X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/f91192c77eec33a27dea7fcd0d451823ef478529..ee1709cd231588fe672d0bd2546ef69ee87ff88c:/projects/stargazer/plugins/capture/cap_nf/cap_nf.cpp diff --git a/projects/stargazer/plugins/capture/cap_nf/cap_nf.cpp b/projects/stargazer/plugins/capture/cap_nf/cap_nf.cpp index 37af9720..817ed715 100644 --- a/projects/stargazer/plugins/capture/cap_nf/cap_nf.cpp +++ b/projects/stargazer/plugins/capture/cap_nf/cap_nf.cpp @@ -27,36 +27,74 @@ $Revision: 1.11 $ $Date: 2010/09/10 06:41:06 $ $Author: faust $ */ -#include -#include -#include -#include -#include + +#include "cap_nf.h" + +#include "stg/common.h" +#include "stg/raw_ip_packet.h" +#include "stg/traffcounter.h" + +#include #include #include #include -#include +#include +#include +#include +#include -#include "stg/common.h" -#include "stg/raw_ip_packet.h" -#include "stg/traffcounter.h" -#include "stg/plugin_creator.h" -#include "cap_nf.h" +namespace +{ + +struct NF_HEADER { + uint16_t version; // Protocol version + uint16_t count; // Flows count + uint32_t uptime; // System uptime + uint32_t timestamp; // UNIX timestamp + uint32_t nsecs; // Residual nanoseconds + uint32_t flowSeq; // Sequence counter + uint8_t eType; // Engine type + uint8_t eID; // Engine ID + uint16_t sInterval; // Sampling mode and interval +}; + +struct NF_DATA { + uint32_t srcAddr; // Flow source address + uint32_t dstAddr; // Flow destination address + uint32_t nextHop; // IP addres on next hop router + uint16_t inSNMP; // SNMP index of input iface + uint16_t outSNMP; // SNMP index of output iface + uint32_t packets; // Packets in flow + uint32_t octets; // Total number of bytes in flow + uint32_t timeStart; // Uptime on first packet in flow + uint32_t timeFinish;// Uptime on last packet in flow + uint16_t srcPort; // Flow source port + uint16_t dstPort; // Flow destination port + uint8_t pad1; // 1-byte padding + uint8_t TCPFlags; // Cumulative OR of TCP flags + uint8_t proto; // IP protocol type (tcp, udp, etc.) + uint8_t tos; // IP Type of Service (ToS) + uint16_t srcAS; // Source BGP autonomous system number + uint16_t dstAS; // Destination BGP autonomus system number + uint8_t srcMask; // Source address mask in "slash" notation + uint8_t dstMask; // Destination address mask in "slash" notation + uint16_t pad2; // 2-byte padding +}; + +#define BUF_SIZE (sizeof(NF_HEADER) + 30 * sizeof(NF_DATA)) -PLUGIN_CREATOR cnc; +} -PLUGIN * GetPlugin() +extern "C" STG::Plugin* GetPlugin() { -return cnc.GetPlugin(); + static NF_CAP plugin; + return &plugin; } NF_CAP::NF_CAP() : traffCnt(NULL), - settings(), - tidTCP(), - tidUDP(), runningTCP(false), runningUDP(false), stoppedTCP(true), @@ -65,21 +103,16 @@ NF_CAP::NF_CAP() portU(0), sockTCP(-1), sockUDP(-1), - errorStr(), - logger(GetPluginLogger(GetStgLogger(), "cap_nf")) -{ -} - -NF_CAP::~NF_CAP() + logger(STG::PluginLogger::get("cap_nf")) { } int NF_CAP::ParseSettings() { -std::vector::iterator it; +std::vector::iterator it; for (it = settings.moduleParams.begin(); it != settings.moduleParams.end(); ++it) { - if (it->param == "TCPPort") + if (it->param == "TCPPort" && !it->value.empty()) { if (str2x(it->value[0], portT)) { @@ -89,7 +122,7 @@ for (it = settings.moduleParams.begin(); it != settings.moduleParams.end(); ++it } continue; } - if (it->param == "UDPPort") + if (it->param == "UDPPort" && !it->value.empty()) { if (str2x(it->value[0], portU)) { @@ -118,7 +151,7 @@ if (portU > 0) runningUDP = false; CloseUDP(); errorStr = "Cannot create UDP thread"; - logger("Cannot create UDP thread."); + logger("Cannot create UDP thread."); printfd(__FILE__, "Error: Cannot create UDP thread\n"); return -1; } @@ -134,7 +167,7 @@ if (portT > 0) { runningTCP = false; CloseTCP(); - logger("Cannot create TCP thread."); + logger("Cannot create TCP thread."); errorStr = "Cannot create TCP thread"; printfd(__FILE__, "Error: Cannot create TCP thread\n"); return -1; @@ -163,7 +196,7 @@ if (portU && !stoppedUDP) if (pthread_kill(tidUDP, SIGUSR1)) { errorStr = "Error sending signal to UDP thread"; - logger("Error sending sugnal to UDP thread."); + logger("Error sending sugnal to UDP thread."); printfd(__FILE__, "Error: Error sending signal to UDP thread\n"); return -1; } @@ -188,12 +221,12 @@ if (portT && !stoppedTCP) if (pthread_kill(tidTCP, SIGUSR1)) { errorStr = "Error sending signal to TCP thread"; - logger("Error sending signal to TCP thread."); + logger("Error sending signal to TCP thread."); printfd(__FILE__, "Error: Error sending signal to TCP thread\n"); return -1; } printfd(__FILE__, "TCP thread NOT stopped\n"); - logger("Cannot stop TCP thread."); + logger("Cannot stop TCP thread."); } } return 0; @@ -261,10 +294,6 @@ sigfillset(&signalSet); pthread_sigmask(SIG_BLOCK, &signalSet, NULL); NF_CAP * cap = static_cast(c); -uint8_t buf[BUF_SIZE]; -int res; -struct sockaddr_in sin; -socklen_t slen; cap->stoppedUDP = false; while (cap->runningUDP) { @@ -274,16 +303,18 @@ while (cap->runningUDP) } // Data - slen = sizeof(sin); - res = recvfrom(cap->sockUDP, buf, BUF_SIZE, 0, reinterpret_cast(&sin), &slen); + struct sockaddr_in sin; + socklen_t slen = sizeof(sin); + uint8_t buf[BUF_SIZE]; + ssize_t res = recvfrom(cap->sockUDP, buf, BUF_SIZE, 0, reinterpret_cast(&sin), &slen); if (!cap->runningUDP) break; if (res < 0) - { - cap->logger("recvfrom error: %s", strerror(errno)); - continue; - } + { + cap->logger("recvfrom error: %s", strerror(errno)); + continue; + } if (res == 0) // EOF { @@ -313,11 +344,6 @@ sigfillset(&signalSet); pthread_sigmask(SIG_BLOCK, &signalSet, NULL); NF_CAP * cap = static_cast(c); -uint8_t buf[BUF_SIZE]; -int res; -int sd; -struct sockaddr_in sin; -socklen_t slen; cap->stoppedTCP = false; while (cap->runningTCP) { @@ -327,15 +353,16 @@ while (cap->runningTCP) } // Data - slen = sizeof(sin); - sd = accept(cap->sockTCP, reinterpret_cast(&sin), &slen); + struct sockaddr_in sin; + socklen_t slen = sizeof(sin); + int sd = accept(cap->sockTCP, reinterpret_cast(&sin), &slen); if (!cap->runningTCP) break; if (sd <= 0) { if (sd < 0) - cap->logger("accept error: %s", strerror(errno)); + cap->logger("accept error: %s", strerror(errno)); continue; } @@ -345,7 +372,8 @@ while (cap->runningTCP) continue; } - res = recv(sd, buf, BUF_SIZE, MSG_WAITALL); + uint8_t buf[BUF_SIZE]; + ssize_t res = recv(sd, buf, BUF_SIZE, MSG_WAITALL); if (res < 0) cap->logger("recv error: %s", strerror(errno)); @@ -373,9 +401,9 @@ cap->stoppedTCP = true; return NULL; } -void NF_CAP::ParseBuffer(uint8_t * buf, int size) +void NF_CAP::ParseBuffer(uint8_t * buf, ssize_t size) { -RAW_PACKET ip; +STG::RawPacket ip; NF_HEADER * hdr = reinterpret_cast(buf); if (htons(hdr->version) != 5) { @@ -408,6 +436,6 @@ for (int i = 0; i < packets; ++i) ip.rawPacket.header.sPort = data->srcPort; ip.rawPacket.header.dPort = data->dstPort; - traffCnt->Process(ip); + traffCnt->process(ip); } }