static packet* SdpDissector(packet *pkt)
{
packet *sdp_pkt;
sdp_msg *msg;
pstack_f *frame;
sdp_pkt = NULL;
/* create new SDP message */
msg = DMemMalloc(sizeof(sdp_msg));
SdpMsgInit(msg);
if (SdpParse(pkt, pkt->len, msg) == 0) {
/* new sdp packet */
sdp_pkt = PktNew();
sdp_pkt->stk = ProtCopyFrame(pkt->stk, TRUE);
/* new frame */
frame = ProtCreateFrame(sdp_id);
ProtSetNxtFrame(frame, sdp_pkt->stk);
sdp_pkt->stk = frame;
/* set frame attribute */
sdp_pkt->cap_sec = pkt->cap_sec;
sdp_pkt->cap_usec = pkt->cap_usec;
sdp_pkt->serial = pkt->serial;
sdp_pkt->data = (char *)msg;
}
PktFree(pkt);
return sdp_pkt;
}
static void PcapDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes)
{
struct cap_ref *ref = (struct cap_ref *)user;
packet *pkt;
static time_t tm = 0;
struct timespec to;
unsigned long len;
char tgl;
pkt = PktNew();
ref->cnt++;
pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+4);
memcpy(pkt->raw, bytes, h->caplen);
pkt->raw_len = h->caplen;
/* align 4b */
len = pkt->raw_len;
len = len + 4 - (len%4);
*((unsigned long *)&(pkt->raw[len])) = ref->dlt;
*((unsigned long *)&(pkt->raw[len+sizeof(unsigned long)])) = ref->cnt;
*((char **)(&(pkt->raw[len+sizeof(unsigned long)*2]))) = ref->file_name;
if (h->ts.tv_sec < 0)
pkt->cap_sec = 0;
else
pkt->cap_sec = h->ts.tv_sec;
pkt->cap_usec = h->ts.tv_usec;
pkt->serial = pkt_serial;
/* crash info */
crash_pkt_cnt = ref->cnt;
crash_ref_name = ref->file_name;
/* decode */
if (!ciao)
ProtDissec(pcap_prot_id, pkt);
FlowSetGblTime(h->ts.tv_sec);
/* next serial number */
pkt_serial++;
if (time(NULL) > tm) {
tgl = 0;
ReportSplash();
while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) {
tgl = (tgl + 1) % 4;
to.tv_sec = 0;
to.tv_nsec = 300000000;
/* wait some time */
while (nanosleep(&to, &to) != 0)
;
if (tgl == 0)
ReportSplash();
}
tm = time(NULL) + 2;
}
}
static int SnoopDissector(FILE *fp, struct cap_ref *ref)
{
struct snoop_packet_header hdr;
unsigned long hlen, len;
packet *pkt;
time_t tm = 0;
struct timespec to;
while (1) {
/* read header */
hlen = fread(&hdr, 1, sizeof(struct snoop_packet_header), fp);
if (hlen != sizeof(struct snoop_packet_header)) {
if (hlen == 0)
return 0;
printf("Snoop file error\n");
return -1;
}
pkt = PktNew();
/* conver values */
hdr.tlen = ntohl(hdr.tlen);
hdr.len = ntohl(hdr.len);
hdr.blen = ntohl(hdr.blen);
hdr.secs = ntohl(hdr.secs);
hdr.usecs = ntohl(hdr.usecs);
len = hdr.blen - hlen;
ref->cnt++;
pkt->raw = DMemMalloc(len+sizeof(unsigned long)*2+sizeof(char *)+4);
len = fread(pkt->raw, 1, len, fp);
pkt->raw_len = len;
/* align 4b */
len = len + 4 - (len%4);
*((unsigned long *)&(pkt->raw[len])) = ref->dlt;
*((unsigned long *)&(pkt->raw[len+sizeof(unsigned long)])) = ref->cnt;
*((char **)(&(pkt->raw[len+sizeof(unsigned long)*2]))) = ref->file_name;
pkt->cap_sec = hdr.secs;
pkt->cap_usec = hdr.usecs;
pkt->serial = pkt_serial;
/* crash info */
crash_pkt_cnt = ref->cnt;
crash_ref_name = ref->file_name;
/* decode */
if (!ciao)
ProtDissec(pcap_prot_id, pkt);
FlowSetGblTime(hdr.secs);
/* next serial number */
pkt_serial++;
if (time(NULL) > tm) {
ReportSplash();
while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) {
to.tv_sec = 0;
to.tv_nsec = 300000000;
/* wait some time */
while (nanosleep(&to, &to) != 0)
;
ReportSplash();
}
tm = time(NULL) + 2;
}
}
return 0;
}
static int SnoopDissector(FILE *fp, struct cap_ref *ref)
{
struct snoop_packet_header hdr;
unsigned long hlen, len;
packet *pkt;
time_t tm = 0;
static time_t tstart = 0;
static size_t tsize = 0;
int offset;
struct timespec to;
FILE *fpl;
while (1) {
/* read header */
hlen = fread(&hdr, 1, sizeof(struct snoop_packet_header), fp);
if (hlen != sizeof(struct snoop_packet_header)) {
if (hlen == 0)
return 0;
printf("Snoop file error\n");
return -1;
}
pkt = PktNew();
/* conver values */
hdr.tlen = ntohl(hdr.tlen);
hdr.len = ntohl(hdr.len);
hdr.blen = ntohl(hdr.blen);
hdr.secs = ntohl(hdr.secs);
hdr.usecs = ntohl(hdr.usecs);
len = hdr.blen - hlen;
ref->cnt++;
pkt->raw = DMemMalloc(len+sizeof(unsigned long)*2+sizeof(char *)+4);
len = fread(pkt->raw, 1, len, fp);
pkt->raw_len = len;
tsize += len;
offset = 0;
*((unsigned long *)&(pkt->raw[len])) = ref->dlt;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[len+offset])) = ref->cnt;
offset += sizeof(unsigned long);
*((char **)(&(pkt->raw[len+offset]))) = ref->file_name;
