethod")) { method = c->get("anonMethod", e); } else if (e->matches("anonParam")) { method_parameter = c->get("anonParam", e); } else { msg(MSG_ERROR, "Unknown field in anonField"); continue; } } if (!cfg) { msg(MSG_FATAL, "Missing information element in anonField"); THROWEXCEPTION("Missing information element in anonField"); } if (method.empty()) { msg(MSG_FATAL, "Missing anonymization method in anonField"); THROWEXCEPTION("Missing anonymization method in anonField"); } if (cfg->getIeLength()==0) THROWEXCEPTION("Information element specified in anonField, but length==0"); module->addAnonymization(cfg->getIeId(), cfg->getIeLength(), AnonMethod::stringToMethod(method), method_parameter); const ipfix_identifier* id = ipfix_id_lookup(cfg->getIeId()); msg(MSG_INFO, "Added anonymization %s for field %i (%s) with length %i", method.c_str(), cfg->getIeId(), id->name, cfg->getIeLength()); delete cfg; } else if (e->matches("next") || e->matches("copyMode")) { // ignore next and copyMode (see createInstance) } else { msg(MSG_FATAL, "Unkown anonymization field %s\n", e->getName().c_str()); continue; } } }
IpfixDbWriterOracleCfg::IpfixDbWriterOracleCfg(XMLElement* elem) : CfgHelper<IpfixDbWriterOracle, IpfixDbWriterOracleCfg>(elem, "ipfixDbWriterOracle"), port(0), bufferRecords(30), observationDomainId(0) { msg(MSG_DEBUG, "Starting configuration for Oracle connection"); if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("host")) { hostname = e->getFirstText(); } else if (e->matches("port")) { port = getInt("port"); } else if (e->matches("dbname")) { dbname = e->getFirstText(); } else if (e->matches("username")) { user = e->getFirstText(); } else if (e->matches("password")) { password = e->getFirstText(); } else if (e->matches("bufferrecords")) { bufferRecords = getInt("bufferrecords"); } else if (e->matches("columns")) { readColumns(e); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixDbWriterOracle config statement %s\n", e->getName().c_str()); continue; } } if (hostname=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: host not set in configuration!"); if (port==0) THROWEXCEPTION("IpfixDbWriterOracleCfg: port not set in configuration!"); if (dbname=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: dbname not set in configuration!"); if (user=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: username not set in configuration!"); if (password=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: password not set in configuration!"); }
BaseTCPDosDetect* AggregatorBaseCfg::readDos(XMLElement* elem) { BaseTCPDosDetect* temp = NULL; int module; int dosTemplateId; int minimumRate; int clusterTimeout; std::map<uint32_t,uint32_t> subnets; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();it!=set.end();it++) { XMLElement* e = *it; if (e->matches("module")) { module = getInt("module",-1,e); } else if (e->matches("dosTemplateId")) { dosTemplateId = getInt("dosTemplateId",-1,e); } else if (e->matches("internal")) { string ipstring = e->getFirstText(); uint32_t ip = 0; uint32_t subnet = inet_addr("255.255.255.255"); int last_pos = ipstring.find("/"); if (last_pos) { string tempstr = ipstring.substr(0,last_pos); ip = ntohl(inet_addr(tempstr.c_str())); tempstr = ipstring.substr(last_pos+1,ipstring.length()); subnet >>= (32-atoi(tempstr.c_str())); subnet <<= (32-atoi(tempstr.c_str())); } subnets[ip] = subnet; } else if (e->matches("minimumRate")) {
SensorManagerCfg::SensorManagerCfg(XMLElement* elem) : CfgHelper<SensorManager, SensorManagerCfg>(elem, "sensorManager", false), checkInterval(SM_DEFAULT_CHECK_INTERVAL), sensorOutput(SM_DEFAULT_OUTPUT_FNAME), append(SM_DEFAULT_APPEND) { if (!elem) return; // needed because of table inside ConfigManager XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("checkinterval")) { checkInterval = strtol(e->getFirstText().c_str(), NULL, 10); if (checkInterval == 0) { THROWEXCEPTION("invalid check interval specified: '%s'", e->getFirstText().c_str()); } } else if (e->matches("outputfile")) { sensorOutput = e->getFirstText().c_str(); if (sensorOutput.size() == 0) { THROWEXCEPTION("invalid sensor output file specified: '%s'", e->getFirstText().c_str()); } } else if (e->matches("append")) { append = getInt("append")>0; } else { msg(MSG_FATAL, "Unknown sensor manager config statement: %s", e->getName().c_str()); } } }
IpfixFileWriterCfg::IpfixFileWriterCfg(XMLElement* elem) : CfgHelper<IpfixFileWriter, IpfixFileWriterCfg>(elem, "ipfixFileWriter"), destinationPath("./"), filenamePrefix("ipfix.dump"), maximumFilesize(DEFAULTFILESIZE), observationDomainId(0) { if (!elem) return; // needed because of table inside ConfigManager XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("maximumFilesize")) { maximumFilesize = getInt("maximumFilesize"); }else if (e->matches("destinationPath")){ destinationPath = e->getFirstText(); }else if (e->matches("filenamePrefix")){ filenamePrefix = e->getFirstText(); } else if (e->matches("observationDomainId")) { observationDomainId = getInt("observationDomainId"); } else { msg(MSG_FATAL, "Unknown ipfixFileWriter config statement %s\n", e->getName().c_str()); continue; } } }
PacketIDMEFReporterCfg::PacketIDMEFReporterCfg(XMLElement* elem) : CfgHelper<PacketIDMEFReporter, PacketIDMEFReporterCfg>(elem, "packetIDMEFReporter"), snapshotOffset(0), snapshotLength(0) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("snapshotoffset")) { snapshotOffset = getInt("snapshotoffset"); } else if (e->matches("snapshotlength")) { snapshotLength = getInt("snapshotlength"); } else if (e->matches("analyzerid")) { analyzerId = e->getFirstText(); } else if (e->matches("idmeftemplate")) { idmefTemplate = e->getFirstText(); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown PacketIDMEFReporter config statement %s\n", e->getName().c_str()); continue; } } if (analyzerId=="") THROWEXCEPTION("PacketIDMEFReporterCfg: analyzerid not set in configuration!"); if (idmefTemplate=="") THROWEXCEPTION("PacketIDMEFReporterCfg: idmeftemplate not set in configuration!"); }
PCAPExporterCfg::PCAPExporterCfg(XMLElement* elem) : CfgHelper<PCAPExporterModule, PCAPExporterCfg>(elem, "pcapExporter"), link_type(DLT_EN10MB) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("filename")) { fileName = e->getFirstText(); } else if (e->matches("linkType")) { int tmp = pcap_datalink_name_to_val(e->getFirstText().c_str()); if (tmp == -1) { msg(MSG_ERROR, "Found illegal link type"); } else { link_type = tmp; } } else if (e->matches("snaplen")) { snaplen = getInt("snaplen", PCAP_MAX_CAPTURE_LENGTH, e); } } }
IpfixDbReaderCfg::IpfixDbReaderCfg(XMLElement* elem) : CfgHelper<IpfixDbReader, IpfixDbReaderCfg>(elem, "ipfixDbReader"), port(0) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("host")) { hostname = e->getFirstText(); } else if (e->matches("port")) { port = getInt("port"); } else if (e->matches("dbname")) { dbname = e->getFirstText(); } else if (e->matches("username")) { user = e->getFirstText(); } else if (e->matches("password")) { password = e->getFirstText(); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixDbReader config statement %s\n", e->getName().c_str()); continue; } } if (hostname=="") THROWEXCEPTION("IpfixDbReaderCfg: host not set in configuration!"); if (port==0) THROWEXCEPTION("IpfixDbReaderCfg: port not set in configuration!"); if (dbname=="") THROWEXCEPTION("IpfixDbReaderCfg: dbname not set in configuration!"); if (user=="") THROWEXCEPTION("IpfixDbReaderCfg: username not set in configuration!"); if (password=="") THROWEXCEPTION("IpfixDbReaderCfg: password not set in configuration!"); }
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem) : CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"), listener(NULL), ipfixCollector(NULL) { if (!elem) return; msg(MSG_INFO, "IpfixCollectorCfg: Start reading ipfixCollector section"); udpTemplateLifetime = getInt("udpTemplateLifetime", -1); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("listener")) { listener = new CollectorCfg(e); } else if (e->matches("udpTemplateLifetime")) { // already done } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unkown observer config statement %s\n", e->getName().c_str()); continue; } } if (listener == NULL) THROWEXCEPTION("collectingProcess has to listen on one address!"); msg(MSG_INFO, "IpfixCollectorCfg: Successfully parsed collectingProcess section"); }
