static void opd_26_init(void)
{
size_t i;
size_t opd_buf_size;
opd_create_vmlinux(vmlinux, kernel_range);
opd_buf_size = opd_read_fs_int("/dev/oprofile/", "buffer_size", 1);
kernel_pointer_size = opd_read_fs_int("/dev/oprofile/", "pointer_size", 1);
s_buf_bytesize = opd_buf_size * kernel_pointer_size;
sbuf = xmalloc(s_buf_bytesize);
opd_reread_module_info();
for (i = 0; i < OPD_MAX_STATS; i++)
opd_stats[i] = 0;
perfmon_init();
cookie_init();
sfile_init();
anon_init();
/* must be /after/ perfmon_init() at least */
if (atexit(clean_exit)) {
perfmon_exit();
perror("oprofiled: couldn't set exit cleanup: ");
exit(EXIT_FAILURE);
}
}
int anon_unit_test() {
struct in_addr inp;
extern FILE *anon_info;
anon_init("internal.net", stderr);
if (inet_aton("64.104.192.129", &inp) == 0) {
fprintf(anon_info, "error: could not convert address\n");
}
if (ipv4_addr_needs_anonymization(&inp) != 1) {
fprintf(anon_info, "error in anon_unit_test\n");
} else {
fprintf(anon_info, "passed\n");
}
return ok;
}
/**
* This is the first real C function ever called. It performs a lot of
* hardware-specific initialization, then creates a pseudo-context to
* execute the bootstrap function in.
*/
void
kmain()
{
GDB_CALL_HOOK(boot);
dbg_init();
dbgq(DBG_CORE, "Kernel binary:\n");
dbgq(DBG_CORE, " text: 0x%p-0x%p\n", &kernel_start_text, &kernel_end_text);
dbgq(DBG_CORE, " data: 0x%p-0x%p\n", &kernel_start_data, &kernel_end_data);
dbgq(DBG_CORE, " bss: 0x%p-0x%p\n", &kernel_start_bss, &kernel_end_bss);
page_init();
pt_init();
slab_init();
pframe_init();
acpi_init();
apic_init();
pci_init();
intr_init();
gdt_init();
/* initialize slab allocators */
#ifdef __VM__
anon_init();
shadow_init();
#endif
vmmap_init();
proc_init();
kthread_init();
#ifdef __DRIVERS__
bytedev_init();
blockdev_init();
#endif
void *bstack = page_alloc();
pagedir_t *bpdir = pt_get();
KASSERT(NULL != bstack && "Ran out of memory while booting.");
context_setup(&bootstrap_context, bootstrap, 0, NULL, bstack, PAGE_SIZE, bpdir);
context_make_active(&bootstrap_context);
panic("\nReturned to kmain()!!!\n");
}
static void opd_26_init(void)
{
size_t i;
size_t opd_buf_size;
unsigned long long start_time = 0ULL;
struct timeval tv;
opd_create_vmlinux(vmlinux, kernel_range);
opd_create_xen(xenimage, xen_range);
opd_buf_size = opd_read_fs_int("/dev/oprofile/", "buffer_size", 1);
kernel_pointer_size = opd_read_fs_int("/dev/oprofile/", "pointer_size", 1);
s_buf_bytesize = opd_buf_size * kernel_pointer_size;
sbuf = xmalloc(s_buf_bytesize);
opd_reread_module_info();
for (i = 0; i < OPD_MAX_STATS; i++)
opd_stats[i] = 0;
perfmon_init();
cookie_init();
sfile_init();
anon_init();
/* must be /after/ perfmon_init() at least */
if (atexit(clean_exit)) {
perfmon_exit();
perror("oprofiled: couldn't set exit cleanup: ");
exit(EXIT_FAILURE);
}
/* trigger kernel module setup before returning control to opcontrol */
opd_open_files();
gettimeofday(&tv, NULL);
start_time = 0ULL;
start_time = tv.tv_sec;
sprintf(start_time_str, "%llu", start_time);
}
/**
* This is the first real C function ever called. It performs a lot of
* hardware-specific initialization, then creates a pseudo-context to
* execute the bootstrap function in.
