📄 plugbase.c
字号:
int DestinationIpIsHomenet(Packet * p)
{
if((p->iph->ip_dst.s_addr & pv.netmask) == pv.homenet)
{
return 1;
}
return 0;
}
int SourceIpIsHomenet(Packet * p)
{
if((p->iph->ip_src.s_addr & pv.netmask) == pv.homenet)
{
return 1;
}
return 0;
}
int IsTcpSessionTraffic(Packet * p)
{
if(p->tcph == NULL)
return 0;
if(p->tcph->th_flags != (TH_PUSH | TH_ACK))
{
return 0;
}
return 1;
}
int CheckNet(struct in_addr * compare, struct in_addr * compare2)
{
if(compare->s_addr == compare2->s_addr)
{
return 1;
}
return 0;
}
/* functions to aid in cleaning up aftre plugins */
void AddFuncToRestartList(void (*func) (int, void *), void *arg)
{
PluginRestartList = AddFuncToSignalList(func, arg, PluginRestartList);
}
void AddFuncToCleanExitList(void (*func) (int, void *), void *arg)
{
PluginCleanExitList = AddFuncToSignalList(func, arg, PluginCleanExitList);
}
PluginSignalFuncNode *AddFuncToSignalList(void (*func) (int, void *), void *arg,
PluginSignalFuncNode * list)
{
PluginSignalFuncNode *idx;
idx = list;
if(idx == NULL)
{
idx = (PluginSignalFuncNode *) calloc(sizeof(PluginSignalFuncNode), sizeof(char));
idx->func = func;
idx->arg = arg;
list = idx;
}
else
{
while(idx->next != NULL)
idx = idx->next;
idx->next = (PluginSignalFuncNode *) calloc(sizeof(PluginSignalFuncNode), sizeof(char));
idx = idx->next;
idx->func = func;
idx->arg = arg;
}
idx->next = NULL;
return list;
}
/****************************************************************************
*
* Function: GetUniqueName(char * iface)
*
* Purpose: To return a string that has a high probability of being unique
* for a given sensor.
*
* Arguments: char * iface - The network interface you are sniffing
*
* Returns: A char * -- its a static char * so you should not free it
*
***************************************************************************/
char *GetUniqueName(char * iface)
{
char * rptr;
#ifdef WIN32
rptr = GetHostname();
#else
rptr = GetIP(iface);
if(rptr == NULL)
{
rptr = GetHostname();
}
#endif
return rptr;
}
/****************************************************************************
*
* Function: GetIP(char * iface)
*
* Purpose: To return a string representing the IP address for an interface
*
* Arguments: char * iface - The network interface you want to find an IP
* address for.
*
* Returns: A char * -- make sure you call free on this when you are done
* with it.
*
***************************************************************************/
char *GetIP(char * iface)
{
struct ifreq ifr;
struct sockaddr_in *addr;
int s;
if(iface)
{
/* Set up a dummy socket just so we can use ioctl to find the
ip address of the interface */
s = socket(PF_INET, SOCK_DGRAM, 0);
if(s == -1)
{
FatalError("Problem establishing socket to find IP address for interface: %s\n", iface);
}
strncpy(ifr.ifr_name, iface, strlen(iface) + 1);
#ifndef WIN32
if(ioctl(s, SIOCGIFADDR, &ifr) < 0) return NULL;
else
#endif
{
addr = (struct sockaddr_in *) &ifr.ifr_broadaddr;
}
close(s);
return str2s(inet_ntoa(addr->sin_addr));
}
else
{
return "unknown";
}
}
/****************************************************************************
*
* Function: GetHostname()
*
* Purpose: To return a string representing the hostname
*
* Arguments: None
*
* Returns: A static char * representing the hostname.
*
***************************************************************************/
char *GetHostname()
{
char *error = "unknown";
#ifdef WIN32
int buff = 256;
GetComputerName(error, &buff);
return error;
#else
if(getenv("HOSTNAME")) return getenv("HOSTNAME");
else if(getenv("HOST")) return getenv("HOST");
else return error;
#endif
}
/****************************************************************************
*
* Function: TCPOptionValue(Options *o)
*
* Purpose: To return a string representing the code of an TCP option
*
* Arguments: An Options struct.
*
* Returns: char * -- You must free this char * when you are done with it.
