1 /* 2 ** 3 ** Copyright (C) 2008-2013 Ian Firns (SecurixLive) <dev@securixlive.com> 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License Version 2 as 7 ** published by the Free Software Foundation. You may not use, modify or 8 ** distribute this program under any other version of the GNU General 9 ** Public License. 10 ** 11 ** This program is distributed in the hope that it will be useful, 12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 ** GNU General Public License for more details. 15 ** 16 ** You should have received a copy of the GNU General Public License 17 ** along with this program; if not, write to the Free Software 18 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 ** 20 ** 21 */ 22 23 #ifndef __SPOOLER_H__ 24 #define __SPOOLER_H__ 25 26 #ifdef HAVE_CONFIG_H 27 #include "config.h" 28 #endif 29 30 #include <sys/types.h> 31 32 #include "plugbase.h" 33 34 #define SPOOLER_EXTENSION_FOUND 0 35 #define SPOOLER_EXTENSION_NONE 1 36 #define SPOOLER_EXTENSION_EPARAM 2 37 #define SPOOLER_EXTENSION_EOPEN 3 38 39 #define SPOOLER_STATE_OPENED 0 40 #define SPOOLER_STATE_HEADER_READ 1 41 #define SPOOLER_STATE_RECORD_READ 2 42 43 #define WALDO_STATE_ENABLED 0x01 44 #define WALDO_STATE_OPEN 0x02 45 #define WALDO_STATE_DIRTY 0x04 46 47 #define WALDO_MODE_NULL 0 48 #define WALDO_MODE_READ 1 49 #define WALDO_MODE_WRITE 2 50 51 #define WALDO_FILE_SUCCESS 0 52 #define WALDO_FILE_EEXIST 1 53 #define WALDO_FILE_EOPEN 2 54 #define WALDO_FILE_ETRUNC 3 55 #define WALDO_FILE_ECORRUPT 4 56 #define WALDO_STRUCT_EMPTY 10 57 58 59 #define MAX_FILEPATH_BUF 1024 60 61 typedef struct _Record 62 { 63 /* raw data */ 64 void *header; 65 void *data; 66 67 Packet *pkt; /* decoded packet */ 68 } Record; 69 70 typedef struct _EventRecordNode 71 { 72 uint32_t type; /* type of event stored */ 73 void *data; /* unified2 event (eg IPv4, IPV6, MPLS, etc) */ 74 uint8_t used; /* has the event be retrieved */ 75 76 struct _EventRecordNode *next; /* reference to next event record */ 77 } EventRecordNode; 78 79 typedef struct _PacketRecordNode 80 { 81 Packet *data; /* packet information */ 82 83 struct _PacketRecordNode *next; /* reference to next event record */ 84 } PacketRecordNode; 85 86 typedef struct _Spooler 87 { 88 InputFuncNode *ifn; // Processing function of input file 89 90 int fd; // file descriptor of input file 91 char filepath[MAX_FILEPATH_BUF]; // file path of input file 92 time_t timestamp; // time stamp of input file 93 uint32_t state; // current read state 94 uint32_t offset; // current file offest 95 uint32_t record_idx; // current record number 96 97 uint32_t magic; 98 void *header; // header of input file 99 100 Record record; // data of current Record 101 102 EventRecordNode *event_cache; // linked list of cached events 103 uint32_t events_cached; 104 105 PacketRecordNode *packet_cache; // linked list of concurrent packets 106 uint32_t packets_cached; 107 } Spooler; 108 109 typedef struct _WaldoData 110 { 111 char spool_dir[MAX_FILEPATH_BUF]; 112 char spool_filebase[MAX_FILEPATH_BUF]; 113 uint32_t timestamp; 114 uint32_t record_idx; 115 } WaldoData; 116 117 typedef struct _Waldo 118 { 119 int fd; // file descriptor of the waldo 120 char filepath[MAX_FILEPATH_BUF]; // filepath to the waldo 121 uint8_t mode; // read/write 122 uint8_t state; 123 124 WaldoData data; 125 } Waldo; 126 127 int ProcessContinuous(const char *, const char *, uint32_t, uint32_t); 128 int ProcessContinuousWithWaldo(struct _Waldo *); 129 int ProcessBatch(const char *, const char *); 130 int ProcessWaldoFile(const char *); 131 132 int spoolerReadWaldo(Waldo *); 133 void spoolerEventCacheFlush(Spooler *); 134 void RegisterSpooler(Spooler *); 135 void UnRegisterSpooler(Spooler *); 136 137 int spoolerCloseWaldo(Waldo *); 138 int spoolerClose(Spooler *); 139 140 #endif /* __SPOOLER_H__ */ 141 142 143