예제 #1
0
SensorManagerCfg::SensorManagerCfg(XMLElement* elem)
	: CfgHelper<SensorManager, SensorManagerCfg>(elem, "sensorManager", false),
	  checkInterval(SM_DEFAULT_CHECK_INTERVAL),
	  sensorOutput(SM_DEFAULT_OUTPUT_FNAME),
	  append(SM_DEFAULT_APPEND)
{
	if (!elem) return; // needed because of table inside ConfigManager

	XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("checkinterval")) {
			checkInterval = strtol(e->getFirstText().c_str(), NULL, 10);
			if (checkInterval == 0) {
				THROWEXCEPTION("invalid check interval specified: '%s'", e->getFirstText().c_str());
			}
		} else if (e->matches("outputfile")) {
			sensorOutput = e->getFirstText().c_str();
			if (sensorOutput.size() == 0) {
				THROWEXCEPTION("invalid sensor output file specified: '%s'", e->getFirstText().c_str());
			}
		} else if (e->matches("append")) {
			append = getInt("append")>0;
		} else {
			msg(MSG_FATAL, "Unknown sensor manager config statement: %s", e->getName().c_str());
		}
	}
}
BaseTCPDosDetect* AggregatorBaseCfg::readDos(XMLElement* elem)
{
BaseTCPDosDetect* temp = NULL;
int module;
int dosTemplateId;
int minimumRate;
int clusterTimeout;
std::map<uint32_t,uint32_t> subnets;

XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
 for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();it!=set.end();it++)
	{

	XMLElement* e = *it;
		if (e->matches("module")) {
			module = getInt("module",-1,e);				
		} else if (e->matches("dosTemplateId")) {
			dosTemplateId = getInt("dosTemplateId",-1,e);	
		} else if (e->matches("internal")) {
			string ipstring = e->getFirstText();
			uint32_t ip = 0;
			uint32_t subnet = inet_addr("255.255.255.255");
			int last_pos = ipstring.find("/");
		        if (last_pos)
			{
		        string tempstr = ipstring.substr(0,last_pos);
		        ip = ntohl(inet_addr(tempstr.c_str()));
			tempstr = ipstring.substr(last_pos+1,ipstring.length());
			subnet >>= (32-atoi(tempstr.c_str()));
			subnet <<= (32-atoi(tempstr.c_str()));
			}
			subnets[ip] = subnet;
		} else if (e->matches("minimumRate")) {
예제 #3
0
IpfixDbWriterOracleCfg::IpfixDbWriterOracleCfg(XMLElement* elem)
  : CfgHelper<IpfixDbWriterOracle, IpfixDbWriterOracleCfg>(elem, "ipfixDbWriterOracle"),
    port(0), bufferRecords(30), observationDomainId(0)
{
	msg(MSG_DEBUG, "Starting configuration for Oracle connection");
	if (!elem) return;
	XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) {
		XMLElement* e = *it;
		if (e->matches("host")) {
			hostname = e->getFirstText();
		} else if (e->matches("port")) {
			port = getInt("port");
		} else if (e->matches("dbname")) {
			dbname = e->getFirstText();
		} else if (e->matches("username")) {
			user = e->getFirstText();
		} else if (e->matches("password")) {
			password = e->getFirstText();
		} else if (e->matches("bufferrecords")) {
			bufferRecords = getInt("bufferrecords");
		} else if (e->matches("columns")) {
			readColumns(e);
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown IpfixDbWriterOracle config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (hostname=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: host not set in configuration!");
	if (port==0) THROWEXCEPTION("IpfixDbWriterOracleCfg: port not set in configuration!");
	if (dbname=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: dbname not set in configuration!");
	if (user=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: username not set in configuration!");
	if (password=="") THROWEXCEPTION("IpfixDbWriterOracleCfg: password not set in configuration!");
}
예제 #4
0
IpfixFileWriterCfg::IpfixFileWriterCfg(XMLElement* elem)
	: CfgHelper<IpfixFileWriter, IpfixFileWriterCfg>(elem, "ipfixFileWriter"),
	destinationPath("./"),
	filenamePrefix("ipfix.dump"),
	maximumFilesize(DEFAULTFILESIZE),
	observationDomainId(0)
{
	if (!elem) return;  // needed because of table inside ConfigManager

	XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("maximumFilesize")) {
			maximumFilesize = getInt("maximumFilesize"); 
		}else if (e->matches("destinationPath")){
			destinationPath = e->getFirstText();
		}else if (e->matches("filenamePrefix")){
			filenamePrefix = e->getFirstText();
		} else if (e->matches("observationDomainId")) {
			observationDomainId = getInt("observationDomainId");
		}
		 else {
			msg(MSG_FATAL, "Unknown ipfixFileWriter config statement %s\n",
				 e->getName().c_str());
			continue;
		}
	}
}
PacketIDMEFReporterCfg::PacketIDMEFReporterCfg(XMLElement* elem)
    : CfgHelper<PacketIDMEFReporter, PacketIDMEFReporterCfg>(elem, "packetIDMEFReporter"),
	  snapshotOffset(0), snapshotLength(0)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("snapshotoffset")) {
			snapshotOffset = getInt("snapshotoffset");
		} else if (e->matches("snapshotlength")) {
			snapshotLength = getInt("snapshotlength");
		} else if (e->matches("analyzerid")) {
			analyzerId = e->getFirstText();
		} else if (e->matches("idmeftemplate")) {
			idmefTemplate = e->getFirstText();
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown PacketIDMEFReporter config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (analyzerId=="") THROWEXCEPTION("PacketIDMEFReporterCfg: analyzerid not set in configuration!");
	if (idmefTemplate=="") THROWEXCEPTION("PacketIDMEFReporterCfg: idmeftemplate not set in configuration!");
}
PCAPExporterCfg::PCAPExporterCfg(XMLElement* elem)
    : CfgHelper<PCAPExporterModule, PCAPExporterCfg>(elem, "pcapExporter"), link_type(DLT_EN10MB)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
    for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
            it != set.end();
            it++) {
        XMLElement* e = *it;

