void reader_snf_start() {
pcapFileHeader.linktype = DLT_EN10MB;
pcapFileHeader.snaplen = MOLOCH_SNAPLEN;
pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
int t;
for (t = 0; t < MOLOCH_FILTER_MAX; t++) {
if (config.bpfsNum[t]) {
int i;
if (bpf_programs[t]) {
for (i = 0; i < config.bpfsNum[t]; i++) {
pcap_freecode(&bpf_programs[t][i]);
}
} else {
bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program));
}
for (i = 0; i < config.bpfsNum[t]; i++) {
if (pcap_compile(dpcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(dpcap));
exit(1);
}
}
moloch_reader_should_filter = reader_snf_should_filter;
}
}
int i, r;
for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
for (r = 0; r < snfNumRings; r++) {
char name[100];
snprintf(name, sizeof(name), "moloch-snf%d-%d", i, r);
g_thread_new(name, &reader_snf_thread, rings[i][r]);
}
snf_start(handles[i]);
}
}
static int
pcap_sink_open(struct rte_port_sink *port,
const char *file_name,
uint32_t max_n_pkts)
{
pcap_t *tx_pcap;
pcap_dumper_t *pcap_dumper;
/** Open a dead pcap handler for opening dumper file */
tx_pcap = pcap_open_dead(DLT_EN10MB, 65535);
if (tx_pcap == NULL) {
RTE_LOG(ERR, PORT, "Cannot open pcap dead handler\n");
return -1;
}
/* The dumper is created using the previous pcap_t reference */
pcap_dumper = pcap_dump_open(tx_pcap, file_name);
if (pcap_dumper == NULL) {
RTE_LOG(ERR, PORT, "Failed to open pcap file "
"\"%s\" for writing\n", file_name);
return -1;
}
port->dumper = pcap_dumper;
port->max_pkts = max_n_pkts;
port->pkt_index = 0;
port->dump_finish = 0;
RTE_LOG(INFO, PORT, "Ready to dump packets to file \"%s\"\n",
file_name);
return 0;
}
int main (int argc, char ** argv)
{
struct bpf_program filter;
pcap_t *pc;
int i;
if (argc != 2)
{
printf ("Usage: %s <expression>\n", argv[0]);
return 1;
}
pc = pcap_open_dead(DLT_EN10MB, 1500);
if (pcap_compile(pc, &filter, argv[1], 1, 0) != 0) {
printf("error in active-filter expression: %s\n", pcap_geterr(pc));
return 1;
}
printf("/* precompiled expression: %s */\n\n"
"static struct bpf_insn pktfilter_insns[] = {\n",
argv[1]);
for (i = 0; i < filter.bf_len; i++) {
struct bpf_insn *in = &filter.bf_insns[i];
printf("\t{ .code = 0x%04x, .jt = 0x%02x, .jf = 0x%02x, .k = 0x%08x },\n", in->code, in->jt, in->jf, in->k);
}
printf("};\n\n"
"static struct bpf_program pktfilter = {\n"
"\t.bf_len = %d,\n"
"\t.bf_insns = pktfilter_insns,\n"
"};\n", filter.bf_len);
return 0;
}
int royparse_start(logerr_t* a_logerr)
{
logerr = a_logerr;
if (opt_q) {
pcap = pcap_open_dead(DLT_RAW, 65535);
q_out = pcap_dump_open(pcap, opt_q);
if (q_out == 0) {
logerr("%s: %s\n", opt_q, strerror(errno));
exit(1);
}
}
if (opt_r) {
r_out = fopen(opt_r, "w");
if (r_out == 0) {
logerr("%s: %s\n", opt_r, strerror(errno));
exit(1);
}
} else {
r_out = stdout;
}
setbuf(r_out, 0);
return 0;
}
void init_pcap(struct sniffed_packet * packet)
{
char ftime[256];
time_t rawtime;
struct tm *timeinfo;
time (&rawtime);
timeinfo = localtime(&rawtime);
strftime(ftime, sizeof(ftime), "%Y-%m-%d_%H_%M_%S", timeinfo);
sprintf(fname, "dump_%s_RFPI_%.2x_%.2x_%.2x_%.2x_%.2x.pcap",
ftime,
cli.RFPI[0],
cli.RFPI[1],
cli.RFPI[2],
cli.RFPI[3],
cli.RFPI[4]);
LOG("### dumping to %s\n", fname);
cli.pcap = pcap_open_dead(DLT_EN10MB, 73);
if (!cli.pcap)
{
LOG("!!! couldn't pcap_open_dead(\"%s\")\n", fname);
}
cli.pcap_d = pcap_dump_open(cli.pcap, fname);
if (!cli.pcap_d)
{
LOG("!!! couldn't pcap_dump_open(\"%s\")\n", fname);
}
}
int Generator::generatePackets(string inFileName, string outFileName)
{
pcap_t *p;
pcap_dumper_t *out_file;
int packetsSize, amount;
if (!parseXmlAndCreateObjects(inFileName))
return 0;
packetsSize = (int)packets.size();
p = pcap_open_dead(1, 65536);
out_file = pcap_dump_open(p, outFileName.c_str());
for (int i = 0; i < packetsSize; i++)
{
amount = makeBytesVector(i); //funkcia vrati pocet, kolko ma byt podla xml vygenerovanych paketov (ch)
bytesVector2BytesArray();
dumpToFile(p,out_file, amount);
bytesVector.clear();
delete[] bytes;
}
return 1;
}
static pcap_dumper_t* init_pcap_handler(const char *path)
{
pcap_t *handler;
handler = pcap_open_dead(1, 65535); /* 不限制数据包的长度 */
return pcap_dump_open(handler, path);
}
main(int argc, char **argv)
{
struct uld *uld;
struct sk_buff *skb;
int i;
pcap_t *p;
pcap_dumper_t *pd;
struct pcap_pkthdr ph;
char *ifname;
ifname = NULL;
if (argc == 2) {
ifname = argv[1];
}
uld = uld_open(ifname, 0, 0, 0, 0);
if (uld == NULL)
exit(1);
p = pcap_open_dead(DLT_EN10MB, 65535);
if (!p) fprintf(stderr, "pcap_open_dead failed\n");
pd = pcap_dump_open(p, "-");
if (!pd) fprintf(stderr, "pcap_dump_open failed\n");
for(;;) {
skb = uld_skb_read(uld, 1);
if (skb == NULL)
continue;
ph.ts.tv_sec = skb->tstamp.tv_sec;
ph.ts.tv_usec = skb->tstamp.tv_nsec/1000;
ph.len = ph.caplen = skb->len;
pcap_dump((void *)pd, &ph, skb->data);
pcap_dump_flush(pd);
skb_free(skb);
}
}
bool GPcapFileWriter::doOpen() {
if (fileName_ == "") {
SET_ERR(GErr::FILE_NAME_NOT_SPECIFIED, "file name is not specified");
return false;
}
int dataLink = GPacket::dataLinkTypeToInt(dataLinkType_);
pcap_ = pcap_open_dead(dataLink, snapLen_);
if (pcap_ == nullptr) {
SET_ERR(GErr::RETURN_NULL, QString("pcap_open_dead(%1, %2)) return null").arg(dataLink, snapLen_));
return false;
}
QString path = QFileInfo(fileName_).path();
QString fileName = QFileInfo(fileName_).fileName();
QDateTime now = QDateTime::currentDateTime();
QString newFileName = now.toString(fileName);
if (path != "") {
QDir dir;
dir.mkpath(path);
newFileName = path + QDir::separator() + newFileName;
}
pcap_dumper_ = pcap_dump_open(pcap_, qPrintable(newFileName));
if (pcap_dumper_ == nullptr) {
SET_ERR(GErr::RETURN_NULL, QString("pcap_dump_open(, %1)) return null").arg(newFileName));
pcap_close(pcap_);
pcap_ = nullptr;
return false;
}
return true;
}
init (void)
{
ADDCL(cl);
ADDDBGCL(dl);
desc = pcap_open_dead(DLT_EN10MB, 96);
dumpfile = strdup(DEFAULT_DUMPFILE);
}
/**
* Startup method for the module
*/
