void pfring_got_packet(const struct pfring_pkthdr *pfheader,
const u_char *packet, const u_char *useless)
{
/* pcap_pkthdr and pfring_pkthdr are identical to each other*/
struct pcap_pkthdr *pheader = (struct pcap_pkthdr *)pfheader;
/* Set timestamp if it's not set */
if (pheader->ts.tv_sec == 0)
pheader->ts.tv_sec = time(NULL);
/* pfring_loop orders the arguments differently than pcap_loop */
got_packet((u_char *)useless, (const struct pcap_pkthdr *)pheader, packet);
}
void SNIFFER::update()
{
if (interface)
{
//pcap_loop(handle, num_packets, got_packet, NULL);
if (packet=pcap_next(handle,&header))
{
got_packet(0,&header,packet);
}
}
}
/*
* Returns true/false indicating data successfully read from hypervisor.
* Used both to get packets for tty connections and to advance the state
* machine during console handshaking (in which case tty = NULL and we ignore
* incoming data).
*/
static int hvsi_load_chunk(struct hvsi_struct *hp, struct tty_struct **flip,
struct tty_struct **hangup, struct hvsi_struct **handshake)
{
uint8_t *packet = hp->inbuf;
int chunklen;
*flip = NULL;
*hangup = NULL;
*handshake = NULL;
chunklen = hvsi_read(hp, hp->inbuf_end, HVSI_MAX_READ);
if (chunklen == 0) {
pr_debug("%s: 0-length read\n", __FUNCTION__);
return 0;
}
pr_debug("%s: got %i bytes\n", __FUNCTION__, chunklen);
dbg_dump_hex(hp->inbuf_end, chunklen);
hp->inbuf_end += chunklen;
/* handle all completed packets */
while ((packet < hp->inbuf_end) && got_packet(hp, packet)) {
struct hvsi_header *header = (struct hvsi_header *)packet;
if (!is_header(packet)) {
printk(KERN_ERR "hvsi%i: got malformed packet\n", hp->index);
/* skip bytes until we find a header or run out of data */
while ((packet < hp->inbuf_end) && (!is_header(packet)))
packet++;
continue;
}
pr_debug("%s: handling %i-byte packet\n", __FUNCTION__,
len_packet(packet));
dbg_dump_packet(packet);
switch (header->type) {
case VS_DATA_PACKET_HEADER:
if (!is_open(hp))
break;
if (hp->tty == NULL)
break; /* no tty buffer to put data in */
*flip = hvsi_recv_data(hp, packet);
break;
case VS_CONTROL_PACKET_HEADER:
hvsi_recv_control(hp, packet, hangup, handshake);
break;
case VS_QUERY_RESPONSE_PACKET_HEADER:
hvsi_recv_response(hp, packet);
break;
case VS_QUERY_PACKET_HEADER:
hvsi_recv_query(hp, packet);
break;
default:
printk(KERN_ERR "hvsi%i: unknown HVSI packet type 0x%x\n",
hp->index, header->type);
dump_packet(packet);
break;
}
packet += len_packet(packet);
if (*hangup || *handshake) {
pr_debug("%s: hangup or handshake\n", __FUNCTION__);
/*
* we need to send the hangup now before receiving any more data.
* If we get "data, hangup, data", we can't deliver the second
* data before the hangup.
*/
break;
}
}
compact_inbuf(hp, packet);
return 1;
}
int main (int argc, char **argv) {
char *dev = NULL;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle;
char filter_exp[] = "ip";
struct bpf_program fp;
bpf_u_int32 mask;
bpf_u_int32 net;
struct pcap_pkthdr *header;
const u_char *packet;
int res;
if (argc == 2) {
dev = argv[1];
} else if (argc > 2) {
fprintf(stderr, "error: unrecognized command-line options\n");
exit(EXIT_FAILURE);
} else {
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
exit(EXIT_FAILURE);
}
}
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
printf("Device: %s\n", dev);
printf("Filter expression: %s\n", filter_exp);
handle = pcap_open_live (dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
exit(EXIT_FAILURE);
}
if (pcap_datalink(handle) != DLT_EN10MB) {
fprintf(stderr, "%s is not an Ethernet\n", dev);
exit(EXIT_FAILURE);
}
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
exit(EXIT_FAILURE);
}
while ((res = pcap_next_ex(handle, &header, &packet)) >= 0)
if (res > 0)
got_packet(handle, header, packet);
else
printf("Packet Dropped\n");
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture Complete.\n");
return 0;
}
int main(int argc,char *argv[])
{
char *dev,errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle; /* Session handle */
struct bpf_program fp; /* compiled filter expression */