        if (e->matches("filename")) {
            fileName = e->getFirstText();
        } else if (e->matches("linkType")) {
            int tmp =  pcap_datalink_name_to_val(e->getFirstText().c_str());
            if (tmp == -1) {
                msg(MSG_ERROR, "Found illegal link type");
            } else {
                link_type = tmp;
            }
        } else if (e->matches("snaplen")) {
            snaplen = getInt("snaplen", PCAP_MAX_CAPTURE_LENGTH, e);
        }
    }
}
IpfixDbReaderCfg::IpfixDbReaderCfg(XMLElement* elem)
    : CfgHelper<IpfixDbReader, IpfixDbReaderCfg>(elem, "ipfixDbReader"),
      port(0)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
    for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
            it != set.end();
            it++) {
        XMLElement* e = *it;

        if (e->matches("host")) {
            hostname = e->getFirstText();
        } else if (e->matches("port")) {
            port = getInt("port");
        } else if (e->matches("dbname")) {
            dbname = e->getFirstText();
        } else if (e->matches("username")) {
            user = e->getFirstText();
        } else if (e->matches("password")) {
            password = e->getFirstText();
        } else if (e->matches("next")) { // ignore next
        } else {
            msg(MSG_FATAL, "Unknown IpfixDbReader config statement %s\n", e->getName().c_str());
            continue;
        }
    }
    if (hostname=="") THROWEXCEPTION("IpfixDbReaderCfg: host not set in configuration!");
    if (port==0) THROWEXCEPTION("IpfixDbReaderCfg: port not set in configuration!");
    if (dbname=="") THROWEXCEPTION("IpfixDbReaderCfg: dbname not set in configuration!");
    if (user=="") THROWEXCEPTION("IpfixDbReaderCfg: username not set in configuration!");
    if (password=="") THROWEXCEPTION("IpfixDbReaderCfg: password not set in configuration!");
}
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem)
	: CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"),
	listener(NULL),
	ipfixCollector(NULL)
{
	if (!elem)
		return;

	msg(MSG_INFO, "IpfixCollectorCfg: Start reading ipfixCollector section");
	udpTemplateLifetime = getInt("udpTemplateLifetime", -1);
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("listener")) {
			listener = new CollectorCfg(e);
		} else if (e->matches("udpTemplateLifetime")) { // already done
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unkown observer config statement %s\n", e->getName().c_str());
			continue;
		}
	}

	if (listener == NULL)
		THROWEXCEPTION("collectingProcess has to listen on one address!");

	msg(MSG_INFO, "IpfixCollectorCfg: Successfully parsed collectingProcess section");
}
PacketFilterCfg::PacketFilterCfg(XMLElement* elem)
	: CfgHelper<FilterModule, PacketFilterCfg>(elem, "filter")
{
	if (!elem)
		return;
	
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		Cfg* c;
		XMLElement* e = *it;

		if (e->matches("countBased")) {
			msg(MSG_INFO, "Filter: Creating count based sampler");
			c = new PacketCountFilterCfg(e);
		} else if (e->matches("stringBased")) {
			msg(MSG_INFO, "Filter: Creating string based sampler");
			c = new PacketStringFilterCfg(e);
		} else if (e->matches("regexBased")) {
			msg(MSG_INFO, "Filter: Creating regex based sampler");
			c = new PacketRegexFilterCfg(e);
		} else if (e->matches("timeBased")) {
			msg(MSG_INFO, "Filter: Creating time based sampler");
			c = new PacketTimeFilterCfg(e);
		} else if (e->matches("next")) { // ignore next
			continue;
		} else {
			msg(MSG_FATAL, "Unkown packet filter %s\n", e->getName().c_str());
			continue;
		}

		subCfgs.push_back(c);
	}
}
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem)
	: CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"),
	listener(NULL),
	ipfixCollector(NULL)
{
	if (!elem)
		return;

	msg(MSG_INFO, "IpfixCollectorCfg: Start reading ipfixCollector section");
	udpTemplateLifetime = getInt("udpTemplateLifetime", -1);

	// Config for DTLS
	certificateChainFile = getOptional("cert");
	privateKeyFile = getOptional("key");
	caFile = getOptional("CAfile");
	caPath = getOptional("CApath");
	// observationDomainId = getInt("observationDomainId", 0);
	
