2015-03-19 15:07:24 +01:00
|
|
|
#include <stdio.h>
|
2015-03-19 21:06:55 +01:00
|
|
|
#include <stdlib.h>
|
2015-03-19 15:07:24 +01:00
|
|
|
#include <iostream>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <fcntl.h>
|
2015-03-19 16:38:18 +01:00
|
|
|
#include <stdint.h>
|
2015-03-19 21:06:55 +01:00
|
|
|
#include <string.h>
|
2015-03-19 15:07:24 +01:00
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
2015-03-19 21:06:55 +01:00
|
|
|
#include <string>
|
|
|
|
#include <sstream>
|
|
|
|
|
2015-07-15 13:02:45 +02:00
|
|
|
#include "fastnetmon_pcap_format.h"
|
|
|
|
|
2015-03-19 21:06:55 +01:00
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
2015-05-29 14:08:12 +02:00
|
|
|
#include "netflow_plugin/netflow_collector.h"
|
2015-06-17 12:35:42 +02:00
|
|
|
#include "sflow_plugin/sflow_collector.h"
|
|
|
|
|
|
|
|
#include "sflow_plugin/sflow_data.h"
|
|
|
|
#include "sflow_plugin/sflow.h"
|
|
|
|
|
2015-05-29 14:08:12 +02:00
|
|
|
#include "fastnetmon_packet_parser.h"
|
|
|
|
#include "fastnetmon_types.h"
|
|
|
|
#include "fast_library.h"
|
2015-03-19 21:06:55 +01:00
|
|
|
|
|
|
|
#include "log4cpp/Category.hh"
|
|
|
|
#include "log4cpp/Appender.hh"
|
|
|
|
#include "log4cpp/FileAppender.hh"
|
|
|
|
#include "log4cpp/OstreamAppender.hh"
|
|
|
|
#include "log4cpp/Layout.hh"
|
|
|
|
#include "log4cpp/BasicLayout.hh"
|
|
|
|
#include "log4cpp/PatternLayout.hh"
|
|
|
|
#include "log4cpp/Priority.hh"
|
|
|
|
|
|
|
|
// Fake config
|
|
|
|
std::map<std::string, std::string> configuration_map;
|
|
|
|
|
|
|
|
std::string log_file_path = "/tmp/fastnetmon_pcap_reader.log";
|
|
|
|
log4cpp::Category& logger = log4cpp::Category::getRoot();
|
|
|
|
|
2015-03-19 15:07:24 +01:00
|
|
|
|
2015-05-15 12:55:52 +02:00
|
|
|
/* It's prototype for moc testing of FastNetMon, it's very useful for netflow or direct packet
|
|
|
|
* parsers debug */
|
2015-03-19 15:07:24 +01:00
|
|
|
|
2015-06-17 12:35:42 +02:00
|
|
|
void pcap_parse_packet(const char* flow_type, char* buffer, uint32_t len);
|
2015-03-19 21:06:55 +01:00
|
|
|
|
|
|
|
void init_logging() {
|
2015-05-15 12:55:52 +02:00
|
|
|
log4cpp::PatternLayout* layout = new log4cpp::PatternLayout();
|
|
|
|
layout->setConversionPattern("%d [%p] %m%n");
|
2015-03-19 21:06:55 +01:00
|
|
|
|
2015-05-15 12:55:52 +02:00
|
|
|
log4cpp::Appender* appender = new log4cpp::FileAppender("default", log_file_path);
|
2015-03-19 21:06:55 +01:00
|
|
|
appender->setLayout(layout);
|
|
|
|
|
|
|
|
logger.setPriority(log4cpp::Priority::INFO);
|
|
|
|
logger.addAppender(appender);
|
|
|
|
logger.info("Logger initialized!");
|
|
|
|
}
|
|
|
|
|
2015-06-17 12:35:42 +02:00
|
|
|
int pcap_reader(const char* flow_type, const char* pcap_file_path) {
|
2015-03-19 15:07:24 +01:00
|
|
|
int filedesc = open(pcap_file_path, O_RDONLY);
|
|
|
|
|
|
|
|
if (filedesc <= 0) {
|
|
|
|
printf("Can't open dump file");
|
|
|
|
return -1;
|
2015-05-15 12:55:52 +02:00
|
|
|
}
|
2015-03-19 15:07:24 +01:00
|
|
|
|
2015-07-15 12:49:21 +02:00
|
|
|
struct fastnetmon_pcap_file_header pcap_header;
|
|
|
|
ssize_t file_header_readed_bytes = read(filedesc, &pcap_header, sizeof(struct fastnetmon_pcap_file_header));
|
2015-03-19 15:07:24 +01:00
|
|
|
|
2015-07-15 12:49:21 +02:00
|
|
|
if (file_header_readed_bytes != sizeof(struct fastnetmon_pcap_file_header)) {
|
2015-03-19 15:07:24 +01:00
|
|
|
printf("Can't read pcap file header");
|
|
|
|
}
|
|
|
|
|
|
|
|
// http://www.tcpdump.org/manpages/pcap-savefile.5.html
|
|
|
|
if (pcap_header.magic == 0xa1b2c3d4 or pcap_header.magic == 0xd4c3b2a1) {
|
|
|
|
// printf("Magic readed correctly\n");
|
|
|
|
} else {
|
|
|
|
printf("Magic in file header broken\n");
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Buffer for packets
|
2015-03-19 21:06:55 +01:00
|
|
|
char packet_buffer[pcap_header.snaplen];
|
2015-03-19 15:07:24 +01:00
|
|
|
|
2015-05-15 12:55:52 +02:00
|
|
|
unsigned int read_packets = 0;
|
2015-03-19 15:07:24 +01:00
|
|
|
while (1) {
|
2015-05-15 12:55:52 +02:00
|
|
|
// printf("Start packet %d processing\n", read_packets);
|
2015-03-19 16:38:18 +01:00
|
|
|
struct fastnetmon_pcap_pkthdr pcap_packet_header;
|
2015-05-15 12:55:52 +02:00
|
|
|
ssize_t packet_header_readed_bytes =
|
|
|
|
read(filedesc, &pcap_packet_header, sizeof(struct fastnetmon_pcap_pkthdr));
|
|
|
|
|
2015-03-19 16:38:18 +01:00
|
|
|
if (packet_header_readed_bytes != sizeof(struct fastnetmon_pcap_pkthdr)) {
|
2015-05-15 12:55:52 +02:00
|
|
|
// We haven't any packets
|
2015-03-19 15:07:24 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2015-03-19 16:38:18 +01:00
|
|
|
if (pcap_packet_header.incl_len > pcap_header.snaplen) {
|
2015-05-15 12:55:52 +02:00
|
|
|
printf("Please enlarge packet buffer! We got packet with size: %d but our buffer is %d "
|
|
|
|
"bytes\n",
|
|
|
|
pcap_packet_header.incl_len, pcap_header.snaplen);
|
2015-03-19 15:07:24 +01:00
|
|
|
return -4;
|
|
|
|
}
|
|
|
|
|
2015-03-19 21:06:55 +01:00
|
|
|
ssize_t packet_payload_readed_bytes = read(filedesc, packet_buffer, pcap_packet_header.incl_len);
|
2015-05-15 12:55:52 +02:00
|
|
|
|
2015-03-19 16:38:18 +01:00
|
|
|
if (pcap_packet_header.incl_len != packet_payload_readed_bytes) {
|
2015-03-19 15:07:24 +01:00
|
|
|
printf("I read packet header but can't read packet payload\n");
|
|
|
|
return -3;
|
|
|
|
}
|
|
|
|
|
2015-03-19 16:38:18 +01:00
|
|
|
// printf("packet payload read\n");
|
2015-06-17 12:35:42 +02:00
|
|
|
pcap_parse_packet(flow_type, packet_buffer, pcap_packet_header.incl_len);
|
2015-03-19 21:06:55 +01:00
|
|
|
|
2015-05-15 12:55:52 +02:00
|
|
|
// printf("Process packet %d\n", read_packets);
|
2015-03-19 15:07:24 +01:00
|
|
|
read_packets++;
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("I correctly read %d packets from this dump\n", read_packets);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-03-19 21:06:55 +01:00
|
|
|
void my_fastnetmon_packet_handler(simple_packet& current_packet) {
|
2015-05-15 12:55:52 +02:00
|
|
|
std::cout << print_simple_packet(current_packet);
|
2015-03-19 21:06:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
extern process_packet_pointer netflow_process_func_ptr;
|
2015-06-17 12:35:42 +02:00
|
|
|
extern process_packet_pointer sflow_process_func_ptr;
|
2015-03-19 21:06:55 +01:00
|
|
|
|
2015-06-17 12:35:42 +02:00
|
|
|
void pcap_parse_packet(const char* flow_type, char* buffer, uint32_t len) {
|
2015-03-19 21:06:55 +01:00
|
|
|
struct pfring_pkthdr packet_header;
|
|
|
|
memset(&packet_header, 0, sizeof(packet_header));
|
|
|
|
packet_header.len = len;
|
|
|
|
packet_header.caplen = len;
|
|
|
|
|
2015-05-15 12:55:52 +02:00
|
|
|
fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, 1, 0);
|
|
|
|
|
|
|
|
// char print_buffer[512];
|
|
|
|
// fastnetmon_print_parsed_pkt(print_buffer, 512, (u_char*)buffer, &packet_header);
|
|
|
|
// logger.info("%s", print_buffer);
|
2015-03-19 21:06:55 +01:00
|
|
|
|
|
|
|
char* payload_ptr = packet_header.extended_hdr.parsed_pkt.offset.payload_offset + buffer;
|
2015-03-20 09:32:05 +01:00
|
|
|
|
|
|
|
if (packet_header.len <= packet_header.extended_hdr.parsed_pkt.offset.payload_offset) {
|
|
|
|
printf("Something goes wrong! Offset if bigger than total packet length");
|
|
|
|
return;
|
|
|
|
}
|
2015-05-15 12:55:52 +02:00
|
|
|
|
2015-03-20 09:32:05 +01:00
|
|
|
unsigned int payload_length = packet_header.len - packet_header.extended_hdr.parsed_pkt.offset.payload_offset;
|
2015-06-17 12:35:42 +02:00
|
|
|
|
|
|
|
if (strcmp(flow_type, "netflow") == 0) {
|
|
|
|
netflow_process_func_ptr = my_fastnetmon_packet_handler;
|
|
|
|
|
|
|
|
std::string fake_peer_ip = "10.0.1.2";
|
|
|
|
process_netflow_packet((u_int8_t*)payload_ptr, payload_length, fake_peer_ip);
|
|
|
|
} else if (strcmp(flow_type, "sflow") == 0) {
|
|
|
|
sflow_process_func_ptr = my_fastnetmon_packet_handler;
|
|
|
|
|
|
|
|
SFSample sample;
|
|
|
|
memset(&sample, 0, sizeof(sample));
|
|
|
|
|
|
|
|
sample.rawSample = (uint8_t*)payload_ptr;
|
|
|
|
sample.rawSampleLen = payload_length;
|
|
|
|
sample.sourceIP.type = SFLADDRESSTYPE_IP_V4;
|
|
|
|
|
|
|
|
read_sflow_datagram(&sample);
|
|
|
|
} else {
|
|
|
|
printf("We do not support this flow type: %s\n", flow_type);
|
|
|
|
}
|
2015-03-19 21:06:55 +01:00
|
|
|
}
|
|
|
|
|
2015-05-29 15:28:10 +02:00
|
|
|
int main(int argc, char** argv) {
|
2015-03-20 01:15:23 +01:00
|
|
|
init_logging();
|
2015-05-29 15:28:10 +02:00
|
|
|
|
2015-06-17 12:35:42 +02:00
|
|
|
if (argc != 3) {
|
|
|
|
printf("Please provide flow type: sflow or netflow and path to pcap dump\n");
|
2015-05-29 15:28:10 +02:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2015-06-17 12:35:42 +02:00
|
|
|
printf("We will process file: %s as %s dump\n", argv[2], argv[1]);
|
|
|
|
pcap_reader(argv[1], argv[2]);
|
2015-03-19 15:07:24 +01:00
|
|
|
}
|