*/
void
kmain()
{
GDB_CALL_HOOK(boot);
dbg_init();
dbgq(DBG_CORE, "Kernel binary:\n");
dbgq(DBG_CORE, " text: 0x%p-0x%p\n", &kernel_start_text, &kernel_end_text);
dbgq(DBG_CORE, " data: 0x%p-0x%p\n", &kernel_start_data, &kernel_end_data);
dbgq(DBG_CORE, " bss: 0x%p-0x%p\n", &kernel_start_bss, &kernel_end_bss);
page_init();
pt_init();
slab_init();
pframe_init();
acpi_init();
apic_init();
pci_init();
intr_init();
gdt_init();
/* initialize slab allocators */
#ifdef __VM__
anon_init();
shadow_init();
#endif
vmmap_init();
proc_init();
kthread_init();
#ifdef __DRIVERS__
bytedev_init();
blockdev_init();
#endif
void *bstack = page_alloc();
pagedir_t *bpdir = pt_get();
KASSERT(NULL != bstack && "Ran out of memory while booting.");
/* This little loop gives gdb a place to synch up with weenix. In the
* past the weenix command started qemu was started with -S which
* allowed gdb to connect and start before the boot loader ran, but
* since then a bug has appeared where breakpoints fail if gdb connects
* before the boot loader runs. See
*
* https://bugs.launchpad.net/qemu/+bug/526653
*
* This loop (along with an additional command in init.gdb setting
* gdb_wait to 0) sticks weenix at a known place so gdb can join a
* running weenix, set gdb_wait to zero and catch the breakpoint in
* bootstrap below. See Config.mk for how to set GDBWAIT correctly.
*
* DANGER: if GDBWAIT != 0, and gdb is not running, this loop will never
* exit and weenix will not run. Make SURE the GDBWAIT is set the way
* you expect.
*/
while (gdb_wait) ;
context_setup(&bootstrap_context, bootstrap, 0, NULL, bstack, PAGE_SIZE, bpdir);
context_make_active(&bootstrap_context);
panic("\nReturned to kmain()!!!\n");
}
int main(int argc, char **argv) {
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 net = PCAP_NETMASK_UNKNOWN;
char *filter_exp = "ip";
struct bpf_program fp;
int i;
int c;
int opt_count = 0;
int tmp_ret;
char *ifile = NULL;
unsigned int file_count = 0;
char filename[MAX_FILENAME_LEN]; /* output file */
char pcap_filename[MAX_FILENAME_LEN*2]; /* output file */
char *cli_interface = NULL;
char *cli_filename = NULL;
char *config_file = NULL;
struct interface ifl[IFL_MAX];
int num_interfaces;
char *capture_if;
unsigned int file_base_len = 0;
unsigned int num_cmds = 0;
unsigned int done_with_options = 0;
struct stat sb;
DIR *dir;
struct dirent *ent;
enum operating_mode mode = mode_none;
/* sanity check sizeof() expectations */
if (data_sanity_check() != ok) {
fprintf(stderr, "error: failed data size sanity check\n");
}
/* sanity check arguments */
for (i=1; i<argc; i++) {
if (strchr(argv[i], '=')) {
if (done_with_options) {
fprintf(stderr, "error: option (%s) found after filename (%s)\n", argv[i], argv[i-1]);
exit(EXIT_FAILURE);
}
} else {
done_with_options = 1;
}
}
/*
* set "info" to stderr; this output stream is used for
* debug/info/warnings/errors. setting it here is actually
* defensive coding, just in case some function that writes to
* "info" gets invoked before info gets set below (if we are in
* online mode, it will be set to a log file)
*/
info = stderr;
/* in debug mode, turn off output buffering */
#if P2F_DEBUG
setvbuf(stderr, NULL, _IONBF, 0);
setbuf(stdout, NULL);
#endif
/*
* set configuration from command line arguments that contain
* LHS=RHS commands, then update argv/argc so that those arguments
* are not subjected to any further processing
*/
num_cmds = config_set_from_argv(&config, argv, argc);
argv += num_cmds;
argc -= num_cmds;
/* process command line options */
while (1) {
int option_index = 0;
struct option long_options[] = {
{"help", no_argument, 0, 'h' },
{"xconfig", required_argument, 0, 'x' },
{0, 0, 0, 0 }
};
c = getopt_long(argc, argv, "hx:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'x':
config_file = optarg;
opt_count++;
break;
case 'h':
default:
return usage(argv[0]);
}
opt_count++;
}
if (config_file) {
/*
* read in configuration from file; note that if we don't read in
* a file, then the config structure will use the static defaults
* set when it was declared
*/
config_set_from_file(&config, config_file);
}
if (config_file || (num_cmds != 0)) {
/*
* set global variables as needed, if we got some configuration
* commands from the config_file or from command line arguments
*/
bidir = config.bidir;
include_zeroes = config.include_zeroes;
byte_distribution = config.byte_distribution;
report_entropy = config.report_entropy;
report_wht = config.report_wht;
report_hd = config.report_hd;
include_tls = config.include_tls;
include_classifier = config.include_classifier;
output_level = config.output_level;
report_idp = config.idp;
report_dns = config.dns;
salt_algo = config.type;
nfv9_capture_port = config.nfv9_capture_port;
if (config.bpf_filter_exp) {
filter_exp = config.bpf_filter_exp;
}
}
/*
* allow some command line variables to override the config file
*/
if (cli_filename) {
/*
* output filename provided on command line supersedes that
* provided in the config file
*/
config.filename = cli_filename;
}
if (cli_interface) {
/*
* interface provided on command line supersedes that provided
* in the config file
*/
config.interface = cli_interface;
}
if (config.filename) {
strncpy(filename, config.filename, MAX_FILENAME_LEN);
}
/*
* set the operating mode to online or offline
*/
if (config.interface != NULL && strcmp(config.interface, NULL_KEYWORD)) {
mode = mode_online;
} else {
mode = mode_offline;
}
/*
* if we are doing a live capture, get interface list, and set "info"
* output stream to log file
*/
if (mode == mode_online) {
if (config.logfile && strcmp(config.logfile, NULL_KEYWORD)) {
info = fopen(config.logfile, "a");
if (info == NULL) {
fprintf(stderr, "error: could not open log file %s\n", config.logfile);
return -1;
}
fprintf(stderr, "writing errors/warnings/info/debug output to %s\n", config.logfile);
}
/*
* cheerful message to indicate the start of a new run of the
* daemon
*/
fprintf(info, "--- %s initialization ---\n", argv[0]);
flocap_stats_output(info);
num_interfaces = interface_list_get(ifl);
if (num_interfaces == 0) {
fprintf(info, "warning: could not obtain inferface information\n");
} else {
for(i=0; i<num_interfaces; i++) {
unsigned char *a = ifl[i].mac_addr;
fprintf(info, "interface: %8s\tstatus: %s\t%02x%02x%02x%02x%02x%02x\n",
ifl[i].name, (ifl[i].active ? "up" : "down"),
a[0], a[1], a[2], a[3], a[4], a[5]);
}
}
} else {
info = stderr;
}
/*
* report on running configuration (which may depend on the command
* line, the config file, or both)
*/
config_print(info, &config);
/*
* configure labeled subnets (which uses a radix trie to identify
* addresses that match subnets associated with labels)
*/
if (config.num_subnets > 0) {
attr_flags subnet_flag;
enum status err;
rt = radix_trie_alloc();
if (rt == NULL) {
fprintf(info, "could not allocate memory\n");
}
err = radix_trie_init(rt);
if (err != ok) {
fprintf(stderr, "error: could not initialize subnet labels (radix_trie)\n");
}
for (i=0; i<config.num_subnets; i++) {
char label[LINEMAX], subnet_file[LINEMAX];
int num;
num = sscanf(config.subnet[i], "%[^=:]:%[^=:\n#]", label, subnet_file);
if (num != 2) {
fprintf(info, "error: could not parse command \"%s\" into form label:subnet\n", config.subnet[i]);
exit(1);
}
subnet_flag = radix_trie_add_attr_label(rt, label);
if (subnet_flag == 0) {
fprintf(info, "error: count not add subnet label %s to radix_trie\n", label);
exit(1);
}
err = radix_trie_add_subnets_from_file(rt, subnet_file, subnet_flag, info);
if (err != ok) {
fprintf(info, "error: could not add labeled subnets from file %s\n", subnet_file);
exit(1);
}
}
fprintf(info, "configured labeled subnets (radix_trie), using %u bytes of memory\n", get_rt_mem_usage());
}
if (config.anon_addrs_file != NULL) {
if (anon_init(config.anon_addrs_file, info) == failure) {
fprintf(info, "error: could not initialize anonymization subnets from file %s\n",
config.anon_addrs_file);
return -1;
}
}
if (config.filename != NULL) {
char *outputdir;
/*
* set output directory
*/
if (config.outputdir) {
outputdir = config.outputdir;
} else {
outputdir = ".";
}
/*
* generate an "auto" output file name, based on the MAC address
* and the current time, if we are "auto" configured
*/
if (strncmp(config.filename, "auto", strlen("auto")) == 0) {
if (mode == mode_online) {
unsigned char *addr = ifl[0].mac_addr;
time_t now = time(0);
struct tm *t = localtime(&now);
snprintf(filename, MAX_FILENAME_LEN, "%s/flocap-%02x%02x%02x%02x%02x%02x-h%d-m%d-s%d-D%d-M%d-Y%d-%s-",
outputdir, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5],
t->tm_hour, t->tm_min, t->tm_sec, t->tm_mday, t->tm_mon, t->tm_year + 1900, t->tm_zone);
} else {
fprintf(info, "error: cannot use \"output = auto\" with no interface specified; use -o or -l options\n");
return usage(argv[0]);
}
fprintf(info, "auto generated output filename: %s\n", filename);
} else {
/* set output file based on command line or config file */
if (cli_filename) {
strncpy(filename, config.filename, MAX_FILENAME_LEN);
} else {
char tmp_filename[MAX_FILENAME_LEN];
strncpy(tmp_filename, filename, MAX_FILENAME_LEN);
snprintf(filename, MAX_FILENAME_LEN, "%s/%s", outputdir, tmp_filename);
}
}
file_base_len = strlen(filename);
if (config.max_records != 0) {
snprintf(filename + file_base_len, MAX_FILENAME_LEN - file_base_len, "%d", file_count);
}
output = fopen(filename, "w");
if (output == NULL) {
fprintf(info, "error: could not open output file %s (%s)\n", filename, strerror(errno));
return -1;
}
} else {
output = stdout;
}
if (ifile != NULL) {
opt_count--;
argv[1+opt_count] = ifile;
}
if (mode == mode_online) { /* live capture */
int linktype;
/*
* sanity check: we can't be in both offline mode and online mode
* simultaneously
*/
if ((argc-opt_count > 1) || (ifile != NULL)) {
fprintf(info, "error: both interface (%s) and pcap input file (%s) specified\n",
config.interface, argv[1+opt_count]);
return usage(argv[0]);
}
anon_print_subnets(info);
signal(SIGINT, sig_close); /* Ctl-C causes graceful shutdown */
signal(SIGTERM, sig_close);
// signal(SIGHUP, sig_reload);
// signal(SIGTSTP, sig_reload);
signal(SIGQUIT, sig_reload); /* Ctl-\ causes an info dump */
/*
* set capture interface as needed
*/
if (strncmp(config.interface, "auto", strlen("auto")) == 0) {
capture_if = ifl[0].name;
fprintf(info, "starting capture on interface %s\n", ifl[0].name);
} else {
