static void
sigint_handler(int sig_nr)
{
nbDeallocatePacketDecoder(Decoder);
nbCleanup();
exit(0);
}
int main(int argc, char *argv[])
{
char ErrBuf[1024];
nbPacketDecoder *Decoder;
nbPacketDumpFilePcap* PcapPacketDumpFile;
nbNetPDLLinkLayer_t LinkLayerType;
unsigned long PacketCounter= 0;
char *PSMLAsciiBuffer;
int PSMLElements;
nbPSMLReader *PSMLReader;
int Res;
if (ParseCommandLine(argc, argv) == nbFAILURE)
return nbFAILURE;
printf("\n\nLoading NetPDL protocol database...\n");
Res= nbInitialize(NetPDLFileName, nbPROTODB_FULL, ErrBuf, sizeof(ErrBuf) );
if (Res == nbFAILURE)
{
printf("Error initializing the NetBee Library; %s\n", ErrBuf);
printf("\n\nUsing the NetPDL database embedded in the NetBee library instead.\n");
}
// In case the NetBee library has not been initialized,
// initialize right now with the embedded NetPDL protocol database instead
if (nbIsInitialized() == nbFAILURE)
{
if (nbInitialize(NULL, nbPROTODB_FULL, ErrBuf, sizeof(ErrBuf)) == nbFAILURE)
{
printf("Error initializing the NetBee Library; %s\n", ErrBuf);
return nbFAILURE;
}
}
printf("NetPDL Protocol database loaded.\n");
Decoder= nbAllocatePacketDecoder(nbDECODER_GENERATEPDML_COMPLETE |
nbDECODER_GENERATEPSML | nbDECODER_KEEPALLPSML | nbDECODER_KEEPALLPDML, ErrBuf, sizeof(ErrBuf));
// Create a NetPDL Parser to decode packet
if (Decoder == NULL)
{
printf("Error creating the NetPDLParser: %s.\n", ErrBuf);
return nbFAILURE;
}
// Allocate a pcap dump file reader
if ((PcapPacketDumpFile= nbAllocatePacketDumpFilePcap(ErrBuf, sizeof(ErrBuf))) == NULL)
{
printf("Error creating the PcapPacketDumpFile: %s.\n", ErrBuf);
return nbFAILURE;
}
// Open the pcap file
if (PcapPacketDumpFile->OpenDumpFile(CaptureFileName, 0) == nbFAILURE)
{
printf("%s", PcapPacketDumpFile->GetLastError());
return nbFAILURE;
}
// Get the link layer type (will be used in the decoding process)
if (PcapPacketDumpFile->GetLinkLayerType(LinkLayerType) == nbFAILURE)
{
printf("%s", PcapPacketDumpFile->GetLastError());
return nbFAILURE;
}
printf("\n\n==========================================================================\n");
printf("Printing PSML data as soon as it gets decoded.\n\n");
// Create a new PSML Manager to get data from NetBeePacketDecoder
PSMLReader= Decoder->GetPSMLReader();
if (PSMLReader == NULL)
{
printf("PSMLReader initialization failed: %s\n", Decoder->GetLastError() );
return nbFAILURE;
}
PSMLElements= PSMLReader->GetSummary(&PSMLAsciiBuffer);
if (PSMLElements == nbFAILURE)
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
while (1)
{
int RetVal;
struct pcap_pkthdr *PktHeader;
const unsigned char *PktData;
RetVal= PcapPacketDumpFile->GetNextPacket(&PktHeader, &PktData);
if (RetVal == nbWARNING)
break; // capture file ended
if (RetVal == nbFAILURE)
{
printf("Cannot read from the capture source file: %s\n", PcapPacketDumpFile->GetLastError() );
return nbFAILURE;
}
PacketCounter++;
// Decode packet
if (Decoder->DecodePacket(LinkLayerType, PacketCounter, PktHeader, PktData) == nbFAILURE)
{
printf("\nError decoding a packet %s\n\n", Decoder->GetLastError());
return nbFAILURE;
}
// Get the current item in PSML format and print it on screen
PSMLElements= PSMLReader->GetCurrentPacket(&PSMLAsciiBuffer);
if (PSMLElements == nbFAILURE)
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError());
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
}
// Dump PSML file to disk
if (PSMLReader->SaveDocumentAs(PSML_TEMPFILENAME) == nbFAILURE)
{
printf("%s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
printf("\n\n==========================================================================\n");
printf("Now printing PSML data reading everything from file, through the decoder.\n\n");
PSMLElements= PSMLReader->GetSummary(&PSMLAsciiBuffer);
if (PSMLElements == nbFAILURE)
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
for (unsigned long i= 1; i <= PacketCounter; i++)
{
// Get the current item in PSML format and print it on screen
PSMLElements= PSMLReader->GetPacket(i, &PSMLAsciiBuffer);
if ((PSMLElements == nbFAILURE) || (PSMLElements == nbWARNING))
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
}
// Delete the decoder; is is no longer in use
// The decoder will delete also the PSMLReader.
