sniff.c

* A ncurses user interface. * Network statistics to view the amount of packets and data in many

/*

  This file is part of sniffer, a packet capture utility and
  network moniter
  The author can be contacted at <mistral@stev.org>
  the lastest version is avilable from 
  http://stev.org

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <pthread.h>
#include <time.h>
#include <fcntl.h>

#include <signal.h>

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>

#include <linux/if_packet.h>

#include "config.h"
#include "locks.h"
#include "gui_main.h"
#include "log.h"
#include "lookup.h"
#include "arp.h"
#include "ip.h"
#include "tcp.h"
#include "udp.h"
#include "icmp.h"
#include "if.h"
#include "sniff.h"



#define SOCK_THREADS 2

/* structs for threads and mutex */
pthread_attr_t thread_attr;
pthread_t sock_thread[SOCK_THREADS];
pthread_t gui_thread;

int sockfd; /* our main socket for sniffing */

int main(int argc, char **argv) {
	int i, cury = 1;

	sockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) );
	if (sockfd < 0) {
		fprintf(stderr, "You must be ROOT to run this\n");
		perror("socket");
		exit(1);
	}

	/* set up the threads so that they automatically join */
	if (pthread_attr_init(&thread_attr) != 0) {
		fprintf(stderr, "pthread Attrb\n");
		exit(1);
	}

	if (pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED) != 0) {
		fprintf(stderr, "pthread Attrb\n");
		exit(1);
	}

	if (pthread_create(&gui_thread, &thread_attr, gui_main, NULL) != 0 ) {
		fprintf(stderr, "pthread Attrb\n");
		exit(1);
	}

	/* we need to wait until the gui is set up before we do anything else */
	while(!gui_ready) { 
	}

	/* this must be started after the gui in case of errors */
	log_start();	/* start the logging */
	mvwprintw(gui->twin, cury++, 1, "Starting logs\n");
	wrefresh(gui->twin);

	init_stat(&stat_global, "ALL");
	init_stat(&ip_stat, "IP");
	init_stat(&tcp_stat, "TCP");
	init_stat(&udp_stat, "UDP");
	init_stat(&icmp_stat,"ICMP");
	mvwprintw(gui->twin, cury++, 1, "Starting Stats\n");
	wrefresh(gui->twin);

#ifdef ARP
	arp_init(); /* fire up the arp */
	mvwprintw(gui->twin, cury++, 1, "Starting ARP\n");
	wrefresh(gui->twin);
#endif

	if_init();
	mvwprintw(gui->twin, cury++, 1, "Starting Interface\n");
	wrefresh(gui->twin);

	tcp_init();
	mvwprintw(gui->twin, cury++, 1, "Starting TCP\n");
	wrefresh(gui->twin);

	udp_init();
	mvwprintw(gui->twin, cury++, 1, "Starting UDP\n");
	wrefresh(gui->twin);

	icmp_init();
	mvwprintw(gui->twin, cury++, 1, "Starting ICMP\n");
	wrefresh(gui->twin);

	if (pthread_create(&lookup_thread, &thread_attr, lookup_init, NULL) != 0 ) {
		log_errno("thread lookup_thread");
		exit(1);
	}
	mvwprintw(gui->twin, cury++, 1, "Starting Lookup Thread\n");
	wrefresh(gui->twin);


	for(i=0;i<SOCK_THREADS;i++) {
		if (pthread_create(&sock_thread[i], NULL, sock_read, NULL) != 0 ) {
			log_errno("thread sock_thread");
			exit(1);
		} else {
			mvwprintw(gui->twin, cury++, 1, "Starting Thread %d\n", i);
			wrefresh(gui->twin);
		}
	}

	gui_ready = 2;
	/* we never exit we just keep running */
	for(;;) {
		fflush(NULL);
		tcp_tidy();	/* tidy up tcp stuff */
		udp_tidy();
#ifdef ARP
		arp_tidy();
#endif
		lookup_tidy();
		sleep(2);
	}

	return 0;
}

/* The new way to read from the socket */
/* this should be able to tell that interface the packet came from */
/* and then send it to the correct handler */
void *sock_read(void *arg) {
	struct sockaddr_ll fromaddr;
	int fromlen = sizeof(fromaddr); /* need this because of the way recvfrom is done */
	int length;
	char data[8196]; /* big buffer for data from the network */
	struct sniff_pkt pkt;
	
	/* we need to get the first packet */
	length = recvfrom(sockfd, &data, 8196, 0, (struct sockaddr *) &fromaddr, &fromlen );


	while (length > 0) {
		pkt.readlen = length;
		pkt.dataleft = length;
		stat_global.packets++;
		stat_global.bytes += length;

		if_handle(&pkt, &fromaddr, &data);

		/* get the next packet */
		/* it appreas we dont need locking here */
		length = recvfrom(sockfd, &data, 8195, 0, (struct sockaddr *) &fromaddr, &fromlen );
	}
	/* if we come out of the loop we got a read error */
	log_errno("read");
	log_error("Thread Exiting %d\n", getpid());
	pthread_exit(0);
	return NULL;
}