void PCAPExporterPipe::performStart()
{
char errbuf[PCAP_ERRBUF_SIZE];
time(&last_check);
if(last_check == (time_t) -1)
THROWEXCEPTION("time() failed");
SignalHandler::getInstance().registerSignalHandler(SIGCHLD, this);
SignalHandler::getInstance().registerSignalHandler(SIGPIPE, this);
if(restartOnSignal)
SignalHandler::getInstance().registerSignalHandler(SIGUSR2, this);
dummy = pcap_open_dead(link_type, snaplen);
if (!dummy) {
THROWEXCEPTION("Could not open dummy device: %s", errbuf);
}
startProcess();
msg(MSG_INFO, "Started PCAPExporterPipe with the following parameters:");
if (fifoReaderCmd != ""){
msg(MSG_INFO, " - fifoReaderCmd = %s", fifoReaderCmd.c_str());
msg(MSG_INFO, " - fifoReaderPid = %d", fifoReaderPid);
} else {
THROWEXCEPTION("No fifoReaderCmd specified!");
}
if (logFileName != ""){
msg(MSG_INFO, " - logfileBaseName = %s", logFileName.c_str());
msg(MSG_INFO, " - appenddate = %s", appenddate ? "true" : "false");
}
else
msg(MSG_ERROR, "No Logfile specified - dumping to stdout!");
msg(MSG_INFO, " - sigKillTimeout = %d" , sigKillTimeout);
}
void reader_pfring_start() {
int dlt_to_linktype(int dlt);
pcapFileHeader.linktype = 1;
pcapFileHeader.snaplen = MOLOCH_SNAPLEN;
pcap_t *pcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
if (config.dontSaveBPFs) {
int i;
if (bpf_programs) {
for (i = 0; i < config.dontSaveBPFsNum; i++) {
pcap_freecode(&bpf_programs[i]);
}
} else {
bpf_programs = malloc(config.dontSaveBPFsNum*sizeof(struct bpf_program));
}
for (i = 0; i < config.dontSaveBPFsNum; i++) {
if (pcap_compile(pcap, &bpf_programs[i], config.dontSaveBPFs[i], 0, PCAP_NETMASK_UNKNOWN) == -1) {
LOG("ERROR - Couldn't compile filter: '%s' with %s", config.dontSaveBPFs[i], pcap_geterr(pcap));
exit(1);
}
}
moloch_reader_should_filter = reader_pfring_should_filter;
}
pcap_close(pcap);
int i;
for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
char name[100];
snprintf(name, sizeof(name), "moloch-pfring%d", i);
g_thread_new(name, &reader_pfring_thread, rings[i]);
}
}
int main (int argc, char ** argv)
{
pcap_t *pc; /* Fake struct pcap so we can compile expr */
struct bpf_program filter; /* Filter program for link-active pkts */
u_int32_t netmask=0;
int dflag = 3;
if (argc == 4)
{
if (!strcmp (argv[1], "-d"))
{
dflag = atoi (argv[2]);
argv += 2;
argc -=2;
}
}
if (argc != 2)
{
printf ("usage; %s [ -d <debug_level> ] expression\n", argv[0]);
return 1;
}
pc = pcap_open_dead(DLT_PPP_PPPD, PPP_HDRLEN);
if (pcap_compile(pc, &filter, argv[1], 1, netmask) == 0)
{
printf ("#\n# Expression: %s\n#\n", argv[1]);
bpf_dump (&filter, dflag);
return 0;
}
else
{
printf("error in active-filter expression: %s\n", pcap_geterr(pc));
}
return 1;
}
bool SnoopDump::doOpen()
{
m_pcap = pcap_open_dead(linkType, snoop::DEFAULT_SNAPLEN);
if (m_pcap == NULL)
{
SET_ERROR(SnoopError, "error in pcap_open_dead return NULL", VERR_IN_PCAP_OPEN_DEAD);
return false;
}
if (filePath == "")
{
SET_ERROR(VFileError, "file name not specified", VERR_FILENAME_NOT_SPECIFIED);
return false;
}
QString _path = QFileInfo(filePath).path();
QString _fileName = QFileInfo(filePath).fileName();
VFile::createFolder(_path);
if (_fileName == "") _fileName = DEFAULT_DUMP_FILE_NAME;
QDateTime now = QDateTime::currentDateTime();
QString newFileName = qformat(qPrintable(_fileName),
now.date().year(), now.date().month(), now.date().day(),
now.time().hour(), now.time().minute(), now.time().second(), now.time().msec());
m_pcap_dumper = pcap_dump_open(m_pcap, qPrintable(_path + "/" + newFileName));
if (m_pcap_dumper == NULL)
{
SET_ERROR(SnoopError, pcap_geterr(m_pcap), VERR_IN_PCAP_DUMP_OPEN);
return false;
}
return true;
}
PacketHandler(const std::string& pcap_name)
: pcap_writer(NULL),
pcap_filename(pcap_name)
{
pcap = pcap_open_dead(DLT_EN10MB, MAX_CAPLEN);
open_logs();
}
void PacketDumper::openDump(time_t when, int sampling_rate,
unsigned int max_pkts_per_file,
unsigned int max_sec_per_file) {
char pcap_path[MAX_PATH], hour_path[64];
int len;
time_t _when = when;
if(dumper) return;
sec_start = when;
this->sampling_rate = sampling_rate;
this->max_pkts_per_file = iface->getDumpTrafficMaxPktsPerFile();
this->max_sec_per_file = iface->getDumpTrafficMaxSecPerFile();
when -= when % 3600; /* Hourly directories */
strftime(hour_path, sizeof(hour_path), "%Y/%m/%d/%H", localtime(&when));
snprintf(pcap_path, sizeof(pcap_path), "%s/%d/pcap/%s",
ntop->get_working_dir(), iface->get_id(), hour_path);
ntop->fixPath(pcap_path);
Utils::mkdir_tree(pcap_path);
len = strlen(pcap_path);
snprintf(&pcap_path[len], sizeof(pcap_path)-len-1, "/%u_%u.pcap",
(unsigned int)when, file_id);
if((dumper = pcap_dump_open(pcap_open_dead(iface_type, 16384 /* MTU */), pcap_path)) == NULL)
ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to create pcap file %s", pcap_path);
else {
dump_end = _when + this->max_sec_per_file, num_dumped_packets = 0, file_id++;
ntop->getTrace()->traceEvent(TRACE_INFO, "Created pcap dump %s [max pkts=%u][max duration=%u sec]", \
pcap_path, this->max_pkts_per_file, this->max_sec_per_file);
}
}
/* Called at the start on main thread or each time a new file is open on single thread */
void moloch_rules_recompile()
{
int t, r;
if (deadPcap)
pcap_close(deadPcap);
deadPcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
MolochRule_t *rule;
for (t = 0; t < MOLOCH_RULE_TYPE_NUM; t++) {
for (r = 0; (rule = current.rules[t][r]); r++) {
if (!rule->bpf)
continue;
pcap_freecode(&rule->bpfp);
if (pcapFileHeader.linktype != 239) {
if (pcap_compile(deadPcap, &rule->bpfp, rule->bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOGEXIT("ERROR - Couldn't compile filter %s: '%s' with %s", rule->filename, rule->bpf, pcap_geterr(deadPcap));
}
} else {
rule->bpfp.bf_len = 0;
}
}
}
}
int init_write_pkts_to_files(const char* out_fpath) {
/*create hashtable*/
flow_seqid_hashmap = ht_kf_create(HASH_MAP_SIZE);
if (flow_seqid_hashmap == NULL) {
printf("FAIL: ht_kf_create flow_seqid_hashmap\n");
return -1;
}
int node_idx = 0;
for (node_idx = 0; node_idx < NUM_SENDERS; ++node_idx) {
pd[node_idx] = pcap_open_dead(DLT_EN10MB, 65535 /* snaplen */);
if (pd[node_idx] == NULL) {
return -1;
}
/* Create the output file. */
char fname[100];
snprintf(fname, 100, "%s/h%d.pcap", out_fpath, node_idx+1);
pdumper[node_idx] = pcap_dump_open(pd[node_idx], fname);
if (pdumper[node_idx] == NULL) {
return -1;
}
snprintf(fname, 100, "%s/h%d_trace.csv", out_fpath, node_idx+1);
fp[node_idx] = fopen(fname, "w");
if (fp[node_idx] == NULL) {
return -1;
}
}
return 0;
}
int main(int argc, char **argv)
{
//Check whether user has entered enough arguments
if(argc < 2)
{
printf("Usage: ./firewall mode [input pcap file] [output pcap file]\n",
" Mode: 1/2\n");
}
char errbuf[100];
int mode = atoi(argv[1]);
//If mode = 1 then use the interfaces to capture packets
if(mode == 1)
{
pid_t childPID;
//Open the interface handlers
in_handle = pcap_open_live(INT_IN,65536,1,0,errbuf);
out_handle = pcap_open_live(INT_OUT,65536,1,0,errbuf);
//Create two processes for two interfaces
childPID = fork();
if(childPID >= 0)
{
//Associate the handlers with the interfaces
if(childPID == 0)
{
capture_loop(in_handle, -1, (pcap_handler)parse_packet, NULL);
}
else
{
capture_loop(out_handle, -1, (pcap_handler)parse_packet_p, NULL);
}
}
else
{
printf("\n Fork failed, quitting!!!!!!\n");
return 1;
}
}
//Else open the input pcap file for the processing and write to output pcap file
else
{
//Check for the valid arguments
if(argc < 4)
{
printf("Usage: ./firewall mode [input pcap file] [output pcap file]\n",
" Mode: 1/2\n");
}
in_handle = pcap_open_offline(argv[2],errbuf);
//802.3 = 1 - link type
//open new pcap handler
out_handle = pcap_open_dead(1,65536);
//open the file with the handler
dumper = pcap_dump_open(out_handle, argv[3]);
//Process all the packets from the file
capture_loop(in_handle, -1, (pcap_handler)parse_packet_file, (u_char*)dumper);
}
return 0;
}
/**
* Initialization routines for your monitor.
* Allocate any global resources or initial values here.
*/
void monitor_init(void)
{
char *name;
/* create a fake pcap device for the dumper */
pcap = pcap_open_dead(DLT_EN10MB, 65535);
name = basename(cfg.prog_name);
snprintf(outname, MAX_STR, OUT_FMT, cfg.log_dir, name);
}
PhysicalMedium_pimpl(clockid_t clockidToUse, const char * nameIn, int mcastPort) : clockidToUse(clockidToUse)
{
struct epoll_event ev;
int rv;
u_char loop;
tx.mcastsockfd = -1;
ev.events = EPOLLIN;
ev.data.ptr = &NetworkSimulator::getUnblocker();
state = STOPPED;
name = strdup(nameIn);
poller.epfd = epoll_create1(EPOLL_CLOEXEC);
thread = -1;
if (poller.epfd < 0)
throw "epoll_create error";
rv = epoll_ctl(poller.epfd, EPOLL_CTL_ADD, NetworkSimulator::getUnblocker().getReadPipe(), &ev);
if (rv < 0)
throw "PhysicalMedium_pimpl: failed to add unblocker to poller";
/*
* SIGEV_NONE is supposed to prevent signal delivery, but it doesn't.
* Set signo to SIGSTOP to make the received signal obvious but
* harmless.
