├── .gitignore ├── .muse ├── config └── setup.sh ├── .travis.yml ├── CHANGELOG.md ├── COPYING ├── Doxyfile ├── LICENSE ├── Makefile.am ├── Makefile.in ├── Makefile.joy ├── README.md ├── VERSION ├── aclocal.m4 ├── analysis ├── README ├── ciphersuites.txt ├── ciphersuites_classifier.txt ├── classifier.py ├── client_key_length.txt ├── data_parser.py ├── logreg_parameters.txt ├── logreg_parameters_bd.txt ├── logreg_parameters_tls.txt ├── logreg_parameters_tls_bd.txt ├── model.py ├── pull_data.py └── results_cs_tls_ext_full.txt ├── bin ├── Makefile.am └── Makefile.in ├── build_pkg ├── compact_bd.txt ├── config.sh ├── config ├── ar-lib ├── compile ├── config.guess ├── config.sub ├── depcomp ├── install-sh ├── ltmain.sh └── missing ├── configure ├── configure.ac ├── data ├── ip.txt └── ports.txt ├── doc ├── Joy-Library-User-Guide.pdf ├── joy-icon.png ├── joy.1 ├── joy.bib ├── ui_tls_fingerprinting.png ├── ui_tls_fingerprinting_main.png ├── using-joy-05.pdf ├── using-joy-05.tex ├── using-joy-fingerprinting-00.pdf ├── using-joy-fingerprinting-00.tex └── workbench.pdf ├── examples.sh ├── fingerprinting ├── fingerprint_ui.py ├── fingerprinter.py ├── gen_tls_fingerprint.py ├── requirements.txt ├── requirements_windows.txt ├── resources │ ├── contrib │ │ └── blake_vm.json │ ├── cs_mapping.json.gz │ ├── fingerprint_db.json.gz │ ├── implementation_date_cs.json.gz │ └── implementation_date_ext.json.gz ├── static │ ├── css │ │ ├── bootstrap.min.css │ │ ├── dataTables.bootstrap4.css │ │ ├── dlp_eta.css │ │ ├── dlp_eta.css~ │ │ ├── font-awesome.min.css │ │ └── sb-admin.css │ ├── fonts │ │ ├── FontAwesome.otf │ │ ├── fontawesome-webfont.eot │ │ ├── fontawesome-webfont.svg │ │ ├── fontawesome-webfont.ttf │ │ ├── fontawesome-webfont.woff │ │ └── fontawesome-webfont.woff2 │ └── js │ │ ├── Chart.min.js │ │ ├── bootstrap.bundle.min.js │ │ ├── dataTables.bootstrap4.js │ │ ├── jquery.dataTables.js │ │ ├── jquery.easing.min.js │ │ ├── jquery.min.js │ │ ├── sb-admin-charts.js │ │ ├── sb-admin-charts.min.js │ │ ├── sb-admin-datatables.js │ │ ├── sb-admin-datatables.min.js │ │ ├── sb-admin.js │ │ └── sb-admin.min.js ├── tls_constants.py ├── tls_fingerprint.py └── views │ ├── base.tpl │ ├── client_info.tpl │ ├── detailed_fp.tpl │ ├── fingerprint.tpl │ ├── index.tpl │ └── upload.tpl ├── install_joy ├── install-sh ├── joy-accounting.conf ├── joy.logrotate ├── joy.plist ├── joy.rc ├── joy.service ├── options.cfg ├── postinstall-darwin ├── postinstall-linux ├── postuninstall-linux ├── preinstall-darwin ├── preinstall-linux ├── preuninstall-linux ├── uninstall-joy-pkg └── uninstall-sh ├── internal.net ├── joy_config.h.in ├── json ├── lib ├── Makefile.am └── Makefile.in ├── m4 ├── libtool.m4 ├── ltoptions.m4 ├── ltsugar.m4 ├── ltversion.m4 └── lt~obsolete.m4 ├── resources └── tls_fingerprint.json ├── rpm └── RPM-GPG-KEY-joy ├── safe_c_stub ├── Makefile.am ├── Makefile.in ├── include │ ├── mem_primitives_lib.h │ ├── safe_lib.h │ ├── safe_lib_errno.h │ ├── safe_mem_lib.h │ └── safe_str_lib.h ├── lib │ ├── Makefile.am │ └── Makefile.in └── src │ ├── safe_mem_stub.c │ └── safe_str_stub.c ├── sleuth ├── sleuth_pkg ├── __init__.py ├── setup.py └── sleuth │ ├── __init__.py │ ├── api_joy.py │ ├── enrich_tls.py │ ├── fingerprint.py │ ├── inferences.py │ ├── res_tls_compliance.json │ ├── res_tls_fingerprints.json │ ├── res_tls_params.json │ ├── res_tls_policy.json │ └── sleuth.py ├── src ├── Makefile.joy ├── acsm.c ├── addr.c ├── addr_attr.c ├── af_packet_v3.c ├── anon.c ├── classify.c ├── config.c ├── dhcp.c ├── dhcpv6.c ├── dns.c ├── example.c ├── extractor.c ├── fingerprint.c ├── fp.c ├── getline.c ├── hdr_dsc.c ├── http.c ├── ike.c ├── include │ ├── acsm.h │ ├── addr.h │ ├── addr_attr.h │ ├── af_packet_v3.h │ ├── anon.h │ ├── classify.h │ ├── config.h │ ├── dhcp.h │ ├── dhcpv6.h │ ├── dns.h │ ├── err.h │ ├── example.h │ ├── extractor.h │ ├── feature.h │ ├── fingerprint.h │ ├── fp.h │ ├── hdr_dsc.h │ ├── http.h │ ├── ike.h │ ├── ipfix.h │ ├── joy_api.h │ ├── joy_api_private.h │ ├── map.h │ ├── modules.h │ ├── nfv9.h │ ├── osdetect.h │ ├── output.h │ ├── p2f.h │ ├── parson.h │ ├── payload.h │ ├── pkt.h │ ├── pkt_proc.h │ ├── ppi.h │ ├── procwatch.h │ ├── proto_identify.h │ ├── radix_trie.h │ ├── salt.h │ ├── ssh.h │ ├── str_match.h │ ├── tls.h │ ├── updater.h │ ├── utils.h │ └── wht.h ├── ipfix.c ├── jfd-anon.c ├── joy-anon.c ├── joy.c ├── joy_api.c ├── joy_api_test.c ├── joy_api_test2.c ├── joy_memory_profile.c ├── nfv9.c ├── obsolete │ ├── huffman.c │ └── term.c ├── osdetect.c ├── p2f.c ├── parson.c ├── payload.c ├── pkt_proc.c ├── ppi.c ├── procwatch.c ├── proto_identify.c ├── radix_trie.c ├── salt.c ├── ssh.c ├── str_match.c ├── str_match_test.c ├── tls.c ├── unit_test.c ├── updater.c ├── utils.c └── wht.c ├── test ├── README.md ├── mail-lists.csv ├── misc │ ├── dummy_cert_rsa2048.pem │ └── userid-example.txt ├── obsidianbox │ ├── __init__.py │ ├── baseline_tls │ │ ├── 008fa42d-59f9-49ad-a131-f2ba142e4a32_base-tls11.json.gz │ │ ├── 81112cf5-181d-4a92-a5e3-9963ef643998_base-tls12.json.gz │ │ └── 8a8525eb-0394-4759-a90a-51d02bc023f8_base-tls10.json.gz │ ├── test_general.py │ ├── test_ipfix.py │ ├── test_tls.py │ └── utils.py ├── pcaps │ ├── dhcp.pcap │ ├── firefox58.pcap │ ├── ikev1.pcap │ ├── ikev2.pcap │ ├── kali-normal-ssh.pcap │ ├── kali-password-attack_hydra.pcap │ ├── openssl102n.pcap │ ├── sample.pcap │ ├── sample_tls12_handshake_0.pcap │ ├── ssh-dropbear-default.pcap │ ├── ssh-gex-sha256.pcap │ ├── tls10.pcap │ ├── tls11.pcap │ └── tls12.pcap └── run_tests.py ├── win-joy ├── JoyMsi │ ├── JoyMsi.wixproj │ ├── Product.wxs │ └── icon.ico ├── schedule-task.ps1 ├── unit-test │ ├── unit-test.vcxproj │ └── unit-test.vcxproj.filters ├── win-joy.sln ├── win-joy │ ├── win-joy.vcxproj │ └── win-joy.vcxproj.filters └── win-options.cfg └── windows ├── 64 ├── DLL │ ├── getopt.dll │ ├── libcurl.dll │ ├── libeay32.dll │ ├── msvcr100.dll │ ├── msvcr120.dll │ ├── pthreadVC2.dll │ ├── ssleay32.dll │ └── vcruntime140.dll ├── Packet.lib ├── getopt.lib ├── libbz2.lib ├── libcurl.lib ├── libeay32.lib ├── pthread.lib ├── ssleay32.lib ├── wpcap.lib └── zlib.lib └── include ├── Packet32.h ├── Win32-Extensions.h ├── bittypes.h ├── bzlib.h ├── curl ├── curl.h ├── curlbuild.h ├── curlrules.h ├── curlver.h ├── easy.h ├── mprintf.h ├── multi.h ├── stdcheaders.h ├── system.h └── typecheck-gcc.h ├── dirent.h ├── getopt.h ├── ip6_misc.h ├── openssl ├── aes.h ├── applink.c ├── asn1.h ├── asn1_mac.h ├── asn1t.h ├── bio.h ├── blowfish.h ├── bn.h ├── buffer.h ├── camellia.h ├── cast.h ├── cmac.h ├── cms.h ├── comp.h ├── conf.h ├── conf_api.h ├── crypto.h ├── des.h ├── des_old.h ├── dh.h ├── dsa.h ├── dso.h ├── dtls1.h ├── e_os2.h ├── ebcdic.h ├── ec.h ├── ecdh.h ├── ecdsa.h ├── engine.h ├── err.h ├── evp.h ├── hmac.h ├── idea.h ├── krb5_asn.h ├── kssl.h ├── lhash.h ├── md4.h ├── md5.h ├── mdc2.h ├── modes.h ├── obj_mac.h ├── objects.h ├── ocsp.h ├── opensslconf.h ├── opensslv.h ├── ossl_typ.h ├── pem.h ├── pem2.h ├── pkcs12.h ├── pkcs7.h ├── pqueue.h ├── rand.h ├── rc2.h ├── rc4.h ├── ripemd.h ├── rsa.h ├── safestack.h ├── seed.h ├── sha.h ├── srp.h ├── srtp.h ├── ssl.h ├── ssl2.h ├── ssl23.h ├── ssl3.h ├── stack.h ├── symhacks.h ├── tls1.h ├── ts.h ├── txt_db.h ├── ui.h ├── ui_compat.h ├── whrlpool.h ├── x509.h ├── x509_vfy.h └── x509v3.h ├── pcap-bpf.h ├── pcap-namedb.h ├── pcap-stdinc.h ├── pcap.h ├── pcap ├── Packet32.h ├── Win32-Extensions.h ├── bittypes.h ├── bluetooth.h ├── bpf.h ├── ip6_misc.h ├── namedb.h ├── pcap-bpf.h ├── pcap-namedb.h ├── pcap-stdinc.h ├── pcap.h ├── remote-ext.h ├── sll.h ├── usb.h └── vlan.h ├── pthread ├── pthread.h ├── sched.h └── semaphore.h ├── remote-ext.h ├── unistd.h ├── win_types.h └── zlib ├── zconf.h ├── zlib.h └── zutil.h /.gitignore: -------------------------------------------------------------------------------- 1 | Makefile 2 | config.log 3 | config.status 4 | config.vars 5 | joy-*.tar 6 | aclocal.m4 7 | autom4te.cache 8 | *.o 9 | *.a 10 | *.la 11 | *.lo 12 | bin/.libs/ 13 | bin/Makefile 14 | bin/jfd-anon 15 | bin/joy 16 | bin/joy-anon 17 | bin/joy_api_test 18 | bin/joy_api_test2 19 | bin/str_match_test 20 | bin/unit_test 21 | lib/.libs/ 22 | lib/Makefile 23 | libtool 24 | joy_config.h 25 | safe_c_stub/src/.deps/ 26 | safe_c_stub/src/.dirstamp 27 | src/.deps/ 28 | src/.dirstamp 29 | stamp-h1 30 | -------------------------------------------------------------------------------- /.muse/config: -------------------------------------------------------------------------------- 1 | setup = ".muse/setup.sh" 2 | build = "make" 3 | verifiers = [ "infer" ] 4 | -------------------------------------------------------------------------------- /.muse/setup.sh: -------------------------------------------------------------------------------- 1 | if [ $(whoami) = "root" ]; then 2 | apt install -y libpcap-dev 3 | fi 4 | 5 | cd $1 ; ./configure 6 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | # Travis-CI Build for Joy 2 | 3 | language: c 4 | 5 | compiler: gcc 6 | 7 | before_install: 8 | - sudo apt-get -qq update 9 | 10 | install: 11 | - sudo apt-get install -y build-essential libssl-dev libpcap-dev libcurl4-openssl-dev 12 | 13 | script: 14 | - ./configure --enable-gzip 15 | - make clean 16 | - make 17 | - make install DESTDIR=/tmp/joyinstall prefix=/tmp/joy 18 | - make dist 19 | - bin/unit_test 20 | - test/run_tests.py 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | ACLOCAL_AMFLAGS = -I m4 2 | AUTOMAKE_OPTIONS=foreign 3 | 4 | SUBDIRS=safe_c_stub lib bin 5 | 6 | joy_api: 7 | (doxygen Doxyfile) 8 | 9 | joy_test: 10 | test/run_tests.py 11 | bin/unit_test 12 | test/run_tests.py 13 | 14 | clean_make: 15 | rm lib/Makefile 16 | rm bin/Makefile 17 | echo "You must rerun configure" 18 | 19 | install-data-hook: 20 | # mkdir -p $(DESTDIR)/etc/init.d 21 | # cp install_joy/joy.rc $(DESTDIR)/etc/init.d/joy 22 | mkdir -p $(DESTDIR)/usr/lib/systemd/system 23 | cp install_joy/joy.service $(DESTDIR)/usr/lib/systemd/system 24 | mkdir -p $(DESTDIR)/etc/systemd/system/joy.service.d 25 | cp install_joy/joy-accounting.conf $(DESTDIR)/etc/systemd/system/joy.service.d/20-accounting.conf 26 | mkdir -p $(DESTDIR)/$(prefix)/var/log 27 | mkdir -p $(DESTDIR)/$(prefix)/var/joy 28 | mkdir -p $(DESTDIR)/$(prefix)/etc/joy 29 | mkdir -p $(DESTDIR)/etc/logrotate.d 30 | cp install_joy/joy.logrotate $(DESTDIR)/etc/logrotate.d/joy 31 | chmod 644 $(DESTDIR)/etc/logrotate.d/joy 32 | mkdir -p $(DESTDIR)/$(prefix)/share/joy 33 | mkdir -p $(DESTDIR)/$(prefix)/share/man 34 | mkdir -p $(DESTDIR)/$(prefix)/share/man/man1 35 | cp doc/joy.1 $(DESTDIR)/$(prefix)/share/man/man1 36 | cp sleuth $(DESTDIR)/$(prefix)/bin 37 | cp resources/tls_fingerprint.json $(DESTDIR)/$(prefix)/etc/joy 38 | cp install_joy/options.cfg $(DESTDIR)/$(prefix)/etc/joy 39 | cp internal.net $(DESTDIR)/$(prefix)/etc/joy 40 | mkdir -p $(DESTDIR)/$(prefix)/include/joy 41 | # SLEUTHVER= grep version setup.py | awk -F\' '{print $2}' 42 | (cd sleuth_pkg && python setup.py bdist --format=gztar) 43 | # SLEUTHFILE="dist/sleuth-${SLEUTHVER}.linux-${build_cpu}.tar.gz" 44 | SLEUTHFILE="sleuth_pkg/dist/sleuth-1.0.linux-${build_cpu}.tar.gz" 45 | tar -xf $(SLEUTHFILE) -C $(DESTDIR) 46 | 47 | EXTRA_DIST=internal.net build_pkg install_joy test sleuth_pkg rpm examples.sh \ 48 | config.sh compact_bd.txt Makefile.joy sleuth Makefile.joy src/Makefile.joy doc \ 49 | resources fingerprinting VERSION 50 | 51 | 52 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 4.5.0 2 | -------------------------------------------------------------------------------- /analysis/README: -------------------------------------------------------------------------------- 1 | Learning Parameters 2 | 3 | The model.py python program will generate logistic regression parameters suitable for use in the user interface. The arguments to model.py are: 4 | 5 | -p POS_DIR, --pos_dir POS_DIR 6 | Directory of Positive Examples (JSON Format) 7 | -n NEG_DIR, --neg_dir NEG_DIR 8 | Directory of Negative Examples (JSON Format) 9 | -m, --meta Parse Metadata Information 10 | -l, --lengths Parse Packet Size Information 11 | -t, --times Parse Inter-packet Time Information 12 | -d, --dist Parse Byte Distribution Information 13 | -o OUTPUT, --output OUTPUT 14 | Output file for parameters 15 | 16 | To generate the two parameter files to be used with LAUI, we first generate the parameter file that does use the byte distribution: 17 | 18 | python model.py -m -l -t -p /var/tls_json_files/ -n /var/non_tls_json_files/ -o params.txt 19 | 20 | and then we generate the parameters that do use the byte distribution: 21 | 22 | python model.py -m -l -t -d -p /var/tls_json_files/ -n /var/non_tls_json_files/ -o params_bd.txt 23 | 24 | -------------------------------------------------------------------------------- /analysis/client_key_length.txt: -------------------------------------------------------------------------------- 1 | 520 1.0 2 | 528 0.1 3 | 776 0.9 4 | 784 0.0 5 | 1040 0.8 6 | 2064 0.4 7 | 3088 0.25 8 | 4112 0.0 9 | _ -1.0 10 | -------------------------------------------------------------------------------- /compact_bd.txt: -------------------------------------------------------------------------------- 1 | 0 0 2 | 1 12 3 | 2 11 4 | 3 11 5 | 4 12 6 | 5 12 7 | 6 12 8 | 7 2 9 | 8 11 10 | 9 2 11 | 10 1 12 | 11 12 13 | 12 12 14 | 13 1 15 | 14 13 16 | 15 12 17 | 16 12 18 | 17 13 19 | 18 12 20 | 19 12 21 | 20 2 22 | 21 11 23 | 22 12 24 | 23 12 25 | 24 12 26 | 25 2 27 | 26 12 28 | 27 12 29 | 28 2 30 | 29 12 31 | 30 12 32 | 31 2 33 | 32 3 34 | 33 12 35 | 34 11 36 | 35 12 37 | 36 12 38 | 37 13 39 | 38 12 40 | 39 12 41 | 40 11 42 | 41 11 43 | 42 2 44 | 43 11 45 | 44 7 46 | 45 3 47 | 46 11 48 | 47 0 49 | 48 0 50 | 49 4 51 | 50 4 52 | 51 11 53 | 52 0 54 | 53 7 55 | 54 2 56 | 55 2 57 | 56 7 58 | 57 0 59 | 58 11 60 | 59 12 61 | 60 13 62 | 61 7 63 | 62 12 64 | 63 10 65 | 64 2 66 | 65 0 67 | 66 12 68 | 67 4 69 | 68 2 70 | 69 0 71 | 70 12 72 | 71 11 73 | 72 11 74 | 73 2 75 | 74 2 76 | 75 7 77 | 76 11 78 | 77 0 79 | 78 11 80 | 79 11 81 | 80 2 82 | 81 12 83 | 82 11 84 | 83 11 85 | 84 5 86 | 85 10 87 | 86 2 88 | 87 12 89 | 88 12 90 | 89 10 91 | 90 12 92 | 91 12 93 | 92 12 94 | 93 10 95 | 94 12 96 | 95 10 97 | 96 12 98 | 97 3 99 | 98 7 100 | 99 1 101 | 100 5 102 | 101 6 103 | 102 2 104 | 103 11 105 | 104 7 106 | 105 7 107 | 106 11 108 | 107 12 109 | 108 7 110 | 109 0 111 | 110 11 112 | 111 4 113 | 112 0 114 | 113 10 115 | 114 4 116 | 115 7 117 | 116 4 118 | 117 0 119 | 118 7 120 | 119 11 121 | 120 11 122 | 121 11 123 | 122 11 124 | 123 13 125 | 124 12 126 | 125 12 127 | 126 2 128 | 127 12 129 | 128 12 130 | 129 12 131 | 130 2 132 | 131 10 133 | 132 12 134 | 133 12 135 | 134 12 136 | 135 12 137 | 136 12 138 | 137 10 139 | 138 12 140 | 139 2 141 | 140 12 142 | 141 12 143 | 142 13 144 | 143 12 145 | 144 12 146 | 145 13 147 | 146 9 148 | 147 9 149 | 148 12 150 | 149 13 151 | 150 10 152 | 151 10 153 | 152 12 154 | 153 13 155 | 154 12 156 | 155 12 157 | 156 12 158 | 157 12 159 | 158 13 160 | 159 9 161 | 160 12 162 | 161 12 163 | 162 7 164 | 163 12 165 | 164 12 166 | 165 12 167 | 166 12 168 | 167 13 169 | 168 11 170 | 169 12 171 | 170 13 172 | 171 9 173 | 172 12 174 | 173 12 175 | 174 9 176 | 175 9 177 | 176 12 178 | 177 12 179 | 178 11 180 | 179 13 181 | 180 12 182 | 181 9 183 | 182 11 184 | 183 13 185 | 184 7 186 | 185 10 187 | 186 10 188 | 187 2 189 | 188 12 190 | 189 12 191 | 190 10 192 | 191 13 193 | 192 12 194 | 193 9 195 | 194 7 196 | 195 13 197 | 196 13 198 | 197 9 199 | 198 9 200 | 199 9 201 | 200 13 202 | 201 8 203 | 202 11 204 | 203 8 205 | 204 11 206 | 205 13 207 | 206 10 208 | 207 11 209 | 208 9 210 | 209 2 211 | 210 2 212 | 211 10 213 | 212 13 214 | 213 2 215 | 214 11 216 | 215 2 217 | 216 13 218 | 217 9 219 | 218 13 220 | 219 12 221 | 220 12 222 | 221 10 223 | 222 13 224 | 223 13 225 | 224 10 226 | 225 12 227 | 226 9 228 | 227 10 229 | 228 2 230 | 229 2 231 | 230 13 232 | 231 9 233 | 232 13 234 | 233 8 235 | 234 9 236 | 235 9 237 | 236 10 238 | 237 10 239 | 238 2 240 | 239 11 241 | 240 10 242 | 241 13 243 | 242 10 244 | 243 12 245 | 244 10 246 | 245 10 247 | 246 2 248 | 247 13 249 | 248 11 250 | 249 12 251 | 250 12 252 | 251 13 253 | 252 2 254 | 253 2 255 | 254 14 256 | 255 15 257 | -------------------------------------------------------------------------------- /data/ip.txt: -------------------------------------------------------------------------------- 1 | 0 HOPOPT 2 | 1 ICMP 3 | 2 IGMP 4 | 3 GGP 5 | 4 IPv4 6 | 5 ST 7 | 6 TCP 8 | 7 CBT 9 | 8 EGP 10 | 9 IGP 11 | 10 BBN-RCC-MON 12 | 11 NVP-II 13 | 12 PUP 14 | 13 ARGUS 15 | 14 EMCON 16 | 15 XNET 17 | 16 CHAOS 18 | 17 UDP 19 | 18 MUX 20 | 19 DCN-MEAS 21 | 20 HMP 22 | 21 PRM 23 | 22 XNS-IDP 24 | 23 TRUNK-1 25 | 24 TRUNK-2 26 | 25 LEAF-1 27 | 26 LEAF-2 28 | 27 RDP 29 | 28 IRTP 30 | 29 ISO-TP4 31 | 30 NETBLT 32 | 31 MFE-NSP 33 | 32 MERIT-INP 34 | 33 DCCP 35 | 34 3PC 36 | 35 IDPR 37 | 36 XTP 38 | 37 DDP 39 | 38 IDPR-CMTP 40 | 39 TP++ 41 | 40 IL 42 | 41 IPv6 43 | 42 SDRP 44 | 43 IPv6-Route 45 | 44 IPv6-Frag 46 | 45 IDRP 47 | 46 RSVP 48 | 47 GRE 49 | 48 DSR 50 | 49 BNA 51 | 50 ESP 52 | 51 AH 53 | 52 I-NLSP 54 | 53 SWIPE 55 | 54 NARP 56 | 55 MOBILE 57 | 56 TLSP 58 | 57 SKIP 59 | 58 IPv6-ICMP 60 | 59 IPv6-NoNxt 61 | 60 IPv6-Opts 62 | 61 Any-host-internal-protocol 63 | 62 CFTP 64 | 63 Any-local-network 65 | 64 SAT-EXPAK 66 | 65 KRYPTOLAN 67 | 66 RVD 68 | 67 IPPC 69 | 68 Any-distributed-file-system 70 | 69 SAT-MON 71 | 70 VISA 72 | 71 IPCV 73 | 72 CPNX 74 | 73 CPHB 75 | 74 WSN 76 | 75 PVP 77 | 76 BR-SAT-MON 78 | 77 SUN-ND 79 | 78 WB-MON 80 | 79 WB-EXPAK 81 | 80 ISO-IP 82 | 81 VMTP 83 | 82 SECURE-VMTP 84 | 83 VINES 85 | 84 TTP 86 | 84 IPTM 87 | 85 NSFNET-IGP 88 | 86 DGP 89 | 87 TCF 90 | 88 EIGRP 91 | 89 OSPFIGP 92 | 90 Sprite-RPC 93 | 91 LARP 94 | 92 MTP 95 | 93 AX.25 96 | 94 IPIP 97 | 95 MICP 98 | 96 SCC-SP 99 | 97 ETHERIP 100 | 98 ENCAP 101 | 99 Any-private-encryption-scheme 102 | 100 GMTP 103 | 101 IFMP 104 | 102 PNNI 105 | 103 PIM 106 | 104 ARIS 107 | 105 SCPS 108 | 106 QNX 109 | 107 A/N 110 | 108 IPComp 111 | 109 SNP 112 | 110 Compaq-Peer 113 | 111 IPX-in-IP 114 | 112 VRRP 115 | 113 PGM 116 | 114 Any-0-hop-protocol 117 | 115 L2TP 118 | 116 DDX 119 | 117 IATP 120 | 118 STP 121 | 119 SRP 122 | 120 UTI 123 | 121 SMP 124 | 122 SM 125 | 123 PTP 126 | 124 ISIS-over-IPv4 127 | 125 FIRE 128 | 126 CRTP 129 | 127 CRUDP 130 | 128 SSCOPMCE 131 | 129 IPLT 132 | 130 SPS 133 | 131 PIPE 134 | 132 SCTP 135 | 133 FC 136 | 134 RSVP-E2E-IGNORE 137 | 135 Mobility-Header 138 | 136 UDPLite 139 | 137 MPLS-in-IP 140 | 138 manet 141 | 139 HIP 142 | 140 Shim6 143 | 141 WESP 144 | 142 ROHC 145 | 253 Experimentation 146 | 254 Experimentation 147 | 255 Reserved 148 | -------------------------------------------------------------------------------- /doc/Joy-Library-User-Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/Joy-Library-User-Guide.pdf -------------------------------------------------------------------------------- /doc/joy-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/joy-icon.png -------------------------------------------------------------------------------- /doc/ui_tls_fingerprinting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/ui_tls_fingerprinting.png -------------------------------------------------------------------------------- /doc/ui_tls_fingerprinting_main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/ui_tls_fingerprinting_main.png -------------------------------------------------------------------------------- /doc/using-joy-05.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/using-joy-05.pdf -------------------------------------------------------------------------------- /doc/using-joy-fingerprinting-00.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/using-joy-fingerprinting-00.pdf -------------------------------------------------------------------------------- /doc/workbench.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/doc/workbench.pdf -------------------------------------------------------------------------------- /fingerprinting/fingerprint_ui.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | """ 4 | fingerprint_ui provides a bottle-based web UI to visualize TLS fingerprinting. 5 | 6 | * 7 | * Copyright (c) 2019 Cisco Systems, Inc. 8 | * All rights reserved. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 14 | * Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 17 | * Redistributions in binary form must reproduce the above 18 | * copyright notice, this list of conditions and the following 19 | * disclaimer in the documentation and/or other materials provided 20 | * with the distribution. 21 | * 22 | * Neither the name of the Cisco Systems, Inc. nor the names of its 23 | * contributors may be used to endorse or promote products derived 24 | * from this software without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 27 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 28 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 29 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 30 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 31 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 32 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 33 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 35 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 37 | * OF THE POSSIBILITY OF SUCH DAMAGE. 38 | * 39 | """ 40 | 41 | import os 42 | import tempfile 43 | from sys import path 44 | 45 | from bottle import route, run, template, static_file, view, request 46 | 47 | path.append('../') 48 | from fingerprinter import * 49 | 50 | 51 | path_ = os.path.abspath(__file__) 52 | dir_path = os.path.dirname(path_) 53 | 54 | 55 | fingerprinter = Fingerprinter('resources/fingerprint_db.json.gz') 56 | 57 | @route('/') 58 | @route('/index') 59 | def index(): 60 | return template('index') 61 | 62 | @route('/upload') 63 | @view('upload') 64 | def upload(): 65 | return 66 | 67 | fps_ = [] 68 | @route('/fingerprint') 69 | @route('/fingerprint/',method='POST') 70 | def fingerprint(pcap_file=None): 71 | global fps_ 72 | dir_name = None 73 | 74 | if pcap_file == 'upload' and request.files.get('upload') != None: 75 | upload = request.files.get('upload') 76 | dir_name = tempfile.mkdtemp() 77 | upload.save(dir_name + 'temp.pcap') 78 | 79 | fps_ = fingerprinter.extract_fingerprints([dir_name + 'temp.pcap'], detailed=True) 80 | 81 | # clean up temporary directories 82 | if dir_name != None and os.path.isdir(dir_name): 83 | os.removedirs(dir_name) 84 | 85 | return template('fingerprint', fps=fps_) 86 | 87 | 88 | @route('/detailed_fp/') 89 | def detailed_fp(idx=None): 90 | global fps_ 91 | 92 | if int(idx) < len(fps_): 93 | return template('detailed_fp', fp_=fps_[int(idx)]) 94 | 95 | 96 | @route('/client_info/') 97 | def client_info(client_ip): 98 | global fps_ 99 | 100 | return template('client_info', client_info=fingerprinter.get_client_info(client_ip, fps_)) 101 | 102 | 103 | @route('/static/') 104 | def send_static(filename): 105 | return static_file(filename, root=dir_path+'/static/') 106 | 107 | run(host='localhost', port=8080) 108 | -------------------------------------------------------------------------------- /fingerprinting/requirements.txt: -------------------------------------------------------------------------------- 1 | bottle 2 | dpkt 3 | pypcap 4 | numpy -------------------------------------------------------------------------------- /fingerprinting/requirements_windows.txt: -------------------------------------------------------------------------------- 1 | win_inet_pton -------------------------------------------------------------------------------- /fingerprinting/resources/cs_mapping.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/resources/cs_mapping.json.gz -------------------------------------------------------------------------------- /fingerprinting/resources/fingerprint_db.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/resources/fingerprint_db.json.gz -------------------------------------------------------------------------------- /fingerprinting/resources/implementation_date_cs.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/resources/implementation_date_cs.json.gz -------------------------------------------------------------------------------- /fingerprinting/resources/implementation_date_ext.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/resources/implementation_date_ext.json.gz -------------------------------------------------------------------------------- /fingerprinting/static/css/dlp_eta.css: -------------------------------------------------------------------------------- 1 | table.inferred_contents { 2 | border-collapse: collapse; 3 | } 4 | 5 | table.inferred_contents th, table.inferred_contents td { 6 | border: 1px solid black; 7 | padding: 2px 5px 2px 5px; 8 | } 9 | 10 | table.inferred_contents td { 11 | font-family: Monospace; 12 | font-weight: bold; 13 | font-size: 12px; 14 | color: black; 15 | } 16 | 17 | 18 | table.alarm_metadata { 19 | margin-top: 20px; 20 | } 21 | 22 | table.alarm_metadata tr:nth-child(even) { 23 | background-color: #f2f2f2; 24 | } 25 | 26 | table.alarm_metadata td:not(:first-child) { 27 | // width: 60%; 28 | } 29 | 30 | table.alarm_metadata td { 31 | padding: 2px 25px 1px 5px; 32 | } 33 | 34 | table.alarm_metadata th { 35 | text-align: center; 36 | padding: 3px 3px 3px 3px; 37 | background-color: hsl(240, 100%, 68%); 38 | color: white; 39 | font-family: Helvetica; 40 | } 41 | 42 | table.alarm_metadata td { 43 | font-family: Monospace; 44 | font-weight: 550; 45 | color: #333; 46 | } 47 | 48 | 49 | #left_table, #middle_table, #right_table { 50 | width: 32.3%; 51 | margin: 5px; 52 | float: left; 53 | } 54 | 55 | 56 | .flow_viz { 57 | position: relative; 58 | } 59 | 60 | .flow_svg { 61 | display: block; 62 | margin: 0 auto; 63 | } 64 | 65 | .alarm_tables { 66 | position: relative; 67 | display: block; 68 | margin: 0 auto; 69 | } 70 | 71 | .box { 72 | margin-top:25px; 73 | width: 25%; 74 | height: 24px; 75 | text-align: center; 76 | color: black; 77 | font-family: Monospace; 78 | font-size: 16px; 79 | font-weight: bold; 80 | } 81 | 82 | .headers { 83 | float: left; 84 | margin-left:12%; 85 | // margin-left:6.25%; 86 | background: MediumSeaGreen; 87 | } 88 | 89 | .benign { 90 | float: left; 91 | margin-left:.5%; 92 | // margin-left:6.25%; 93 | background: DodgerBlue; 94 | } 95 | 96 | .sensitive { 97 | float: left; 98 | margin-left:.5%; 99 | // margin-left:6.25%; 100 | background: tomato; 101 | } 102 | 103 | -------------------------------------------------------------------------------- /fingerprinting/static/css/dlp_eta.css~: -------------------------------------------------------------------------------- 1 | table.contents { 2 | border-collapse: collapse; 3 | } 4 | 5 | table.contents, th.contents, td.contents { 6 | border: 1px solid black; 7 | } 8 | -------------------------------------------------------------------------------- /fingerprinting/static/fonts/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/static/fonts/FontAwesome.otf -------------------------------------------------------------------------------- /fingerprinting/static/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/static/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /fingerprinting/static/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/static/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /fingerprinting/static/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/static/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /fingerprinting/static/fonts/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/fingerprinting/static/fonts/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /fingerprinting/static/js/jquery.easing.min.js: -------------------------------------------------------------------------------- 1 | (function(factory){if(typeof define==="function"&&define.amd){define(["jquery"],function($){return factory($)})}else if(typeof module==="object"&&typeof module.exports==="object"){exports=factory(require("jquery"))}else{factory(jQuery)}})(function($){$.easing.jswing=$.easing.swing;var pow=Math.pow,sqrt=Math.sqrt,sin=Math.sin,cos=Math.cos,PI=Math.PI,c1=1.70158,c2=c1*1.525,c3=c1+1,c4=2*PI/3,c5=2*PI/4.5;function bounceOut(x){var n1=7.5625,d1=2.75;if(x<1/d1){return n1*x*x}else if(x<2/d1){return n1*(x-=1.5/d1)*x+.75}else if(x<2.5/d1){return n1*(x-=2.25/d1)*x+.9375}else{return n1*(x-=2.625/d1)*x+.984375}}$.extend($.easing,{def:"easeOutQuad",swing:function(x){return $.easing[$.easing.def](x)},easeInQuad:function(x){return x*x},easeOutQuad:function(x){return 1-(1-x)*(1-x)},easeInOutQuad:function(x){return x<.5?2*x*x:1-pow(-2*x+2,2)/2},easeInCubic:function(x){return x*x*x},easeOutCubic:function(x){return 1-pow(1-x,3)},easeInOutCubic:function(x){return x<.5?4*x*x*x:1-pow(-2*x+2,3)/2},easeInQuart:function(x){return x*x*x*x},easeOutQuart:function(x){return 1-pow(1-x,4)},easeInOutQuart:function(x){return x<.5?8*x*x*x*x:1-pow(-2*x+2,4)/2},easeInQuint:function(x){return x*x*x*x*x},easeOutQuint:function(x){return 1-pow(1-x,5)},easeInOutQuint:function(x){return x<.5?16*x*x*x*x*x:1-pow(-2*x+2,5)/2},easeInSine:function(x){return 1-cos(x*PI/2)},easeOutSine:function(x){return sin(x*PI/2)},easeInOutSine:function(x){return-(cos(PI*x)-1)/2},easeInExpo:function(x){return x===0?0:pow(2,10*x-10)},easeOutExpo:function(x){return x===1?1:1-pow(2,-10*x)},easeInOutExpo:function(x){return x===0?0:x===1?1:x<.5?pow(2,20*x-10)/2:(2-pow(2,-20*x+10))/2},easeInCirc:function(x){return 1-sqrt(1-pow(x,2))},easeOutCirc:function(x){return sqrt(1-pow(x-1,2))},easeInOutCirc:function(x){return x<.5?(1-sqrt(1-pow(2*x,2)))/2:(sqrt(1-pow(-2*x+2,2))+1)/2},easeInElastic:function(x){return x===0?0:x===1?1:-pow(2,10*x-10)*sin((x*10-10.75)*c4)},easeOutElastic:function(x){return x===0?0:x===1?1:pow(2,-10*x)*sin((x*10-.75)*c4)+1},easeInOutElastic:function(x){return x===0?0:x===1?1:x<.5?-(pow(2,20*x-10)*sin((20*x-11.125)*c5))/2:pow(2,-20*x+10)*sin((20*x-11.125)*c5)/2+1},easeInBack:function(x){return c3*x*x*x-c1*x*x},easeOutBack:function(x){return 1+c3*pow(x-1,3)+c1*pow(x-1,2)},easeInOutBack:function(x){return x<.5?pow(2*x,2)*((c2+1)*2*x-c2)/2:(pow(2*x-2,2)*((c2+1)*(x*2-2)+c2)+2)/2},easeInBounce:function(x){return 1-bounceOut(1-x)},easeOutBounce:bounceOut,easeInOutBounce:function(x){return x<.5?(1-bounceOut(1-2*x))/2:(1+bounceOut(2*x-1))/2}})}); -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin-charts.js: -------------------------------------------------------------------------------- 1 | // Chart.js scripts 2 | // -- Set new default font family and font color to mimic Bootstrap's default styling 3 | Chart.defaults.global.defaultFontFamily = '-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif'; 4 | Chart.defaults.global.defaultFontColor = '#292b2c'; 5 | // -- Area Chart Example 6 | var ctx = document.getElementById("myAreaChart"); 7 | var myLineChart = new Chart(ctx, { 8 | type: 'line', 9 | data: { 10 | labels: ["Mar 1", "Mar 2", "Mar 3", "Mar 4", "Mar 5", "Mar 6", "Mar 7", "Mar 8", "Mar 9", "Mar 10", "Mar 11", "Mar 12", "Mar 13"], 11 | datasets: [{ 12 | label: "Sessions", 13 | lineTension: 0.3, 14 | backgroundColor: "rgba(2,117,216,0.2)", 15 | borderColor: "rgba(2,117,216,1)", 16 | pointRadius: 5, 17 | pointBackgroundColor: "rgba(2,117,216,1)", 18 | pointBorderColor: "rgba(255,255,255,0.8)", 19 | pointHoverRadius: 5, 20 | pointHoverBackgroundColor: "rgba(2,117,216,1)", 21 | pointHitRadius: 20, 22 | pointBorderWidth: 2, 23 | data: [10000, 30162, 26263, 18394, 18287, 28682, 31274, 33259, 25849, 24159, 32651, 31984, 38451], 24 | }], 25 | }, 26 | options: { 27 | scales: { 28 | xAxes: [{ 29 | time: { 30 | unit: 'date' 31 | }, 32 | gridLines: { 33 | display: false 34 | }, 35 | ticks: { 36 | maxTicksLimit: 7 37 | } 38 | }], 39 | yAxes: [{ 40 | ticks: { 41 | min: 0, 42 | max: 40000, 43 | maxTicksLimit: 5 44 | }, 45 | gridLines: { 46 | color: "rgba(0, 0, 0, .125)", 47 | } 48 | }], 49 | }, 50 | legend: { 51 | display: false 52 | } 53 | } 54 | }); 55 | // -- Bar Chart Example 56 | var ctx = document.getElementById("myBarChart"); 57 | var myLineChart = new Chart(ctx, { 58 | type: 'bar', 59 | data: { 60 | labels: ["January", "February", "March", "April", "May", "June"], 61 | datasets: [{ 62 | label: "Revenue", 63 | backgroundColor: "rgba(2,117,216,1)", 64 | borderColor: "rgba(2,117,216,1)", 65 | data: [4215, 5312, 6251, 7841, 9821, 14984], 66 | }], 67 | }, 68 | options: { 69 | scales: { 70 | xAxes: [{ 71 | time: { 72 | unit: 'month' 73 | }, 74 | gridLines: { 75 | display: false 76 | }, 77 | ticks: { 78 | maxTicksLimit: 6 79 | } 80 | }], 81 | yAxes: [{ 82 | ticks: { 83 | min: 0, 84 | max: 15000, 85 | maxTicksLimit: 5 86 | }, 87 | gridLines: { 88 | display: true 89 | } 90 | }], 91 | }, 92 | legend: { 93 | display: false 94 | } 95 | } 96 | }); 97 | // -- Pie Chart Example 98 | var ctx = document.getElementById("myPieChart"); 99 | var myPieChart = new Chart(ctx, { 100 | type: 'pie', 101 | data: { 102 | labels: ["Blue", "Red", "Yellow", "Green"], 103 | datasets: [{ 104 | data: [12.21, 15.58, 11.25, 8.32], 105 | backgroundColor: ['#007bff', '#dc3545', '#ffc107', '#28a745'], 106 | }], 107 | }, 108 | }); 109 | -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin-charts.min.js: -------------------------------------------------------------------------------- 1 | Chart.defaults.global.defaultFontFamily='-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif',Chart.defaults.global.defaultFontColor="#292b2c";var ctx=document.getElementById("myAreaChart"),myLineChart=new Chart(ctx,{type:"line",data:{labels:["Mar 1","Mar 2","Mar 3","Mar 4","Mar 5","Mar 6","Mar 7","Mar 8","Mar 9","Mar 10","Mar 11","Mar 12","Mar 13"],datasets:[{label:"Sessions",lineTension:.3,backgroundColor:"rgba(2,117,216,0.2)",borderColor:"rgba(2,117,216,1)",pointRadius:5,pointBackgroundColor:"rgba(2,117,216,1)",pointBorderColor:"rgba(255,255,255,0.8)",pointHoverRadius:5,pointHoverBackgroundColor:"rgba(2,117,216,1)",pointHitRadius:20,pointBorderWidth:2,data:[1e4,30162,26263,18394,18287,28682,31274,33259,25849,24159,32651,31984,38451]}]},options:{scales:{xAxes:[{time:{unit:"date"},gridLines:{display:!1},ticks:{maxTicksLimit:7}}],yAxes:[{ticks:{min:0,max:4e4,maxTicksLimit:5},gridLines:{color:"rgba(0, 0, 0, .125)"}}]},legend:{display:!1}}}),ctx=document.getElementById("myBarChart"),myLineChart=new Chart(ctx,{type:"bar",data:{labels:["January","February","March","April","May","June"],datasets:[{label:"Revenue",backgroundColor:"rgba(2,117,216,1)",borderColor:"rgba(2,117,216,1)",data:[4215,5312,6251,7841,9821,14984]}]},options:{scales:{xAxes:[{time:{unit:"month"},gridLines:{display:!1},ticks:{maxTicksLimit:6}}],yAxes:[{ticks:{min:0,max:15e3,maxTicksLimit:5},gridLines:{display:!0}}]},legend:{display:!1}}}),ctx=document.getElementById("myPieChart"),myPieChart=new Chart(ctx,{type:"pie",data:{labels:["Blue","Red","Yellow","Green"],datasets:[{data:[12.21,15.58,11.25,8.32],backgroundColor:["#007bff","#dc3545","#ffc107","#28a745"]}]}}); -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin-datatables.js: -------------------------------------------------------------------------------- 1 | // Call the dataTables jQuery plugin 2 | $(document).ready(function() { 3 | $('#dataTable').DataTable(); 4 | }); 5 | -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin-datatables.min.js: -------------------------------------------------------------------------------- 1 | $(document).ready(function(){$("#dataTable").DataTable()}); -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin.js: -------------------------------------------------------------------------------- 1 | (function($) { 2 | "use strict"; // Start of use strict 3 | // Configure tooltips for collapsed side navigation 4 | $('.navbar-sidenav [data-toggle="tooltip"]').tooltip({ 5 | template: '' 6 | }) 7 | // Toggle the side navigation 8 | $("#sidenavToggler").click(function(e) { 9 | e.preventDefault(); 10 | $("body").toggleClass("sidenav-toggled"); 11 | $(".navbar-sidenav .nav-link-collapse").addClass("collapsed"); 12 | $(".navbar-sidenav .sidenav-second-level, .navbar-sidenav .sidenav-third-level").removeClass("show"); 13 | }); 14 | // Force the toggled class to be removed when a collapsible nav link is clicked 15 | $(".navbar-sidenav .nav-link-collapse").click(function(e) { 16 | e.preventDefault(); 17 | $("body").removeClass("sidenav-toggled"); 18 | }); 19 | // Prevent the content wrapper from scrolling when the fixed side navigation hovered over 20 | $('body.fixed-nav .navbar-sidenav, body.fixed-nav .sidenav-toggler, body.fixed-nav .navbar-collapse').on('mousewheel DOMMouseScroll', function(e) { 21 | var e0 = e.originalEvent, 22 | delta = e0.wheelDelta || -e0.detail; 23 | this.scrollTop += (delta < 0 ? 1 : -1) * 30; 24 | e.preventDefault(); 25 | }); 26 | // Scroll to top button appear 27 | $(document).scroll(function() { 28 | var scrollDistance = $(this).scrollTop(); 29 | if (scrollDistance > 100) { 30 | $('.scroll-to-top').fadeIn(); 31 | } else { 32 | $('.scroll-to-top').fadeOut(); 33 | } 34 | }); 35 | // Configure tooltips globally 36 | $('[data-toggle="tooltip"]').tooltip() 37 | // Smooth scrolling using jQuery easing 38 | $(document).on('click', 'a.scroll-to-top', function(event) { 39 | var $anchor = $(this); 40 | $('html, body').stop().animate({ 41 | scrollTop: ($($anchor.attr('href')).offset().top) 42 | }, 1000, 'easeInOutExpo'); 43 | event.preventDefault(); 44 | }); 45 | })(jQuery); // End of use strict 46 | -------------------------------------------------------------------------------- /fingerprinting/static/js/sb-admin.min.js: -------------------------------------------------------------------------------- 1 | !function(e){"use strict";e('.navbar-sidenav [data-toggle="tooltip"]').tooltip({template:''}),e("#sidenavToggler").click(function(o){o.preventDefault(),e("body").toggleClass("sidenav-toggled"),e(".navbar-sidenav .nav-link-collapse").addClass("collapsed"),e(".navbar-sidenav .sidenav-second-level, .navbar-sidenav .sidenav-third-level").removeClass("show")}),e(".navbar-sidenav .nav-link-collapse").click(function(o){o.preventDefault(),e("body").removeClass("sidenav-toggled")}),e("body.fixed-nav .navbar-sidenav, body.fixed-nav .sidenav-toggler, body.fixed-nav .navbar-collapse").on("mousewheel DOMMouseScroll",function(e){var o=e.originalEvent,t=o.wheelDelta||-o.detail;this.scrollTop+=30*(t<0?1:-1),e.preventDefault()}),e(document).scroll(function(){e(this).scrollTop()>100?e(".scroll-to-top").fadeIn():e(".scroll-to-top").fadeOut()}),e('[data-toggle="tooltip"]').tooltip(),e(document).on("click","a.scroll-to-top",function(o){var t=e(this);e("html, body").stop().animate({scrollTop:e(t.attr("href")).offset().top},1e3,"easeInOutExpo"),o.preventDefault()})}(jQuery); -------------------------------------------------------------------------------- /fingerprinting/views/client_info.tpl: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 |
13 | 14 | 15 |
16 | 17 | 18 |
19 |
Application Inventory
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | % for i in range(len(client_info)): 31 | 32 | 33 | 34 | 35 | 36 | 37 | % end 38 | 39 |
PrevalenceProcess NameApplication CategorySHA-256
{{client_info[i][0]}}{{client_info[i][1]}}{{client_info[i][2]}}{{client_info[i][3]}}
40 | 41 |
42 | 43 | 44 |
45 | 46 |
47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /fingerprinting/views/fingerprint.tpl: -------------------------------------------------------------------------------- 1 | 2 | % rebase('base.tpl', title='Fingerprinting Results') 3 | 4 | 5 | 6 | 7 | 8 | 14 | 15 | 16 | 25 | 26 |
    27 |
  1. 28 | Dashboard 29 |
    2. 30 |
  2. Fingerprinting Results
    3. 31 |
32 | 33 | 34 |
35 |
36 | TLS Connections
37 |
38 |
39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | % for i in range(len(fps)): 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | % if 'os_info' in fps[i]['fingerprint']: 65 | 66 | % else: 67 | 68 | % end 69 | 70 | 71 | 72 | % end 73 | 74 |
TimestampClient IPClient PortServer IPServer PortProtocolProbable ApplicationProbable OSMin Implementation DateMax Implementation Date
{{str(fps[i]['timestamp'])[:-4]}}{{fps[i]['source_addr']}}{{fps[i]['source_port']}}{{fps[i]['dest_addr']}}{{fps[i]['dest_port']}}{{fps[i]['protocol']}}{{fps[i]['fingerprint']['process_info'][0]['process']}}{{fps[i]['fingerprint']['os_info'][0]['os'] + ' (' + fps[i]['fingerprint']['os_info'][0]['os_version'] + ')'}}Unknown{{fps[i]['fingerprint']['min_implementation_date']}}{{fps[i]['fingerprint']['max_implementation_date']}}
75 |
76 |
77 |
Updated yesterday at 11:59 PM
78 |
79 | 80 | 81 | 87 | -------------------------------------------------------------------------------- /fingerprinting/views/index.tpl: -------------------------------------------------------------------------------- 1 | 2 | % rebase('base.tpl', title='TLS Client Fingerprinting') 3 | 4 |
    5 |
  1. 6 | Dashboard 7 |
    2. 8 |
  2. My Dashboard
    3. 9 |
10 | 11 | -------------------------------------------------------------------------------- /fingerprinting/views/upload.tpl: -------------------------------------------------------------------------------- 1 | 2 | % rebase('base.tpl', title='Upload File') 3 | 4 |
    5 |
  1. 6 | Dashboard 7 |
    2. 8 |
  2. Upload File
    3. 9 |
10 | 11 | % rebase('base.tpl', title='Page Title') 12 | 13 | 37 | 38 | 39 | 40 | 62 | 63 | 64 |
65 |
66 |

Select PCAP file:

67 |
68 | 69 | 70 | Browse …   71 | 72 | 73 | 74 |
75 | 76 |
77 |
78 | 79 | -------------------------------------------------------------------------------- /install_joy/joy-accounting.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | MemoryAccounting=true 3 | CPUAccounting=true 4 | -------------------------------------------------------------------------------- /install_joy/joy.logrotate: -------------------------------------------------------------------------------- 1 | /usr/local/var/log/joy.log { 2 | daily 3 | rotate 14 4 | compress 5 | delaycompress 6 | missingok 7 | notifempty 8 | sharedscripts 9 | su joy joy 10 | postrotate 11 | systemctl reload joy.service >/dev/null 2>&1 || true 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /install_joy/joy.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Label 6 | com.cisco.joy 7 | ProgramArguments 8 | 9 | /usr/local/bin/joy 10 | -x 11 | /usr/local/etc/joy/options.cfg 12 | 13 | KeepAlive 14 | 15 | StandardOutPath 16 | /var/log/joy.log 17 | StandardErrorPath 18 | /var/log/joy_err.log 19 | HardResourceLimits 20 | 21 | Core 22 | 4294967296 23 | ResidentSetSize 24 | 4294967296 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /install_joy/joy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Advanced network flow data capture 3 | Documentation=man:joy(1) 4 | After=network.target 5 | 6 | [Service] 7 | Environment=CONFIGFILE=/usr/local/etc/joy/options.cfg 8 | ExecStart=/usr/local/bin/joy -x ${CONFIGFILE} 9 | ExecReload=/bin/kill -HUP $MAINPID 10 | KillMode=process 11 | Restart=on-failure 12 | RestartSec=60s 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /install_joy/postinstall-darwin: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Launch agent location 4 | LAUNCH_AGENT_SRC="/usr/local/etc/joy/joy.plist" 5 | LAUNCH_AGENT_DEST="/Library/LaunchAgents/com.cisco.joy.plist" 6 | LOGFILE="/usr/local/var/log/joy-postinstall.log" 7 | exec >> $LOGFILE 2>&1 8 | date 9 | 10 | # Uninstall old launch agent 11 | launchctl unload "$LAUNCH_AGENT_DEST" || true 12 | rm -f "$LAUNCH_AGENT_DEST" || true 13 | 14 | # Change ownership on joy data files 15 | chown -R joy:joy /usr/local/var/log 16 | chown -R joy:joy /usr/local/var/joy 17 | 18 | # Restore key configuration files 19 | for file in /usr/local/etc/joy/upload-key /usr/local/etc/joy/upload-key.pub \ 20 | /usr/local/etc/joy/options.cfg /usr/local/etc/joy/internal.net; do 21 | if [ -f ${file}.previous-install ]; then 22 | echo "Restoring ${file}.previous-install to $file" 23 | mv -f ${file}.previous-install $file 24 | else 25 | echo "Unable to find $file for backup" 26 | fi 27 | done 28 | 29 | if [ ! -f /usr/local/etc/joy/upload-key ]; then 30 | echo "Generating new upload-key" 31 | ssh-keygen -f /usr/local/etc/joy/upload-key -P "" -t rsa -b 2048 || true 32 | fi 33 | 34 | # Install launch agent 35 | cp "$LAUNCH_AGENT_SRC" "$LAUNCH_AGENT_DEST" || true 36 | launchctl load "$LAUNCH_AGENT_DEST" || true 37 | 38 | exit 0 39 | -------------------------------------------------------------------------------- /install_joy/postinstall-linux: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Determine OS release 4 | OSREL=`lsb_release -is 2>/dev/null` 5 | 6 | # On initial install, enable joy service 7 | # 8 | if [ "$OSREL" == "CentOS" -o "$OSREL" == "RedHatEnterpriseServer" ]; then 9 | # Initial RPM installation 10 | if [ $1 -eq 1 ] ; then 11 | if [ -f /usr/lib/systemd/system/joy.service ]; then 12 | systemctl enable joy.service >/dev/null 2>&1 || : 13 | elif [ -f /etc/init.d/joy -a -f /usr/sbin/chkconfig ]; then 14 | chkconfig --add joy 2>&1 || : 15 | fi 16 | # Upgrade 17 | else 18 | if [ -f /usr/lib/systemd/system/joy.service ]; then 19 | systemctl daemon-reload 20 | systemctl try-restart joy.service >/dev/null 2>&1 || : 21 | elif [ -f /etc/init.d/joy -a -f /usr/sbin/chkconfig ]; then 22 | service joy condrestart >/dev/null 2>&1 || : 23 | fi 24 | # Change owner from root.root to joy.joy 25 | chown -R joy.joy /usr/local/var/joy /usr/local/var/log || : 26 | fi 27 | elif [ "$OSREL" == "Ubuntu" -o "$OSREL" == "Debian" ]; then 28 | # Initial deb installation 29 | if [ -z $2 ]; then 30 | if [ -f /usr/lib/systemd/system/joy.service ]; then 31 | systemctl enable joy.service >/dev/null 2>&1 || : 32 | elif [ -f /etc/init.d/joy -a -f /usr/sbin/chkconfig ]; then 33 | chkconfig --add joy >/dev/null 2>&1 || : 34 | elif [ -x /usr/sbin/update-rc.d ]; then 35 | update-rc.d joy defaults >/dev/null 2>&1 || : 36 | fi 37 | chown joy.joy /usr/local/var/joy /usr/local/var/log || : 38 | # Upgrade 39 | else 40 | if [ -f /usr/lib/systemd/system/joy.service ]; then 41 | systemctl daemon-reload 42 | systemctl try-restart joy.service >/dev/null 2>&1 || : 43 | elif [ -f /etc/init.d/joy ]; then 44 | service joy condrestart >/dev/null 2>&1 || : 45 | fi 46 | # Change owner from root.root to joy.joy 47 | chown -R joy.joy /usr/local/var/joy /usr/local/var/log || : 48 | fi 49 | fi 50 | 51 | # Generate SSH upload key 52 | if [ ! -f /usr/local/etc/joy/upload-key ]; then 53 | ssh-keygen -f /usr/local/etc/joy/upload-key -P "" -t rsa -b 2048 54 | fi 55 | ldconfig 56 | -------------------------------------------------------------------------------- /install_joy/postuninstall-linux: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ldconfig 3 | -------------------------------------------------------------------------------- /install_joy/preinstall-linux: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Determine OS release 4 | OSREL=`lsb_release -is 2>/dev/null` 5 | 6 | # On first install, add joy user and group 7 | # 8 | if [ "$OSREL" == "CentOS" -o "$OSREL" == "RedHatEnterpriseServer" ]; then 9 | /usr/sbin/groupadd -r joy 2> /dev/null || : 10 | /usr/sbin/useradd -g joy -s /sbin/nologin -M -r -d / joy 2> /dev/null || : 11 | elif [ "$OSREL" == "Ubuntu" -o "$OSREL" == "Debian" ]; then 12 | /usr/sbin/groupadd -r joy 2> /dev/null || : 13 | /usr/sbin/useradd -g joy -s /sbin/nologin -M -r -d / joy 2> /dev/null || : 14 | fi 15 | -------------------------------------------------------------------------------- /install_joy/preuninstall-linux: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Determine OS release 4 | OSREL=`lsb_release -is 2>/dev/null` 5 | 6 | # On removal, disable and remove joy service 7 | # 8 | if [ "$OSREL" == "CentOS" -o "$OSREL" == "RedHatEnterpriseServer" ]; then 9 | # RPM removal, not upgrade 10 | if [ $1 -eq 0 ] ; then 11 | if [ -f /usr/lib/systemd/system/joy.service ]; then 12 | systemctl --no-reload disable joy.service >/dev/null 2>&1 || : 13 | systemctl stop joy.service >/dev/null 2>&1 || : 14 | elif [ -f /etc/init.d/joy -a -f /usr/sbin/chkconfig ]; then 15 | service joy stop >/dev/null 2>&1 || : 16 | chkconfig --del joy >/dev/null 2>&1 || : 17 | fi 18 | fi 19 | elif [ "$OSREL" == "Ubuntu" -o "$OSREL" == "Debian" ]; then 20 | # deb removal, not upgrade 21 | if [ -z $2 ]; then 22 | if [ -f /usr/lib/systemd/system/joy.service ]; then 23 | systemctl --no-reload disable joy.service >/dev/null 2>&1 || : 24 | systemctl stop joy.service >/dev/null 2>&1 || : 25 | elif [ -f /etc/init.d/joy ]; then 26 | service joy stop >/dev/null 2>&1 || : 27 | if [ -f /usr/sbin/chkconfig ]; then 28 | chkconfig --del joy >/dev/null 2>&1 || : 29 | elif [ -x /usr/sbin/update-rc.d ]; then 30 | update-rc.d joy disable >/dev/null 2>&1 || : 31 | fi 32 | fi 33 | fi 34 | fi 35 | -------------------------------------------------------------------------------- /install_joy/uninstall-joy-pkg: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # uninstall-joy-pkg 4 | # 5 | # uninstaller for joy MacOS X package 6 | 7 | PKGNAME=com.cisco.joy 8 | 9 | echo 10 | echo UNINSTALL-JOY-PKG 11 | echo -------------------- 12 | echo 13 | 14 | if ((UID!=0)); then 15 | echo "You must run as root" 16 | exit 1 17 | fi 18 | 19 | delete_file () { 20 | if [ -f $1 ]; then 21 | rm $1 22 | retval=$? 23 | if [ $retval != "0" ]; then 24 | echo "error: could not delete file $1" 25 | else 26 | echo "deleted file $1" 27 | fi 28 | fi 29 | } 30 | 31 | delete_directory () { 32 | if [ -d $1 ]; then 33 | rm -rf $1 34 | retval=$? 35 | if [ $retval != "0" ]; then 36 | echo "error: could not delete directory $1" 37 | else 38 | echo "deleted directory $1" 39 | fi 40 | fi 41 | } 42 | 43 | sysname=`uname -s` 44 | 45 | if [ "$sysname" == "Darwin" ]; then 46 | ## 47 | # Darwin operating system detected 48 | ## 49 | echo "System $sysname (Mac OS X) uninstalling package ${PKGNAME} ..." 50 | 51 | pkgutil --pkg-info ${PKGNAME} &>/dev/null 52 | if [ "$?" == 0 ]; then 53 | # Stop the daemon 54 | launchctl unload /Library/LaunchAgents/${PKGNAME}.plist 55 | delete_file /Library/LaunchAgents/${PKGNAME}.plist 56 | 57 | # Delete the application files 58 | cd / 59 | pkgutil --only-files --files ${PKGNAME} | tr '\n' '\0' | xargs -n 1 -0 rm 60 | pkgutil --forget ${PKGNAME} 61 | 62 | echo "... removed ${PKGNAME}" 63 | else 64 | echo "... unable to find ${PKGNAME}" 65 | exit 1 66 | fi 67 | else 68 | echo "error: unknown system ($sysname)" 69 | exit 1 70 | fi 71 | -------------------------------------------------------------------------------- /internal.net: -------------------------------------------------------------------------------- 1 | # subnets for address anonymization 2 | # 3 | 4 | 10.0.0.0/8 # RFC 1918 address space 5 | 172.16.0.0/12 # RFC 1918 address space 6 | 192.168.0.0/16 # RFC 1918 address space 7 | -------------------------------------------------------------------------------- /m4/ltversion.m4: -------------------------------------------------------------------------------- 1 | # ltversion.m4 -- version numbers -*- Autoconf -*- 2 | # 3 | # Copyright (C) 2004 Free Software Foundation, Inc. 4 | # Written by Scott James Remnant, 2004 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # @configure_input@ 11 | 12 | # serial 3337 ltversion.m4 13 | # This file is part of GNU Libtool 14 | 15 | m4_define([LT_PACKAGE_VERSION], [2.4.2]) 16 | m4_define([LT_PACKAGE_REVISION], [1.3337]) 17 | 18 | AC_DEFUN([LTVERSION_VERSION], 19 | [macro_version='2.4.2' 20 | macro_revision='1.3337' 21 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) 22 | _LT_DECL(, macro_revision, 0) 23 | ]) 24 | -------------------------------------------------------------------------------- /rpm/RPM-GPG-KEY-joy: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQENBFnBsF8BCADczAtx1Q6g0uX1JN8OKdhV0W8kbH107tVqztVRO2hHG+KAcm2q 5 | +WWcpznOot+v71Wj1AF3ncXf2H7dhmOQAGhM2MyCziptZtIblMqIxBpEFB1jrZmS 6 | 6rR/kq62xlTzfbxuVpHLN/A027jyysg8uQDWyHU25akSeNjKIZ+oGCeml3vQM79h 7 | asErKjlXxvay9A3y1NiLsmNeLVzgpYbicyyd4wjFIRtYJSjxdQOihd7pOspX84TT 8 | QVXpmYfTm/zvXq7D2SX4Hm7tdrKVJmswjHGX1IsKUrGqh1H9J4mtaMqTFksB27My 9 | OQMln48l7O82jF8v2Z3p53Tv7xxwygnRt8qRABEBAAG0H0Npc2NvIEpveSA8am95 10 | LXVzZXJzQGNpc2NvLmNvbT6JATgEEwECACMFAlnBsF8CGwMHCwkIBwMCAQYVCAIJ 11 | CgsEFgIDAQIeAQIXgAAKCRB1h9YCH42DzZ+eB/jGBnl3HR3u36xNVmc5ACkbw2Vy 12 | T1y6w0n9pczpPIp42MOgxUiVZS3b2uGaUpfOOzc/zmuAgT9hTiY7Nd42fsHNNk9X 13 | kI9nNzmq0iB6DRsx1TUuyXcD+LoQ0eBet11iOyfop28RunAvYaoiDmo2lkxeOKEZ 14 | eTFm7mlhex2dLj8FdCEuz4RMcazbVSTeUX6UcUn81IMOKIIIVqtAk7Pkwbm2CkiJ 15 | SyQZHq/bsZJ1YaG4tiMMPUDkf8Fe4vJy9SbCkfTWzASuIwlTxwqQHOqOa9ixDXtk 16 | mwousSeZwTkUKMj+rTUeLbbNLre4owVDIyujMWf50GYFO+QUbSH+3keRKKu5AQ0E 17 | WcGwXwEIAO/ntpCFzUQEcr4lDZDJeqXPbwPwc6C2FBDYuOar6I8vSr3J80VV/MAY 18 | sly2joyW1enXopXELYhfQZsHVm5WjLijeAxjhJi9vpa95PR6TiDckDb05f0927yL 19 | 5WvBGCQt4QwWwQsQITp4hbY8ko7Ux5L6/5EbKWRmGqk4qLAdArmFwe3RLFfQTAG7 20 | Qt87QVmtR9t5Hy30TVNy0bwgliowq7rZJ8gN4jqJ5n8iul4gUf/caZ6M3JaITEUk 21 | F/u8WlDYIPzK62K7aOq8McuDbjXA69toq6Zn7F4QDg+FfRUGuE2xJmDHqFxzGm2g 22 | qzPF0P2amR+ste4BdVoSXyO/dxHX0F8AEQEAAYkBHwQYAQIACQUCWcGwXwIbDAAK 23 | CRB1h9YCH42Dza2AB/9xbDPvuSa7U1dv6U3y6zG1zXCxZ9gc9uY8c6sJ/1r3uQ52 24 | PTIsXYkeWJHirw0uOXDhpePC32zn01b2e6GMWsuakWcfXlZV9qt0fw3aMto8tDOF 25 | E7W8SVwA17JIFQEEg3QZFwL9YOXBIC4+Z0mF7EgM8UPWACYV27pHqVGvzE/uiv4y 26 | wUcKAv2tswRYwjmQTEMDSRKgcQQmiwYs5sEw+DpmRHUWMO7CZhaHrvKE7QhsYBnD 27 | LUmMbe62rUyjVsVgUeYjGQS9M0YdggFMmanlHuGYoEMPzvnpZF4+rcNVaIlw6Gih 28 | jSH/KlWSwkA6a7Ygmwo4Liv806P8Y3o5A3u/6hPD 29 | =Pw7+ 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /safe_c_stub/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS=lib 3 | 4 | EXTRA_DIST=include 5 | -------------------------------------------------------------------------------- /safe_c_stub/include/mem_primitives_lib.h: -------------------------------------------------------------------------------- 1 | #ifndef __MEM_PRIMITIVES_LIB__ 2 | #define __MEM_PRIMITIVES_LIB__ 3 | 4 | #endif // __MEM_PRIMITIVES_LIB__ 5 | -------------------------------------------------------------------------------- /safe_c_stub/include/safe_lib.h: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------ 2 | * safe_lib.h -- Stub SafeC library includes 3 | * 4 | * June, 2016 5 | * 6 | * Contains code derived from https://sourceforge.net/projects/safeclib/ 7 | * license reproduced below 8 | * 9 | * October 2008-2018, Bo Berry 10 | * 11 | * Copyright (c) 2008-2011 by Cisco Systems, Inc 12 | * All rights reserved. 13 | * 14 | * Permission is hereby granted, free of charge, to any person 15 | * obtaining a copy of this software and associated documentation 16 | * files (the "Software"), to deal in the Software without 17 | * restriction, including without limitation the rights to use, 18 | * copy, modify, merge, publish, distribute, sublicense, and/or 19 | * sell copies of the Software, and to permit persons to whom the 20 | * Software is furnished to do so, subject to the following 21 | * conditions: 22 | * 23 | * The above copyright notice and this permission notice shall be 24 | * included in all copies or substantial portions of the Software. 25 | * 26 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 27 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 28 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 29 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 30 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 31 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 32 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 33 | * OTHER DEALINGS IN THE SOFTWARE. 34 | *------------------------------------------------------------------ 35 | */ 36 | #ifndef __SAFE_LIB_H__ 37 | #define __SAFE_LIB_H__ 38 | 39 | 40 | #ifdef _WIN32 41 | #define __restrict__ 42 | #endif 43 | 44 | #ifdef __cplusplus 45 | extern "C" { 46 | #endif 47 | 48 | #include "safe_lib_errno.h" 49 | #include "safe_mem_lib.h" 50 | #include "safe_str_lib.h" 51 | 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | #endif /* __SAFE_LIB_H__ */ 57 | 58 | -------------------------------------------------------------------------------- /safe_c_stub/include/safe_lib_errno.h: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------ 2 | * safe_lib_errno.h -- Safe C Lib Error codes 3 | * 4 | * Octobber 2008, Bo Berry 5 | * 6 | * Copyright (c) 2008-2011 by Cisco Systems, Inc 7 | * All rights reserved. 8 | * 9 | * Permission is hereby granted, free of charge, to any person 10 | * obtaining a copy of this software and associated documentation 11 | * files (the "Software"), to deal in the Software without 12 | * restriction, including without limitation the rights to use, 13 | * copy, modify, merge, publish, distribute, sublicense, and/or 14 | * sell copies of the Software, and to permit persons to whom the 15 | * Software is furnished to do so, subject to the following 16 | * conditions: 17 | * 18 | * The above copyright notice and this permission notice shall be 19 | * included in all copies or substantial portions of the Software. 20 | * 21 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 23 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 24 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 25 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 26 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 27 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 28 | * OTHER DEALINGS IN THE SOFTWARE. 29 | *------------------------------------------------------------------ 30 | */ 31 | 32 | #ifndef __SAFE_LIB_ERRNO_H__ 33 | #define __SAFE_LIB_ERRNO_H__ 34 | #include 35 | 36 | /* 37 | * CONFIGURE: If these errno codes are added to errno.h, then 38 | * enable this macro 39 | */ 40 | /* #define USING_ERRNO_H */ 41 | 42 | #ifdef USING_ERRNO_H 43 | 44 | #include "errno.h" 45 | 46 | #else 47 | 48 | /* 49 | * Safe Lib specific errno codes. These can be added to the errno.h file 50 | * if desired. 51 | */ 52 | #undef ESNULLP 53 | #define ESNULLP ( 400 ) /* null ptr */ 54 | 55 | #undef ESZEROL 56 | #define ESZEROL ( 401 ) /* length is zero */ 57 | 58 | #undef ESLEMIN 59 | #define ESLEMIN ( 402 ) /* length is below min */ 60 | 61 | #undef ESLEMAX 62 | #define ESLEMAX ( 403 ) /* length exceeds max */ 63 | 64 | #undef ESOVRLP 65 | #define ESOVRLP ( 404 ) /* overlap undefined */ 66 | 67 | #undef ESEMPTY 68 | #define ESEMPTY ( 405 ) /* empty string */ 69 | 70 | #undef ESNOSPC 71 | #define ESNOSPC ( 406 ) /* not enough space for s2 */ 72 | 73 | #undef ESUNTERM 74 | #define ESUNTERM ( 407 ) /* unterminated string */ 75 | 76 | #undef ESNODIFF 77 | #define ESNODIFF ( 408 ) /* no difference */ 78 | 79 | #undef ESNOTFND 80 | #define ESNOTFND ( 409 ) /* not found */ 81 | 82 | #endif 83 | 84 | 85 | /* errno_t may or may not be defined in errno.h */ 86 | #ifndef errno_t 87 | typedef int errno_t; 88 | #endif 89 | 90 | #ifndef rsize_t 91 | typedef size_t rsize_t; 92 | #endif 93 | 94 | /* EOK may or may not be defined in errno.h */ 95 | #ifndef EOK 96 | #define EOK 0 97 | #endif 98 | 99 | 100 | #endif /* __SAFE_LIB_ERRNO_H__ */ 101 | 102 | -------------------------------------------------------------------------------- /safe_c_stub/include/safe_mem_lib.h: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------ 2 | * safe_mem_lib.h - Replacements for Safe C Library Memory Functions 3 | * 4 | * Contains code derived from https://sourceforge.net/projects/safeclib/ 5 | * license reproduced below 6 | * 7 | * October 2008-2018, Bo Berry 8 | * 9 | * Copyright (c) 2008-2011 by Cisco Systems, Inc 10 | * All rights reserved. 11 | * 12 | * Permission is hereby granted, free of charge, to any person 13 | * obtaining a copy of this software and associated documentation 14 | * files (the "Software"), to deal in the Software without 15 | * restriction, including without limitation the rights to use, 16 | * copy, modify, merge, publish, distribute, sublicense, and/or 17 | * sell copies of the Software, and to permit persons to whom the 18 | * Software is furnished to do so, subject to the following 19 | * conditions: 20 | * 21 | * The above copyright notice and this permission notice shall be 22 | * included in all copies or substantial portions of the Software. 23 | * 24 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 26 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 28 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 29 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 30 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 31 | * OTHER DEALINGS IN THE SOFTWARE. 32 | *------------------------------------------------------------------ 33 | */ 34 | #ifndef __SAFE_MEM_LIB_H__ 35 | #define __SAFE_MEM_LIB_H__ 36 | 37 | #include 38 | #include "safe_lib_errno.h" 39 | 40 | /* Defining the RSIZE_MAX macro */ 41 | #ifndef RSIZE_MAX 42 | #define RSIZE_MAX SIZE_MAX/2 43 | #endif 44 | 45 | /** 46 | * Maximum memory sizes definitions based on types 47 | */ 48 | #ifndef RSIZE_MAX_MEM 49 | #define RSIZE_MAX_MEM RSIZE_MAX 50 | #endif 51 | #ifndef RSIZE_MAX_MEM16 52 | #define RSIZE_MAX_MEM16 ( RSIZE_MAX_MEM/2 ) 53 | #endif 54 | #ifndef RSIZE_MAX_MEM32 55 | #define RSIZE_MAX_MEM32 ( RSIZE_MAX_MEM/4 ) 56 | #endif 57 | 58 | 59 | /* copy memory */ 60 | extern errno_t memcpy_s(void *dest, rsize_t dmax, const void *src, rsize_t slen); 61 | 62 | /* compare memory */ 63 | extern errno_t memcmp_s(const void *dest, rsize_t dmax, const void *src, rsize_t slen, int *diff); 64 | 65 | /* Set memory */ 66 | extern errno_t memset_s (void *s, rsize_t smax, int c, rsize_t n); 67 | 68 | /* clear bytes */ 69 | extern errno_t memzero_s(void *dest, rsize_t dmax); 70 | 71 | /* Move bytes */ 72 | extern errno_t memmove_s(void *dest, rsize_t dmax, const void *src, rsize_t smax); 73 | 74 | #endif /* __SAFE_MEM_LIB_H__ */ 75 | -------------------------------------------------------------------------------- /safe_c_stub/include/safe_str_lib.h: -------------------------------------------------------------------------------- 1 | /*------------------------------------------------------------------ 2 | * safe_str_lib.h - Replacements for Safe C Library String Functions 3 | * 4 | * Contains code derived from https://sourceforge.net/projects/safeclib/ 5 | * license reproduced below 6 | * 7 | * October 2008-2018, Bo Berry 8 | * 9 | * Copyright (c) 2008-2011 by Cisco Systems, Inc 10 | * All rights reserved. 11 | * 12 | * Permission is hereby granted, free of charge, to any person 13 | * obtaining a copy of this software and associated documentation 14 | * files (the "Software"), to deal in the Software without 15 | * restriction, including without limitation the rights to use, 16 | * copy, modify, merge, publish, distribute, sublicense, and/or 17 | * sell copies of the Software, and to permit persons to whom the 18 | * Software is furnished to do so, subject to the following 19 | * conditions: 20 | * 21 | * The above copyright notice and this permission notice shall be 22 | * included in all copies or substantial portions of the Software. 23 | * 24 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 26 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 28 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 29 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 30 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 31 | * OTHER DEALINGS IN THE SOFTWARE. 32 | *------------------------------------------------------------------ 33 | */ 34 | #ifndef __SAFE_STR_LIB_H__ 35 | #define __SAFE_STR_LIB_H__ 36 | 37 | #include 38 | #include 39 | #include "safe_lib_errno.h" 40 | 41 | /** 42 | * The shortest string is a null string!! 43 | */ 44 | #ifndef RSIZE_MIN_STR 45 | #define RSIZE_MIN_STR ( 1 ) 46 | #endif 47 | 48 | 49 | /** 50 | * The maximum sring length 51 | */ 52 | #ifndef RSIZE_MAX_STR 53 | #define RSIZE_MAX_STR RSIZE_MAX 54 | #endif 55 | 56 | 57 | 58 | /* string compare */ 59 | extern errno_t strcmp_s(const char *dest, rsize_t dmax, const char *src, int *indicator); 60 | 61 | /* Case insensitive string compare */ 62 | extern errno_t strcasecmp_s (const char *dest, rsize_t dmax, const char *src, int *indicator); 63 | 64 | /* Case insensitive string compare */ 65 | extern errno_t strncasecmp_s (const char *dest, rsize_t dmax, const char *src, rsize_t n, int *indicator); 66 | 67 | 68 | /* string concatenate */ 69 | extern errno_t strcat_s(char *dest, rsize_t dmax, const char *src); 70 | 71 | /* fitted string concatenate */ 72 | extern errno_t strncat_s(char *dest, rsize_t dmax, const char *src, rsize_t slen); 73 | 74 | /* string copy */ 75 | extern errno_t strcpy_s(char *dest, rsize_t dmax, const char *src); 76 | 77 | /* fitted string copy */ 78 | extern errno_t strncpy_s (char *dest, rsize_t dmax, const char *src, rsize_t slen); 79 | 80 | /* string length */ 81 | extern rsize_t strnlen_s(const char *s, rsize_t smax); 82 | 83 | /* find a substring */ 84 | extern errno_t strstr_s(char *dest, rsize_t dmax, const char *src, rsize_t slen, char **substring); 85 | 86 | /* string tokenizer */ 87 | extern char *strtok_s(char *dest, rsize_t *dmax, const char *src, char **ptr); 88 | 89 | /* get span until character in string*/ 90 | extern errno_t strcspn_s(const char *dest, rsize_t dmax, const char *src, rsize_t slen, rsize_t *count); 91 | 92 | /* get span of character set in string*/ 93 | extern errno_t strspn_s(const char *dest, rsize_t dmax, const char *src, rsize_t slen, rsize_t *count); 94 | 95 | /* determine if character is a digit*/ 96 | extern int strisdigit_s(const char *dest, rsize_t dmax); 97 | 98 | #endif /* __SAFE_STR_LIB_H__ */ 99 | -------------------------------------------------------------------------------- /safe_c_stub/lib/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_LIBRARIES= libstubsafec.a 3 | 4 | libstubsafec_a_SOURCES = \ 5 | ../src/safe_mem_stub.c \ 6 | ../src/safe_str_stub.c 7 | 8 | libstubsafec_a_CFLAGS=-I../include -fPIC 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /sleuth_pkg/__init__.py: -------------------------------------------------------------------------------- 1 | from sleuth import * 2 | -------------------------------------------------------------------------------- /sleuth_pkg/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup(name='sleuth', 4 | version='1.0', 5 | description='Iteration and inspection over dictionary objects', 6 | url='https://github.com/cisco/joy.git', 7 | author='David McGrew, Philip Perricone', 8 | author_email='mcgrew@cisco.com, phperric@cisco.com', 9 | license='BSD-3', 10 | packages=find_packages(), 11 | package_data={'sleuth': ['*.json']}, 12 | zip_safe=True) 13 | -------------------------------------------------------------------------------- /sleuth_pkg/sleuth/__init__.py: -------------------------------------------------------------------------------- 1 | from sleuth import * 2 | from api_joy import * 3 | from enrich_tls import enrich_tls 4 | from fingerprint import * 5 | from inferences import * 6 | 7 | -------------------------------------------------------------------------------- /sleuth_pkg/sleuth/fingerprint.py: -------------------------------------------------------------------------------- 1 | """ 2 | * 3 | * Copyright (c) 2017 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | """ 36 | import os 37 | import json 38 | from sleuth import SleuthTemplateDict 39 | 40 | class fingerprinter(object): 41 | fingerprint_dict = { 42 | 'tls': { 43 | 'select': 'tls{c_extensions,cs}', 44 | 'normalize': 'tls{c_extensions[{server_name,signed_certificate_timestamp,session_ticket,padding,application_layer_protocol_negotiation,data}]}' 45 | }, 46 | 'http': { 47 | 'select': 'http[{out[{User-Agent}]}]', 48 | 'normalize': '' 49 | }, 50 | 'tcp': { 51 | 'select': 'tcp{out{opt_len,opts}}', 52 | 'normalize': 'tcp{out{opts[{ts}]}}' 53 | }, 54 | } 55 | 56 | def __init__(self, select, normalize): 57 | self.select_template = SleuthTemplateDict(select) 58 | self.normalize_template = SleuthTemplateDict(normalize) 59 | 60 | def get_fingerprint(self, flow, kwargs): 61 | tmp = self.select_template.copy_selected_elements(self.select_template.template, flow) 62 | output = self.normalize_template.normalize_selected_elements(self.normalize_template.template, tmp) 63 | return output 64 | 65 | @classmethod 66 | def types(cls): 67 | return cls.fingerprint_dict 68 | 69 | @classmethod 70 | def get_instance(cls, typename): 71 | return fingerprinter(**cls.fingerprint_dict[typename]) 72 | -------------------------------------------------------------------------------- /src/addr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file addr.c 39 | * 40 | * \brief network address functions (IPv4 only for now) 41 | */ 42 | 43 | #include "addr.h" 44 | 45 | /** 46 | * \fn unsigned int ipv4_mask (unsigned int masklen) 47 | * \param masklen length of the subnet mask 48 | * \return ipv4 mask 49 | */ 50 | unsigned int ipv4_mask (unsigned int masklen) { 51 | unsigned char tmp = 0; 52 | unsigned int i, j, bytes, bits = 0; 53 | unsigned int m = 0; 54 | unsigned char *mask = (unsigned char *)&m; 55 | 56 | bytes = masklen/8; 57 | bits = masklen - bytes*8; 58 | 59 | for (i=0; i>= 1; 67 | } 68 | 69 | return m; 70 | } 71 | 72 | /** 73 | * \fn unsigned int addr_mask (unsigned int addr, unsigned int masklen) 74 | * \param addr ipv4 address 75 | * \param masklen length of the subnet mask 76 | * \return ipv4 address mask 77 | */ 78 | unsigned int addr_mask (unsigned int addr, unsigned int masklen) { 79 | struct in_addr mask; 80 | 81 | mask.s_addr = ipv4_mask(masklen); 82 | return mask.s_addr & addr; 83 | } 84 | -------------------------------------------------------------------------------- /src/addr_attr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file addr_attr.c 39 | * 40 | * \brief address attributes 41 | */ 42 | 43 | #include 44 | #include "addr_attr.h" 45 | #include "err.h" 46 | 47 | /** 48 | * \fn attr_flags attr_get_next_flag (attr_flags *a) 49 | * \param a pointer to flags 50 | * \return flags with only found value set 51 | */ 52 | attr_flags attr_get_next_flag (attr_flags *a) { 53 | attr_flags x = *a; 54 | 55 | /* find highest set bitflag */ 56 | x |= (x >> 1); 57 | x |= (x >> 2); 58 | x |= (x >> 4); 59 | x |= (x >> 8); 60 | x |= (x >> 16); 61 | x = (x & ~(x >> 1)); 62 | 63 | /* unset bitflag, then return bitflag value */ 64 | *a ^= x; 65 | 66 | return x; 67 | } 68 | 69 | -------------------------------------------------------------------------------- /src/getline.c: -------------------------------------------------------------------------------- 1 | /* This code is public domain -- Will Hartung 4/9/09 */ 2 | /* only used for the joy windows builds */ 3 | #include 4 | #include 5 | 6 | size_t getline(char **lineptr, size_t *n, FILE *stream) { 7 | char *bufptr = NULL; 8 | char *p = bufptr; 9 | size_t size; 10 | int c; 11 | 12 | if (lineptr == NULL) { 13 | return -1; 14 | } 15 | if (stream == NULL) { 16 | return -1; 17 | } 18 | if (n == NULL) { 19 | return -1; 20 | } 21 | bufptr = *lineptr; 22 | size = *n; 23 | 24 | c = fgetc(stream); 25 | if (c == EOF) { 26 | return -1; 27 | } 28 | if (bufptr == NULL) { 29 | bufptr = malloc(128); 30 | if (bufptr == NULL) { 31 | return -1; 32 | } 33 | size = 128; 34 | } 35 | p = bufptr; 36 | while(c != EOF) { 37 | if ((unsigned int)(p - bufptr) > (size - 1)) { 38 | size = size + 128; 39 | bufptr = realloc(bufptr, size); 40 | if (bufptr == NULL) { 41 | return -1; 42 | } 43 | } 44 | *p++ = c; 45 | if (c == '\n') { 46 | break; 47 | } 48 | c = fgetc(stream); 49 | } 50 | 51 | *p++ = '\0'; 52 | *lineptr = bufptr; 53 | *n = size; 54 | 55 | return p - bufptr - 1; 56 | } 57 | -------------------------------------------------------------------------------- /src/include/acsm.h: -------------------------------------------------------------------------------- 1 | /* 2 | = Multi-Pattern Search Engine = 3 | 4 | == DOCUMENT == 5 | 6 | See the main function in acsm.c as an example. 7 | 8 | ==COPYRIGHT & LICENSE== 9 | 10 | This code is published under the BSD license. 11 | 12 | Copyright (C) 2011 by Weibin Yao . 13 | 14 | All rights reserved. 15 | 16 | Redistribution and use in source and binary forms, with or without 17 | modification, are permitted provided that the following conditions are 18 | met: 19 | 20 | * Redistributions of source code must retain the above copyright 21 | notice, this list of conditions and the following disclaimer. 22 | 23 | * Redistributions in binary form must reproduce the above copyright 24 | notice, this list of conditions and the following disclaimer in the 25 | documentation and/or other materials provided with the distribution. 26 | 27 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 28 | IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 30 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 31 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 32 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 33 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 34 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 37 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 | 39 | */ 40 | #ifndef _ACSM_H_ 41 | #define _ACSM_H_ 42 | 43 | #include 44 | #include 45 | #include 46 | #include "safe_lib.h" 47 | #include 48 | 49 | #ifdef WIN32 50 | #include "win_types.h" 51 | #endif 52 | 53 | #define ASCIITABLE_SIZE (256) 54 | 55 | #define PATTERN_MAXLEN (1024) 56 | 57 | #define ACSM_FAIL_STATE (-1) 58 | 59 | 60 | typedef struct acsm_queue_s { 61 | struct acsm_queue_s *prev; 62 | struct acsm_queue_s *next; 63 | } acsm_queue_t; 64 | 65 | typedef struct { 66 | int state; 67 | acsm_queue_t queue; 68 | } acsm_state_queue_t; 69 | 70 | 71 | typedef struct acsm_pattern_s { 72 | u_char *string; 73 | size_t len; 74 | 75 | struct acsm_pattern_s *next; 76 | } acsm_pattern_t; 77 | 78 | 79 | typedef struct { 80 | int next_state[ASCIITABLE_SIZE]; 81 | int fail_state; 82 | 83 | /* output */ 84 | acsm_pattern_t *match_list; 85 | } acsm_state_node_t; 86 | 87 | 88 | typedef struct { 89 | unsigned max_state; 90 | unsigned num_state; 91 | 92 | acsm_pattern_t *patterns; 93 | acsm_state_node_t *state_table; 94 | 95 | void *pool; 96 | 97 | acsm_state_queue_t work_queue; 98 | acsm_state_queue_t free_queue; 99 | 100 | unsigned no_case; 101 | } acsm_context_t; 102 | 103 | 104 | #define acsm_tolower(c) (u_char) ((c >= 'A' && c <= 'Z') ? (c | 0x20) : c) 105 | 106 | #define acsm_strlen(s, mlen) strnlen_s((const char *) s, mlen) 107 | 108 | 109 | #define NO_CASE 0x01 110 | 111 | acsm_context_t *acsm_alloc(int flag); 112 | void acsm_free(acsm_context_t *ctx); 113 | 114 | int acsm_add_pattern(acsm_context_t *ctx, u_char *string, size_t len); 115 | int acsm_compile(acsm_context_t *ctx); 116 | int acsm_search(acsm_context_t *ctx, u_char *string, size_t len); 117 | 118 | #endif /* _ACSM_H_ */ 119 | -------------------------------------------------------------------------------- /src/include/addr.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file addr.h 39 | * 40 | * \brief interface to network address functions (IPv4 only for now) 41 | */ 42 | 43 | #ifndef ADDR_H 44 | #define ADDR_H 45 | 46 | #ifdef WIN32 47 | #include "Ws2tcpip.h" 48 | #else 49 | #include 50 | #include 51 | #endif 52 | 53 | /** returns the ipv4 mask */ 54 | unsigned int ipv4_mask(unsigned int masklen); 55 | 56 | /** returns the ipv4 address mask */ 57 | unsigned int addr_mask(unsigned int addr, unsigned int masklen); 58 | 59 | #endif /* ADDR_H */ 60 | -------------------------------------------------------------------------------- /src/include/addr_attr.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file addr_attr.h 39 | * 40 | * \brief address attributes header file 41 | */ 42 | 43 | #ifndef ADDR_ATTR_H 44 | #define ADDR_ATTR_H 45 | 46 | /** attr_flags is a bitmask, each bit of which corresponds to an attribute */ 47 | typedef unsigned int attr_flags; 48 | 49 | 50 | /** 51 | * \brief finds the next flag that is true (set to one) in the 52 | * attr_flags value pointed to by aptr, changes that value 53 | * by unsetting that flag (setting it to zero), then returns the 54 | * attr_flag that has only that flag set. If the value *aptr is equal 55 | * to zero, then zero is returned. 56 | */ 57 | attr_flags attr_get_next_flag(attr_flags *aptr); 58 | 59 | #endif /* ADDR_ATTR_H */ 60 | -------------------------------------------------------------------------------- /src/include/classify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file classify.h 39 | * 40 | * \brief header file for inline Classification functionality 41 | */ 42 | 43 | #ifndef CLASSIFY_H 44 | #define CLASSIFY_H 45 | 46 | #ifdef WIN32 47 | #include "win_types.h" 48 | #endif 49 | 50 | /* constants */ 51 | #define NUM_PARAMETERS_SPLT_LOGREG 208 52 | #define NUM_PARAMETERS_BD_LOGREG 464 53 | #define MC_BINS_LEN 10 54 | #define MC_BINS_TIME 10 55 | #define MC_BIN_SIZE_TIME 50 56 | #define MC_BIN_SIZE_LEN 150 57 | #define MAX_BIN_LEN 1500 58 | #define NUM_BD_VALUES 256 59 | 60 | /** Classifier parameter type codes */ 61 | typedef enum { 62 | SPLT_PARAM_TYPE = 0, 63 | BD_PARAM_TYPE = 1 64 | } classifier_type_codes_t; 65 | 66 | extern float parameters_bd[NUM_PARAMETERS_BD_LOGREG]; 67 | extern float parameters_splt[NUM_PARAMETERS_SPLT_LOGREG]; 68 | 69 | /* Classifier functions */ 70 | float classify(const unsigned short *pkt_len, const struct timeval *pkt_time, 71 | const unsigned short *pkt_len_twin, const struct timeval *pkt_time_twin, 72 | struct timeval start_time, struct timeval start_time_twin, uint32_t max_num_pkt_len, 73 | uint16_t sp, uint16_t dp, uint32_t op, uint32_t ip, uint32_t np_o, uint32_t np_i, 74 | uint32_t ob, uint32_t ib, uint16_t use_bd, const uint32_t *bd, const uint32_t *bd_t); 75 | 76 | void merge_splt_arrays(const uint16_t *pkt_len, const struct timeval *pkt_time, 77 | const uint16_t *pkt_len_twin, const struct timeval *pkt_time_twin, 78 | struct timeval start_time, struct timeval start_time_twin, 79 | uint16_t s_idx, uint16_t r_idx, 80 | uint16_t *merged_lens, uint16_t *merged_times); 81 | 82 | void update_params(classifier_type_codes_t param_type, const char *param_file); 83 | 84 | #endif /* CLASSIFY_H */ 85 | 86 | -------------------------------------------------------------------------------- /src/include/dhcpv6.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2019 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /* 38 | * \file dhcpv6.h 39 | * 40 | * \brief Dynamic Host Configuration Protocol (DHCP) IPv6 awareness 41 | * 42 | */ 43 | 44 | #ifndef DHCPV6_H 45 | #define DHCPV6_H 46 | 47 | #include /* for FILE* */ 48 | #include 49 | #include 50 | #include "output.h" 51 | #include "utils.h" 52 | 53 | #ifdef WIN32 54 | # include 55 | #else 56 | # include 57 | #endif 58 | 59 | #define dhcpv6_usage " dhcpv6=1 report dhcpv6 information\n" 60 | 61 | #define dhcpv6_filter(record) \ 62 | ((record->key.prot == 17) && \ 63 | ((record->key.sp == 547 && record->key.dp == 546) || (record->key.sp == 546 && record->key.dp == 547)) \ 64 | ) 65 | 66 | #define MAX_DHCP_V6_MSGS 10 67 | #define MAX_DHCP_V6_MSG_LEN 64 68 | 69 | typedef struct dhcp_v6_message_ { 70 | uint8_t msg_type; 71 | uint32_t trans_id; 72 | uint8_t data[MAX_DHCP_V6_MSG_LEN]; 73 | } dhcp_v6_message_t; 74 | 75 | typedef struct dhcp_v6_ { 76 | uint16_t message_count; 77 | dhcp_v6_message_t messages[MAX_DHCP_V6_MSGS]; 78 | } dhcpv6_t; 79 | 80 | void dhcpv6_init(dhcpv6_t **dhcp_v6_handle); 81 | 82 | void dhcpv6_update(dhcpv6_t *dhcp_v6, 83 | const struct pcap_pkthdr *header, 84 | const void *data, 85 | unsigned int data_len, 86 | unsigned int report_dhcpv6); 87 | 88 | void dhcpv6_print_json(const dhcpv6_t *d1, 89 | const dhcpv6_t *d2, 90 | zfile f); 91 | 92 | void dhcpv6_delete(dhcpv6_t **dhcp_v6_handle); 93 | 94 | void dhcpv6_unit_test(void); 95 | 96 | #endif /* DHCPV6_H */ 97 | 98 | -------------------------------------------------------------------------------- /src/include/dns.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016-2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | /** 37 | * \file dns.h 38 | * 39 | * \brief interface file for DNS code 40 | */ 41 | #ifndef DNS_H 42 | #define DNS_H 43 | 44 | #include 45 | #include "output.h" 46 | 47 | /** usage string */ 48 | #define dns_usage " dns=1 report DNS response information\n" 49 | 50 | /** dns filter key */ 51 | #define dns_filter(record) \ 52 | ((record->key.prot == 17) && \ 53 | (record->app == 53 || (record->key.dp == 53 || record->key.sp == 53)) \ 54 | ) 55 | 56 | /** maximum number of DNS packets */ 57 | #define MAX_NUM_DNS_PKT 200 58 | 59 | /** maximum DNS name length */ 60 | #define MAX_DNS_NAME_LEN 256 61 | 62 | /** DNS structure */ 63 | typedef struct dns_ { 64 | unsigned int pkt_count; /*!< packet count */ 65 | char *dns_name[MAX_NUM_DNS_PKT]; /*!< DNS packets */ 66 | unsigned short int pkt_len[MAX_NUM_DNS_PKT]; /*!< DNS packet lengths */ 67 | } dns_t; 68 | 69 | /** initialize DNS structure */ 70 | void dns_init(dns_t **dns_handle); 71 | 72 | /** DNS structure update */ 73 | void dns_update(dns_t *dns, 74 | const struct pcap_pkthdr *header, 75 | const void *data, 76 | unsigned int len, 77 | unsigned int report_dns); 78 | 79 | /** print DNS data out in JSON format */ 80 | void dns_print_json(const dns_t *dns1, const dns_t *dns2, zfile f); 81 | 82 | /** remove a DNS entry */ 83 | void dns_delete(dns_t **dns_handle); 84 | 85 | /** main entry point for DNS unit testing */ 86 | void dns_unit_test(void); 87 | 88 | #endif /* DNS_H */ 89 | -------------------------------------------------------------------------------- /src/include/example.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file example.h 39 | * 40 | * \brief example generic programming interface defined in feature.h. 41 | * 42 | */ 43 | #ifndef EXAMPLE_H 44 | #define EXAMPLE_H 45 | 46 | #include 47 | #include 48 | #include "output.h" 49 | #include "feature.h" 50 | 51 | /** usage string */ 52 | #define example_usage " example=1 include example feature\n" 53 | 54 | /** example filter key */ 55 | #define example_filter(record) 1 56 | 57 | /** example structure */ 58 | typedef struct example { 59 | unsigned int counter; 60 | } example_t; 61 | 62 | 63 | declare_feature(example); 64 | 65 | /** initialization function */ 66 | void example_init(struct example **example_handle); 67 | 68 | /** update example */ 69 | void example_update(struct example *example, 70 | const struct pcap_pkthdr *header, 71 | const void *data, 72 | unsigned int len, 73 | unsigned int report_example); 74 | 75 | /** JSON print example */ 76 | void example_print_json(const struct example *w1, 77 | const struct example *w2, 78 | zfile f); 79 | 80 | /** delete example */ 81 | void example_delete(struct example **example_handle); 82 | 83 | /** example unit test entry point */ 84 | void example_unit_test(void); 85 | 86 | #endif /* EXAMPLE_H */ 87 | -------------------------------------------------------------------------------- /src/include/fingerprint.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file fingerprint.h 39 | * 40 | * \brief header file for data fingerprinting 41 | */ 42 | 43 | #ifndef FINGERPRINT_H 44 | #define FINGERPRINT_H 45 | 46 | #include 47 | 48 | #define MAX_FINGERPRINT_LEN 1024 49 | #define MAX_FINGERPRINT_LABELS 64 50 | #define MAX_FINGERPRINT_LABEL_LEN 64 51 | #define MAX_FINGERPRINT_DESCRIPTION 64 52 | #define MAX_FINGERPRINT_DB 100 53 | 54 | typedef struct fingerprint { 55 | char description[MAX_FINGERPRINT_DESCRIPTION]; /**< Description */ 56 | char labels[MAX_FINGERPRINT_LABELS][MAX_FINGERPRINT_LABEL_LEN]; /**< Labels */ 57 | uint8_t label_count; /**< Number of labels */ 58 | unsigned char fingerprint[MAX_FINGERPRINT_LEN]; /* Fingerprint data */ 59 | uint16_t fingerprint_len; /**< Length of the fingerprint in bytes */ 60 | } fingerprint_t; 61 | 62 | typedef struct fingerprint_db { 63 | fingerprint_t fingerprints[MAX_FINGERPRINT_DB]; /**< Fingerprints */ 64 | uint16_t fingerprint_count; /**< Number of fingerprints */ 65 | } fingerprint_db_t; 66 | 67 | int fingerprint_copy(fingerprint_t *dest_fp, 68 | fingerprint_t *src_fp); 69 | 70 | fingerprint_t *fingerprint_db_match_exact(fingerprint_db_t *db, 71 | fingerprint_t *in_fingerprint); 72 | 73 | #endif /* FINGERPRINT_H */ 74 | 75 | -------------------------------------------------------------------------------- /src/include/fp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file fp.h 39 | * 40 | * \brief Fingerprint extraction module 41 | * 42 | */ 43 | #ifndef FPX_H 44 | #define FPX_H 45 | 46 | #include 47 | #include 48 | #include "output.h" 49 | #include "feature.h" 50 | #include "extractor.h" 51 | 52 | #define MAX_TCP_FP_LEN 32 53 | #define MAX_FP_LEN 1500 54 | 55 | /** usage string */ 56 | #define fpx_usage " fpx=1 include fingerprint extraction\n" 57 | 58 | /** fpx filter key */ 59 | #define fpx_filter(record) 1 60 | 61 | /** fpx structure */ 62 | typedef struct fpx { 63 | unsigned int tcp_fp_len; 64 | unsigned char tcp_fp[MAX_TCP_FP_LEN]; 65 | unsigned int fp_len; 66 | unsigned char fp[MAX_FP_LEN]; 67 | } fpx_t; 68 | 69 | declare_feature(fpx); 70 | 71 | /** initialization function */ 72 | void fpx_init(struct fpx **fpx_handle); 73 | 74 | /** update fpx */ 75 | void fpx_update(struct fpx *fpx, 76 | const struct pcap_pkthdr *header, 77 | const void *data, 78 | unsigned int len, 79 | unsigned int report_fpx); 80 | 81 | /** JSON print fpx */ 82 | void fpx_print_json(const struct fpx *w1, 83 | const struct fpx *w2, 84 | zfile f); 85 | 86 | /** delete fpx */ 87 | void fpx_delete(struct fpx **fpx_handle); 88 | 89 | /** fpx unit test entry point */ 90 | void fpx_unit_test(void); 91 | 92 | #endif /* FPX_H */ 93 | -------------------------------------------------------------------------------- /src/include/modules.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file modules.h 39 | * 40 | * \brief module interface 41 | * 42 | */ 43 | #ifndef MODULES_H 44 | #define MODULES_H 45 | 46 | #include "wht.h" /* walsh-hadamard transform */ 47 | #include "example.h" /* example feature module */ 48 | #include "dns.h" /* DNS response capture */ 49 | #include "ssh.h" /* secure shell protocol */ 50 | #include "ike.h" /* ike protocol */ 51 | #include "salt.h" /* seq of app lengths and times */ 52 | #include "ppi.h" /* per-packet information */ 53 | #include "tls.h" /* tls protocol */ 54 | #include "dhcp.h" /* dhcp protocol */ 55 | #include "dhcpv6.h" /* dhcp v6 protocol */ 56 | #include "http.h" /* http protocol */ 57 | #include "payload.h" /* TCP, UDP, IP payload prefix */ 58 | #include "fp.h" /* implementation fingerprinting */ 59 | 60 | #endif /* MODULES_H */ 61 | -------------------------------------------------------------------------------- /src/include/osdetect.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file osdetect.h 39 | * 40 | * \brief operating system identification interface 41 | */ 42 | 43 | #ifndef OS_DETECT_H 44 | #define OS_DETECT_H 45 | 46 | #include "safe_lib.h" 47 | #include 48 | #include "output.h" 49 | 50 | /** printf definition */ 51 | void os_printf(zfile f, int ttl, int iws, int ttl_twin, int iws_twin); 52 | 53 | /** figure out the Operating System */ 54 | void detect_os(int ttl, int iws, char* os_name, int buf_size); 55 | 56 | #endif /* OS_DETECT_H */ 57 | -------------------------------------------------------------------------------- /src/include/payload.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file payload.h 39 | * 40 | * \brief payload generic programming interface defined in feature.h. 41 | * 42 | */ 43 | #ifndef PAYLOAD_H 44 | #define PAYLOAD_H 45 | 46 | #include 47 | #include 48 | #include "output.h" 49 | #include "feature.h" 50 | 51 | #define JOY_PAYLOAD_LEN 32 52 | 53 | /** usage string */ 54 | #define payload_usage " payload=N include N bytes of payload\n" 55 | 56 | /** payload filter key */ 57 | #define payload_filter(record) 1 58 | 59 | /** payload structure */ 60 | typedef struct payload { 61 | unsigned int length; 62 | unsigned char data[JOY_PAYLOAD_LEN]; 63 | } payload_t; 64 | 65 | 66 | declare_feature(payload); 67 | 68 | /** initialization function */ 69 | void payload_init(struct payload **payload_handle); 70 | 71 | /** update payload */ 72 | void payload_update(struct payload *payload, 73 | const struct pcap_pkthdr *header, 74 | const void *data, 75 | unsigned int len, 76 | unsigned int report_payload); 77 | 78 | /** JSON print payload */ 79 | void payload_print_json(const struct payload *w1, 80 | const struct payload *w2, 81 | zfile f); 82 | 83 | /** delete payload */ 84 | void payload_delete(struct payload **payload_handle); 85 | 86 | /** payload unit test entry point */ 87 | void payload_unit_test(void); 88 | 89 | #endif /* PAYLOAD_H */ 90 | -------------------------------------------------------------------------------- /src/include/pkt_proc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file pkt_proc.h 39 | * 40 | * \brief public interface to p2f packet processing 41 | * 42 | */ 43 | #ifndef PKT_PROC_H 44 | #define PKT_PROC_H 45 | 46 | #include 47 | #include "p2f.h" 48 | #include "err.h" 49 | 50 | #define MAX_TEMPLATES 100 51 | 52 | /** main packet processing entry point */ 53 | void* process_packet(unsigned char *ctx_ptr, const struct pcap_pkthdr *header, const unsigned char *packet); 54 | void libpcap_process_packet(unsigned char *ctx_ptr, const struct pcap_pkthdr *header, const unsigned char *packet); 55 | 56 | uint8_t get_packet_5tuple_key(const unsigned char *packet, flow_key_t *key); 57 | 58 | joy_status_e process_ipfix(joy_ctx_data *ctx, const char *start, int len, flow_record_t *r); 59 | 60 | /* The tls_type_code structure describes the content of a TLS record */ 61 | /* 62 | struct tls_type_code { 63 | unsigned char content; 64 | unsigned char handshake; 65 | }; 66 | */ 67 | 68 | #endif /* PKT_PROC_H */ 69 | 70 | -------------------------------------------------------------------------------- /src/include/ppi.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file ppi.h 39 | * 40 | * \brief per-packet information (ppi) module using the generic 41 | * programming interface defined in feature.h. 42 | * 43 | */ 44 | #ifndef PPI_H 45 | #define PPI_H 46 | 47 | #include 48 | #include "output.h" 49 | #include "feature.h" 50 | 51 | #define MAX_NUM_PKT 200 52 | 53 | /** usage string */ 54 | #define ppi_usage " ppi=1 include per-packet info (ppi)\n" 55 | 56 | /** ppi filter key */ 57 | #define ppi_filter(record) 1 58 | 59 | #define TCP_OPT_LEN 24 60 | 61 | struct pkt_info { 62 | struct timeval time; 63 | unsigned int ack; 64 | unsigned int seq; 65 | unsigned short len; 66 | unsigned char flags; 67 | unsigned short opt_len; 68 | unsigned char opts[TCP_OPT_LEN]; 69 | }; 70 | 71 | /** ppi structure */ 72 | typedef struct ppi { 73 | unsigned int np; 74 | struct pkt_info pkt_info[MAX_NUM_PKT]; 75 | } ppi_t; 76 | 77 | void tcp_flags_to_string(unsigned char flags, char *string); 78 | 79 | void tcp_opt_print_json(zfile f, 80 | const unsigned char *options, 81 | unsigned int total_len); 82 | 83 | declare_feature(ppi); 84 | 85 | /** initialization function */ 86 | void ppi_init(struct ppi **ppi_handle); 87 | 88 | /** update ppi */ 89 | void ppi_update(struct ppi *ppi, 90 | const struct pcap_pkthdr *header, 91 | const void *data, 92 | unsigned int len, 93 | unsigned int report_ppi); 94 | 95 | /** JSON print ppi */ 96 | void ppi_print_json(const struct ppi *w1, 97 | const struct ppi *w2, 98 | zfile f); 99 | 100 | /** delete ppi */ 101 | void ppi_delete(struct ppi **ppi_handle); 102 | 103 | /** ppi unit test entry point */ 104 | void ppi_unit_test(void); 105 | 106 | #endif /* PPI_H */ 107 | -------------------------------------------------------------------------------- /src/include/procwatch.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016-2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file procwatch.h 39 | * 40 | * \brief process watcher interface file 41 | */ 42 | 43 | #ifndef PROCWATCH_H 44 | #define PROCWATCH_H 45 | 46 | #define PROC_EXE_LEN 32 47 | #define PROC_PATH_LEN 128 48 | #define PROC_HASH_LEN 65 49 | 50 | #define ALL_PROC_SOCKETS 1 51 | #define ACTIVE_PROC_SOCKETS_ONLY 0 52 | 53 | #define HOST_PROC_FLOW_TABLE_LEN 1024 54 | 55 | typedef struct host_flow_ { 56 | flow_key_t key; 57 | unsigned long pid; 58 | unsigned long parent_pid; 59 | unsigned long uptime_seconds; 60 | unsigned int threads; 61 | char *exe_name; 62 | char *full_path; 63 | char *file_version; 64 | char *hash; 65 | } host_flow_t; 66 | 67 | /* 68 | * The function get_host_flow_data() obtains information about the 69 | * processes running on the host that are associated with packet 70 | * flows, and enters this information into flow_records as appropriate 71 | * 72 | * This function should be called occassionally, e.g. once per second. 73 | * On Linux, it reads through several /proc directories, which may 74 | * take a while. On the other hand, if this function is called too 75 | * infrequently, then there may be process information about flows 76 | * that it misses, because of the transient nature of the OS 77 | * structures. 78 | */ 79 | 80 | /** main function for host process to flow mapping */ 81 | int get_host_flow_data(joy_ctx_data *ctx); 82 | int host_flow_table_add_sessions(int); 83 | 84 | #endif /* PROCWATCH_H */ 85 | -------------------------------------------------------------------------------- /src/include/proto_identify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file proto_identify.h 39 | * 40 | * \brief Protocol identification (header) 41 | */ 42 | 43 | #ifndef JOY_PROTO_IDENTIFY_H 44 | #define JOY_PROTO_IDENTIFY_H 45 | 46 | #include 47 | 48 | /* Values indicating direction of the flow */ 49 | #define DIR_UNKNOWN 0 50 | #define DIR_CLIENT 1 51 | #define DIR_SERVER 2 52 | 53 | /** 54 | * \brief Protocol Inference container 55 | */ 56 | struct pi_container { 57 | uint8_t dir; /* Flow direction */ 58 | uint16_t app; /* Application protocol prediction */ 59 | }; 60 | 61 | int proto_identify_init(void); 62 | void proto_identify_cleanup(void); 63 | 64 | const struct pi_container *proto_identify_tcp(const char *tcp_data, 65 | unsigned int len); 66 | 67 | const struct pi_container *proto_identify_udp(const char *udp_data, 68 | unsigned int len); 69 | 70 | #endif /* JOY_PROTO_IDENTIFY_H */ 71 | -------------------------------------------------------------------------------- /src/include/salt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file salt.h 39 | * 40 | * \brief SALT module using the generic programming interface defined 41 | * in feature.h. 42 | * 43 | */ 44 | #ifndef SALT_H 45 | #define SALT_H 46 | 47 | #include 48 | #include "output.h" 49 | #include "feature.h" 50 | 51 | #ifdef WIN32 52 | #include "Ws2tcpip.h" 53 | #endif 54 | 55 | #define MAX_NUM_PKT 200 56 | 57 | /** usage string */ 58 | #define salt_usage " salt=1 include salt feature\n" 59 | 60 | /** salt filter key */ 61 | #define salt_filter(record) 1 62 | 63 | /** salt structure */ 64 | typedef struct salt { 65 | unsigned int np; /* used for tracking ack/seq array */ 66 | unsigned int op; /* used for tracking len/time array */ 67 | unsigned int idx; /* used for tracking array entries */ 68 | unsigned int tcp_ack; /* acknowledgement number */ 69 | unsigned short pkt_len[MAX_NUM_PKT]; /*!< array of packet appdata lengths */ 70 | struct timeval pkt_time[MAX_NUM_PKT]; /*!< array of arrival times */ 71 | unsigned int ack[MAX_NUM_PKT]; 72 | unsigned int seq[MAX_NUM_PKT]; 73 | } salt_t; 74 | 75 | 76 | declare_feature(salt); 77 | 78 | /** initialization function */ 79 | void salt_init(struct salt **salt_handle); 80 | 81 | /** update salt */ 82 | void salt_update(struct salt *salt, 83 | const struct pcap_pkthdr *header, 84 | const void *data, 85 | unsigned int len, 86 | unsigned int report_salt); 87 | 88 | /** JSON print salt */ 89 | void salt_print_json(const struct salt *w1, 90 | const struct salt *w2, 91 | zfile f); 92 | 93 | /** delete salt */ 94 | void salt_delete(struct salt **salt_handle); 95 | 96 | /** salt unit test entry point */ 97 | void salt_unit_test(void); 98 | 99 | #endif /* SALT_H */ 100 | -------------------------------------------------------------------------------- /src/include/str_match.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016-2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | /** 37 | * \file str_match.h 38 | * 39 | * \brief declarations for string matching functions 40 | * 41 | */ 42 | #ifndef STR_MATCH_H 43 | #define STR_MATCH_H 44 | 45 | #include "safe_lib.h" 46 | #include "acsm.h" 47 | #include "err.h" 48 | #define MATCH_ARRAY_LEN 32 49 | 50 | struct matches { 51 | size_t start[MATCH_ARRAY_LEN]; 52 | size_t stop[MATCH_ARRAY_LEN]; 53 | unsigned int count; 54 | }; 55 | 56 | typedef acsm_context_t *str_match_ctx; 57 | 58 | #define str_match_ctx_alloc() acsm_alloc(NO_CASE) 59 | 60 | #define str_match_ctx_free(ctx) acsm_free(ctx) 61 | 62 | typedef joy_status_e (*string_transform)(const char *input, 63 | unsigned int inlen, 64 | char *output, 65 | unsigned int outlen); 66 | 67 | /** find all the matches for a given set of text */ 68 | void str_match_ctx_find_all_longest(const str_match_ctx ctx, 69 | const unsigned char *text, 70 | size_t len, 71 | struct matches *matches); 72 | 73 | /** initialize a string matching context from data in a file */ 74 | int str_match_ctx_init_from_file(str_match_ctx ctx, const char *filename, string_transform transform); 75 | 76 | #endif /* STR_MATCH_H */ 77 | -------------------------------------------------------------------------------- /src/include/updater.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016-2019 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file updater.h 39 | * 40 | * \brief Interface to updater code used keep JOY parameters 41 | * up to date with latest data. 42 | * 43 | */ 44 | 45 | #ifndef UPD_H 46 | #define UPD_H 47 | 48 | #include 49 | #include 50 | #include "safe_lib.h" 51 | #include 52 | #include 53 | #include "radix_trie.h" 54 | 55 | /** Work interval defined for the updater main processing loop */ 56 | #define UPDATER_WORK_INTERVAL (86400) /* (60*60*24) = 86400 mins, 24 hours */ 57 | //#define UPDATER_WORK_INTERVAL (20) /* for testing - 20 second interval */ 58 | 59 | /** URL for the blacklist malware feed - default url us Talos feed */ 60 | #define BLACKLIST_URL "http://www.talosintelligence.com/feeds/ip-filter.blf" 61 | 62 | /** destination file name for the blacklist malware feed */ 63 | #define BLACKLIST_FILE_NAME "blacklist-ip-filter.blf" 64 | 65 | /** Updater return codes */ 66 | typedef enum upd_return_codes_ { 67 | upd_success = 0, 68 | upd_failure = 1 69 | } upd_return_codes_e; 70 | 71 | /** mutex used to ensure the radix_trie isn't being accessed by another thread */ 72 | extern pthread_mutex_t radix_trie_lock; 73 | 74 | /** mutex used to let other threads know the updater is currently doing work */ 75 | extern pthread_mutex_t work_in_process; 76 | 77 | /** Main entry point for the updater thread */ 78 | void *updater_main(void* ptr); 79 | 80 | #endif /* UPD_H */ 81 | -------------------------------------------------------------------------------- /src/include/utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | /* 37 | * utils.h 38 | * 39 | * utilites that can be used by joy feature modules 40 | */ 41 | 42 | #ifndef P2FUTILS 43 | #define P2FUTILS 44 | 45 | #include 46 | #include /* for isprint() */ 47 | #include 48 | #include "parson.h" 49 | 50 | #define JOY_TIMESTAMP_LEN 64 51 | 52 | #define CPU_IS_BIG_ENDIAN (__BYTE_ORDER == __BIG_ENDIAN) 53 | 54 | #if CPU_IS_BIG_ENDIAN 55 | # define ntoh64(x) x 56 | # define hton64(x) x 57 | #else 58 | # ifdef WIN32 59 | # define ntoh64(x) _byteswap_uint64(x) 60 | # define hton64(x) _byteswap_uint64(x) 61 | # else 62 | # define ntoh64(x) __builtin_bswap64(x) 63 | # define hton64(x) __builtin_bswap64(x) 64 | # endif 65 | #endif 66 | 67 | #ifdef WIN32 68 | int gettimeofday(struct timeval *tp, 69 | struct timezone *tzp); 70 | #endif 71 | 72 | unsigned int joy_timer_eq(const struct timeval *a, 73 | const struct timeval *b); 74 | 75 | unsigned int joy_timer_lt(const struct timeval *a, 76 | const struct timeval *b); 77 | 78 | void joy_timer_sub(const struct timeval *a, 79 | const struct timeval *b, 80 | struct timeval *result); 81 | 82 | void joy_timer_clear(struct timeval *a); 83 | 84 | unsigned int joy_timeval_to_milliseconds(struct timeval ts); 85 | 86 | FILE* joy_utils_open_test_file(const char *filename); 87 | 88 | pcap_t* joy_utils_open_test_pcap(const char *filename); 89 | 90 | JSON_Value* joy_utils_open_resource_parson(const char *filename); 91 | 92 | void joy_utils_convert_to_json_string (char *s, unsigned int len); 93 | 94 | void joy_log_timestamp ( char *log_ts); 95 | 96 | typedef enum joy_role_ { 97 | role_unknown = 0, 98 | role_client = 1, 99 | role_server = 2, 100 | role_flow_data = 3 101 | } joy_role_e; 102 | 103 | #endif /* P2FUTILS */ 104 | -------------------------------------------------------------------------------- /src/include/wht.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016-2018 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file wht.h 39 | * 40 | * \brief walsh-hadamard transform interface 41 | * 42 | */ 43 | 44 | #ifndef WHT_H 45 | #define WHT_H 46 | 47 | #ifdef WIN32 48 | #include "win_types.h" 49 | #endif 50 | 51 | #include 52 | #include "output.h" 53 | #include 54 | 55 | /** inclusion string */ 56 | #define wht_usage " wht=1 include walsh-hadamard transform\n" 57 | 58 | /** walsh-hadamard filter key */ 59 | #define wht_filter(record) 1 60 | 61 | /** walsh-hadamard structure */ 62 | typedef struct wht_ { 63 | uint32_t b; /*!< byte count */ 64 | int32_t spectrum[4]; /*!< spectrum */ 65 | } wht_t; 66 | 67 | /** initializes a walsh-hadamard structure */ 68 | void wht_init(wht_t **wht_handle); 69 | 70 | /** updates the contents of walsh-hadamard structure */ 71 | void wht_update(wht_t *wht, 72 | const struct pcap_pkthdr *header, 73 | const void *data, 74 | unsigned int len, 75 | unsigned int report_wht); 76 | 77 | /** prints out the walsh-hadamard structure in JSON format */ 78 | void wht_print_json(const wht_t *w1, const wht_t *w2, zfile f); 79 | 80 | /** clear out the walsh-hadamard structure */ 81 | void wht_delete(wht_t **wht_handle); 82 | 83 | /** unit test entry point */ 84 | void wht_unit_test(void); 85 | 86 | #endif /* WHT_H */ 87 | -------------------------------------------------------------------------------- /src/unit_test.c: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (c) 2016 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | */ 36 | 37 | /** 38 | * \file unit_test.c 39 | * 40 | * \brief unit tests for various functions 41 | */ 42 | 43 | #include 44 | #include "radix_trie.h" 45 | #include "modules.h" 46 | #include "p2f.h" 47 | #include "config.h" 48 | #include "err.h" 49 | #include "safe_lib.h" 50 | #include "joy_api.h" 51 | 52 | /** 53 | * \fn int main () 54 | * \brief main entry point for unit test execution 55 | * \return 0 56 | */ 57 | int main (void) { 58 | int rc = 0; 59 | joy_init_t init_data; 60 | 61 | /* setup the joy options we want */ 62 | memset_s(&init_data, sizeof(joy_init_t), 0x00, sizeof(joy_init_t)); 63 | 64 | /* Set logging to warning level */ 65 | init_data.verbosity = JOY_LOG_WARN; 66 | 67 | /* intialize joy */ 68 | rc = joy_initialize(&init_data, NULL, NULL, NULL); 69 | if (rc != 0) { 70 | printf(" -= Joy Initialized Failed =-\n"); 71 | return -1; 72 | } 73 | 74 | if (radix_trie_unit_test() != 0) { 75 | printf("error: radix_trie test failed\n"); 76 | } else { 77 | printf("radix_trie tests passed\n"); 78 | } 79 | 80 | /* Test p2f.c */ 81 | p2f_unit_test(); 82 | 83 | /* Test all feature modules */ 84 | unit_test_all_features(feature_list); 85 | 86 | /* cleanup */ 87 | joy_context_cleanup(0); 88 | joy_shutdown(); 89 | 90 | return 0; 91 | } 92 | -------------------------------------------------------------------------------- /test/README.md: -------------------------------------------------------------------------------- 1 | # Joy Obsidianbox Testing 2 | 3 | ## Introduction 4 | 5 | Obsidianbox is a custom built python testing framework which is designed to assist in 6 | validation of the Joy software as a whole. In contrast to unit testing, Joy is 7 | treated as a black box and the information that the tests have at their disposal 8 | is the input into Joy and the output that it produces. 9 | 10 | ## Running tests 11 | 12 | The run_tests.py file is used to specify option/value combinations which 13 | control the behavior of individual tests and specify which tests should be 14 | run. To see which options are available, use the following command: 15 | 16 | `./run_tests.py --help` 17 | 18 | By default, the script will attempt to run all of the linked tests. 19 | You can indicate a subset by exclusion: 20 | 21 | `./run_tests.py --tls off` 22 | 23 | The example above is telling the script to exclude both the TLS and IPFIX tests. 24 | You may combine multiple excludes together. 25 | 26 | Additionally, you can limit indicate a subset by inclusion: 27 | 28 | `./run_tests.py --ipfix on` 29 | 30 | In that case, only the tests that are explicitly given an "on" value will run. 31 | You may combine multiple includes together. 32 | 33 | #### Known Answer Tests 34 | 35 | Many of the tests rely upon a set of known correct data that was recorded in the 36 | past, in order to perform known answer tests (KAT) in present time. In this 37 | module's terminology, we call the files that hold that KAT values the 38 | "baseline"; you may have already noticed that keyword in some of the script's 39 | listed options already. 40 | 41 | Essentially, baseline files get generated at some point in time where we are 42 | confident that the output of Joy is correct. This step of creating the baseline 43 | files must be manually done by a human who has verified that the output looks 44 | good. Now suppose that some changes are made to a particular module such as TLS. 45 | Using the same input (pcap, etc.) that was used to generate the baseline files, 46 | the modified module is run through the test and it's output is compared to the 47 | stored baseline JSON data. If any differences exist then an error is thrown to 48 | alert the user that there is a delta. The script will usually log which JSON 49 | object in particular is different, but it is the responsibility of the user to 50 | deduce what is different between the new output and the baseline, and which 51 | set of output is correct. 52 | 53 | -------------------------------------------------------------------------------- /test/mail-lists.csv: -------------------------------------------------------------------------------- 1 | "Email list name","Owner","Members",,, 2 | "Carpool","fred@rogers.com","scooby@mysteryinc.com","velma@dinkey.org","fred@mysteryinc.com", 3 | "Outreach","daphne@mi.com","vdinkey@mysteryinc.com","velma@dinkey.org","fred@mysteryinc.com","shaggy@mi.com" 4 | "Twelve Step Program","shaggy@mi.com","scooby@mysteryinc.com",,, 5 | -------------------------------------------------------------------------------- /test/misc/dummy_cert_rsa2048.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEDTCCAvWgAwIBAgIJANT+LKn+bjkrMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD 3 | VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2Vs 4 | ZXMxFTATBgNVBAoMDEpveSBTb2Z0d2FyZTEVMBMGA1UECwwMVW5pdCBUZXN0aW5n 5 | MRMwEQYDVQQDDApnaXRodWIuY29tMR8wHQYJKoZIhvcNAQkBFhBkdW1teUBicmFp 6 | bnMuY29tMB4XDTE3MDMzMTE4MjgzNVoXDTE4MDMzMTE4MjgzNVowgZwxCzAJBgNV 7 | BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtMb3MgQW5nZWxl 8 | czEVMBMGA1UECgwMSm95IFNvZnR3YXJlMRUwEwYDVQQLDAxVbml0IFRlc3Rpbmcx 9 | EzARBgNVBAMMCmdpdGh1Yi5jb20xHzAdBgkqhkiG9w0BCQEWEGR1bW15QGJyYWlu 10 | cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX7YoYK+hwgrTm 11 | q0uBHsHlNvJR9yVoWGUgzzuDhrcf1GvwaSs/P0HrYu9N+RnNlR3FE/0yrG+o1+Hi 12 | 8Rsuadp0f8T7DqLqwOgrrbubWVjFUCDPW23njK3Q0S1GqvoVhUE5X7x20BDHWubi 13 | oY6GpGyKYHCsIekND4odvuT300euxylvVWQXHxFjUDti+LKb73WBnb0xx6bsrebs 14 | D7C2ixbn11uBQQClpx+SORUreA0roFVHKrh7+Vte6tHoyX/CwLKbZjgYjLb03rfb 15 | eOS844aD7qEm+dI0xKd3J71y7hKnzkLnSU1cKBI5x3YbddZPDXZlD4TFqiClXr5i 16 | +uu24gh5AgMBAAGjUDBOMB0GA1UdDgQWBBTOv9NGxnWrjLLoz7guL0NuyRetujAf 17 | BgNVHSMEGDAWgBTOv9NGxnWrjLLoz7guL0NuyRetujAMBgNVHRMEBTADAQH/MA0G 18 | CSqGSIb3DQEBCwUAA4IBAQC/eULks7o4BpW6jh3bvafR59aS9753BaaSDhd1BbcG 19 | r4DgWivVi09/zhv22waVjYXaJ/G9iEOmhuBRPx3HTunMKTd+V1qRG0+q0GJiyAGN 20 | kkiyGQ6JnyaKNJihLXH+oKhMZLrIQ4Ev2IPWuBS5+PJxMYZdedjkSO7Qr8xmlI1t 21 | qSD5YRN3JYbAsnWwlb6OwGg8wzXkj1vBG5EWLpo6dzYM4B9eP3XJ/jud/CqvIEzw 22 | 4aOsO0IRYWD1gpMGPFNfRFTPfZbA8kThA0OaTsR+Fq9v4kGEVIJzD0gu0wRAgZeC 23 | 80mfbcWPVshFc/Q5iL9u5Dkkr6oTsxsjne6ixMEC7Nbf 24 | -----END CERTIFICATE----- 25 | -------------------------------------------------------------------------------- /test/misc/userid-example.txt: -------------------------------------------------------------------------------- 1 | scooby 2 | shaggy 3 | velma 4 | fred 5 | daphne 6 | rogers 7 | frogers 8 | frogers2 9 | velmad 10 | vdinkey 11 | dinkey 12 | prfx 13 | mddl 14 | sffx 15 | prfxmddl 16 | mddlsffx 17 | prfxmddlsffx 18 | -------------------------------------------------------------------------------- /test/obsidianbox/__init__.py: -------------------------------------------------------------------------------- 1 | from test_general import main_general 2 | from test_tls import main_tls 3 | from test_ipfix import main_ipfix 4 | -------------------------------------------------------------------------------- /test/obsidianbox/baseline_tls/008fa42d-59f9-49ad-a131-f2ba142e4a32_base-tls11.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/obsidianbox/baseline_tls/008fa42d-59f9-49ad-a131-f2ba142e4a32_base-tls11.json.gz -------------------------------------------------------------------------------- /test/obsidianbox/baseline_tls/81112cf5-181d-4a92-a5e3-9963ef643998_base-tls12.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/obsidianbox/baseline_tls/81112cf5-181d-4a92-a5e3-9963ef643998_base-tls12.json.gz -------------------------------------------------------------------------------- /test/obsidianbox/baseline_tls/8a8525eb-0394-4759-a90a-51d02bc023f8_base-tls10.json.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/obsidianbox/baseline_tls/8a8525eb-0394-4759-a90a-51d02bc023f8_base-tls10.json.gz -------------------------------------------------------------------------------- /test/obsidianbox/utils.py: -------------------------------------------------------------------------------- 1 | """ 2 | * 3 | * Copyright (c) 2017 Cisco Systems, Inc. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 13 | * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following 15 | * disclaimer in the documentation and/or other materials provided 16 | * with the distribution. 17 | * 18 | * Neither the name of the Cisco Systems, Inc. nor the names of its 19 | * contributors may be used to endorse or promote products derived 20 | * from this software without specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 27 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 29 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 33 | * OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | """ 36 | 37 | import os 38 | import time 39 | 40 | 41 | def end_process(process): 42 | """ 43 | Takes care of the end-of-life stage of a process. 44 | If the process is still running, end it. 45 | The process EOL return code is collected and passed back. 46 | :param process: A python subprocess object, i.e. subprocess.Popen() 47 | :return: 0 for process success 48 | """ 49 | if process.poll() is None: 50 | # Gracefully terminate the process 51 | process.terminate() 52 | time.sleep(1) 53 | if process.poll() is None: 54 | # Hard kill the process 55 | process.kill() 56 | time.sleep(1) 57 | if process.poll() is None: 58 | # Runaway zombie process 59 | return 1 60 | elif process.poll() != 0: 61 | # Export process ended with bad exit code 62 | return process.poll() 63 | 64 | return 0 65 | 66 | 67 | def ensure_path_exists(path): 68 | try: 69 | os.makedirs(path) 70 | except OSError: 71 | if not os.path.isdir(path): 72 | raise 73 | 74 | 75 | class FileType(object): 76 | def __init__(self, filename): 77 | self.filename = filename 78 | 79 | def is_gz(self): 80 | magic = "\x1f\x8b\x08" 81 | 82 | with open(self.filename) as f: 83 | data = f.read(len(magic)) 84 | 85 | if data.startswith(magic): 86 | return True 87 | 88 | return False 89 | 90 | def is_bz2(self): 91 | magic = "\x42\x5a\x68" 92 | 93 | with open(self.filename) as f: 94 | data = f.read(len(magic)) 95 | 96 | if data.startswith(magic): 97 | return True 98 | 99 | return False 100 | -------------------------------------------------------------------------------- /test/pcaps/dhcp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/dhcp.pcap -------------------------------------------------------------------------------- /test/pcaps/firefox58.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/firefox58.pcap -------------------------------------------------------------------------------- /test/pcaps/ikev1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/ikev1.pcap -------------------------------------------------------------------------------- /test/pcaps/ikev2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/ikev2.pcap -------------------------------------------------------------------------------- /test/pcaps/kali-normal-ssh.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/kali-normal-ssh.pcap -------------------------------------------------------------------------------- /test/pcaps/kali-password-attack_hydra.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/kali-password-attack_hydra.pcap -------------------------------------------------------------------------------- /test/pcaps/openssl102n.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/openssl102n.pcap -------------------------------------------------------------------------------- /test/pcaps/sample.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/sample.pcap -------------------------------------------------------------------------------- /test/pcaps/sample_tls12_handshake_0.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/sample_tls12_handshake_0.pcap -------------------------------------------------------------------------------- /test/pcaps/ssh-dropbear-default.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/ssh-dropbear-default.pcap -------------------------------------------------------------------------------- /test/pcaps/ssh-gex-sha256.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/ssh-gex-sha256.pcap -------------------------------------------------------------------------------- /test/pcaps/tls10.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/tls10.pcap -------------------------------------------------------------------------------- /test/pcaps/tls11.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/tls11.pcap -------------------------------------------------------------------------------- /test/pcaps/tls12.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/test/pcaps/tls12.pcap -------------------------------------------------------------------------------- /win-joy/JoyMsi/JoyMsi.wixproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Debug 5 | x86 6 | 3.10 7 | 20a98d48-833e-418a-a772-85a7cd00f13d 8 | 2.0 9 | JoyMsi 10 | Package 11 | 12 | 13 | bin\$(Configuration)\ 14 | obj\$(Configuration)\ 15 | Debug 16 | 17 | 18 | bin\$(Configuration)\ 19 | obj\$(Configuration)\ 20 | 21 | 22 | bin\$(Platform)\$(Configuration)\ 23 | obj\$(Platform)\$(Configuration)\ 24 | Debug 25 | 26 | 27 | bin\$(Platform)\$(Configuration)\ 28 | obj\$(Platform)\$(Configuration)\ 29 | -ext WixUIExtension 30 | 31 | 32 | 33 | 34 | 35 | 36 | win-joy 37 | {095107c6-8ce5-4206-8b53-b917d6ee1fcd} 38 | True 39 | True 40 | Binaries;Content;Satellites 41 | INSTALLFOLDER 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 57 | -------------------------------------------------------------------------------- /win-joy/JoyMsi/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/win-joy/JoyMsi/icon.ico -------------------------------------------------------------------------------- /win-joy/schedule-task.ps1: -------------------------------------------------------------------------------- 1 | Param( 2 | [switch] $Start, 3 | [switch] $Unregister 4 | ) 5 | 6 | if($Unregister) { 7 | # Remove the scheduled task, and then exit script 8 | Unregister-ScheduledTask -TaskName "JoyTask" -Confirm:$false 9 | break 10 | } 11 | 12 | # 32 or 64 bit? 13 | if ([System.IntPtr]::Size -eq 4) { 14 | $progfiles = ${env:ProgramFiles(x86)} 15 | } else { 16 | $progfiles = $env:ProgramFiles 17 | } 18 | 19 | $username = $env:USERNAME 20 | 21 | $action = New-ScheduledTaskAction -Execute "$progfiles\Joy\win-joy.exe" -Argument "-x win-options.cfg" 22 | 23 | $trigger = New-ScheduledTaskTrigger -AtLogOn -User $username 24 | 25 | $principal = New-ScheduledTaskPrincipal -UserId $username -LogonType Interactive 26 | 27 | $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries 28 | 29 | Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Settings $settings ` 30 | -TaskName "JoyTask" -Description "Advanced network flow monitoring" 31 | 32 | if($Start) { 33 | Start-ScheduledTask -TaskName "JoyTask" 34 | } 35 | -------------------------------------------------------------------------------- /win-joy/win-joy.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.24720.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win-joy", "win-joy\win-joy.vcxproj", "{095107C6-8CE5-4206-8B53-B917D6EE1FCD}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unit-test", "unit-test\unit-test.vcxproj", "{FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}" 9 | EndProject 10 | Project("{930C7802-8A8C-48F9-8165-68863BCCD9DD}") = "JoyMsi", "JoyMsi\JoyMsi.wixproj", "{20A98D48-833E-418A-A772-85A7CD00F13D}" 11 | EndProject 12 | Global 13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 14 | Debug|x64 = Debug|x64 15 | Debug|x86 = Debug|x86 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Debug|x64.ActiveCfg = Debug|x64 21 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Debug|x64.Build.0 = Debug|x64 22 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Debug|x86.ActiveCfg = Debug|Win32 23 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Debug|x86.Build.0 = Debug|Win32 24 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Release|x64.ActiveCfg = Release|x64 25 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Release|x64.Build.0 = Release|x64 26 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Release|x86.ActiveCfg = Release|Win32 27 | {095107C6-8CE5-4206-8B53-B917D6EE1FCD}.Release|x86.Build.0 = Release|Win32 28 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Debug|x64.ActiveCfg = Debug|x64 29 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Debug|x64.Build.0 = Debug|x64 30 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Debug|x86.ActiveCfg = Debug|Win32 31 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Debug|x86.Build.0 = Debug|Win32 32 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Release|x64.ActiveCfg = Release|x64 33 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Release|x64.Build.0 = Release|x64 34 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Release|x86.ActiveCfg = Release|Win32 35 | {FA0A762A-5948-4039-9E0F-3D62ED4F1DE8}.Release|x86.Build.0 = Release|Win32 36 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Debug|x64.ActiveCfg = Debug|x64 37 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Debug|x86.ActiveCfg = Debug|x86 38 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Debug|x86.Build.0 = Debug|x86 39 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Release|x64.ActiveCfg = Release|x64 40 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Release|x64.Build.0 = Release|x64 41 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Release|x86.ActiveCfg = Release|x86 42 | {20A98D48-833E-418A-A772-85A7CD00F13D}.Release|x86.Build.0 = Release|x86 43 | EndGlobalSection 44 | GlobalSection(SolutionProperties) = preSolution 45 | HideSolutionNode = FALSE 46 | EndGlobalSection 47 | EndGlobal 48 | -------------------------------------------------------------------------------- /windows/64/DLL/getopt.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/getopt.dll -------------------------------------------------------------------------------- /windows/64/DLL/libcurl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/libcurl.dll -------------------------------------------------------------------------------- /windows/64/DLL/libeay32.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/libeay32.dll -------------------------------------------------------------------------------- /windows/64/DLL/msvcr100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/msvcr100.dll -------------------------------------------------------------------------------- /windows/64/DLL/msvcr120.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/msvcr120.dll -------------------------------------------------------------------------------- /windows/64/DLL/pthreadVC2.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/pthreadVC2.dll -------------------------------------------------------------------------------- /windows/64/DLL/ssleay32.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/ssleay32.dll -------------------------------------------------------------------------------- /windows/64/DLL/vcruntime140.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/DLL/vcruntime140.dll -------------------------------------------------------------------------------- /windows/64/Packet.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/Packet.lib -------------------------------------------------------------------------------- /windows/64/getopt.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/getopt.lib -------------------------------------------------------------------------------- /windows/64/libbz2.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/libbz2.lib -------------------------------------------------------------------------------- /windows/64/libcurl.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/libcurl.lib -------------------------------------------------------------------------------- /windows/64/libeay32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/libeay32.lib -------------------------------------------------------------------------------- /windows/64/pthread.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/pthread.lib -------------------------------------------------------------------------------- /windows/64/ssleay32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/ssleay32.lib -------------------------------------------------------------------------------- /windows/64/wpcap.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/wpcap.lib -------------------------------------------------------------------------------- /windows/64/zlib.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisco/joy/21770513e27ad10cde7c1ab7c1e6f024c8668119/windows/64/zlib.lib -------------------------------------------------------------------------------- /windows/include/curl/curlver.h: -------------------------------------------------------------------------------- 1 | #ifndef __CURL_CURLVER_H 2 | #define __CURL_CURLVER_H 3 | /*************************************************************************** 4 | * _ _ ____ _ 5 | * Project ___| | | | _ \| | 6 | * / __| | | | |_) | | 7 | * | (__| |_| | _ <| |___ 8 | * \___|\___/|_| \_\_____| 9 | * 10 | * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. 11 | * 12 | * This software is licensed as described in the file COPYING, which 13 | * you should have received as part of this distribution. The terms 14 | * are also available at https://curl.haxx.se/docs/copyright.html. 15 | * 16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 | * copies of the Software, and permit persons to whom the Software is 18 | * furnished to do so, under the terms of the COPYING file. 19 | * 20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 | * KIND, either express or implied. 22 | * 23 | ***************************************************************************/ 24 | 25 | /* This header file contains nothing but libcurl version info, generated by 26 | a script at release-time. This was made its own header file in 7.11.2 */ 27 | 28 | /* This is the global package copyright */ 29 | #define LIBCURL_COPYRIGHT "1996 - 2017 Daniel Stenberg, ." 30 | 31 | /* This is the version number of the libcurl package from which this header 32 | file origins: */ 33 | #define LIBCURL_VERSION "7.54.0" 34 | 35 | /* The numeric version number is also available "in parts" by using these 36 | defines: */ 37 | #define LIBCURL_VERSION_MAJOR 7 38 | #define LIBCURL_VERSION_MINOR 54 39 | #define LIBCURL_VERSION_PATCH 0 40 | 41 | /* This is the numeric version of the libcurl version number, meant for easier 42 | parsing and comparions by programs. The LIBCURL_VERSION_NUM define will 43 | always follow this syntax: 44 | 45 | 0xXXYYZZ 46 | 47 | Where XX, YY and ZZ are the main version, release and patch numbers in 48 | hexadecimal (using 8 bits each). All three numbers are always represented 49 | using two digits. 1.2 would appear as "0x010200" while version 9.11.7 50 | appears as "0x090b07". 51 | 52 | This 6-digit (24 bits) hexadecimal number does not show pre-release number, 53 | and it is always a greater number in a more recent release. It makes 54 | comparisons with greater than and less than work. 55 | 56 | Note: This define is the full hex number and _does not_ use the 57 | CURL_VERSION_BITS() macro since curl's own configure script greps for it 58 | and needs it to contain the full number. 59 | */ 60 | #define LIBCURL_VERSION_NUM 0x073600 61 | 62 | /* 63 | * This is the date and time when the full source package was created. The 64 | * timestamp is not stored in git, as the timestamp is properly set in the 65 | * tarballs by the maketgz script. 66 | * 67 | * The format of the date should follow this template: 68 | * 69 | * "Mon Feb 12 11:35:33 UTC 2007" 70 | */ 71 | #define LIBCURL_TIMESTAMP "Wed Apr 19 05:43:55 UTC 2017" 72 | 73 | #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) 74 | #define CURL_AT_LEAST_VERSION(x,y,z) \ 75 | (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z)) 76 | 77 | #endif /* __CURL_CURLVER_H */ 78 | -------------------------------------------------------------------------------- /windows/include/curl/mprintf.h: -------------------------------------------------------------------------------- 1 | #ifndef __CURL_MPRINTF_H 2 | #define __CURL_MPRINTF_H 3 | /*************************************************************************** 4 | * _ _ ____ _ 5 | * Project ___| | | | _ \| | 6 | * / __| | | | |_) | | 7 | * | (__| |_| | _ <| |___ 8 | * \___|\___/|_| \_\_____| 9 | * 10 | * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. 11 | * 12 | * This software is licensed as described in the file COPYING, which 13 | * you should have received as part of this distribution. The terms 14 | * are also available at https://curl.haxx.se/docs/copyright.html. 15 | * 16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 | * copies of the Software, and permit persons to whom the Software is 18 | * furnished to do so, under the terms of the COPYING file. 19 | * 20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 | * KIND, either express or implied. 22 | * 23 | ***************************************************************************/ 24 | 25 | #include 26 | #include /* needed for FILE */ 27 | #include "curl.h" /* for CURL_EXTERN */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | CURL_EXTERN int curl_mprintf(const char *format, ...); 34 | CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...); 35 | CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...); 36 | CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, 37 | const char *format, ...); 38 | CURL_EXTERN int curl_mvprintf(const char *format, va_list args); 39 | CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args); 40 | CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args); 41 | CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength, 42 | const char *format, va_list args); 43 | CURL_EXTERN char *curl_maprintf(const char *format, ...); 44 | CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args); 45 | 46 | #ifdef __cplusplus 47 | } 48 | #endif 49 | 50 | #endif /* __CURL_MPRINTF_H */ 51 | -------------------------------------------------------------------------------- /windows/include/curl/stdcheaders.h: -------------------------------------------------------------------------------- 1 | #ifndef __STDC_HEADERS_H 2 | #define __STDC_HEADERS_H 3 | /*************************************************************************** 4 | * _ _ ____ _ 5 | * Project ___| | | | _ \| | 6 | * / __| | | | |_) | | 7 | * | (__| |_| | _ <| |___ 8 | * \___|\___/|_| \_\_____| 9 | * 10 | * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. 11 | * 12 | * This software is licensed as described in the file COPYING, which 13 | * you should have received as part of this distribution. The terms 14 | * are also available at https://curl.haxx.se/docs/copyright.html. 15 | * 16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 | * copies of the Software, and permit persons to whom the Software is 18 | * furnished to do so, under the terms of the COPYING file. 19 | * 20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 | * KIND, either express or implied. 22 | * 23 | ***************************************************************************/ 24 | 25 | #include 26 | 27 | size_t fread(void *, size_t, size_t, FILE *); 28 | size_t fwrite(const void *, size_t, size_t, FILE *); 29 | 30 | int strcasecmp(const char *, const char *); 31 | int strncasecmp(const char *, const char *, size_t); 32 | 33 | #endif /* __STDC_HEADERS_H */ 34 | -------------------------------------------------------------------------------- /windows/include/openssl/cmac.h: -------------------------------------------------------------------------------- 1 | /* crypto/cmac/cmac.h */ 2 | /* 3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 4 | * project. 5 | */ 6 | /* ==================================================================== 7 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 21 | * 3. All advertising materials mentioning features or use of this 22 | * software must display the following acknowledgment: 23 | * "This product includes software developed by the OpenSSL Project 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 | * 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 | * endorse or promote products derived from this software without 28 | * prior written permission. For written permission, please contact 29 | * licensing@OpenSSL.org. 30 | * 31 | * 5. Products derived from this software may not be called "OpenSSL" 32 | * nor may "OpenSSL" appear in their names without prior written 33 | * permission of the OpenSSL Project. 34 | * 35 | * 6. Redistributions of any form whatsoever must retain the following 36 | * acknowledgment: 37 | * "This product includes software developed by the OpenSSL Project 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 | * 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. 52 | * ==================================================================== 53 | */ 54 | 55 | #ifndef HEADER_CMAC_H 56 | # define HEADER_CMAC_H 57 | 58 | #ifdef __cplusplus 59 | extern "C" { 60 | #endif 61 | 62 | # include 63 | 64 | /* Opaque */ 65 | typedef struct CMAC_CTX_st CMAC_CTX; 66 | 67 | CMAC_CTX *CMAC_CTX_new(void); 68 | void CMAC_CTX_cleanup(CMAC_CTX *ctx); 69 | void CMAC_CTX_free(CMAC_CTX *ctx); 70 | EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); 71 | int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); 72 | 73 | int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 74 | const EVP_CIPHER *cipher, ENGINE *impl); 75 | int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); 76 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); 77 | int CMAC_resume(CMAC_CTX *ctx); 78 | 79 | #ifdef __cplusplus 80 | } 81 | #endif 82 | #endif 83 | -------------------------------------------------------------------------------- /windows/include/openssl/comp.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef HEADER_COMP_H 3 | # define HEADER_COMP_H 4 | 5 | # include 6 | 7 | # ifdef OPENSSL_NO_COMP 8 | # error COMP is disabled. 9 | # endif 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | typedef struct comp_ctx_st COMP_CTX; 16 | 17 | struct comp_method_st { 18 | int type; /* NID for compression library */ 19 | const char *name; /* A text string to identify the library */ 20 | int (*init) (COMP_CTX *ctx); 21 | void (*finish) (COMP_CTX *ctx); 22 | int (*compress) (COMP_CTX *ctx, 23 | unsigned char *out, unsigned int olen, 24 | unsigned char *in, unsigned int ilen); 25 | int (*expand) (COMP_CTX *ctx, 26 | unsigned char *out, unsigned int olen, 27 | unsigned char *in, unsigned int ilen); 28 | /* 29 | * The following two do NOTHING, but are kept for backward compatibility 30 | */ 31 | long (*ctrl) (void); 32 | long (*callback_ctrl) (void); 33 | }; 34 | 35 | struct comp_ctx_st { 36 | COMP_METHOD *meth; 37 | unsigned long compress_in; 38 | unsigned long compress_out; 39 | unsigned long expand_in; 40 | unsigned long expand_out; 41 | CRYPTO_EX_DATA ex_data; 42 | }; 43 | 44 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); 45 | void COMP_CTX_free(COMP_CTX *ctx); 46 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, 47 | unsigned char *in, int ilen); 48 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, 49 | unsigned char *in, int ilen); 50 | COMP_METHOD *COMP_rle(void); 51 | COMP_METHOD *COMP_zlib(void); 52 | void COMP_zlib_cleanup(void); 53 | 54 | # ifdef HEADER_BIO_H 55 | # ifdef ZLIB 56 | BIO_METHOD *BIO_f_zlib(void); 57 | # endif 58 | # endif 59 | 60 | /* BEGIN ERROR CODES */ 61 | /* 62 | * The following lines are auto generated by the script mkerr.pl. Any changes 63 | * made after this point may be overwritten when the script is next run. 64 | */ 65 | void ERR_load_COMP_strings(void); 66 | 67 | /* Error codes for the COMP functions. */ 68 | 69 | /* Function codes. */ 70 | # define COMP_F_BIO_ZLIB_FLUSH 99 71 | # define COMP_F_BIO_ZLIB_NEW 100 72 | # define COMP_F_BIO_ZLIB_READ 101 73 | # define COMP_F_BIO_ZLIB_WRITE 102 74 | 75 | /* Reason codes. */ 76 | # define COMP_R_ZLIB_DEFLATE_ERROR 99 77 | # define COMP_R_ZLIB_INFLATE_ERROR 100 78 | # define COMP_R_ZLIB_NOT_SUPPORTED 101 79 | 80 | #ifdef __cplusplus 81 | } 82 | #endif 83 | #endif 84 | -------------------------------------------------------------------------------- /windows/include/openssl/ebcdic.h: -------------------------------------------------------------------------------- 1 | /* crypto/ebcdic.h */ 2 | 3 | #ifndef HEADER_EBCDIC_H 4 | # define HEADER_EBCDIC_H 5 | 6 | # include 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | /* Avoid name clashes with other applications */ 13 | # define os_toascii _openssl_os_toascii 14 | # define os_toebcdic _openssl_os_toebcdic 15 | # define ebcdic2ascii _openssl_ebcdic2ascii 16 | # define ascii2ebcdic _openssl_ascii2ebcdic 17 | 18 | extern const unsigned char os_toascii[256]; 19 | extern const unsigned char os_toebcdic[256]; 20 | void *ebcdic2ascii(void *dest, const void *srce, size_t count); 21 | void *ascii2ebcdic(void *dest, const void *srce, size_t count); 22 | 23 | #ifdef __cplusplus 24 | } 25 | #endif 26 | #endif 27 | -------------------------------------------------------------------------------- /windows/include/openssl/pem2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in 13 | * the documentation and/or other materials provided with the 14 | * distribution. 15 | * 16 | * 3. All advertising materials mentioning features or use of this 17 | * software must display the following acknowledgment: 18 | * "This product includes software developed by the OpenSSL Project 19 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 20 | * 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22 | * endorse or promote products derived from this software without 23 | * prior written permission. For written permission, please contact 24 | * licensing@OpenSSL.org. 25 | * 26 | * 5. Products derived from this software may not be called "OpenSSL" 27 | * nor may "OpenSSL" appear in their names without prior written 28 | * permission of the OpenSSL Project. 29 | * 30 | * 6. Redistributions of any form whatsoever must retain the following 31 | * acknowledgment: 32 | * "This product includes software developed by the OpenSSL Project 33 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 34 | * 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. 47 | * ==================================================================== 48 | * 49 | * This product includes cryptographic software written by Eric Young 50 | * (eay@cryptsoft.com). This product includes software written by Tim 51 | * Hudson (tjh@cryptsoft.com). 52 | * 53 | */ 54 | 55 | /* 56 | * This header only exists to break a circular dependency between pem and err 57 | * Ben 30 Jan 1999. 58 | */ 59 | 60 | #ifdef __cplusplus 61 | extern "C" { 62 | #endif 63 | 64 | #ifndef HEADER_PEM_H 65 | void ERR_load_PEM_strings(void); 66 | #endif 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif 71 | -------------------------------------------------------------------------------- /windows/include/openssl/whrlpool.h: -------------------------------------------------------------------------------- 1 | #ifndef HEADER_WHRLPOOL_H 2 | # define HEADER_WHRLPOOL_H 3 | 4 | # include 5 | # include 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | # define WHIRLPOOL_DIGEST_LENGTH (512/8) 12 | # define WHIRLPOOL_BBLOCK 512 13 | # define WHIRLPOOL_COUNTER (256/8) 14 | 15 | typedef struct { 16 | union { 17 | unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; 18 | /* double q is here to ensure 64-bit alignment */ 19 | double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; 20 | } H; 21 | unsigned char data[WHIRLPOOL_BBLOCK / 8]; 22 | unsigned int bitoff; 23 | size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; 24 | } WHIRLPOOL_CTX; 25 | 26 | # ifndef OPENSSL_NO_WHIRLPOOL 27 | # ifdef OPENSSL_FIPS 28 | int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); 29 | # endif 30 | int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); 31 | int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); 32 | void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); 33 | int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); 34 | unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); 35 | # endif 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /windows/include/pcap-bpf.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * This code is derived from the Stanford/CMU enet packet filter, 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 | * Berkeley Laboratory. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 2. Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in the 17 | * documentation and/or other materials provided with the distribution. 18 | * 3. All advertising materials mentioning features or use of this software 19 | * must display the following acknowledgement: 20 | * This product includes software developed by the University of 21 | * California, Berkeley and its contributors. 22 | * 4. Neither the name of the University nor the names of its contributors 23 | * may be used to endorse or promote products derived from this software 24 | * without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 | * SUCH DAMAGE. 37 | * 38 | * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.50 2007/04/01 21:43:55 guy Exp $ (LBL) 39 | */ 40 | 41 | /* 42 | * For backwards compatibility. 43 | * 44 | * Note to OS vendors: do NOT get rid of this file! Some applications 45 | * might expect to be able to include . 46 | */ 47 | #include 48 | -------------------------------------------------------------------------------- /windows/include/pcap-namedb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1994, 1996 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.13 2006/10/04 18:13:32 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Some applications 40 | * might expect to be able to include . 41 | */ 42 | #include 43 | -------------------------------------------------------------------------------- /windows/include/pcap-stdinc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 3 | * Copyright (c) 2005 - 2009 CACE Technologies, Inc. Davis (California) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | * 31 | * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.10.2.1 2008-10-06 15:38:39 gianluca Exp $ (LBL) 32 | */ 33 | 34 | #define SIZEOF_CHAR 1 35 | #define SIZEOF_SHORT 2 36 | #define SIZEOF_INT 4 37 | #ifndef _MSC_EXTENSIONS 38 | #define SIZEOF_LONG_LONG 8 39 | #endif 40 | 41 | /* 42 | * Avoids a compiler warning in case this was already defined 43 | * (someone defined _WINSOCKAPI_ when including 'windows.h', in order 44 | * to prevent it from including 'winsock.h') 45 | */ 46 | #ifdef _WINSOCKAPI_ 47 | #undef _WINSOCKAPI_ 48 | #endif 49 | #include 50 | 51 | #include 52 | 53 | #include "bittypes.h" 54 | #include 55 | #include 56 | 57 | #ifndef __MINGW32__ 58 | #include "IP6_misc.h" 59 | #endif 60 | 61 | #define caddr_t char* 62 | 63 | #if _MSC_VER < 1500 64 | #define snprintf _snprintf 65 | #define vsnprintf _vsnprintf 66 | #define strdup _strdup 67 | #endif 68 | 69 | #define inline __inline 70 | 71 | #ifdef __MINGW32__ 72 | #include 73 | #else /*__MINGW32__*/ 74 | /* MSVC compiler */ 75 | #ifndef _UINTPTR_T_DEFINED 76 | #ifdef _WIN64 77 | typedef unsigned __int64 uintptr_t; 78 | #else 79 | typedef _W64 unsigned int uintptr_t; 80 | #endif 81 | #define _UINTPTR_T_DEFINED 82 | #endif 83 | 84 | #ifndef _INTPTR_T_DEFINED 85 | #ifdef _WIN64 86 | typedef __int64 intptr_t; 87 | #else 88 | typedef _W64 int intptr_t; 89 | #endif 90 | #define _INTPTR_T_DEFINED 91 | #endif 92 | 93 | #endif /*__MINGW32__*/ 94 | -------------------------------------------------------------------------------- /windows/include/pcap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.59 2006/10/04 18:09:22 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Many applications 40 | * expect to be able to include , and at least some of them 41 | * go through contortions in their configure scripts to try to detect 42 | * OSes that have "helpfully" moved pcap.h to without 43 | * leaving behind a file. 44 | */ 45 | #include 46 | -------------------------------------------------------------------------------- /windows/include/pcap/bluetooth.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Paolo Abeni (Italy) 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. The name of the author may not be used to endorse or promote 15 | * products derived from this software without specific prior written 16 | * permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | * bluetooth data struct 31 | * By Paolo Abeni 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/bluetooth.h,v 1.1 2007/09/22 02:10:17 guy Exp $ 34 | */ 35 | 36 | #ifndef _PCAP_BLUETOOTH_STRUCTS_H__ 37 | #define _PCAP_BLUETOOTH_STRUCTS_H__ 38 | 39 | /* 40 | * Header prepended libpcap to each bluetooth h:4 frame. 41 | * fields are in network byte order 42 | */ 43 | typedef struct _pcap_bluetooth_h4_header { 44 | u_int32_t direction; /* if first bit is set direction is incoming */ 45 | } pcap_bluetooth_h4_header; 46 | 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /windows/include/pcap/namedb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1994, 1996 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/namedb.h,v 1.1 2006/10/04 18:09:22 guy Exp $ (LBL) 34 | */ 35 | 36 | #ifndef lib_pcap_namedb_h 37 | #define lib_pcap_namedb_h 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /* 44 | * As returned by the pcap_next_etherent() 45 | * XXX this stuff doesn't belong in this interface, but this 46 | * library already must do name to address translation, so 47 | * on systems that don't have support for /etc/ethers, we 48 | * export these hooks since they'll 49 | */ 50 | struct pcap_etherent { 51 | u_char addr[6]; 52 | char name[122]; 53 | }; 54 | #ifndef PCAP_ETHERS_FILE 55 | #define PCAP_ETHERS_FILE "/etc/ethers" 56 | #endif 57 | struct pcap_etherent *pcap_next_etherent(FILE *); 58 | u_char *pcap_ether_hostton(const char*); 59 | u_char *pcap_ether_aton(const char *); 60 | 61 | bpf_u_int32 **pcap_nametoaddr(const char *); 62 | #ifdef INET6 63 | struct addrinfo *pcap_nametoaddrinfo(const char *); 64 | #endif 65 | bpf_u_int32 pcap_nametonetaddr(const char *); 66 | 67 | int pcap_nametoport(const char *, int *, int *); 68 | int pcap_nametoportrange(const char *, int *, int *, int *); 69 | int pcap_nametoproto(const char *); 70 | int pcap_nametoeproto(const char *); 71 | int pcap_nametollc(const char *); 72 | /* 73 | * If a protocol is unknown, PROTO_UNDEF is returned. 74 | * Also, pcap_nametoport() returns the protocol along with the port number. 75 | * If there are ambiguous entried in /etc/services (i.e. domain 76 | * can be either tcp or udp) PROTO_UNDEF is returned. 77 | */ 78 | #define PROTO_UNDEF -1 79 | 80 | /* XXX move these to pcap-int.h? */ 81 | int __pcap_atodn(const char *, bpf_u_int32 *); 82 | int __pcap_atoin(const char *, bpf_u_int32 *); 83 | u_short __pcap_nametodnaddr(const char *); 84 | 85 | #ifdef __cplusplus 86 | } 87 | #endif 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /windows/include/pcap/pcap-bpf.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * This code is derived from the Stanford/CMU enet packet filter, 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 | * Berkeley Laboratory. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 2. Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in the 17 | * documentation and/or other materials provided with the distribution. 18 | * 3. All advertising materials mentioning features or use of this software 19 | * must display the following acknowledgement: 20 | * This product includes software developed by the University of 21 | * California, Berkeley and its contributors. 22 | * 4. Neither the name of the University nor the names of its contributors 23 | * may be used to endorse or promote products derived from this software 24 | * without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 | * SUCH DAMAGE. 37 | * 38 | * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.50 2007/04/01 21:43:55 guy Exp $ (LBL) 39 | */ 40 | 41 | /* 42 | * For backwards compatibility. 43 | * 44 | * Note to OS vendors: do NOT get rid of this file! Some applications 45 | * might expect to be able to include . 46 | */ 47 | #include 48 | -------------------------------------------------------------------------------- /windows/include/pcap/pcap-namedb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1994, 1996 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.13 2006/10/04 18:13:32 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Some applications 40 | * might expect to be able to include . 41 | */ 42 | #include 43 | -------------------------------------------------------------------------------- /windows/include/pcap/pcap-stdinc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 3 | * Copyright (c) 2005 - 2009 CACE Technologies, Inc. Davis (California) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | * 31 | * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.10.2.1 2008-10-06 15:38:39 gianluca Exp $ (LBL) 32 | */ 33 | 34 | #define SIZEOF_CHAR 1 35 | #define SIZEOF_SHORT 2 36 | #define SIZEOF_INT 4 37 | #ifndef _MSC_EXTENSIONS 38 | #define SIZEOF_LONG_LONG 8 39 | #endif 40 | 41 | /* 42 | * Avoids a compiler warning in case this was already defined 43 | * (someone defined _WINSOCKAPI_ when including 'windows.h', in order 44 | * to prevent it from including 'winsock.h') 45 | */ 46 | #ifdef _WINSOCKAPI_ 47 | #undef _WINSOCKAPI_ 48 | #endif 49 | #include 50 | 51 | #include 52 | 53 | #include "bittypes.h" 54 | #include 55 | #include 56 | 57 | #ifndef __MINGW32__ 58 | #include "IP6_misc.h" 59 | #endif 60 | 61 | #define caddr_t char* 62 | 63 | #if _MSC_VER < 1500 64 | #define snprintf _snprintf 65 | #define vsnprintf _vsnprintf 66 | #define strdup _strdup 67 | #endif 68 | 69 | #define inline __inline 70 | 71 | #ifdef __MINGW32__ 72 | #include 73 | #else /*__MINGW32__*/ 74 | /* MSVC compiler */ 75 | #ifndef _UINTPTR_T_DEFINED 76 | #ifdef _WIN64 77 | typedef unsigned __int64 uintptr_t; 78 | #else 79 | typedef _W64 unsigned int uintptr_t; 80 | #endif 81 | #define _UINTPTR_T_DEFINED 82 | #endif 83 | 84 | #ifndef _INTPTR_T_DEFINED 85 | #ifdef _WIN64 86 | typedef __int64 intptr_t; 87 | #else 88 | typedef _W64 int intptr_t; 89 | #endif 90 | #define _INTPTR_T_DEFINED 91 | #endif 92 | 93 | #endif /*__MINGW32__*/ 94 | -------------------------------------------------------------------------------- /windows/include/pcap/usb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Paolo Abeni (Italy) 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. The name of the author may not be used to endorse or promote 15 | * products derived from this software without specific prior written 16 | * permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | * Basic USB data struct 31 | * By Paolo Abeni 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/usb.h,v 1.6 2007/09/22 02:06:08 guy Exp $ 34 | */ 35 | 36 | #ifndef _PCAP_USB_STRUCTS_H__ 37 | #define _PCAP_USB_STRUCTS_H__ 38 | 39 | /* 40 | * possible transfer mode 41 | */ 42 | #define URB_TRANSFER_IN 0x80 43 | #define URB_ISOCHRONOUS 0x0 44 | #define URB_INTERRUPT 0x1 45 | #define URB_CONTROL 0x2 46 | #define URB_BULK 0x3 47 | 48 | /* 49 | * possible event type 50 | */ 51 | #define URB_SUBMIT 'S' 52 | #define URB_COMPLETE 'C' 53 | #define URB_ERROR 'E' 54 | 55 | /* 56 | * USB setup header as defined in USB specification. 57 | * Appears at the front of each packet in DLT_USB captures. 58 | */ 59 | typedef struct _usb_setup { 60 | u_int8_t bmRequestType; 61 | u_int8_t bRequest; 62 | u_int16_t wValue; 63 | u_int16_t wIndex; 64 | u_int16_t wLength; 65 | } pcap_usb_setup; 66 | 67 | 68 | /* 69 | * Header prepended by linux kernel to each event. 70 | * Appears at the front of each packet in DLT_USB_LINUX captures. 71 | */ 72 | typedef struct _usb_header { 73 | u_int64_t id; 74 | u_int8_t event_type; 75 | u_int8_t transfer_type; 76 | u_int8_t endpoint_number; 77 | u_int8_t device_address; 78 | u_int16_t bus_id; 79 | char setup_flag;/*if !=0 the urb setup header is not present*/ 80 | char data_flag; /*if !=0 no urb data is present*/ 81 | int64_t ts_sec; 82 | int32_t ts_usec; 83 | int32_t status; 84 | u_int32_t urb_len; 85 | u_int32_t data_len; /* amount of urb data really present in this event*/ 86 | pcap_usb_setup setup; 87 | } pcap_usb_header; 88 | 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /windows/include/pcap/vlan.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the University of 16 | * California, Berkeley and its contributors. 17 | * 4. Neither the name of the University nor the names of its contributors 18 | * may be used to endorse or promote products derived from this software 19 | * without specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/vlan.h,v 1.1.2.2 2008-08-06 07:45:59 guy Exp $ 34 | */ 35 | 36 | #ifndef lib_pcap_vlan_h 37 | #define lib_pcap_vlan_h 38 | 39 | struct vlan_tag { 40 | u_int16_t vlan_tpid; /* ETH_P_8021Q */ 41 | u_int16_t vlan_tci; /* VLAN TCI */ 42 | }; 43 | 44 | #define VLAN_TAG_LEN 4 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /windows/include/unistd.h: -------------------------------------------------------------------------------- 1 | #ifndef _UNISTD_H 2 | #define _UNISTD_H 1 3 | 4 | /* This file intended to serve as a drop-in replacement for 5 | * unistd.h on Windows 6 | * Please add functionality as neeeded 7 | */ 8 | 9 | #include 10 | #include 11 | #include /* getopt at: https://gist.github.com/ashelly/7776712 */ 12 | #include /* for getpid() and the exec..() family */ 13 | #include /* for _getcwd() and _chdir() */ 14 | 15 | #define srandom srand 16 | #define random rand 17 | 18 | /* Values for the second argument to access. 19 | These may be OR'd together. */ 20 | #define R_OK 4 /* Test for read permission. */ 21 | #define W_OK 2 /* Test for write permission. */ 22 | //#define X_OK 1 /* execute permission - unsupported in windows*/ 23 | #define F_OK 0 /* Test for existence. */ 24 | 25 | #define access _access 26 | #define dup2 _dup2 27 | #define execve _execve 28 | #define ftruncate _chsize 29 | #define unlink _unlink 30 | #define fileno _fileno 31 | #define getcwd _getcwd 32 | #define chdir _chdir 33 | #define isatty _isatty 34 | #define lseek _lseek 35 | /* read, write, and close are NOT being #defined here, because while there are file handle specific versions for Windows, they probably don't work for sockets. You need to look at your app and consider whether to call e.g. closesocket(). */ 36 | 37 | #define ssize_t int 38 | 39 | #define STDIN_FILENO 0 40 | #define STDOUT_FILENO 1 41 | #define STDERR_FILENO 2 42 | /* should be in some equivalent to */ 43 | typedef __int8 int8_t; 44 | typedef __int16 int16_t; 45 | typedef __int32 int32_t; 46 | typedef __int64 int64_t; 47 | typedef unsigned __int8 uint8_t; 48 | typedef unsigned __int16 uint16_t; 49 | typedef unsigned __int32 uint32_t; 50 | typedef unsigned __int64 uint64_t; 51 | 52 | #endif /* unistd.h */ -------------------------------------------------------------------------------- /windows/include/win_types.h: -------------------------------------------------------------------------------- 1 | #ifndef WIN_TYPES_DEF 2 | #define WIN_TYPES_DEF 3 | 4 | #include "stdint.h" 5 | 6 | #define VERSION "4.5.0" 7 | 8 | #define PCAP_NETMASK_UNKNOWN 0xffffffff 9 | 10 | #define snprintf _snprintf 11 | 12 | typedef unsigned char u_char; 13 | 14 | #endif 15 | --------------------------------------------------------------------------------