1 /*
2  * Copyright (c) 2016-2021, OARC, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. Neither the name of the copyright holder nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
29  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
31  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #include "config.h"
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <unistd.h>
40 #include <string.h>
41 #include <netinet/in.h>
42 
43 #include "dnscap_common.h"
44 
45 static logerr_t*   logerr;
46 static int         opt_f = 0;
47 static const char* opt_x = 0;
48 
49 output_t template_output;
50 
template_usage()51 void template_usage()
52 {
53     fprintf(stderr,
54         "\ntemplate.so options:\n"
55         "\t-?         print these instructions and exit\n"
56         "\t-f         flag option\n"
57         "\t-x <arg>   option with argument\n");
58 }
59 
template_getopt(int * argc,char ** argv[])60 void template_getopt(int* argc, char** argv[])
61 {
62     /*
63      * The "getopt" function will be called from the parent to
64      * process plugin options.
65      */
66     int c;
67     while ((c = getopt(*argc, *argv, "?fx:")) != EOF) {
68         switch (c) {
69         case 'f':
70             opt_f = 1;
71             break;
72         case 'x':
73             opt_x = strdup(optarg);
74             break;
75         case '?':
76             template_usage();
77             if (!optopt || optopt == '?') {
78                 exit(0);
79             }
80             // fallthrough
81         default:
82             exit(1);
83         }
84     }
85 }
86 
template_start(logerr_t * a_logerr)87 int template_start(logerr_t* a_logerr)
88 {
89     /*
90      * The "start" function is called once, when the program
91      * starts.  It is used to initialize the plugin.  If the
92      * plugin wants to write debugging and or error messages,
93      * it should save the a_logerr pointer passed from the
94      * parent code.
95      */
96     logerr = a_logerr;
97     return 0;
98 }
99 
template_stop()100 void template_stop()
101 {
102     /*
103      * The "start" function is called once, when the program
104      * is exiting normally.  It might be used to clean up state,
105      * free memory, etc.
106      */
107 }
108 
template_open(my_bpftimeval ts)109 int template_open(my_bpftimeval ts)
110 {
111     /*
112      * The "open" function is called at the start of each
113      * collection interval, which might be based on a period
114      * of time or a number of packets.  In the original code,
115      * this is where we opened an output pcap file.
116      */
117     return 0;
118 }
119 
template_close(my_bpftimeval ts)120 int template_close(my_bpftimeval ts)
121 {
122     /*
123      * The "close" function is called at the end of each
124      * collection interval, which might be based on a period
125      * of time or on a number of packets.  In the original code
126      * this is where we closed an output pcap file.
127      */
128     return 0;
129 }
130 
template_output(const char * descr,iaddr from,iaddr to,uint8_t proto,unsigned flags,unsigned sport,unsigned dport,my_bpftimeval ts,const u_char * pkt_copy,const unsigned olen,const u_char * payload,const unsigned payloadlen)131 void template_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags,
132     unsigned sport, unsigned dport, my_bpftimeval ts,
133     const u_char* pkt_copy, const unsigned olen,
134     const u_char* payload, const unsigned payloadlen)
135 {
136     /*
137      * Here you can "process" a packet.  The function is named
138      * "output" because in the original code this is where
139      * packets were outputted.
140      *
141      * if flags & PCAP_OUTPUT_ISDNS != 0 then payload is the start of a DNS message.
142      *
143      * if flags & PCAP_OUTPUT_ISFRAG != 0 then the packet is a fragment.
144      *
145      * if flags & PCAP_OUTPUT_ISLAYER != 0 then the pkt_copy is the same as payload.
146      */
147 }
148