adding generic csv output module

2013-08-27 12:03:24 -04:00
parent 211307e308
commit 67aa6f0ab0
16 changed files with 252 additions and 114 deletions
--- a/src/probe_modules/module_icmp_echo.c
+++ b/src/probe_modules/module_icmp_echo.c
@ -185,5 +185,6 @@ probe_module_t module_icmp_echo = {
 	.process_packet = &icmp_echo_process_packet,
 	.validate_packet = &icmp_validate_packet,
 	.close = NULL,
-	.fields = fields};
+	.fields = fields,
+	.numfields = 6};

--- a/src/probe_modules/module_tcp_synscan.c
+++ b/src/probe_modules/module_tcp_synscan.c
@ -146,14 +146,10 @@ static fielddef_t fields[] = {
 	{.name = "seqnum", .type = "int", .desc = "TCP sequence number"},
 	{.name = "acknum", .type = "int", .desc = "TCP acknowledgement number"},
 	{.name = "window", .type = "int", .desc = "TCP window"},
+	{.name = "classification", .type="string", .desc = "packet classification"},
+	{.name = "success", .type="int", .desc = "is response considered success"}
 };

-const char *help =
-		"Probe module that sends a TCP SYN packet to a specific "
-		"port. Possible classifications are: synack and rst. A "
-		"SYN-ACK packet is considered a success and a reset packet "
-		"is considered a failed response.";
-
 probe_module_t module_tcp_synscan = {
 	.name = "tcp_synscan",
 	.packet_length = 54,
@ -167,6 +163,11 @@ probe_module_t module_tcp_synscan = {
 	.process_packet = &synscan_process_packet,
 	.validate_packet = &synscan_validate_packet,
 	.close = NULL,
-	.helptext = help,
-	.fields = fields};
+	.helptext = "Probe module that sends a TCP SYN packet to a specific "
+		"port. Possible classifications are: synack and rst. A "
+		"SYN-ACK packet is considered a success and a reset packet "
+		"is considered a failed response.",
+
+	.fields = fields,
+	.numfields = 7};

--- a/src/probe_modules/packet.h
+++ b/src/probe_modules/packet.h
@ -20,6 +20,8 @@ void make_tcp_header(struct tcphdr*, port_h_t);
 void make_icmp_header(struct icmp *);
 void make_udp_header(struct udphdr *udp_header, port_h_t dest_port,
 				uint16_t len);
+void fprintf_ip_header(FILE *fp, struct iphdr *iph);
+void fprintf_eth_header(FILE *fp, struct ethhdr *ethh);

 static inline unsigned short in_checksum(unsigned short *ip_pkt, int len)
 {
--- a/src/probe_modules/probe_modules.c
+++ b/src/probe_modules/probe_modules.c
@ -9,6 +9,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
+#include <time.h>

 #include <arpa/inet.h>
 #include <sys/socket.h>
@ -16,24 +17,26 @@
 #include <net/if.h>
 #include <linux/if_packet.h>

+#include "../../lib/logger.h"
 #include "../fieldset.h"
 #include "probe_modules.h"

 extern probe_module_t module_tcp_synscan;
 extern probe_module_t module_icmp_echo;
-extern probe_module_t module_udp;
+//extern probe_module_t module_udp;
 // ADD YOUR MODULE HERE

 probe_module_t* probe_modules[] = {
 	&module_tcp_synscan,
 	&module_icmp_echo,
-	&module_udp
+//	&module_udp
 	// ADD YOUR MODULE HERE
 };

 probe_module_t* get_probe_module_by_name(const char* name)
 {
-	for (int i=0; i < (int) (sizeof(probe_modules)/sizeof(probe_modules[0])); i++) {
+	int len = (int) (sizeof(probe_modules)/sizeof(probe_modules[0]));
+	for (int i=0; i < len; i++) {
 		if (!strcmp(probe_modules[i]->name, name)) {
 			return probe_modules[i];
 		}
@ -43,18 +46,12 @@ probe_module_t* get_probe_module_by_name(const char* name)

 void print_probe_modules(void)
 {
-	for (int i=0; i < (int) (sizeof(probe_modules)/sizeof(probe_modules[0])); i++) {
+	int len = (int) (sizeof(probe_modules)/sizeof(probe_modules[0]));
+	for (int i=0; i < len; i++) {
 		printf("%s\n", probe_modules[i]->name);
 	}
 }

-void print_probe_module_fields(probe_module_t *p)
-{
-	for (int i=0; i < (int) (sizeof(p->fields)/sizeof(p->fields[0])); i++) {
-
-	}
-}
-
 char *make_ip_str(uint32_t ip)
 {
 	struct in_addr t;
@ -66,20 +63,6 @@ char *make_ip_str(uint32_t ip)
 	return retv;
 }