capture_if = config.interface;
}
errbuf[0] = 0;
handle = pcap_open_live(capture_if, 65535, config.promisc, 10000, errbuf);
if (handle == NULL) {
fprintf(info, "could not open device %s: %s\n", capture_if, errbuf);
return -1;
}
if (errbuf[0] != 0) {
fprintf(stderr, "warning: %s\n", errbuf);
}
/* verify that we can handle the link layer headers */
linktype = pcap_datalink(handle);
if (linktype != DLT_EN10MB) {
fprintf(info, "device %s has unsupported linktype (%d)\n",
capture_if, linktype);
return -2;
}
if (filter_exp) {
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(info, "error: could not parse filter %s: %s\n",
filter_exp, pcap_geterr(handle));
return -3;
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(info, "error: could not install filter %s: %s\n",
filter_exp, pcap_geterr(handle));
return -4;
}
}
/*
* run as daemon, if so configured, without closing stderr and
* stdout, and without changing the working directory
*/
if (config.daemon) {
daemon(1, 1);
}
/*
* flush "info" output stream to ensure log file accuracy
*/
fflush(info);
/*
* write out JSON preamble
*/
fprintf(output, "{\n");
config_print_json(output, &config);
fprintf(output, "\"appflows\": [\n");
while(1) {
struct timeval time_of_day, inactive_flow_cutoff;
/* loop over packets captured from interface */
pcap_loop(handle, NUM_PACKETS_IN_LOOP, process_packet, NULL);
if (output_level > none) {
fprintf(output, "# pcap processing loop done\n");
}
if (config.report_exe) {
/*
* periodically obtain host/process flow data
*/
if (get_host_flow_data() != 0) {
fprintf(info, "warning: could not obtain host/process flow data\n");
}
}
/*
* periodically report on progress
*/
if ((flocap_stats_get_num_packets() % NUM_PACKETS_BETWEEN_STATS_OUTPUT) == 0) {
flocap_stats_output(info);
}
/* print out inactive flows */
gettimeofday(&time_of_day, NULL);
timer_sub(&time_of_day, &time_window, &inactive_flow_cutoff);
flow_record_list_print_json(&inactive_flow_cutoff);
if (config.filename) {
/* rotate output file if needed */
if (config.max_records && (records_in_file > config.max_records)) {
/*
* write JSON postamble
*/
fprintf(output, "\n] }\n");
fclose(output);
if (config.upload_servername) {
upload_file(filename, config.upload_servername, config.upload_key, config.retain_local);
}
// printf("records: %d\tmax_records: %d\n", records_in_file, config.max_records);
file_count++;
if (config.max_records != 0) {
snprintf(filename + file_base_len, MAX_FILENAME_LEN - file_base_len, "%d", file_count);
}
output = fopen(filename, "w");
if (output == NULL) {
perror("error: could not open output file");
return -1;
}
records_in_file = 0;
fprintf(output, "{ \"appflows\": [\n");
}
/*
* flush out buffered debug/info/log messages on the "info" stream
*/
fflush(info);
}
// fflush(output);
}
fprintf(output, "\n] }\n");
if (filter_exp) {
pcap_freecode(&fp);
}
pcap_close(handle);
} else { /* mode = mode_offline */
if ((argc-opt_count <= 1) && (ifile == NULL)) {
fprintf(stderr, "error: missing pcap file name(s)\n");
return usage(argv[0]);
}
fprintf(output, "{\n");
config_print_json(output, &config);
fprintf(output, "\"appflows\": [\n");
flow_record_list_init();
flocap_stats_timer_init();
for (i=1+opt_count; i<argc; i++) {
if (stat(argv[i], &sb) == 0 && S_ISDIR(sb.st_mode)) {
if ((dir = opendir(argv[i])) != NULL) {
while ((ent = readdir(dir)) != NULL) {
if (strcmp(ent->d_name, ".") && strcmp(ent->d_name, "..")) {
strcpy(pcap_filename, argv[i]);
