From 0c83eabfd1529d535060885d7a0c6bfe96c19b19 Mon Sep 17 00:00:00 2001 From: Zakir Durumeric Date: Thu, 29 Aug 2013 14:29:59 -0400 Subject: [PATCH] working new interface --- INSTALL | 1 + src/fieldset.c | 3 +++ src/output_modules/module_csv.c | 24 ++++++++++------- src/output_modules/output_modules.h | 2 +- src/recv.c | 26 +++++++++++++++--- src/state.c | 2 ++ src/state.h | 2 ++ src/zmap.c | 42 ++++++++++++++++++++++++----- 8 files changed, 81 insertions(+), 21 deletions(-) diff --git a/INSTALL b/INSTALL index a873db9..6d05d16 100644 --- a/INSTALL +++ b/INSTALL @@ -29,3 +29,4 @@ followed by: Redis support is not enabled by default. If you are want to use ZMap with Redis, you will first need to install Hiredis. Then, rebuild ZMap with the command "make REDIS=true". + diff --git a/src/fieldset.c b/src/fieldset.c index 73db4da..4df5e7f 100644 --- a/src/fieldset.c +++ b/src/fieldset.c @@ -80,6 +80,9 @@ int fds_get_index_by_name(fielddefset_t *fds, char *name) void fs_free(fieldset_t *fs) { + if (!fs) { + return; + } for (int i=0; i < fs->len; i++) { field_t *f = &(fs->fields[i]); if (f->free_) { diff --git a/src/output_modules/module_csv.c b/src/output_modules/module_csv.c index 8bc5665..151a0f9 100644 --- a/src/output_modules/module_csv.c +++ b/src/output_modules/module_csv.c @@ -22,7 +22,7 @@ static FILE *file = NULL; -int csv_init(struct state_conf *conf, fielddefset_t *fds) +int csv_init(struct state_conf *conf, char **fields, int fieldlens) { assert(conf); if (conf->output_filename) { @@ -34,15 +34,18 @@ int csv_init(struct state_conf *conf, fielddefset_t *fds) conf->output_filename); } } + } else { + log_warn("csv", "no output file selected. " + "no results will be provided."); + } + if (fieldlens > 1 && file) { + for (int i=0; i < fieldlens; i++) { + if (i) { + fprintf(file, ", "); + } + fprintf(file, "%s", fields[i]); + } } - //// add output headers - (void)fds; - //for (int i=0; i < fds->len; i++) { - // if (i) { - // fprintf(file, ", "); - // } - // fprintf(file, "%s", fds->fielddefs[i].name); - //} return EXIT_SUCCESS; } @@ -66,6 +69,9 @@ static void hex_encode(FILE *f, unsigned char* readbuf, size_t len) int csv_process(fieldset_t *fs) { + if (!file) { + return EXIT_SUCCESS; + } for (int i=0; i < fs->len; i++) { field_t *f = &(fs->fields[i]); if (i) { diff --git a/src/output_modules/output_modules.h b/src/output_modules/output_modules.h index 64acd5d..85a83ae 100644 --- a/src/output_modules/output_modules.h +++ b/src/output_modules/output_modules.h @@ -13,7 +13,7 @@ #include "../fieldset.h" // called at scanner initialization -typedef int (*output_init_cb)(struct state_conf *, fielddefset_t *fds); +typedef int (*output_init_cb)(struct state_conf *, char **fields, int fieldslen); // called on packet receipt typedef int (*output_packet_cb)(fieldset_t *fs); diff --git a/src/recv.c b/src/recv.c index 672fdc6..f4c9a26 100644 --- a/src/recv.c +++ b/src/recv.c @@ -119,13 +119,20 @@ void packet_cb(u_char __attribute__((__unused__)) *user, } else { zrecv.failure_total++; } - + fieldset_t *o = NULL; // we need to translate the data provided by the probe module // into a fieldset that can be used by the output module - fieldset_t *o = translate_fieldset(fs, &zconf.fsconf.translation); + if (!is_success && zconf.filter_unsuccessful) { + goto cleanup; + } + if (is_repeat && zconf.filter_duplicates) { + goto cleanup; + } + o = translate_fieldset(fs, &zconf.fsconf.translation); if (zconf.output_module && zconf.output_module->process_ip) { zconf.output_module->process_ip(o); } +cleanup: fs_free(fs); free(o); if (zconf.output_module && zconf.output_module->update @@ -158,14 +165,14 @@ int recv_run(pthread_mutex_t *recv_ready_mutex) num_src_ports = zconf.source_port_last - zconf.source_port_first + 1; ip_seen = calloc(IP_SEEN_SIZE, sizeof(uint64_t)); if (!ip_seen) { - log_fatal("recv", "couldn't allocate address bitmap"); + log_fatal("recv", "could not allocate address bitmap"); } log_debug("recv", "using dev %s", zconf.iface); char errbuf[PCAP_ERRBUF_SIZE]; pc = pcap_open_live(zconf.iface, zconf.probe_module->pcap_snaplen, PCAP_PROMISC, PCAP_TIMEOUT, errbuf); if (pc == NULL) { - log_fatal("recv", "couldn't open device %s: %s", + log_fatal("recv", "could not open device %s: %s", zconf.iface, errbuf); } struct bpf_program bpf; @@ -176,6 +183,17 @@ int recv_run(pthread_mutex_t *recv_ready_mutex) log_fatal("recv", "couldn't install filter"); } log_debug("recv", "receiver ready"); + if (zconf.filter_duplicates) { + log_debug("recv", "duplicate responses will be excluded from output"); + } else { + log_debug("recv", "duplicate responses will be included in output"); + } + if (zconf.filter_unsuccessful) { + log_debug("recv", "unsuccessful responses will be excluded from output"); + } else { + log_debug("recv", "unsuccessful responses will be included in output"); + } + pthread_mutex_lock(recv_ready_mutex); zconf.recv_ready = 1; pthread_mutex_unlock(recv_ready_mutex); diff --git a/src/state.c b/src/state.c index 9b8a583..62d5a95 100644 --- a/src/state.c +++ b/src/state.c @@ -44,6 +44,8 @@ struct state_conf zconf = { .dryrun = 0, .quiet = 0, .summary = 0, + .filter_duplicates = 0, + .filter_unsuccessful = 0, .recv_ready = 0, }; diff --git a/src/state.h b/src/state.h index 5492058..8846008 100644 --- a/src/state.h +++ b/src/state.h @@ -83,6 +83,8 @@ struct state_conf { int dryrun; int summary; int quiet; + int filter_duplicates; + int filter_unsuccessful; int recv_ready; }; extern struct state_conf zconf; diff --git a/src/zmap.c b/src/zmap.c index bdf278a..4560474 100644 --- a/src/zmap.c +++ b/src/zmap.c @@ -211,7 +211,8 @@ static void start_zmap(void) // initialization if (zconf.output_module && zconf.output_module->init) { - zconf.output_module->init(&zconf, &zconf.fsconf.outdefs); + zconf.output_module->init(&zconf, zconf.output_fields, + zconf.output_fields_len); } if (send_init()) { exit(EXIT_FAILURE); @@ -376,11 +377,38 @@ int main(int argc, char *argv[]) } // parse the provided probe and output module s.t. that we can support // other command-line helpers (e.g. probe help) - zconf.output_module = get_output_module_by_name(args.output_module_arg); - if (!zconf.output_module) { - fprintf(stderr, "%s: specified output module (%s) does not exist\n", - CMDLINE_PARSER_PACKAGE, args.output_module_arg); - exit(EXIT_FAILURE); + if (!args.output_module_given) { + zconf.output_module = get_output_module_by_name("csv"); + zconf.raw_output_fields = (char*) "saddr"; + zconf.filter_duplicates = 1; + zconf.filter_unsuccessful = 1; + } else if (!strcmp(args.output_module_arg, "simple_file")) { + log_warn("zmap", "the simple_file output interface has been deprecated and " + "will be removed in the future. Users should use the csv " + "output module. Newer scan options such as output-fields " + "are not supported with this output module."); + zconf.output_module = get_output_module_by_name("csv"); + zconf.raw_output_fields = (char*) "saddr"; + zconf.filter_duplicates = 1; + zconf.filter_unsuccessful = 1; + } else if (!strcmp(args.output_module_arg, "extended_file")) { + log_warn("zmap", "the extended_file output interface has been deprecated and " + "will be removed in the future. Users should use the csv " + "output module. Newer scan options such as output-fields " + "are not supported with this output module."); + zconf.output_module = get_output_module_by_name("csv"); + zconf.raw_output_fields = (char*) "classification, saddr, " + "daddr, sport, dport, " + "seqnum, acknum, cooldown, " + "repeat, timstamp-str"; + zconf.filter_duplicates = 0; + } else { + zconf.output_module = get_output_module_by_name(args.output_module_arg); + if (!zconf.output_module) { + fprintf(stderr, "%s: specified output module (%s) does not exist\n", + CMDLINE_PARSER_PACKAGE, args.output_module_arg); + exit(EXIT_FAILURE); + } } zconf.probe_module = get_probe_module_by_name(args.probe_module_arg); if (!zconf.probe_module) { @@ -424,7 +452,7 @@ int main(int argc, char *argv[]) // process the list of requested output fields. if (args.output_fields_given) { zconf.raw_output_fields = args.output_fields_arg; - } else { + } else if (!zconf.raw_output_fields) { zconf.raw_output_fields = (char*) "saddr"; } split_string(zconf.raw_output_fields, &(zconf.output_fields_len),