nbDeallocatePacketDecoder(Decoder);
printf("\n\n==========================================================================\n");
printf("Now printing PSML data reading everything directly from file.\n\n");
PSMLReader= nbAllocatePSMLReader((char*) PSML_TEMPFILENAME, ErrBuf, sizeof(ErrBuf));
if (PSMLReader == NULL)
{
printf("PSMLReader creation failed: %s\n", ErrBuf);
return nbFAILURE;
}
PSMLElements= PSMLReader->GetSummary(&PSMLAsciiBuffer);
if (PSMLElements == nbFAILURE)
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
for (unsigned long i= 1; i <= PacketCounter; i++)
{
// Get the current item in PSML format and print it on screen
PSMLElements= PSMLReader->GetPacket(i, &PSMLAsciiBuffer);
if ((PSMLElements == nbFAILURE) || (PSMLElements == nbWARNING))
{
printf("Reading summary from PSMLReader failed %s\n", PSMLReader->GetLastError() );
return nbFAILURE;
}
PrintPSMLBuffer(PSMLAsciiBuffer, PSMLElements);
}
nbDeallocatePSMLReader(PSMLReader);
// NetBee cleanup
nbCleanup();
// Remove temporary file
remove(PSML_TEMPFILENAME);
return nbSUCCESS;
}
int main(int argc, char *argv[])
{
char ErrorMsg[1024];
nbPacketDecoder *Decoder;
nbPacketDumpFilePcap* PcapPacketDumpFile;
nbNetPDLLinkLayer_t LinkLayerType;
unsigned long PacketCounter= 0;
nbPDMLReader *PDMLReader;
//char Buffer[2048];
char ProtoName[2048];
char FieldName[2048];
char ErrBuf[2048];
int Res;
int i, ProtoNameLength;
if (ParseCommandLine(argc, argv) == nbFAILURE)
return nbFAILURE;
//printf("\nEnter the protocol and field you want to look at (default: 'ip.src'):\n ");
//fgets(Buffer, sizeof(Buffer), stdin);
//// fgets reads also the newline character, so we have to reset it
//Buffer[strlen(Buffer) - 1]= 0;
// In case the user enters a given field, let's copy it within the proper variables
// Let's copy the fieldname into the proper variables
i=0;
while ( (ProtoAndFieldName[i]) && (ProtoAndFieldName[i] != '.') && (i < (sizeof(ProtoName) - 1)) )
{
ProtoName[i]= ProtoAndFieldName[i];
i++;
}
ProtoName[i]= 0;
ProtoNameLength= i;
i=0;
while ( (ProtoAndFieldName[ProtoNameLength + i + 1]) && (i < (sizeof(FieldName) - 1)) )
{
FieldName[i]= ProtoAndFieldName[ProtoNameLength + i + 1];
i++;
}
FieldName[i]= 0;
printf("\n\nLoading NetPDL protocol database...\n");
Res= nbInitialize(NetPDLFileName, nbPROTODB_FULL, ErrBuf, sizeof(ErrBuf) );
if (Res == nbFAILURE)
{
printf("Error initializing the NetBee Library; %s\n", ErrBuf);
printf("\n\nUsing the NetPDL database embedded in the NetBee library instead.\n");
}
// In case the NetBee library has not been initialized,
// initialize right now with the embedded NetPDL protocol database instead
if (nbIsInitialized() == nbFAILURE)
{
if (nbInitialize(NULL, nbPROTODB_FULL, ErrBuf, sizeof(ErrBuf)) == nbFAILURE)
{
printf("Error initializing the NetBee Library; %s\n", ErrBuf);
return nbFAILURE;
}
}
printf("NetPDL Protocol database loaded.\n");
Decoder= nbAllocatePacketDecoder(nbDECODER_GENERATEPDML_COMPLETE |
nbDECODER_GENERATEPSML | nbDECODER_KEEPALLPSML | nbDECODER_KEEPALLPDML, ErrorMsg, sizeof(ErrorMsg));
// Create a NetPDL Parser to decode packet
if (Decoder == NULL)
{
printf("Error creating the NetPDLParser: %s.\n", ErrorMsg);
return nbFAILURE;
}
// Allocate a pcap dump file reader
if ((PcapPacketDumpFile= nbAllocatePacketDumpFilePcap(ErrBuf, sizeof(ErrBuf))) == NULL)
{
printf("Error creating the PcapPacketDumpFile: %s.\n", ErrBuf);
return nbFAILURE;
}
// Open the pcap file
if (PcapPacketDumpFile->OpenDumpFile(CaptureFileName, 0) == nbFAILURE)
{
printf("%s", PcapPacketDumpFile->GetLastError());
return nbFAILURE;
}
// Get the link layer type (will be used in the decoding process)
if (PcapPacketDumpFile->GetLinkLayerType(LinkLayerType) == nbFAILURE)
{
printf("%s", PcapPacketDumpFile->GetLastError());
return nbFAILURE;
}
printf("\n\n==========================================================================\n");
printf("Printing PDML fields values data as soon as packets get decoded.\n\n");
// Get a new PDML Manager
PDMLReader= Decoder->GetPDMLReader();
// Initialize the PDMLReader to get data from NetBeePacketDecoder
if (PDMLReader == NULL)
{
printf("PDMLReader initialization failed: %s\n", Decoder->GetLastError() );
return nbFAILURE;
}
while (1)
{
int RetVal;
struct pcap_pkthdr *PktHeader;
const unsigned char *PktData;
struct _nbPDMLField *PDMLField;
RetVal= PcapPacketDumpFile->GetNextPacket(&PktHeader, &PktData);
if (RetVal == nbWARNING)
break; // capture file ended
if (RetVal == nbFAILURE)
{
printf("Cannot read from the capture source file: %s\n", PcapPacketDumpFile->GetLastError() );
return nbFAILURE;
}
PacketCounter++;
// Decode packet
if (Decoder->DecodePacket(LinkLayerType, PacketCounter, PktHeader, PktData) == nbFAILURE)
{
printf("\nError decoding a packet %s\n\n", Decoder->GetLastError());
return nbFAILURE;
}
PDMLField= NULL;
// Please remember that this loop is usually executed twice
// In fact, if the selected field is found in the packet, we have to repeat the loop to see if
// another instance of that field is still there.
// In case there is not another instance of that field, the second iteration goes into the
// nbWARNING part, and then it exits.
while (1)
{
int Ret;
Ret= PDMLReader->GetPDMLField(ProtoName, FieldName, PDMLField, &PDMLField);
if (Ret == nbSUCCESS)
{
printf("The value of field '%s.%s' is %s\n", ProtoName, FieldName, PDMLField->ShowValue);
continue;
}
if (Ret == nbFAILURE)
{
printf("Field '%s.%s' not found in packet #%ld. Is protocol '%s' present in packet #%ld? (NetBee returned error: %s)\n\n",
ProtoName, FieldName, PacketCounter, ProtoName, PacketCounter, PDMLReader->GetLastError());
break;
}
if (Ret == nbWARNING)
break;
}
}
// Dump PDML file to disk
if (PDMLReader->SaveDocumentAs(PDML_TEMPFILENAME) == nbFAILURE)
printf("%s\n", PDMLReader->GetLastError() );
// Delete the decoder; is is no longer in use
// The decoder will delete also the PDMLReader.
nbDeallocatePacketDecoder(Decoder);
printf("\n\n==========================================================================\n");
printf("Now printing PDML field values by reading PDML packets from file.\n\n");
PDMLReader= nbAllocatePDMLReader((char*) PDML_TEMPFILENAME, ErrorMsg, sizeof(ErrorMsg));
if (PDMLReader == NULL)
{
printf("PDMLReader creation failed: %s\n", ErrorMsg);
return nbFAILURE;
}
for (unsigned long i= 1; i <= PacketCounter; i++)
{
struct _nbPDMLField *PDMLField;
PDMLField= NULL;
while (1)
{
int Ret;
Ret= PDMLReader->GetPDMLField(i, ProtoName, FieldName, PDMLField, &PDMLField);
if (Ret == nbSUCCESS)
{
printf("The value of field '%s.%s' is %s\n", ProtoName, FieldName, PDMLField->ShowValue);
continue;
}
if (Ret == nbFAILURE)
{
printf("Field '%s.%s' not found in packet #%ld. Is protocol '%s' present in packet #%ld? (NetBee returned error: %s)\n\n",
ProtoName, FieldName, i, ProtoName, i, PDMLReader->GetLastError());
break;
}
if (Ret == nbWARNING)
break;
}
}
nbDeallocatePDMLReader(PDMLReader);
// NetBee cleanup
nbCleanup();
// Remove temporary file
remove(PDML_TEMPFILENAME);
return nbSUCCESS;
}