tcpflow  1.6.1
About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
  Fossies Dox: tcpflow-1.6.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

tcpflow.h
Go to the documentation of this file.
1 /*
2  * This file is part of tcpflow by Simson Garfinkel,
3  * originally by Jeremy Elson <jelson@circlemud.org>
4  *
5  * This source code is under the GNU Public License (GPL). See
6  * LICENSE for details.
7  *
8  *
9  *
10  */
11 
12 #ifndef TCPFLOW_H
13 #define TCPFLOW_H
14 
15 
16 #include "config.h"
17 
18 /* Older versions of autoconf define PACKAGE and VERSION.
19  * Newer versions define PACKAGE_VERSION and PACKAGE_NAME.
20  * We now use the new variables; allow the old ones.
21  */
22 
23 #ifndef PACKAGE_VERSION
24 #define PACKAGE_VERSION VERSION
25 #endif
26 
27 #ifndef PACKAGE_NAME
28 #define PACKAGE_NAME PACAKGE
29 #endif
30 
31 /****************************************************************
32  *** Windows/mingw compatability seciton.
33  ***
34  *** If we are compiling for Windows, including the Windows-specific
35  *** include files first and disable pthread support.
36  ***/
37 #if (defined(WIN32) || defined(__MINGW32__))
38 # undef HAVE_PTHREAD_H
39 # undef HAVE_SEMAPHORE_H
40 # undef HAVE_PTHREAD
41 # undef HAVE_INET_NTOP /* it's not there. Really. */
42 # undef HAVE_EXTERN_PROGNAME // don't work properly on mingw
43 # define MKDIR(a,b) mkdir(a) // MKDIR only takes 1 argument on windows
44 
45 /* Defines not present in Microsoft Windows stack */
46 
47 #else
48 /*** Unix-specific elements for windows compatibility section ***/
49 # define MKDIR(a,b) mkdir(a,b) // MKDIR takes 2 arguments on Posix
50 #endif
51 
52 /***
53  *** end of windows compatibility section
54  ****************************************************************/
55 
56 /* If we are including inttypes.h, mmake sure __STDC_FORMAT_MACROS is defined */
57 #ifndef __STDC_FORMAT_MACROS
58 #define __STDC_FORMAT_MACROS
59 #endif
60 
61 /* We want the BSD flavor of defines if possible */
62 #ifndef __FAVOR_BSD
63 #define __FAVOR_BSD
64 #endif
65 
66 #ifndef __USE_BSD
67 #define __USE_BSD
68 #endif
69 
70 #include <cstdio> /* required per C++ standard - use the C++ versions*/
71 #include <cstdlib>
72 #include <cctype>
73 #include <cstdarg>
74 #include <cerrno>
75 #include <iostream>
76 #include <iomanip>
77 
78 #include <fcntl.h>
79 #include <assert.h>
80 
81 #ifndef O_BINARY
82 #define O_BINARY 0
83 #endif
84 
85 
86 // These are the required include files; they better be present
87 #include <inttypes.h>
88 #include <sys/stat.h>
89 
90 #ifdef HAVE_SYS_CDEFS_H
91 # include <sys/cdefs.h>
92 #endif
93 
94 
95 #ifdef HAVE_STRING_H
96 # include <string.h>
97 #endif
98 
99 #ifdef HAVE_STRINGS_H
100 # include <strings.h>
101 #endif
102 
103 #ifdef HAVE_SYS_TYPES_H
104 # include <sys/types.h>
105 #endif
106 
107 
108 #ifdef HAVE_UNISTD_H
109 # include <unistd.h>
110 #endif
111 
112 #ifdef HAVE_SYS_BITYPES_H
113 # include <sys/bitypes.h>
114 #endif
115 
116 #ifdef TIME_WITH_SYS_TIME
117 # include <sys/time.h>
118 # include <time.h>
119 #else
120 # if HAVE_SYS_TIME_H
121 # include <sys/time.h>
122 # else
123 # include <time.h>
124 # endif
125 #endif
126 
127 #ifdef HAVE_SYS_SOCKET_H
128 # include <sys/socket.h>
129 #endif
130 
131 #ifdef HAVE_NE_IF_VAR_H
132 #include <net/if_var.h>
133 #endif
134 
135 #ifdef HAVE_NET_IF_H
136 # include <net/if.h>
137 #endif
138 
139 /* We have given up on keeping track of this all and are just including our own definitions. */
140 
141 
142 //#ifdef HAVE_NETINET_IN_SYSTM_H
143 //# include <netinet/in_systm.h>
144 //#endif
145 
146 //#ifdef HAVE_NETINET_IP6_H
147 //#include <netinet/ip6.h>
148 //#endif
149 
150 //#ifdef HAVE_NETINET_IP_VAR_H
151 //# include <netinet/ip_var.h> // FREEBSD
152 //#endif
153 
154 //#ifdef HAVE_NETINET_IF_ETHER_H
155 //# include <netinet/if_ether.h>
156 //#endif
157 
158 //#ifdef HAVE_NETINET_TCP_H
159 //# include <netinet/tcp.h>
160 //#endif
161 
162 //#ifdef HAVE_NETINET_TCPIP_H
163 //# include <netinet/tcpip.h> // FREEBSD
164 //#endif
165 
166 //#ifdef HAVE_ARPA_INET_H
167 //# include <arpa/inet.h>
168 //#endif
169 
170 
171 ///*
172 // * Oracle Enterprise Linux is missing the definition for
173 // * ETHERTYPE_VLAN
174 // */
175 //#ifndef ETHERTYPE_VLAN
176 //# define ETHERTYPE_VLAN 0x8100
177 //#endif
178 
179 #ifdef HAVE_SIGNAL_H
180 # include <signal.h>
181 #endif
182 
183 
184 /****************** Ugly System Dependencies ******************************/
185 
186 /* We always want to refer to RLIMIT_NOFILE, even if what you actually
187  * have is RLIMIT_OFILE
188  */
189 #if defined(RLIMIT_OFILE) && !defined(RLIMIT_NOFILE)
190 # define RLIMIT_NOFILE RLIMIT_OFILE
191 #endif
192 
193 /* OPEN_MAX is the maximum number of files to open.
194  * Unfortunately, some systems called this FOPEN_MAX...
195  */
196 #if defined(FOPEN_MAX) && !defined(OPEN_MAX)
197 # define OPEN_MAX FOPEN_MAX
198 #endif
199 
200 /* some systems don't define SEEK_SET... sigh */
201 #ifndef SEEK_SET
202 # define SEEK_SET 0
203 #endif /* SEEK_SET */
204 
205 /* These may not be defined on some systems */
206 
207 #ifndef MAX_IPv4_STR_LEN
208 #define MAX_IPv4_STR_LEN (3*4+3)
209 #endif
210 
211 #ifndef MAX_IPv6_STR_LEN
212 #define MAX_IPv6_STR_LEN 256
213 #endif
214 
215 #ifndef HAVE_SOCKLEN_T
216 typedef size_t socklen_t;
217 #endif
218 
219 #ifndef IN6_IS_ADDR_V4MAPPED
220 #define IN6_IS_ADDR_V4MAPPED(x) 0
221 #endif
222 
223 #ifndef IN6_IS_ADDR_V4COMPAT
224 #define IN6_IS_ADDR_V4COMPAT(x) 0
225 #endif
226 
227 #undef s6_addr
228 #define s6_addr __u6_addr.__u6_addr8
229 
230 #undef s6_addr16
231 #define s6_addr16 __u6_addr.__u6_addr16
232 
233 #undef s6_addr32
234 #define s6_addr32 __u6_addr.__u6_addr32
235 
236 #ifdef __MINGW32__
237 typedef uint16_t in_port_t;
238 typedef unsigned char u_int8_t;
239 #endif
240 
241 /**************************** Constants ***********************************/
242 
243 #define DEFAULT_DEBUG_LEVEL 1
244 #define MAX_FD_GUESS 64
245 #define SNAPLEN 65536 /* largest possible MTU we'll see */
246 
247 /* Reserve FDs for stdin, stdout, stderr, and the packet filter; one for breathing
248  * room (we open new files before closing old ones), and one more to
249  * be safe.
250  */
251 #define NUM_RESERVED_FDS 6 /* number of FDs to set aside; allows files to be opened as necessary */
252 
253 
254 
256 
257 /***************************** Main Support *************************************/
258 
259 /* tcpflow.cpp - CLI */
260 extern const char *progname;
261 void terminate(int sig);
262 #include "inet_ntop.h"
263 
264 #ifdef HAVE_PTHREAD
265 #include <semaphore.h>
266 extern sem_t *semlock;
267 #endif
268 
269 #ifndef __MAIN_C__
270 extern int debug;
271 #endif
272 
273 #define DEBUG(message_level) if (debug >= message_level) debug_real
274 
275 /************************* per-file globals ****************************/
276 
277 /* datalink.cpp - callback for libpcap */
278 extern int32_t datalink_tdelta; // time delta to add to each packet
279 pcap_handler find_handler(int datalink_type, const char *device); // callback for pcap
280 typedef struct {
282  int type;
283 } dlt_handler_t;
284 
285 void dl_ieee802_11_radio(u_char *user, const struct pcap_pkthdr *h, const u_char *p);
286 void dl_prism(u_char *user, const struct pcap_pkthdr *h, const u_char *p);
287 
288 /**
289  * shift the time value, in line with what the user requested...
290  * previously this returned a structure on the stack, but that
291  * created an optimization problem with gcc 4.7.2
292  */
293 inline const timeval &tvshift(struct timeval &tv,const struct timeval &tv_)
294 {
295  tv.tv_sec = tv_.tv_sec + datalink_tdelta;
296  tv.tv_usec = tv_.tv_usec;
297  return tv;
298 }
299 
300 
301 
302 /* util.cpp - utility functions */
303 extern int debug;
304 std::string ssprintf(const char *fmt,...);
305 std::string comma_number_string(int64_t input);
306 void mkdirs_for_path(std::string path); // creates any directories necessary for the path
307 std::string macaddr(const uint8_t *addr);
308 
309 #define DEBUG_PEDANTIC 0x0001 // check values more rigorously
310 void init_debug(const char *progname,int include_pid);
311 void (*portable_signal(int signo, void (*func)(int)))(int);
312 void debug_real(const char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
313 [[noreturn]] void die(const char *fmt, ...) __attribute__ ((__noreturn__)) __attribute__ ((format (printf, 1, 2)));
314 
315 /* scanners */
316 
317 extern "C" scanner_t scan_md5;
318 extern "C" scanner_t scan_http;
323 
324 
325 #ifndef HAVE_TIMEVAL_OUT
326 #define HAVE_TIMEVAL_OUT
327 inline std::ostream& operator<<(std::ostream& os, const struct timeval *t)
328 {
329  return os << t->tv_sec << "." << std::setw(6) << std::setfill('0') << t->tv_usec;
330 
331 }
332 #endif
333 
334 #endif /* __TCPFLOW_H__ */
void scanner_t(const class scanner_params &sp, const class recursion_control_block &rcb)
void(* pcap_handler)(uint8_t *, const struct pcap_pkthdr *, const uint8_t *)
Definition: pcap_fake.h:48
pcap_handler handler
Definition: tcpflow.h:281
std::ostream & operator<<(std::ostream &os, const struct timeval *t)
Definition: tcpflow.h:327
void(*)(int) portable_signal(int signo, void(*func)(int))
Definition: tcpflow.h:311
scanner_t scan_wifiviz
Definition: tcpflow.h:322
void die(const char *fmt,...)
Definition: util.cpp:175
scanner_t scan_md5
Definition: tcpflow.h:317
std::string macaddr(const uint8_t *addr)
Definition: util.cpp:61
scanner_t scan_http
Definition: tcpflow.h:318
std::string comma_number_string(int64_t input)
Definition: util.cpp:33
void dl_ieee802_11_radio(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
const timeval & tvshift(struct timeval &tv, const struct timeval &tv_)
Definition: tcpflow.h:293
void init_debug(const char *progname, int include_pid)
Definition: util.cpp:74
pcap_handler find_handler(int datalink_type, const char *device)
Definition: datalink.cpp:293
scanner_t scan_python
Definition: tcpflow.h:319
void terminate(int sig)
Definition: tcpflow.cpp:244
scanner_t scan_netviz
Definition: tcpflow.h:321
void mkdirs_for_path(std::string path)
Definition: util.cpp:112
std::string ssprintf(const char *fmt,...)
Definition: util.cpp:20
void dl_prism(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
void debug_real(const char *fmt,...)
Definition: util.cpp:164
int debug
Definition: tcpflow.h:303
int32_t datalink_tdelta
Definition: datalink.cpp:42
size_t socklen_t
Definition: tcpflow.h:216
const char * progname
Definition: tcpflow.cpp:70
scanner_t scan_tcpdemux
Definition: tcpflow.h:320
unsigned short uint16_t
Definition: util.h:7
unsigned char uint8_t
Definition: util.h:6