PacketFilterCfg::PacketFilterCfg(XMLElement* elem) : CfgHelper<FilterModule, PacketFilterCfg>(elem, "filter") { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { Cfg* c; XMLElement* e = *it; if (e->matches("countBased")) { msg(MSG_INFO, "Filter: Creating count based sampler"); c = new PacketCountFilterCfg(e); } else if (e->matches("stringBased")) { msg(MSG_INFO, "Filter: Creating string based sampler"); c = new PacketStringFilterCfg(e); } else if (e->matches("regexBased")) { msg(MSG_INFO, "Filter: Creating regex based sampler"); c = new PacketRegexFilterCfg(e); } else if (e->matches("timeBased")) { msg(MSG_INFO, "Filter: Creating time based sampler"); c = new PacketTimeFilterCfg(e); } else if (e->matches("next")) { // ignore next continue; } else { msg(MSG_FATAL, "Unkown packet filter %s\n", e->getName().c_str()); continue; } subCfgs.push_back(c); } }
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem) : CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"), listener(NULL), ipfixCollector(NULL) { if (!elem) return; msg(MSG_INFO, "IpfixCollectorCfg: Start reading ipfixCollector section"); udpTemplateLifetime = getInt("udpTemplateLifetime", -1); // Config for DTLS certificateChainFile = getOptional("cert"); privateKeyFile = getOptional("key"); caFile = getOptional("CAfile"); caPath = getOptional("CApath"); // observationDomainId = getInt("observationDomainId", 0); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("listener")) { if (listener) THROWEXCEPTION("listener already set. There can only be one <listener> Element per Collector."); listener = new CollectorCfg(e); if (listener->getMtu() != 0) { delete listener; THROWEXCEPTION("You can not set the MTU for a listener."); } } else if (e->matches("udpTemplateLifetime")) { // already done } else if (e->matches("next")) { // ignore next } else if (e->matches("cert") || e->matches("key") || e->matches("CAfile") || e->matches("CApath")) { // already done! } else { msg(MSG_FATAL, "Unkown collector config statement %s", e->getName().c_str()); continue; } } if (listener == NULL) THROWEXCEPTION("collectingProcess has to listen on one address!"); if (listener->getProtocol() != UDP && listener->getProtocol() != SCTP && listener->getProtocol() != DTLS_OVER_UDP && listener->getProtocol() != DTLS_OVER_SCTP) THROWEXCEPTION("collectingProcess can handle only UDP or SCTP!"); msg(MSG_INFO, "IpfixCollectorCfg: Successfully parsed collectingProcess section"); }
bool PacketStringFilterCfg::deriveFrom(PacketStringFilterCfg* old) { XMLNode::XMLSet<XMLElement*> newStatements = this->_elem->getElementChildren(); XMLNode::XMLSet<XMLElement*> oldStatements = old->_elem->getElementChildren(); if (newStatements.size() != oldStatements.size()) return false; XMLNode::XMLSet<XMLElement*>::iterator itNew = newStatements.begin(); XMLNode::XMLSet<XMLElement*>::iterator itOld = oldStatements.begin(); for (; itNew != newStatements.end() && itOld != oldStatements.end(); itOld++ , itNew++) { XMLElement* oldE = *itOld; XMLElement* newE = *itNew; if (oldE->getFirstText() != newE->getFirstText()) return false; } return true; }
PacketReportingCfg::PacketReportingCfg(XMLElement* elem) : CfgBase(elem), recordVLFields(0), recordLength(0), templateId(0), t(NULL) { assert(elem); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { if ((*it)->getName()=="templateId") { templateId = getInt("templateId", 0, elem); } else { exportedFields.push_back(new InfoElementCfg(*it)); } } }
IpfixPayloadWriterCfg::IpfixPayloadWriterCfg(XMLElement* elem) : CfgHelper<IpfixPayloadWriter, IpfixPayloadWriterCfg>(elem, "ipfixPayloadWriter"), noConnections(0), ignoreEmptyPayload(false), ignoreIncompleteTCP(false), startIdx(0) { if (!elem) return; bool noconnseen = false; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("destPath")) { path = e->getFirstText(); } else if (e->matches("filenamePrefix")) { filenamePrefix = e->getFirstText(); } else if (e->matches("connNumber")) { noConnections = getInt("connNumber"); noconnseen = true; } else if (e->matches("ignoreEmptyPayload")) { ignoreEmptyPayload = getBool("ignoreEmptyPayload"); } else if (e->matches("ignoreIncompleteTCP")) { ignoreIncompleteTCP = getInt("ignoreIncompleteTCP"); } else if (e->matches("ignoreIncompleteTCP")) { ignoreIncompleteTCP = getInt("ignoreIncompleteTCP"); } else if (e->matches("startIndex")) { startIdx = getInt64("startIndex"); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixPayloadWriter config statement %s\n", e->getName().c_str()); continue; } } if (path=="") THROWEXCEPTION("IpfixPayloadWriterCfg: destPath not set in configuration!"); if (filenamePrefix=="") THROWEXCEPTION("IpfixPayloadWriterCfg: filenamePrefix not set in configuration!"); if (!noconnseen) THROWEXCEPTION("IpfixPayloadWriterCfg: connNumber not set in configuration!"); struct stat s; if (stat(path.c_str(), &s) != 0) THROWEXCEPTION("IpfixPayloadWriterCfg: failed to access destination path '%s', error: %s", path.c_str(), strerror(errno)); }