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("listener")) {
			if (listener)
				THROWEXCEPTION("listener already set. There can only be one <listener> Element per Collector.");
			listener = new CollectorCfg(e);
			if (listener->getMtu() != 0) {
				delete listener;
				THROWEXCEPTION("You can not set the MTU for a listener.");
			}
		} else if (e->matches("udpTemplateLifetime")) { // already done
		} else if (e->matches("next")) { // ignore next
		} else if (e->matches("cert") || e->matches("key") ||
				e->matches("CAfile") || e->matches("CApath")) {
			// already done!
		} else {
			msg(MSG_FATAL, "Unkown collector config statement %s", e->getName().c_str());
			continue;
		}
	}

	if (listener == NULL)
		THROWEXCEPTION("collectingProcess has to listen on one address!");

	if (listener->getProtocol() != UDP &&
			listener->getProtocol() != SCTP &&
			listener->getProtocol() != DTLS_OVER_UDP &&
			listener->getProtocol() != DTLS_OVER_SCTP)
		THROWEXCEPTION("collectingProcess can handle only UDP or SCTP!");
	
	msg(MSG_INFO, "IpfixCollectorCfg: Successfully parsed collectingProcess section");
}
예제 #11
0
void AnonymizerCfg::initInstance(CfgBase* c, AnonModule* module, XMLNode::XMLSet<XMLElement*> set)
{
    for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
            it != set.end();
            it++) {
        XMLElement* e = *it;

        if (e->matches("anonField")) {
            InfoElementCfg* cfg = NULL;
            std::string method;
            std::string method_parameter;
            XMLNode::XMLSet<XMLElement*> set = e->getElementChildren();
            for (XMLNode::XMLSet<XMLElement*>::iterator jt = set.begin();
                    jt != set.end();
                    ++jt) {
                XMLElement* e = *jt;
                if (e->matches("anonIE")) {
                    if(cfg) {
                        THROWEXCEPTION("Only on anonIE tag per anonField tag allowed");
                    }
                    cfg = new InfoElementCfg(*jt);
                } else if (e->matches("anonMethod")) {
                    method = c->get("anonMethod", e);
                } else if (e->matches("anonParam")) {
                    method_parameter = c->get("anonParam", e);
                } else {
                    msg(MSG_ERROR, "Unknown field in anonField");
                    continue;
                }
            }
            if (!cfg) {
                msg(MSG_FATAL, "Missing information element in anonField");
                THROWEXCEPTION("Missing information element in anonField");
            }
            if (method.empty()) {
                msg(MSG_FATAL, "Missing anonymization method in anonField");
                THROWEXCEPTION("Missing anonymization method in anonField");
            }
            if (cfg->getIeLength()==0) THROWEXCEPTION("Information element specified in anonField, but length==0");
            module->addAnonymization(cfg->getIeId(), cfg->getIeLength(), AnonMethod::stringToMethod(method), method_parameter);
            const ipfix_identifier* id = ipfix_id_lookup(cfg->getIeId());
            msg(MSG_INFO, "Added anonymization %s for field %i (%s) with length %i", method.c_str(), cfg->getIeId(), id->name, cfg->getIeLength());
            delete cfg;
        } else if (e->matches("next") || e->matches("copyMode")) {
            // ignore next and copyMode (see createInstance)
        } else {
            msg(MSG_FATAL, "Unkown anonymization field %s\n", e->getName().c_str());
            continue;
        }
    }


}
PacketReportingCfg::PacketReportingCfg(XMLElement* elem)
	: CfgBase(elem), recordVLFields(0), recordLength(0), templateId(0), t(NULL)
{
	assert(elem);

	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		if ((*it)->getName()=="templateId") {
			templateId = getInt("templateId", 0, elem);
		} else {
			exportedFields.push_back(new InfoElementCfg(*it));
		}
	}
}
예제 #13
0
IpfixPayloadWriterCfg::IpfixPayloadWriterCfg(XMLElement* elem)
    : CfgHelper<IpfixPayloadWriter, IpfixPayloadWriterCfg>(elem, "ipfixPayloadWriter"),
      noConnections(0),
      ignoreEmptyPayload(false),
      ignoreIncompleteTCP(false),
      startIdx(0)
{
    if (!elem) return;

    bool noconnseen = false;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("destPath")) {
			path = e->getFirstText();
		} else if (e->matches("filenamePrefix")) {
			filenamePrefix = e->getFirstText();
		} else if (e->matches("connNumber")) {
			noConnections = getInt("connNumber");
			noconnseen = true;
		} else if (e->matches("ignoreEmptyPayload")) {
			ignoreEmptyPayload = getBool("ignoreEmptyPayload");
		} else if (e->matches("ignoreIncompleteTCP")) {
			ignoreIncompleteTCP = getInt("ignoreIncompleteTCP");
		} else if (e->matches("ignoreIncompleteTCP")) {
			ignoreIncompleteTCP = getInt("ignoreIncompleteTCP");
		} else if (e->matches("startIndex")) {
			startIdx = getInt64("startIndex");
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown IpfixPayloadWriter config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (path=="") THROWEXCEPTION("IpfixPayloadWriterCfg: destPath not set in configuration!");
	if (filenamePrefix=="") THROWEXCEPTION("IpfixPayloadWriterCfg: filenamePrefix not set in configuration!");
	if (!noconnseen) THROWEXCEPTION("IpfixPayloadWriterCfg: connNumber not set in configuration!");

