2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 * Author : Maksym Mamontov <stg@madf.info>
27 $Date: 2010/09/10 06:41:06 $
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
33 #include <arpa/inet.h>
42 #include "stg/common.h"
43 #include "stg/raw_ip_packet.h"
44 #include "stg/traffcounter.h"
45 #include "stg/plugin_creator.h"
50 PLUGIN_CREATOR<NF_CAP> cnc;
53 extern "C" PLUGIN * GetPlugin();
57 return cnc.GetPlugin();
70 logger(GetPluginLogger(GetStgLogger(), "cap_nf"))
78 int NF_CAP::ParseSettings()
80 std::vector<PARAM_VALUE>::iterator it;
81 for (it = settings.moduleParams.begin(); it != settings.moduleParams.end(); ++it)
83 if (it->param == "TCPPort" && !it->value.empty())
85 if (str2x(it->value[0], portT))
87 errorStr = "Invalid TCPPort value";
88 printfd(__FILE__, "Error: Invalid TCPPort value\n");
93 if (it->param == "UDPPort" && !it->value.empty())
95 if (str2x(it->value[0], portU))
97 errorStr = "Invalid UDPPort value";
98 printfd(__FILE__, "Error: Invalid UDPPort value\n");
103 printfd(__FILE__, "'%s' is not a valid module param\n", it->param.c_str());
117 if (pthread_create(&tidUDP, NULL, RunUDP, this))
121 errorStr = "Cannot create UDP thread";
122 logger("Cannot create UDP thread.");
123 printfd(__FILE__, "Error: Cannot create UDP thread\n");
134 if (pthread_create(&tidTCP, NULL, RunTCP, this))
138 logger("Cannot create TCP thread.");
139 errorStr = "Cannot create TCP thread";
140 printfd(__FILE__, "Error: Cannot create TCP thread\n");
149 runningTCP = runningUDP = false;
150 if (portU && !stoppedUDP)
153 for (int i = 0; i < 25 && !stoppedUDP; ++i)
155 struct timespec ts = {0, 200000000};
156 nanosleep(&ts, NULL);
160 pthread_join(tidUDP, NULL);
164 if (pthread_kill(tidUDP, SIGUSR1))
166 errorStr = "Error sending signal to UDP thread";
167 logger("Error sending sugnal to UDP thread.");
168 printfd(__FILE__, "Error: Error sending signal to UDP thread\n");
171 printfd(__FILE__, "UDP thread NOT stopped\n");
172 logger("Cannot stop UDP thread.");
175 if (portT && !stoppedTCP)
178 for (int i = 0; i < 25 && !stoppedTCP; ++i)
180 struct timespec ts = {0, 200000000};
181 nanosleep(&ts, NULL);
185 pthread_join(tidTCP, NULL);
189 if (pthread_kill(tidTCP, SIGUSR1))
191 errorStr = "Error sending signal to TCP thread";
192 logger("Error sending signal to TCP thread.");
193 printfd(__FILE__, "Error: Error sending signal to TCP thread\n");
196 printfd(__FILE__, "TCP thread NOT stopped\n");
197 logger("Cannot stop TCP thread.");
203 bool NF_CAP::OpenUDP()
205 struct sockaddr_in sin;
206 sockUDP = socket(PF_INET, SOCK_DGRAM, 0);
209 errorStr = "Error opening UDP socket";
210 logger("Cannot create UDP socket: %s", strerror(errno));
211 printfd(__FILE__, "Error: Error opening UDP socket\n");
214 sin.sin_family = AF_INET;
215 sin.sin_port = htons(portU);
216 sin.sin_addr.s_addr = inet_addr("0.0.0.0");
217 if (bind(sockUDP, (struct sockaddr *)&sin, sizeof(sin)))
219 errorStr = "Error binding UDP socket";
220 logger("Cannot bind UDP socket: %s", strerror(errno));
221 printfd(__FILE__, "Error: Error binding UDP socket\n");
227 bool NF_CAP::OpenTCP()
229 struct sockaddr_in sin;
230 sockTCP = socket(PF_INET, SOCK_STREAM, 0);
233 errorStr = "Error opening TCP socket";
234 logger("Cannot create TCP socket: %s", strerror(errno));
235 printfd(__FILE__, "Error: Error opening TCP socket\n");
238 sin.sin_family = AF_INET;
239 sin.sin_port = htons(portT);
240 sin.sin_addr.s_addr = inet_addr("0.0.0.0");
241 if (bind(sockTCP, (struct sockaddr *)&sin, sizeof(sin)))
243 errorStr = "Error binding TCP socket";
244 logger("Cannot bind TCP socket: %s", strerror(errno));
245 printfd(__FILE__, "Error: Error binding TCP socket\n");
248 if (listen(sockTCP, 1))
250 errorStr = "Error listening on TCP socket";
251 logger("Cannot listen on TCP socket: %s", strerror(errno));
252 printfd(__FILE__, "Error: Error listening TCP socket\n");
258 void * NF_CAP::RunUDP(void * c)
261 sigfillset(&signalSet);
262 pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
264 NF_CAP * cap = static_cast<NF_CAP *>(c);
265 cap->stoppedUDP = false;
266 while (cap->runningUDP)
268 if (!WaitPackets(cap->sockUDP))
274 struct sockaddr_in sin;
275 socklen_t slen = sizeof(sin);
276 uint8_t buf[BUF_SIZE];
277 ssize_t res = recvfrom(cap->sockUDP, buf, BUF_SIZE, 0, reinterpret_cast<struct sockaddr *>(&sin), &slen);
278 if (!cap->runningUDP)
283 cap->logger("recvfrom error: %s", strerror(errno));
296 cap->errorStr = "Invalid data received";
297 printfd(__FILE__, "Error: Invalid data received through UDP\n");
302 cap->ParseBuffer(buf, res);
304 cap->stoppedUDP = true;
308 void * NF_CAP::RunTCP(void * c)
311 sigfillset(&signalSet);
312 pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
314 NF_CAP * cap = static_cast<NF_CAP *>(c);
315 cap->stoppedTCP = false;
316 while (cap->runningTCP)
318 if (!WaitPackets(cap->sockTCP))
324 struct sockaddr_in sin;
325 socklen_t slen = sizeof(sin);
326 int sd = accept(cap->sockTCP, reinterpret_cast<struct sockaddr *>(&sin), &slen);
327 if (!cap->runningTCP)
333 cap->logger("accept error: %s", strerror(errno));
337 if (!WaitPackets(sd))
343 uint8_t buf[BUF_SIZE];
344 ssize_t res = recv(sd, buf, BUF_SIZE, MSG_WAITALL);
347 cap->logger("recv error: %s", strerror(errno));
351 if (!cap->runningTCP)
360 // Need to check actual data length and wait all data to receive
366 cap->ParseBuffer(buf, res);
368 cap->stoppedTCP = true;
372 void NF_CAP::ParseBuffer(uint8_t * buf, ssize_t size)
375 NF_HEADER * hdr = reinterpret_cast<NF_HEADER *>(buf);
376 if (htons(hdr->version) != 5)
381 int packets = htons(hdr->count);
383 if (packets < 0 || packets > 30)
388 if (24 + 48 * packets != size)
390 // See 'wrong logic' upper
394 for (int i = 0; i < packets; ++i)
396 NF_DATA * data = reinterpret_cast<NF_DATA *>(buf + 24 + i * 48);
398 ip.rawPacket.header.ipHeader.ip_v = 4;
399 ip.rawPacket.header.ipHeader.ip_hl = 5;
400 ip.rawPacket.header.ipHeader.ip_p = data->proto;
401 ip.dataLen = ntohl(data->octets);
402 ip.rawPacket.header.ipHeader.ip_src.s_addr = data->srcAddr;
403 ip.rawPacket.header.ipHeader.ip_dst.s_addr = data->dstAddr;
404 ip.rawPacket.header.sPort = data->srcPort;
405 ip.rawPacket.header.dPort = data->dstPort;
407 traffCnt->Process(ip);