static packet* SdpDissector(packet *pkt) { packet *sdp_pkt; sdp_msg *msg; pstack_f *frame; sdp_pkt = NULL; /* create new SDP message */ msg = DMemMalloc(sizeof(sdp_msg)); SdpMsgInit(msg); if (SdpParse(pkt, pkt->len, msg) == 0) { /* new sdp packet */ sdp_pkt = PktNew(); sdp_pkt->stk = ProtCopyFrame(pkt->stk, TRUE); /* new frame */ frame = ProtCreateFrame(sdp_id); ProtSetNxtFrame(frame, sdp_pkt->stk); sdp_pkt->stk = frame; /* set frame attribute */ sdp_pkt->cap_sec = pkt->cap_sec; sdp_pkt->cap_usec = pkt->cap_usec; sdp_pkt->serial = pkt->serial; sdp_pkt->data = (char *)msg; } PktFree(pkt); return sdp_pkt; }
static void PcapDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct cap_ref *ref = (struct cap_ref *)user; packet *pkt; static time_t tm = 0; struct timespec to; unsigned long len; char tgl; pkt = PktNew(); ref->cnt++; pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+4); memcpy(pkt->raw, bytes, h->caplen); pkt->raw_len = h->caplen; /* align 4b */ len = pkt->raw_len; len = len + 4 - (len%4); *((unsigned long *)&(pkt->raw[len])) = ref->dlt; *((unsigned long *)&(pkt->raw[len+sizeof(unsigned long)])) = ref->cnt; *((char **)(&(pkt->raw[len+sizeof(unsigned long)*2]))) = ref->file_name; if (h->ts.tv_sec < 0) pkt->cap_sec = 0; else pkt->cap_sec = h->ts.tv_sec; pkt->cap_usec = h->ts.tv_usec; pkt->serial = pkt_serial; /* crash info */ crash_pkt_cnt = ref->cnt; crash_ref_name = ref->file_name; /* decode */ if (!ciao) ProtDissec(pcap_prot_id, pkt); FlowSetGblTime(h->ts.tv_sec); /* next serial number */ pkt_serial++; if (time(NULL) > tm) { tgl = 0; ReportSplash(); while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) { tgl = (tgl + 1) % 4; to.tv_sec = 0; to.tv_nsec = 300000000; /* wait some time */ while (nanosleep(&to, &to) != 0) ; if (tgl == 0) ReportSplash(); } tm = time(NULL) + 2; } }
static int SnoopDissector(FILE *fp, struct cap_ref *ref) { struct snoop_packet_header hdr; unsigned long hlen, len; packet *pkt; time_t tm = 0; struct timespec to; while (1) { /* read header */ hlen = fread(&hdr, 1, sizeof(struct snoop_packet_header), fp); if (hlen != sizeof(struct snoop_packet_header)) { if (hlen == 0) return 0; printf("Snoop file error\n"); return -1; } pkt = PktNew(); /* conver values */ hdr.tlen = ntohl(hdr.tlen); hdr.len = ntohl(hdr.len); hdr.blen = ntohl(hdr.blen); hdr.secs = ntohl(hdr.secs); hdr.usecs = ntohl(hdr.usecs); len = hdr.blen - hlen; ref->cnt++; pkt->raw = DMemMalloc(len+sizeof(unsigned long)*2+sizeof(char *)+4); len = fread(pkt->raw, 1, len, fp); pkt->raw_len = len; /* align 4b */ len = len + 4 - (len%4); *((unsigned long *)&(pkt->raw[len])) = ref->dlt; *((unsigned long *)&(pkt->raw[len+sizeof(unsigned long)])) = ref->cnt; *((char **)(&(pkt->raw[len+sizeof(unsigned long)*2]))) = ref->file_name; pkt->cap_sec = hdr.secs; pkt->cap_usec = hdr.usecs; pkt->serial = pkt_serial; /* crash info */ crash_pkt_cnt = ref->cnt; crash_ref_name = ref->file_name; /* decode */ if (!ciao) ProtDissec(pcap_prot_id, pkt); FlowSetGblTime(hdr.secs); /* next serial number */ pkt_serial++; if (time(NULL) > tm) { ReportSplash(); while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) { to.tv_sec = 0; to.tv_nsec = 300000000; /* wait some time */ while (nanosleep(&to, &to) != 0) ; ReportSplash(); } tm = time(NULL) + 2; } } return 0; }
static int SnoopDissector(FILE *fp, struct cap_ref *ref) { struct snoop_packet_header hdr; unsigned long hlen, len; packet *pkt; time_t tm = 0; static time_t tstart = 0; static size_t tsize = 0; int offset; struct timespec to; FILE *fpl; while (1) { /* read header */ hlen = fread(&hdr, 1, sizeof(struct snoop_packet_header), fp); if (hlen != sizeof(struct snoop_packet_header)) { if (hlen == 0) return 0; printf("Snoop file error\n"); return -1; } pkt = PktNew(); /* conver values */ hdr.tlen = ntohl(hdr.tlen); hdr.len = ntohl(hdr.len); hdr.blen = ntohl(hdr.blen); hdr.secs = ntohl(hdr.secs); hdr.usecs = ntohl(hdr.usecs); len = hdr.blen - hlen; ref->cnt++; pkt->raw = DMemMalloc(len+sizeof(unsigned long)*2+sizeof(char *)+4); len = fread(pkt->raw, 1, len, fp); pkt->raw_len = len; tsize += len; offset = 0; *((unsigned long *)&(pkt->raw[len])) = ref->dlt; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[len+offset])) = ref->cnt; offset += sizeof(unsigned long); *((char **)(&(pkt->raw[len+offset]))) = ref->file_name; offset += sizeof(char *); *((unsigned long *)&(pkt->raw[len+offset])) = ref->ses_id; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[len+offset])) = ref->pol_id; pkt->cap_sec = hdr.secs; pkt->cap_usec = hdr.usecs; pkt->serial = pkt_serial; /* crash info */ crash_pkt_cnt = ref->cnt; crash_ref_name = ref->file_name; /* decode */ ProtDissec(pol_prot_id, pkt); FlowSetGblTime(hdr.secs); /* next serial number */ pkt_serial++; if (time(NULL) > tm) { tm = time(NULL); ReportSplash(); while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) { to.tv_sec = 2; to.tv_nsec = 1; /* wait some time */ while (nanosleep(&to, &to) != 0) ; ReportSplash(); } if (tstart == 0) tstart = tm; else { fpl = fopen(file_status, "w+"); if (fpl != NULL) { fprintf(fpl, "s:%lu r:%lu\n", (unsigned long)tsize, (tm - tstart)); fclose(fpl); } } tm += 5; } } return 0; }
static void PcapDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct cap_ref *ref = (struct cap_ref *)user; int offset; packet *pkt; static time_t tm = 0; static time_t tstart = 0; static size_t tsize = 0; struct timespec to; FILE *fp; pkt = PktNew(); ref->cnt++; pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+sizeof(unsigned long)*2); memcpy(pkt->raw, bytes, h->caplen); pkt->raw_len = h->caplen; tsize += h->caplen; offset = 0; *((unsigned long *)&(pkt->raw[pkt->raw_len])) = ref->dlt; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->cnt; offset += sizeof(unsigned long); *((char **)&(pkt->raw[pkt->raw_len+offset])) = ref->file_name; offset += sizeof(char *); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->ses_id; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->pol_id; if (h->ts.tv_sec < 0) pkt->cap_sec = 0; else pkt->cap_sec = h->ts.tv_sec; pkt->cap_usec = h->ts.tv_usec; pkt->serial = pkt_serial; /* crash info */ crash_pkt_cnt = ref->cnt; crash_ref_name = ref->file_name; /* decode */ ProtDissec(pol_prot_id, pkt); FlowSetGblTime(h->ts.tv_sec); /* next serial number */ pkt_serial++; if (time(NULL) > tm) { tm = time(NULL); ReportSplash(); while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) { to.tv_sec = 2; to.tv_nsec = 1; /* wait some time */ while (nanosleep(&to, &to) != 0) ; ReportSplash(); } if (tstart == 0) { tstart = tm; } else { fp = fopen(file_status, "w+"); if (fp != NULL) { fprintf(fp, "s:%lu r:%lu\n", (unsigned long)tsize, (tm - tstart)); fclose(fp); } } tm += 5; } }
static void RltmPolDissector(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) { struct pcap_ref *ref = (struct pcap_ref *)user; packet *pkt; static time_t tm = 0; int offset; struct timespec to; struct pcap_pkthdr pckt_header; size_t nwrt, wcnt; pkt = PktNew(); ref->cnt++; pkt->raw = DMemMalloc(h->caplen+sizeof(unsigned long)*2+sizeof(char *)+sizeof(unsigned long)*2); memcpy(pkt->raw, bytes, h->caplen); pkt->raw_len = h->caplen; offset = 0; *((unsigned long *)&(pkt->raw[pkt->raw_len])) = ref->dlt; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->cnt; offset += sizeof(unsigned long); if (savepcap) *((char **)&(pkt->raw[pkt->raw_len+offset])) = pcap_deb; else *((char **)&(pkt->raw[pkt->raw_len+offset])) = "Real Time"; offset += sizeof(char *); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->ses_id; offset += sizeof(unsigned long); *((unsigned long *)&(pkt->raw[pkt->raw_len+offset])) = ref->pol_id; pkt->cap_sec = h->ts.tv_sec; pkt->cap_usec = h->ts.tv_usec; pkt->serial = pkt_serial; /* crash info */ crash_pkt_cnt = ref->cnt; /* decode */ /* save packet */ if (fp_pcap != NULL) { pckt_header.caplen = pkt->raw_len; pckt_header.len = pkt->raw_len; pckt_header.ts.tv_sec = pkt->cap_sec; pckt_header.ts.tv_usec = pkt->cap_usec; wcnt = 0; do { nwrt = fwrite(((char *)&pckt_header)+wcnt, 1, sizeof(struct pcap_pkthdr)-wcnt, fp_pcap); if (nwrt != -1) wcnt += nwrt; else break; } while (wcnt != sizeof(struct pcap_pkthdr)); wcnt = 0; do { nwrt = fwrite(((char *)pkt->raw)+wcnt, 1, pkt->raw_len-wcnt, fp_pcap); if (nwrt != -1) wcnt += nwrt; else break; } while (wcnt != pkt->raw_len); } ProtDissec(pol_prot_id, pkt); FlowSetGblTime(h->ts.tv_sec); /* next serial number */ pkt_serial++; if (time(NULL) > tm) { tm = time(NULL) + 5; ReportSplash(); while (DispatchPeiPending() > DISP_PEI_MAX_QUEUE) { to.tv_sec = 2; to.tv_nsec = 1; /* wait some time */ while (nanosleep(&to, &to) != 0) ; LogPrintf(LV_WARNING, "Possible data loss!"); ReportSplash(); } } }