PSAMPExporterCfg::PSAMPExporterCfg(XMLElement* elem) : CfgHelper<PSAMPExporterModule, PSAMPExporterCfg>(elem, "psampExporter"), templateRefreshTime(0), /* templateRefreshRate(0), */ maxPacketSize(0), exportDelay(0), reporting(NULL) { if (!elem) return; observationDomainId = getInt("observationDomainId", 0); // determine captureLen // FIXME: undocumented parameter, this value should come from observer int captureLen = getInt("captureLen", PCAP_DEFAULT_CAPTURE_LENGTH); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("ipfixPacketRestrictions")) { maxPacketSize = (uint16_t)getInt("maxPacketSize", 0, e); exportDelay = getTimeInUnit("maxExportDelay", mSEC, 0, e); } else if (e->matches("udpTemplateManagement")) { // use 0 as default values for both if the config entry isn't found templateRefreshTime = getTimeInUnit("templateRefreshTimeout", SEC, IS_DEFAULT_TEMPLATE_TIMEINTERVAL, e); /* templateRefreshRate = getInt("templateRefreshRate", IS_DEFAULT_TEMPLATE_RECORDINTERVAL, e); */ /* TODO */ } else if (e->matches("collector")) { collectors.push_back(new CollectorCfg(e)); } else if (e->matches("packetReporting")) { reporting = new PacketReportingCfg(e); } else if (e->matches("captureLen") || e->matches("observationDomainId")) { // ignore it, already handled } else { THROWEXCEPTION("Illegal PSAMPExporter config entry \"%s\"found", e->getName().c_str()); } } if (reporting == NULL) THROWEXCEPTION("No packetReporting found in psampExporter config"); // rough estimation of the maximum record length including variable length fields recordLength = reporting->getRecordLength() + reporting->getRecordsVariableLen() * captureLen; }
void IpfixDbWriterOracleCfg::readColumns(XMLElement* elem) { colNames.clear(); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("name")) { colNames.push_back(e->getFirstText()); msg(MSG_DEBUG, "Row: %s", e->getFirstText().c_str()); } else { msg(MSG_FATAL, "Unknown IpfixDbWriterOracle config statement %s\n", e->getName().c_str()); continue; } } }
void IpfixDbWriterMongoCfg::readProperties(XMLElement* elem) { properties.clear(); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("name") && !allProperties) { properties.push_back(e->getFirstText()); } else if (e->matches("all")) { properties.clear(); allProperties = true; } else { msg(MSG_FATAL, "Unknown IpfixDbWriterMongo config statement %s\n", e->getName().c_str()); continue; } } }
IpfixDbWriterMongoCfg::IpfixDbWriterMongoCfg(XMLElement* elem) : CfgHelper<IpfixDbWriterMongo, IpfixDbWriterMongoCfg>(elem, "ipfixDbWriterMongo"), port(27017), bufferObjects(30), observationDomainId(0) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); beautifyProperties = false; allProperties = false; for ( XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("host")) { hostname = e->getFirstText(); } else if (e->matches("port")) { port = getInt("port"); } else if (e->matches("database")) { database = e->getFirstText(); } else if (e->matches("username")) { user = e->getFirstText(); } else if (e->matches("password")) { password = e->getFirstText(); } else if (e->matches("bufferobjects")) { bufferObjects = getInt("bufferobjects"); } else if (e->matches("properties")) { readProperties(e); } else if (e->matches("observationDomainId")) { observationDomainId = getInt("observationDomainId"); } else if (e->matches("beautifyProperties")) { beautifyProperties = true; } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixDbWriterMongo config statement %s\n", e->getName().c_str()); continue; } } if (hostname=="") THROWEXCEPTION("IpfixDbWriterMongoCfg: host not set in configuration!"); if (database=="") THROWEXCEPTION("IpfixDbWriterMongoCfg: dbname not set in configuration!"); }
IpfixSamplerCfg::IpfixSamplerCfg(XMLElement* elem) : CfgHelper<IpfixSampler, IpfixSamplerCfg>(elem, "ipfixSampler"), flowRate(1) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("flowrate")) { flowRate = getDouble("flowrate"); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixSampler config statement %s\n", e->getName().c_str()); continue; } } }
ObserverCfg::ObserverCfg(XMLElement* elem) : CfgHelper<Observer, ObserverCfg>(elem, "observer"), interface(), pcap_filter(), capture_len(PCAP_DEFAULT_CAPTURE_LENGTH), offline(false), replaceOfflineTimestamps(false), offlineAutoExit(true), offlineSpeed(1.0) { if (!elem) return; // needed because of table inside ConfigManager XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("interface")) { interface = e->getFirstText(); } else if (e->matches("pcap_filter")) { pcap_filter = e->getFirstText(); } else if (e->matches("filename")) { interface = e->getFirstText(); offline = true; } else if (e->matches("replaceTimestamps")) { replaceOfflineTimestamps = getBool("replaceTimestamps", replaceOfflineTimestamps); } else if (e->matches("offlineSpeed")) { offlineSpeed = getDouble("offlineSpeed"); } else if (e->matches("offlineAutoExit")) { offlineAutoExit = getBool("offlineAutoExit", offlineAutoExit); } else if (e->matches("captureLength")) { capture_len = getInt("captureLength"); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown observer config statement %s\n", e->getName().c_str()); continue; } } }
TRWPortscanDetectorCfg::TRWPortscanDetectorCfg(XMLElement* elem) : CfgHelper<TRWPortscanDetector, TRWPortscanDetectorCfg>(elem, "trwPortscanDetector"), hashBits(20), timeExpirePending(60*60*24), timeExpireScanner(60*30), timeExpireBenign(60*30), timeCleanupInterval(10) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("hashbits")) { hashBits = getInt("hashbits"); } else if (e->matches("timeexpirepending")) { timeExpirePending = getInt("timeexpirepending"); } else if (e->matches("timeexpirescanner")) { timeExpireScanner = getInt("timeexpirescanner"); } else if (e->matches("timeexpirebenign")) { timeExpireBenign = getInt("timeexpirebenign"); } else if (e->matches("timecleanupinterval")) { timeCleanupInterval = getInt("timecleanupinterval"); } else if (e->matches("analyzerid")) { analyzerId = e->getFirstText(); } else if (e->matches("idmeftemplate")) { idmefTemplate = e->getFirstText(); } else if (e->matches("next")) { // ignore next } else { msg(LOG_CRIT, "Unknown TRWPortscanDetector config statement %s\n", e->getName().c_str()); continue; } } if (analyzerId=="") THROWEXCEPTION("TRWPortscanDetectorCfg: analyzerid not set in configuration!"); if (idmefTemplate=="") THROWEXCEPTION("TRWPortscanDetectorCfg: idmeftemplate not set in configuration!"); }
FrontPayloadSigMatcherCfg::FrontPayloadSigMatcherCfg(XMLElement* elem) : CfgHelper<FrontPayloadSigMatcher, FrontPayloadSigMatcherCfg>(elem, "frontPayloadSigMatcher") { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("signaturedir")) { signatureDir = e->getFirstText(); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown FrontPayloadSigMatcher config statement %s\n", e->getName().c_str()); continue; } } if (signatureDir=="") THROWEXCEPTION("FrontPayloadSigMatcher: did not find required configuration parameter signaturedir"); }
IpfixExporterCfg::IpfixExporterCfg(XMLElement* elem) : CfgHelper<IpfixSender, IpfixExporterCfg>(elem, "ipfixExporter"), templateRefreshTime(IS_DEFAULT_TEMPLATE_TIMEINTERVAL), templateRefreshRate(0), sctpDataLifetime(0), sctpReconnectInterval(0), maxPacketSize(0), exportDelay(0), recordRateLimit(0), observationDomainId(0) { if (!elem) { return; } recordRateLimit = getInt("maxRecordRate", IS_DEFAULT_MAXRECORDRATE); observationDomainId = getInt("observationDomainId", 0); msg(MSG_INFO, "Exporter: using maximum rate of %d records/second", recordRateLimit); sctpDataLifetime = getTimeInUnit("sctpDataLifetime", mSEC, IS_DEFAULT_SCTP_DATALIFETIME); sctpReconnectInterval = getTimeInUnit("sctpReconnectInterval", SEC, IS_DEFAULT_SCTP_RECONNECTINTERVAL); templateRefreshRate = getInt("templateRefreshRate", IS_DEFAULT_TEMPLATE_RECORDINTERVAL); templateRefreshTime = getTimeInUnit("templateRefreshInterval", SEC, IS_DEFAULT_TEMPLATE_TIMEINTERVAL); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("collector")) { collectors.push_back(new CollectorCfg(e)); } else if (e->matches("maxRecordRate") || e->matches("sctpDataLifetime") || e->matches("sctpReconnectInterval") || e->matches("templateRefreshRate")|| e->matches("templateRefreshInterval") || e->matches("observationDomainId")) { // already done! } else { THROWEXCEPTION("Illegal Exporter config entry \"%s\" found", e->getName().c_str()); } } }
void IpfixDbReaderCommonCfg::readConfigSection(XMLElement* elem) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("host")) { hostname = e->getFirstText(); } else if (e->matches("port")) { port = getInt("port"); } else if (e->matches("dbname")) { dbname = e->getFirstText(); } else if (e->matches("username")) { user = e->getFirstText(); } else if (e->matches("password")) { password = e->getFirstText(); } else if (e->matches("timeshift")) { timeshift = getBool("timeshift", timeshift); } else if (e->matches("fullspeed")) { fullspeed = getBool("fullspeed", fullspeed); } else if (e->matches("observationDomainId")) { observationDomainId = getInt("observationDomainId"); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unknown IpfixDbReader config statement %s\n", e->getName().c_str()); continue; } } if (hostname=="") THROWEXCEPTION("IpfixDbReaderCfg: host not set in configuration!"); if (port==0) THROWEXCEPTION("IpfixDbReaderCfg: port not set in configuration!"); if (dbname=="") THROWEXCEPTION("IpfixDbReaderCfg: dbname not set in configuration!"); if (user=="") THROWEXCEPTION("IpfixDbReaderCfg: username not set in configuration!"); if (password=="") THROWEXCEPTION("IpfixDbReaderCfg: password not set in configuration!"); }
Module* PacketStringFilterCfg::getInstance() { if (!instance) instance = new StringFilter(); XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("is")) { instance->addandFilter(getRealValue(e)); } else if (e->matches("isnot")) { instance->addnotFilter(getRealValue(e)); } else { msg(MSG_FATAL, "Unkown string packet filter config %s\n", e->getName().c_str()); continue; } } return (Module*)instance; }
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem) : CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"), listener(NULL), ipfixCollector(NULL), observationDomainId(0) { if (!elem) return; msg(MSG_INFO, "CollectorConfiguration: Start reading packetReporting section"); XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("listener")) { listener = new CollectorCfg(e); } else if (e->matches("udpTemplateLifetime")) { msg(MSG_DEBUG, "Don't know how to handle udpTemplateLifetime! Ignored."); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unkown observer config statement %s\n", e->getName().c_str()); continue; } } observationDomainId = getInt("observationDomainId", 0); if (listener == NULL) THROWEXCEPTION("collectingProcess has to listen on one address!"); if (listener->getProtocolType() != UDP && listener->getProtocolType() != SCTP) THROWEXCEPTION("collectingProcess can handle only UDP or SCTP!"); msg(MSG_INFO, "CollectorConfiguration: Successfully parsed collectingProcess section"); }
unsigned int CfgBase::getTimeInUnit(const std::string& name, timeUnit unit, uint32_t def, XMLElement* elem) { unsigned int time; if (!elem) elem = _elem; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); XMLNode::XMLSet<XMLElement*>::const_iterator it = set.begin(); for (; it != set.end(); it++) { XMLElement* e = *it; try { if (e->getName() != name) continue; } catch (IllegalEntry ie) { } time = atoi(e->getFirstText().c_str()); XMLAttribute* a = e->getAttribute("unit"); if (!a) continue; if (a->getValue() == "sec") return time*unit/SEC; else if (a->getValue() == "msec") return time*unit/mSEC; else if (a->getValue() == "usec") return time*unit/uSEC; else THROWEXCEPTION("Unkown time unit '%s'", a->getValue().c_str()); } // we didn't find the element, return default return def; }
AggregatorBaseCfg::AggregatorBaseCfg(XMLElement* elem) : CfgBase(elem), pollInterval(0) { if (!elem) return; rules = new Rules; htableBits = HT_DEFAULT_BITSIZE; baseTCP = NULL; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("rule")) { Rule* r = readRule(e); if (r) rules->rule[rules->count++] = r; } else if (e->matches("DosDefense")) { baseTCP = readDos(e); } else if (e->matches("expiration")) { // get the time values or set them to '0' if they are not specified maxBufferTime = getTimeInUnit("activeTimeout", SEC, 0, e); minBufferTime = getTimeInUnit("inactiveTimeout", SEC, 0, e); if (!maxBufferTime) THROWEXCEPTION("active timeout not set in configuration for aggregator"); if (!minBufferTime) THROWEXCEPTION("inactive timeout not set in configuration for aggregator"); } else if (e->matches("pollInterval")) { pollInterval = getTimeInUnit("pollInterval", mSEC, AGG_DEFAULT_POLLING_TIME); } else if (e->matches("hashtableBits")) { htableBits = getInt("hashtableBits", HT_DEFAULT_BITSIZE); } else if (e->matches("next")) { // ignore next } else { msg(MSG_FATAL, "Unkown Aggregator config entry %s\n", e->getName().c_str()); } } }
IDSLoadbalancerCfg::IDSLoadbalancerCfg(XMLElement* elem) : CfgHelper<IDSLoadbalancer, IDSLoadbalancerCfg>(elem, "IDSLoadbalancer"), selector(NULL), updateInterval(0) { if (!elem) return; XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("updateinterval")) { updateInterval = getInt("updateinterval", 0, e); } else if (e->matches("PacketSelector")) { XMLAttribute *a = e->getAttribute("type"); if (!a) THROWEXCEPTION("no PacketSelector specified"); string _selector = a->getValue(); if (_selector == "HashPacketSelector") { if (!selector) { selector = new HashPacketSelector(); } else THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed."); } else if (_selector == "IpPacketSelector") { msg(MSG_DEBUG, "IpPacketSelector"); XMLNode::XMLSet<XMLElement*> set = e->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("DestinationIp")){ XMLAttribute *a = e->getAttribute("queueno"); if (!a) THROWEXCEPTION("No queue number specified"); int queueno = 0; std::string tmp = a->getValue(); try { queueno = boost::lexical_cast<int>(tmp); }catch (boost::bad_lexical_cast &){ THROWEXCEPTION("bad value for queue number: %s", tmp.c_str()); } std::string ip = e->getFirstText(); dst[parseIp(ip)] = queueno; }else if (e->matches("SourceIp")){ XMLElement* e = *it; XMLAttribute *a = e->getAttribute("queueno"); if (!a) THROWEXCEPTION("No queue number specified"); int queueno = 0; std::string tmp = a->getValue(); try { queueno = boost::lexical_cast<int>(tmp); }catch (boost::bad_lexical_cast &){ THROWEXCEPTION("bad value for queue number: %s", tmp.c_str()); } std::string ip = e->getFirstText(); src[parseIp(ip)] = queueno; } } if (!selector) { selector = new IpPacketSelector(); if (src.empty() && dst.empty()) THROWEXCEPTION("IDSLoadBalancerCfg: packet selector IpPacketSelector was defined, but no source or destination IPs!"); } else THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed."); } else if (_selector == "PriorityPacketSelector") { float startprio = getDouble("startPriority", 1.0, e); uint32_t minmontime = getInt("minimumMonitoringTime", 10000, e); uint32_t maxspeed = getInt("maxSpeed", 0, e); list<PriorityNetConfig> config; list<WeightModifierConfig> weightmods; XMLNode::XMLSet<XMLElement*> set = e->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) { XMLElement* e = *it; if (e->matches("networks")) { XMLNode::XMLSet<XMLElement*> netset = e->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator nit = netset.begin(); nit != netset.end(); nit++) { XMLElement* e = *nit; if (e->matches("network")) { XMLAttribute* a = e->getAttribute("address"); if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'address' in configuration element 'network'!"); string cidr = a->getFirstText(); size_t pos = cidr.find("/"); string ip = cidr.substr(0, pos); string sbits = cidr.substr(pos+1); int maskbits = atoi(sbits.c_str()); if (maskbits<0 || maskbits>32) THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'address' has invalid number of mask bits in configuration (%s)!", sbits.c_str()); in_addr_t ipaddr = inet_addr(ip.c_str()); if (ipaddr==(in_addr_t)-1) THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'address' has invalid ip subnet in configuration (%s)!", ip.c_str()); a = e->getAttribute("weight"); if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'weight' in configuration element 