vlan.c

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

#include <stdlib.h>
#include <stdio.h>
#include <netinet/in.h>

#include <firestorm.h>
#include <args.h>
#include <packet.h>
#include <plugin.h>
#include <alert.h>
#include <signature.h>
#include <decode.h>
#include <preproc.h>

PLUGIN_STD_DEFS();
proc_dispatch dispatch;

void vlan_decode(struct packet *);
int vlan_dprint(struct layer *, char *, int);

struct proto vlan_p=init_proto("802.1q", vlan_decode, vlan_dprint);
struct proto_req vlan_r[]={
	/* XXX: Do not add any other relations here!! */
	proto_request("ethernet", __constant_htons(0x8100)),
	null_request()
};


int vlan_dprint(struct layer *l, char *buf, int buflen)
{
	u_int16_t vlan, prio, cfi;

	vlan=ntohs(l->h.vlan->vlan);

	prio=vlan & 0xe000;
	cfi =vlan & 0x2000;
	vlan=vlan & 0x0fff;

	return snprintf(buf, buflen, "vlan=%u priority=%u cfi=%u proto=0x%x",
		vlan, prio, cfi,
		ntohs(l->h.vlan->proto));
}

/* XXX: Cannot be at index 0 in the layer array! */
void vlan_decode(struct packet *p)
{
	struct proto_child *pc=p->layer[p->llen-1].proto->children;
	struct layer *l=&p->layer[p->llen];

	/* Fill in the next layers pointer */
	if ( (p->layer[p->llen+1].h.raw=
		l->h.raw+sizeof(struct pkt_vlanhdr))
		> p->end ) return;

	p->llen++;

	if ( p->llen >= PKT_LAYERS ) return;

	/* Find a relevent child */
	for(;pc; pc=pc->next)
	{
		if ( l->h.vlan->proto == pc->id ) {
			p->layer[p->llen].flags=0;
			p->layer[p->llen].session=NULL;
			p->layer[p->llen].proto=pc->proto;
			pc->proto->decode(p);
			return;
		}
	}

	/* Just data */
	if ( p->layer[p->llen].h.raw<p->end )
		p->layer[p->llen++].proto=NULL;
	dispatch(p);
}

int PLUGIN_DECODE (struct decode_api *d)
{
	int ok=0;

	object_check(d);

	dispatch=d->dispatch;

	ok+=d->decode_add(&vlan_p, vlan_r);

	return (ok) ? PLUGIN_ERR_OK : PLUGIN_ERR_FAIL;
}

int PLUGIN_INIT (struct plugin_in *in, struct plugin_out *out)
{
	plugin_check(in, out);

	PLUGIN_ID("decode.vlan", "802.1q aka vlan");
	PLUGIN_VERSION(1, 0);
	PLUGIN_AUTHOR("Gianni Tedesco", "gianni@scaramanga.co.uk");
	PLUGIN_LICENSE("GPL");

	return PLUGIN_ERR_OK;
}

int PLUGIN_UNLOAD (int code) {
	return PLUGIN_ERR_OK;
}