	struct stat s;
	if (stat(path.c_str(), &s) != 0)
		THROWEXCEPTION("IpfixPayloadWriterCfg: failed to access destination path '%s', error: %s", path.c_str(), strerror(errno));
}
예제 #14
0
PSAMPExporterCfg::PSAMPExporterCfg(XMLElement* elem) 
	: CfgHelper<PSAMPExporterModule, PSAMPExporterCfg>(elem, "psampExporter"),
	templateRefreshTime(0), /* templateRefreshRate(0), */
	maxPacketSize(0), exportDelay(0), reporting(NULL) 
{ 
	if (!elem) return;

	observationDomainId = getInt("observationDomainId", 0);

	// determine captureLen
	// FIXME: undocumented parameter, this value should come from observer
	int captureLen = getInt("captureLen", PCAP_DEFAULT_CAPTURE_LENGTH);
	
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("ipfixPacketRestrictions")) {
			maxPacketSize = (uint16_t)getInt("maxPacketSize", 0, e);
			exportDelay = getTimeInUnit("maxExportDelay", mSEC, 0, e);
		} else if (e->matches("udpTemplateManagement")) {
			// use 0 as default values for both if the config entry isn't found 
			templateRefreshTime = getTimeInUnit("templateRefreshTimeout", SEC, IS_DEFAULT_TEMPLATE_TIMEINTERVAL, e);
			/* templateRefreshRate = getInt("templateRefreshRate", IS_DEFAULT_TEMPLATE_RECORDINTERVAL, e); */ /* TODO */
		} else if (e->matches("collector")) {
			collectors.push_back(new CollectorCfg(e));
		} else if (e->matches("packetReporting")) {
			reporting = new PacketReportingCfg(e);
		} else if (e->matches("captureLen") || e->matches("observationDomainId")) {
			// ignore it, already handled
		} else {
			THROWEXCEPTION("Illegal PSAMPExporter config entry \"%s\"found",
					e->getName().c_str());
		}
	}

	if (reporting == NULL)
		THROWEXCEPTION("No packetReporting found in psampExporter config");
	
	// rough estimation of the maximum record length including variable length fields
	recordLength =  reporting->getRecordLength() + 
			reporting->getRecordsVariableLen() * captureLen;
} 
예제 #15
0
void IpfixDbWriterOracleCfg::readColumns(XMLElement* elem) {
	colNames.clear();
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("name")) {
			colNames.push_back(e->getFirstText());
			msg(MSG_DEBUG, "Row: %s", e->getFirstText().c_str());
		} else {
			msg(MSG_FATAL, "Unknown IpfixDbWriterOracle config statement %s\n", e->getName().c_str());
			continue;
		}		
	}

}
예제 #16
0
void IpfixDbWriterMongoCfg::readProperties(XMLElement* elem) {
	properties.clear();
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("name") && !allProperties) {
			properties.push_back(e->getFirstText());
		} else if (e->matches("all")) {
			properties.clear();
			allProperties = true;
		} else {
			msg(MSG_FATAL, "Unknown IpfixDbWriterMongo config statement %s\n", e->getName().c_str());
			continue;
		}		
	}

}
예제 #17
0
IpfixDbWriterMongoCfg::IpfixDbWriterMongoCfg(XMLElement* elem)
    : CfgHelper<IpfixDbWriterMongo, IpfixDbWriterMongoCfg>(elem, "ipfixDbWriterMongo"),
      port(27017), bufferObjects(30), observationDomainId(0)
{
  if (!elem) return;

  XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
  	beautifyProperties = false;
  	allProperties = false;
	for ( XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
        it != set.end();
	      it++) {
	  XMLElement* e = *it;

		if (e->matches("host")) {
			hostname = e->getFirstText();
		} else if (e->matches("port")) {
			port = getInt("port");
		} else if (e->matches("database")) {
			database = e->getFirstText();
		} else if (e->matches("username")) {
			user = e->getFirstText();
		} else if (e->matches("password")) {
			password = e->getFirstText();
		} else if (e->matches("bufferobjects")) {
			bufferObjects = getInt("bufferobjects");
		} else if (e->matches("properties")) {
			readProperties(e);
		} else if (e->matches("observationDomainId")) {
			observationDomainId = getInt("observationDomainId");
		} else if (e->matches("beautifyProperties")) {
			beautifyProperties = true;
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown IpfixDbWriterMongo config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (hostname=="") THROWEXCEPTION("IpfixDbWriterMongoCfg: host not set in configuration!");
	if (database=="") THROWEXCEPTION("IpfixDbWriterMongoCfg: dbname not set in configuration!");
}
IpfixSamplerCfg::IpfixSamplerCfg(XMLElement* elem)
    : CfgHelper<IpfixSampler, IpfixSamplerCfg>(elem, "ipfixSampler"),
    flowRate(1)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("flowrate")) {
			flowRate = getDouble("flowrate");
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown IpfixSampler config statement %s\n", e->getName().c_str());
			continue;
		}
	}
}
예제 #19
0
ObserverCfg::ObserverCfg(XMLElement* elem)
	: CfgHelper<Observer, ObserverCfg>(elem, "observer"),
	interface(),
	pcap_filter(),
	capture_len(PCAP_DEFAULT_CAPTURE_LENGTH),
	offline(false),
	replaceOfflineTimestamps(false),
	offlineAutoExit(true),
	offlineSpeed(1.0)
{
	if (!elem) return;  // needed because of table inside ConfigManager
	
	XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("interface")) {
			interface = e->getFirstText();
		} else if (e->matches("pcap_filter")) {
			pcap_filter = e->getFirstText();
		} else if (e->matches("filename")) {
			interface = e->getFirstText();
			offline = true;
		} else if (e->matches("replaceTimestamps")) {
			replaceOfflineTimestamps = getBool("replaceTimestamps", replaceOfflineTimestamps);
		} else if (e->matches("offlineSpeed")) {
			offlineSpeed = getDouble("offlineSpeed");
		} else if (e->matches("offlineAutoExit")) {
			offlineAutoExit = getBool("offlineAutoExit", offlineAutoExit);
		} else if (e->matches("captureLength")) {
			capture_len = getInt("captureLength");	
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown observer config statement %s\n", e->getName().c_str());
			continue;
		}
	}
}
예제 #20
0
TRWPortscanDetectorCfg::TRWPortscanDetectorCfg(XMLElement* elem)
    : CfgHelper<TRWPortscanDetector, TRWPortscanDetectorCfg>(elem, "trwPortscanDetector"),
      hashBits(20),
      timeExpirePending(60*60*24),
      timeExpireScanner(60*30),
      timeExpireBenign(60*30),
      timeCleanupInterval(10)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("hashbits")) {
			hashBits = getInt("hashbits");
		} else if (e->matches("timeexpirepending")) {
			timeExpirePending = getInt("timeexpirepending");
		} else if (e->matches("timeexpirescanner")) {
			timeExpireScanner = getInt("timeexpirescanner");
		} else if (e->matches("timeexpirebenign")) {
			timeExpireBenign = getInt("timeexpirebenign");
		} else if (e->matches("timecleanupinterval")) {
			timeCleanupInterval = getInt("timecleanupinterval");
		} else if (e->matches("analyzerid")) {
			analyzerId = e->getFirstText();
		} else if (e->matches("idmeftemplate")) {
			idmefTemplate = e->getFirstText();
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(LOG_CRIT, "Unknown TRWPortscanDetector config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (analyzerId=="") THROWEXCEPTION("TRWPortscanDetectorCfg: analyzerid not set in configuration!");
	if (idmefTemplate=="") THROWEXCEPTION("TRWPortscanDetectorCfg: idmeftemplate not set in configuration!");
}
FrontPayloadSigMatcherCfg::FrontPayloadSigMatcherCfg(XMLElement* elem)
    : CfgHelper<FrontPayloadSigMatcher, FrontPayloadSigMatcherCfg>(elem, "frontPayloadSigMatcher")
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("signaturedir")) {
			signatureDir = e->getFirstText();
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown FrontPayloadSigMatcher config statement %s\n", e->getName().c_str());
			continue;
		}
	}

	if (signatureDir=="") THROWEXCEPTION("FrontPayloadSigMatcher: did not find required configuration parameter signaturedir");
}
IpfixExporterCfg::IpfixExporterCfg(XMLElement* elem)
	: CfgHelper<IpfixSender, IpfixExporterCfg>(elem, "ipfixExporter"),
	templateRefreshTime(IS_DEFAULT_TEMPLATE_TIMEINTERVAL), templateRefreshRate(0),	
	sctpDataLifetime(0), sctpReconnectInterval(0),
	maxPacketSize(0), exportDelay(0),
	recordRateLimit(0), observationDomainId(0)
{

	if (!elem) {
		return;
	}
	
	recordRateLimit = getInt("maxRecordRate", IS_DEFAULT_MAXRECORDRATE);
	observationDomainId = getInt("observationDomainId", 0);
	msg(MSG_INFO, "Exporter: using maximum rate of %d records/second", recordRateLimit);
	sctpDataLifetime = getTimeInUnit("sctpDataLifetime", mSEC, IS_DEFAULT_SCTP_DATALIFETIME);
	sctpReconnectInterval = getTimeInUnit("sctpReconnectInterval", SEC, IS_DEFAULT_SCTP_RECONNECTINTERVAL);
	templateRefreshRate = getInt("templateRefreshRate", IS_DEFAULT_TEMPLATE_RECORDINTERVAL);
	templateRefreshTime = getTimeInUnit("templateRefreshInterval", SEC, IS_DEFAULT_TEMPLATE_TIMEINTERVAL);
	

	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("collector")) {
			collectors.push_back(new CollectorCfg(e));
		} else if (e->matches("maxRecordRate") || e->matches("sctpDataLifetime") || e->matches("sctpReconnectInterval")
				|| e->matches("templateRefreshRate")|| e->matches("templateRefreshInterval") || e->matches("observationDomainId")) {		
			// already done!
		} else {
			THROWEXCEPTION("Illegal Exporter config entry \"%s\" found",
					e->getName().c_str());
		}
	}
}
예제 #23
0
void IpfixDbReaderCommonCfg::readConfigSection(XMLElement* elem)
{
    if (!elem) return;

    XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("host")) {
			hostname = e->getFirstText();
		} else if (e->matches("port")) {
			port = getInt("port");
		} else if (e->matches("dbname")) {
			dbname = e->getFirstText();
		} else if (e->matches("username")) {
			user = e->getFirstText();
		} else if (e->matches("password")) {
			password = e->getFirstText();
		} else if (e->matches("timeshift")) {
			timeshift = getBool("timeshift", timeshift);
		} else if (e->matches("fullspeed")) {
			fullspeed = getBool("fullspeed", fullspeed);
		} else if (e->matches("observationDomainId")) {
			observationDomainId = getInt("observationDomainId");
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unknown IpfixDbReader config statement %s\n", e->getName().c_str());
			continue;
		}
	}
	if (hostname=="") THROWEXCEPTION("IpfixDbReaderCfg: host not set in configuration!");
	if (port==0) THROWEXCEPTION("IpfixDbReaderCfg: port not set in configuration!");
	if (dbname=="") THROWEXCEPTION("IpfixDbReaderCfg: dbname not set in configuration!");
	if (user=="") THROWEXCEPTION("IpfixDbReaderCfg: username not set in configuration!");
	if (password=="") THROWEXCEPTION("IpfixDbReaderCfg: password not set in configuration!");
}
Module* PacketStringFilterCfg::getInstance()
{
	if (!instance)
		instance = new StringFilter();

	XMLNode::XMLSet<XMLElement*> set = _elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("is")) {
			instance->addandFilter(getRealValue(e));
		} else if (e->matches("isnot")) {
			instance->addnotFilter(getRealValue(e));
		} else {
			msg(MSG_FATAL, "Unkown string packet filter config %s\n", e->getName().c_str());
			continue;
		}
	}

	return (Module*)instance;
}
IpfixCollectorCfg::IpfixCollectorCfg(XMLElement* elem)
	: CfgHelper<IpfixCollector, IpfixCollectorCfg>(elem, "ipfixCollector"),
	listener(NULL),
	ipfixCollector(NULL),
        observationDomainId(0)
{

	if (!elem)
		return;
	
	msg(MSG_INFO, "CollectorConfiguration: Start reading packetReporting section");
	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;

		if (e->matches("listener")) {
			listener = new CollectorCfg(e);
		} else if (e->matches("udpTemplateLifetime")) {
			msg(MSG_DEBUG, "Don't know how to handle udpTemplateLifetime! Ignored.");
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unkown observer config statement %s\n", e->getName().c_str());
			continue;
		}
	}

	observationDomainId = getInt("observationDomainId", 0);
	
	if (listener == NULL)
		THROWEXCEPTION("collectingProcess has to listen on one address!");
	if (listener->getProtocolType() != UDP && listener->getProtocolType() != SCTP)
		THROWEXCEPTION("collectingProcess can handle only UDP or SCTP!");
	
	msg(MSG_INFO, "CollectorConfiguration: Successfully parsed collectingProcess section");
}
예제 #26
0
unsigned int CfgBase::getTimeInUnit(const std::string& name, timeUnit unit, uint32_t def, XMLElement* elem)
{
	unsigned int time;
	if (!elem)
		elem = _elem;

	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	XMLNode::XMLSet<XMLElement*>::const_iterator it = set.begin();
	for (; it != set.end(); it++) {
		XMLElement* e = *it;

		try {
			if (e->getName() != name)
				continue;
		} catch (IllegalEntry ie) {

		}

		time = atoi(e->getFirstText().c_str());

		XMLAttribute* a = e->getAttribute("unit");
		if (!a)
			continue;

		if (a->getValue() == "sec")
			return time*unit/SEC;
		else if (a->getValue() == "msec")
			return time*unit/mSEC;
		else if (a->getValue() == "usec")
			return time*unit/uSEC;
		else
			THROWEXCEPTION("Unkown time unit '%s'", a->getValue().c_str());
	}

	// we didn't find the element, return default
	return def;
}
AggregatorBaseCfg::AggregatorBaseCfg(XMLElement* elem)
	: CfgBase(elem), pollInterval(0)
{
	if (!elem)
		return;

	rules = new Rules;
	htableBits = HT_DEFAULT_BITSIZE;
	baseTCP = NULL;

	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin();
	     it != set.end();
	     it++) {
		XMLElement* e = *it;
		if (e->matches("rule")) {
			Rule* r = readRule(e);
			if (r)
				rules->rule[rules->count++] = r;
		} else if (e->matches("DosDefense")) {
			baseTCP = readDos(e);
		} else if (e->matches("expiration")) {
			// get the time values or set them to '0' if they are not specified
			maxBufferTime = getTimeInUnit("activeTimeout", SEC, 0, e);
			minBufferTime = getTimeInUnit("inactiveTimeout", SEC, 0, e);
			if (!maxBufferTime) THROWEXCEPTION("active timeout not set in configuration for aggregator");
			if (!minBufferTime) THROWEXCEPTION("inactive timeout not set in configuration for aggregator");
		} else if (e->matches("pollInterval")) {
			pollInterval = getTimeInUnit("pollInterval", mSEC, AGG_DEFAULT_POLLING_TIME);
		} else if (e->matches("hashtableBits")) {
			htableBits = getInt("hashtableBits", HT_DEFAULT_BITSIZE);
		} else if (e->matches("next")) { // ignore next
		} else {
			msg(MSG_FATAL, "Unkown Aggregator config entry %s\n", e->getName().c_str());
		}
	}
}
bool PacketStringFilterCfg::deriveFrom(PacketStringFilterCfg* old)
{
	XMLNode::XMLSet<XMLElement*> newStatements = this->_elem->getElementChildren();
	XMLNode::XMLSet<XMLElement*> oldStatements = old->_elem->getElementChildren();

	if (newStatements.size() != oldStatements.size())
		return false;

