Project

General

Profile

Download (16 KB)

Bug #81 ยป 0001-Bug-81-properly-usage-of-the-logging-API-at-source-p.patch

Using logging API at source-pcap and source-pcap-file - Pablo Rincon, 02/08/2010 12:49 PM

View differences:

src/source-pcap-file.c
#include "source-pcap-file.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-error.h"
typedef struct PcapFileGlobalVars_ {
pcap_t *pcap_handle;
......
}
void PcapFileCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
//printf("PcapFileCallback: user %p, h %p, pkt %p\n", user, h, pkt);
SCEnter();
//SCLogDebug("user %p, h %p, pkt %p", user, h, pkt);
PcapFileThreadVars *ptv = (PcapFileThreadVars *)user;
//ThreadVars *tv = ptv->tv;
......
}
TmEcode ReceivePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
SCEnter();
PcapFileThreadVars *ptv = (PcapFileThreadVars *)data;
ptv->in_p = p;
......
/// Right now we just support reading packets one at a time.
int r = pcap_dispatch(pcap_g.pcap_handle, 1, (pcap_handler)PcapFileCallback, (u_char *)ptv);
if (r <= 0) {
printf("ReceivePcap: code %" PRId32 " error %s\n", r, pcap_geterr(pcap_g.pcap_handle));
SCLogError(SC_ERR_PCAP_DISPATCH, "Error dispatching pcap file or end of pcap file, code %" PRId32 " error %s", r, pcap_geterr(pcap_g.pcap_handle));
EngineStop();
return TM_ECODE_FAILED;
SCReturnInt(TM_ECODE_FAILED);
}
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCEnter();
if (initdata == NULL) {
printf("ReceivePcapFileThreadInit error: initdata == NULL\n");
return TM_ECODE_FAILED;
SCLogError(SC_INVALID_ARGUMENT, "error: initdata == NULL");
SCReturnInt(TM_ECODE_FAILED);
}
PcapFileThreadVars *ptv = malloc(sizeof(PcapFileThreadVars));
if (ptv == NULL) {
return TM_ECODE_FAILED;
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for PcapFileThreadVars");
SCReturnInt(TM_ECODE_FAILED);
}
memset(ptv, 0, sizeof(PcapFileThreadVars));
char errbuf[PCAP_ERRBUF_SIZE] = "";
pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf);
if (pcap_g.pcap_handle == NULL) {
printf("error %s\n", errbuf);
exit(1);
SCLogError(SC_ERR_PCAP_OPEN_OFFLINE, "error %s", errbuf);
exit(EXIT_FAILURE);
}
pcap_g.datalink = pcap_datalink(pcap_g.pcap_handle);
printf("TmModuleReceivePcapFileRegister: datalink %" PRId32 "\n", pcap_g.datalink);
SCLogDebug("TmModuleReceivePcapFileRegister: datalink %" PRId32, pcap_g.datalink);
switch(pcap_g.datalink) {
case LINKTYPE_LINUX_SLL:
pcap_g.Decoder = DecodeSll;
......
break;
default:
printf("Error: datalink type %" PRId32 " not yet supported in module PcapFile.\n", pcap_g.datalink);
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module PcapFile", pcap_g.datalink);
free(ptv);
return TM_ECODE_FAILED;
SCReturnInt(TM_ECODE_FAILED);
}
ptv->tv = tv;
*data = (void *)ptv;
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
void ReceivePcapFileThreadExitStats(ThreadVars *tv, void *data) {
SCEnter();
PcapFileThreadVars *ptv = (PcapFileThreadVars *)data;
printf(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".\n", tv->name, ptv->pkts, ptv->bytes);
SCLogInfo(" - (%s) Packets %" PRIu32 ", bytes %" PRIu64 ".", tv->name, ptv->pkts, ptv->bytes);
return;
}
TmEcode ReceivePcapFileThreadDeinit(ThreadVars *tv, void *data) {
return TM_ECODE_OK;
SCEnter();
SCReturnInt(TM_ECODE_OK);
}
TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
SCEnter();
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
/* update counters */
......
/* call the decoder */
pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
TmEcode DecodePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data)
{
SCEnter();
DecodeThreadVars *dtv = NULL;
if ( (dtv = malloc(sizeof(DecodeThreadVars))) == NULL) {
printf("Error Allocating memory\n");
return TM_ECODE_FAILED;
SCLogError(SC_ERR_MEM_ALLOC, "Error Allocating memory for DecodeThreadVars");
SCReturnInt(TM_ECODE_FAILED);
}
memset(dtv, 0, sizeof(DecodeThreadVars));
......
*data = (void *)dtv;
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
/* eof */
src/source-pcap.c
#include "tm-threads.h"
#include "source-pcap.h"
#include "util-debug.h"
#include "util-error.h"
/**
* \brief Structure to hold thread specific variables.
......
* \param pkt pointer to raw packet data
*/
void PcapCallback(char *user, struct pcap_pkthdr *h, u_char *pkt) {
//printf("PcapCallback: user %p, h %p, pkt %p\n", user, h, pkt);
SCLogDebug("user %p, h %p, pkt %p", user, h, pkt);
PcapThreadVars *ptv = (PcapThreadVars *)user;
ThreadVars *tv = ptv->tv;
......
p->datalink = ptv->datalink;
p->pktlen = h->caplen;
memcpy(p->pkt, pkt, p->pktlen);
//printf("PcapCallback: p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)\n", p->pktlen, *pkt, *p->pkt);
SCLogDebug("p->pktlen: %" PRIu32 " (pkt %02x, p->pkt %02x)", p->pktlen, *pkt, *p->pkt);
/* pass on... */
tv->tmqh_out(tv, p);
......
* \retval TM_ECODE_FAILED on failure and TM_ECODE_OK on success
*/
TmEcode ReceivePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
SCEnter();
PcapThreadVars *ptv = (PcapThreadVars *)data;
/// Just read one packet at a time for now.
int r = 0;
while (r == 0) {
//printf("ReceivePcap: call pcap_dispatch %" PRIu32 "\n", tv->flags);
SCLogDebug(" call pcap_dispatch %" PRIu32, tv->flags);
r = pcap_dispatch(ptv->pcap_handle, 1, (pcap_handler)PcapCallback, (u_char *)ptv);
if (r < 0) {
printf("ReceivePcap: error %s\n", pcap_geterr(ptv->pcap_handle));
SCLogError(SC_ERR_PCAP_DISPATCH, "ReceivePcap: error %s", pcap_geterr(ptv->pcap_handle));
break;
}
if (TmThreadsCheckFlag(tv, THV_KILL) || TmThreadsCheckFlag(tv, THV_PAUSE)) {
SCLogInfo("pcap packet reading interrupted");
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
}
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
/**
......
*/
#if LIBPCAP_VERSION_MAJOR == 1
TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCEnter();
if (initdata == NULL) {
printf("ReceivePcapThreadInit error: initdata == NULL\n");
return TM_ECODE_FAILED;
SCLogError(SC_INVALID_ARGUMENT, "initdata == NULL");
SCReturnInt(TM_ECODE_FAILED);
}
PcapThreadVars *ptv = malloc(sizeof(PcapThreadVars));
if (ptv == NULL) {
return TM_ECODE_FAILED;
SCLogError(SC_ERR_MEM_ALLOC, "Couldn't allocate PcapThreadVars");
SCReturnInt(TM_ECODE_FAILED);
}
memset(ptv, 0, sizeof(PcapThreadVars));
......
char errbuf[PCAP_ERRBUF_SIZE];
ptv->pcap_handle = pcap_create((char *)initdata, errbuf);
if (ptv->pcap_handle == NULL) {
printf("error %s\n", pcap_geterr(ptv->pcap_handle));
exit(1);
SCLogError(SC_ERR_PCAP_CREATE, "Coudn't create a new pcap handler, error %s", pcap_geterr(ptv->pcap_handle));
exit(EXIT_FAILURE);
}
/* set Snaplen, Promisc, and Timeout. Must be called before pcap_activate */
int pcap_set_snaplen_r = pcap_set_snaplen(ptv->pcap_handle,LIBPCAP_SNAPLEN);
//printf("ReceivePcapThreadInit: pcap_set_snaplen(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_snaplen_r);
if (pcap_set_snaplen_r != 0) {
printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
exit(1);
SCLogError(SC_ERR_PCAP_SET_SNAPLEN, "Couldn't set snaplen, error: %s", pcap_geterr(ptv->pcap_handle));
exit(EXIT_FAILURE);
}
int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle,LIBPCAP_PROMISC);
//printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r);
if (pcap_set_promisc_r != 0) {
printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
exit(1);
SCLogError(SC_ERR_PCAP_SET_PROMISC, "Couldn't set promisc mode, error %s", pcap_geterr(ptv->pcap_handle));
exit(EXIT_FAILURE);
}
int pcap_set_timeout_r = pcap_set_timeout(ptv->pcap_handle,LIBPCAP_COPYWAIT);
//printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_timeout_r);
if (pcap_set_timeout_r != 0) {
printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
exit(1);
SCLogError(SC_ERR_PCAP_SET_TIMEOUT, "Problems setting timeout, error %s", pcap_geterr(ptv->pcap_handle));
exit(EXIT_FAILURE);
}
/* activate the handle */
int pcap_activate_r = pcap_activate(ptv->pcap_handle);
//printf("ReceivePcapThreadInit: pcap_activate(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_activate_r);
if (pcap_activate_r != 0) {
printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
exit(1);
SCLogError(SC_ERR_PCAP_ACTIVATE_HANDLE, "Couldn't activate the pcap handler, error %s", pcap_geterr(ptv->pcap_handle));
exit(EXIT_FAILURE);
}
ptv->datalink = pcap_datalink(ptv->pcap_handle);
*data = (void *)ptv;
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
#else /* implied LIBPCAP_VERSION_MAJOR == 0 */
TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
SCEnter();
if (initdata == NULL) {
printf("ReceivePcapThreadInit error: initdata == NULL\n");
return TM_ECODE_FAILED;
SCLogError(SC_INVALID_ARGUMENT, "initdata == NULL");
SCReturnInt(TM_ECODE_FAILED);
}
PcapThreadVars *ptv = malloc(sizeof(PcapThreadVars));
if (ptv == NULL) {
return TM_ECODE_FAILED;
SCLogError(SC_ERR_MEM_ALLOC, "Couldn't allocate PcapThreadVars");
SCReturnInt(TM_ECODE_FAILED);
}
memset(ptv, 0, sizeof(PcapThreadVars));
......
ptv->pcap_handle = pcap_open_live((char *)initdata, LIBPCAP_SNAPLEN,
LIBPCAP_PROMISC, LIBPCAP_COPYWAIT, errbuf);
if (ptv->pcap_handle == NULL) {
printf("error %s\n", errbuf);
exit(1);
SCLogError(SC_ERR_PCAP_OPEN_LIVE, "Problem creating pcap handler for live mode, error %s", errbuf);
exit(EXIT_FAILURE);
}
ptv->datalink = pcap_datalink(ptv->pcap_handle);
*data = (void *)ptv;
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
#endif /* LIBPCAP_VERSION_MAJOR */
......
* \param data pointer that gets cast into PcapThreadVars for ptv
*/
void ReceivePcapThreadExitStats(ThreadVars *tv, void *data) {
SCEnter();
PcapThreadVars *ptv = (PcapThreadVars *)data;
SCLogInfo("(%s) Packets %" PRIu32 ", bytes %" PRIu64 "", tv->name, ptv->pkts, ptv->bytes);
......
PcapThreadVars *ptv = (PcapThreadVars *)data;
pcap_close(ptv->pcap_handle);
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
/**
......
*/
TmEcode DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
SCEnter();
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
/* update counters */
......
DecodeRaw(tv, dtv, p, p->pkt, p->pktlen, pq);
break;
default:
printf("Error: datalink type %" PRId32 " not yet supported in module DecodePcap.\n", p->datalink);
SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodePcap", p->datalink);
break;
}
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
TmEcode DecodePcapThreadInit(ThreadVars *tv, void *initdata, void **data)
{
SCEnter();
DecodeThreadVars *dtv = NULL;
if ( (dtv = malloc(sizeof(DecodeThreadVars))) == NULL) {
printf("Error Allocating memory\n");
return TM_ECODE_FAILED;
SCLogError(SC_ERR_MEM_ALLOC, "Error Allocating memory");
SCReturnInt(TM_ECODE_FAILED);
}
memset(dtv, 0, sizeof(DecodeThreadVars));
......
*data = (void *)dtv;
return TM_ECODE_OK;
SCReturnInt(TM_ECODE_OK);
}
/* eof */
src/util-error.c
CASE_CODE (SC_ERR_MEM_ALLOC);
CASE_CODE (SC_PCRE_MATCH_FAILED);
CASE_CODE (SC_PCRE_GET_SUBSTRING_FAILED);
CASE_CODE (SC_ERR_PCAP_DISPATCH);
CASE_CODE (SC_ERR_PCAP_CREATE);
CASE_CODE (SC_ERR_PCAP_SET_SNAPLEN);
CASE_CODE (SC_ERR_PCAP_SET_PROMISC);
CASE_CODE (SC_ERR_PCAP_SET_TIMEOUT);
CASE_CODE (SC_ERR_PCAP_OPEN_LIVE);
CASE_CODE (SC_ERR_PCAP_OPEN_OFFLINE);
CASE_CODE (SC_ERR_PCAP_ACTIVATE_HANDLE);
CASE_CODE (SC_ERR_DATALINK_UNIMPLEMENTED);
CASE_CODE (SC_PCRE_COMPILE_FAILED);
CASE_CODE (SC_PCRE_STUDY_FAILED);
CASE_CODE (SC_PCRE_PARSE_FAILED);
src/util-error.h
typedef enum {
SC_OK,
SC_ERR_MEM_ALLOC,
SC_ERR_PCAP_DISPATCH,
SC_ERR_PCAP_CREATE,
SC_ERR_PCAP_SET_SNAPLEN,
SC_ERR_PCAP_SET_PROMISC,
SC_ERR_PCAP_SET_TIMEOUT,
SC_ERR_PCAP_OPEN_LIVE,
SC_ERR_PCAP_OPEN_OFFLINE,
SC_ERR_PCAP_ACTIVATE_HANDLE,
SC_ERR_DATALINK_UNIMPLEMENTED,
SC_PCRE_MATCH_FAILED,
SC_PCRE_GET_SUBSTRING_FAILED,
SC_PCRE_COMPILE_FAILED,
    (1-1/1)