1
2 #include "pcap_functions.h"
3
4 /**************************************************************************
5 **SA Network Connection Profiler [sancp] - A TCP/IP statistical/collection tool
6 * ************************************************************************
7 * * Copyright (C) 2003 John Curry <john.curry@metre.net>
8 * *
9 * * This program is distributed under the terms of version 1.0 of the
10 * * Q Public License. See LICENSE.QPL for further details.
11 * *
12 * * This program is distributed in the hope that it will be useful,
13 * * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15 * *
16 * ***********************************************************************/
17
18
19 void ProcessMyPacket(char *user, struct pcap_pkthdr * pkthdr, u_char * pkt);
20
close_pcap_file(pcap_t * ph)21 void close_pcap_file(pcap_t *ph){
22 if(ph)
23 pcap_close(ph);
24 }
25
open_pcap_file(char * mbpf_filter,char * input_filename)26 pcap_t *open_pcap_file(char *mbpf_filter,char *input_filename){
27 pcap_t *ph;
28 // Read from a file
29 char errorbuf[MAX_VAR];
30
31 // Reliquish any set-uid or set-gid privileges
32 setuid(getuid());
33
34 ph = pcap_open_offline(input_filename, errorbuf);
35 if( ph == NULL )
36 {
37 fprintf(stderr,"Unable to read from file %s\n", input_filename);
38 return ph;
39 }
40 //dlt= pcap_datalink(ph);
41 //dlt_name = pcap_datalink_val_to_name(dlt);
42
43 if(mbpf_filter && apply_filter(ph,mbpf_filter,1,0)==-1)
44 {
45 fprintf(stderr,"Error with bpf filter: %s \"%s\"\n",pcap_geterr(ph),mbpf_filter);
46 }
47
48 return ph;
49 }
50
open_pcap_live(char * mbpf_filter,char * default_device)51 pcap_t *open_pcap_live(char *mbpf_filter,char *default_device){
52 // Read from an interface
53 pcap_t *ph;
54 char errorbuf[MAX_VAR];
55 int snaplen = 0xFFFF;
56 int promisc_mode_var = 1;
57 ph = pcap_open_live(default_device, snaplen,
58 promisc_mode_var ? PROMISC : 0, READ_TIMEOUT, errorbuf);
59 if( ph == NULL)
60 {
61 fprintf(stderr,"Unable to read from interface %s (%s)\n", default_device,errorbuf);
62 return ph;
63 }
64 if(mbpf_filter && apply_filter(ph,mbpf_filter,1,0)==-1)
65 {
66 fprintf(stderr,"Error with bpf filer: %s\n",pcap_geterr(ph));
67 }
68 return ph;
69 }
70
apply_filter(pcap_t * mph,char * mfilter,int optimize,bpf_u_int32 xnetmask)71 int apply_filter(pcap_t *mph, char *mfilter, int optimize, bpf_u_int32 xnetmask )
72 {
73 struct bpf_program filterprogram;
74 int result=-1;
75 bpf_u_int32 defaultnet = 0xFFFFFF00;
76 bpf_u_int32 netmask;
77
78 netmask = htonl(defaultnet);
79
80 if((result=pcap_compile(mph, &filterprogram, mfilter, optimize, netmask))<0)
81 {
82 fprintf(stderr,"OpenPcap() FSM compilation failed: \n\t%s\n PCAP command: %s\n", pcap_geterr(mph), mfilter);
83
84 }
85
86 if((pcap_setfilter(mph,&filterprogram))<0)
87 {
88 fprintf(stderr,"OpenPcap() FSM compilation failed: \n\t%s\n PCAP command: %s\n", pcap_geterr(mph), mfilter);
89
90 }
91
92 return result;
93 }
94
95
96
start_pcap_loop(pcap_t * ph)97 void start_pcap_loop(pcap_t *ph)
98 {
99 if(pcap_loop(ph, -1, (pcap_handler) ProcessMyPacket, NULL) < 0)
100 {
101 fprintf(stderr,"pcap_loop: %s\n", pcap_geterr(ph));
102 }
103 }
104
105