	XMLNode::XMLSet<XMLElement*>::iterator itNew = newStatements.begin();
	XMLNode::XMLSet<XMLElement*>::iterator itOld = oldStatements.begin();
	for (; itNew != newStatements.end() && itOld != oldStatements.end();
	     itOld++ , itNew++) {
		XMLElement* oldE = *itOld;
		XMLElement* newE = *itNew;
		if (oldE->getFirstText() != newE->getFirstText())
			return false;
	}

	return true;
}
예제 #29
0
IDSLoadbalancerCfg::IDSLoadbalancerCfg(XMLElement* elem)
	: CfgHelper<IDSLoadbalancer, IDSLoadbalancerCfg>(elem, "IDSLoadbalancer"),
	selector(NULL),
	updateInterval(0)
{
	if (!elem) return;

	XMLNode::XMLSet<XMLElement*> set = elem->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) {
		XMLElement* e = *it;

		if (e->matches("updateinterval")) {
			updateInterval = getInt("updateinterval", 0, e);
		} else if (e->matches("PacketSelector")) {
			XMLAttribute *a = e->getAttribute("type");
			if (!a)
				THROWEXCEPTION("no PacketSelector specified");
			string _selector = a->getValue();

			if (_selector == "HashPacketSelector") {
				if (!selector) {
					selector = new HashPacketSelector();
				} else
					THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed.");
			} else if (_selector == "IpPacketSelector") {
				msg(MSG_DEBUG, "IpPacketSelector");
				XMLNode::XMLSet<XMLElement*> set = e->getElementChildren();
				for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) {
					XMLElement* e = *it;
					if (e->matches("DestinationIp")){
						XMLAttribute *a = e->getAttribute("queueno");
						if (!a)
							THROWEXCEPTION("No queue number specified");
						int queueno = 0;
						std::string tmp = a->getValue();
						try {
							queueno = boost::lexical_cast<int>(tmp);
						}catch (boost::bad_lexical_cast &){
							THROWEXCEPTION("bad value for queue number: %s", tmp.c_str());
						}
						std::string ip = e->getFirstText();
						dst[parseIp(ip)] = queueno;
					}else if (e->matches("SourceIp")){
						XMLElement* e = *it;
						XMLAttribute *a = e->getAttribute("queueno");
						if (!a)
							THROWEXCEPTION("No queue number specified");
						int queueno = 0;
						std::string tmp = a->getValue();
						try {
							queueno = boost::lexical_cast<int>(tmp);
						}catch (boost::bad_lexical_cast &){
							THROWEXCEPTION("bad value for queue number: %s", tmp.c_str());
						}
						std::string ip = e->getFirstText();
						src[parseIp(ip)] = queueno;
					}
				}
				if (!selector) {
					selector = new IpPacketSelector();
					if (src.empty() && dst.empty())
						THROWEXCEPTION("IDSLoadBalancerCfg: packet selector IpPacketSelector was defined, but no source or destination IPs!");
				} else
					THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed.");

			} else if (_selector == "PriorityPacketSelector") {
				float startprio = getDouble("startPriority", 1.0, e);
				uint32_t minmontime = getInt("minimumMonitoringTime", 10000, e);
				uint32_t maxspeed = getInt("maxSpeed", 0, e);
				list<PriorityNetConfig> config;
				list<WeightModifierConfig> weightmods;
				XMLNode::XMLSet<XMLElement*> set = e->getElementChildren();
				for (XMLNode::XMLSet<XMLElement*>::iterator it = set.begin(); it != set.end(); it++) {
					XMLElement* e = *it;
					if (e->matches("networks")) {
						XMLNode::XMLSet<XMLElement*> netset = e->getElementChildren();
						for (XMLNode::XMLSet<XMLElement*>::iterator nit = netset.begin(); nit != netset.end(); nit++) {
							XMLElement* e = *nit;
							if (e->matches("network")) {
								XMLAttribute* a = e->getAttribute("address");
								if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'address' in configuration element 'network'!");
								string cidr = a->getFirstText();
								size_t pos = cidr.find("/");
								string ip = cidr.substr(0, pos);
								string sbits = cidr.substr(pos+1);
								int maskbits = atoi(sbits.c_str());
								if (maskbits<0 || maskbits>32)
									THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'address' has invalid number of mask bits in configuration (%s)!", sbits.c_str());
								in_addr_t ipaddr = inet_addr(ip.c_str());
								if (ipaddr==(in_addr_t)-1)
									THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'address' has invalid ip subnet in configuration (%s)!", ip.c_str());
								a = e->getAttribute("weight");
								if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'weight' in configuration element 'network'!");
								char* res;
								float weight = strtof(a->getFirstText().c_str(), &res);
								if (weight<=0 || res==a->getFirstText().c_str())
									THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'weight' in configuration element 'network' contains invalid value (%s)!", a->getFirstText().c_str());
								config.push_back(PriorityNetConfig(ntohl((uint32_t)ipaddr), ((1<<(32-maskbits))-1)^0xFFFFFFFF, maskbits, weight));
							}
						}
					}
					if (e->matches("weightModifiers")) {
						XMLNode::XMLSet<XMLElement*> netset = e->getElementChildren();
						for (XMLNode::XMLSet<XMLElement*>::iterator nit = netset.begin(); nit != netset.end(); nit++) {
							XMLElement* e = *nit;
							if (e->matches("traffic")) {
								XMLAttribute* a = e->getAttribute("quantile");
								if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'quantile' in configuration element 'traffic'!");
								char* res;
								float quantile = strtof(a->getFirstText().c_str(), &res);
								if (quantile<=0 || quantile>1 || res==a->getFirstText().c_str())
									THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'quantile' is not in expected range (0<x<=1): %s", a->getFirstText().c_str());
								a = e->getAttribute("weightModifier");
								if (!a) THROWEXCEPTION("IDSLoadBalancerCfg: no attribute 'weightModifier' in configuration element 'traffic'!");
								float weightmod = strtof(a->getFirstText().c_str(), &res);
								if (weightmod<=0 || res==a->getFirstText().c_str())
									THROWEXCEPTION("IDSLoadBalancerCfg: attribute 'weightModifier' is not in expected range (0<x): %s", a->getFirstText().c_str());
								weightmods.push_back(WeightModifierConfig(quantile, weightmod));
							}
						}
					}
				}

				if (!selector) {
					struct timeval tv;
					tv.tv_sec = minmontime/1000;
					tv.tv_usec = (minmontime%1000)*1000;

					// sort the network configuration by decreasing maskbits
					config.sort(compareDecrMask);
					selector = new PriorityPacketSelector(config, startprio, tv, maxspeed, weightmods);
				} else
					THROWEXCEPTION("IDSLoadBalancerCfg: multiple packet selectors specified! This is not allowed.");
			} else {
				THROWEXCEPTION("Invalid selector: %s", _selector.c_str());
			}
		}
	}
	if (!selector)
		THROWEXCEPTION("IDSLoadBalancerCfg: No packet selector specified, this is compulsory");
}
예제 #30
0
/**
 * parses configuration and adjusts/creates module graph accordingly
 * afterwards all modules are started
 */
void ConfigManager::parseConfig(std::string fileName)
{
	lockGraph();
	Graph* oldGraph = graph;

	graph = new Graph();

	old_document = document;
	document = XMLDocument::parse_file(fileName);
	XMLElement* root = document->getRootNode();

	// consistency checks
	if (!root) {
		unlockGraph();
		THROWEXCEPTION("%s is an empty XML-Document!", fileName.c_str());
	}

	if (!root->matches("ipfixConfig")) {
		unlockGraph();
		THROWEXCEPTION("Root element does not match \"ipfixConfig\"."
			       " This is not a valid configuration file!");
	}

	/* process each root element node and add a new node (with its config
	 * attached to the node) to the graph
	 */
	XMLNode::XMLSet<XMLElement*> rootElements = root->getElementChildren();
	for (XMLNode::XMLSet<XMLElement*>::const_iterator it = rootElements.begin();
	     it != rootElements.end();
	     it++) {
		bool found = false;
		for (unsigned int i = 0; i < ARRAY_SIZE(configModules); i++) {
			if ((*it)->getName() == configModules[i]->getName()) {
				Cfg* cfg = configModules[i]->create(*it);

				// handle special modules
				SensorManagerCfg* smcfg = dynamic_cast<SensorManagerCfg*>(cfg);
				if (smcfg) {
					// SensorManager will not be connected to any modules, so its instance
					// needs to be started manually
					smcfg->setGraphIS(this);
					sensorManager = smcfg->getInstance();
				}

				graph->addNode(cfg);
				found = true;
			}
		}

		if (!found) {
			msg(MSG_ERROR, "Unknown cfg entry %s found", (*it)->getName().c_str());
		}
	}

	if (!oldGraph) { // this is the first config we have read
		Connector connector;
		graph->accept(&connector);
	} else {
		// first, connect the nodes on the new graph (but NOT the modules)
		Connector connector(true, false);
		graph->accept(&connector);
		// now connect the modules reusing those from the old graph
		graph = reconnect(graph, oldGraph);
	}

	// start the instances if not already running
	std::vector<CfgNode*> topoNodes = graph->topoSort();

	for (size_t i = 0; i < topoNodes.size(); i++) {
		Cfg* cfg = topoNodes[topoNodes.size() -1 -i]->getCfg();
		msg(MSG_INFO, "Starting module %s", cfg->getName().c_str());
		cfg->start(false);
	}

	if (old_document)
		delete old_document;

	unlockGraph();

}