capture.c

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

/*
* This file is part of Firestorm NIDS
* Copyright (c) 2002 Gianni Tedesco
* This program is released under the terms of the GNU GPL version 2
*
*    This file represents the capture subsystem. It's really
*    just a bunch of thin wrappers around capdev plugins.
*/
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>

#include <firestorm.h>
#include <cleanup.h>
#include <packet.h>
#include <args.h>
#include <alert.h>
#include <signature.h>
#include <decode.h>
#include <capture.h>

struct capture capture;

/* Make sure to call the capdev cleanup function before we quit */
void capture_cleanup(int state, void *priv)
{
	if ( capture.priv )
		capture.capdev->end(capture.priv);
	if ( capture.args )
		free(capture.args);
}

void capture_init(void) 
{
	cleanup_add(capture_cleanup, NULL);
}

/* Called by the interrupt handlers for clean shutdown */
void capture_stop(void)
{
	capture.state=CAP_STATE_STOP;
}

void capture_interrupt(void)
{
	capture.state=CAP_STATE_INT;
}

/* Setup the capture structures to get going */
void capture_setup(char *type, char *args)
{
	struct capdev *cd;
	char *a;

	if ( !type || !args ) {
		cleanup(EXIT_ERR, "capture: wtf?!");
	}

	if ( !(cd=capdev_find(type)) ) {
		cleanup(EXIT_ERR, "capture: cant find '%s'", type);
	}

	if ( !(a=strdup(args)) ) {
		cperror("strdup");
	}

	capture.capdev=cd;
	capture.args=a;
	if ( !(capture.priv=capture.capdev->init(args)) )
		cleanup(EXIT_ERR, "capture: failed to initialise");
	capture.state=CAP_STATE_INIT;
}

/* Go in to the packet capture main loop */
void capture_go(void)
{
	struct timeval tv, tv2;
	struct timeval end;

	if ( capture.state!=CAP_STATE_INIT ) {
		cleanup(EXIT_ERR, "No captures specified");
	}

	/* Ready to go */
	mesg(M_INFO,"capture: %s[%s]: started",
		capture.capdev->name, capture.args);

	/* Do the capture */
	capture.state=CAP_STATE_CAPTURE;
	gettimeofday(&tv, NULL);
	do {
		capture.capdev->go(capture.priv, &capture);
		if ( capture.state==CAP_STATE_INT ) {
			/* An interrupt was recieved */
			capture.state=CAP_STATE_CAPTURE;
			alert_hup();
		}
	} while ( capture.state==CAP_STATE_CAPTURE );
	gettimeofday(&tv2, NULL);
	capture.state=CAP_STATE_ENDED;

	/* All done */
	mesg(M_INFO,"capture: %s[%s]: stopped: %llu packets",
		capture.capdev->name,capture.args,the_serial);

	/* Calculate elapsed times (badly) */
	end.tv_sec=(tv2.tv_sec-tv.tv_sec)-1;
	end.tv_usec=(1000000+tv2.tv_usec)-tv.tv_usec;
	while ( end.tv_usec >= 1000000 ) {
		end.tv_usec-=1000000;
		end.tv_sec++;
	}

	/* TODO: Get CPU time as well as wall time */
	mesg(M_DEBUG,"BEGIN: %.lu.%.6lu", tv.tv_sec, tv.tv_usec);
	mesg(M_DEBUG,"END: %.lu.%.6lu", tv2.tv_sec, tv2.tv_usec);
	mesg(M_DEBUG,"ELAPSED: %lu.%.6lu", end.tv_sec, end.tv_usec);
}