Пример #1
0
void Flow::print_peers(lua_State* vm, bool verbose) {
  char buf1[64], buf2[64], buf[256];
  Host *src = get_cli_host(), *dst = get_srv_host();

  if((src == NULL) || (dst == NULL)) return;

  lua_newtable(vm);

  lua_push_str_table_entry(vm,  "client", get_cli_host()->get_ip()->print(buf, sizeof(buf)));
  lua_push_str_table_entry(vm,  "server", get_srv_host()->get_ip()->print(buf, sizeof(buf)));
  lua_push_int_table_entry(vm,  "sent", cli2srv_bytes);
  lua_push_int_table_entry(vm,  "rcvd", srv2cli_bytes);
  lua_push_int_table_entry(vm,  "sent.last", get_current_bytes_cli2srv());
  lua_push_int_table_entry(vm,  "rcvd.last", get_current_bytes_srv2cli());
  lua_push_int_table_entry(vm,  "duration", get_duration());

  lua_push_float_table_entry(vm, "client.latitude", get_cli_host()->get_latitude());
  lua_push_float_table_entry(vm, "client.longitude", get_cli_host()->get_longitude());
  lua_push_float_table_entry(vm, "server.latitude", get_srv_host()->get_latitude());
  lua_push_float_table_entry(vm, "server.longitude", get_srv_host()->get_longitude());

  if(verbose) {
    lua_push_bool_table_entry(vm, "client.private", get_cli_host()->get_ip()->isPrivateAddress());
    lua_push_str_table_entry(vm,  "client.country", get_cli_host()->get_country() ? get_cli_host()->get_country() : (char*)"");
    lua_push_bool_table_entry(vm, "server.private", get_srv_host()->get_ip()->isPrivateAddress());
    lua_push_str_table_entry(vm,  "server.country", get_srv_host()->get_country() ? get_srv_host()->get_country() : (char*)"");
    lua_push_str_table_entry(vm, "client.city", get_cli_host()->get_city() ? get_cli_host()->get_city() : (char*)"");
    lua_push_str_table_entry(vm, "server.city", get_srv_host()->get_city() ? get_srv_host()->get_city() : (char*)"");

    if(verbose) {
      if(((cli2srv_packets+srv2cli_packets) > NDPI_MIN_NUM_PACKETS)
	 || (ndpi_detected_protocol != NDPI_PROTOCOL_UNKNOWN)
	 || iface->is_ndpi_enabled()
	 || iface->is_sprobe_interface())
	lua_push_str_table_entry(vm, "proto.ndpi", get_detected_protocol_name());
      else
	lua_push_str_table_entry(vm, "proto.ndpi", (char*)CONST_TOO_EARLY);
    }
  }

  // Key
  /* Too slow */
#if 0
  snprintf(buf, sizeof(buf), "%s %s",
	   src->Host::get_name(buf1, sizeof(buf1), false),
	   dst->Host::get_name(buf2, sizeof(buf2), false));
#else
  snprintf(buf, sizeof(buf), "%s %s",
           intoaV4(ntohl(get_cli_ipv4()), buf1, sizeof(buf1)),
           intoaV4(ntohl(get_srv_ipv4()), buf2, sizeof(buf2)));
#endif

  lua_pushstring(vm, buf);
  lua_insert(vm, -2);
  lua_settable(vm, -3);
}
Пример #2
0
static void printFlow(struct ndpi_flow *flow) {
  char buf1[32], buf2[32];

  printf("\t%s %s:%u > %s:%u [proto: %u/%s][%u pkts/%u bytes]\n",
	 ipProto2Name(flow->protocol),
	 intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)),
	 ntohs(flow->lower_port),
	 intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)),
	 ntohs(flow->upper_port),
	 flow->detected_protocol,
	 ndpi_get_proto_name(ndpi_struct, flow->detected_protocol),
	 flow->packets, flow->bytes);
}
Пример #3
0
static void fPrintFlow(FILE *stream, struct ndpi_flow *flow) {
  char buf1[32], buf2[32];

  fprintf(stream, "%s %u %s %u %.6f %s %u/%s %u %u\n",
   intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)),
   ntohs(flow->lower_port),
   intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)),
   ntohs(flow->upper_port),
   flow->first_packet_time_sec + flow->first_packet_time_usec/1000000.0,
   ipProto2Name(flow->protocol),
   flow->detected_protocol,
   ndpi_get_proto_name(ndpi_struct, flow->detected_protocol),
   flow->packets, flow->bytes);
}
Пример #4
0
/* Function called when the shutdown_reflector is started */
void shutdown_reflector() {
  u_int32_t tot_sent = 0;
  int i;

  if(!shutting_down) {
    shutting_down = 1;
    traceLevel = 6;
    traceEvent(TRACE_INFO, "Shutting down...");

    shutdown_reflector(in_sock, SHUT_RDWR);
    close(in_sock);

    traceEvent(TRACE_INFO, "Leaving...");
    close(out_sock);
  }

  traceEvent(TRACE_INFO, "Received [%u flow packets]", num_rcvd_flows);