'network'!"); char* res; float weight = strtof(a->getFirstText().c_str(), &res); if (weight<=0 || res==a->getFirstText().c_str()) THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'weight' in configuration element 'network' contains invalid value (%s)!", a->getFirstText().c_str()); config.push_back(PriorityNetConfig(ntohl((uint32_t)ipaddr), ((1<<(32-maskbits))-1)^0xFFFFFFFF, maskbits, weight)); } } } if (e->matches("weightModifiers")) { XMLNode::XMLSet<XMLElement*> netset = e->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::iterator nit = netset.begin(); nit != netset.end(); nit++) { XMLElement* e = *nit; if (e->matches("traffic")) { XMLAttribute* a = e->getAttribute("quantile"); if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'quantile' in configuration element 'traffic'!"); char* res; float quantile = strtof(a->getFirstText().c_str(), &res); if (quantile<=0 || quantile>1 || res==a->getFirstText().c_str()) THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'quantile' is not in expected range (0<x<=1): %s", a->getFirstText().c_str()); a = e->getAttribute("weightModifier"); if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'weightModifier' in configuration element 'traffic'!"); float weightmod = strtof(a->getFirstText().c_str(), &res); if (weightmod<=0 || res==a->getFirstText().c_str()) THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'weightModifier' is not in expected range (0<x): %s", a->getFirstText().c_str()); weightmods.push_back(WeightModifierConfig(quantile, weightmod)); } } } } if (!selector) { struct timeval tv; tv.tv_sec = minmontime/1000; tv.tv_usec = (minmontime%1000)*1000; // sort the network configuration by decreasing maskbits config.sort(compareDecrMask); selector = new PriorityPacketSelector(config, startprio, tv, maxspeed, weightmods); } else THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed."); } else { THROWEXCEPTION("Invalid selector: %s", _selector.c_str()); } } } if (!selector) THROWEXCEPTION("IDSLoadBalancerCfg: No packet selector specified, this is compulsory"); }
/** * parses configuration and adjusts/creates module graph accordingly * afterwards all modules are started */ void ConfigManager::parseConfig(std::string fileName) { lockGraph(); Graph* oldGraph = graph; graph = new Graph(); old_document = document; document = XMLDocument::parse_file(fileName); XMLElement* root = document->getRootNode(); // consistency checks if (!root) { unlockGraph(); THROWEXCEPTION("%s is an empty XML-Document!", fileName.c_str()); } if (!root->matches("ipfixConfig")) { unlockGraph(); THROWEXCEPTION("Root element does not match \"ipfixConfig\"." " This is not a valid configuration file!"); } /* process each root element node and add a new node (with its config * attached to the node) to the graph */ XMLNode::XMLSet<XMLElement*> rootElements = root->getElementChildren(); for (XMLNode::XMLSet<XMLElement*>::const_iterator it = rootElements.begin(); it != rootElements.end(); it++) { bool found = false; for (unsigned int i = 0; i < ARRAY_SIZE(configModules); i++) { if ((*it)->getName() == configModules[i]->getName()) { Cfg* cfg = configModules[i]->create(*it); // handle special modules SensorManagerCfg* smcfg = dynamic_cast<SensorManagerCfg*>(cfg); if (smcfg) { // SensorManager will not be connected to any modules, so its instance // needs to be started manually smcfg->setGraphIS(this); sensorManager = smcfg->getInstance(); } graph->addNode(cfg); found = true; } } if (!found) { msg(MSG_ERROR, "Unknown cfg entry %s found", (*it)->getName().c_str()); } } if (!oldGraph) { // this is the first config we have read Connector connector; graph->accept(&connector); } else { // first, connect the nodes on the new graph (but NOT the modules) Connector connector(true, false); graph->accept(&connector); // now connect the modules reusing those from the old graph graph = reconnect(graph, oldGraph); } // start the instances if not already running std::vector<CfgNode*> topoNodes = graph->topoSort(); for (size_t i = 0; i < topoNodes.size(); i++) { Cfg* cfg = topoNodes[topoNodes.size() -1 -i]->getCfg(); msg(MSG_INFO, "Starting module %s", cfg->getName().c_str()); cfg->start(false); } if (old_document) delete old_document; unlockGraph(); }