nmsg_pcap_t
nmsg_pcap_input_open(pcap_t *phandle) {
struct nmsg_pcap *pcap;
pcap = calloc(1, sizeof(*pcap));
if (pcap == NULL)
return (NULL);
pcap->handle = phandle;
pcap->datalink = pcap_datalink(phandle);
pcap->new_pkt = calloc(1, NMSG_IPSZ_MAX);
pcap->reasm = reasm_ip_new();
if (pcap->reasm == NULL) {
free(pcap->new_pkt);
free(pcap);
return (NULL);
}
reasm_ip_set_timeout(pcap->reasm, 60);
if (pcap_file(phandle) == NULL)
pcap->type = nmsg_pcap_type_live;
else
pcap->type = nmsg_pcap_type_file;
return (pcap);
}
static int load_module(xml_node *config) {
char errbuf[PCAP_ERRBUF_SIZE];
xml_node *params, *profile=NULL, *settings;
char *key, *value = NULL;
unsigned int i = 0;
char loadplan[1024];
FILE* cfg_stream;
LNOTICE("Loaded %s", module_name);
load_module_xml_config();
/* READ CONFIG */
profile = module_xml_config;
/* reset profile */
profile_size = 0;
memset(sniffer_proto, 0, sizeof sniffer_proto);
//global_scripts_path
while (profile) {
profile = xml_get("profile", profile, 1);
if (profile == NULL)
break;
if (!profile->attr[4] || strncmp(profile->attr[4], "enable", 6)) {
goto nextprofile;
}
/* if not equals "true" */
if (!profile->attr[5] || strncmp(profile->attr[5], "true", 4)) {
goto nextprofile;
}
if(profile_size == MAX_SOCKETS) {
break;
}
memset(&profile_socket[profile_size], 0, sizeof(profile_socket_t));
/* set values */
profile_socket[profile_size].name = strdup(profile->attr[1]);
profile_socket[profile_size].description = strdup(profile->attr[3]);
profile_socket[profile_size].serial = atoi(profile->attr[7]);
profile_socket[profile_size].capture_plan = NULL;
profile_socket[profile_size].capture_filter = NULL;
profile_socket[profile_size].action = -1;
profile_socket[profile_size].ring_buffer = 12;
profile_socket[profile_size].snap_len = 3200;
profile_socket[profile_size].promisc = 1;
profile_socket[profile_size].timeout = 100;
profile_socket[profile_size].full_packet = 0;
profile_socket[profile_size].reasm = 0;
profile_socket[profile_size].erspan = 0;
/* SETTINGS */
settings = xml_get("settings", profile, 1);
if (settings != NULL) {
params = settings;
while (params) {
params = xml_get("param", params, 1);
if (params == NULL)
break;
if (params->attr[0] != NULL) {
/* bad parser */
if (strncmp(params->attr[0], "name", 4)) {
LERR("bad keys in the config");
goto nextparam;
}
key = params->attr[1];
if (params->attr[2] && params->attr[3] && !strncmp(params->attr[2], "value", 5)) {
value = params->attr[3];
} else {
value = params->child->value;
}
if (key == NULL || value == NULL) {
LERR("bad values in the config");
goto nextparam;
}
if (!usefile && !strncmp(key, "dev", 3))
profile_socket[profile_size].device = strdup(value);
else if (!strncmp(key, "reasm", 5) && !strncmp(value, "true", 4))
profile_socket[profile_size].reasm = +1;
else if (!strncmp(key, "ipv4fragments", 13) && !strncmp(value, "true", 4))
ipv4fragments = 1;
else if (!strncmp(key, "ipv6fragments", 13) && !strncmp(value, "true", 4))
ipv6fragments = 1;
else if(!strncmp(key, "tcpdefrag", 9) && !strncmp(value, "true", 4))
profile_socket[profile_size].reasm +=2;
else if (!strncmp(key, "ring-buffer", 11))
profile_socket[profile_size].ring_buffer = atoi(value);
else if (!strncmp(key, "full-packet",11) && !strncmp(value, "true", 4))
profile_socket[profile_size].full_packet = 1;
else if (!strncmp(key, "timeout", 7))
profile_socket[profile_size].timeout = atoi(value);
else if (!strncmp(key, "snap-len", 8))
profile_socket[profile_size].snap_len = atoi(value);
else if (!strncmp(key, "promisc", 7) && !strncmp(value, "true", 4))
profile_socket[profile_size].promisc = 1;
else if (!strncmp(key, "filter", 6))
profile_socket[profile_size].filter = strdup(value);
else if (!strncmp(key, "capture-plan", 12))
profile_socket[profile_size].capture_plan = strdup(value);
else if (!strncmp(key, "capture-filter", 14))
profile_socket[profile_size].capture_filter = strdup(value);
else if(!strncmp(key, "debug", 5) && !strncmp(value, "true", 4))
debug_socket_pcap_enable = 1;
else if (!strncmp(key, "erspan", 6) && !strncmp(value, "true", 4))
profile_socket[profile_size].erspan = 1;
}
nextparam: params = params->next;
}
}
profile_size++;
nextprofile: profile = profile->next;
}
/* free */
free_module_xml_config();
for (i = 0; i < profile_size; i++) {
unsigned int *arg = malloc(sizeof(arg));
*arg = i;
/* DEV || FILE */
if (!usefile) {
if (!profile_socket[i].device)
profile_socket[i].device = pcap_lookupdev(errbuf);
if (!profile_socket[i].device) {
perror(errbuf);
exit(-1);
}
}
// start thread
if (!init_socket(i)) {
LERR("couldn't init pcap");
return -1;
}
/* REASM */
if (profile_socket[i].reasm == 1 || profile_socket[i].reasm == 3) {
reasm[i] = reasm_ip_new();
reasm_ip_set_timeout(reasm[i], 30000000);
}
else reasm[i] = NULL;
/* TCPREASM */
if (profile_socket[i].reasm == 2 || profile_socket[i].reasm == 3) {
tcpreasm[i] = tcpreasm_ip_new ();
tcpreasm_ip_set_timeout(tcpreasm[i], 30000000);
}
else tcpreasm[i] = NULL;
if(profile_socket[i].capture_plan != NULL)
{
snprintf(loadplan, sizeof(loadplan), "%s/%s", global_capture_plan_path, profile_socket[i].capture_plan);
cfg_stream=fopen (loadplan, "r");
if (cfg_stream==0){
fprintf(stderr, "ERROR: loading config file(%s): %s\n", loadplan, strerror(errno));
}
yyin=cfg_stream;
if ((yyparse()!=0)||(cfg_errors)){
fprintf(stderr, "ERROR: bad config file (%d errors)\n", cfg_errors);
//goto error;
}
profile_socket[i].action = main_ct.idx;
}
pthread_create(&call_thread[i], NULL, proto_collect, arg);
}
return 0;
}