  for(i=0; i<num_nf_collectors; i++) {
    char ebuf[64];

    traceEvent(TRACE_INFO, "Collector %s: forwarded %u flows",
	       intoaV4(ntohl(nf_collectors[i].addr.sin_addr.s_addr), ebuf, sizeof(ebuf)),
	       nf_collectors[i].num_pkts_sent);

    tot_sent += nf_collectors[i].num_pkts_sent;
  }

  traceEvent(TRACE_INFO, "Forwarded [%u flows][%u discarded for missing collector]",
	     tot_sent, unforwarded_as_no_available_collector);
  exit(0);
}
Пример #5
0
/* List known reflectors */
static void list_reflectors(int command_sd, /* Socket where the response will be sent */
			    struct sockaddr_in *cliAddr /* Address of the requestor */) {
  char buf[2500];
  u_int32_t tot_flow_pkts_sent = 0;
  int idx = 0, rc, i;
  time_t now = time(NULL);

  for(i=0; i<num_nf_collectors; i++) {
    char tmpbuf[32];

    idx += snprintf(&buf[idx], sizeof(buf)-idx, "Collector %s:%d : ",
		    intoaV4(ntohl(nf_collectors[i].addr.sin_addr.s_addr), tmpbuf, sizeof(tmpbuf)),
		    ntohs(nf_collectors[i].addr.sin_port));

    idx += snprintf(&buf[idx], sizeof(buf)-idx, "[Sent %u flows pkts]\n",
		    nf_collectors[i].num_pkts_sent);
    tot_flow_pkts_sent += nf_collectors[i].num_pkts_sent;

    idx += snprintf(&buf[idx], sizeof(buf)-idx, "\n");
  }

  if(num_nf_collectors == 0) snprintf(buf, sizeof(buf), "No nf_collectors defined");

  idx += snprintf(&buf[idx], sizeof(buf)-idx, "Total flow packets rcvd / sent / unsent no collector: %u / %u / %u\n",
		  num_rcvd_flows, tot_flow_pkts_sent, unforwarded_as_no_available_collector);
}
Пример #6
0
int send_packet(int sock, char* msg, u_int msg_len, struct sockaddr_in *dest) {
  int rc;

  rc = sendto(sock, msg, msg_len, 0, (struct sockaddr*)dest, sizeof(struct sockaddr_in));

  if(rc == -1) {
    char ebuf[64];

    /* traceEvent(TRACE_ERROR, "Forwarding error: %s", strerror(errno)); */

    traceEvent(TRACE_ERROR, "Collector %s:%u either down or unreachable",
	       intoaV4(ntohl(nf_collectors[last_target].addr.sin_addr.s_addr), ebuf, sizeof(ebuf)),
	       ntohs(nf_collectors[last_target].addr.sin_port));
  }

  return(rc);
}
Пример #7
0
/* Process the incoming file */
static u_int8_t process_flow(char *msg,    /* Flow */
			     int msg_len,  /* Flow length */
			     struct sockaddr_in *cliAddr /* Flow sedevicesr */) {
  char ebuf[32];
  int rc, targetId = -1, j;

  num_rcvd_flows++;

  if(num_nf_collectors == 0) {
    traceEvent(TRACE_INFO, "Flow dropped: no nf_collectors defined");
    return(1);
  }

  if(traceLevel > 2)
    traceEvent(TRACE_INFO, "Forwarding flow received from %s:%u [len=%d]",
	       intoaV4(ntohl(cliAddr->sin_addr.s_addr), ebuf, sizeof(ebuf)),
	       ntohs(cliAddr->sin_port), msg_len);

  /* Check prefered nf_collectors first */

  for(j=0; j<num_nf_probes; j++)
    if(nf_probes[j].source_addr.s_addr == cliAddr->sin_addr.s_addr) {
      targetId = j;
      break;
    }

  if(targetId != -1) {
    if(!dummy_mode) {
      rc = send_packet(out_sock, msg, msg_len, &nf_collectors[targetId].addr);
      
      if(rc == -1)
	traceEvent(TRACE_ERROR, "Forwarding error: %s", strerror(errno));
    }
    
    nf_collectors[targetId].num_pkts_sent++;
    last_target = targetId;
  } else {
    traceEvent(TRACE_INFO, "No collector available for forwarding");
    unforwarded_as_no_available_collector++;
  }

  return(0);
}
Пример #8
0
static char* intoa(IpAddress addr, char* buf, u_short bufLen) {
  if(addr.ipVersion == 4)
    return(intoaV4(addr.ipType.ipv4, buf, bufLen));
  else {
    char *ret;
    int len;

    ret = (char*)inet_ntop(AF_INET6, &addr.ipType.ipv6, buf, bufLen);

    if(ret == NULL) {
      printf("WARNING: Internal error (buffer too short)");
      buf[0] = '\0';
    } else {
      len = strlen(ret);
    }

    ret = buf;