char filter_exp[]="ether proto \\ip"; //"ip proto \\udp or \\tcp or \\icmp"; /* Filter expression */
bpf_u_int32 mask; /* netmask of sniffing device */
bpf_u_int32 net; /* IP address of const struct pcap_pkthdrsniffing device */
struct sigaction *act_alarm,*act_int;
struct pcap_pkthdr header;
const u_char *packet=NULL;
act_alarm=(struct sigaction*)malloc(sizeof(struct sigaction));
act_int=(struct sigaction*)malloc(sizeof(struct sigaction));
memset(act_alarm,'\0',sizeof(act_alarm));
memset(act_int,'\0',sizeof(act_int));
act_alarm->sa_handler=alarm_printhandler;
sigemptyset(&act_alarm->sa_mask);
act_alarm->sa_flags=0;
sigaction(SIGALRM,act_alarm,NULL);
act_int->sa_handler=INT_handler;
sigemptyset(&act_int->sa_mask);
act_int->sa_flags=0;
sigaction(SIGINT,act_int,NULL);
if(gettimeofday(¤t_time,NULL) != 0)
{
fprintf(stderr,"Error in gettimeofday(): %s\n",strerror(errno));
exit(1);
}
/* Handle commandline here */
memset(interface,'\0',sizeof(interface));
memset(filename,'\0',sizeof(filename));
memset(my_ip,'\0',sizeof(my_ip));
handle_commandline(argc,argv);
newvalue=(struct itimerval*)malloc(sizeof(struct itimerval));
newvalue->it_interval.tv_sec=epoch;
newvalue->it_interval.tv_usec=0;
newvalue->it_value.tv_sec=epoch;
newvalue->it_value.tv_usec=0;
setitimer(ITIMER_REAL,newvalue,NULL);
/* fetch ip address */
getifaddrs(&addr);
while(addr)
{
if(addr->ifa_addr && addr->ifa_addr->sa_family == AF_INET && strcmp(addr->ifa_name,interface)==0)
{
struct sockaddr_in *paddr = (struct sockaddr_in *)addr->ifa_addr;
//fprintf(stdout,"%s %s\n",addr->ifa_name,inet_ntoa(paddr->sin_addr)); //project
strcpy(filename,inet_ntoa(paddr->sin_addr));
strcpy(my_ip,inet_ntoa(paddr->sin_addr));
break;
}
addr = addr->ifa_next;
}
//printf("Filename: %s",filename);
if(epoch == 0)
{
epoch=1; // default is 1 sec
}
if(interface[0] == '\0')
{
dev=" ";
}
else
{
dev=interface;
}
//fprintf(stdout,"Device is %s\n",dev);
/* Lookup network */
if(pcap_lookupnet(dev,&net,&mask,errbuf) == -1)
{
//fprintf(stderr, "Can't get netmask for device %s\n", dev);
net = 0;
mask = 0;
}
//printf("IP: %d\n",net);
//printf("Mask: %d\n",mask);
/* Opening device for sniffing */
if(read_file == NULL)
{
if((handle=pcap_create(dev,errbuf)) == NULL)
{
fprintf(stderr,"Error in pcap_create: %s",errbuf);
exit(1);
}
if(pcap_set_promisc(handle,5) == PCAP_ERROR_ACTIVATED || pcap_set_timeout(handle,epoch*1000) == PCAP_ERROR_ACTIVATED )
{
fprintf(stderr,"Capture handle already activated");
exit(1);
}
pcap_activate(handle);
}
else
{
filer=fopen(read_file,"r");
/* block the alarm handler too */
sigaddset(&act_alarm->sa_mask,SIGALRM);
sigprocmask(SIG_BLOCK,&act_alarm->sa_mask,NULL);
if(filer == NULL)
{
perror("Error in fopen file");
exit(1);
}
handle=pcap_fopen_offline(filer,errbuf);
if(handle == NULL)
{
fprintf(stderr,"Error in pcap_open_offline(): %s",errbuf);
exit(1);
}
}
if(write_file != NULL)
{
filew=fopen(write_file,"w");
}
if(handle == NULL)
{
fprintf(stderr,"Couldn't open device %s: %s\n",dev,errbuf);
exit(1);
}
/* Determine the type of link-headers the device provides */
if(pcap_datalink(handle) != DLT_EN10MB)
{
fprintf(stderr,"Usage: ./traffana -v [-r filename] [-i interface] [-T epoch] [-w filename]\n");
exit(1);
}
/* Complie filter */
if(pcap_compile(handle,&fp, filter_exp,0,net) == -1)
{
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
exit(1);
}
/* Set filter */
if (pcap_setfilter(handle, &fp) == -1)
{
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
exit(1);
}
/* set the diection */
//pcap_setdirection(handle,PCAP_D_IN);
/* Grab the packets */
if(read_file == NULL)
{
err_loop=pcap_loop(handle,-1,got_packet,(u_char *)filew); // count -1 or 0 for infinity packets AND pass argument the name
// of th file
if(err_loop == -1)
{
pcap_perror(handle,errbuf);
fprintf(stderr,"Error in pcap_loop(): %s\n",errbuf);
exit(1);
}
}
if(read_file !=NULL)
{
while((packet = pcap_next(handle,&header))!=NULL)
{
got_packet(0,&header,packet);
}
}
/* Close session */
if(read_file != NULL)
{
print_readfile_stats(sec1,usec1); /* to read the last epoch */
}
pcap_freecode(&fp);
pcap_close(handle);
return 0;
}