if (pcap_filename[strlen(pcap_filename)-1] != '/') {
strcat(pcap_filename, "/");
}
strcat(pcap_filename, ent->d_name);
tmp_ret = process_pcap_file(pcap_filename, filter_exp, &net, &fp);
if (tmp_ret < 0) {
return tmp_ret;
}
}
}
closedir(dir);
} else {
/* error opening directory*/
printf("Error opening directory: %s\n", argv[i]);
return -1;
}
} else {
tmp_ret = process_pcap_file(argv[i], filter_exp, &net, &fp);
if (tmp_ret < 0) {
return tmp_ret;
}
}
}
fprintf(output, "\n]");
fprintf(output, "\n}\n");
}
flocap_stats_output(info);
// config_print(info, &config);
return 0;
}
/*
* main
*/
int main(int argc, char *argv[])
{
struct pcap_hdr_s pcap_ghdr;
unsigned char ibuf[PKT_SIZE_MAX];
struct pcap_pkt *pkt = (struct pcap_pkt *)&ibuf[0];
int ret, pkt_count = 0;
FILE *ifp, *ofp = NULL;
char fname[0xFF];
struct anon_keys anon;
u_int16_t ethtype;
strcpy(anon.passphase, "hoge");
if (argc != 2) {
pr_err("Usage: ./pcappriv ./recv.pcap: argc=%d", argc);
exit(EXIT_FAILURE);
}
ifp = fopen(argv[1], "rb");
if (ifp == NULL) {
pr_err("cannot open pcap file: %s", argv[1]);
exit(EXIT_FAILURE);
}
// check global pcap header
ret = fread(ibuf, sizeof(struct pcap_hdr_s), 1, ifp);
if (ret < 1) {
pr_err("size of fread is too short: pcap_hdr_s");
exit(EXIT_FAILURE);
}
set_global_pcaphdr(&pcap_ghdr, (char *)ibuf);
if ((pcap_ghdr.magic_number != PCAP_MAGIC) ||
(pcap_ghdr.version_major != PCAP_VERSION_MAJOR) ||
(pcap_ghdr.version_minor != PCAP_VERSION_MINOR)) {
pr_err("unsupported pcap format:\n"
"\tpcap_ghdr.magic_number=%X\n"
"\tpcap_ghdr.version_major=%X\n"
"\tpcap_ghdr.version_minor=%X",
(int)pcap_ghdr.magic_number, (int)pcap_ghdr.version_major,
(int)pcap_ghdr.version_minor);
goto out;
}
// create output file
strcpy(fname, "output.pcap");
ofp = fopen(fname, "wb");
if (ofp == NULL) {
pr_err("cannot create output pcap file.");
goto out;
}
ret = fwrite(&pcap_ghdr, sizeof(struct pcap_hdr_s), 1, ofp);
if (ret < 1) {
pr_err("cannot write ghdr.");
goto out;
}
anon_init(&anon);
cache_init();
set_signal(SIGINT);
while (1) {
// read pcap header
ret = fread(ibuf, sizeof(struct pcaprec_hdr_s), 1, ifp);
if (ret < 1) {
pr_debug("size of fread is too short: pcaprec_hdr_s");
break;
}
// checking packet size
if ((pkt->pcap.orig_len < PKT_SIZE_MIN) || (pkt->pcap.orig_len > PKT_SIZE_MAX)) {
pr_warn("Skip a packet: frame original length=%d", (int)pkt->pcap.orig_len);
fseek(ifp, pkt->pcap.incl_len, SEEK_CUR); // skip the packet data
continue;
}
// read packet data
ret = fread(ibuf+sizeof(struct pcaprec_hdr_s), pkt->pcap.incl_len, 1, ifp);
if (ret < 1) {
pr_err("size of fread is too short: pcap data");
break;
}
INFO_ETH(pkt);
ethtype = ntohs(pkt->eth.ether_type);
// ipv4 header
if (ethtype == ETHERTYPE_IP) {
INFO_IP4(pkt_count, &pkt->ip4);
anon4(&anon, &pkt->ip4.ip_dst);
anon4(&anon, &pkt->ip4.ip_src);
// ipv6 header
} else if (ethtype == ETHERTYPE_IPV6) {
INFO_IP6(pkt_count, &pkt->ip6);
anon6(&anon, &pkt->ip6.ip6_dst);
anon6(&anon, &pkt->ip6.ip6_src);
// ARP
//} else if (ethtype == ETHERTYPE_ARP) {
// set_arp(&pkt, (char *)ibuf + ETHER_HDR_LEN);
// unknown Ethernet Type
} else {
// temp: debug
pr_warn("EtherType: %04X is not supported", ethtype);
}
// write packet data
ret = fwrite(ibuf, sizeof(struct pcaprec_hdr_s) + pkt->pcap.incl_len, 1, ofp);
if (ret < 1) {
pr_err("cannot write pcap file: packet data");
break;
}
++pkt_count;
if (caught_signal)
break;
}
out:
anon_release(&anon);
cache_release();
fclose(ifp);
fclose(ofp);
return 0;
}