offset += sizeof(char *);
*((unsigned long *)&(pkt->raw[len+offset])) = ref->ses_id;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[len+offset])) = ref->pol_id;
pkt->cap_sec = hdr.secs;
pkt->cap_usec = hdr.usecs;
pkt->serial = pkt_serial;
/* crash info */
crash_pkt_cnt = ref->cnt;
crash_ref_name = ref->file_name;
/* decode */
ProtDissec(pol_prot_id, pkt);
FlowSetGblTime(hdr.secs);
/* next serial number */
pkt_serial++;
if (time(NULL) > tm) {
tm = time(NULL);
ReportSplash();
while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) {
to.tv_sec = 2;
to.tv_nsec = 1;
/* wait some time */
while (nanosleep(&to, &to) != 0)
;
ReportSplash();
}
if (tstart == 0)
tstart = tm;
else {
fpl = fopen(file_status, "w+");
if (fpl != NULL) {
fprintf(fpl, "s:%lu r:%lu\n", (unsigned long)tsize, (tm - tstart));
fclose(fpl);
}
}
tm += 5;
}
}
return 0;
}
static void PcapDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes)
{
struct cap_ref *ref = (struct cap_ref *)user;
int offset;
packet *pkt;
static time_t tm = 0;
static time_t tstart = 0;
static size_t tsize = 0;
struct timespec to;
FILE *fp;
pkt = PktNew();
ref->cnt++;
pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+sizeof(unsigned long)*2);
memcpy(pkt->raw, bytes, h->caplen);
pkt->raw_len = h->caplen;
tsize += h->caplen;
offset = 0;
*((unsigned long *)&(pkt->raw[pkt->raw_len])) = ref->dlt;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->cnt;
offset += sizeof(unsigned long);
*((char **)&(pkt->raw[pkt->raw_len+offset])) = ref->file_name;
offset += sizeof(char *);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->ses_id;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->pol_id;
if (h->ts.tv_sec < 0)
pkt->cap_sec = 0;
else
pkt->cap_sec = h->ts.tv_sec;
pkt->cap_usec = h->ts.tv_usec;
pkt->serial = pkt_serial;
/* crash info */
crash_pkt_cnt = ref->cnt;
crash_ref_name = ref->file_name;
/* decode */
ProtDissec(pol_prot_id, pkt);
FlowSetGblTime(h->ts.tv_sec);
/* next serial number */
pkt_serial++;
if (time(NULL) > tm) {
tm = time(NULL);
ReportSplash();
while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) {
to.tv_sec = 2;
to.tv_nsec = 1;
/* wait some time */
while (nanosleep(&to, &to) != 0)
;
ReportSplash();
}
if (tstart == 0) {
tstart = tm;
}
else {
fp = fopen(file_status, "w+");
if (fp != NULL) {
fprintf(fp, "s:%lu r:%lu\n", (unsigned long)tsize, (tm - tstart));
fclose(fp);
}
}
tm += 5;
}
}
static void RltmPolDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes)
{
struct pcap_ref *ref = (struct pcap_ref *)user;
packet *pkt;
static time_t tm = 0;
int offset;
struct timespec to;
struct pcap_pkthdr pckt_header;
size_t nwrt, wcnt;
pkt = PktNew();
ref->cnt++;
pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+sizeof(unsigned long)*2);
memcpy(pkt->raw, bytes, h->caplen);
pkt->raw_len = h->caplen;
offset = 0;
*((unsigned long *)&(pkt->raw[pkt->raw_len])) = ref->dlt;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->cnt;
offset += sizeof(unsigned long);
if (savepcap)
*((char **)&(pkt->raw[pkt->raw_len+offset])) = pcap_deb;
else
*((char **)&(pkt->raw[pkt->raw_len+offset])) = "Real Time";
offset += sizeof(char *);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->ses_id;
offset += sizeof(unsigned long);
*((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->pol_id;
pkt->cap_sec = h->ts.tv_sec;
pkt->cap_usec = h->ts.tv_usec;
pkt->serial = pkt_serial;
/* crash info */
crash_pkt_cnt = ref->cnt;
/* decode */
/* save packet */
if (fp_pcap != NULL) {
pckt_header.caplen = pkt->raw_len;
pckt_header.len = pkt->raw_len;
pckt_header.ts.tv_sec = pkt->cap_sec;
pckt_header.ts.tv_usec = pkt->cap_usec;
wcnt = 0;
do {
nwrt = fwrite(((char *)&pckt_header)+wcnt, 1, sizeof(struct pcap_pkthdr)-wcnt, fp_pcap);
if (nwrt != -1)
wcnt += nwrt;
else
break;
} while (wcnt != sizeof(struct pcap_pkthdr));
wcnt = 0;
do {
nwrt = fwrite(((char *)pkt->raw)+wcnt, 1, pkt->raw_len-wcnt, fp_pcap);
if (nwrt != -1)
wcnt += nwrt;
else
break;
} while (wcnt != pkt->raw_len);
}
ProtDissec(pol_prot_id, pkt);
FlowSetGblTime(h->ts.tv_sec);
/* next serial number */
pkt_serial++;
if (time(NULL) > tm) {
tm = time(NULL) + 5;
ReportSplash();
while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) {
to.tv_sec = 2;
to.tv_nsec = 1;
/* wait some time */
while (nanosleep(&to, &to) != 0)
;
LogPrintf(LV_WARNING, "Possible data loss!");
ReportSplash();
}
}
}