    return(ret);
  }
}
Пример #9
0
static unsigned int packet_processing(const u_int64_t time, 
				      const struct ndpi_iphdr *iph,
				      struct ndpi_ip6_hdr *iph6,
				      u_int16_t ip_offset,
				      u_int16_t ipsize, u_int16_t rawsize)
{
  struct ndpi_id_struct *src, *dst;
  struct ndpi_flow *flow;
  struct ndpi_flow_struct *ndpi_flow = NULL;
  u_int32_t protocol = 0;
  u_int8_t proto;

  if(iph)
    flow = get_ndpi_flow(4, iph, ip_offset, ipsize,
			 ntohs(iph->tot_len) - (iph->ihl * 4),
			 &src, &dst, &proto);
  else
    flow = get_ndpi_flow6(iph6, ip_offset, &src, &dst, &proto);

  if(flow != NULL) {
    ndpi_flow = flow->ndpi_flow;
    flow->packets++, flow->bytes += rawsize;
  } else
    return(0);

  ip_packet_count++;
  total_bytes += rawsize + 24 /* CRC etc */;

  if(flow->detection_completed) return(0);

  protocol = (const u_int32_t)ndpi_detection_process_packet(ndpi_struct, ndpi_flow, 
							    iph ? (uint8_t *)iph : (uint8_t *)iph6,
							    ipsize, time, src, dst);

  flow->detected_protocol = protocol;

  if((flow->detected_protocol != NDPI_PROTOCOL_UNKNOWN)
     || (proto == IPPROTO_UDP)
     || ((proto == IPPROTO_TCP) && (flow->packets > 10))) {
    flow->detection_completed = 1;

#if 0
    if(flow->ndpi_flow->l4.tcp.host_server_name[0] != '\0')
      printf("%s\n", flow->ndpi_flow->l4.tcp.host_server_name);
#endif
    
    if(verbose > 1) {
      char buf1[32], buf2[32];
      
      printf("%s %s:%u > %s:%u [proto: %u/%s][%s]\n",
	     ipProto2Name(flow->protocol),
	     intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)), ntohs(flow->lower_port),
	     intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)), ntohs(flow->upper_port),
	     protocol, ndpi_get_proto_name(ndpi_struct, protocol),
	     flow->ndpi_flow->host_server_name);
    }

    snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name);
    free_ndpi_flow(flow);
  }

#if 0
  if(ndpi_flow->l4.tcp.host_server_name[0] != '\0')
    printf("%s\n", ndpi_flow->l4.tcp.host_server_name);
#endif  

  return 0;
}
Пример #10
0
static unsigned int packet_processing(const u_int64_t time, const struct pcap_pkthdr *header,
              const struct ndpi_iphdr *iph, u_int16_t ipsize, u_int16_t rawsize)
{
  struct ndpi_id_struct *src, *dst;
  struct ndpi_flow *flow;
  struct ndpi_flow_struct *ndpi_flow = NULL;
  u_int16_t protocol = 0;
  u_int16_t frag_off = ntohs(iph->frag_off);

  flow = get_ndpi_flow(header, iph, ipsize);
  if (flow != NULL) {
    ndpi_flow = flow->ndpi_flow;
    flow->packets++, flow->bytes += rawsize;
    src = flow->src_id, dst = flow->dst_id;
  } else
    return;

  ip_packet_count++;
  total_bytes += rawsize;

  if(flow->detection_completed) return;

  // only handle unfragmented packets
  if ((frag_off & 0x3FFF) == 0) {
    // here the actual detection is performed
    ndpi_protocol detected = ndpi_detection_process_packet(ndpi_struct, ndpi_flow, (uint8_t *) iph, ipsize, time, src, dst);
    protocol = detected.master_protocol;
  } else {
    static u_int8_t frag_warning_used = 0;

    if (frag_warning_used == 0) {
      printf("\n\nWARNING: fragmented ip packets are not supported and will be skipped \n\n");
      frag_warning_used = 1;
    }

    return 0;
  }

#if 0
  if(verbose && (protocol == 0)) {
    char buf1[32], buf2[32];

    printf("%s %s:%u > %s:%u [proto: %u/%s]\n",
	   ipProto2Name(flow->protocol),
	   intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)), ntohs(flow->lower_port),
	   intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)), ntohs(flow->upper_port),
	   protocol, ndpi_get_proto_name(ndpi_struct, protocol));
  }
#endif

  flow->detected_protocol = protocol;

  if((flow->detected_protocol != NDPI_PROTOCOL_UNKNOWN)
     || (iph->protocol == IPPROTO_UDP)
     || ((iph->protocol == IPPROTO_TCP) && (flow->packets > 10))) {
    flow->detection_completed = 1;

#if 0
    if(flow->ndpi_flow->l4.tcp.host_server_name[0] != '\0')
      printf("%s\n", flow->ndpi_flow->l4.tcp.host_server_name);
#endif

    free_ndpi_flow(flow);
  }

#if 0
  if(ndpi_flow->l4.tcp.host_server_name[0] != '\0')
    printf("%s\n", ndpi_flow->l4.tcp.host_server_name);
#endif  

  return 0;
}