static nmsg_res ncap_get_dstip(nmsg_message_t m, struct nmsg_msgmod_field *field, unsigned val_idx, void **data, size_t *len, void *msg_clos) { Nmsg__Isc__Ncap *ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m); struct ncap_priv *p = msg_clos; if (ncap == NULL || p == NULL) return (nmsg_res_failure); if (val_idx == 0) { switch (ncap->type) { case NMSG__ISC__NCAP_TYPE__IPV4: case NMSG__ISC__NCAP_TYPE__IPV6: *data = p->dstip.data; if (len) *len = p->dstip.len; break; case NMSG__ISC__NCAP_TYPE__Legacy: if (ncap->has_dstip) { *data = ncap->dstip.data; if (len) *len = ncap->dstip.len; } break; } return (nmsg_res_success); } return (nmsg_res_failure); }
static void process_msg(nmsg_message_t msg) { Nmsg__Isc__Pkt *pkt; int rc; pkt = (Nmsg__Isc__Pkt *) nmsg_message_get_payload(msg); assert(pkt != NULL); assert(pkt->has_len_frame); assert(pkt->payload.data != NULL); assert(pkt->payload.len == pkt->len_frame); memcpy(pkt->payload.data, eth_broadcast, 6); rc = pcap_inject(pcap, pkt->payload.data, pkt->payload.len); if (rc == -1) { pcap_perror(pcap, argv_program); exit(EXIT_FAILURE); } atomic_inc(&count_output); }
static nmsg_res ncap_get_dns(nmsg_message_t m, struct nmsg_msgmod_field *field, unsigned val_idx, void **data, size_t *len, void *msg_clos) { Nmsg__Isc__Ncap *ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m); struct ncap_priv *p = msg_clos; if (ncap == NULL || p == NULL) return (nmsg_res_failure); if (val_idx != 0) return (nmsg_res_failure); if (p->srcport == 53 || p->srcport == 5353 || p->dstport == 53 || p->dstport == 5353) { switch (ncap->type) { case NMSG__ISC__NCAP_TYPE__IPV4: case NMSG__ISC__NCAP_TYPE__IPV6: *data = (void *) p->dg.payload; if (len) *len = p->dg.len_payload; return (nmsg_res_success); break; case NMSG__ISC__NCAP_TYPE__Legacy: *data = (void *) ncap->payload.data; if (len) *len = ncap->payload.len; return (nmsg_res_success); break; } } return (nmsg_res_failure); }
static nmsg_res ncap_msg_load(nmsg_message_t m, void **msg_clos) { Nmsg__Isc__Ncap *ncap; const struct nmsg_iphdr *ip; const struct ip6_hdr *ip6; const struct nmsg_udphdr *udp; struct ncap_priv *p; unsigned etype; ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(m); if (ncap == NULL || ncap->payload.data == NULL || ncap->payload.len == 0) return (nmsg_res_failure); *msg_clos = p = calloc(1, sizeof(struct ncap_priv)); if (p == NULL) return (nmsg_res_memfail); /* source and destination IPs */ switch (ncap->type) { case NMSG__ISC__NCAP_TYPE__IPV4: etype = ETHERTYPE_IP; nmsg_ipdg_parse(&p->dg, etype, ncap->payload.len, ncap->payload.data); ip = (const struct nmsg_iphdr *) p->dg.network; p->has_srcip = true; p->has_dstip = true; p->srcip.len = 4; p->dstip.len = 4; p->srcip.data = (uint8_t *) &ip->ip_src; p->dstip.data = (uint8_t *) &ip->ip_dst; p->proto = ip->ip_p; break; case NMSG__ISC__NCAP_TYPE__IPV6: etype = ETHERTYPE_IPV6; nmsg_ipdg_parse(&p->dg, etype, ncap->payload.len, ncap->payload.data); ip6 = (const struct ip6_hdr *) p->dg.network; p->has_srcip = true; p->has_dstip = true; p->srcip.len = 16; p->dstip.len = 16; p->srcip.data = (uint8_t *) &ip6->ip6_src; p->dstip.data = (uint8_t *) &ip6->ip6_dst; p->proto = ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt; break; case NMSG__ISC__NCAP_TYPE__Legacy: break; } /* source and destination ports */ switch (ncap->type) { case NMSG__ISC__NCAP_TYPE__IPV4: case NMSG__ISC__NCAP_TYPE__IPV6: switch (p->dg.proto_transport) { case IPPROTO_UDP: udp = (const struct nmsg_udphdr *) p->dg.transport; p->has_srcport = true; p->has_dstport = true; p->srcport = ntohs(udp->uh_sport); p->dstport = ntohs(udp->uh_dport); break; } break; case NMSG__ISC__NCAP_TYPE__Legacy: switch (ncap->ltype) { case NMSG__ISC__NCAP_LEGACY_TYPE__UDP: case NMSG__ISC__NCAP_LEGACY_TYPE__TCP: if (ncap->has_lint0) { p->has_srcport = true; p->srcport = ncap->lint0; } if (ncap->has_lint1) { p->has_dstport = true; p->dstport = ncap->lint1; } case NMSG__ISC__NCAP_LEGACY_TYPE__ICMP: break; } switch (ncap->ltype) { case NMSG__ISC__NCAP_LEGACY_TYPE__UDP: p->proto = IPPROTO_UDP; break; case NMSG__ISC__NCAP_LEGACY_TYPE__TCP: p->proto = IPPROTO_TCP; break; case NMSG__ISC__NCAP_LEGACY_TYPE__ICMP: p->proto = IPPROTO_ICMP; break; } break; } return (nmsg_res_success); }
void *ptr __attribute__((unused)), nmsg_strbuf_t sb, const char *endline) { Nmsg__Isc__Ncap *ncap; char dstip[INET6_ADDRSTRLEN]; char srcip[INET6_ADDRSTRLEN]; const char *err_str = "unknown"; const struct nmsg_iphdr *ip; const struct ip6_hdr *ip6; const struct nmsg_udphdr *udp; nmsg_res res; struct nmsg_ipdg dg; unsigned etype; ncap = (Nmsg__Isc__Ncap *) nmsg_message_get_payload(msg); if (ncap == NULL || ncap->payload.data == NULL || ncap->payload.len == 0) { res = nmsg_strbuf_append(sb, "payload: <DECODING ERROR>%s", endline); return (res); } dstip[0] = '\0'; srcip[0] = '\0'; res = nmsg_strbuf_append(sb, "payload:%s", endline); if (res != nmsg_res_success) return (res); /* parse header fields */ switch (ncap->type) { case NMSG__ISC__NCAP_TYPE__IPV4: