int main(void) { bool ok; int ret; ok = initialize(); if (!ok) { terminate(); return 1; } ok = log_init(Config.logfile, Config.debug); if (!ok) { terminate(); return 1; } if (Config.background) { ret = fork_to_background(); if (ret == -1) { terminate(); return 1; } if (ret > 0) { terminate(); return 0; } } log_info("=== IP checking service starts ==="); check_all_network_interfaces(); terminate(); return 0; }
static BOOL WINAPI ws_handler (DWORD dwEvent) { switch (dwEvent) { #ifdef CTRLC_BACKGND case CTRL_C_EVENT: #endif #ifdef CTRLBREAK_BACKGND case CTRL_BREAK_EVENT: #endif fork_to_background (); break; case CTRL_SHUTDOWN_EVENT: case CTRL_CLOSE_EVENT: case CTRL_LOGOFF_EVENT: default: WSACleanup (); return FALSE; } return TRUE; }
int main(int argc, char **argv) { int arg,ret; char *configfile; char pcapfile[256]; // Load default config init_config(); // Set the signal handlers signal(SIGHUP, sighup_handler); signal(SIGINT, sigquit_handler); signal(SIGQUIT,sigquit_handler); // Parse command-line options while ((arg = getopt(argc, argv, "IP:i:c:f:DqvdTsr:l:u:S:")) != -1){ switch (arg){ case 'f': strncpy(CONFIG_PCAP_FILTER,optarg,CONFIG_MAX_CHAR); break; case 'r': strncpy(pcapfile,optarg,256); mode_offline=1; break; case 'c': configfile = optarg; read_config(configfile); //dump_config(); break; case 'i': // Start the pcap thread strncpy(CONFIG_PCAP_DEV,optarg,CONFIG_MAX_CHAR); break; case 'P': CONFIG_DIVERT_PORT=atoi(optarg); break; case 'I': CONFIG_DIVERT_ENABLE=1; break; case 'q': CONFIG_LOG_STDOUT = 0; break; case 'u': strncpy(CONFIG_USER,optarg,CONFIG_MAX_CHAR); break; case 'l': strncpy(CONFIG_LOGDIR,optarg,CONFIG_MAX_CHAR); if(strlen(CONFIG_LOGDIR) > 64) { fatal_error("Log directory is too long!"); } if (access(CONFIG_LOGDIR, F_OK) == -1){ fatal_error("Log directory does not exist"); } break; case 's': CONFIG_LOG_SYSLOG = 1; break; case 'S': strncpy(CONFIG_SIGFILE,optarg,CONFIG_MAX_CHAR); break; case 'T': CONFIG_TCP_STRICT = 0; break; case 'v': CONFIG_LOG_VERBOSE++; break; case 'd': CONFIG_SHOW_TRAFFIC = 1; break; case 'D': fork_to_background(); break; default: usage(); exit(1); break; } } // Initialize the stats structure and the streams stats_init(); // Create the list, this is to store the IP packets in which can then // be read by another thread. TODO: add maximum list size trafficlist = getRingBuffer(CONFIG_RINGBUFFER_SIZE); // Register the destructor registerListDestructor(destructor_callback,trafficlist); registerListIterator(traffic_analyzer,trafficlist); // Create the control thread first for message logging pthread_create(&t_control,NULL,(void*)control_loop,NULL); //Initialize the detection hooks detect_hook_init(); tcp_stream_init(); //Initialize the timers timer_init(); timer_register_function(CONFIG_TIMER_STATS,"Stats printer",stats_show_cnt_line,NULL); timer_register_function(CONFIG_TIMER_TCP_CLEANER,"TCP session cleaner", tcp_clean_sessions,NULL); timer_register_function(CONFIG_TIMER_IPFRAG_CLEANER,"IP fragment cleaner", ip_frag_cleaner,NULL); //Load the signatures if(load_signatures(CONFIG_SIGFILE) == 1){ usage(); exit(1); } // Make signature index; init_signature_indexes(); log_info("Signatures loaded: %d, not loaded: %d", stat_get(CNT_SIG_LOADED), stat_get(CNT_SIG_NOT_LOADED)); // Check if root privileges are required if(mode_offline == 0 && getuid() != 0) { fprintf(stderr, "Root privileges are required, unless you specify a\n"); fprintf(stderr, "pcap file with the '-r' option..\n"); exit(1); } if(CONFIG_DIVERT_ENABLE) { log_info("Opening DIVERT socket port: %d\n",CONFIG_DIVERT_PORT); divert_open_socket(CONFIG_DIVERT_PORT); // Start the divert_listen loop pthread_create(&t_listener,NULL,(void*)divert_listen_loop,handle); } else if(mode_offline != 1) { // If no device was specified AND not configured then the only // option is to pick one using the cap library (not recommended) if(*CONFIG_PCAP_DEV == '0') { if(pcap_return_device() != NULL) { log_info("Picking random interface (overrule -i)"); strncpy(CONFIG_PCAP_DEV,pcap_return_device(),CONFIG_MAX_CHAR); } else { usage(); exit(1); } } // Start the sniffer thread handle = pcap_open_device(CONFIG_PCAP_DEV,CONFIG_PCAP_FILTER); pthread_create(&t_listener,NULL,(void*)pcap_listen_loop,handle); } else { // Open the file handle = pcap_open_file(pcapfile,CONFIG_PCAP_FILTER); pthread_create(&t_listener,NULL,(void*)pcap_listen_loop,handle); } // Chroot if needed if(CONFIG_CHROOT_ENABLE == 1) { if((ret = chroot(CONFIG_CHROOT_DIR)) != 0) { fatal_error("Chroot to \"%s\" failed: %s !",CONFIG_CHROOT_DIR, strerror(errno)); } else { log_info("Chroot to directory: \"%s\" done",CONFIG_CHROOT_DIR); } } // Drop privileges if needed if(*CONFIG_USER != '0' && drop_privileges(CONFIG_USER) != 0) { fatal_error("Unable to drop privileges, quitting for security reasons",CONFIG_USER); } // Set the time gettimeofday(&startuptime,NULL); pthread_create(&t_analyzer,NULL,(void*)pcap_analyzer,NULL); if(mode_offline == 1) { pthread_join(t_analyzer, NULL); } else { pthread_join(t_listener,NULL); } // Control thread loop_control = 0; pthread_join(t_control, NULL); // And bail out dump_stats(stdout); return 0; }