static int anonymizeip_process(mapidflib_function_instance_t *instance, MAPI_UNUSED unsigned char* dev_pkt, unsigned char* link_pkt, MAPI_UNUSED mapid_pkthdr_t* pkt_head) { struct ip *ip; struct ip6_hdr *ip6; uint64_t orig6[2], anon6[2]; anonip_inst_t *i = instance->internal_data; unsigned int len = instance->hwinfo->cap_length; switch(instance->hwinfo->link_type) { case DLT_EN10MB: // Ethernet ip = (struct ip *)(link_pkt + sizeof(ether_header)); len -= sizeof(ether_header); break; case DLT_CHDLC: // PoS ip = (struct ip *)(link_pkt + 4); len -= 4; break; default: DEBUG_CMD(Debug_Message("Link layer not supported")); exit(-1); } if (len < sizeof(struct ip)) return 0; switch(ip->ip_v) { case 4: ip->ip_src.s_addr = htonl(anonymize(&i->anon_instance, ntohl(ip->ip_src.s_addr))); ip->ip_dst.s_addr = htonl(anonymize(&i->anon_instance, ntohl(ip->ip_dst.s_addr))); break; case 6: if (len < sizeof(struct ip6_hdr)) return 0; ip6 = (struct ip6_hdr *)ip; //See panonymizer.h for IPv6 support memcpy(orig6, &ip6->ip6_src, 16); anonymize_v6(&i->anon_instance, orig6, anon6); memcpy(&ip6->ip6_src, anon6, 16); memcpy(orig6, &ip6->ip6_dst, 16); anonymize_v6(&i->anon_instance, orig6, anon6); memcpy(&ip6->ip6_dst, anon6, 16); break; default: return 0; } return 1; }
void MainWndController::innerAnonymize(AnonAlg *alg) { if(_w->isReadOnly()) { return ; } AnonContext context(NULL, QString("")); context.setAlg(alg); anonymize(&context); }
void MainWndController::onAnonymize() { if(_w->isReadOnly()) { return ; } if(NULL == _w->getRegola()->root()) { return ; } Utils::warning(_w, tr("This feature will modify your data.")); AnonAdvDialog dlg(_w->appData(), _w->getRegola(), _w); if(dlg.exec() == QDialog::Accepted) { AnonContext *ctx = dlg.getContext(); anonymize(ctx); delete ctx; } }
unsigned int AnonPrimitive::anonymizeBuffer (void* buf, unsigned int len, bool& anonymized, int *cont) { ANON_RESULT myres = anonymize (buf, len); ANON_RESULT nextres = myres; if (cont != NULL) { if (myres.cont) *cont = 1; else *cont = 0; } if (!myres.cont) anonymized = true; if (myres.cont && next != NULL) nextres = next->anonymizeBuffer(buf, myres.newlength, anonymized); return std::min(myres.newlength, nextres.newlength); }
static void send_data(char *rfile, time_t twin_start, time_t twin_end, uint32_t count, unsigned int delay, int confirm, int anon, int netflow_version) { data_block_header_t in_block_header; master_record_t master_record; common_record_t *flow_record, *in_buff; stat_record_t *stat_record; int i, rfd, done, ret, again; uint32_t numflows, cnt; char *string; #ifdef COMPAT15 int v1_map_done = 0; #endif rfd = GetNextFile(0, twin_start, twin_end, &stat_record); if ( rfd < 0 ) { if ( rfd == FILE_ERROR ) fprintf(stderr, "Can't open file for reading: %s\n", strerror(errno)); return; } // prepare read and send buffer in_buff = (common_record_t *) malloc(BUFFSIZE); peer.send_buffer = malloc(UDP_PACKET_SIZE); peer.flush = 0; if ( !in_buff || !peer.send_buffer ) { perror("Memory allocation error"); close(rfd); return; } peer.writeto = peer.send_buffer; peer.endp = (void *)((pointer_addr_t)peer.send_buffer + UDP_PACKET_SIZE - 1); if ( netflow_version == 5 ) Init_v5_v7_output(&peer); else Init_v9_output(&peer); numflows = 0; done = 0; // setup Filter Engine to point to master_record, as any record read from file // is expanded into this record Engine->nfrecord = (uint64_t *)&master_record; cnt = 0; while ( !done ) { // get next data block from file ret = ReadBlock(rfd, &in_block_header, (void *)in_buff, &string); switch (ret) { case NF_CORRUPT: case NF_ERROR: if ( ret == NF_CORRUPT ) fprintf(stderr, "Skip corrupt data file '%s': '%s'\n",GetCurrentFilename(), string); else fprintf(stderr, "Read error in file '%s': %s\n",GetCurrentFilename(), strerror(errno) ); // fall through - get next file in chain case NF_EOF: rfd = GetNextFile(rfd, twin_start, twin_end, NULL); if ( rfd < 0 ) { if ( rfd == NF_ERROR ) fprintf(stderr, "Read error in file '%s': %s\n",GetCurrentFilename(), strerror(errno) ); // rfd == EMPTY_LIST done = 1; } // else continue with next file continue; break; // not really needed } #ifdef COMPAT15 if ( in_block_header.id == DATA_BLOCK_TYPE_1 ) { common_record_v1_t *v1_record = (common_record_v1_t *)in_buff; // create an extension map for v1 blocks if ( v1_map_done == 0 ) { extension_map_t *map = malloc(sizeof(extension_map_t) + 2 * sizeof(uint16_t) ); if ( ! map ) { perror("Memory allocation error"); exit(255); } map->type = ExtensionMapType; map->size = sizeof(extension_map_t) + 2 * sizeof(uint16_t); map->map_id = INIT_ID; map->ex_id[0] = EX_IO_SNMP_2; map->ex_id[1] = EX_AS_2; map->ex_id[2] = 0; Insert_Extension_Map(&extension_map_list, map); v1_map_done = 1; } // convert the records to v2 for ( i=0; i < in_block_header.NumRecords; i++ ) { common_record_t *v2_record = (common_record_t *)v1_record; Convert_v1_to_v2((void *)v1_record); // now we have a v2 record -> use size of v2_record->size v1_record = (common_record_v1_t *)((pointer_addr_t)v1_record + v2_record->size); } in_block_header.id = DATA_BLOCK_TYPE_2; } #endif if ( in_block_header.id != DATA_BLOCK_TYPE_2 ) { fprintf(stderr, "Can't process block type %u. Skip block.\n", in_block_header.id); continue; } // cnt is the number of blocks, which survived the filter // and added to the output buffer flow_record = in_buff; for ( i=0; i < in_block_header.NumRecords; i++ ) { int match; if ( flow_record->type == CommonRecordType ) { if ( extension_map_list.slot[flow_record->ext_map] == NULL ) { fprintf(stderr, "Corrupt data file. Missing extension map %u. Skip record.\n", flow_record->ext_map); flow_record = (common_record_t *)((pointer_addr_t)flow_record + flow_record->size); continue; } // if no filter is given, the result is always true ExpandRecord_v2( flow_record, extension_map_list.slot[flow_record->ext_map], &master_record); match = twin_start && (master_record.first < twin_start || master_record.last > twin_end) ? 0 : 1; // filter netflow record with user supplied filter if ( match ) match = (*Engine->FilterEngine)(Engine); if ( match == 0 ) { // record failed to pass all filters // increment pointer by number of bytes for netflow record flow_record = (common_record_t *)((pointer_addr_t)flow_record + flow_record->size); // go to next record continue; } // Records passed filter -> continue record processing if ( anon ) { if ( (flow_record->flags & FLAG_IPV6_ADDR ) == 0 ) { master_record.v4.srcaddr = anonymize(master_record.v4.srcaddr); master_record.v4.dstaddr = anonymize(master_record.v4.dstaddr); } else { uint64_t anon_ip[2]; anonymize_v6(master_record.v6.srcaddr, anon_ip); master_record.v6.srcaddr[0] = anon_ip[0]; master_record.v6.srcaddr[1] = anon_ip[1]; anonymize_v6(master_record.v6.dstaddr, anon_ip); master_record.v6.dstaddr[0] = anon_ip[0]; master_record.v6.dstaddr[1] = anon_ip[1]; } } if ( netflow_version == 5 ) again = Add_v5_output_record(&master_record, &peer); else again = Add_v9_output_record(&master_record, &peer); cnt++; numflows++; if ( peer.flush ) { ret = FlushBuffer(confirm); if ( ret < 0 ) { perror("Error sending data"); close(rfd); return; } if ( delay ) { // sleep as specified usleep(delay); } cnt = 0; } if ( again ) { if ( netflow_version == 5 ) Add_v5_output_record(&master_record, &peer); else Add_v9_output_record(&master_record, &peer); cnt++; } } else if ( flow_record->type == ExtensionMapType ) { extension_map_t *map = (extension_map_t *)flow_record; if ( Insert_Extension_Map(&extension_map_list, map) ) { // flush new map } // else map already known and flushed } else { fprintf(stderr, "Skip unknown record type %i\n", flow_record->type); } // Advance pointer by number of bytes for netflow record flow_record = (common_record_t *)((pointer_addr_t)flow_record + flow_record->size); } } // while // flush still remaining records if ( cnt ) { ret = FlushBuffer(confirm); if ( ret < 0 ) { perror("Error sending data"); } } // if cnt if ( rfd ) close(rfd); close(peer.sockfd); return; } // End of send_data