2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 * Author : Maxim Mamontov <faust@stargazer.dp.ua>
23 #include "stg/traffcounter.h"
24 #include "stg/plugin_creator.h"
25 #include "stg/common.h"
26 #include "stg/raw_ip_packet.h"
30 //-----------------------------------------------------------------------------
31 //-----------------------------------------------------------------------------
32 //-----------------------------------------------------------------------------
35 PLUGIN_CREATOR<PCAP_CAP> pcc;
37 const size_t SNAP_LEN = 1518;
38 const size_t ETHER_ADDR_LEN = 6;
42 u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */
43 u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */
44 u_short ether_type; /* IP? ARP? RARP? etc */
49 extern "C" PLUGIN * GetPlugin();
50 //-----------------------------------------------------------------------------
51 //-----------------------------------------------------------------------------
52 //-----------------------------------------------------------------------------
55 return pcc.GetPlugin();
57 //-----------------------------------------------------------------------------
58 //-----------------------------------------------------------------------------
59 //-----------------------------------------------------------------------------
60 std::string PCAP_CAP::GetVersion() const
62 return "pcap_cap v.1.0";
64 //-----------------------------------------------------------------------------
71 logger(GetPluginLogger(GetStgLogger(), "cap_pcap"))
74 //-----------------------------------------------------------------------------
75 int PCAP_CAP::ParseSettings()
77 devices.erase(devices.begin(), devices.end());
79 if (settings.moduleParams.empty())
81 devices.push_back(DEV());
82 logger("Defaulting to pseudo-device 'all'.");
86 for (size_t i = 0; i < settings.moduleParams.size(); i++)
87 if (settings.moduleParams[i].param == "interfaces")
88 for (size_t j = 0; j < settings.moduleParams[i].value.size(); j++)
89 devices.push_back(DEV(settings.moduleParams[i].value[j]));
91 for (size_t i = 0; i < settings.moduleParams.size(); i++)
92 if (settings.moduleParams[i].param == "filters")
93 for (size_t j = 0; j < settings.moduleParams[i].value.size(); j++)
94 if (j < devices.size())
95 devices[j].filterExpression = settings.moduleParams[i].value[j];
99 devices.push_back(DEV());
100 logger("Defaulting to pseudo-device 'all'.");
106 //-----------------------------------------------------------------------------
107 int PCAP_CAP::Start()
112 DEV_MAP::iterator it(devices.begin());
113 while (it != devices.end())
117 char errbuf[PCAP_ERRBUF_SIZE];
119 /* get network number and mask associated with capture device */
120 if (pcap_lookupnet(it->device.c_str(), &net, &mask, errbuf) == -1)
122 errorStr = "Couldn't get netmask for device " + it->device + ": " + errbuf;
124 printfd(__FILE__, "%s\n", errorStr.c_str());
128 /* open capture device */
129 it->handle = pcap_open_live(it->device.c_str(), SNAP_LEN, 1, 1000, errbuf);
130 if (it->handle == NULL)
132 errorStr = "Couldn't open device " + it->device + ": " + errbuf;
134 printfd(__FILE__, "%s\n", errorStr.c_str());
138 if (pcap_setnonblock(it->handle, true, errbuf) == -1)
140 errorStr = "Couldn't put device " + it->device + " into non-blocking mode: " + errbuf;
142 printfd(__FILE__, "%s\n", errorStr.c_str());
146 /* make sure we're capturing on an Ethernet device [2] */
147 if (pcap_datalink(it->handle) != DLT_EN10MB)
149 errorStr = it->device + " is not an Ethernet";
151 printfd(__FILE__, "%s\n", errorStr.c_str());
155 /* compile the filter expression */
156 if (pcap_compile(it->handle, &it->filter, it->filterExpression.c_str(), 0, net) == -1)
158 errorStr = "Couldn't parse filter " + it->filterExpression + ": " + pcap_geterr(it->handle);
160 printfd(__FILE__, "%s\n", errorStr.c_str());
164 /* apply the compiled filter */
165 if (pcap_setfilter(it->handle, &it->filter) == -1)
167 errorStr = "Couldn't install filter " + it->filterExpression + ": " + pcap_geterr(it->handle);
169 printfd(__FILE__, "%s\n", errorStr.c_str());
173 it->fd = pcap_get_selectable_fd(it->handle);
176 errorStr = "Couldn't get a file descriptor for " + it->device + ": " + pcap_geterr(it->handle);
178 printfd(__FILE__, "%s\n", errorStr.c_str());
187 if (pthread_create(&thread, NULL, Run, this))
189 errorStr = "Cannot create thread.";
190 logger("Cannot create thread.");
191 printfd(__FILE__, "Cannot create thread\n");
197 //-----------------------------------------------------------------------------
205 //5 seconds to thread stops itself
206 for (int i = 0; i < 25 && isRunning; i++)
208 struct timespec ts = {0, 200000000};
209 nanosleep(&ts, NULL);
211 //after 5 seconds waiting thread still running. now killing it
214 if (pthread_kill(thread, SIGUSR1))
216 errorStr = "Cannot kill thread.";
217 logger("Cannot send signal to thread.");
220 for (int i = 0; i < 25 && isRunning; ++i)
222 struct timespec ts = {0, 200000000};
223 nanosleep(&ts, NULL);
227 errorStr = "PCAP_CAP not stopped.";
228 logger("Cannot stop thread.");
229 printfd(__FILE__, "Cannot stop thread\n");
234 pthread_join(thread, NULL);
236 for (DEV_MAP::iterator it(devices.begin()); it != devices.end(); ++it)
238 pcap_freecode(&it->filter);
239 pcap_close(it->handle);
244 //-----------------------------------------------------------------------------
245 void * PCAP_CAP::Run(void * d)
248 sigfillset(&signalSet);
249 pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
251 PCAP_CAP * dc = static_cast<PCAP_CAP *>(d);
252 dc->isRunning = true;
257 for (DEV_MAP::const_iterator it(dc->devices.begin()); it != dc->devices.end(); ++it)
259 FD_SET(it->fd, &fds);
260 maxFd = std::max(maxFd, it->fd);
266 struct timeval tv = {0, 500000};
268 if (select(maxFd + 1, &rfds, NULL, NULL, &tv) > 0)
272 dc->isRunning = false;
276 void PCAP_CAP::TryRead(const fd_set & set)
278 for (DEV_MAP::const_iterator it(devices.begin()); it != devices.end(); ++it)
279 if (FD_ISSET(it->fd, &set))
283 void PCAP_CAP::TryReadDev(const DEV & dev)
285 struct pcap_pkthdr * header;
286 const u_char * packet;
287 if (pcap_next_ex(dev.handle, &header, &packet) == -1)
289 printfd(__FILE__, "Failed to read data from '%s': %s\n", dev.device.c_str(), pcap_geterr(dev.handle));
293 const ETH * eth = reinterpret_cast<const ETH *>(packet);
294 if (eth->ether_type != 0x8)
298 memcpy(&ip.rawPacket, packet + 14, sizeof(ip.rawPacket));
299 traffCnt->Process(ip);