-fielddef_t ip_fields[] = {
-	{.name="saddr", .type="string", .desc="source IP address of response"},
-	{.name="daddr", .type="string", .desc="destination IP address of response"},
-	{.name="ipid", .type="int", .desc="IP identification number of response"},
-	{.name="ttl", .type="int", .desc="time-to-live of response packet"}
-}
-
-fielddef_t sys_fields[] = {
-	{.name="repeat", .type="int", .desc="Is response a repeat response from host"},
-	{.name="cooldown", .type="int", .desc="Was response received during the cooldown period"},
-
-	{.name="timestamp-str", .type="string", .desc="timestamp of when response arrived in ISO8601 format."}
-}
-
 void fs_add_ip_fields(fieldset_t *fs, struct iphdr *ip)
 {
 	fs_add_string(fs, "saddr", make_ip_str(ip->saddr), 1);
@ -88,8 +71,33 @@ void fs_add_ip_fields(fieldset_t *fs, struct iphdr *ip)
 	fs_add_uint64(fs, "ttl", ntohl(ip->ttl));
 }

+#define TIMESTR_LEN 50
+
 void fs_add_system_fields(fieldset_t *fs, int is_repeat, int in_cooldown)
 {
+	fs_add_uint64(fs, "repeat", is_repeat);
+	fs_add_uint64(fs, "cooldown", in_cooldown);

+	char *timestr = malloc(TIMESTR_LEN+1);
+	if (!timestr) {
+		log_fatal("recv", "unable to allocate memory for "
+				  "timestamp string in fieldset.");
+	}
+	time_t now = time(0);
+	strftime(timestr, TIMESTR_LEN, "%Y-%m-%dT%H:%M:%S%z",
+			localtime(&now));
+	fs_add_string(fs, "timestamp-str", timestr, 1);
 }

+fielddef_t ip_fields[] = {
+	{.name="saddr", .type="string", .desc="source IP address of response"},
+	{.name="daddr", .type="string", .desc="destination IP address of response"},
+	{.name="ipid", .type="int", .desc="IP identification number of response"},
+	{.name="ttl", .type="int", .desc="time-to-live of response packet"}
+};
+
+fielddef_t sys_fields[] = {
+	{.name="repeat", .type="int", .desc="Is response a repeat response from host"},
+	{.name="cooldown", .type="int", .desc="Was response received during the cooldown period"},
+	{.name="timestamp-str", .type="string", .desc="timestamp of when response arrived in ISO8601 format."}
+};
--- a/src/probe_modules/probe_modules.h
+++ b/src/probe_modules/probe_modules.h
@ -1,8 +1,8 @@
 #include "../state.h"
 #include "../fieldset.h"

-#ifndef HEADER_PROBE_MODULES_H
-#define HEADER_PROBE_MODULES_H
+#ifndef PROBE_MODULES_H
+#define PROBE_MODULES_H

 typedef struct probe_response_type {
 		const uint8_t is_success;
@ -10,14 +10,21 @@ typedef struct probe_response_type {
 } response_type_t;

 typedef int (*probe_global_init_cb)(struct state_conf *);
-typedef int (*probe_thread_init_cb)(void* packetbuf, macaddr_t* src_mac, macaddr_t* gw_mac, port_n_t src_port);
-typedef int (*probe_make_packet_cb)(void* packetbuf, ipaddr_n_t src_ip, ipaddr_n_t dst_ip,
-			uint32_t *validation, int probe_num);
-typedef void (*probe_print_packet_cb)(FILE *, void* packetbuf);
-typedef int (*probe_close_cb)(struct state_conf*,  struct state_send*, struct state_recv*);
-typedef int (*probe_validate_packet_cb)(const struct iphdr *ip_hdr, uint32_t len, uint32_t *src_ip, uint32_t *validation);
+typedef int (*probe_thread_init_cb)(void* packetbuf, macaddr_t* src_mac,
+		macaddr_t* gw_mac, port_n_t src_port);

-typedef void (*probe_classify_packet_cb)(const u_char* packetbuf, uint32_t len, fieldset_t*);
+typedef int (*probe_make_packet_cb)(void* packetbuf, ipaddr_n_t src_ip,
+		ipaddr_n_t dst_ip,
+		uint32_t *validation, int probe_num);
+
+typedef void (*probe_print_packet_cb)(FILE *, void* packetbuf);
+typedef int (*probe_close_cb)(struct state_conf*, 
+		struct state_send*, struct state_recv*);
+typedef int (*probe_validate_packet_cb)(const struct iphdr *ip_hdr,
+		uint32_t len, uint32_t *src_ip, uint32_t *validation);
+
+typedef void (*probe_classify_packet_cb)(const u_char* packetbuf,
+		uint32_t len, fieldset_t*);

 typedef struct probe_module {
 	const char *name;
@ -37,6 +44,7 @@ typedef struct probe_module {
 	probe_classify_packet_cb process_packet;
 	probe_close_cb close;
 	fielddef_t *fields;
+	int numfields;
 	const char *helptext;

 } probe_module_t;
@ -47,4 +55,8 @@ void fs_add_ip_fields(fieldset_t *fs, struct iphdr *ip);
 void fs_add_system_fields(fieldset_t *fs, int is_repeat, int in_cooldown);
 void print_probe_modules(void);

+extern fielddef_t ip_fields[];
+extern fielddef_t sys_fields[];
+
 #endif // HEADER_PROBE_MODULES_H
+