2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 * Author : Maxim Mamontov <faust@stg.dp.ua>
27 $Date: 2010/09/10 06:41:06 $
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
33 #include <arpa/inet.h>
42 #include "stg/common.h"
43 #include "stg/raw_ip_packet.h"
44 #include "stg/traffcounter.h"
45 #include "stg/plugin_creator.h"
48 PLUGIN_CREATOR<NF_CAP> cnc;
52 return cnc.GetPlugin();
76 int NF_CAP::ParseSettings()
78 std::vector<PARAM_VALUE>::iterator it;
79 for (it = settings.moduleParams.begin(); it != settings.moduleParams.end(); ++it)
81 if (it->param == "TCPPort")
83 if (str2x(it->value[0], portT))
85 errorStr = "Invalid TCPPort value";
86 printfd(__FILE__, "Error: Invalid TCPPort value\n");
91 if (it->param == "UDPPort")
93 if (str2x(it->value[0], portU))
95 errorStr = "Invalid UDPPort value";
96 printfd(__FILE__, "Error: Invalid UDPPort value\n");
101 printfd(__FILE__, "'%s' is not a valid module param\n", it->param.c_str());
115 if (pthread_create(&tidUDP, NULL, RunUDP, this))
119 errorStr = "Cannot create UDP thread";
120 printfd(__FILE__, "Error: Cannot create UDP thread\n");
131 if (pthread_create(&tidTCP, NULL, RunTCP, this))
135 errorStr = "Cannot create TCP thread";
136 printfd(__FILE__, "Error: Cannot create TCP thread\n");
145 runningTCP = runningUDP = false;
146 if (portU && !stoppedUDP)
149 for (int i = 0; i < 25 && !stoppedUDP; ++i)
155 pthread_join(tidUDP, NULL);
159 if (pthread_kill(tidUDP, SIGUSR1))
161 errorStr = "Error sending signal to UDP thread";
162 printfd(__FILE__, "Error: Error sending signal to UDP thread\n");
165 printfd(__FILE__, "UDP thread NOT stopped\n");
168 if (portT && !stoppedTCP)
171 for (int i = 0; i < 25 && !stoppedTCP; ++i)
177 pthread_join(tidTCP, NULL);
181 if (pthread_kill(tidTCP, SIGUSR1))
183 errorStr = "Error sending signal to TCP thread";
184 printfd(__FILE__, "Error: Error sending signal to TCP thread\n");
187 printfd(__FILE__, "TCP thread NOT stopped\n");
193 bool NF_CAP::OpenUDP()
195 struct sockaddr_in sin;
196 sockUDP = socket(PF_INET, SOCK_DGRAM, 0);
199 errorStr = "Error opening UDP socket";
200 printfd(__FILE__, "Error: Error opening UDP socket\n");
203 sin.sin_family = AF_INET;
204 sin.sin_port = htons(portU);
205 sin.sin_addr.s_addr = inet_addr("0.0.0.0");
206 if (bind(sockUDP, (struct sockaddr *)&sin, sizeof(sin)))
208 errorStr = "Error binding UDP socket";
209 printfd(__FILE__, "Error: Error binding UDP socket\n");
215 bool NF_CAP::OpenTCP()
217 struct sockaddr_in sin;
218 sockTCP = socket(PF_INET, SOCK_STREAM, 0);
221 errorStr = "Error opening TCP socket";
222 printfd(__FILE__, "Error: Error opening TCP socket\n");
225 sin.sin_family = AF_INET;
226 sin.sin_port = htons(portT);
227 sin.sin_addr.s_addr = inet_addr("0.0.0.0");
228 if (bind(sockTCP, (struct sockaddr *)&sin, sizeof(sin)))
230 errorStr = "Error binding TCP socket";
231 printfd(__FILE__, "Error: Error binding TCP socket\n");
234 if (listen(sockTCP, 1))
236 errorStr = "Error listening on TCP socket";
237 printfd(__FILE__, "Error: Error listening TCP socket\n");
243 void * NF_CAP::RunUDP(void * c)
245 NF_CAP * cap = static_cast<NF_CAP *>(c);
246 uint8_t buf[BUF_SIZE];
248 struct sockaddr_in sin;
250 cap->stoppedUDP = false;
251 while (cap->runningUDP)
253 if (!WaitPackets(cap->sockUDP))
260 res = recvfrom(cap->sockUDP, buf, BUF_SIZE, 0, reinterpret_cast<struct sockaddr *>(&sin), &slen);
261 if (!cap->runningUDP)
273 cap->errorStr = "Invalid data received";
274 printfd(__FILE__, "Error: Invalid data received through UDP\n");
279 cap->ParseBuffer(buf, res);
281 cap->stoppedUDP = true;
285 void * NF_CAP::RunTCP(void * c)
287 NF_CAP * cap = static_cast<NF_CAP *>(c);
288 uint8_t buf[BUF_SIZE];
291 struct sockaddr_in sin;
293 cap->stoppedTCP = false;
294 while (cap->runningTCP)
296 if (!WaitPackets(cap->sockTCP))
303 sd = accept(cap->sockTCP, reinterpret_cast<struct sockaddr *>(&sin), &slen);
304 if (!cap->runningTCP)
311 cap->errorStr = "Error accepting connection";
312 printfd(__FILE__, "Error: Error accepting connection\n");
317 if (!WaitPackets(sd))
323 res = recv(sd, buf, BUF_SIZE, MSG_WAITALL);
326 if (!cap->runningTCP)
335 // Need to check actual data length and wait all data to receive
340 cap->errorStr = "Invalid data received";
341 printfd(__FILE__, "Error: Invalid data received through TCP\n");
346 cap->ParseBuffer(buf, res);
348 cap->stoppedTCP = true;
352 void NF_CAP::ParseBuffer(uint8_t * buf, int size)
355 NF_HEADER * hdr = reinterpret_cast<NF_HEADER *>(buf);
356 if (htons(hdr->version) != 5)
361 int packets = htons(hdr->count);
363 if (packets < 0 || packets > 30)
368 if (24 + 48 * packets != size)
370 // See 'wrong logic' upper
374 for (int i = 0; i < packets; ++i)
376 NF_DATA * data = reinterpret_cast<NF_DATA *>(buf + 24 + i * 48);
378 ip.rawPacket.header.ipHeader.ip_v = 4;
379 ip.rawPacket.header.ipHeader.ip_hl = 5;
380 ip.rawPacket.header.ipHeader.ip_p = data->proto;
381 ip.dataLen = ntohl(data->octets);
382 ip.rawPacket.header.ipHeader.ip_src.s_addr = data->srcAddr;
383 ip.rawPacket.header.ipHeader.ip_dst.s_addr = data->dstAddr;
384 ip.rawPacket.header.sPort = data->srcPort;
385 ip.rawPacket.header.dPort = data->dstPort;
387 traffCnt->Process(ip);
git.stg.codes / stg.git / blob