*/
memset(&sev, 0, sizeof(sev));
sev.sigev_notify = SIGEV_NONE;
sev.sigev_signo = SIGSTOP;
if (timer_create(clockidToUse, &sev, &timer) == -1) {
xlog(LOG_ERR, "timer_create fail (%d:%s)", errno,
strerror(errno));
throw "PhysicalMedium_pimpl: failed to create timer";
}
// Create multicast socket and disable loopback as we don't want
// to receive the packets we have just transmitted.
tx.mcastsockfd=socket(AF_INET, SOCK_DGRAM, 0);
tx.mcastport = mcastPort;
// Ensure IP_MULTICAST_LOOP is set so QEMU nodes that are
// running locally can receive the multicast packet.
loop = 1;
setsockopt(tx.mcastsockfd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop));
bzero(&tx.mcastGroupAddr,sizeof(tx.mcastGroupAddr));
tx.mcastGroupAddr.sin_family = AF_INET;
tx.mcastGroupAddr.sin_addr.s_addr=inet_addr("224.1.1.1");
tx.mcastGroupAddr.sin_port=htons(tx.mcastport);
memset(&stats, 0, sizeof(stats));
pcap.fake = pcap_open_dead(DLT_IEEE802_15_4_NOFCS, 65535);
assert(pcap.fake);
pcap.dumper = pcap_dump_open(pcap.fake, "./packets.pcap");
assert(pcap.dumper);
}
void PacketWriter::init(const std::string& file_name, int link_type) {
handle = pcap_open_dead(link_type, 65535);
if(!handle)
throw std::runtime_error("Error creating pcap handle");
dumper = pcap_dump_open(handle, file_name.c_str());
if(!dumper) {
// RAII plx
pcap_close(handle);
throw std::runtime_error(pcap_geterr(handle));
}
}
/* Setup filter resources */
static int pf_capture_setup(netio_desc_t *nio,void **opt,
int argc,char *argv[])
{
struct netio_filter_capture *c;
int link_type;
/* We must have a link type and a filename */
if (argc != 2)
return(-1);
/* Free resources if something has already been done */
pf_capture_free(nio,opt);
/* Allocate structure to hold PCAP info */
if (!(c = malloc(sizeof(*c))))
return(-1);
if (pthread_mutex_init(&c->lock,NULL)) {
fprintf(stderr,"NIO %s: pthread_mutex_init failure (file %s)\n",
nio->name,argv[0]);
goto pcap_lock_err;
}
if ((link_type = pcap_datalink_name_to_val(argv[0])) == -1) {
fprintf(stderr,"NIO %s: unknown link type %s, assuming Ethernet.\n",
nio->name,argv[0]);
link_type = DLT_EN10MB;
}
/* Open a dead pcap descriptor */
if (!(c->desc = pcap_open_dead(link_type,8192))) {
fprintf(stderr,"NIO %s: pcap_open_dead failure\n",nio->name);
goto pcap_open_err;
}
/* Open the output file */
if (!(c->dumper = pcap_dump_open(c->desc,argv[1]))) {
fprintf(stderr,"NIO %s: pcap_dump_open failure (file %s)\n",
nio->name,argv[0]);
goto pcap_dump_err;
}
printf("NIO %s: capturing to file '%s'\n",nio->name,argv[1]);
*opt = c;
return(0);
pcap_dump_err:
pcap_close(c->desc);
pcap_open_err:
pthread_mutex_destroy(&c->lock);
pcap_lock_err:
free(c);
return(-1);
}
PcapFileOut::PcapFileOut(unsigned port, std::string filename)
: PcapFileBase(port, filename) {
pcap = pcap_open_dead(0, 0);
if (pcap == nullptr)
bm_fatal_error(
std::string("Could not open file ") + filename + " for writing");
dumper = pcap_dump_open(pcap, filename.c_str());
if (dumper == nullptr)
bm_fatal_error(
std::string("Could not open file ") + filename + " for writing");
}
/*
* Class: disy_jnipcap_Pcap
* Method: openDead
* Signature: (II)J
*/
JNIEXPORT jlong JNICALL
Java_disy_jnipcap_Pcap_openDead (JNIEnv *env, jclass jcls, jint jlinktype, jint jsnaplen)
{
pcap_t *p = pcap_open_dead((int)jlinktype, (int)jsnaplen);
if (p == NULL) return (jlong) NULL;
if (mid_Pcap_init == NULL) {
pcap_close (p);
return (jlong) NULL;
}
return (jlong) p;
}
void OfflinePacketFilter::init(const string& pcap_filter,
int link_type,
unsigned int snap_len) {
handle_ = pcap_open_dead(
link_type,
snap_len
);
if (pcap_compile(handle_, &filter_, pcap_filter.c_str(), 1, 0xffffffff) == -1) {
throw invalid_pcap_filter(pcap_geterr(handle_));
}
}
void PCAPExporterModule::performStart()
{
char errbuf[PCAP_ERRBUF_SIZE];
dummy = pcap_open_dead(link_type, snaplen);
if (!dummy) {
THROWEXCEPTION("Could not open dummy device: %s", errbuf);
}
dumper = pcap_dump_open(dummy, fileName.c_str());
if (!dumper) {
THROWEXCEPTION("Could not open dump file: %s", errbuf);
}
}
void Foo::bar()
{
pcap_t* cap = pcap_open_dead(0, 32);
if (cap)
{
std::cout << "got pcap" << std::endl;
pcap_close(cap);
}
else
{
std::cout << "didn't get pcap" << std::endl;
}
}
/*-
-- cap = pcap.open_dead([linktype, [snaplen]])
- linktype is one of the DLT numbers, and defaults to pcap.DLT.EN10MB.
- snaplen is the maximum size of packet, and defaults to 65535 (also,
a value of 0 is changed into 65535 internally, as tcpdump does).
Open a pcap that doesn't read from either a live interface, or an offline pcap
file. It can be used with cap:dump_open() to write a pcap file, or to compile a
BPF program.
*/
static int lpcap_open_dead(lua_State *L)
{
int linktype = luaL_optint(L, 1, DLT_EN10MB);
int snaplen = luaL_optint(L, 2, 0);
pcap_t** cap = pushpcapopen(L);
/* this is the value tcpdump uses, its way bigger than any known link size */
if(!snaplen)
snaplen = 0xffff;
*cap = pcap_open_dead(linktype, snaplen);
return checkpcapopen(L, cap, "open dead failed for unknown reason");
}
void reader_libpcap_start() {
int dlt_to_linktype(int dlt);
//ALW - Bug: assumes all linktypes are the same
pcapFileHeader.linktype = dlt_to_linktype(pcap_datalink(pcaps[0])) | pcap_datalink_ext(pcaps[0]);
pcapFileHeader.snaplen = pcap_snapshot(pcaps[0]);
pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
int t;
for (t = 0; t < MOLOCH_FILTER_MAX; t++) {
if (config.bpfsNum[t]) {
int i;
if (bpf_programs[t]) {
for (i = 0; i < config.bpfsNum[t]; i++) {
pcap_freecode(&bpf_programs[t][i]);
}
} else {
bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program));
}
for (i = 0; i < config.bpfsNum[t]; i++) {
if (pcap_compile(dpcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(dpcap));
exit(1);
}
}
moloch_reader_should_filter = reader_libpcap_should_filter;
}
}
int i;
for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
if (config.bpf) {
struct bpf_program bpf;
if (pcap_compile(pcaps[i], &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(pcaps[i]));
exit(1);
}
if (pcap_setfilter(pcaps[i], &bpf) == -1) {
LOG("ERROR - Couldn't set filter: '%s' with %s", config.bpf, pcap_geterr(pcaps[i]));
exit(1);
}
}
char name[100];
snprintf(name, sizeof(name), "moloch-pcap%d", i);
g_thread_new(name, &reader_libpcap_thread, (gpointer)pcaps[i]);
}
}