*
***************************************************************************/
char *TCPOptionCode(Options *o)
{
char *rval;
rval = (char *)malloc(SMALLBUFFER);
switch(o->code)
{
case TCPOPT_MAXSEG:
strncpy(rval, "MSS", SMALLBUFFER);
break;
case TCPOPT_EOL:
strncpy(rval, "EOL", SMALLBUFFER);
break;
case TCPOPT_NOP:
strncpy(rval, "NOP", SMALLBUFFER);
break;
case TCPOPT_WSCALE:
strncpy(rval, "WS", SMALLBUFFER);
break;
case TCPOPT_SACK:
strncpy(rval, "Sack", SMALLBUFFER);
break;
case TCPOPT_SACKOK:
strncpy(rval, "SackOK", SMALLBUFFER);
break;
case TCPOPT_ECHO:
strncpy(rval, "Echo", SMALLBUFFER);
break;
case TCPOPT_ECHOREPLY:
strncpy(rval, "Echo Rep", SMALLBUFFER);
break;
case TCPOPT_TIMESTAMP:
strncpy(rval, "TS", SMALLBUFFER);
break;
case TCPOPT_CC:
strncpy(rval, "CC", SMALLBUFFER);
break;
case TCPOPT_CCNEW:
strncpy(rval, "CCNEW", SMALLBUFFER);
break;
case TCPOPT_CCECHO:
strncpy(rval, "CCECHO", SMALLBUFFER);
break;
default:
snprintf(rval, SMALLBUFFER, "Opt %d", o->code);
break;
}
return rval;
}
/****************************************************************************
*
* Function: TCPOptionValue(Options *o)
*
* Purpose: To return a string representing the value of an TCP option
*
* Arguments: An Options struct.
*
* Returns: char * -- You must free this char * when you are done with it.
*
***************************************************************************/
char *TCPOptionValue(Options *o)
{
char * rval;
char * rvalptr;
u_char tmp[5];
int x;
rval = (char *)malloc(SMALLBUFFER);
rvalptr = rval;
switch(o->code)
{
case TCPOPT_MAXSEG:
bzero((char *)tmp, 5);
strncpy(tmp, o->data, 2);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_16BITS(tmp));
break;
case TCPOPT_EOL:
rval[0] = '\0';
break;
case TCPOPT_NOP:
rval[0] = '\0';
break;
case TCPOPT_WSCALE:
snprintf(rval, SMALLBUFFER, "%u", o->data[0]);
break;
case TCPOPT_SACK:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 2);
snprintf(rval, SMALLBUFFER, "%u@", EXTRACT_16BITS(tmp));
x = strlen(rval);
rvalptr += x;
bzero((char *)tmp, 5);
memcpy(tmp, (o->data)+2, 2);
snprintf(rvalptr, SMALLBUFFER - x, "%u", EXTRACT_16BITS(tmp));
break;
case TCPOPT_SACKOK:
rval[0] = '\0';
break;
case TCPOPT_ECHO:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
case TCPOPT_ECHOREPLY:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
case TCPOPT_TIMESTAMP:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u ", EXTRACT_32BITS(tmp));
rvalptr += strlen(rval);
bzero((char *)tmp, 5);
memcpy(tmp, (o->data)+4, 4);
snprintf(rvalptr, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CC:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCNEW:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCECHO:
bzero((char *)tmp, 5);
memcpy(tmp, o->data, 4);
snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
break;
default:
rval[0] = '\0';
if(o->len > 2)
{
for(x = 0; x < (int)(o->len-2); x+=2)
{
snprintf(tmp, 5, "%02X%02X ", o->data[x], o->data[x+1]);
if(strlen(rval) < SMALLBUFFER - 5);
strncat(rval, tmp, SMALLBUFFER - strlen(rval));
}
}
break;
}
return rval;
}
/****************************************************************************
*
* Function: IPOptionValue(Options *o)
*
* Purpose: To return a string representing the code of an IP option
*
* Arguments: An Options struct.
*
* Returns: char * -- You must free this char * when you are done with it.
*
***************************************************************************/
char *IPOptionCode(Options * o)
{
char *rval;
rval = (char *)malloc(SMALLBUFFER);
switch(o->code)
{
case IPOPT_RR:
strncpy(rval, "RR", SMALLBUFFER);
break;
case IPOPT_EOL:
strncpy(rval, "EOL", SMALLBUFFER);
break;
case IPOPT_NOP:
strncpy(rval, "NOP", SMALLBUFFER);
break;
case IPOPT_TS:
strncpy(rval, "TS", SMALLBUFFER);
break;
case IPOPT_SECURITY:
strncpy(rval, "SEC", SMALLBUFFER);
break;
case IPOPT_LSRR:
case IPOPT_LSRR_E:
strncpy(rval, "LSRR", SMALLBUFFER);
break;
case IPOPT_SATID:
strncpy(rval, "SID", SMALLBUFFER);
break;
case IPOPT_SSRR:
strncpy(rval, "SSRR", SMALLBUFFER);
break;
default:
snprintf(rval, SMALLBUFFER, "Opt %d", o->code);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -