├── tests ├── .gitignore ├── bug2.pcap ├── bug3.pcap ├── bug4.pcap ├── bug5.pcap ├── bug6.pcap ├── bug7.pcap ├── bug8.pcap ├── local.pcap ├── test1.pcap ├── test2.pcap ├── test3.pcap ├── test4.pcap ├── udp.pcap ├── local2.pcap ├── simson.pcap ├── flow_test.pcap ├── test-gzip.pcap ├── test1-part1.pcap ├── test1-part2.pcap ├── test5-lines.pcap ├── test8 │ ├── image2.pcap │ ├── building_20201108_221645.jpg │ └── image.html ├── test1-80-50955.pcap ├── test1-one-packet.pcap ├── test7-three-flows.pcap ├── test1-out-of-order.pcap ├── test5-lines-randomized.pcap ├── test5-lines-randomized2.pcap ├── airsnort-linux-browser_page_load.pcap ├── test-pdfs.sh ├── iphtest-nitroba-100.txt ├── test-chroot.sh ├── test-iptree.sh ├── Makefile.am ├── test-subs.sh └── test1.sh ├── doc ├── Makefile.am ├── tcpflow-logo.pdf ├── announce_1_3.txt ├── make_web.sh ├── announce_1_5.txt ├── Planning-1page.txt ├── timeline_1.4.txt └── announce_1_4.txt ├── samplePcaps └── jpegs.cap ├── src ├── NOTES.txt ├── wifipcap │ ├── ether.h │ ├── os.h │ ├── prism.h │ ├── util.h │ ├── radiotap.h │ ├── TimeVal.cpp │ ├── types.h │ ├── README.txt │ ├── util.cpp │ ├── cpack.h │ ├── oui.h │ ├── arp.h │ ├── udp.h │ ├── cpack.cpp │ ├── sample.cpp │ └── llc.h ├── be13_api │ ├── dfxml │ │ └── src │ │ │ ├── Makefile.defs │ │ │ └── dfxml_configure.m4 │ ├── unicode_escape.h │ ├── Makefile.defs │ ├── be13_configure.m4 │ ├── cppmutex.h │ ├── utf8.h │ ├── sbuf_stream.h │ ├── utils.h │ ├── beregex.h │ ├── pcap_fake.h │ ├── net_ethernet.h │ └── utils.cpp ├── mime_map.h ├── inet_ntop.h ├── netviz │ ├── net_map.h │ ├── packetfall.h │ ├── address_histogram.h │ ├── net_map.cpp │ ├── packetfall.cpp │ ├── legend_view.h │ ├── address_histogram_view.h │ ├── port_histogram.h │ ├── port_histogram_view.h │ ├── address_histogram.cpp │ ├── port_histogram.cpp │ ├── time_histogram_view.h │ └── legend_view.cpp ├── template_demo.cpp ├── scan_md5.cpp ├── intrusive_list.h ├── inet_ntop.c ├── scan_wifiviz.cpp ├── datalink_wifi.cpp ├── datalink_wifi.h ├── scan_tcpdemux.cpp ├── scan_netviz.cpp ├── stest.cpp ├── pcap_writer.h └── Makefile.am ├── CONFIGURE_ARCH_17_8.sh ├── INSTALL ├── CONFIGURE_FEDORA_29.sh ├── gitpull.sh ├── CONFIGURE_AWS_LINUX.sh ├── CONFIGURE_UBUNTU_16_04.sh ├── CONFIGURE_FEDORA_26.sh ├── .gitmodules ├── .travis.yml ├── .make-codecov ├── etc └── coverage_report.sh ├── AUTHORS ├── python ├── plugins │ ├── README.md │ └── samplePlugin.py └── plot_wifi_aps.py ├── CMakeLists.txt ├── m4 ├── ac_check_classpath.m4 ├── slg_searchdirs.m4 ├── slg_check_gcc_diagnostics.m4 ├── ac_check_rqrd_class.m4 ├── ac_prog_javah.m4 ├── ac_prog_javac_works.m4 ├── slg_mingw_support.m4 ├── ac_java_options.m4 ├── ac_try_compile_java.m4 ├── ac_prog_jar.m4 ├── ac_try_run_javac.m4 ├── ac_prog_javadoc.m4 ├── ac_prog_javac.m4 ├── ac_check_junit.m4 ├── ac_prog_java_cc.m4 ├── ac_prog_java.m4 ├── ac_prog_java_works.m4 └── slg_gcc_all_warnings.m4 ├── cmake ├── FindPCAP.cmake ├── options.cmake └── coverage.cmake ├── bootstrap.sh ├── .gitignore ├── tcpflow.spec.in ├── Makefile.am ├── CONFIGURE_CENTOS8.bash ├── .github └── workflows │ └── continuous-integration.yml └── CONFIGURE_FEDORA_18.sh /tests/.gitignore: -------------------------------------------------------------------------------- 1 | nitroba.pcap 2 | tmp* 3 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | man_MANS = tcpflow.1 2 | CLEANFILES = tcpflow.1 3 | -------------------------------------------------------------------------------- /tests/bug2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug2.pcap -------------------------------------------------------------------------------- /tests/bug3.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug3.pcap -------------------------------------------------------------------------------- /tests/bug4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug4.pcap -------------------------------------------------------------------------------- /tests/bug5.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug5.pcap -------------------------------------------------------------------------------- /tests/bug6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug6.pcap -------------------------------------------------------------------------------- /tests/bug7.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug7.pcap -------------------------------------------------------------------------------- /tests/bug8.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/bug8.pcap -------------------------------------------------------------------------------- /tests/local.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/local.pcap -------------------------------------------------------------------------------- /tests/test1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1.pcap -------------------------------------------------------------------------------- /tests/test2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test2.pcap -------------------------------------------------------------------------------- /tests/test3.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test3.pcap -------------------------------------------------------------------------------- /tests/test4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test4.pcap -------------------------------------------------------------------------------- /tests/udp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/udp.pcap -------------------------------------------------------------------------------- /tests/local2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/local2.pcap -------------------------------------------------------------------------------- /tests/simson.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/simson.pcap -------------------------------------------------------------------------------- /doc/tcpflow-logo.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/doc/tcpflow-logo.pdf -------------------------------------------------------------------------------- /samplePcaps/jpegs.cap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/samplePcaps/jpegs.cap -------------------------------------------------------------------------------- /tests/flow_test.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/flow_test.pcap -------------------------------------------------------------------------------- /tests/test-gzip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test-gzip.pcap -------------------------------------------------------------------------------- /tests/test1-part1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1-part1.pcap -------------------------------------------------------------------------------- /tests/test1-part2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1-part2.pcap -------------------------------------------------------------------------------- /tests/test5-lines.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test5-lines.pcap -------------------------------------------------------------------------------- /tests/test8/image2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test8/image2.pcap -------------------------------------------------------------------------------- /src/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | to update be13_api: 3 | cd gits/tcpflow/src/be13_api 4 | git pull origin master 5 | -------------------------------------------------------------------------------- /src/wifipcap/ether.h: -------------------------------------------------------------------------------- 1 | 2 | struct ether_hdr_t { 3 | MAC sa, da; 4 | uint16_t type; 5 | }; 6 | -------------------------------------------------------------------------------- /tests/test1-80-50955.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1-80-50955.pcap -------------------------------------------------------------------------------- /tests/test1-one-packet.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1-one-packet.pcap -------------------------------------------------------------------------------- /tests/test7-three-flows.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test7-three-flows.pcap -------------------------------------------------------------------------------- /tests/test1-out-of-order.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test1-out-of-order.pcap -------------------------------------------------------------------------------- /tests/test5-lines-randomized.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test5-lines-randomized.pcap -------------------------------------------------------------------------------- /tests/test5-lines-randomized2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test5-lines-randomized2.pcap -------------------------------------------------------------------------------- /CONFIGURE_ARCH_17_8.sh: -------------------------------------------------------------------------------- 1 | sudo pacman --sync --noconfirm emacs 2 | sudo pacman --sync --noconfirm zlib openssl boost cairo libpcap 3 | -------------------------------------------------------------------------------- /tests/test8/building_20201108_221645.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/test8/building_20201108_221645.jpg -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | Better install instructions will go here. 2 | 3 | 1 - ./bootstrap.sh 4 | 2 - ./configure 5 | 3 - make 6 | 4 - make install 7 | -------------------------------------------------------------------------------- /tests/airsnort-linux-browser_page_load.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simsong/tcpflow/HEAD/tests/airsnort-linux-browser_page_load.pcap -------------------------------------------------------------------------------- /tests/test8/image.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |

My First Heading

6 | 7 |

My first paragraph.

8 | 9 | UB 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /CONFIGURE_FEDORA_29.sh: -------------------------------------------------------------------------------- 1 | PACKAGES="emacs automake zlib zlib-static openssl-devel boost-devel cairo-devel libpcap-devel libpcap-devel cairo-devel gcc-c++ python-devel" 2 | sudo dnf -y install $PACKAGES 3 | sh bootstrap.sh 4 | ./configure --disable-dependency-tracking 5 | -------------------------------------------------------------------------------- /gitpull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # http://stackoverflow.com/questions/5828324/update-git-submodule 3 | # pull root and subprojects 4 | git pull 5 | for dir in src/be13_api 6 | do 7 | pushd $dir 8 | git checkout master 9 | git pull 10 | popd 11 | done 12 | -------------------------------------------------------------------------------- /src/be13_api/dfxml/src/Makefile.defs: -------------------------------------------------------------------------------- 1 | DFXML_WRITER = dfxml/src/dfxml_writer.cpp \ 2 | dfxml/src/dfxml_writer.h \ 3 | dfxml/src/hash_t.h 4 | 5 | DFXML_READER = dfxml/src/dfxml_reader.cpp \ 6 | dfxml/src/dfxml_reader.h \ 7 | dfxml/src/hash_t.h 8 | -------------------------------------------------------------------------------- /CONFIGURE_AWS_LINUX.sh: -------------------------------------------------------------------------------- 1 | PACKAGES="emacs automake zlib zlib-static openssl-devel boost-devel cairo-devel libpcap-devel libpcap-devel cairo-devel gcc-c++ python-devel" 2 | sudo yum install -y install $PACKAGES 3 | sh bootstrap.sh 4 | ./configure --disable-dependency-tracking 5 | -------------------------------------------------------------------------------- /CONFIGURE_UBUNTU_16_04.sh: -------------------------------------------------------------------------------- 1 | sudo apt-get update --fix-missing 2 | sudo apt-get install -y emacs 3 | sudo apt-get install -y git gcc g++ llvm-3.7 automake autoconf libpcap-dev libboost-dev openssl libssl-dev \ 4 | zlib1g-dev libcairo2 libcairo2-dev zlibc zlib1g-dev 5 | 6 | 7 | -------------------------------------------------------------------------------- /CONFIGURE_FEDORA_26.sh: -------------------------------------------------------------------------------- 1 | sudo dnf -y install emacs 2 | sudo dnf -y install zlib 3 | sudo dnf -y install zlib-static 4 | sudo dnf -y install openssl-devel 5 | sudo dnf -y install boost-devel 6 | sudo dnf -y install cairo-devel libpcap-devel 7 | sudo dnf -y install libpcap-devel 8 | sudo dnf -y install cairo-devel 9 | -------------------------------------------------------------------------------- /tests/test-pdfs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | 4 | . $srcdir/test-subs.sh 5 | 6 | # create PDFs for all of the pcap files 7 | for i in $DMPDIR/*.pcap 8 | do 9 | echo $i 10 | cmd "$TCPFLOW -Fg -e netviz -o tmp$$ -r $i" 11 | cmd "mv tmp$$/report.pdf `basename $i .pcap`.pdf" 12 | echo "" 13 | /bin/rm -rf tmp$$ test?.pdf 14 | done 15 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "src/be13_api"] 2 | path = src/be13_api 3 | url = https://github.com/simsong/be20_api.git 4 | branch = master 5 | [submodule "src/dfxml"] 6 | path = src/dfxml 7 | url = https://github.com/simsong/dfxml.git 8 | branch = master 9 | [submodule "src/http-parser"] 10 | path = src/http-parser 11 | url = https://github.com/nodejs/http-parser.git 12 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | addons: 2 | apt: 3 | packages: 4 | - automake 5 | - autoconf 6 | - g++ 7 | - libboost-dev 8 | - libssl-dev 9 | - libpcap-dev 10 | - libcairo2-dev 11 | language: cpp 12 | arch: 13 | - amd64 14 | - ppc64le 15 | dist: bionic 16 | compiler: clang 17 | install: 18 | - ./bootstrap.sh && ./configure && make 19 | script: 20 | - make check 21 | -------------------------------------------------------------------------------- /src/be13_api/unicode_escape.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | #ifndef UNICODE_ESCAPE_H 3 | #define UNICODE_ESCAPE_H 4 | 5 | #include 6 | 7 | /** \addtogroup bulk_extractor_APIs 8 | * @{ 9 | */ 10 | /** \file */ 11 | extern bool validateOrEscapeUTF8_validate; 12 | std::string validateOrEscapeUTF8(const std::string &input, bool escape_bad_UTF8,bool escape_backslash); 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /doc/announce_1_3.txt: -------------------------------------------------------------------------------- 1 | I'm pleased to announce the release of tcpflow version 1.3.0. 2 | 3 | Key elements in 1.3.0 include: 4 | - Compiles with mingw32 and mingw64 for 32-bit and 64-bit windows. I am now 5 | distributing pre-compiled binaries of some releases. 6 | - Better support for DFXML (fixed some bugs) 7 | 8 | You can download version 1.3.0, both source and precompiled windows binaries, 9 | from: 10 | 11 | https://github.com/simsong/tcpflow/downloads 12 | -------------------------------------------------------------------------------- /src/mime_map.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of tcpflow by Simson Garfinkel . 3 | * Originally by Will Glynn . 4 | * 5 | * This source code is under the GNU Public License (GPL) version 3. 6 | * See COPYING for details. 7 | * 8 | */ 9 | 10 | #ifndef MIME_MAP_H 11 | #define MIME_MAP_H 12 | 13 | #include 14 | 15 | std::string get_extension_for_mime_type(const std::string& mime_type); 16 | 17 | #endif /* MIME_MAP_H */ -------------------------------------------------------------------------------- /src/wifipcap/os.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifdef _WIN32 4 | 5 | #define _PACKED_ 6 | 7 | #include 8 | 9 | #define u_int8_t UCHAR 10 | #define u_int16_t USHORT 11 | #define u_int32_t ULONG 12 | #define u_int64_t ULONGLONG 13 | 14 | #define int8_t CHAR 15 | #define int16_t SHORT 16 | #define int32_t LONG 17 | #define int64_t LONGLONG 18 | 19 | #define u_char UCHAR 20 | 21 | #else 22 | 23 | #define _PACKED_ __attribute__((__packed__)) 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /.make-codecov: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # 2020-10-29 - slg - compile for codecov, run self-test, and upload results. 4 | # 5 | export CODECOV_TOKEN='d97f1a9d-88e1-4db4-b14c-5b2edef43cf6' 6 | bash bootstrap.sh 7 | ./configure CFLAGS='-g -O0 -fprofile-arcs -ftest-coverage' \ 8 | CXXFLAGS='-g -O0 -fprofile-arcs -ftest-coverage' \ 9 | LIBS='-lgcov' 10 | make clean \ 11 | && make \ 12 | && make check \ 13 | && gcov-9 -n -o . *cpp \ 14 | && bash <(curl -s https://codecov.io/bash) 15 | make distclean 16 | -------------------------------------------------------------------------------- /src/inet_ntop.h: -------------------------------------------------------------------------------- 1 | #ifndef TCPFLOW_INET_NTOP_H 2 | #define TCPFLOW_INET_NTOP_H 3 | 4 | #ifdef HAVE_ARPA_INET_H 5 | # include 6 | #endif 7 | 8 | #ifndef HAVE_INET_NTOP 9 | const char *inet_ntop(int af, const void *src,char *dst, socklen_t size); 10 | #endif 11 | 12 | #if defined(__MINGW32__) 13 | // has this prototype for ws2_32 dll, but has type-conflicts with winsock2.h 14 | WINSOCK_API_LINKAGE LPCWSTR WSAAPI inet_ntop(INT Family, PVOID pAddr, LPWSTR pStringBuf, size_t StringBufSIze); 15 | #endif 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /src/netviz/net_map.h: -------------------------------------------------------------------------------- 1 | /** 2 | * net_map.h: 3 | * Show map of network traffic by host 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #ifndef NET_MAP_H 12 | #define NET_MAP_H 13 | 14 | #include "plot_view.h" 15 | 16 | class net_map { 17 | public: 18 | net_map() {} 19 | 20 | void ingest_packet(const be13::packet_info &pi); 21 | void render(cairo_t *cr, const plot_view::bounds_t &bounds); 22 | }; 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /src/netviz/packetfall.h: -------------------------------------------------------------------------------- 1 | /** 2 | * packetfall.h: 3 | * Show packets received vs port 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #ifndef PACKETFALL_H 12 | #define PACKETFALL_H 13 | 14 | #include "plot_view.h" 15 | 16 | class packetfall { 17 | public: 18 | packetfall() {} 19 | 20 | void ingest_packet(const be13::packet_info &pi); 21 | void render(cairo_t *cr, const plot_view::bounds_t &bounds); 22 | }; 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /etc/coverage_report.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Create a code-coverage report locally and upload one to codecov 4 | # Should be run from the root directory 5 | 6 | if [ -r coverage_report.sh ]; then 7 | echo "coverage_report.sh run in /etc directory. moving to .." 8 | cd .. 9 | fi 10 | 11 | #make distclean 12 | #CFLAGS="--coverage" CXXFLAGS="--coverage" LDFLAGS="--coverage" ./configure 13 | make check 14 | lcov --capture --directory . --output-file main_coverage.info 15 | genhtml main_coverage.info --output-directory out 16 | 17 | # Upload the coverage report 18 | bash <(curl -s https://codecov.io/bash) 19 | 20 | /bin/rm -f *.gcov *.gcda *.gcno 21 | 22 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | MAINTAINER 2 | ========== 3 | Simson L. Garfinkel 4 | 5 | COPYRIGHT 6 | ========= 7 | Version 1.5.0 (C) Simson L. Garfinkel, Licensed under GPL 3.0 8 | 9 | ACKNOWLEDGEMENTS 10 | ================ 11 | Thanks to: 12 | * Jeffrey Pang, for the radiotap implementation 13 | * Doug Madory, for the original Wifi parser 14 | * Jeremy Elson, for the original idea and initial tcp/ip implementation 15 | 16 | Additional and thanks: 17 | 18 | * Johnny Tevessen , for Linux systems still using libc5. 19 | * Ross Golder , for a spec file for generating tcpflow RPMs. 20 | * Jose M. Alcaide , patch for the -r option 21 | * olibre , for encouragmenet, lots of patches, and CMake implementation 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /python/plugins/README.md: -------------------------------------------------------------------------------- 1 | To execute customizable python plugins: 2 | 3 | 1. Check examples in directory `tcpflow/python/plugins`. 4 | 5 | 2. Create a python script with the following properties: 6 | 7 | - The script contains one or more functions for tcpflow usage. 8 | - Each intended function must take a single string parameter. 9 | This parameter will hold the contents of the application data captured by tcpflow. 10 | - If an intended function returns, it must return a string, 11 | which will then be added to the report.xml file with the "plugindata" tag. 12 | 13 | 3. Execute the `tcpflow` command line with arguments `-e python -S py_path=path -S py_module=module -S py_function=foo`. 14 | 15 | Example: 16 | 17 | tcpflow -r my.cap -o flows -e python -S py_path=python/plugins -S py_module=samplePlugin -S py_function=sampleFunction 18 | -------------------------------------------------------------------------------- /src/template_demo.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * How do we do a template like this? 3 | */ 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | template 10 | class A { 11 | private: 12 | T var_; 13 | uint64_t count_; 14 | public: 15 | A(T v):var_(v),count(0){ } 16 | uint64_t count() const { return count_;} 17 | T var() const { return var_;} 18 | void inc_count(); 19 | }; 20 | 21 | template void A::inc_count() { 22 | count_++; 23 | }; 24 | 25 | template std::ostream & operator <<(std::ostream &os, const A &e) { 26 | os << e.count() << "=" << e.var(); 27 | return os; 28 | }; 29 | 30 | 31 | int main(int argc,char **argv) 32 | { 33 | A a(3); 34 | 35 | a.inc_count(); 36 | std::cout << a << "\n"; 37 | 38 | a.inc_count(); 39 | std::cout << a << "\n"; 40 | 41 | 42 | } 43 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.1) 2 | 3 | project(tcpflow VERSION 1.4.6 LANGUAGES CXX C) 4 | # Within the above line, "C" is required for two reasons: 5 | # 1. find_package(Threads) fails using only CXX on cmake-3.3 and previous 6 | # 2. CMake files use CMAKE_C_COMPILER_ID instead of CMAKE_CXX_COMPILER_ID 7 | 8 | # The following line if for find_package(pcap) -> cmake/FindPCAP.cmake 9 | set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) 10 | 11 | include(cmake/options.cmake) # Set default CMake options 12 | include(cmake/coverage.cmake) # Configure the build "Coverage" 13 | include(cmake/compilation-flags.cmake) # Compiler & Linker flags 14 | include(cmake/warning-flags.cmake) # Compiler & Linker warnings 15 | 16 | # Source code 17 | add_subdirectory(src) 18 | 19 | # Generate documentation 20 | #add_subdirectory( doc EXCLUDE_FROM_ALL ) 21 | 22 | -------------------------------------------------------------------------------- /tests/iphtest-nitroba-100.txt: -------------------------------------------------------------------------------- 1 | trim before: 4999 2 | trim after: 99 3 | nodes: 99 histogram size: 29 4 | 0.0.0.0/2 count=2950 5 | 64.0.0.0/7 count=4330 6 | 66.0.0.0/7 count=9316 7 | 68.0.0.0/8 count=354 8 | 69.16.0.0/14 count=174 9 | 69.22.167.192/28 count=3917 10 | 69.22.167.208/28 count=11753 11 | 69.22.167.224/27 count=4169 12 | 69.24.0.0/13 count=2048 13 | 69.32.0.0/11 count=748 14 | 69.64.0.0/10 count=125 15 | 69.128.0.0/9 count=87 16 | 70.0.0.0/7 count=95 17 | 72.0.0.0/7 count=3457 18 | 74.0.0.0/7 count=9695 19 | 76.0.0.0/6 count=1140 20 | 80.0.0.0/4 count=581 21 | 96.0.0.0/3 count=3 22 | 128.0.0.0/2 count=1316 23 | 192.168.1.64/26 count=12544 24 | 192.168.15.4 count=71478 25 | 192.192.0.0/10 count=22 26 | 194.0.0.0/7 count=119 27 | 196.0.0.0/6 count=4423 28 | 200.0.0.0/5 count=2773 29 | 208.0.0.0/8 count=8403 30 | 209.0.0.0/8 count=6856 31 | 212.0.0.0/6 count=59 32 | 216.0.0.0/5 count=4823 33 | -------------------------------------------------------------------------------- /doc/make_web.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Create the files for the tcpflow website 4 | CORP=/corp/ 5 | DEST=/var/www/digitalcorpora/tcpflow/demo 6 | TCPFLOW=../src/tcpflow 7 | TMP=/tmp/out$$ 8 | 9 | if [ ! -d $DEST ]; then mkdir -p $DEST ; fi 10 | 11 | if [ ! -x $TCPFLOW ]; then (cd .. ; make ) ; fi 12 | 13 | run() 14 | { 15 | DPDF=$DEST/$2 16 | DPNG=${DPDF%pdf}png 17 | echo DPDF=$DPDF 18 | echo DPNG=$DPNG 19 | echo $TCPFLOW -o $TMP -x tcpdemux -E netviz $1 20 | $TCPFLOW -o $TMP -x tcpdemux -E netviz $1 21 | if [ ! -r $TMP/report.pdf ]; then 22 | echo tcpflow failed 23 | exit 1 24 | fi 25 | mv $TMP/report.pdf $DPDF 26 | /bin/rm -rf $TMP 27 | convert -scale 300 $DPDF $DPNG 28 | ls -l $DPDF $DPNG 29 | } 30 | 31 | run "-r $CORP/nps/packets/2008-nitroba/nitroba.pcap" nitroba.pdf 32 | run "-l $CORP/nps/packets/2009-m57-patents/net-2009*.gz" m57-net.pdf 33 | run "-l $CORP/mitll/packets/ideval99/week?/*/outside*gz" id99-outside.pdf 34 | 35 | -------------------------------------------------------------------------------- /m4/ac_check_classpath.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_CHECK_CLASSPATH 2 | dnl 3 | dnl AC_CHECK_CLASSPATH just displays the CLASSPATH, for the edification 4 | dnl of the user. 5 | dnl 6 | dnl Note: This is part of the set of autoconf M4 macros for Java 7 | dnl programs. It is VERY IMPORTANT that you download the whole set, 8 | dnl some macros depend on other. Unfortunately, the autoconf archive 9 | dnl does not support the concept of set of macros, so I had to break it 10 | dnl for submission. The general documentation, as well as the sample 11 | dnl configure.in, is included in the AC_PROG_JAVA macro. 12 | dnl 13 | dnl @category Java 14 | dnl @author Stephane Bortzmeyer 15 | dnl @version 2000-07-19 16 | dnl @license GPLWithACException 17 | 18 | AC_DEFUN([AC_CHECK_CLASSPATH],[ 19 | if test "x$CLASSPATH" = x; then 20 | echo "You have no CLASSPATH, I hope it is good" 21 | else 22 | echo "You have CLASSPATH $CLASSPATH, hope it is correct" 23 | fi 24 | ]) 25 | -------------------------------------------------------------------------------- /m4/slg_searchdirs.m4: -------------------------------------------------------------------------------- 1 | if test x"${mingw}" != "xyes" ; then 2 | 3 | case $host in 4 | *mingw*) 5 | AC_MSG_NOTICE([Compiling under mingw; will not search other directories.]) 6 | ;; 7 | *) 8 | AC_MSG_NOTICE(Compiling under $host.) 9 | # Bring additional directories where things might be found into our 10 | # search path. I don't know why autoconf doesn't do this by default 11 | for spfx in /usr/local /opt/local /sw /usr/local/ssl; do 12 | AC_MSG_NOTICE([checking ${spfx}/include]) 13 | if test -d ${spfx}/include; then 14 | CPPFLAGS="$CPPFLAGS -I${spfx}/include" 15 | LDFLAGS="$LDFLAGS -L${spfx}/lib" 16 | AC_MSG_NOTICE([ *** ADDING ${spfx}/include to CPPFLAGS *** ]) 17 | AC_MSG_NOTICE([ *** ADDING ${spfx}/lib to LDFLAGS *** ]) 18 | fi 19 | done 20 | AC_MSG_NOTICE([ CPPFLAGS = ${CPPFLAGS} ]) 21 | AC_MSG_NOTICE([ LDFLAGS = ${LDFLAGS} ]) 22 | ;; 23 | esac 24 | fi 25 | 26 | 27 | -------------------------------------------------------------------------------- /tests/test-chroot.sh: -------------------------------------------------------------------------------- 1 | . $srcdir/test-subs.sh 2 | 3 | echo DMPDIR=$DMPDIR 4 | echo TCPFLOW=$TCPFLOW 5 | 6 | # check the results 7 | checkmd5() 8 | { 9 | if [ ! -r $1 ] ; 10 | then 11 | echo file $1 was not created 12 | ls -l 13 | exit 1 14 | fi 15 | 16 | md5val=`openssl md5 $1 | awk '{print $2;}'` 17 | if [ x$2 != x$md5val ]; 18 | then 19 | echo failure: $1 20 | echo expected md5: $2 "(got '$md5val')" 21 | echo expected length: $3 22 | ls -l $1 23 | exit 1 24 | fi 25 | } 26 | 27 | testmd5() 28 | { 29 | md5val=`openssl md5 $1 | awk '{print $2;}'` 30 | len=`stat -r $1 | awk '{print $8;}'` 31 | echo checkmd5 \"$1\" \"$md5val\" \"$len\" 32 | } 33 | 34 | cmd() 35 | { 36 | echo $1 37 | if ! $1 ; then echo failed; exit 1; fi 38 | } 39 | NITROBA=nitroba.pcap 40 | if [ -r $NITROBA ]; then 41 | /bin/rm -rf out1 42 | cmd "$TCPFLOW -S netviz_max_histogram_size=1000 -S netviz_histogram_dump=1 -o out1 -r $NITROBA" 43 | /bin/rm -rf out1 44 | else 45 | echo $NITROBA not present. 46 | fi 47 | exit 0 48 | 49 | -------------------------------------------------------------------------------- /tests/test-iptree.sh: -------------------------------------------------------------------------------- 1 | . $srcdir/test-subs.sh 2 | 3 | echo DMPDIR=$DMPDIR 4 | echo TCPFLOW=$TCPFLOW 5 | 6 | # check the results 7 | checkmd5() 8 | { 9 | if [ ! -r $1 ] ; 10 | then 11 | echo file $1 was not created 12 | ls -l 13 | exit 1 14 | fi 15 | 16 | md5val=`openssl md5 $1 | awk '{print $2;}'` 17 | if [ x$2 != x$md5val ]; 18 | then 19 | echo failure: $1 20 | echo expected md5: $2 "(got '$md5val')" 21 | echo expected length: $3 22 | ls -l $1 23 | exit 1 24 | fi 25 | } 26 | 27 | testmd5() 28 | { 29 | md5val=`openssl md5 $1 | awk '{print $2;}'` 30 | len=`stat -r $1 | awk '{print $8;}'` 31 | echo checkmd5 \"$1\" \"$md5val\" \"$len\" 32 | } 33 | 34 | cmd() 35 | { 36 | echo $1 37 | if ! $1 ; then echo failed; exit 1; fi 38 | } 39 | NITROBA=nitroba.pcap 40 | if [ -r $NITROBA ]; then 41 | /bin/rm -rf out1 42 | cmd "$TCPFLOW -S netviz_max_histogram_size=1000 -S netviz_histogram_dump=1 -o out1 -r $NITROBA" 43 | /bin/rm -rf out1 44 | else 45 | echo $NITROBA not present. 46 | fi 47 | exit 0 48 | 49 | -------------------------------------------------------------------------------- /m4/slg_check_gcc_diagnostics.m4: -------------------------------------------------------------------------------- 1 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wshadow"],[return 0;], 2 | [AC_DEFINE(HAVE_DIAGNOSTIC_SHADOW,1,[define 1 if GCC supports -Wshadow])]) 3 | 4 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wundef"],[return 0;], 5 | [AC_DEFINE(HAVE_DIAGNOSTIC_UNDEF,1,[define 1 if GCC supports -Wundef])]) 6 | 7 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wcast-qual"],[return 0;], 8 | [AC_DEFINE(HAVE_DIAGNOSTIC_CAST_QUAL,1,[define 1 if GCC supports -Wcast-qual])]) 9 | 10 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Weffcpp"],[return 0;], 11 | [AC_DEFINE(HAVE_DIAGNOSTIC_EFFCPP,1,[define 1 if GCC supports -Weffc++])]) 12 | 13 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wsuggest-attribute=noreturn"],[return 0;], 14 | [AC_DEFINE(HAVE_DIAGNOSTIC_SUGGEST_ATTRIBUTE,1, 15 | [define 1 if GCC supports -Wsuggest-attribute=noreturn])]) 16 | 17 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wdeprecated-register"],[return 0;], 18 | [AC_DEFINE(HAVE_DIAGNOSTIC_DEPRECATED_REGISTER,1, 19 | [define 1 if GCC supports -Wdeprecated-register])]) 20 | -------------------------------------------------------------------------------- /m4/ac_check_rqrd_class.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_CHECK_RQRD_CLASS 2 | dnl 3 | dnl AC_CHECK_RQRD_CLASS tests the existence of a given Java class, 4 | dnl either in a jar or in a '.class' file and fails if it doesn't 5 | dnl exist. Its success or failure can depend on a proper setting of the 6 | dnl CLASSPATH env. variable. 7 | dnl 8 | dnl Note: This is part of the set of autoconf M4 macros for Java 9 | dnl programs. It is VERY IMPORTANT that you download the whole set, 10 | dnl some macros depend on other. Unfortunately, the autoconf archive 11 | dnl does not support the concept of set of macros, so I had to break it 12 | dnl for submission. The general documentation, as well as the sample 13 | dnl configure.in, is included in the AC_PROG_JAVA macro. 14 | dnl 15 | dnl @category Java 16 | dnl @author Stephane Bortzmeyer 17 | dnl @version 2000-07-19 18 | dnl @license GPLWithACException 19 | 20 | AC_DEFUN([AC_CHECK_RQRD_CLASS],[ 21 | CLASS=`echo $1|sed 's/\./_/g'` 22 | AC_CHECK_CLASS($1) 23 | if test "$HAVE_LAST_CLASS" = "no"; then 24 | AC_MSG_ERROR([Required class $1 missing, exiting.]) 25 | fi 26 | ]) 27 | -------------------------------------------------------------------------------- /tests/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # About the tests: 3 | # 4 | # test1.sh - 5 | # test2.sh - 6 | # test3.sh - 7 | # 8 | # About the test files: 9 | # 10 | 11 | SH_TESTS = test1.sh test-pdfs.sh test-multifile.sh test-iptree.sh test-chroot.sh 12 | 13 | EXTRA_DIST = $(SH_TESTS) test-subs.sh test1.pcap test2.pcap test3.pcap test4.pcap 14 | 15 | TESTS = $(SH_TESTS) 16 | 17 | CLEANFILES = \ 18 | out/010.000.000.001.09999-010.000.000.002.36559--42 \ 19 | out/010.000.000.002.36559-010.000.000.001.09999--42 \ 20 | out/074.125.019.101.00080-192.168.001.102.50956 \ 21 | out/074.125.019.104.00080-192.168.001.102.50955 \ 22 | out/192.168.001.102.50955-074.125.019.104.00080 \ 23 | out/192.168.001.102.50956-074.125.019.101.00080 \ 24 | out/2001:6f8:102d::2d0:9ff:fee3:e8de.59201-2001:6f8:900:7c0::2.00080 \ 25 | out/2001:6f8:900:7c0::2.00080-2001:6f8:102d::2d0:9ff:fee3:e8de.59201 \ 26 | out/report.xml 27 | 28 | nitroba.pcap: 29 | wget http://downloads.digitalcorpora.org/corpora/packets/2008-nitroba/nitroba.pcap 30 | 31 | clean: 32 | @echo Erase any left over trace files 33 | /bin/rm -f *.[0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9].* 34 | 35 | -------------------------------------------------------------------------------- /cmake/FindPCAP.cmake: -------------------------------------------------------------------------------- 1 | # Tries to find libpcap headers and libraries 2 | # 3 | # Usage of this module as follows: 4 | # 5 | # find_package(PCAP) 6 | # 7 | # Variables used by this module, they can change the default behaviour and need 8 | # to be set before calling find_package: 9 | # 10 | # PCAP_ROOT_DIR Set this variable to the root installation of 11 | # libpcap if the module has problems finding 12 | # the proper installation path. 13 | # 14 | # Variables defined by this module: 15 | # 16 | # PCAP_FOUND System has PCAP libs/headers 17 | # PCAP_LIBRARIES The PCAP libraries 18 | # PCAP_INCLUDE_DIR The location of PCAP headers 19 | 20 | find_path(PCAP_INCLUDE_DIR 21 | NAMES pcap.h 22 | HINTS ${PCAP_ROOT_DIR}/include) 23 | 24 | find_library(PCAP_LIBRARIES 25 | NAMES pcap 26 | HINTS ${PCAP_ROOT_DIR}/lib) 27 | 28 | include(FindPackageHandleStandardArgs) 29 | find_package_handle_standard_args( 30 | PCAP 31 | DEFAULT_MSG 32 | PCAP_LIBRARIES 33 | PCAP_INCLUDE_DIR) 34 | 35 | mark_as_advanced( 36 | PCAP_ROOT_DIR 37 | PCAP_LIBRARIES 38 | PCAP_INCLUDE_DIR) 39 | -------------------------------------------------------------------------------- /src/netviz/address_histogram.h: -------------------------------------------------------------------------------- 1 | /** 2 | * address histogram class. 3 | * 4 | * This source file is public domain, as it is not based on the original tcpflow. 5 | * 6 | * Author: Michael Shick 7 | * 8 | */ 9 | 10 | #ifndef ADDRESS_HISTOGRAM_H 11 | #define ADDRESS_HISTOGRAM_H 12 | 13 | #include "iptree.h" 14 | 15 | class address_histogram { 16 | public: 17 | address_histogram(const iptree &tree); 18 | 19 | class iptree_node_comparator { 20 | public: 21 | bool operator()(const iptree::addr_elem &a, const iptree::addr_elem &b); 22 | }; 23 | 24 | static const size_t bucket_count; 25 | 26 | const iptree::addr_elem &at(size_t index) const; 27 | size_t size() const; 28 | uint64_t ingest_count() const; 29 | 30 | typedef std::vector ipt_addrs; 31 | 32 | ipt_addrs::const_iterator begin() const; 33 | ipt_addrs::const_iterator end() const; 34 | ipt_addrs::const_reverse_iterator rbegin() const; 35 | ipt_addrs::const_reverse_iterator rend() const; 36 | 37 | private: 38 | ipt_addrs buckets; 39 | uint64_t datagrams_ingested; 40 | }; 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /m4/ac_prog_javah.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVAH 2 | dnl 3 | dnl AC_PROG_JAVAH tests the availability of the javah header generator 4 | dnl and looks for the jni.h header file. If available, JAVAH is set to 5 | dnl the full path of javah and CPPFLAGS is updated accordingly. 6 | dnl 7 | dnl @category Java 8 | dnl @author Luc Maisonobe 9 | dnl @version 2002-03-25 10 | dnl @license AllPermissive 11 | 12 | AC_DEFUN([AC_PROG_JAVAH],[ 13 | AC_REQUIRE([AC_CANONICAL_SYSTEM])dnl 14 | AC_REQUIRE([AC_PROG_CPP])dnl 15 | AC_PATH_PROG(JAVAH,javah) 16 | if test x"`eval 'echo $ac_cv_path_JAVAH'`" != x ; then 17 | AC_TRY_CPP([#include ],,[ 18 | ac_save_CPPFLAGS="$CPPFLAGS" 19 | changequote(, )dnl 20 | ac_dir=`echo $ac_cv_path_JAVAH | sed 's,\(.*\)/[^/]*/[^/]*$,\1/include,'` 21 | ac_machdep=`echo $build_os | sed 's,[-0-9].*,,' | sed 's,cygwin,win32,'` 22 | changequote([, ])dnl 23 | CPPFLAGS="$ac_save_CPPFLAGS -I$ac_dir -I$ac_dir/$ac_machdep" 24 | AC_TRY_CPP([#include ], 25 | ac_save_CPPFLAGS="$CPPFLAGS", 26 | AC_MSG_WARN([unable to include ])) 27 | CPPFLAGS="$ac_save_CPPFLAGS"]) 28 | fi]) 29 | -------------------------------------------------------------------------------- /bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Hopefully you checked out with: 3 | # $ git clone --recursive https://github.com/simsong/tcpflow.git 4 | 5 | # Make sure we have automake installed 6 | function usage() { 7 | echo tcpflow bootstrap: 8 | echo be sure to run the appropriate CONFIGURE script to install the necessary packages. 9 | exit 1 10 | } 11 | 12 | automake --help 1>/dev/null 2>&1 || usage 13 | 14 | for sub in be13_api http-parser 15 | do 16 | if [ ! -r src/$sub/.git ] ; 17 | then 18 | echo bringing in submodules 19 | echo next time check out with git clone --recursive 20 | git submodule init 21 | git submodule update 22 | fi 23 | done 24 | 25 | ## The new way: 26 | # have automake do an initial population iff necessary 27 | if [ ! -e config.guess -o ! -e config.sub -o ! -e install-sh -o ! -e missing -o ! -e test-driver ]; then 28 | /bin/rm -rf aclocal.m4 29 | autoheader -f 30 | aclocal -I m4 31 | autoconf -f 32 | automake --add-missing --copy 33 | else 34 | autoreconf -f 35 | fi 36 | echo be sure to run ./configure 37 | ## The old way: 38 | 39 | # /bin/rm -rf aclocal.m4 40 | # autoheader -f 41 | # aclocal -I m4 42 | # autoconf -f 43 | # automake --add-missing --copy 44 | # ./configure 45 | -------------------------------------------------------------------------------- /doc/announce_1_5.txt: -------------------------------------------------------------------------------- 1 | I'm pleased to announce the release of tcpflow version 1.5.0. This 2 | version was going to be called version 1.4.7, but so much has changed 3 | that it seemed like a good time to bump the minor version number. It's 4 | more than just a bug-fix release! 5 | 6 | Changes from 1.4.6: 7 | 8 | * We now pin to simsong/http-parser rather than nodejs/http-parser, so that we have more control over http-parser's .gitignore file. 9 | 10 | * support for cmake. (May not be current, but it's there for you cmake fans!) 11 | 12 | * CONFIGURE_FEDORA_26.sh script installs all needed Fedora 26 packages. 13 | 14 | * CONFIGURE_UBUNTU_16_04.sh script installs all needed Ubuntu 16.04 packages 15 | 16 | * CONFIGURE_ARCH_17_8.sh installs all needed Arch Linux 17.8 packages! Yes, we now support Arch! 17 | 18 | * getopt_long() support. Now you can go to town and create long-versions of all your favorite, one-character tcpflow options (provided you know C++, of course. Please submit pull requests!) 19 | 20 | * tcpflow man page updated 21 | 22 | * There's a Python post-processor option as well. 23 | 24 | * chroot() and drop root, allowing better control of privledge. 25 | 26 | * Support for libcap (capability library). 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /src/netviz/net_map.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * net_map.cpp: 3 | * Show map of network traffic by host 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #ifdef HAVE_LIBCAIRO 14 | #include "tcpflow.h" 15 | 16 | #include "net_map.h" 17 | 18 | void net_map::ingest_packet(const be13::packet_info &pi) 19 | { 20 | } 21 | 22 | void net_map::render(cairo_t *cr, const plot_view::bounds_t &bounds) 23 | { 24 | cairo_set_source_rgb(cr, 0.67, 0.67, 0.67); 25 | cairo_rectangle(cr, bounds.x, bounds.y, bounds.width, bounds.height); 26 | cairo_fill(cr); 27 | 28 | double font_size = 16.0; 29 | std::string label = "pretty map"; 30 | cairo_text_extents_t extents; 31 | 32 | cairo_set_font_size(cr, font_size); 33 | cairo_set_source_rgb(cr, 0.0, 0.0, 0.0); 34 | 35 | cairo_text_extents(cr, label.c_str(), &extents); 36 | 37 | double text_x = bounds.x + (bounds.width - extents.width) / 2.0; 38 | double text_y = bounds.y + (bounds.height + extents.height) / 2.0; 39 | 40 | cairo_move_to(cr, text_x, text_y); 41 | cairo_show_text(cr, label.c_str()); 42 | 43 | } 44 | #endif 45 | -------------------------------------------------------------------------------- /tests/test-subs.sh: -------------------------------------------------------------------------------- 1 | case x"$srcdir" in 2 | x) 3 | echo No srcdir specified. Assuming $0 is run locally 4 | DMPDIR=. 5 | TCPFLOW=../src/tcpflow 6 | ;; 7 | x.) 8 | echo srcdir is . Assuming $0 is run locally from make check 9 | DMPDIR=. 10 | TCPFLOW=../src/tcpflow 11 | ;; 12 | *) 13 | echo srcdir is $srcdir Assuming $0 is run from make distcheck 14 | DMPDIR=../../tests/ 15 | TCPFLOW=../../_build/src/tcpflow 16 | ;; 17 | esac 18 | 19 | echo DMPDIR=$DMPDIR 20 | echo TCPFLOW=$TCPFLOW 21 | 22 | # check the results 23 | checkmd5() 24 | { 25 | if [ ! -r $1 ] ; 26 | then 27 | echo file $1 was not created 28 | ls -l 29 | exit 1 30 | fi 31 | 32 | md5val=`openssl md5 $1 | awk '{print $2;}'` 33 | if [ x$2 != x$md5val ]; 34 | then 35 | echo failure: $1 36 | echo expected md5: $2 "(got '$md5val')" 37 | echo expected length: $3 38 | ls -l $1 39 | exit 1 40 | fi 41 | } 42 | 43 | testmd5() 44 | { 45 | md5val=`openssl md5 $1 | awk '{print $2;}'` 46 | len=`stat -r $1 | awk '{print $8;}'` 47 | echo checkmd5 \"$1\" \"$md5val\" \"$len\" 48 | } 49 | 50 | cmd() 51 | { 52 | echo $1 53 | if ! $1 ; then echo failed; exit 1; fi 54 | } 55 | 56 | -------------------------------------------------------------------------------- /src/netviz/packetfall.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * packetfall.cpp: 3 | * Show packets received vs port 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #ifdef HAVE_LIBCAIRO 14 | #include "tcpflow.h" 15 | 16 | #include "packetfall.h" 17 | 18 | void packetfall::ingest_packet(const be13::packet_info &pi) 19 | { 20 | } 21 | 22 | void packetfall::render(cairo_t *cr, const plot_view::bounds_t &bounds) 23 | { 24 | cairo_set_source_rgb(cr, 0.67, 0.67, 0.67); 25 | cairo_rectangle(cr, bounds.x, bounds.y, bounds.width, bounds.height); 26 | cairo_fill(cr); 27 | 28 | double font_size = 16.0; 29 | std::string label = "pretty packetfall"; 30 | cairo_text_extents_t extents; 31 | 32 | cairo_set_font_size(cr, font_size); 33 | cairo_set_source_rgb(cr, 0.0, 0.0, 0.0); 34 | 35 | cairo_text_extents(cr, label.c_str(), &extents); 36 | 37 | double text_x = bounds.x + (bounds.width - extents.width) / 2.0; 38 | double text_y = bounds.y + (bounds.height + extents.height) / 2.0; 39 | 40 | cairo_move_to(cr, text_x, text_y); 41 | cairo_show_text(cr, label.c_str()); 42 | 43 | } 44 | #endif 45 | -------------------------------------------------------------------------------- /src/wifipcap/prism.h: -------------------------------------------------------------------------------- 1 | 2 | #include "os.h" 3 | 4 | /* 5 | // prism header: added (from wlan-ng) 6 | #define WLAN_DEVNAMELEN_MAX 16 7 | 8 | typedef struct { 9 | uint32_t did; 10 | uint16_t status; 11 | uint16_t len; 12 | uint32_t data; 13 | } __attribute__((__packed__)) p80211item_uint32_t; 14 | 15 | typedef struct { 16 | uint32_t msgcode; 17 | uint32_t msglen; 18 | uint8_t devname[WLAN_DEVNAMELEN_MAX]; 19 | p80211item_uint32_t hosttime; 20 | p80211item_uint32_t mactime; 21 | p80211item_uint32_t channel; 22 | p80211item_uint32_t rssi; 23 | p80211item_uint32_t sq; 24 | p80211item_uint32_t signal; 25 | p80211item_uint32_t noise; 26 | p80211item_uint32_t rate; 27 | p80211item_uint32_t istx; 28 | p80211item_uint32_t frmlen; 29 | } __attribute__((__packed__)) prism2_pkthdr; 30 | */ 31 | 32 | #ifdef _WIN32 33 | #pragma pack(push, 1) 34 | #endif 35 | struct prism2_pkthdr { 36 | u_int32_t host_time; 37 | u_int32_t mac_time; 38 | u_int32_t channel; 39 | u_int32_t rssi; 40 | u_int32_t sq; 41 | int signal; 42 | int noise; 43 | u_int32_t rate; 44 | u_int32_t istx; 45 | u_int32_t frmlen; 46 | } _PACKED_; 47 | #ifdef _WIN32 48 | #pragma pack(pop) 49 | #endif 50 | -------------------------------------------------------------------------------- /src/be13_api/Makefile.defs: -------------------------------------------------------------------------------- 1 | BE13_API= \ 2 | be13_api/atomic_set_map.h \ 3 | be13_api/aftimer.h \ 4 | be13_api/beregex.cpp \ 5 | be13_api/beregex.h \ 6 | be13_api/bulk_extractor_i.h \ 7 | be13_api/cppmutex.h \ 8 | be13_api/feature_recorder.cpp \ 9 | be13_api/feature_recorder.h \ 10 | be13_api/feature_recorder_set.cpp \ 11 | be13_api/feature_recorder_set.h \ 12 | be13_api/feature_recorder_sql.cpp \ 13 | be13_api/histogram.h \ 14 | be13_api/histogram.cpp \ 15 | be13_api/net_ethernet.h \ 16 | be13_api/pcap_fake.cpp \ 17 | be13_api/pcap_fake.h \ 18 | be13_api/plugin.cpp \ 19 | be13_api/sbuf.cpp \ 20 | be13_api/sbuf.h \ 21 | be13_api/sbuf_private.h \ 22 | be13_api/sbuf_stream.cpp \ 23 | be13_api/sbuf_stream.h \ 24 | be13_api/unicode_escape.cpp \ 25 | be13_api/unicode_escape.h \ 26 | be13_api/utf8.h \ 27 | be13_api/utf8/checked.h \ 28 | be13_api/utf8/core.h \ 29 | be13_api/utf8/unchecked.h \ 30 | be13_api/utils.cpp \ 31 | be13_api/utils.h \ 32 | be13_api/word_and_context_list.cpp \ 33 | be13_api/word_and_context_list.h 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /python/plot_wifi_aps.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3.3 2 | # 3 | # Read a report.xml file and output a graphviz graph of the nodes 4 | # 5 | import xml.etree.ElementTree as ET 6 | 7 | if __name__=="__main__": 8 | import sys 9 | root = ET.parse(sys.argv[1]) 10 | macs = set() 11 | ssids = set() 12 | print("digraph ssids {") 13 | for ssidnode in root.findall('.//ssid'): 14 | macs.add(ssidnode.attrib['mac']) 15 | ssids.add(ssidnode.attrib['ssid']) 16 | print(' "{}" -> "{}";'.format(ssidnode.attrib['mac'],ssidnode.attrib['ssid'])) 17 | 18 | # Send through the attributes 19 | # Make all of the boxes 20 | for mac in macs: 21 | print(' "{}" [shape=box]'.format(mac)) 22 | 23 | # color all of the SSIDs 24 | c = 1 25 | for ssid in ssids: 26 | r = (c)//3 27 | g = (c+1)//3 28 | b = (c+2)//3 29 | color = "#{:02X}{:02X}{:02X}".format(255-r*16,255-g*16,255-b*16) 30 | c += 1 31 | if c/3>4: 32 | c = 0 33 | print(' "{}" [color="{}",style=filled]'.format(ssid,color)) 34 | for macnode in root.findall(".//ssid/[@ssid='{}']".format(ssid)): 35 | print(' "{}" [color="{}",style=filled]'.format(macnode.attrib['mac'],color)) 36 | print("}") 37 | 38 | -------------------------------------------------------------------------------- /src/wifipcap/util.h: -------------------------------------------------------------------------------- 1 | #ifndef __WIFIPCAP_UTIL_H_ 2 | #define __WIFIPCAP_UTIL_H_ 3 | 4 | #include 5 | 6 | typedef unsigned char uint8_t; 7 | typedef unsigned short uint16_t; 8 | #ifdef _WIN32 9 | typedef unsigned long long uint64_t; 10 | #endif 11 | 12 | #if 0 13 | struct MAC { 14 | uint64_t val; 15 | MAC() {} 16 | MAC(const uint8_t *stream); 17 | MAC(uint64_t val); 18 | MAC(const char *str); 19 | MAC(const MAC& o); 20 | 21 | bool operator==(const MAC& o) const { 22 | return val == o.val; 23 | } 24 | bool operator!=(const MAC& o) const { 25 | return val != o.val; 26 | } 27 | bool operator<(const MAC& o) const { 28 | return val < o.val; 29 | } 30 | 31 | enum { PRINT_FMT_COLON, PRINT_FMT_PLAIN }; 32 | 33 | static MAC broadcast; 34 | static MAC null; 35 | static int print_fmt; 36 | }; 37 | 38 | std::ostream& operator<<(std::ostream& out, const MAC& mac); 39 | std::ostream& operator<<(std::ostream& out, const struct in_addr& ip); 40 | #endif 41 | 42 | char *va(const char *format, ...); 43 | 44 | struct tok { 45 | int v; /* value */ 46 | const char *s; /* string */ 47 | }; 48 | 49 | extern const char * 50 | tok2str(register const struct tok *lp, register const char *fmt, 51 | register int v); 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/scan_md5.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * scan_md5: 4 | * plug-in demonstration that shows how to write a simple plug-in scanner that calculates 5 | * the MD5 of each file.. 6 | */ 7 | 8 | #include "config.h" 9 | #include "bulk_extractor_i.h" 10 | #include "dfxml/src/hash_t.h" 11 | 12 | #include 13 | #include 14 | 15 | 16 | extern "C" 17 | void scan_md5(const class scanner_params &sp,const recursion_control_block &rcb) 18 | { 19 | 20 | if(sp.sp_version!=scanner_params::CURRENT_SP_VERSION){ 21 | std::cerr << "scan_md5 requires sp version " << scanner_params::CURRENT_SP_VERSION << "; " 22 | << "got version " << sp.sp_version << "\n"; 23 | exit(1); 24 | } 25 | 26 | if(sp.phase==scanner_params::PHASE_STARTUP){ 27 | sp.info->name = "md5"; 28 | sp.info->flags = scanner_info::SCANNER_DISABLED; 29 | return; /* No feature files created */ 30 | } 31 | 32 | #ifdef HAVE_EVP_GET_DIGESTBYNAME 33 | if(sp.phase==scanner_params::PHASE_SCAN){ 34 | static const std::string hash0(""); 35 | static const std::string hash1(""); 36 | if(sp.sxml){ 37 | (*sp.sxml) << hash0 << md5_generator::hash_buf(sp.sbuf.buf,sp.sbuf.bufsize).hexdigest() << hash1; 38 | } 39 | return; 40 | } 41 | #endif 42 | } 43 | -------------------------------------------------------------------------------- /m4/ac_prog_javac_works.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVAC_WORKS 2 | dnl 3 | dnl Internal use ONLY. 4 | dnl 5 | dnl Note: This is part of the set of autoconf M4 macros for Java 6 | dnl programs. It is VERY IMPORTANT that you download the whole set, 7 | dnl some macros depend on other. Unfortunately, the autoconf archive 8 | dnl does not support the concept of set of macros, so I had to break it 9 | dnl for submission. The general documentation, as well as the sample 10 | dnl configure.in, is included in the AC_PROG_JAVA macro. 11 | dnl 12 | dnl @category Java 13 | dnl @author Stephane Bortzmeyer 14 | dnl @version 2000-07-19 15 | dnl @license GPLWithACException 16 | 17 | AC_DEFUN([AC_PROG_JAVAC_WORKS],[ 18 | AC_CACHE_CHECK([if $JAVAC works], ac_cv_prog_javac_works, [ 19 | JAVA_TEST=Test.java 20 | CLASS_TEST=Test.class 21 | cat << \EOF > $JAVA_TEST 22 | /* [#]line __oline__ "configure" */ 23 | public class Test { 24 | } 25 | EOF 26 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS $JAVA_TEST) >/dev/null 2>&1; then 27 | ac_cv_prog_javac_works=yes 28 | else 29 | AC_MSG_ERROR([The Java compiler $JAVAC failed (see config.log, check the CLASSPATH?)]) 30 | echo "configure: failed program was:" >&AC_FD_CC 31 | cat $JAVA_TEST >&AC_FD_CC 32 | fi 33 | rm -f $JAVA_TEST $CLASS_TEST 34 | ]) 35 | AC_PROVIDE([$0])dnl 36 | ]) 37 | -------------------------------------------------------------------------------- /m4/slg_mingw_support.m4: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | ## See if we are running on mingw 3 | # http://osdir.com/ml/gnu.mingw.devel/2003-09/msg00040.html 4 | # Note: Windows 95 WINVER=0x400 5 | # Windows 98 WINVER=0x400 _WIN32_WINDOWS=0x0410 6 | # Windows Me WINVER=0x400 _WIN32_WINDOWS=0x0490 7 | # Windows NT 4.0 WINVER=0x0400 _WIN32_WINNT=0x0400 8 | # Windows NT 4.0 SP3 WINVER=0x0400 _WIN32_WINNT=0x0403 9 | # Windows 2000 WINVER=0x500 _WIN32_WINNT=0x0500 10 | # Windows XP WINVER=0x501 _WIN32_WINNT=0x0501 11 | # Windows Server 2003 WINVER=0x502 _WIN32_WINNT=0x0502 12 | # 13 | # mingw32 includes i686-w64-mingw32 and x86_64-w64-mingw32 14 | 15 | mingw="no" 16 | case $host in 17 | *-*-*linux*-*) 18 | AC_DEFINE([__LINUX__],1,[Linux operating system functions]) 19 | ;; 20 | 21 | *mingw*) 22 | LIBS="$LIBS -lpsapi -lws2_32 -lgdi32" 23 | CPPFLAGS="-DUNICODE -D_UNICODE -D__MSVCRT_VERSION__=0x0601 -DWINVER=0x0500 -D_WIN32_WINNT=0x0500 -g $CPPFLAGS" 24 | CPPFLAGS="$CPPFLAGS --static " 25 | CFLAGS="$CFLAGS --static -static-libgcc -static-libstdc++" 26 | CXXFLAGS="$CXXFLAGS -Wno-format " # compiler mingw-4.3.0 is broken on I64u formats 27 | CXXFLAGS="$CXXFLAGS --static -static-libgcc -static-libstdc++" 28 | LDFLAGS="$LDFLAGS --static" 29 | mingw="yes" 30 | ;; 31 | esac 32 | 33 | -------------------------------------------------------------------------------- /src/wifipcap/radiotap.h: -------------------------------------------------------------------------------- 1 | 2 | #include "os.h" 3 | 4 | #ifdef _WIN32 5 | #pragma pack(push, 1) 6 | #endif 7 | struct radiotap_hdr { 8 | bool has_channel; 9 | int channel; 10 | 11 | bool has_fhss; 12 | int fhss_fhset; 13 | int fhss_fhpat; 14 | 15 | bool has_rate; 16 | int rate; 17 | 18 | bool has_signal_dbm; 19 | int signal_dbm; 20 | 21 | bool has_noise_dbm; 22 | int noise_dbm; 23 | 24 | bool has_signal_db; 25 | int signal_db; 26 | 27 | bool has_noise_db; 28 | int noise_db; 29 | 30 | bool has_quality; 31 | int quality; 32 | 33 | bool has_txattenuation; 34 | int txattenuation; 35 | 36 | bool has_txattenuation_db; 37 | int txattenuation_db; 38 | 39 | bool has_txpower_dbm; 40 | int txpower_dbm; 41 | 42 | bool has_flags; 43 | bool flags_cfp; 44 | bool flags_short_preamble; 45 | bool flags_wep; 46 | bool flags_fragmented; 47 | bool flags_badfcs; 48 | 49 | bool has_antenna; 50 | int antenna; 51 | 52 | bool has_tsft; 53 | u_int64_t tsft; 54 | 55 | bool has_rxflags; 56 | int rxflags; 57 | 58 | bool has_txflags; 59 | int txflags; 60 | 61 | bool has_rts_retries; 62 | int rts_retries; 63 | 64 | bool has_data_retries; 65 | int data_retries; 66 | } _PACKED_; 67 | #ifdef _WIN32 68 | #pragma pack(pop) 69 | #endif 70 | -------------------------------------------------------------------------------- /m4/ac_java_options.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_JAVA_OPTIONS 2 | dnl 3 | dnl AC_JAVA_OPTIONS adds configure command line options used for Java 4 | dnl m4 macros. This Macro is optional. 5 | dnl 6 | dnl Note: This is part of the set of autoconf M4 macros for Java 7 | dnl programs. It is VERY IMPORTANT that you download the whole set, 8 | dnl some macros depend on other. Unfortunately, the autoconf archive 9 | dnl does not support the concept of set of macros, so I had to break it 10 | dnl for submission. The general documentation, as well as the sample 11 | dnl configure.in, is included in the AC_PROG_JAVA macro. 12 | dnl 13 | dnl @category Java 14 | dnl @author Devin Weaver 15 | dnl @version 2000-07-19 16 | dnl @license AllPermissive 17 | 18 | AC_DEFUN([AC_JAVA_OPTIONS],[ 19 | AC_ARG_WITH(java-prefix, 20 | [ --with-java-prefix=PFX prefix where Java runtime is installed (optional)]) 21 | AC_ARG_WITH(javac-flags, 22 | [ --with-javac-flags=FLAGS flags to pass to the Java compiler (optional)]) 23 | AC_ARG_WITH(java-flags, 24 | [ --with-java-flags=FLAGS flags to pass to the Java VM (optional)]) 25 | JAVAPREFIX=$with_java_prefix 26 | JAVACFLAGS=$with_javac_flags 27 | JAVAFLAGS=$with_java_flags 28 | AC_SUBST(JAVAPREFIX)dnl 29 | AC_SUBST(JAVACFLAGS)dnl 30 | AC_SUBST(JAVAFLAGS)dnl 31 | AC_SUBST(JAVA)dnl 32 | AC_SUBST(JAVAC)dnl 33 | ]) 34 | -------------------------------------------------------------------------------- /m4/ac_try_compile_java.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_TRY_COMPILE_JAVA 2 | dnl 3 | dnl AC_TRY_COMPILE_JAVA attempt to compile user given source. 4 | dnl 5 | dnl *Warning*: its success or failure can depend on a proper setting of 6 | dnl the CLASSPATH env. variable. 7 | dnl 8 | dnl Note: This is part of the set of autoconf M4 macros for Java 9 | dnl programs. It is VERY IMPORTANT that you download the whole set, 10 | dnl some macros depend on other. Unfortunately, the autoconf archive 11 | dnl does not support the concept of set of macros, so I had to break it 12 | dnl for submission. The general documentation, as well as the sample 13 | dnl configure.in, is included in the AC_PROG_JAVA macro. 14 | dnl 15 | dnl @category Java 16 | dnl @author Devin Weaver 17 | dnl @version 2000-07-19 18 | dnl @license AllPermissive 19 | 20 | AC_DEFUN([AC_TRY_COMPILE_JAVA],[ 21 | AC_REQUIRE([AC_PROG_JAVAC])dnl 22 | cat << \EOF > Test.java 23 | /* [#]line __oline__ "configure" */ 24 | ifelse([$1], , , [import $1;]) 25 | public class Test { 26 | [$2] 27 | } 28 | EOF 29 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS Test.java) && test -s Test.class 30 | then 31 | dnl Don't remove the temporary files here, so they can be examined. 32 | ifelse([$3], , :, [$3]) 33 | else 34 | echo "configure: failed program was:" >&AC_FD_CC 35 | cat Test.java >&AC_FD_CC 36 | ifelse([$4], , , [ rm -fr Test* 37 | $4 38 | ])dnl 39 | fi 40 | rm -fr Test*]) 41 | -------------------------------------------------------------------------------- /src/netviz/legend_view.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This source file is public domain, as it is not based on the original tcpflow. 3 | * 4 | * Author: Michael Shick 5 | */ 6 | 7 | 8 | #ifndef LEGEND_VIEW_H 9 | #define LEGEND_VIEW_H 10 | 11 | #include "plot_view.h" 12 | 13 | class legend_view { 14 | public: 15 | // legend_view::entry to everyone else 16 | class entry_t { 17 | public: 18 | entry_t(plot_view::rgb_t color_, std::string label_, uint16_t port_) : 19 | color(color_), label(label_), port(port_) {} 20 | plot_view::rgb_t color; 21 | std::string label; 22 | uint16_t port; 23 | }; 24 | typedef std::vector entries_t; 25 | 26 | legend_view(entries_t entries_) : 27 | entries(entries_) {} 28 | 29 | void render(cairo_t *cr, const plot_view::bounds_t &bounds) const; 30 | 31 | static const std::string empty_legend_label; 32 | static const double base_font_size; 33 | static const double chip_length; 34 | static const double chip_label_space; 35 | static const double inter_item_space; 36 | static const double padding; 37 | static const double border_width; 38 | static const plot_view::rgb_t border_color; 39 | private: 40 | const entries_t entries; 41 | }; 42 | 43 | inline bool operator<(const legend_view::entry_t &a, const legend_view::entry_t &b) 44 | { 45 | return a.port < b.port; 46 | } 47 | #endif 48 | -------------------------------------------------------------------------------- /src/be13_api/be13_configure.m4: -------------------------------------------------------------------------------- 1 | # 2 | # mix-ins for be13 3 | # 4 | 5 | AC_MSG_NOTICE([Including be13_configure.m4 from be13_api]) 6 | AC_CHECK_HEADERS([err.h pwd.h sys/cdefs.h sys/mman.h sys/resource.h sys/utsname.h unistd.h sqlite3.h ]) 7 | AC_CHECK_FUNCS([gmtime_r ishexnumber isxdigit localtime_r unistd.h mmap err errx warn warnx pread64 pread strptime _lseeki64 utimes ]) 8 | 9 | AC_CHECK_LIB([sqlite3],[sqlite3_libversion]) 10 | AC_CHECK_FUNCS([sqlite3_create_function_v2]) 11 | 12 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wredundant-decls"],[int a=3;], 13 | [AC_DEFINE(HAVE_DIAGNOSTIC_REDUNDANT_DECLS,1,[define 1 if GCC supports -Wredundant-decls])] 14 | ) 15 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wcast-align"],[int a=3;], 16 | [AC_DEFINE(HAVE_DIAGNOSTIC_CAST_ALIGN,1,[define 1 if GCC supports -Wcast-align])] 17 | ) 18 | 19 | AC_TRY_LINK([#include ], 20 | [uint64_t ul; __sync_add_and_fetch(&ul,0);], 21 | AC_DEFINE(HAVE___SYNC_ADD_AND_FETCH,1,[define 1 if __sync_add_and_fetch works on 64-bit numbers])) 22 | 23 | # 24 | # Figure out which version of unordered_map we are going to use 25 | # 26 | AC_LANG_PUSH(C++) 27 | AC_MSG_NOTICE([checking for unordered_map]) 28 | AC_MSG_NOTICE([ CXXFLAGS: $CXXFLAGS]) 29 | AC_CHECK_HEADERS([unordered_map unordered_set],[],[ 30 | AC_CHECK_HEADERS([tr1/unordered_map tr1/unordered_set])]) 31 | AC_MSG_NOTICE([done]) 32 | AC_LANG_POP() 33 | 34 | -------------------------------------------------------------------------------- /m4/ac_prog_jar.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAR 2 | dnl 3 | dnl AC_PROG_JAR tests for an existing jar program. It uses the 4 | dnl environment variable JAR then tests in sequence various common jar 5 | dnl programs. 6 | dnl 7 | dnl If you want to force a specific compiler: 8 | dnl 9 | dnl - at the configure.in level, set JAR=yourcompiler before calling 10 | dnl AC_PROG_JAR 11 | dnl 12 | dnl - at the configure level, setenv JAR 13 | dnl 14 | dnl You can use the JAR variable in your Makefile.in, with @JAR@. 15 | dnl 16 | dnl Note: This macro depends on the autoconf M4 macros for Java 17 | dnl programs. It is VERY IMPORTANT that you download that whole set, 18 | dnl some macros depend on other. Unfortunately, the autoconf archive 19 | dnl does not support the concept of set of macros, so I had to break it 20 | dnl for submission. 21 | dnl 22 | dnl The general documentation of those macros, as well as the sample 23 | dnl configure.in, is included in the AC_PROG_JAVA macro. 24 | dnl 25 | dnl @category Java 26 | dnl @author Egon Willighagen 27 | dnl @version 2000-07-19 28 | dnl @license AllPermissive 29 | 30 | AC_DEFUN([AC_PROG_JAR],[ 31 | AC_REQUIRE([AC_EXEEXT])dnl 32 | if test "x$JAVAPREFIX" = x; then 33 | test "x$JAR" = x && AC_CHECK_PROGS(JAR, jar$EXEEXT) 34 | else 35 | test "x$JAR" = x && AC_CHECK_PROGS(JAR, jar, $JAVAPREFIX) 36 | fi 37 | test "x$JAR" = x && AC_MSG_ERROR([no acceptable jar program found in \$PATH]) 38 | AC_PROVIDE([$0])dnl 39 | ]) 40 | -------------------------------------------------------------------------------- /m4/ac_try_run_javac.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_TRY_RUN_JAVA 2 | dnl 3 | dnl AC_TRY_RUN_JAVA attempt to compile and run user given source. 4 | dnl 5 | dnl *Warning*: its success or failure can depend on a proper setting of 6 | dnl the CLASSPATH env. variable. 7 | dnl 8 | dnl Note: This is part of the set of autoconf M4 macros for Java 9 | dnl programs. It is VERY IMPORTANT that you download the whole set, 10 | dnl some macros depend on other. Unfortunately, the autoconf archive 11 | dnl does not support the concept of set of macros, so I had to break it 12 | dnl for submission. The general documentation, as well as the sample 13 | dnl configure.in, is included in the AC_PROG_JAVA macro. 14 | dnl 15 | dnl @category Java 16 | dnl @author Devin Weaver 17 | dnl @version 2000-07-19 18 | dnl @license AllPermissive 19 | 20 | AC_DEFUN([AC_TRY_RUN_JAVA],[ 21 | AC_REQUIRE([AC_PROG_JAVAC])dnl 22 | AC_REQUIRE([AC_PROG_JAVA])dnl 23 | cat << \EOF > Test.java 24 | /* [#]line __oline__ "configure" */ 25 | ifelse([$1], , , [include $1;]) 26 | public class Test { 27 | [$2] 28 | } 29 | EOF 30 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS Test.java) && test -s Test.class && ($JAVA $JAVAFLAGS Test; exit) 2>/dev/null 31 | then 32 | dnl Don't remove the temporary files here, so they can be examined. 33 | ifelse([$3], , :, [$3]) 34 | else 35 | echo "configure: failed program was:" >&AC_FD_CC 36 | cat Test.java >&AC_FD_CC 37 | ifelse([$4], , , [ rm -fr Test* 38 | $4 39 | ])dnl 40 | fi 41 | rm -fr Test*]) 42 | -------------------------------------------------------------------------------- /src/intrusive_list.h: -------------------------------------------------------------------------------- 1 | #ifndef INTRUSIVE_LIST_H 2 | #define INTRUSIVE_LIST_H 3 | 4 | #include 5 | #include 6 | 7 | // implement boost::intrusive::list using std::list 8 | 9 | template 10 | class intrusive_list { 11 | public: 12 | intrusive_list():li(), len(0) {} 13 | 14 | typedef typename std::list::iterator iterator; 15 | 16 | inline void push_back(T* node) { 17 | li.push_back(node); 18 | len++; 19 | node->it = --li.end(); 20 | } 21 | 22 | inline void erase(T* node) { 23 | if (!is_linked(node)) 24 | return; 25 | li.erase(node->it); 26 | len--; 27 | reset(node); 28 | } 29 | 30 | inline void move_to_end(T* node) { 31 | if (!is_linked(node)) 32 | return; 33 | li.splice(li.end(), li, node->it); 34 | } 35 | 36 | inline void reset(T* node) { 37 | node->it = li.end(); 38 | } 39 | 40 | inline bool empty() { 41 | return li.empty(); 42 | } 43 | 44 | inline size_t size() { 45 | // std::list.size() is O(n) in some platform. Is there any define flag for that? 46 | //return li.size(); 47 | return len; 48 | } 49 | 50 | inline iterator begin() { 51 | return li.begin(); 52 | } 53 | 54 | inline iterator end() { 55 | return li.end(); 56 | } 57 | 58 | private: 59 | inline bool is_linked(T* node) { 60 | return node->it != li.end(); 61 | } 62 | 63 | std::list li; 64 | size_t len; 65 | }; 66 | 67 | #endif // INTRUSIVE_LIST_H 68 | -------------------------------------------------------------------------------- /m4/ac_prog_javadoc.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVADOC 2 | dnl 3 | dnl AC_PROG_JAVADOC tests for an existing javadoc generator. It uses 4 | dnl the environment variable JAVADOC then tests in sequence various 5 | dnl common javadoc generator. 6 | dnl 7 | dnl If you want to force a specific compiler: 8 | dnl 9 | dnl - at the configure.in level, set JAVADOC=yourgenerator before 10 | dnl calling AC_PROG_JAVADOC 11 | dnl 12 | dnl - at the configure level, setenv JAVADOC 13 | dnl 14 | dnl You can use the JAVADOC variable in your Makefile.in, with 15 | dnl @JAVADOC@. 16 | dnl 17 | dnl Note: This macro depends on the autoconf M4 macros for Java 18 | dnl programs. It is VERY IMPORTANT that you download that whole set, 19 | dnl some macros depend on other. Unfortunately, the autoconf archive 20 | dnl does not support the concept of set of macros, so I had to break it 21 | dnl for submission. 22 | dnl 23 | dnl The general documentation of those macros, as well as the sample 24 | dnl configure.in, is included in the AC_PROG_JAVA macro. 25 | dnl 26 | dnl @category Java 27 | dnl @author Egon Willighagen 28 | dnl @version 2000-07-19 29 | dnl @license AllPermissive 30 | 31 | AC_DEFUN([AC_PROG_JAVADOC],[ 32 | AC_REQUIRE([AC_EXEEXT])dnl 33 | if test "x$JAVAPREFIX" = x; then 34 | test "x$JAVADOC" = x && AC_CHECK_PROGS(JAVADOC, javadoc$EXEEXT) 35 | else 36 | test "x$JAVADOC" = x && AC_CHECK_PROGS(JAVADOC, javadoc, $JAVAPREFIX) 37 | fi 38 | test "x$JAVADOC" = x && AC_MSG_ERROR([no acceptable javadoc generator found in \$PATH]) 39 | AC_PROVIDE([$0])dnl 40 | ]) 41 | -------------------------------------------------------------------------------- /src/inet_ntop.c: -------------------------------------------------------------------------------- 1 | /** 2 | * private implementaiton if inet_ntop for systems that don't have it. 3 | * Functionally, correct, this version doesn't do condensing of IPv6 addresses, 4 | * and is kind of slow. 5 | * 6 | * This is included if the OS does not have inet_ntop. 7 | * 8 | * PUBLIC DOMAIN. 9 | * Simson L. Garfinkel, Jan 20, 2013 10 | */ 11 | 12 | static const char *inet_ntop4(const struct in_addr *addr, char *buf, socklen_t buflen) 13 | { 14 | const uint8_t *a = (uint8_t *)addr; 15 | snprintf(buf,buflen,"%03d.%03d.%03d.%03d", a[0], a[1], a[2], a[3]); 16 | return buf; 17 | } 18 | 19 | static const char *inet_ntop6(const struct private_in6_addr *addr, char *buf, socklen_t buflen) 20 | { 21 | const char *obuf=buf; 22 | const uint8_t *a = (uint8_t *)addr; 23 | for(size_t i=0;i<16;i++){ 24 | if(buflen<2) return 0; /* can't convert */ 25 | snprintf(buf,buflen,"%02x",a[i]); 26 | buf+=2; 27 | buflen-=2; 28 | if(i>0 && i<15 && i%2==1){ 29 | if(buflen<1) return 0; 30 | buf[0] = ':'; 31 | buf++; 32 | buflen--; 33 | } 34 | } 35 | if(buflen<1) return 0; 36 | buf[0] = 0; 37 | return obuf; 38 | } 39 | 40 | const char * 41 | inet_ntop(int af, const void *addr, char *buf, socklen_t len) 42 | { 43 | switch(af){ 44 | case AF_INET: 45 | return inet_ntop4((const struct in_addr *)addr, buf, len); 46 | case AF_INET6: 47 | return inet_ntop6((const struct private_in6_addr *)addr, buf, len); 48 | } 49 | return NULL; 50 | } 51 | -------------------------------------------------------------------------------- /src/be13_api/cppmutex.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | 3 | /** 4 | * Cppmutex is an easy-to-use mutex class. 5 | * Create a cppmutex instance for a mutex. 6 | * Create a cppmutex::lock(M) object to get a lock; delete the object to free it. 7 | * 8 | * BE SURE THAT HAVE_PTHREAD IS DEFINED BEFORE INCLUDING THIS FILE 9 | */ 10 | 11 | 12 | #ifndef CPPMUTEX_H 13 | #define CPPMUTEX_H 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | #include 21 | #include 22 | 23 | class cppmutex { 24 | // default copy construction and assignment are meaningless and not implemented 25 | cppmutex(const cppmutex &c); 26 | cppmutex &operator=(const cppmutex &cp); 27 | 28 | public: 29 | pthread_mutex_t M; 30 | public: 31 | cppmutex():M(){ 32 | if(pthread_mutex_init(&M,NULL)){ 33 | std::cerr << "pthread_mutex_init failed: " << strerror(errno) << "\n"; 34 | exit(1); 35 | } 36 | } 37 | virtual ~cppmutex(){ 38 | pthread_mutex_destroy(&M); 39 | } 40 | class lock { // get 41 | private: 42 | cppmutex &myMutex; 43 | lock(const lock &l); // copy of locks is meaningless 44 | lock &operator=(const lock &l); 45 | public: 46 | lock(cppmutex &m):myMutex(m){ 47 | pthread_mutex_lock(&myMutex.M); 48 | } 49 | ~lock(){ 50 | pthread_mutex_unlock(&myMutex.M); 51 | } 52 | }; 53 | }; 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /src/netviz/address_histogram_view.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This source file is public domain, as it is not based on the original tcpflow. 3 | * 4 | * Author: Michael Shick 5 | */ 6 | 7 | 8 | #ifndef ADDRESS_HISTOGRAM_VIEW_H 9 | #define ADDRESS_HISTOGRAM_VIEW_H 10 | 11 | #include "config.h" 12 | #ifdef HAVE_LIBCAIRO 13 | 14 | #include "plot_view.h" 15 | #include "address_histogram.h" 16 | 17 | class address_histogram_view : public plot_view { 18 | public: 19 | address_histogram_view(const address_histogram &histogram_); 20 | 21 | class bucket_view { 22 | public: 23 | bucket_view(const iptree::addr_elem &bucket_, 24 | const rgb_t &color_) : 25 | bucket(bucket_), color(color_) {} 26 | 27 | const iptree::addr_elem &bucket; 28 | const rgb_t &color; 29 | 30 | static const double label_font_size; 31 | 32 | void render(cairo_t *cr, const bounds_t &bounds); 33 | void render_label(cairo_t *cr, const bounds_t &bounds); 34 | }; 35 | 36 | const address_histogram &histogram; 37 | rgb_t bar_color; 38 | rgb_t cdf_color; 39 | 40 | static const double bar_space_factor; 41 | static const size_t compressed_ip6_str_max_len; 42 | static const double cdf_line_width; 43 | static const double data_width_factor; 44 | 45 | void render(cairo_t *cr, const bounds_t &bounds); 46 | void render_data(cairo_t *cr, const bounds_t &bounds); 47 | const address_histogram &get_data() const; 48 | 49 | static std::string compressed_ip6_str(iptree::addr_elem address); 50 | }; 51 | 52 | #endif 53 | #endif 54 | -------------------------------------------------------------------------------- /src/scan_wifiviz.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * scan_wifiviz: 3 | * 4 | * Use the wifipcap and do some basic visualizations 5 | */ 6 | 7 | #include "config.h" 8 | #include 9 | #include 10 | 11 | #include "bulk_extractor_i.h" 12 | #include "datalink_wifi.h" 13 | 14 | extern "C" 15 | void scan_wifiviz(const class scanner_params &sp,const recursion_control_block &rcb) 16 | { 17 | if(sp.sp_version!=scanner_params::CURRENT_SP_VERSION){ 18 | std::cout << "scan_timehistogram requires sp version " 19 | << scanner_params::CURRENT_SP_VERSION << "; " 20 | << "got version " << sp.sp_version << "\n"; 21 | exit(1); 22 | } 23 | 24 | if(sp.phase==scanner_params::PHASE_STARTUP){ 25 | sp.info->name = "wifiviz"; 26 | sp.info->flags = scanner_info::SCANNER_DISABLED; 27 | sp.info->author= "Simson Garfinkel"; 28 | sp.info->packet_user = 0; 29 | sp.info->description = "Performs wifi isualization"; 30 | sp.info->get_config("check_fcs",&TFCB::theTFCB.opt_check_fcs,"Require valid Frame Check Sum (FCS)"); 31 | } 32 | if(sp.phase==scanner_params::PHASE_SHUTDOWN){ 33 | if(sp.sxml){ 34 | (*sp.sxml) << "\n"; 35 | for(TFCB::mac_ssid_map_t::const_iterator it=TFCB::theTFCB.mac_to_ssid.begin(); 36 | it!=TFCB::theTFCB.mac_to_ssid.end();it++){ 37 | (*sp.sxml) << " \n"; 39 | } 40 | (*sp.sxml) << "\n"; 41 | } 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /src/netviz/port_histogram.h: -------------------------------------------------------------------------------- 1 | /** 2 | * port_histogram.h: 3 | * Show packets received vs port 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #ifndef PORT_HISTOGRAM_H 12 | #define PORT_HISTOGRAM_H 13 | 14 | class port_histogram { 15 | public: 16 | port_histogram() : 17 | port_counts(), data_bytes_ingested(0), buckets(), buckets_dirty(true) {} 18 | 19 | class port_count { 20 | public: 21 | port_count(uint16_t port_, uint64_t count_) : 22 | port(port_), count(count_) {} 23 | uint16_t port; 24 | uint64_t count; 25 | }; 26 | //typedef uint16_t port_t; 27 | 28 | class descending_counts { 29 | public: 30 | bool operator()(const port_count &a, const port_count &b); 31 | }; 32 | 33 | void increment(uint16_t port, uint64_t delta); 34 | const port_count &at(size_t index); 35 | size_t size(); 36 | uint64_t ingest_count() const; 37 | 38 | typedef std::vector port_count_vector; 39 | 40 | port_count_vector::const_iterator begin(); 41 | port_count_vector::const_iterator end(); 42 | port_count_vector::const_reverse_iterator rbegin(); 43 | port_count_vector::const_reverse_iterator rend(); 44 | 45 | static const size_t bucket_count; 46 | 47 | private: 48 | typedef std::map port_counts_t; 49 | port_counts_t port_counts; 50 | uint64_t data_bytes_ingested; 51 | std::vector buckets; 52 | bool buckets_dirty; 53 | 54 | void refresh_buckets(); 55 | }; 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /src/datalink_wifi.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * wifi datalink function and callbacks to handle 802.11 3 | * In addition to calling process_packet_info() for the packets, 4 | * it maintains some 802.11 specific databases. 5 | */ 6 | 7 | #include "tcpflow.h" 8 | #include "datalink_wifi.h" 9 | 10 | /** 11 | * TFCB --- TCPFLOW callbacks for wifippcap 12 | */ 13 | 14 | void TFCB::Handle80211(const WifiPacket &p, u_int16_t fc, const MAC& sa, const MAC& da, const MAC& ra, const MAC& ta, const u_char *ptr, size_t len) 15 | { 16 | } 17 | 18 | void TFCB::HandleLLC(const WifiPacket &p, const struct llc_hdr_t *hdr, const u_char *rest, size_t len) { 19 | sbuf_t sb(pos0_t(),rest,len,len,0,false,false,false); 20 | struct timeval tv; 21 | be13::packet_info pi(p.header_type,p.header,p.packet,tvshift(tv,p.header->ts),rest,len); 22 | be13::plugin::process_packet(pi); 23 | } 24 | 25 | void TFCB::Handle80211MgmtBeacon(const WifiPacket &p, const mgmt_header_t *hdr, const mgmt_body_t *body) 26 | { 27 | #ifdef DEBUG_WIFI 28 | std::cerr << " " << "802.11 mgmt: " << hdr->sa << " beacon " << body->ssid.ssid << "\""; 29 | #endif 30 | mac_ssid bcn(hdr->sa,std::string(body->ssid.ssid)); 31 | mac_to_ssid[bcn] += 1; 32 | } 33 | 34 | 35 | /* Entrance point */ 36 | TFCB TFCB::theTFCB; // singleton 37 | static Wifipcap theWcap; 38 | void dl_ieee802_11_radio(u_char *user, const struct pcap_pkthdr *h, const u_char *p) 39 | { 40 | theWcap.handle_packet(&TFCB::theTFCB,DLT_IEEE802_11_RADIO,h,p); 41 | } 42 | 43 | void dl_prism(u_char *user, const struct pcap_pkthdr *h, const u_char *p) 44 | { 45 | #ifdef DLT_PRISM_HEADER 46 | theWcap.handle_packet(&TFCB::theTFCB,DLT_PRISM_HEADER,h,p); 47 | #endif 48 | } 49 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Backup Files and autoconf nonsense 3 | # Compiled source # 4 | # Executables 5 | # Logs and databases # 6 | # OS generated files # 7 | # Packages # 8 | # git has its own built in compression methods 9 | # http://help.github.com/ignore-files/ 10 | # http://stackoverflow.com/questions/3290908/which-files-generated-by-autotools-should-i-keep-in-git-repository 11 | # it's better to unpack these files and commit the raw source 12 | # plus vim backups 13 | ############ 14 | ################### 15 | ###################### 16 | *.7z 17 | *.a 18 | *.aff 19 | *.class 20 | *.com 21 | *.dll 22 | *.dmg 23 | *.exe 24 | *.gz 25 | *.iso 26 | *.jar 27 | *.log 28 | *.o 29 | *.obj 30 | *.pyc 31 | *.rar 32 | *.sig 33 | *.so 34 | *.sql 35 | *.sqlite 36 | *.swp 37 | *.tar 38 | *.trs 39 | *.zip 40 | *~ 41 | .DS_Store 42 | .DS_Store* 43 | .deps 44 | .dirstamp 45 | .libs 46 | Icon? 47 | Makefile 48 | Makefile.in 49 | TAGS 50 | Thumbs.db 51 | a.out.dSYM 52 | aclocal.m4 53 | affconfig.h 54 | affconfig.h.in 55 | afflib-*.tar.gz 56 | afflib.lib 57 | afflib.pc 58 | afflib.spec 59 | autom4te.cache 60 | config.guess 61 | config.h 62 | config.h.in 63 | config.log 64 | config.status 65 | config.sub 66 | configure 67 | depcomp 68 | doc/tcpflow.1 69 | ehthumbs.db 70 | install-sh 71 | libtool 72 | ltmain.sh 73 | m4/libtool.m4 74 | m4/ltoptions.m4 75 | m4/ltsugar.m4 76 | m4/ltversion.m4 77 | m4/lt~obsolete.m4 78 | missing 79 | out 80 | out-* 81 | report.xml 82 | src/a.out 83 | src/config.h 84 | src/iphtest-nitroba-100.txt 85 | src/iphtest-nitroba-1000.txt 86 | src/iphtest-nitroba-10000.txt 87 | src/tcpflow 88 | stamp-h* 89 | tags 90 | tcpflow.spec 91 | test-driver 92 | tests/*.pdf 93 | tests/out 94 | tests/packet1.pcap 95 | *.d 96 | ar-lib 97 | tcpflow-1.6.1 98 | -------------------------------------------------------------------------------- /src/be13_api/utf8.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | // Copyright 2006 Nemanja Trifunovic 3 | 4 | /* 5 | Permission is hereby granted, free of charge, to any person or organization 6 | obtaining a copy of the software and accompanying documentation covered by 7 | this license (the "Software") to use, reproduce, display, distribute, 8 | execute, and transmit the Software, and to prepare derivative works of the 9 | Software, and to permit third-parties to whom the Software is furnished to 10 | do so, all subject to the following: 11 | 12 | The copyright notices in the Software and this entire statement, including 13 | the above license grant, this restriction and the following disclaimer, 14 | must be included in all copies of the Software, in whole or in part, and 15 | all derivative works of the Software, unless such copies or derivative 16 | works are solely in the form of machine-executable object code generated by 17 | a source language processor. 18 | 19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 20 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 21 | FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT 22 | SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE 23 | FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, 24 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | */ 27 | 28 | 29 | #ifndef UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731 30 | #define UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731 31 | 32 | #include "utf8/checked.h" 33 | #include "utf8/unchecked.h" 34 | 35 | #endif // header guard 36 | -------------------------------------------------------------------------------- /tcpflow.spec.in: -------------------------------------------------------------------------------- 1 | %global _hardened_build 1 2 | 3 | Name: tcpflow 4 | Version: @VERSION@ 5 | Release: 0%{?dist} 6 | License: GPLv3 7 | Summary: Network traffic recorder 8 | URL: https://github.com/simsong/tcpflow 9 | Source0: http://digitalcorpora.org/downloads/%{name}/%{name}-%{version}.tar.gz 10 | 11 | BuildRequires: boost-devel 12 | #BuildRequires: bzip2-devel 13 | BuildRequires: cairo-devel 14 | BuildRequires: libpcap-devel 15 | BuildRequires: openssl-devel 16 | BuildRequires: zlib-devel 17 | 18 | %description 19 | tcpflow is a program that captures data transmitted as part of TCP 20 | connections (flows), and stores the data in a way that is convenient 21 | for protocol analysis or debugging. A program like 'tcpdump' shows a 22 | summary of packets seen on the wire, but usually doesn't store the 23 | data that's actually being transmitted. In contrast, tcpflow 24 | reconstructs the actual data streams and stores each flow in a 25 | separate file for later analysis. 26 | 27 | %prep 28 | %setup -q 29 | 30 | %build 31 | export CPPFLAGS="%{optflags}" 32 | export LDFLAGS="%{__global_ldflags}" 33 | %configure 34 | make %{?_smp_mflags} 35 | 36 | %install 37 | make DESTDIR=%{buildroot} INSTALL='install -p' install 38 | 39 | %check 40 | #make check 41 | 42 | %files 43 | %doc AUTHORS COPYING ChangeLog NEWS README 44 | %{_bindir}/tcpflow 45 | %{_mandir}/man1/tcpflow.1* 46 | 47 | %changelog 48 | 49 | * Sun Jun 04 2017 O. Libre - 1.4.6-0 50 | - Apply improvements from Fedora Packages repo https://src.fedoraproject.org/cgit/rpms/?q=tcpflow 51 | 52 | * Sun Feb 26 2012 Simson Garfinkel - 1.2 53 | - Rewrite for version 1.2 54 | 55 | * Thu Apr 22 1999 Ross Golder - 0.12 56 | - Wrote for version 0.12 57 | 58 | -------------------------------------------------------------------------------- /src/datalink_wifi.h: -------------------------------------------------------------------------------- 1 | #ifndef DATALINK_WIFI_H 2 | #define DATALINK_WIFI_H 3 | 4 | #include 5 | #include 6 | #include "wifipcap.h" 7 | 8 | //#define DEBUG_WIFI 9 | 10 | class TFCB : public WifipcapCallbacks { 11 | private: 12 | 13 | public: 14 | bool opt_check_fcs; 15 | 16 | typedef struct mac_ssid { 17 | mac_ssid(const MAC &mac_,const std::string &ssid_):mac(mac_),ssid(ssid_){} 18 | const MAC mac; 19 | const std::string ssid; 20 | bool operator<(const struct mac_ssid &b) const{ 21 | if (mac < b.mac) return true; 22 | if (b.mac < mac) return false; 23 | return ssid < b.ssid; 24 | }; 25 | } mac_ssid_t; 26 | 27 | typedef struct { 28 | bool operator() (const struct mac_ssid &a, const struct mac_ssid &b) const { 29 | if (a.mac < b.mac) return true; 30 | if (b.mac < a.mac) return false; 31 | return a.ssid < b.ssid; 32 | } 33 | } mac_ssid_lt; 34 | typedef std::set mac_ssid_set_t; 35 | typedef std::map mac_ssid_map_t; 36 | mac_ssid_map_t mac_to_ssid; // mapping of macs to SSIDs 37 | 38 | static TFCB theTFCB; 39 | TFCB():opt_check_fcs(true),mac_to_ssid(){} 40 | 41 | virtual bool Check80211FCS(const WifiPacket &p) { return opt_check_fcs; } 42 | virtual void Handle80211(const WifiPacket &p,u_int16_t fc, const MAC& sa, const MAC& da, 43 | const MAC& ra, const MAC& ta, const u_char *ptr, size_t len) ; 44 | 45 | void HandleLLC(const WifiPacket &p,const struct llc_hdr_t *hdr, const u_char *rest, size_t len) ; 46 | void Handle80211MgmtBeacon(const WifiPacket &p,const mgmt_header_t *hdr, const mgmt_body_t *body) ; 47 | }; 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/netviz/port_histogram_view.h: -------------------------------------------------------------------------------- 1 | /** 2 | * port_histogram_view.h: 3 | * 4 | * This source file is public domain, as it is not based on the original tcpflow. 5 | * 6 | * Author: Michael Shick 7 | * 8 | */ 9 | 10 | #ifndef PORT_HISTOGRAM_VIEW_H 11 | #define PORT_HISTOGRAM_VIEW_H 12 | 13 | #include "config.h" 14 | #ifdef HAVE_LIBCAIRO 15 | 16 | #include "plot_view.h" 17 | #include "port_histogram.h" 18 | 19 | class port_histogram_view : public plot_view { 20 | public: 21 | port_histogram_view(port_histogram &histogram_, 22 | const std::map &color_map_, 23 | const rgb_t &default_color, const rgb_t &cdf_color_); 24 | 25 | class bucket_view { 26 | public: 27 | bucket_view(const port_histogram::port_count &bucket_, 28 | const rgb_t &color_) : 29 | bucket(bucket_), color(color_), chip_height(0.0), chip_offset(0.0) {} 30 | 31 | const port_histogram::port_count &bucket; 32 | const rgb_t &color; 33 | double chip_height; 34 | double chip_offset; 35 | 36 | static const double label_font_size; 37 | static const double chip_width_factor; 38 | 39 | void render(cairo_t *cr, const bounds_t &bounds); 40 | void render_label(cairo_t *cr, const bounds_t &bounds); 41 | }; 42 | 43 | port_histogram &histogram; 44 | const std::map &color_map; 45 | const rgb_t &default_color; 46 | const rgb_t &cdf_color; 47 | 48 | static const double bar_space_factor; 49 | static const double bar_chip_size_factor; 50 | static const double cdf_line_width; 51 | static const double data_width_factor; 52 | 53 | void render(cairo_t *cr, const bounds_t &bounds); 54 | void render_data(cairo_t *cr, const bounds_t &bounds); 55 | port_histogram &get_data(); 56 | }; 57 | 58 | #endif 59 | #endif 60 | -------------------------------------------------------------------------------- /python/plugins/samplePlugin.py: -------------------------------------------------------------------------------- 1 | ## Example of a python plugin for tcpflow. 2 | ## This sample contains three functions. 3 | 4 | ## The first function takes a string and returns a sample message. 5 | ## The input string contains the application data from tcpflow's buffer. 6 | 7 | def sampleFunction(appData): 8 | return "This message appears in the XML tag 'tcpflow:result' of report.xml (DFXML)." 9 | 10 | ## The second function takes a string (application data) 11 | ## and writes the application (HTTP) header data to the file 12 | ## myOutput.txt located in the python director. 13 | ## This function does not return and simply prints to stdout. 14 | 15 | def headerWriter(appData): 16 | fName = "myOutput.txt" 17 | f = open("python/" + fName, 'a') 18 | headerFinish = appData.find("\r\n\r\n") + 4 19 | headerData = appData[:headerFinish+1] 20 | f.write(headerData) 21 | f.close() 22 | print "Wrote data to " + fName 23 | 24 | ## The third function takes a string (application data) 25 | ## parses the HTTP message (without headers) 26 | ## performs a bitwise xor operation with a key defined in the function 27 | ## and returns the text corresponding to this binary result. 28 | 29 | def xorOp(appData): 30 | # Assume variable buffer includes message data. 31 | dataStart = appData.find("\r\n\r\n") + 4 32 | httpData = appData[dataStart:] 33 | binaryData = ''.join(format(ord(x), 'b') for x in httpData) 34 | if len(binaryData) < 1: 35 | return 0 36 | 37 | key = "01101011101" 38 | keyLen = len(key) 39 | newKey = "" 40 | while len(newKey) + keyLen <= len(binaryData): 41 | newKey += key 42 | i = 0 43 | while len(newKey) < len(binaryData): 44 | if i == keyLen: 45 | i = 0 46 | newKey += key[i] 47 | i += 1 48 | xorRes = int(binaryData,2) ^ int(newKey,2) 49 | return '{0:b}'.format(xorRes) 50 | -------------------------------------------------------------------------------- /src/wifipcap/TimeVal.cpp: -------------------------------------------------------------------------------- 1 | //////////////////////////////////////////////////////////////////////////////// 2 | // Mercury and Colyseus Software Distribution 3 | // 4 | // Copyright (C) 2004-2005 Ashwin Bharambe (ashu@cs.cmu.edu) 5 | // 2004-2005 Jeffrey Pang (jeffpang@cs.cmu.edu) 6 | // 2004 Mukesh Agrawal (mukesh@cs.cmu.edu) 7 | // 8 | // This program is free software; you can redistribute it and/or 9 | // modify it under the terms of the GNU General Public License as 10 | // published by the Free Software Foundation; either version 2, or (at 11 | // your option) any later version. 12 | // 13 | // This program is distributed in the hope that it will be useful, but 14 | // WITHOUT ANY WARRANTY; without even the implied warranty of 15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | // General Public License for more details. 17 | // 18 | // You should have received a copy of the GNU General Public License 19 | // along with this program; if not, write to the Free Software 20 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 21 | // USA 22 | //////////////////////////////////////////////////////////////////////////////// 23 | /* -*- Mode:c++; c-basic-offset:4; tab-width:4; indent-tabs-mode:t -*- */ 24 | 25 | /************************************************************************** 26 | TimeVal.cpp 27 | 28 | begin : Oct 16, 2003 29 | version : $Id: TimeVal.cpp,v 1.1.1.1 2006/12/14 01:22:11 jpang Exp $ 30 | copyright : (C) 2003 Jeff Pang ( jeffpang@cs.cmu.edu ) 31 | (C) 2003 Justin Weisz ( jweisz@cs.cmu.edu ) 32 | 33 | ***************************************************************************/ 34 | 35 | #include 36 | #include 37 | #include "TimeVal.h" 38 | 39 | //using namespace std; 40 | 41 | TimeVal TIME_NONE = {0,0}; 42 | 43 | -------------------------------------------------------------------------------- /m4/ac_prog_javac.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVAC 2 | dnl 3 | dnl AC_PROG_JAVAC tests an existing Java compiler. It uses the 4 | dnl environment variable JAVAC then tests in sequence various common 5 | dnl Java compilers. For political reasons, it starts with the free 6 | dnl ones. 7 | dnl 8 | dnl If you want to force a specific compiler: 9 | dnl 10 | dnl - at the configure.in level, set JAVAC=yourcompiler before calling 11 | dnl AC_PROG_JAVAC 12 | dnl 13 | dnl - at the configure level, setenv JAVAC 14 | dnl 15 | dnl You can use the JAVAC variable in your Makefile.in, with @JAVAC@. 16 | dnl 17 | dnl *Warning*: its success or failure can depend on a proper setting of 18 | dnl the CLASSPATH env. variable. 19 | dnl 20 | dnl TODO: allow to exclude compilers (rationale: most Java programs 21 | dnl cannot compile with some compilers like guavac). 22 | dnl 23 | dnl Note: This is part of the set of autoconf M4 macros for Java 24 | dnl programs. It is VERY IMPORTANT that you download the whole set, 25 | dnl some macros depend on other. Unfortunately, the autoconf archive 26 | dnl does not support the concept of set of macros, so I had to break it 27 | dnl for submission. The general documentation, as well as the sample 28 | dnl configure.in, is included in the AC_PROG_JAVA macro. 29 | dnl 30 | dnl @category Java 31 | dnl @author Stephane Bortzmeyer 32 | dnl @version 2000-07-19 33 | dnl @license GPLWithACException 34 | 35 | AC_DEFUN([AC_PROG_JAVAC],[ 36 | AC_REQUIRE([AC_EXEEXT])dnl 37 | if test "x$JAVAPREFIX" = x; then 38 | test "x$JAVAC" = x && AC_CHECK_PROGS(JAVAC, "gcj$EXEEXT -C" guavac$EXEEXT jikes$EXEEXT javac$EXEEXT) 39 | else 40 | test "x$JAVAC" = x && AC_CHECK_PROGS(JAVAC, "gcj$EXEEXT -C" guavac$EXEEXT jikes$EXEEXT javac$EXEEXT, $JAVAPREFIX) 41 | fi 42 | test "x$JAVAC" = x && AC_MSG_ERROR([no acceptable Java compiler found in \$PATH]) 43 | AC_PROG_JAVAC_WORKS 44 | AC_PROVIDE([$0])dnl 45 | ]) 46 | -------------------------------------------------------------------------------- /m4/ac_check_junit.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_CHECK_JUNIT 2 | dnl 3 | dnl AC_CHECK_JUNIT tests the availability of the Junit testing 4 | dnl framework, and set some variables for conditional compilation of 5 | dnl the test suite by automake. 6 | dnl 7 | dnl If available, JUNIT is set to a command launching the text based 8 | dnl user interface of Junit, @JAVA_JUNIT@ is set to $JAVA_JUNIT and 9 | dnl @TESTS_JUNIT@ is set to $TESTS_JUNIT, otherwise they are set to 10 | dnl empty values. 11 | dnl 12 | dnl You can use these variables in your Makefile.am file like this : 13 | dnl 14 | dnl # Some of the following classes are built only if junit is available 15 | dnl JAVA_JUNIT = Class1Test.java Class2Test.java AllJunitTests.java 16 | dnl 17 | dnl noinst_JAVA = Example1.java Example2.java @JAVA_JUNIT@ 18 | dnl 19 | dnl EXTRA_JAVA = $(JAVA_JUNIT) 20 | dnl 21 | dnl TESTS_JUNIT = AllJunitTests 22 | dnl 23 | dnl TESTS = StandaloneTest1 StandaloneTest2 @TESTS_JUNIT@ 24 | dnl 25 | dnl EXTRA_TESTS = $(TESTS_JUNIT) 26 | dnl 27 | dnl AllJunitTests : 28 | dnl echo "#! /bin/sh" > $@ 29 | dnl echo "exec @JUNIT@ my.package.name.AllJunitTests" >> $@ 30 | dnl chmod +x $@ 31 | dnl 32 | dnl @category Java 33 | dnl @author Luc Maisonobe 34 | dnl @version 2001-03-02 35 | dnl @license AllPermissive 36 | 37 | AC_DEFUN([AC_CHECK_JUNIT],[ 38 | AC_CACHE_VAL(ac_cv_prog_JUNIT,[ 39 | AC_CHECK_CLASS(junit.textui.TestRunner) 40 | if test x"`eval 'echo $ac_cv_class_junit_textui_TestRunner'`" != xno ; then 41 | ac_cv_prog_JUNIT='$(CLASSPATH_ENV) $(JAVA) $(JAVAFLAGS) junit.textui.TestRunner' 42 | fi]) 43 | AC_MSG_CHECKING([for junit]) 44 | if test x"`eval 'echo $ac_cv_prog_JUNIT'`" != x ; then 45 | JUNIT="$ac_cv_prog_JUNIT" 46 | JAVA_JUNIT='$(JAVA_JUNIT)' 47 | TESTS_JUNIT='$(TESTS_JUNIT)' 48 | else 49 | JUNIT= 50 | JAVA_JUNIT= 51 | TESTS_JUNIT= 52 | fi 53 | AC_MSG_RESULT($JAVA_JUNIT) 54 | AC_SUBST(JUNIT) 55 | AC_SUBST(JAVA_JUNIT) 56 | AC_SUBST(TESTS_JUNIT)]) 57 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # Makefile.am for tcpflow 2 | # 3 | SUBDIRS = src doc tests 4 | EXTRA_DIST = tcpflow.spec.in TODO.txt m4/ax_pthread.m4 5 | ACLOCAL_AMFLAGS = -I m4 6 | AM_CFLAGS = -Wall 7 | 8 | renew: 9 | touch NEWS README AUTHORS ChangeLog stamp-h 10 | aclocal 11 | autoheader -f 12 | autoconf -f 13 | automake --add-missing -c 14 | 15 | grenew: 16 | touch NEWS README AUTHORS ChangeLog stamp-h 17 | aclocal 18 | autoheader -f 19 | autoconf -f 20 | automake --add-missing -c 21 | 22 | 23 | # For testing: 24 | pdft: 25 | (cd src;make tcpflow) 26 | /bin/rm -rf out 27 | src/tcpflow -a -o out -r /corp/nps/packets/2008-nitroba/nitroba.pcap -w out/extra.pcap 28 | open out/report.pdf 29 | 30 | # 31 | # AFFLIB RELEASE SYSTEM V1.0 FOLLOWS 32 | # 33 | 34 | RELEASE_USER = simsong@ 35 | RELEASE_HOST = digitalcorpora.org 36 | RELEASE_DIR = digitalcorpora.org/ 37 | 38 | RELEASE_LOC = $(RELEASE_DIR)/downloads/ 39 | VERSION_FN = $(PACKAGE)_version.txt 40 | RELEASE_PATH = $(RELEASE_LOC)/$(VERSION_FN) 41 | RELEASE_SSH = $(RELEASE_USER)$(RELEASE_HOST):$(RELEASE_LOC) 42 | 43 | 44 | release: 45 | make dist 46 | make distcheck 47 | make the_release 48 | 49 | the_release: $(RELEASEFN) 50 | gpg --detach-sign $(RELEASEFN) 51 | @echo Release $(RELEASE_VER) uploaded to server 52 | 53 | tcpflow32.exe: 54 | mingw32-configure 55 | make clean 56 | make 57 | mv -f src/tcpflow.exe tcpflow32.exe 58 | 59 | tcpflow64.exe: 60 | mingw64-configure 61 | make clean 62 | make 63 | mv -f src/tcpflow.exe tcpflow64.exe 64 | 65 | FN=$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).zip 66 | $(FN): tcpflow32.exe tcpflow64.exe 67 | /bin/rm -f tcpflow*.exe $(FN) 68 | make tcpflow32.exe 69 | make tcpflow64.exe 70 | zip $(FN) tcpflow32.exe tcpflow64.exe 71 | 72 | winrelease: $(FN) 73 | 74 | pub: $(FN) 75 | scp $(FN) dcorpora@digitalcorpora.org:downloads/tcpflow/ 76 | 77 | 78 | .PHONY: pull 79 | pull: 80 | git pull 81 | (cd src/dfxml;git pull) 82 | (cd src/be13_api;git pull) 83 | # 84 | # END OF AFFLIB RELEASE SYSTEM 85 | # 86 | -------------------------------------------------------------------------------- /src/be13_api/sbuf_stream.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | #ifndef SBUF_STREAM_H 3 | #define SBUF_STREAM_H 4 | 5 | /* required per C++ standard */ 6 | #ifndef __STDC_FORMAT_MACROS 7 | #define __STDC_FORMAT_MACROS 8 | #endif 9 | 10 | using namespace std; 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include "sbuf.h" 17 | 18 | /** \addtogroup bulk_extractor_APIs 19 | * @{ 20 | */ 21 | 22 | /** \file */ 23 | /** 24 | * sbuf_stream provides the get services of sbuf_t but wrapped in a Stream interface. 25 | * Note that sbuf_stream is not particularly optimized; it is simply a wrapper. 26 | */ 27 | class sbuf_stream { 28 | private: 29 | const sbuf_t sbuf; 30 | size_t offset; 31 | public: 32 | sbuf_stream(const sbuf_t &sbuf_); 33 | ~sbuf_stream(); 34 | void seek(size_t offset); 35 | size_t tell(); 36 | 37 | /** 38 | * \name integer-based stream readers 39 | * @{ */ 40 | uint8_t get8u(); 41 | uint16_t get16u(); 42 | uint32_t get32u(); 43 | uint64_t get64u(); 44 | 45 | uint8_t get8uBE(); 46 | uint16_t get16uBE(); 47 | uint32_t get32uBE(); 48 | uint64_t get64uBE(); 49 | 50 | uint8_t get8u(sbuf_t::byte_order_t bo); 51 | uint16_t get16u(sbuf_t::byte_order_t bo); 52 | uint32_t get32u(sbuf_t::byte_order_t bo); 53 | uint64_t get64u(sbuf_t::byte_order_t bo); 54 | 55 | int8_t get8i(); 56 | int16_t get16i(); 57 | int32_t get32i(); 58 | int64_t get64i(); 59 | 60 | int8_t get8iBE(); 61 | int16_t get16iBE(); 62 | int32_t get32iBE(); 63 | int64_t get64iBE(); 64 | 65 | int8_t get8i(sbuf_t::byte_order_t bo); 66 | int16_t get16i(sbuf_t::byte_order_t bo); 67 | int32_t get32i(sbuf_t::byte_order_t bo); 68 | int64_t get64i(sbuf_t::byte_order_t bo); 69 | /** @} */ 70 | 71 | /** 72 | * \name string and wstring stream readers 73 | * @{ */ 74 | void getUTF8(string &utf8_string); 75 | void getUTF8(size_t num_octets_requested, string &utf8_string); 76 | void getUTF16(wstring &utf16_string); 77 | void getUTF16(size_t num_code_units_requested, wstring &utf16_string); 78 | /** @} */ 79 | }; 80 | 81 | #endif 82 | -------------------------------------------------------------------------------- /m4/ac_prog_java_cc.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVA_CC 2 | dnl 3 | dnl Finds the appropriate java compiler on your path. By preference the 4 | dnl java compiler is gcj, then jikes then javac. 5 | dnl 6 | dnl The macro can take one argument specifying a space separated list 7 | dnl of java compiler names. 8 | dnl 9 | dnl For example: 10 | dnl 11 | dnl AC_PROG_JAVA_CC(javac, gcj) 12 | dnl 13 | dnl The macro also sets the compiler options variable: JAVA_CC_OPTS to 14 | dnl something sensible: 15 | dnl 16 | dnl - for GCJ it sets it to: @GCJ_OPTS@ 17 | dnl (if GCJ_OPTS is not yet defined then it is set to "-C") 18 | dnl 19 | dnl - no other compiler has applicable options yet 20 | dnl 21 | dnl Here's an example configure.in: 22 | dnl 23 | dnl AC_INIT(Makefile.in) 24 | dnl AC_PROG_JAVA_CC() 25 | dnl AC_OUTPUT(Makefile) 26 | dnl dnl End. 27 | dnl 28 | dnl And here's the start of the Makefile.in: 29 | dnl 30 | dnl PROJECT_ROOT := @srcdir@ 31 | dnl # Tool definitions. 32 | dnl JAVAC := @JAVA_CC@ 33 | dnl JAVAC_OPTS := @JAVA_CC_OPTS@ 34 | dnl JAR_TOOL := @jar_tool@ 35 | dnl 36 | dnl @category Java 37 | dnl @author Nic Ferrier 38 | dnl @version 2002-03-04 39 | dnl @license GPLWithACException 40 | 41 | # AC_PROG_JAVA_CC([COMPILER ...]) 42 | # -------------------------- 43 | # COMPILER ... is a space separated list of java compilers to search for. 44 | # This just gives the user an opportunity to specify an alternative 45 | # search list for the java compiler. 46 | AC_DEFUN([AC_PROG_JAVA_CC], 47 | [AC_ARG_VAR([JAVA_CC], [java compiler command])dnl 48 | AC_ARG_VAR([JAVA_CC_FLAGS], [java compiler flags])dnl 49 | m4_ifval([$1], 50 | [AC_CHECK_TOOLS(JAVA_CC, [$1])], 51 | [AC_CHECK_TOOL(JAVA_CC, gcj) 52 | if test -z "$JAVA_CC"; then 53 | AC_CHECK_TOOL(JAVA_CC, javac) 54 | fi 55 | if test -z "$JAVA_CC"; then 56 | AC_CHECK_TOOL(JAVA_CC, jikes) 57 | fi 58 | ]) 59 | 60 | if test "$JAVA_CC" = "gcj"; then 61 | if test "$GCJ_OPTS" = ""; then 62 | AC_SUBST(GCJ_OPTS,-C) 63 | fi 64 | AC_SUBST(JAVA_CC_OPTS, @GCJ_OPTS@, 65 | [Define the compilation options for GCJ]) 66 | fi 67 | test -z "$JAVA_CC" && AC_MSG_ERROR([no acceptable java compiler found in \$PATH]) 68 | ])# AC_PROG_JAVA_CC 69 | -------------------------------------------------------------------------------- /src/scan_tcpdemux.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * tcp demultiplixier scanner. 3 | * 4 | * We have a single global tcpdemultiplixer because it needs to manage 5 | * a global resource --- the maximum number of open files. We get the 6 | * singleton instance and put it in the user argument of the global 7 | * callback array. We could have designed the callback system to take 8 | * an instance which is subclassed from an abstract superclass, but 9 | * that would require a virtual function resolution on every function 10 | * call, whereas here we simply have a function call with two 11 | * arguments (which is faster, but less safe.) 12 | */ 13 | 14 | #include "config.h" 15 | #include "tcpflow.h" 16 | #include "tcpip.h" 17 | #include "tcpdemux.h" 18 | #include 19 | #include 20 | #include "bulk_extractor_i.h" 21 | 22 | 23 | /** callback called by process_packet() 24 | */ 25 | static void packet_handler(void *user,const be13::packet_info &pi) 26 | { 27 | reinterpret_cast(user)->process_pkt(pi); 28 | } 29 | 30 | extern "C" 31 | void scan_tcpdemux(const class scanner_params &sp,const recursion_control_block &rcb) 32 | { 33 | 34 | if(sp.sp_version!=scanner_params::CURRENT_SP_VERSION){ 35 | std::cerr << "scan_tcpdemux requires sp version " << scanner_params::CURRENT_SP_VERSION << "; " 36 | << "got version " << sp.sp_version << "\n"; 37 | exit(1); 38 | } 39 | 40 | if(sp.phase==scanner_params::PHASE_STARTUP){ 41 | sp.info->name = "tcpdemux"; 42 | sp.info->author= "Simson Garfinkel"; 43 | sp.info->packet_user = tcpdemux::getInstance(); 44 | sp.info->packet_cb = packet_handler; 45 | 46 | sp.info->get_config("tcp_timeout",&tcpdemux::getInstance()->tcp_timeout,"Timeout for TCP connections"); 47 | sp.info->get_config("tcp_cmd",&tcpdemux::getInstance()->tcp_cmd,"Command to execute on each TCP flow"); 48 | sp.info->get_config("tcp_alert_fd",&tcpdemux::getInstance()->tcp_alert_fd,"File descriptor to send information about completed TCP flows"); 49 | 50 | return; /* No feature files created */ 51 | } 52 | 53 | if(sp.phase==scanner_params::PHASE_SCAN){ 54 | static const std::string hash0(""); 55 | static const std::string hash1(""); 56 | return; 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /src/wifipcap/types.h: -------------------------------------------------------------------------------- 1 | //////////////////////////////////////////////////////////////////////////////// 2 | // Mercury and Colyseus Software Distribution 3 | // 4 | // Copyright (C) 2004-2005 Ashwin Bharambe (ashu@cs.cmu.edu) 5 | // 2004-2005 Jeffrey Pang (jeffpang@cs.cmu.edu) 6 | // 2004 Mukesh Agrawal (mukesh@cs.cmu.edu) 7 | // 8 | // This program is free software; you can redistribute it and/or 9 | // modify it under the terms of the GNU General Public License as 10 | // published by the Free Software Foundation; either version 2, or (at 11 | // your option) any later version. 12 | // 13 | // This program is distributed in the hope that it will be useful, but 14 | // WITHOUT ANY WARRANTY; without even the implied warranty of 15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | // General Public License for more details. 17 | // 18 | // You should have received a copy of the GNU General Public License 19 | // along with this program; if not, write to the Free Software 20 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 21 | // USA 22 | //////////////////////////////////////////////////////////////////////////////// 23 | #ifndef __TYPES__H 24 | #define __TYPES__H 25 | 26 | // basic types and utility macros 27 | 28 | typedef unsigned char byte; 29 | typedef unsigned char ubyte; 30 | typedef unsigned char uint8; 31 | typedef unsigned short uint16; 32 | typedef unsigned int uint32; 33 | typedef unsigned long long uint64; 34 | 35 | typedef char sbyte; 36 | typedef char sint8; 37 | typedef short sint16; 38 | typedef int sint32; 39 | typedef long long sint64; 40 | 41 | typedef float real; 42 | typedef float real32; 43 | typedef double real64; 44 | //typedef long double real64; 45 | 46 | typedef unsigned int guint; 47 | typedef uint32 guint32; 48 | typedef uint16 guint16; 49 | typedef uint8 guint8; 50 | 51 | #ifndef MAX 52 | #define MAX(x,y) ((x)>(y)?(x):(y)) 53 | #endif 54 | #ifndef MIN 55 | #define MIN(x,y) ((x)<(y)?(x):(y)) 56 | #endif 57 | 58 | #endif 59 | // vim: set sw=4 sts=4 ts=8 noet: 60 | // Local Variables: 61 | // Mode: c++ 62 | // c-basic-offset: 4 63 | // tab-width: 8 64 | // indent-tabs-mode: t 65 | // End: 66 | -------------------------------------------------------------------------------- /src/wifipcap/README.txt: -------------------------------------------------------------------------------- 1 | MAINTAINER 2 | ========== 3 | Simson L. Garfinkel 4 | 5 | 6 | ACKNOWLEDGEMENTS 7 | ================ 8 | Thanks to: 9 | * Jeffrey Pang, for the radiotap implementation 10 | * Doug Madory, for the Wifi parser 11 | * Jeremy Elson, for the original idea and initial tcp/ip implementation 12 | 13 | Title: Wifipcap Library 14 | Authors: Jeff Pang, 15 | Simson L. Garfinkel 16 | 17 | Description: 18 | ============ 19 | 20 | A simple C++ wrapper around libpcap that allows applications to 21 | selectively demultiplex 802.11 frames, and the most common layer 2 and 22 | layer 3 protocols contained within them. Basically, the wifipcap 23 | library handles all the parsing of 802.11 frames (and/or layer 2/3 24 | packets) from the pcap file (or stream). 25 | 26 | Some of the code is derived from tcpdump. 27 | 28 | This program somewhat reworked by Simson Garfinkel 29 | 30 | Linux: Requires libpcap >= 0.9.4 on Linux. 31 | 32 | Windows: Requires WinPcap >= 4.0.2 and AirPcap for 802.11 capture 33 | See: http://www.cacetech.com/support/downloads.htm 34 | 35 | Usage: 36 | ====== 37 | 38 | For an overview see wifipcap.h. For an example, see sample.cpp. 39 | 40 | (0) Compile wifipcap. 41 | 42 | In Linux: 43 | Enter this directory and type: 44 | 45 | make 46 | 47 | In Windows: 48 | Open wifipcap.sln in Visual Studio and build it. 49 | You will need to have the winpcap include and library files 50 | in the appropriate search paths. 51 | 52 | (1) Include the header "wifipcap.h" in your application C++ file(s). 53 | 54 | (2) Implement a subclass of WifipcapCallbacks. This class has one 55 | member function for each type of 802.11 frame and layer 2/3 56 | packets. Each of these functions will be called as a frame/packet 57 | is parsed. 58 | 59 | (3) Create an instance of Wifipcap with either a pcap trace file or 60 | a live device to capture packets from. 61 | 62 | (4) Call Wifipcap::Run with your instance of WifipcapCallbacks. 63 | 64 | (5) Compile your program linking to libpcap and wifipcap.a. 65 | 66 | On Linux: 67 | g++ -o myprogram myprogram.c /path/to/wifipcap.a -lpcap 68 | 69 | On Windows: 70 | Link the following libraries: 71 | wpcap.lib ws2_32.lib WINMM.LIB wifipcap.lib 72 | 73 | Make sure wifipcap.lib is in the library path. 74 | -------------------------------------------------------------------------------- /src/wifipcap/util.cpp: -------------------------------------------------------------------------------- 1 | #include "os.h" 2 | #include 3 | #include 4 | #include 5 | #include 6 | #ifndef _WIN32 7 | #include 8 | #include 9 | #include 10 | #else 11 | #define snprintf sprintf_s 12 | #endif 13 | #include "util.h" 14 | #include "ethertype.h" 15 | #include "wifipcap.h" 16 | 17 | //std::ostream& operator<<(std::ostream& out, const WifipcapCallbacks::MAC& mac) { 18 | // const char *fmt = WifipcapCallbacks::MAC::print_fmt == WifipcapCallbacks::MAC::PRINT_FMT_COLON ? 19 | // "%02x:%02x:%02x:%02x:%02x:%02x" : 20 | // "%02x%02x%02x%02x%02x%02x"; 21 | // char buf[24]; 22 | // sprintf(buf, fmt, 23 | // (int)((mac.val>>40)&0xff), 24 | // (int)((mac.val>>32)&0xff), 25 | // (int)((mac.val>>24)&0xff), 26 | // (int)((mac.val>>16)&0xff), 27 | // (int)((mac.val>>8)&0xff), 28 | // (int)((mac.val)&0xff) 29 | // ); 30 | // out << buf; 31 | // return out; 32 | //} 33 | // 34 | 35 | //std::ostream& operator<<(std::ostream& out, const struct in_addr& ip) { 36 | // out << inet_ntoa(ip); 37 | // return out; 38 | //} 39 | 40 | #if 0 41 | char *va(const char *format, ...) 42 | { 43 | va_list argptr; 44 | static int index = 0; 45 | static char buf[8][512]; 46 | 47 | char *b = *(buf + index); 48 | 49 | va_start (argptr, format); 50 | vsprintf (b, format,argptr); 51 | va_end (argptr); 52 | 53 | index = (index + 1) % 8; 54 | 55 | return b; 56 | } 57 | 58 | /* 59 | * Convert a token value to a string; use "fmt" if not found. 60 | */ 61 | const char * 62 | tok2strbuf(register const struct tok *lp, register const char *fmt, 63 | register int v, char *buf, size_t bufsize) 64 | { 65 | if (lp != NULL) { 66 | while (lp->s != NULL) { 67 | if (lp->v == v) 68 | return (lp->s); 69 | ++lp; 70 | } 71 | } 72 | if (fmt == NULL) 73 | fmt = "#%d"; 74 | 75 | (void)snprintf(buf, bufsize, fmt, v); 76 | return (const char *)buf; 77 | } 78 | 79 | /* 80 | * Convert a token value to a string; use "fmt" if not found. 81 | */ 82 | const char * 83 | tok2str(register const struct tok *lp, register const char *fmt, 84 | register int v) 85 | { 86 | static char buf[4][128]; 87 | static int idx = 0; 88 | char *ret; 89 | 90 | ret = buf[idx]; 91 | idx = (idx+1) & 3; 92 | return tok2strbuf(lp, fmt, v, ret, sizeof(buf[0])); 93 | } 94 | #endif 95 | -------------------------------------------------------------------------------- /src/be13_api/utils.h: -------------------------------------------------------------------------------- 1 | /**************************************************************** 2 | *** utils.h 3 | *** 4 | *** To use utils.c/utils.h, be sure this is in your configure.ac file: 5 | m4_include([be13_api/be13_configure.m4]) 6 | *** 7 | ****************************************************************/ 8 | 9 | 10 | 11 | #ifndef UTILS_H 12 | #define UTILS_H 13 | 14 | #include 15 | #include 16 | #include 17 | 18 | #if defined(__cplusplus) 19 | #include 20 | #include 21 | bool ends_with(const std::string &buf,const std::string &with); 22 | bool ends_with(const std::wstring &buf,const std::wstring &with); 23 | std::vector &split(const std::string &s, char delim, std::vector &elems); 24 | std::vector split(const std::string &s, char delim); 25 | #endif 26 | 27 | 28 | 29 | #ifndef __BEGIN_DECLS 30 | #if defined(__cplusplus) 31 | #define __BEGIN_DECLS extern "C" { 32 | #define __END_DECLS } 33 | #else 34 | #define __BEGIN_DECLS 35 | #define __END_DECLS 36 | #endif 37 | #endif 38 | 39 | __BEGIN_DECLS 40 | 41 | #ifdef HAVE_ERR_H 42 | #include 43 | #else 44 | [[noreturn]] void err(int eval,const char *fmt,...) __attribute__((format(printf, 2, 0))); 45 | [[noreturn]] void errx(int eval,const char *fmt,...) __attribute__((format(printf, 2, 0))); 46 | void warn(const char *fmt, ...) __attribute__((format(printf, 1, 0))); 47 | void warnx(const char *fmt,...) __attribute__((format(printf, 1, 0))); 48 | #endif 49 | 50 | #ifndef HAVE_LOCALTIME_R 51 | #ifdef __MINGW32__ 52 | #undef localtime_r 53 | #endif 54 | void localtime_r(time_t *t,struct tm *tm); 55 | #endif 56 | 57 | #ifndef HAVE_GMTIME_R 58 | #ifdef __MINGW32__ 59 | #undef gmtime_r 60 | #endif 61 | void gmtime_r(time_t *t,struct tm *tm); 62 | #endif 63 | 64 | int64_t get_filesize(int fd); 65 | 66 | #ifndef HAVE_ISHEXNUMBER 67 | int ishexnumber(int c); 68 | inline int ishexnumber(int c) 69 | { 70 | switch(c){ 71 | case '0': case '1': case '2': case '3': case '4': 72 | case '5': case '6': case '7': case '8': case '9': 73 | case 'A': case 'B': case 'C': case 'D': case 'E': 74 | case 'F': case 'a': case 'b': case 'c': case 'd': 75 | case 'e': case 'f': 76 | return 1; 77 | } 78 | return 0; 79 | } 80 | #endif 81 | __END_DECLS 82 | 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /src/wifipcap/cpack.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 2003, 2004 David Young. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 3. The name of David Young may not be used to endorse or promote 13 | * products derived from this software without specific prior 14 | * written permission. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 18 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID 20 | * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 22 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 27 | * OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef _CPACK_H 31 | #define _CPACK_H 32 | 33 | 34 | #include 35 | #include 36 | 37 | struct cpack_state { 38 | u_int8_t *c_buf; 39 | u_int8_t *c_next; 40 | size_t c_len; 41 | }; 42 | 43 | int cpack_init(struct cpack_state *, uint8_t *, size_t); 44 | 45 | int cpack_uint8(struct cpack_state *, uint8_t *); 46 | int cpack_uint16(struct cpack_state *, uint16_t *); 47 | int cpack_uint32(struct cpack_state *, uint32_t *); 48 | int cpack_uint64(struct cpack_state *, uint64_t *); 49 | 50 | inline int cpack_int8(struct cpack_state *s, int8_t *p) {return cpack_uint8(s,(uint8_t *)p);} 51 | inline int cpack_int16(struct cpack_state *s, int16_t *p) {return cpack_uint16(s,(uint16_t *)p);} 52 | inline int cpack_int32(struct cpack_state *s, int32_t *p) {return cpack_uint32(s,(uint32_t *)p);} 53 | inline int cpack_int64(struct cpack_state *s, int64_t *p) {return cpack_uint64(s,(uint64_t *)p);} 54 | 55 | 56 | #endif /* _CPACK_H */ 57 | -------------------------------------------------------------------------------- /src/scan_netviz.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * scan_netviz: 3 | * 4 | * Our first try at a pcap visualization engine. 5 | * Requires LIBCAIRO 6 | */ 7 | 8 | #include "config.h" 9 | #include 10 | #include 11 | 12 | #include "bulk_extractor_i.h" 13 | 14 | #ifdef HAVE_LIBCAIRO 15 | #include "netviz/one_page_report.h" 16 | 17 | /* These control the size of the iptable histogram 18 | * and whether or not it is dumped. The histogram should be kept 19 | * either small enough that it is not expensive to maintain, or large 20 | * enough so that it never needs to be pruned. 21 | */ 22 | 23 | #define HISTOGRAM_SIZE "netviz_histogram_size" 24 | #define HISTOGRAM_DUMP "netviz_histogram_dump" 25 | #define DEFAULT_MAX_HISTOGRAM_SIZE 1000 26 | 27 | static one_page_report *report=0; 28 | static void netviz_process_packet(void *user,const be13::packet_info &pi) 29 | { 30 | report->ingest_packet(pi); 31 | } 32 | 33 | #endif 34 | 35 | #ifdef HAVE_LIBCAIRO 36 | static int histogram_dump = 0; 37 | #endif 38 | 39 | extern "C" 40 | void scan_netviz(const class scanner_params &sp,const recursion_control_block &rcb) 41 | { 42 | if(sp.sp_version!=scanner_params::CURRENT_SP_VERSION){ 43 | std::cout << "scan_timehistogram requires sp version " 44 | << scanner_params::CURRENT_SP_VERSION << "; " 45 | << "got version " << sp.sp_version << "\n"; 46 | exit(1); 47 | } 48 | 49 | if(sp.phase==scanner_params::PHASE_STARTUP){ 50 | sp.info->name = "netviz"; 51 | sp.info->flags = scanner_info::SCANNER_DISABLED; // disabled by default 52 | sp.info->author= "Mike Shick"; 53 | sp.info->packet_user = 0; 54 | #ifdef HAVE_LIBCAIRO 55 | sp.info->description = "Performs 1-page visualization of network packets"; 56 | sp.info->packet_cb = netviz_process_packet; 57 | sp.info->get_config(HISTOGRAM_DUMP,&histogram_dump,"Dumps the histogram"); 58 | int max_histogram_size = DEFAULT_MAX_HISTOGRAM_SIZE; 59 | sp.info->get_config(HISTOGRAM_SIZE,&max_histogram_size,"Maximum histogram size"); 60 | report = new one_page_report(max_histogram_size); 61 | #else 62 | sp.info->description = "Disabled (compiled without libcairo"; 63 | #endif 64 | } 65 | #ifdef HAVE_LIBCAIRO 66 | 67 | if(sp.phase==scanner_params::PHASE_SHUTDOWN){ 68 | assert(report!=0); 69 | if(histogram_dump){ 70 | report->src_tree.dump_stats(std::cout); 71 | report->dump(histogram_dump); 72 | } 73 | report->source_identifier = sp.fs.get_input_fname(); 74 | report->render(sp.fs.get_outdir()); 75 | delete report; 76 | report = 0; 77 | } 78 | #endif 79 | } 80 | 81 | -------------------------------------------------------------------------------- /src/netviz/address_histogram.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * address_histogram.cpp: 3 | * 4 | * This source file is public domain, as it is not based on the original tcpflow. 5 | * 6 | * Author: Michael Shick 7 | * 8 | */ 9 | 10 | #include "config.h" 11 | 12 | #ifdef HAVE_LIBCAIRO 13 | #include "tcpflow.h" 14 | #include "tcpip.h" 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "address_histogram.h" 21 | 22 | using namespace std; 23 | 24 | address_histogram::address_histogram(const iptree &tree) : 25 | buckets(), datagrams_ingested(0) 26 | { 27 | // convert iptree to suitable vector for count histogram 28 | iptree::histogram_t addresses; 29 | 30 | tree.get_histogram(addresses); 31 | 32 | if(addresses.size() <= bucket_count) { 33 | sort(addresses.begin(), addresses.end(), iptree_node_comparator()); 34 | } 35 | else { 36 | partial_sort(addresses.begin(), addresses.begin() + bucket_count, 37 | addresses.end(), iptree_node_comparator()); 38 | } 39 | buckets.clear(); 40 | 41 | vector::const_iterator it = addresses.begin(); 42 | for(size_t ii = 0; ii < bucket_count && it != addresses.end(); ii++, it++) { 43 | buckets.push_back(*it); 44 | } 45 | 46 | datagrams_ingested = tree.sum(); 47 | } 48 | 49 | const size_t address_histogram::bucket_count = 10; 50 | 51 | const iptree::addr_elem &address_histogram::at(size_t index) const 52 | { 53 | return buckets.at(index); 54 | } 55 | 56 | size_t address_histogram::size() const 57 | { 58 | return buckets.size(); 59 | } 60 | 61 | uint64_t address_histogram::ingest_count() const 62 | { 63 | return datagrams_ingested; 64 | } 65 | 66 | address_histogram::ipt_addrs::const_iterator address_histogram::begin() const 67 | { 68 | return buckets.begin(); 69 | } 70 | address_histogram::ipt_addrs::const_iterator address_histogram::end() const 71 | { 72 | return buckets.end(); 73 | } 74 | address_histogram::ipt_addrs::const_reverse_iterator address_histogram::rbegin() const 75 | { 76 | return buckets.rbegin(); 77 | } 78 | address_histogram::ipt_addrs::const_reverse_iterator address_histogram::rend() const 79 | { 80 | return buckets.rend(); 81 | } 82 | 83 | bool address_histogram::iptree_node_comparator::operator()(const iptree::addr_elem &a, 84 | const iptree::addr_elem &b) 85 | { 86 | if(a.count > b.count) { 87 | return true; 88 | } 89 | else if(a.count < b.count) { 90 | return false; 91 | } 92 | for(size_t ii = 0; ii < sizeof(a.addr); ii++) { 93 | if(a.addr[ii] > b.addr[ii]) { 94 | return true; 95 | } 96 | else if(a.addr[ii] < b.addr[ii]) { 97 | return false; 98 | } 99 | } 100 | return false; 101 | } 102 | 103 | #endif 104 | -------------------------------------------------------------------------------- /src/be13_api/dfxml/src/dfxml_configure.m4: -------------------------------------------------------------------------------- 1 | # 2 | # mix-ins for dfxml 3 | # Support for hash_t as well. 4 | # 5 | # This file is public domain 6 | # Revision History: 7 | # 2012 - Simson Garfinkel - Created for bulk_extractor 8 | # 9 | 10 | AC_MSG_NOTICE([Including dfxml_configure.m4 from dfxml]) 11 | AC_MSG_NOTICE([Note: checks for afflib/afflib.h and libewf.h should be in the caller, so they can be disabled]) 12 | AC_CHECK_HEADERS([err.h expat.h pwd.h sys/cdefs.h sys/mman.h sys/resource.h sys/utsname.h unistd.h winsock2.h ]) 13 | AC_CHECK_FUNCS([fork gmtime_r getuid gethostname getpwuid getrusage mkstemp vasprintf ]) 14 | 15 | AC_LANG_PUSH(C++) 16 | AC_CHECK_HEADERS([exiv2/image.hpp]) 17 | AC_LANG_POP() 18 | 19 | 20 | # Determine UTC date offset 21 | CPPFLAGS="$CPPFLAGS -DUTC_OFFSET=`TZ=UTC date +%z`" 22 | 23 | # Get the GIT commit into the GIT_COMMIT variable 24 | AC_CHECK_PROG([git],[git],[yes],[no]) 25 | AM_CONDITIONAL([FOUND_GIT],[test "x$git" = xyes]) 26 | AM_COND_IF([FOUND_GIT], 27 | [GIT_COMMIT=`git describe --dirty --always` 28 | AC_MSG_NOTICE([git commit $GIT_COMMIT])], 29 | [AC_MSG_WARN([git not found])]) 30 | 31 | 32 | # Do we have the CPUID instruction? 33 | AC_TRY_COMPILE([#define cpuid(id) __asm__( "cpuid" : "=a"(eax), "=b"(ebx), "=c"(ecx), "=d"(edx) : "a"(id), "b"(0), "c"(0), "d"(0))], 34 | [unsigned long eax, ebx, ecx, edx;cpuid(0);], 35 | have_cpuid=yes, 36 | have_cpuid=no) 37 | if test "$have_cpuid" = yes; then 38 | AC_DEFINE(HAVE_ASM_CPUID, 1, [define to 1 if __asm__ CPUID is available]) 39 | fi 40 | 41 | # Does GCC have the diagnostic pragma? 42 | AC_TRY_COMPILE([#pragma GCC diagnostic ignored "-Wredundant-decls"], 43 | [], 44 | AC_DEFINE([DFXML_GNUC_HAS_DIAGNOSTIC_PRAGMA],[1],[GCC supports #pragma GCC diagnostic]), 45 | ) 46 | 47 | ################################################################ 48 | ## on Win32, crypto requires zlib 49 | case $host in 50 | *mingw32*) 51 | AC_CHECK_LIB([z], [gzdopen],[LIBS="-lz $LIBS"], [AC_MSG_ERROR([Could not find zlib library])]) 52 | esac 53 | 54 | ################################################################ 55 | ## OpenSSL Support is now required (for hash_t) 56 | ## Note that this now works with both OpenSSL 1.0 and OpenSSL 1.1 57 | ## On OpenSSL man page we can read: 58 | ## EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. 59 | ## So we need to check for all of them. 60 | AC_CHECK_HEADERS([openssl/aes.h openssl/bio.h openssl/evp.h openssl/hmac.h openssl/md5.h openssl/pem.h openssl/rand.h openssl/rsa.h openssl/sha.h openssl/pem.h openssl/x509.h]) 61 | 62 | # OpenSSL has been installed under at least two different names... 63 | AC_CHECK_LIB([crypto],[EVP_get_digestbyname]) 64 | AC_CHECK_LIB([ssl],[SSL_library_init]) 65 | AC_CHECK_FUNCS([EVP_get_digestbyname],, 66 | AC_MSG_ERROR([SSL/OpenSSL support required])) 67 | AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free]) 68 | 69 | -------------------------------------------------------------------------------- /src/netviz/port_histogram.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * port_histogram.cpp: 3 | * Show packets received vs port 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #ifdef HAVE_LIBCAIRO 14 | #include "tcpflow.h" 15 | 16 | #include "port_histogram.h" 17 | 18 | #include 19 | #include 20 | 21 | using namespace std; 22 | 23 | const size_t port_histogram::bucket_count = 10; 24 | 25 | bool port_histogram::descending_counts::operator()(const port_count &a, 26 | const port_count &b) 27 | { 28 | if(a.count > b.count) { 29 | return true; 30 | } 31 | if(a.count < b.count) { 32 | return false; 33 | } 34 | return a.port < b.port; 35 | } 36 | 37 | void port_histogram::increment(uint16_t port, uint64_t delta) 38 | { 39 | port_counts[port] += delta; 40 | data_bytes_ingested += delta; 41 | buckets_dirty = true; 42 | } 43 | 44 | const port_histogram::port_count &port_histogram::at(size_t index) 45 | { 46 | refresh_buckets(); 47 | 48 | return buckets.at(index); 49 | } 50 | 51 | size_t port_histogram::size() 52 | { 53 | refresh_buckets(); 54 | 55 | return buckets.size(); 56 | } 57 | 58 | uint64_t port_histogram::ingest_count() const 59 | { 60 | return data_bytes_ingested; 61 | } 62 | 63 | port_histogram::port_count_vector::const_iterator port_histogram::begin() 64 | { 65 | refresh_buckets(); 66 | 67 | return buckets.begin(); 68 | } 69 | port_histogram::port_count_vector::const_iterator port_histogram::end() 70 | { 71 | refresh_buckets(); 72 | 73 | return buckets.end(); 74 | } 75 | port_histogram::port_count_vector::const_reverse_iterator port_histogram::rbegin() 76 | { 77 | refresh_buckets(); 78 | 79 | return buckets.rbegin(); 80 | } 81 | port_histogram::port_count_vector::const_reverse_iterator port_histogram::rend() 82 | { 83 | refresh_buckets(); 84 | 85 | return buckets.rend(); 86 | } 87 | 88 | void port_histogram::refresh_buckets() 89 | { 90 | if(!buckets_dirty) { 91 | return; 92 | } 93 | 94 | buckets.clear(); 95 | 96 | for(port_counts_t::const_iterator it = port_counts.begin(); 97 | it != port_counts.end(); it++) { 98 | buckets.push_back(port_count(it->first, it->second)); 99 | } 100 | 101 | if(buckets.size() <= bucket_count) { 102 | sort(buckets.begin(), buckets.end(), descending_counts()); 103 | } 104 | else { 105 | partial_sort(buckets.begin(), buckets.begin() + bucket_count, 106 | buckets.end(), descending_counts()); 107 | } 108 | 109 | if(buckets.size() > bucket_count) { 110 | buckets.erase(buckets.begin() + bucket_count, buckets.end()); 111 | } 112 | 113 | buckets_dirty = false; 114 | } 115 | #endif 116 | -------------------------------------------------------------------------------- /src/be13_api/beregex.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | /* 3 | * beregex.h: 4 | * 5 | * simple cover for regular expression class. 6 | * The class allocates and frees the strings 7 | */ 8 | 9 | #ifndef BEREGEX_H 10 | #define BEREGEX_H 11 | 12 | #ifdef HAVE_TRE_TRE_H 13 | # include 14 | #else 15 | # ifdef HAVE_REGEX_H 16 | # include 17 | # endif 18 | #endif 19 | 20 | 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | class beregex { 31 | private: 32 | void compile(); 33 | beregex & operator=(const beregex&that); // don't use this, please 34 | public: 35 | /** Bargain-basement detector of things that might be regular expressions. */ 36 | static const char *version(); 37 | static bool is_regex(const std::string &str); 38 | 39 | std::string pat; /* our pattern */ 40 | int flags; 41 | // Note: nreg_ is void* because the compiler will not allow us to define it as "struct regex_t *" 42 | // We could get around this by including regex.h, but that introduces dependencies for programs that include 43 | // beregex.h. 44 | void *nreg_; 45 | beregex(const beregex &that); 46 | beregex(std::string pat_,int flags_); 47 | ~beregex(); 48 | /** 49 | * perform a search for a single hit. If there is a group and something is found, 50 | * set *found to be what was found, *offset to be the starting offset, and *len to be 51 | * the length. Note that this only handles a single group. 52 | */ 53 | int search(const std::string &line,std::string *found,size_t *offset,size_t *len) const; 54 | int search(const std::string &line,std::string *matches,int REGMAX) const; 55 | std::string search(const std::string &line) const; 56 | }; 57 | typedef std::vector beregex_vector; 58 | 59 | /** 60 | * The regex_list maintains a list of regular expressions. 61 | * The list can be read out of a file. 62 | * check() returns true if the provided string is inside the list 63 | * This should be combined with the word_and_context_list 64 | */ 65 | class regex_list { 66 | public: 67 | std::vector patterns; 68 | regex_list():patterns(){} 69 | 70 | size_t size(){ 71 | return patterns.size(); 72 | } 73 | /** 74 | * Read a file; returns 0 if successful, -1 if failure. 75 | * @param fname - the file to read. 76 | */ 77 | virtual ~regex_list(){ 78 | for(std::vector::iterator it=patterns.begin(); it != patterns.end(); it++){ 79 | delete *it; 80 | } 81 | } 82 | void add_regex(const std::string &pat); 83 | int readfile(std::string fname); 84 | /** check() is threadsafe. */ 85 | bool check(const std::string &probe,std::string *found, size_t *offset,size_t *len) const; 86 | }; 87 | 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /m4/ac_prog_java.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVA 2 | dnl 3 | dnl Here is a summary of the main macros: 4 | dnl 5 | dnl AC_PROG_JAVAC: finds a Java compiler. 6 | dnl 7 | dnl AC_PROG_JAVA: finds a Java virtual machine. 8 | dnl 9 | dnl AC_CHECK_CLASS: finds if we have the given class (beware of 10 | dnl CLASSPATH!). 11 | dnl 12 | dnl AC_CHECK_RQRD_CLASS: finds if we have the given class and stops 13 | dnl otherwise. 14 | dnl 15 | dnl AC_TRY_COMPILE_JAVA: attempt to compile user given source. 16 | dnl 17 | dnl AC_TRY_RUN_JAVA: attempt to compile and run user given source. 18 | dnl 19 | dnl AC_JAVA_OPTIONS: adds Java configure options. 20 | dnl 21 | dnl AC_PROG_JAVA tests an existing Java virtual machine. It uses the 22 | dnl environment variable JAVA then tests in sequence various common 23 | dnl Java virtual machines. For political reasons, it starts with the 24 | dnl free ones. You *must* call [AC_PROG_JAVAC] before. 25 | dnl 26 | dnl If you want to force a specific VM: 27 | dnl 28 | dnl - at the configure.in level, set JAVA=yourvm before calling 29 | dnl AC_PROG_JAVA 30 | dnl 31 | dnl (but after AC_INIT) 32 | dnl 33 | dnl - at the configure level, setenv JAVA 34 | dnl 35 | dnl You can use the JAVA variable in your Makefile.in, with @JAVA@. 36 | dnl 37 | dnl *Warning*: its success or failure can depend on a proper setting of 38 | dnl the CLASSPATH env. variable. 39 | dnl 40 | dnl TODO: allow to exclude virtual machines (rationale: most Java 41 | dnl programs cannot run with some VM like kaffe). 42 | dnl 43 | dnl Note: This is part of the set of autoconf M4 macros for Java 44 | dnl programs. It is VERY IMPORTANT that you download the whole set, 45 | dnl some macros depend on other. Unfortunately, the autoconf archive 46 | dnl does not support the concept of set of macros, so I had to break it 47 | dnl for submission. 48 | dnl 49 | dnl A Web page, with a link to the latest CVS snapshot is at 50 | dnl . 51 | dnl 52 | dnl This is a sample configure.in Process this file with autoconf to 53 | dnl produce a configure script. 54 | dnl 55 | dnl AC_INIT(UnTag.java) 56 | dnl 57 | dnl dnl Checks for programs. 58 | dnl AC_CHECK_CLASSPATH 59 | dnl AC_PROG_JAVAC 60 | dnl AC_PROG_JAVA 61 | dnl 62 | dnl dnl Checks for classes 63 | dnl AC_CHECK_RQRD_CLASS(org.xml.sax.Parser) 64 | dnl AC_CHECK_RQRD_CLASS(com.jclark.xml.sax.Driver) 65 | dnl 66 | dnl AC_OUTPUT(Makefile) 67 | dnl 68 | dnl @category Java 69 | dnl @author Stephane Bortzmeyer 70 | dnl @version 2000-07-19 71 | dnl @license GPLWithACException 72 | 73 | AC_DEFUN([AC_PROG_JAVA],[ 74 | AC_REQUIRE([AC_EXEEXT])dnl 75 | if test x$JAVAPREFIX = x; then 76 | test x$JAVA = x && AC_CHECK_PROGS(JAVA, kaffe$EXEEXT java$EXEEXT) 77 | else 78 | test x$JAVA = x && AC_CHECK_PROGS(JAVA, kaffe$EXEEXT java$EXEEXT, $JAVAPREFIX) 79 | fi 80 | test x$JAVA = x && AC_MSG_ERROR([no acceptable Java virtual machine found in \$PATH]) 81 | AC_PROG_JAVA_WORKS 82 | AC_PROVIDE([$0])dnl 83 | ]) 84 | -------------------------------------------------------------------------------- /CONFIGURE_CENTOS8.bash: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | LIBEWF_URL=https://github.com/libyal/libewf/releases/download/20171104/libewf-experimental-20171104.tar.gz 3 | cat < /tmp/local.conf 75 | sudo mv /tmp/local.conf /etc/ld.so.conf.d/local.conf 76 | sudo ldconfig 77 | 78 | # 79 | # 80 | # 81 | 82 | echo ... 83 | echo 'Now running ../bootstrap.sh and configure' 84 | pushd .. 85 | sh bootstrap.sh 86 | sh configure 87 | popd 88 | echo ================================================================ 89 | echo ================================================================ 90 | echo 'You are now ready to compile bulk_extractor for Linux.' 91 | echo 'To compile, type make' 92 | echo 'To make a distribution, type make release' -------------------------------------------------------------------------------- /tests/test1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # test to make sure that we can process the packets normally 4 | # 5 | 6 | . $srcdir/test-subs.sh 7 | 8 | for t in 1 2 3 9 | do 10 | echo 11 | echo ======== 12 | echo check $t 13 | echo ======== 14 | # Run the program 15 | DMPFILE=$DMPDIR/test$t.pcap 16 | echo checking $DMPFILE 17 | if ! [ -r $DMPFILE ] ; then echo $DMPFILE not found ; fi 18 | /bin/rm -rf out 19 | 20 | cmd "$TCPFLOW -o out -X out/report.xml -r $DMPFILE" 21 | 22 | case $t in 23 | 1) 24 | checkmd5 out/"074.125.019.101.00080-192.168.001.102.50956" "ae30a88136feb0655492bdb75e078643" "136" 25 | checkmd5 out/"074.125.019.104.00080-192.168.001.102.50955" "61051e417d34e1354559e3a8901d19d3" "2792" 26 | checkmd5 out/"192.168.001.102.50955-074.125.019.104.00080" "14e9c335bf54dc4652999e25d99fecfe" "655" 27 | checkmd5 out/"192.168.001.102.50956-074.125.019.101.00080" "78b8073093d107207327103e80fbdf43" "604" 28 | 29 | # Check the times 30 | if ! ls -l out/074.125.019.101.00080-192.168.001.102.50956 | grep '2008' >/dev/null ; 31 | then 32 | echo utimes on packet files not properly set. 33 | exit 1 34 | fi 35 | ;; 36 | 2) 37 | checkmd5 out/"010.000.000.001.09999-010.000.000.002.36559--42" "b7d0b9ee8a7c1ea94b6b43b5a3e0da83" 38 | checkmd5 out/"010.000.000.002.36559-010.000.000.001.09999--42" "c4b95c552616bda3e21d063e8ee2e332" 39 | ;; 40 | 3) 41 | ;; 42 | 4) 43 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51391-2001:67c:1220:809::93e5:916.00080 2600d38f9524c66f190212bbdb6f3c96 44 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51392-2001:67c:1220:809::93e5:916.00080 ea4d328b4c831f6cb54772bcaa206ad1 45 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51393-2001:67c:1220:809::93e5:916.00080 775823553ec206c97c079ab054869c80 46 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51394-2001:67c:1220:809::93e5:916.00080 4b12431fb1403ed45a0cdd264c555c21 47 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51395-2001:67c:1220:809::93e5:916.00080 3a2c8438a3e42e617b0d134ae9bb2f0a 48 | checkmd5 out/2001:0:53aa:64c:422:2ece:a29c:9cf6.51396-2001:67c:1220:809::93e5:916.00080 547bdc57f5ac3bac3b6620afc19d5a00 49 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51391 2a8f64558ad7a1731e4950a3f7f16913 50 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51392 92e4df1f268a7f7b1244b4ddc67120d3 51 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51393 873ce29539afc9bd72d65c11d9aef2f7 52 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51394 c043c19025e6ba8278b7ddb6f08d68d3 53 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51395 ca32de2d5504c6f8dc32610d94046106 54 | checkmd5 out/2001:67c:1220:809::93e5:916.00080-2001:0:53aa:64c:422:2ece:a29c:9cf6.51396 b4772e037e05aaf315aaad911a59650d 55 | ;; 56 | esac 57 | /bin/rm -f *.[0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9].* 58 | /bin/rm -f *.[0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]:* 59 | echo Packet file $t completed successfully 60 | done 61 | 62 | /bin/rm -rf out 63 | exit 0 64 | -------------------------------------------------------------------------------- /cmake/options.cmake: -------------------------------------------------------------------------------- 1 | # Default options and popular parameters 2 | 3 | 4 | # --------- CMAKE_BUILD_TYPE ---------- 5 | # * Release = -O2 + disable assert (-DNDEBUG) 6 | # * Debug = -O0 + enable assert <-- Default value 7 | # * Coverage = -O0 + disable assert (-DNDEBUG) 8 | set(CMAKE_CONFIGURATION_TYPES Release Debug Coverage CACHE STRING "Reset the supported CMAKE_BUILD_TYPEs." FORCE) 9 | # Use "cmake -DCMAKE_BUILD_TYPE=Release" or "cmake -DCMAKE_BUILD_TYPE=Coverage" to override default value 'Debug' 10 | if(NOT CMAKE_BUILD_TYPE) 11 | set(CMAKE_BUILD_TYPE Debug CACHE STRING "Choose the type of build." FORCE) 12 | set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "Coverage") 13 | message(STATUS " CMAKE_BUILD_TYPE not set => Use default value '${CMAKE_BUILD_TYPE}'.") 14 | endif() 15 | 16 | 17 | # Use "cmake -DSANITIZE=address" to enable Address sanitizer 18 | # Use "cmake -DSANITIZE=thread" to enable Thread sanitizer 19 | # Use "cmake -DSANITIZE=memory" to enable Memory sanitizer 20 | # Use "cmake -DSANITIZE=dataflow" for DataFlowSanitizer 21 | # Use "cmake -DSANITIZE=cfi" for control flow integrity checks (requires -flto) 22 | # Use "cmake -DSANITIZE=safe-stack" for safe stack protection against stack-based memory corruption errors. 23 | # Use "cmake -DSANITIZE=multi" to combine some of them 24 | if(NOT SANITIZE) 25 | set(SANITIZE "OFF" CACHE STRING "Enable Address/Thread/Memory sanitizer.") 26 | set_property(CACHE SANITIZE PROPERTY STRINGS "OFF" "address" "thread" "memory" "dataflow" "cfi" "safe-stack" "multi") 27 | message(STATUS " SANITIZE not set (cmake -DSANITIZE=xxx) => Set default value SANITIZE='${SANITIZE}'") 28 | endif() 29 | #option(SANITIZE "Sanity check" OFF) 30 | 31 | # Use "cmake -DMARCH=native" to detect your current cpu-type 'xxx' and CMake will convert to -march=xxx 32 | # Use "cmake -DMARCH=zzzz" to set a specific flag -march=zzzz 33 | # Default is "-DMARCH=corei7" (fine on x86 architecture) 34 | # Use "cmake -DMARCH= " (empty value) to disable flag -march 35 | set(MARCH "corei7" CACHE STRING "Control flag -march") 36 | 37 | # Control flags -O0 -O1 -O2 -O3 -Ofast -Os -Og 38 | set(OPTIM "" CACHE STRING "Control flags -Ox") 39 | 40 | # For clang-check 41 | set(CMAKE_EXPORT_COMPILE_COMMANDS "on") 42 | 43 | 44 | # Colorize output: "always" or "auto" ("auto" colorizes if output is TTY) 45 | if (ENV{BUILD_COLOR}) 46 | option(BUILD_COLOR " Enable colored output for make and compiler" $ENV{BUILD_COLOR}) 47 | else() 48 | option(BUILD_COLOR " Enable colored output for make and compiler" always) 49 | endif() 50 | 51 | 52 | # Static code analysis 53 | # Below line is to generate the file 'compile_commands.json' during the build 54 | # Then, the file 'compile_commands.json' can be used with clang-check using the below command line: 55 | # awk -F: '/"file"/{print $2 }' build/compile_commands.json | xargs clang-check -fixit -p build 56 | set(CMAKE_EXPORT_COMPILE_COMMANDS "on") 57 | 58 | 59 | # For Tools like YouCompleteMe 60 | # TODO(???): Provide BuildConfig.json.in 61 | # configure_file(${CMAKE_CURRENT_LIST_DIR}/templates/BuildConfig.json.in ${CMAKE_CURRENT_BINARY_DIR}/BuildConfig.json) 62 | -------------------------------------------------------------------------------- /src/stest.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | static int callback(void *NotUsed, int argc, char **argv, char **azColName){ 7 | int i; 8 | for(i=0; i 8 | * 9 | */ 10 | 11 | 12 | #ifndef TIME_HISTOGRAM_VIEW_H 13 | #define TIME_HISTOGRAM_VIEW_H 14 | 15 | #include "config.h" 16 | #ifdef HAVE_LIBCAIRO 17 | 18 | #include "plot_view.h" 19 | #include "time_histogram.h" 20 | 21 | #define SECOND_NAME "second" 22 | #define MINUTE_NAME "minute" 23 | #define HOUR_NAME "hour" 24 | #define DAY_NAME "day" 25 | #define WEEK_NAME "week" 26 | #define MONTH_NAME "month" 27 | #define YEAR_NAME "year" 28 | 29 | class time_histogram_view : public plot_view { 30 | public: 31 | typedef std::map colormap_t; 32 | time_histogram_view(const time_histogram &histogram_, 33 | const colormap_t &port_colors_, 34 | const rgb_t &default_color_, const rgb_t &cdf_color_); 35 | 36 | class time_unit { 37 | public: 38 | time_unit(std::string name_, uint64_t seconds_) : 39 | name(name_), seconds(seconds_) {} 40 | std::string name; 41 | uint64_t seconds; 42 | }; 43 | class si_prefix { 44 | public: 45 | si_prefix(std::string prefix_, uint64_t magnitude_) : 46 | prefix(prefix_), magnitude(magnitude_) {} 47 | std::string prefix; 48 | uint64_t magnitude; 49 | }; 50 | class bucket_view { 51 | public: 52 | bucket_view(const time_histogram::bucket &bucket_, 53 | const colormap_t &color_map_, 54 | const rgb_t &default_color_) : 55 | bucket(bucket_), color_map(color_map_), default_color(default_color_) {} 56 | 57 | const time_histogram::bucket &bucket; 58 | const colormap_t &color_map; 59 | const rgb_t &default_color; 60 | 61 | void render(cairo_t *cr, const bounds_t &bounds); 62 | }; 63 | 64 | const time_histogram &histogram; 65 | const colormap_t port_colors; 66 | const rgb_t default_color; 67 | const rgb_t cdf_color; 68 | 69 | static const uint8_t y_tick_count; 70 | static const double bar_space_factor; 71 | static const double cdf_line_width; 72 | static const std::vector time_units; 73 | static const std::vector si_prefixes; 74 | static const double blank_bar_line_width; 75 | static const rgb_t blank_bar_line_color; 76 | static const double bar_label_font_size; 77 | static const double bar_label_width_factor; 78 | static const rgb_t bar_label_normal_color; 79 | static const rgb_t bar_label_highlight_color; 80 | 81 | void render(cairo_t *cr, const bounds_t &bounds); 82 | void render_data(cairo_t *cr, const bounds_t &bounds); 83 | static std::string next_bar_label(const std::string &unit, unsigned &numeric_label, unsigned delta, 84 | rgb_t &label_color); 85 | 86 | private: 87 | // for labelling purposes, a bar is s wide 88 | std::string bar_time_unit; 89 | uint32_t bar_time_value; 90 | // if the bar time unit isn't exact, we can't label bars because they'll drift 91 | uint32_t bar_time_remainder; 92 | 93 | static std::vector build_time_units(); 94 | static std::vector build_si_prefixes(); 95 | }; 96 | 97 | #endif 98 | #endif 99 | -------------------------------------------------------------------------------- /doc/Planning-1page.txt: -------------------------------------------------------------------------------- 1 | [mockup of 1 page report] 2 | 3 | tcpflow 4 | input: 5 | 6 | Date range: ISO-8601 to ISO-8601 7 | Packets Analyzed: COUNT (XXX MB) 8 | Protocols: IPv4 (%); IPv6 (%); ARP (%); Other (?) 9 | 10 | +-------------------------------------------------------------+ 11 | | | 12 | | | 13 | | Bandwidth Histogram | 14 | | | 15 | +-------------------------------------------------------------+ 16 | 17 | +-------------------------------------------------------------+ 18 | | | 19 | | | 20 | | MAP | 21 | | | 22 | +-------------------------------------------------------------+ 23 | 24 | 25 | +-----------------------+ +-----------------------+ 26 | | | | | 27 | | | | | 28 | | | | | 29 | | Top Server IPs | -> | Top Client IPs | 30 | | | | | 31 | | | | | 32 | +-----------------------+ +-----------------------+ 33 | Top #1: IP (%) Top #1: IP (%) 34 | Top #2: IP (%) Top #2: IP (%) 35 | Top #3: IP (%) Top #3: IP (%) 36 | 37 | 38 | +-----------------------+ +-----------------------+ 39 | | | | | 40 | | | | | 41 | | | | | 42 | | Top Server Ports | -> | Top Client Ports | 43 | | | | | 44 | | | | | 45 | +-----------------------+ +-----------------------+ 46 | Top #1: Port (%) Top #1: Port (%) 47 | Top #2: Port (%) Top #2: Port (%) 48 | Top #3: Port (%) Top #3: Port (%) 49 | 50 | 51 | 52 | +-----------------------+ +-----------------------+ 53 | | | | | 54 | | | | | 55 | | | | | 56 | | | | Observed Downloaded | 57 | | | | Types | 58 | | | | | 59 | +-----------------------+ +-----------------------+ 60 | 61 | 62 | 63 | 64 | ==== 65 | Notes: 66 | 67 | 1 - DNS Resolution: 68 | 1.1 - IP addresses only. 69 | 1.2 - Passive DNS 70 | 1.3 - Passive DNS augmented by a list of DNS records (in PCAP format) 71 | 1.4 - Generate a list of IP addresses requiring resolution 72 | -------------------------------------------------------------------------------- /src/netviz/legend_view.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * legend_view.cpp: 3 | * Show packets received vs port 4 | * 5 | * This source file is public domain, as it is not based on the original tcpflow. 6 | * 7 | * Author: Michael Shick 8 | * 9 | */ 10 | 11 | #include "config.h" 12 | 13 | #ifdef HAVE_LIBCAIRO 14 | #include "tcpflow.h" 15 | 16 | #include "legend_view.h" 17 | 18 | using namespace std; 19 | 20 | const string legend_view::empty_legend_label = "No TCP"; 21 | const double legend_view::base_font_size = 6.0; 22 | const double legend_view::chip_length = 8.0; 23 | const double legend_view::chip_label_space = 4.0; 24 | const double legend_view::inter_item_space = 12.0; 25 | const double legend_view::padding = 8.0; 26 | const double legend_view::border_width = 0.5; 27 | const plot_view::rgb_t legend_view::border_color(0.67, 0.67, 0.67); 28 | 29 | void legend_view::render(cairo_t *cr, const plot_view::bounds_t &bounds) const 30 | { 31 | double font_size = base_font_size; 32 | if(entries.size() == 0) { 33 | font_size *= 2.0; 34 | } 35 | cairo_set_font_size(cr, font_size); 36 | 37 | double tallest = 0.0; 38 | double total_width = 0.0; 39 | for(entries_t::const_iterator it = entries.begin(); it != entries.end(); ++it) { 40 | cairo_text_extents_t extents; 41 | cairo_text_extents(cr, it->label.c_str(), &extents); 42 | total_width += chip_length + chip_label_space + extents.width; 43 | if(it + 1 != entries.end()) { 44 | total_width += inter_item_space; 45 | } 46 | if(extents.height > tallest) { 47 | tallest = extents.height; 48 | } 49 | } 50 | if(entries.size() == 0) { 51 | cairo_text_extents_t extents; 52 | cairo_text_extents(cr, empty_legend_label.c_str(), &extents); 53 | total_width += extents.width; 54 | tallest = extents.height; 55 | } 56 | 57 | double chip_y = bounds.y + ((bounds.height - chip_length) / 2.0); 58 | double label_y = bounds.y + ((bounds.height + tallest) / 2.0); 59 | double x = bounds.x + ((bounds.width - total_width) / 2.0); 60 | 61 | cairo_set_source_rgb(cr, border_color.r, border_color.g, border_color.b); 62 | cairo_set_line_width(cr, border_width); 63 | cairo_rectangle(cr, x, bounds.y, total_width + (padding * 2.0), bounds.height); 64 | cairo_stroke(cr); 65 | 66 | x += padding; 67 | 68 | for(entries_t::const_iterator it = entries.begin(); it != entries.end(); ++it) { 69 | cairo_text_extents_t extents; 70 | cairo_text_extents(cr, it->label.c_str(), &extents); 71 | 72 | const plot_view::rgb_t &color = it->color; 73 | cairo_set_source_rgb(cr, color.r, color.g, color.b); 74 | cairo_rectangle(cr, x, chip_y, chip_length, chip_length); 75 | cairo_fill(cr); 76 | 77 | x += chip_length + chip_label_space; 78 | 79 | cairo_set_source_rgb(cr, 0.0, 0.0, 0.0); 80 | cairo_move_to(cr, x, label_y); 81 | cairo_show_text(cr, it->label.c_str()); 82 | x += extents.width + inter_item_space; 83 | } 84 | if(entries.size() == 0) { 85 | cairo_text_extents_t extents; 86 | cairo_text_extents(cr, empty_legend_label.c_str(), &extents); 87 | 88 | cairo_set_source_rgb(cr, 0.0, 0.0, 0.0); 89 | cairo_move_to(cr, x, label_y); 90 | cairo_show_text(cr, empty_legend_label.c_str()); 91 | x += extents.width + inter_item_space; 92 | } 93 | } 94 | #endif 95 | -------------------------------------------------------------------------------- /src/be13_api/pcap_fake.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C++; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 | /* 3 | * pcap_fake.h 4 | * A fake libpcap implementation that can only read files without a filter. 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | __BEGIN_DECLS 13 | 14 | /* 15 | * Version number of the current version of the pcap file format. 16 | * 17 | * NOTE: this is *NOT* the version number of the libpcap library. 18 | * To fetch the version information for the version of libpcap 19 | * you're using, use pcap_lib_version(). 20 | */ 21 | #define PCAP_VERSION_MAJOR 2 22 | #define PCAP_VERSION_MINOR 4 23 | #define PCAP_ERRBUF_SIZE 256 24 | 25 | 26 | struct pcap_file_header { 27 | uint32_t magic; // d4 c3 b2 a1 28 | uint16_t version_major; // 02 00 29 | uint16_t version_minor; // 04 00 30 | int32_t thiszone; /* gmt to local correction - 00 00 00 00*/ 31 | uint32_t sigfigs; /* accuracy of timestamps */ 32 | uint32_t snaplen; /* max length saved portion of each pkt */ 33 | uint32_t linktype; /* data link type (LINKTYPE_*) */ 34 | } __attribute__((packed)); 35 | struct pcap_pkthdr { 36 | struct timeval ts; /* time stamp; native */ 37 | uint32_t caplen; /* length of portion present */ 38 | uint32_t len; /* length this packet (off wire) */ 39 | }__attribute__((packed)); 40 | 41 | /* What we need after opening the file to process each next packet */ 42 | typedef struct pcap pcap_t; 43 | 44 | /* 45 | * Taken from pcap-int.h 46 | */ 47 | //typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); 48 | typedef void (*pcap_handler)(uint8_t *, const struct pcap_pkthdr *, const uint8_t *); 49 | 50 | struct bpf_program { 51 | int valid; // set true if filter is valid 52 | }; 53 | 54 | char *pcap_lookupdev(char *); // not implemented 55 | pcap_t *pcap_open_live(const char *, int, int, int, char *); // not implemented 56 | pcap_t *pcap_open_offline(const char *, char *); // open the file; set f 57 | pcap_t *pcap_fopen_offline(FILE *fp,char *errbuf); 58 | void pcap_close(pcap_t *); // close the file 59 | int pcap_loop(pcap_t *, int, pcap_handler, uint8_t *); // read the file and call loopback on each packet 60 | int pcap_datalink(pcap_t *); // noop 61 | int pcap_setfilter(pcap_t *, struct bpf_program *); // noop 62 | int pcap_compile(pcap_t *, struct bpf_program *, const char *, int, uint32_t); // generate error if filter provided 63 | char *pcap_geterr(pcap_t *); 64 | /* 65 | * These are the types that are the same on all platforms, and that 66 | * have been defined by for ages. 67 | */ 68 | #define DLT_NULL 0 /* BSD loopback encapsulation */ 69 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ 70 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ 71 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ 72 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ 73 | #define DLT_CHAOS 5 /* Chaos */ 74 | #define DLT_IEEE802 6 /* 802.5 Token Ring */ 75 | #define DLT_ARCNET 7 /* ARCNET, with BSD-style header */ 76 | #define DLT_SLIP 8 /* Serial Line IP */ 77 | #define DLT_PPP 9 /* Point-to-point Protocol */ 78 | #define DLT_FDDI 10 /* FDDI */ 79 | #define DLT_RAW 101 /* just packets */ 80 | 81 | 82 | __END_DECLS 83 | 84 | 85 | -------------------------------------------------------------------------------- /src/be13_api/net_ethernet.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 1997, 1999, 2001, 2008 Free Software Foundation, Inc. 2 | This file is part of the GNU C Library. 3 | 4 | The GNU C Library is free software; you can redistribute it and/or 5 | modify it under the terms of the GNU Lesser General Public 6 | License as published by the Free Software Foundation; either 7 | version 2.1 of the License, or (at your option) any later version. 8 | 9 | The GNU C Library is distributed in the hope that it will be useful, 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | Lesser General Public License for more details. 13 | 14 | You should have received a copy of the GNU Lesser General Public 15 | License along with the GNU C Library; if not, write to the Free 16 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 17 | 02111-1307 USA. */ 18 | 19 | /* Based on the FreeBSD version of this file. Curiously, that file 20 | lacks a copyright in the header. */ 21 | 22 | #ifndef __NET_ETHERNET_H 23 | #define __NET_ETHERNET_H 1 24 | 25 | #include 26 | #include 27 | //#include /* IEEE 802.3 Ethernet constants */ 28 | 29 | __BEGIN_DECLS 30 | 31 | /* This is a name for the 48 bit ethernet address available on many 32 | systems. */ 33 | struct ether_addr 34 | { 35 | u_int8_t ether_addr_octet[ETH_ALEN]; 36 | } __attribute__ ((__packed__)); 37 | 38 | /* 10Mb/s ethernet header */ 39 | struct ether_header 40 | { 41 | u_int8_t ether_dhost[ETH_ALEN]; /* destination eth addr */ 42 | u_int8_t ether_shost[ETH_ALEN]; /* source ether addr */ 43 | u_int16_t ether_type; /* packet type ID field */ 44 | } __attribute__ ((__packed__)); 45 | 46 | /* Ethernet protocol ID's */ 47 | #define ETHERTYPE_PUP 0x0200 /* Xerox PUP */ 48 | #define ETHERTYPE_SPRITE 0x0500 /* Sprite */ 49 | #define ETHERTYPE_IP 0x0800 /* IP */ 50 | #define ETHERTYPE_ARP 0x0806 /* Address resolution */ 51 | #define ETHERTYPE_REVARP 0x8035 /* Reverse ARP */ 52 | #define ETHERTYPE_AT 0x809B /* AppleTalk protocol */ 53 | #define ETHERTYPE_AARP 0x80F3 /* AppleTalk ARP */ 54 | #define ETHERTYPE_VLAN 0x8100 /* IEEE 802.1Q VLAN tagging */ 55 | #define ETHERTYPE_IPX 0x8137 /* IPX */ 56 | #define ETHERTYPE_IPV6 0x86dd /* IP protocol version 6 */ 57 | #define ETHERTYPE_LOOPBACK 0x9000 /* used to test interfaces */ 58 | 59 | 60 | #define ETHER_ADDR_LEN ETH_ALEN /* size of ethernet addr */ 61 | #define ETHER_TYPE_LEN 2 /* bytes in type field */ 62 | #define ETHER_CRC_LEN 4 /* bytes in CRC field */ 63 | #define ETHER_HDR_LEN ETH_HLEN /* total octets in header */ 64 | #define ETHER_MIN_LEN (ETH_ZLEN + ETHER_CRC_LEN) /* min packet length */ 65 | #define ETHER_MAX_LEN (ETH_FRAME_LEN + ETHER_CRC_LEN) /* max packet length */ 66 | 67 | /* make sure ethenet length is valid */ 68 | #define ETHER_IS_VALID_LEN(foo) \ 69 | ((foo) >= ETHER_MIN_LEN && (foo) <= ETHER_MAX_LEN) 70 | 71 | /* 72 | * The ETHERTYPE_NTRAILER packet types starting at ETHERTYPE_TRAIL have 73 | * (type-ETHERTYPE_TRAIL)*512 bytes of data followed 74 | * by an ETHER type (as given above) and then the (variable-length) header. 75 | */ 76 | #define ETHERTYPE_TRAIL 0x1000 /* Trailer packet */ 77 | #define ETHERTYPE_NTRAILER 16 78 | 79 | #define ETHERMTU ETH_DATA_LEN 80 | #define ETHERMIN (ETHER_MIN_LEN - ETHER_HDR_LEN - ETHER_CRC_LEN) 81 | 82 | __END_DECLS 83 | 84 | #endif /* net/ethernet.h */ 85 | -------------------------------------------------------------------------------- /m4/ac_prog_java_works.m4: -------------------------------------------------------------------------------- 1 | dnl @synopsis AC_PROG_JAVA_WORKS 2 | dnl 3 | dnl Internal use ONLY. 4 | dnl 5 | dnl Note: This is part of the set of autoconf M4 macros for Java 6 | dnl programs. It is VERY IMPORTANT that you download the whole set, 7 | dnl some macros depend on other. Unfortunately, the autoconf archive 8 | dnl does not support the concept of set of macros, so I had to break it 9 | dnl for submission. The general documentation, as well as the sample 10 | dnl configure.in, is included in the AC_PROG_JAVA macro. 11 | dnl 12 | dnl @category Java 13 | dnl @author Stephane Bortzmeyer 14 | dnl @version 2000-07-19 15 | dnl @license GPLWithACException 16 | 17 | AC_DEFUN([AC_PROG_JAVA_WORKS], [ 18 | AC_CHECK_PROG(uudecode, uudecode$EXEEXT, yes) 19 | if test x$uudecode = xyes; then 20 | AC_CACHE_CHECK([if uudecode can decode base 64 file], ac_cv_prog_uudecode_base64, [ 21 | dnl /** 22 | dnl * Test.java: used to test if java compiler works. 23 | dnl */ 24 | dnl public class Test 25 | dnl { 26 | dnl 27 | dnl public static void 28 | dnl main( String[] argv ) 29 | dnl { 30 | dnl System.exit (0); 31 | dnl } 32 | dnl 33 | dnl } 34 | cat << \EOF > Test.uue 35 | begin-base64 644 Test.class 36 | yv66vgADAC0AFQcAAgEABFRlc3QHAAQBABBqYXZhL2xhbmcvT2JqZWN0AQAE 37 | bWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARDb2RlAQAPTGluZU51 38 | bWJlclRhYmxlDAAKAAsBAARleGl0AQAEKEkpVgoADQAJBwAOAQAQamF2YS9s 39 | YW5nL1N5c3RlbQEABjxpbml0PgEAAygpVgwADwAQCgADABEBAApTb3VyY2VG 40 | aWxlAQAJVGVzdC5qYXZhACEAAQADAAAAAAACAAkABQAGAAEABwAAACEAAQAB 41 | AAAABQO4AAyxAAAAAQAIAAAACgACAAAACgAEAAsAAQAPABAAAQAHAAAAIQAB 42 | AAEAAAAFKrcAErEAAAABAAgAAAAKAAIAAAAEAAQABAABABMAAAACABQ= 43 | ==== 44 | EOF 45 | if uudecode$EXEEXT Test.uue; then 46 | ac_cv_prog_uudecode_base64=yes 47 | else 48 | echo "configure: __oline__: uudecode had trouble decoding base 64 file 'Test.uue'" >&AC_FD_CC 49 | echo "configure: failed file was:" >&AC_FD_CC 50 | cat Test.uue >&AC_FD_CC 51 | ac_cv_prog_uudecode_base64=no 52 | fi 53 | rm -f Test.uue]) 54 | fi 55 | if test x$ac_cv_prog_uudecode_base64 != xyes; then 56 | rm -f Test.class 57 | AC_MSG_WARN([I have to compile Test.class from scratch]) 58 | if test x$ac_cv_prog_javac_works = xno; then 59 | AC_MSG_ERROR([Cannot compile java source. $JAVAC does not work properly]) 60 | fi 61 | if test x$ac_cv_prog_javac_works = x; then 62 | AC_PROG_JAVAC 63 | fi 64 | fi 65 | AC_CACHE_CHECK(if $JAVA works, ac_cv_prog_java_works, [ 66 | JAVA_TEST=Test.java 67 | CLASS_TEST=Test.class 68 | TEST=Test 69 | changequote(, )dnl 70 | cat << \EOF > $JAVA_TEST 71 | /* [#]line __oline__ "configure" */ 72 | public class Test { 73 | public static void main (String args[]) { 74 | System.exit (0); 75 | } } 76 | EOF 77 | changequote([, ])dnl 78 | if test x$ac_cv_prog_uudecode_base64 != xyes; then 79 | if AC_TRY_COMMAND($JAVAC $JAVACFLAGS $JAVA_TEST) && test -s $CLASS_TEST; then 80 | : 81 | else 82 | echo "configure: failed program was:" >&AC_FD_CC 83 | cat $JAVA_TEST >&AC_FD_CC 84 | AC_MSG_ERROR(The Java compiler $JAVAC failed (see config.log, check the CLASSPATH?)) 85 | fi 86 | fi 87 | if AC_TRY_COMMAND($JAVA $JAVAFLAGS $TEST) >/dev/null 2>&1; then 88 | ac_cv_prog_java_works=yes 89 | else 90 | echo "configure: failed program was:" >&AC_FD_CC 91 | cat $JAVA_TEST >&AC_FD_CC 92 | AC_MSG_ERROR(The Java VM $JAVA failed (see config.log, check the CLASSPATH?)) 93 | fi 94 | rm -fr $JAVA_TEST $CLASS_TEST Test.uue 95 | ]) 96 | AC_PROVIDE([$0])dnl 97 | ] 98 | ) 99 | -------------------------------------------------------------------------------- /src/wifipcap/oui.h: -------------------------------------------------------------------------------- 1 | /* @(#) $Header: /home/cvs/wifitools/wifipcap/oui.h,v 1.1.1.1 2006/12/14 01:22:11 jpang Exp $ (LBL) */ 2 | /* 3 | * Redistribution and use in source and binary forms, with or without 4 | * modification, are permitted provided that: (1) source code 5 | * distributions retain the above copyright notice and this paragraph 6 | * in its entirety, and (2) distributions including binary code include 7 | * the above copyright notice and this paragraph in its entirety in 8 | * the documentation or other materials provided with the distribution. 9 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND 10 | * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT 11 | * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 12 | * FOR A PARTICULAR PURPOSE. 13 | * 14 | * Original code by Hannes Gredler (hannes@juniper.net) 15 | */ 16 | 17 | #ifndef UNI_OUT_H 18 | #define UNI_OUT_H 19 | 20 | extern struct tok oui_values[]; 21 | extern struct tok smi_values[]; 22 | 23 | #define OUI_ENCAP_ETHER 0x000000 /* encapsulated Ethernet */ 24 | #define OUI_CISCO 0x00000c /* Cisco protocols */ 25 | #define OUI_NORTEL 0x000081 /* Nortel SONMP */ 26 | #define OUI_CISCO_90 0x0000f8 /* Cisco bridging */ 27 | #define OUI_RFC2684 0x0080c2 /* RFC 2427/2684 bridged Ethernet */ 28 | #define OUI_ATM_FORUM 0x00A03E /* ATM Forum */ 29 | #define OUI_CABLE_BPDU 0x00E02F /* DOCSIS spanning tree BPDU */ 30 | #define OUI_APPLETALK 0x080007 /* Appletalk */ 31 | #define OUI_JUNIPER 0x009069 /* Juniper */ 32 | #define OUI_HP 0x080009 /* Hewlett-Packard */ 33 | 34 | /* 35 | * These are SMI Network Management Private Enterprise Codes for 36 | * organizations; see 37 | * 38 | * http://www.iana.org/assignments/enterprise-numbers 39 | * 40 | * for a list. 41 | * 42 | * List taken from Ethereal's epan/sminmpec.h. 43 | */ 44 | #define SMI_IETF 0 /* reserved - used by the IETF in L2TP? */ 45 | #define SMI_ACC 5 46 | #define SMI_CISCO 9 47 | #define SMI_HEWLETT_PACKARD 11 48 | #define SMI_SUN_MICROSYSTEMS 42 49 | #define SMI_MERIT 61 50 | #define SMI_SHIVA 166 51 | #define SMI_ERICSSON 193 52 | #define SMI_CISCO_VPN5000 255 53 | #define SMI_LIVINGSTON 307 54 | #define SMI_MICROSOFT 311 55 | #define SMI_3COM 429 56 | #define SMI_ASCEND 529 57 | #define SMI_BAY 1584 58 | #define SMI_FOUNDRY 1991 59 | #define SMI_VERSANET 2180 60 | #define SMI_REDBACK 2352 61 | #define SMI_JUNIPER 2636 62 | #define SMI_APTIS 2637 63 | #define SMI_CISCO_VPN3000 3076 64 | #define SMI_COSINE 3085 65 | #define SMI_SHASTA 3199 66 | #define SMI_NETSCREEN 3224 67 | #define SMI_NOMADIX 3309 68 | #define SMI_SIEMENS 4329 69 | #define SMI_CABLELABS 4491 70 | #define SMI_UNISPHERE 4874 71 | #define SMI_CISCO_BBSM 5263 72 | #define SMI_THE3GPP2 5535 73 | #define SMI_IP_UNPLUGGED 5925 74 | #define SMI_ISSANNI 5948 75 | #define SMI_QUINTUM 6618 76 | #define SMI_INTERLINK 6728 77 | #define SMI_COLUBRIS 8744 78 | #define SMI_COLUMBIA_UNIVERSITY 11862 79 | #define SMI_THE3GPP 10415 80 | #define SMI_GEMTEK_SYSTEMS 10529 81 | #define SMI_WIFI_ALLIANCE 14122 82 | #endif 83 | -------------------------------------------------------------------------------- /doc/timeline_1.4.txt: -------------------------------------------------------------------------------- 1 | Timeline for 1.4 ship: 2 | 3 | 4 | + mfs + Document the refactored class hiearchy for one-page-report. 5 | + slg will look at before mfs begins refactoring 6 | 7 | + plot becomes abstract 8 | + pure virtual destructor (protected constructor too?) 9 | + concrete render(cairo_t, bounds_t) 10 | + pure virtual render_data(cairo_t, bounds_t) 11 | - This is called by render, which will calculate the bounds within the 12 | axes, labels etc. 13 | - sublcasses need only override render_data, plot() owns the space given 14 | to it 15 | - time_histogram split into time_histogram and time_histogram_plot 16 | - time_histogram_plot is a concrete subclass of plot 17 | - contains pointer to const time_histogram and probably not too much else 18 | - time_histogram replaces dyn_time_histogram 19 | - time_histogram now contains a vector of maps and a const pointer to 20 | the best fit histogram (best fit map) which starts as the most granular 21 | histogram and is updated as histograms are dropped for overflow 22 | - implement [], size() directly on time_histogram to hide implementation 23 | and selection 24 | - port_histogram and address_histogram are similarly split 25 | - histogram_bar class is added 26 | - map (or fixed bucket uints?) values to counts 27 | - render(cairo_t, bounds_t, color_map) will fill region with a proportional 28 | bar by counts 29 | - with a flexible enough histogram_bar class, time_histogram_plot, 30 | port_histogram_plot, and address_histogram_plot can be merged into 31 | templated histogram_plot concrete subclass of plot if desired 32 | - packet intestion logic is moved to one_page_report; histograms are simply 33 | data structures 34 | - could create ingester class instead too 35 | 36 | 37 | 38 | 39 | Features needed: 40 | ================ 41 | - Packet Grid 42 | - Documentation (NPS Report) 43 | 44 | 45 | What we are not doing: 46 | ====================== 47 | - Traffic Map 48 | - Language identification 49 | - Keyword extraction & clustering 50 | - Passive DNS 51 | 52 | 53 | Test Plan: 54 | ========== 55 | - Performance testing 56 | 57 | Packaging: 58 | ---------- 59 | - Put relevant boost headers in boost subdirectory 60 | 61 | Compile testing: 62 | ---------------- 63 | Make sure that it compiles on these platforms: 64 | - FC17 65 | - Ubuntu 66 | - OS10.6, 10.8 67 | - cygwin 68 | - mingw 69 | - Centos 5.8 70 | - Centos 6.0 71 | - SUSE 72 | 73 | 74 | Reliability testing: 75 | -------------------- 76 | Test for crashing with all scanners on with specific data sets: 77 | - no packets 78 | - Lincoln Labs ID98 79 | - One day 80 | - All of the packets concatenated together 81 | - Lincoln Labs ID99 (All of the packets concatenated together) 82 | - One day 83 | - All of the packets concatenated together 84 | - One day from ID98 & One day from ID99 85 | - M57 Patents 86 | - One day 87 | - All packets concatenated together 88 | - NGDC 2012 89 | - All packets concatenated together 90 | 91 | - Cada? 92 | 93 | Correctness testing: 94 | -------------------- 95 | Create a file of all MD5s of all TCP streams. Sort the file. Use "diff" 96 | 97 | Data Sets for comparison: 98 | - ID98 one day 99 | - M57 one day 100 | 101 | Compare results of: 102 | - tcpflow 1.4 with tcpflow 1.0 103 | - Question: Can Suricata provide the MD5 of tcp streams? 104 | 105 | 106 | 107 | Packaging: 108 | ---------- 109 | - .tar.gz file distributed on digitalcorpora. 110 | - windows executables on digitalcorpora 111 | - downloadable tag from github 112 | 113 | 114 | Announcements: 115 | ------------- 116 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /m4/slg_gcc_all_warnings.m4: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Enable all the compiler debugging we can find 4 | # Simson L. Garfinkel 5 | # 6 | # This is originally from PhotoRec, but modified substantially by Simson 7 | # Figure out which flags we can use with the compiler. 8 | # 9 | # These I don't like: 10 | # -Wdeclaration-after-statement -Wconversion 11 | # doesn't work: -Wunreachable-code 12 | # causes configure to crash on gcc-4.2.1: -Wsign-compare-Winline 13 | # causes warnings with unistd.h: -Wnested-externs 14 | # Just causes too much annoyance: -Wmissing-format-attribute 15 | 16 | # First, see if we are using CLANG 17 | using_clang=no 18 | if (g++ --version 2>&1 | grep clang > /dev/null) ; 19 | then 20 | AC_MSG_NOTICE([g++ is really clang++]) 21 | using_clang=yes 22 | fi 23 | if test x$CXX == "xclang++" ; then 24 | using_clang=yes 25 | fi 26 | 27 | 28 | 29 | # Check GCC 30 | C_WARNINGS_TO_TEST="-MD -Wpointer-arith -Wmissing-declarations -Wmissing-prototypes \ 31 | -Wshadow -Wwrite-strings -Wcast-align -Waggregate-return \ 32 | -Wbad-function-cast -Wcast-qual -Wundef -Wredundant-decls -Wdisabled-optimization \ 33 | -Wfloat-equal -Wmultichar -Wc++-compat -Wmissing-noreturn " 34 | 35 | if test x"${mingw}" != "xyes" ; then 36 | # add the warnings we do not want to do on mingw 37 | C_WARNINGS_TO_TEST="$C_WARNINGS_TO_TEST -Wall -Wstrict-prototypes" 38 | fi 39 | 40 | if test $using_clang == "no" ; then 41 | # -Wstrict-null-sentinel is not supported under clang 42 | CXX_WARNINGS_TO_TEST="$CXX_WARNINGS_TO_TEST -Wstrict-null-sentinel" 43 | fi 44 | 45 | 46 | 47 | echo "C Warnings to test: $C_WARNINGS_TO_TEST" 48 | 49 | for option in $C_WARNINGS_TO_TEST 50 | do 51 | SAVE_CFLAGS="$CFLAGS" 52 | CFLAGS="$CFLAGS $option" 53 | AC_MSG_CHECKING([whether gcc understands $option]) 54 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 55 | [has_option=yes], 56 | [has_option=no; CFLAGS="$SAVE_CFLAGS"]) 57 | AC_MSG_RESULT($has_option) 58 | unset has_option 59 | unset SAVE_CFLAGS 60 | if test $option = "-Wmissing-format-attribute" ; then 61 | AC_DEFINE(HAVE_MISSING_FORMAT_ATTRIBUTE_WARNING,1, 62 | [Indicates that we have the -Wmissing-format-attribute G++ warning]) 63 | fi 64 | done 65 | unset option 66 | 67 | 68 | # Check G++ 69 | # We don't use these warnings: 70 | # -Waggregate-return -- aggregate returns are GOOD; they simplify code design 71 | # We can use these warnings after ZLIB gets upgraded: 72 | # -Wundef --- causes problems with zlib 73 | # -Wcast-qual 74 | # -Wmissing-format-attribute --- Just too annoying 75 | AC_LANG_PUSH(C++) 76 | AC_CHECK_HEADERS([string]) 77 | CXX_WARNINGS_TO_TEST="-Wall -MD -D_FORTIFY_SOURCE=2 -Wpointer-arith \ 78 | -Wshadow -Wwrite-strings -Wcast-align \ 79 | -Wredundant-decls -Wdisabled-optimization \ 80 | -Wfloat-equal -Wmultichar -Wmissing-noreturn \ 81 | -Woverloaded-virtual -Wsign-promo \ 82 | -fno-new-ttp-matching \ 83 | -funit-at-a-time" 84 | 85 | if test x"${mingw}" != "xyes" ; then 86 | # add the warnings we don't want to do on mingw 87 | CXX_WARNINGS_TO_TEST="$CXX_WARNINGS_TO_TEST -Weffc++" 88 | fi 89 | 90 | echo "C++ Warnings to test: $CXX_WARNINGS_TO_TEST" 91 | 92 | for option in $CXX_WARNINGS_TO_TEST 93 | do 94 | SAVE_CXXFLAGS="$CXXFLAGS" 95 | CXXFLAGS="$CXXFLAGS $option" 96 | AC_MSG_CHECKING([whether g++ understands $option]) 97 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 98 | [has_option=yes], 99 | [has_option=no; CXXFLAGS="$SAVE_CXXFLAGS"]) 100 | AC_MSG_RESULT($has_option) 101 | unset has_option 102 | unset SAVE_CXXFLAGS 103 | done 104 | unset option 105 | AC_LANG_POP() 106 | 107 | 108 | -------------------------------------------------------------------------------- /src/be13_api/utils.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * A collection of utility functions that are useful. 3 | */ 4 | 5 | // Just for this module 6 | #define _FILE_OFFSET_BITS 64 7 | 8 | /* required per C++ standard */ 9 | #ifndef __STDC_FORMAT_MACROS 10 | #define __STDC_FORMAT_MACROS 11 | #endif 12 | 13 | #include "config.h" 14 | #include "cppmutex.h" 15 | #include "utils.h" 16 | 17 | #ifdef HAVE_UNISTD_H 18 | #include 19 | #endif 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #ifndef HAVE_ERR 32 | #include 33 | void err(int eval,const char *fmt,...) 34 | { 35 | va_list ap; 36 | va_start(ap,fmt); 37 | vfprintf(stderr,fmt,ap); 38 | va_end(ap); 39 | fprintf(stderr,": %s\n",strerror(errno)); 40 | exit(eval); 41 | } 42 | #endif 43 | 44 | #ifndef HAVE_ERRX 45 | #include 46 | void errx(int eval,const char *fmt,...) 47 | { 48 | va_list ap; 49 | va_start(ap,fmt); 50 | vfprintf(stderr,fmt,ap); 51 | fprintf(stderr,"%s\n",strerror(errno)); 52 | va_end(ap); 53 | exit(eval); 54 | } 55 | #endif 56 | 57 | #ifndef HAVE_WARN 58 | #include 59 | void warn(const char *fmt, ...) 60 | { 61 | va_list args; 62 | va_start(args,fmt); 63 | vfprintf(stderr,fmt, args); 64 | fprintf(stderr,": %s\n",strerror(errno)); 65 | } 66 | #endif 67 | 68 | #ifndef HAVE_WARNX 69 | #include 70 | void warnx(const char *fmt,...) 71 | { 72 | va_list ap; 73 | va_start(ap,fmt); 74 | vfprintf(stderr,fmt,ap); 75 | va_end(ap); 76 | } 77 | #endif 78 | 79 | /** Extract a buffer... 80 | * @param buf - the buffer to extract; 81 | * @param buflen - the size of the page to extract 82 | * @param pos0 - the byte position of buf[0] 83 | */ 84 | 85 | #ifndef HAVE_LOCALTIME_R 86 | /* locking localtime_r implementation */ 87 | cppmutex localtime_mutex; 88 | void localtime_r(time_t *t,struct tm *tm) 89 | { 90 | cppmutex::lock lock(localtime_mutex); 91 | *tm = *localtime(t); 92 | } 93 | #endif 94 | 95 | #ifndef HAVE_GMTIME_R 96 | /* locking gmtime_r implementation */ 97 | cppmutex gmtime_mutex; 98 | void gmtime_r(time_t *t,struct tm *tm) 99 | { 100 | if(t && tm){ 101 | cppmutex::lock lock(gmtime_mutex); 102 | struct tm *tmret = gmtime(t); 103 | if(tmret){ 104 | *tm = *tmret; 105 | } else { 106 | memset(tm,0,sizeof(*tm)); 107 | } 108 | } 109 | } 110 | #endif 111 | 112 | 113 | 114 | bool ends_with(const std::string &buf,const std::string &with) 115 | { 116 | size_t buflen = buf.size(); 117 | size_t withlen = with.size(); 118 | return buflen>withlen && buf.substr(buflen-withlen,withlen)==with; 119 | } 120 | 121 | bool ends_with(const std::wstring &buf,const std::wstring &with) 122 | { 123 | size_t buflen = buf.size(); 124 | size_t withlen = with.size(); 125 | return buflen>withlen && buf.substr(buflen-withlen,withlen)==with; 126 | } 127 | 128 | 129 | #include 130 | 131 | /****************************************************************/ 132 | /* C++ string splitting code from http://stackoverflow.com/questions/236129/how-to-split-a-string-in-c */ 133 | std::vector &split(const std::string &s, char delim, std::vector &elems) 134 | { 135 | std::stringstream ss(s); 136 | std::string item; 137 | while(std::getline(ss, item, delim)) { 138 | elems.push_back(item); 139 | } 140 | return elems; 141 | } 142 | 143 | std::vector split(const std::string &s, char delim) 144 | { 145 | std::vector elems; 146 | return split(s, delim, elems); 147 | } 148 | 149 | 150 | 151 | 152 | -------------------------------------------------------------------------------- /src/wifipcap/arp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that: (1) source code distributions 7 | * retain the above copyright notice and this paragraph in its entirety, (2) 8 | * distributions including binary code include the above copyright notice and 9 | * this paragraph in its entirety in the documentation or other materials 10 | * provided with the distribution, and (3) all advertising materials mentioning 11 | * features or use of this software display the following acknowledgement: 12 | * ``This product includes software developed by the University of California, 13 | * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 | * the University nor the names of its contributors may be used to endorse 15 | * or promote products derived from this software without specific prior 16 | * written permission. 17 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 | * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 | */ 21 | 22 | /* 23 | * Address Resolution Protocol. 24 | * 25 | * See RFC 826 for protocol description. ARP packets are variable 26 | * in size; the arphdr structure defines the fixed-length portion. 27 | * Protocol type values are the same as those for 10 Mb/s Ethernet. 28 | * It is followed by the variable-sized fields ar_sha, arp_spa, 29 | * arp_tha and arp_tpa in that order, according to the lengths 30 | * specified. Field names used correspond to RFC 826. 31 | */ 32 | struct arp_pkthdr { 33 | u_short ar_hrd; /* format of hardware address */ 34 | #define ARPHRD_ETHER 1 /* ethernet hardware format */ 35 | #define ARPHRD_IEEE802 6 /* token-ring hardware format */ 36 | #define ARPHRD_ARCNET 7 /* arcnet hardware format */ 37 | #define ARPHRD_FRELAY 15 /* frame relay hardware format */ 38 | #define ARPHRD_STRIP 23 /* Ricochet Starmode Radio hardware format */ 39 | #define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */ 40 | u_short ar_pro; /* format of protocol address */ 41 | u_char ar_hln; /* length of hardware address */ 42 | u_char ar_pln; /* length of protocol address */ 43 | u_short ar_op; /* one of: */ 44 | #define ARPOP_REQUEST 1 /* request to resolve address */ 45 | #define ARPOP_REPLY 2 /* response to previous request */ 46 | #define ARPOP_REVREQUEST 3 /* request protocol address given hardware */ 47 | #define ARPOP_REVREPLY 4 /* response giving protocol address */ 48 | #define ARPOP_INVREQUEST 8 /* request to identify peer */ 49 | #define ARPOP_INVREPLY 9 /* response identifying peer */ 50 | /* 51 | * The remaining fields are variable in size, 52 | * according to the sizes above. 53 | */ 54 | #ifdef COMMENT_ONLY 55 | u_char ar_sha[]; /* sender hardware address */ 56 | u_char ar_spa[]; /* sender protocol address */ 57 | u_char ar_tha[]; /* target hardware address */ 58 | u_char ar_tpa[]; /* target protocol address */ 59 | #endif 60 | #define ar_sha(ap) (((const u_char *)((ap)+1))+0) 61 | #define ar_spa(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln) 62 | #define ar_tha(ap) (((const u_char *)((ap)+1))+ (ap)->ar_hln+(ap)->ar_pln) 63 | #define ar_tpa(ap) (((const u_char *)((ap)+1))+2*(ap)->ar_hln+(ap)->ar_pln) 64 | }; 65 | 66 | #define ARP_HDRLEN 8 67 | 68 | #define HRD(ap) EXTRACT_16BITS(&(ap)->ar_hrd) 69 | #define HLN(ap) ((ap)->ar_hln) 70 | #define PLN(ap) ((ap)->ar_pln) 71 | #define OP(ap) EXTRACT_16BITS(&(ap)->ar_op) 72 | #define PRO(ap) EXTRACT_16BITS(&(ap)->ar_pro) 73 | #define SHA(ap) (ar_sha(ap)) 74 | #define SPA(ap) (ar_spa(ap)) 75 | #define THA(ap) (ar_tha(ap)) 76 | #define TPA(ap) (ar_tpa(ap)) 77 | -------------------------------------------------------------------------------- /src/pcap_writer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * pcap_writer.h: 3 | * 4 | * A class for writing pcap files 5 | */ 6 | 7 | #ifndef HAVE_PCAP_WRITER_H 8 | #define HAVE_PCAP_WRITER_H 9 | class pcap_writer { 10 | /* These are not implemented */ 11 | pcap_writer &operator=(const pcap_writer &that); 12 | pcap_writer(const pcap_writer &t); 13 | class write_error: public std::exception { 14 | virtual const char *what() const throw() { 15 | return "write error in pcap_write"; 16 | } 17 | }; 18 | 19 | enum {PCAP_RECORD_HEADER_SIZE = 16, 20 | PCAP_MAX_PKT_LEN = 65535, // wire shark may reject larger 21 | PCAP_HEADER_SIZE = 4+2+2+4+4+4+4, 22 | }; 23 | FILE *fcap; // where file is written 24 | void write_bytes(const uint8_t * const val, size_t num_bytes) { 25 | size_t count = fwrite(val,1,num_bytes,fcap); 26 | if (count != num_bytes) throw new write_error(); 27 | } 28 | void write2(const uint16_t val) { 29 | size_t count = fwrite(&val,1,2,fcap); 30 | if (count != 2) throw new write_error(); 31 | } 32 | void write4(const uint32_t val) { 33 | size_t count = fwrite(&val,1,4,fcap); 34 | if (count != 4) throw new write_error(); 35 | } 36 | void open(const std::string &fname) { 37 | fcap = fopen(fname.c_str(),"wb"); // write the output 38 | if(fcap==0) throw new write_error(); 39 | } 40 | void write_header(const int pcap_dlt){ 41 | write4(0xa1b2c3d4); 42 | write2(2); // major version number 43 | write2(4); // minor version number 44 | write4(0); // time zone offset; always 0 45 | write4(0); // accuracy of time stamps in the file; always 0 46 | write4(PCAP_MAX_PKT_LEN); // snapshot length 47 | write4(pcap_dlt); // link layer encapsulation 48 | } 49 | void copy_header(const std::string &ifname){ 50 | /* assert byte order is correct */ 51 | FILE *f2 = fopen(ifname.c_str(),"rb"); 52 | if(f2==0) throw new write_error(); 53 | u_char buf[PCAP_HEADER_SIZE]; 54 | if(fread(buf,1,sizeof(buf),f2)!=sizeof(buf)) throw new write_error(); 55 | if((buf[0]!=0xd4) || (buf[1]!=0xc3) || (buf[2]!=0xb2) || (buf[3]!=0xa1)){ 56 | std::cout << "pcap file " << ifname << " is in wrong byte order. Cannot continue.\n"; 57 | throw new write_error(); 58 | } 59 | if(fwrite(buf,1,sizeof(buf),fcap)!=sizeof(buf)) throw new write_error(); 60 | if(fclose(f2)!=0) throw new write_error(); 61 | } 62 | 63 | public: 64 | pcap_writer():fcap(0){} 65 | 66 | static pcap_writer *open_new(const std::string &ofname){ 67 | pcap_writer *pcw = new pcap_writer(); 68 | pcw->open(ofname); 69 | pcw->write_header(DLT_EN10MB); // static for temporary regression 70 | return pcw; 71 | } 72 | static pcap_writer *open_copy(const std::string &ofname,const std::string &ifname){ 73 | pcap_writer *pcw = new pcap_writer(); 74 | pcw->open(ofname); 75 | pcw->copy_header(ifname); 76 | return pcw; 77 | } 78 | virtual ~pcap_writer(){ 79 | if(fcap) fclose(fcap); 80 | } 81 | void writepkt(const struct pcap_pkthdr *h,const u_char *p) { 82 | /* Write a packet */ 83 | write4(h->ts.tv_sec); // time stamp, seconds avalue 84 | write4(h->ts.tv_usec); // time stamp, microseconds 85 | write4(h->caplen); 86 | write4(h->len); 87 | size_t count = fwrite(p,1,h->caplen,fcap); // the packet 88 | if(count!=h->caplen) throw new write_error(); 89 | } 90 | void refresh_sink(const std::string &fname, const int pcap_dlt) { 91 | open(fname); 92 | write_header(pcap_dlt); 93 | } 94 | void update_sink(FILE *sink) { 95 | fcap = sink; 96 | } 97 | FILE* yield_sink() { 98 | return fcap; 99 | } 100 | }; 101 | 102 | #endif 103 | -------------------------------------------------------------------------------- /.github/workflows/continuous-integration.yml: -------------------------------------------------------------------------------- 1 | # This file based on https://gist.github.com/mwouts/9842452d020c08faf9e84a3bba38a66f 2 | # See: https://help.github.com/en/actions/reference/software-installed-on-github-hosted-runners 3 | # 2020-06-22 - slg - customized 4 | # 2020-06-27 - slg - expanded to G++ for MacOS 5 | # 2020-07-03 - slg - ported to be13_api; removed python (be13_api doesn't use python) 6 | 7 | name: TCPFLOW CI (c++14) 8 | on: 9 | push: 10 | branches: 11 | - '**' # This will trigger the action for all branches 12 | pull_request: 13 | branches: 14 | - main # Specify the branches for which pull_request events should trigger the action 15 | jobs: 16 | native: 17 | runs-on: ${{ matrix.os }} 18 | strategy: 19 | matrix: 20 | os: ['macos-latest', 'ubuntu-latest'] 21 | 22 | steps: 23 | # https://github.com/actions/checkout 24 | - name: Checkout 25 | uses: actions/checkout@v4 26 | with: 27 | submodules: recursive 28 | 29 | - name: Install C++ dependencies on MacOS 30 | if: startsWith(matrix.os, 'macOS') 31 | run: | 32 | brew install libtool autoconf automake boost openssl libpcap cairo 33 | echo LDFLAGS="-L$(brew --prefix cairo)/lib -L$(brew --prefix libpcap)/lib -L$(brew --prefix openssl)/lib -L$(brew --prefix boost)/lib" >> $GITHUB_ENV 34 | echo CFLAGS="-I$(brew --prefix cairo)/include -I$(brew --prefix libpcap)/include -I$(brew --prefix openssl)/include -I$(brew --prefix boost)/include" >> $GITHUB_ENV 35 | echo CXXFLAGS="-I$(brew --prefix cairo)/include -I$(brew --prefix libpcap)/include -I$(brew --prefix openssl)/include -I$(brew --prefix boost)/include" >> $GITHUB_ENV 36 | echo PKG_CONFIG_PATH="$(brew --prefix cairo)/pkgconfig:$(brew --prefix libpcap)/pkgconfig:$(brew --prefix openssl)/lib/pkgconfig" >> $GITHUB_ENV 37 | 38 | - name: Install C++ dependencies on Ubuntu 39 | if: startsWith(matrix.os, 'ubuntu') 40 | run: | 41 | sudo apt install libtool autoconf automake g++ libboost-all-dev libssl-dev libpcap-dev libcairo2-dev 42 | automake --help 43 | 44 | - name: c/c++ test 45 | run: | 46 | bash bootstrap.sh 47 | ./configure && make && make check 48 | 49 | - uses: ammaraskar/gcc-problem-matcher@0.1 50 | name: GCC Problem Matcher 51 | 52 | - name: codecov report 53 | if: startsWith(matrix.os, 'ubuntu') 54 | env: 55 | CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} 56 | run: | 57 | bash .make-codecov 58 | 59 | freebsd: 60 | runs-on: ubuntu-latest 61 | steps: 62 | - uses: actions/checkout@v4 63 | with: 64 | submodules: recursive 65 | 66 | - name: Test in FreeBSD 67 | uses: vmactions/freebsd-vm@v1 68 | with: 69 | usesh: true 70 | prepare: | 71 | pkg install -y bash autoconf automake boost-all openssl libpcap cairo 72 | 73 | run: | 74 | set -e 75 | bash bootstrap.sh 76 | ./configure 77 | make 78 | make check 79 | 80 | openbsd: 81 | runs-on: ubuntu-latest 82 | steps: 83 | - uses: actions/checkout@v4 84 | with: 85 | submodules: recursive 86 | 87 | - name: Test in OpenBSD 88 | uses: vmactions/openbsd-vm@v1 89 | with: 90 | usesh: true 91 | prepare: | 92 | pkg_add bash autoconf%2.72 automake%1.16 boost cairo 93 | 94 | # OpenBSD has it's own libpcap which can't read some pcap, nuke it! 95 | run: | 96 | set -e 97 | env AUTOCONF_VERSION=2.72 AUTOMAKE_VERSION=1.16 bash bootstrap.sh 98 | ./configure 99 | make 100 | rm ./tests/test1-out-of-order.pcap 101 | rm ./tests/test5-lines-randomized.pcap 102 | rm ./tests/test5-lines-randomized2.pcap 103 | make check 104 | 105 | # NetBSD VM quite unstable, it hangs on installing cairo, bash bootstrap.sh and so on 106 | -------------------------------------------------------------------------------- /cmake/coverage.cmake: -------------------------------------------------------------------------------- 1 | # Configuraion of the Coverage build 2 | # Also adds targets to generate coverage repports 3 | 4 | # Process this file only if BUILD_TYPE is "Coverage" 5 | if( NOT CMAKE_BUILD_TYPE STREQUAL "Coverage" ) 6 | return() 7 | endif() 8 | 9 | # This file support coverage only for GCC and Clang compilers 10 | if( NOT CMAKE_COMPILER_IS_GNUCXX AND NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang" ) 11 | message(WARNING " Coverage not yet implemented for your compiler '${CMAKE_CXX_COMPILER_ID}' (only GNU and Clang)") 12 | return() 13 | endif() 14 | 15 | # The function assert() may introduce a bias in covered lines count 16 | # To ignore lines about assert() => Disable assert() 17 | add_definitions(-DNDEBUG) 18 | 19 | # Compilers GCC and Clang need flag --coverage 20 | # Flag --coverage is a synonym for -fprofile-arcs -ftest-coverage (when compiling) and -lgcov (when linking) 21 | # See https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-g_t_0040command_007bgcov_007d-938 22 | add_compile_options( --coverage ) 23 | link_libraries( --coverage ) 24 | 25 | # Depending on presence of tools gcov/gcovr/lcov/genhtml => Add targets 26 | # HTML report: 27 | # - gcovr --root . --html --html-details --output coverage.html --exclude-unreachable-branches --print-summary 28 | # - lcov + genhtml 29 | 30 | find_program (gcov gcov) 31 | if (NOT gcov) 32 | message(WARNING " Cannot find gcov => Build may fail...") 33 | endif() 34 | 35 | find_program (gcovr gcovr) 36 | if (gcovr) 37 | message (STATUS " Found command 'gcovr' => Use target 'gcovr' to generate coverage report '${CMAKE_BINARY_DIR}/gcovr.html'") 38 | add_custom_target (gcovr 39 | COMMAND ${gcovr} --root ${CMAKE_SOURCE_DIR} 40 | --exclude ${CMAKE_SOURCE_DIR}/3rdparty 41 | --exclude ${CMAKE_BINARY_DIR} 42 | --object-directory ${CMAKE_BINARY_DIR} 43 | --output ${CMAKE_BINARY_DIR}/gcovr.html 44 | --html 45 | --html-details 46 | --sort-uncovered 47 | --print-summary 48 | --exclude-unreachable-branches 49 | COMMAND echo " To display coverage report: firefox ${CMAKE_BINARY_DIR}/gcovr.html" 50 | ) 51 | else() 52 | message(WARNING " Cannot find command 'gcovr' => Please install package 'gcovr' to generate code coverage report (HTML)") 53 | endif() 54 | 55 | find_program (lcov lcov ) 56 | find_program (genhtml genhtml) 57 | if (lcov AND genhtml) 58 | message (STATUS " Found commands 'lcov' and 'genhtml' => Use target 'lcov' to generate coverage report '${CMAKE_BINARY_DIR}/lcov/index.html'") 59 | add_custom_target (lcov 60 | COMMAND ${lcov} --capture --directory ${CMAKE_BINARY_DIR} 61 | --no-external --output-file ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-all.info 62 | --no-checksum --base-directory ${CMAKE_SOURCE_DIR} 63 | --rc lcov_branch_coverage=1 --quiet 64 | COMMAND ${lcov} --remove ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-all.info 65 | ${CMAKE_SOURCE_DIR}/*/test/* 66 | ${CMAKE_SOURCE_DIR}/*/*/test/* 67 | ${CMAKE_SOURCE_DIR}/*/*/*/test/* 68 | --rc lcov_branch_coverage=1 69 | --output-file ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.info 70 | COMMAND ${genhtml} --rc genhtml_branch_coverage=1 ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.info 71 | --output-directory ${CMAKE_BINARY_DIR}/lcov 72 | --highlight --legend --quiet 73 | COMMAND echo " To display coverage report: firefox ${CMAKE_BINARY_DIR}/lcov/index.html" 74 | ) 75 | else() 76 | message(WARNING " Cannot find both commands 'lcov' and 'genhtml' => Please install package 'lcov' to generate code coverage report (HTML)") 77 | endif() 78 | -------------------------------------------------------------------------------- /CONFIGURE_FEDORA_18.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cat < iphtest-nitroba-$$i.txt ; \ 150 | done 151 | diff ../tests/iphtest-nitroba-100.txt iphtest-nitroba-100.txt 152 | diff ../tests/iphtest-nitroba-1000.txt iphtest-nitroba-1000.txt 153 | diff ../tests/iphtest-nitroba-10000.txt iphtest-nitroba-10000.txt 154 | echo iptree appears okay. 155 | -------------------------------------------------------------------------------- /src/wifipcap/cpack.cpp: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 2003, 2004 David Young. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 3. The name of David Young may not be used to endorse or promote 13 | * products derived from this software without specific prior 14 | * written permission. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 18 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID 20 | * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 22 | * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 27 | * OF SUCH DAMAGE. 28 | */ 29 | 30 | #ifndef WIN32 31 | 32 | #include 33 | 34 | #include "cpack.h" 35 | #include "extract.h" 36 | 37 | static u_int8_t * 38 | cpack_next_boundary(u_int8_t *buf, u_int8_t *p, size_t alignment) 39 | { 40 | size_t misalignment = (size_t)(p - buf) % alignment; 41 | 42 | if (misalignment == 0) 43 | return p; 44 | 45 | return p + (alignment - misalignment); 46 | } 47 | 48 | /* Advance to the next wordsize boundary. Return NULL if fewer than 49 | * wordsize bytes remain in the buffer after the boundary. Otherwise, 50 | * return a pointer to the boundary. 51 | */ 52 | static u_int8_t * 53 | cpack_align_and_reserve(struct cpack_state *cs, size_t wordsize) 54 | { 55 | u_int8_t *next; 56 | 57 | /* Ensure alignment. */ 58 | next = cpack_next_boundary(cs->c_buf, cs->c_next, wordsize); 59 | 60 | /* Too little space for wordsize bytes? */ 61 | if (next - cs->c_buf + wordsize > cs->c_len) 62 | return 0; 63 | 64 | return next; 65 | } 66 | 67 | int 68 | cpack_init(struct cpack_state *cs, u_int8_t *buf, size_t buflen) 69 | { 70 | memset(cs, 0, sizeof(*cs)); 71 | 72 | cs->c_buf = buf; 73 | cs->c_len = buflen; 74 | cs->c_next = cs->c_buf; 75 | 76 | return 0; 77 | } 78 | 79 | /* Unpack a 64-bit unsigned integer. */ 80 | int 81 | cpack_uint64(struct cpack_state *cs, u_int64_t *u) 82 | { 83 | u_int8_t *next; 84 | 85 | if ((next = cpack_align_and_reserve(cs, sizeof(*u))) == NULL) 86 | return -1; 87 | 88 | *u = EXTRACT_LE_64BITS(next); 89 | 90 | /* Move pointer past the u_int64_t. */ 91 | cs->c_next = next + sizeof(*u); 92 | return 0; 93 | } 94 | 95 | /* Unpack a 32-bit unsigned integer. */ 96 | int 97 | cpack_uint32(struct cpack_state *cs, u_int32_t *u) 98 | { 99 | u_int8_t *next; 100 | 101 | if ((next = cpack_align_and_reserve(cs, sizeof(*u))) == NULL) 102 | return -1; 103 | 104 | *u = EXTRACT_LE_32BITS(next); 105 | 106 | /* Move pointer past the u_int32_t. */ 107 | cs->c_next = next + sizeof(*u); 108 | return 0; 109 | } 110 | 111 | /* Unpack a 16-bit unsigned integer. */ 112 | int 113 | cpack_uint16(struct cpack_state *cs, u_int16_t *u) 114 | { 115 | u_int8_t *next; 116 | 117 | if ((next = cpack_align_and_reserve(cs, sizeof(*u))) == NULL) 118 | return -1; 119 | 120 | *u = EXTRACT_LE_16BITS(next); 121 | 122 | /* Move pointer past the u_int16_t. */ 123 | cs->c_next = next + sizeof(*u); 124 | return 0; 125 | } 126 | 127 | /* Unpack an 8-bit unsigned integer. */ 128 | int 129 | cpack_uint8(struct cpack_state *cs, u_int8_t *u) 130 | { 131 | /* No space left? */ 132 | if ((size_t)(cs->c_next - cs->c_buf) >= cs->c_len) 133 | return -1; 134 | 135 | *u = *cs->c_next; 136 | 137 | /* Move pointer past the u_int8_t. */ 138 | cs->c_next++; 139 | return 0; 140 | } 141 | #endif 142 | -------------------------------------------------------------------------------- /src/wifipcap/sample.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "wifipcap.h" 3 | 4 | /* Demonstration of how to process pcap packets with a simple callback class */ 5 | 6 | class TestCB : public WifipcapCallbacks 7 | { 8 | public: 9 | TestCB(){} 10 | virtual ~TestCB(){}; 11 | virtual const char *name() {return "TestCB";} // override with your own name! 12 | virtual void PacketBegin(const WifiPacket &p, const u_char *pkt, size_t len, int origlen) { 13 | TimeVal t(p.header->ts); 14 | std::cout << &t << " {"; 15 | } 16 | virtual void PacketEnd(const WifiPacket &p ) { 17 | std::cout << "}" << std::endl; 18 | } 19 | 20 | virtual bool Check80211FCS(const WifiPacket &p ) { return true; } // please calculate FCS 21 | 22 | virtual void Handle80211DataFromAP(const WifiPacket &p, const mac_hdr_t *hdr, const u_char *rest, u_int len) { 23 | std::cout << "802.11 data:\t" 24 | << hdr->sa << " -> " 25 | << hdr->da << "\t" 26 | << len ; 27 | } 28 | virtual void Handle80211DataToAP(const WifiPacket &p, const mac_hdr_t *hdr, const u_char *rest, u_int len) 29 | { 30 | std::cout << "802.11 data:\t" 31 | << hdr->sa << " -> " 32 | << hdr->da << "\t" 33 | << len ; 34 | } 35 | 36 | 37 | virtual void Handle80211MgmtProbeRequest(const WifiPacket &p, const mgmt_header_t *hdr, const mgmt_body_t *body) { 38 | std::cout << "802.11 mgmt:\t" 39 | << hdr->sa << "\tprobe\t\"" 40 | << body->ssid.ssid << "\"" ; 41 | } 42 | 43 | virtual void Handle80211MgmtBeacon(const WifiPacket &p, const struct mgmt_header_t *hdr, const struct mgmt_body_t *body) { 44 | std::cout << "802.11 mgmt:\t" 45 | << hdr->sa << "\tbeacon\t\"" 46 | << body->ssid.ssid << "\"" ; 47 | } 48 | 49 | virtual void HandleTCP(const WifiPacket &p, const ip4_hdr_t *ip4h, const ip6_hdr_t *ip6h, const tcp_hdr_t *hdr, const u_char *options, int optlen, const u_char *rest, u_int len) { 50 | if (ip4h && hdr) 51 | std::cout << "tcp/ip: \t" 52 | << ip4h->src << ":" << hdr->sport << " -> " 53 | << ip4h->dst << ":" << hdr->dport 54 | << "\t" << ip4h->len ; 55 | else 56 | std::cout << "tcp/ip: \t" << "[truncated]" ; 57 | } 58 | 59 | virtual void HandleUDP(const WifiPacket &p, const ip4_hdr_t *ip4h, const ip6_hdr_t *ip6h, const udp_hdr_t *hdr, const u_char *rest, u_int len) { 60 | if (ip4h && hdr) 61 | std::cout << "udp/ip: \t" 62 | << ip4h->src << ":" << hdr->sport << " -> " 63 | << ip4h->dst << ":" << hdr->dport 64 | << "\t" << ip4h->len ; 65 | else 66 | std::cout << " " << "udp/ip: \t" << "[truncated]" ; 67 | } 68 | }; 69 | 70 | 71 | /** 72 | * usage: test 73 | */ 74 | int main(int argc, char **argv) 75 | { 76 | if (argc == 1) { 77 | pcap_if_t *alldevs; 78 | pcap_if_t *d; 79 | int i=0; 80 | char errbuf[PCAP_ERRBUF_SIZE]; 81 | 82 | /* Retrieve the device list from the local machine */ 83 | if (pcap_findalldevs(&alldevs, errbuf) == -1) { 84 | fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf); 85 | exit(1); 86 | } 87 | 88 | /* Print the list */ 89 | for(d= alldevs; d != NULL; d= d->next) { 90 | printf("%d. %s", ++i, d->name); 91 | if (d->description) 92 | printf(" (%s)\n", d->description); 93 | else 94 | printf(" (No description available)\n"); 95 | } 96 | 97 | if (i == 0) { 98 | printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); 99 | return 1; 100 | } 101 | 102 | /* We don't need any more the device list. Free it */ 103 | pcap_freealldevs(alldevs); 104 | return 1; 105 | } 106 | 107 | bool live = argc == 3 && atoi(argv[2]) == 1; 108 | Wifipcap *wcap = new Wifipcap(argv[1], live); 109 | wcap->Run(new TestCB()); 110 | return 0; 111 | } 112 | 113 | -------------------------------------------------------------------------------- /src/wifipcap/llc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1993, 1994, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that: (1) source code distributions 7 | * retain the above copyright notice and this paragraph in its entirety, (2) 8 | * distributions including binary code include the above copyright notice and 9 | * this paragraph in its entirety in the documentation or other materials 10 | * provided with the distribution, and (3) all advertising materials mentioning 11 | * features or use of this software display the following acknowledgement: 12 | * ``This product includes software developed by the University of California, 13 | * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 | * the University nor the names of its contributors may be used to endorse 15 | * or promote products derived from this software without specific prior 16 | * written permission. 17 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 | * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 | * 21 | * @(#) $Header: /home/cvs/wifitools/wifipcap/llc.h,v 1.1.1.1 2006/12/14 01:22:11 jpang Exp $ (LBL) 22 | */ 23 | 24 | /* 25 | * Definitions for information in the LLC header. 26 | */ 27 | 28 | #ifndef UNI_LLC_H 29 | #define UNI_LLC_H 30 | 31 | #define LLC_U_FMT 3 32 | #define LLC_GSAP 1 33 | #define LLC_IG 1 /* Individual / Group */ 34 | #define LLC_S_FMT 1 35 | 36 | #define LLC_U_POLL 0x10 37 | #define LLC_IS_POLL 0x0100 38 | #define LLC_XID_FI 0x81 39 | 40 | #define LLC_U_CMD(u) ((u) & 0xef) 41 | #define LLC_UI 0x03 42 | #define LLC_UA 0x63 43 | #define LLC_DISC 0x43 44 | #define LLC_DM 0x0f 45 | #define LLC_SABME 0x6f 46 | #define LLC_TEST 0xe3 47 | #define LLC_XID 0xaf 48 | #define LLC_FRMR 0x87 49 | 50 | #define LLC_S_CMD(is) (((is) >> 2) & 0x03) 51 | #define LLC_RR 0x0001 52 | #define LLC_RNR 0x0005 53 | #define LLC_REJ 0x0009 54 | 55 | #define LLC_IS_NR(is) (((is) >> 9) & 0x7f) 56 | #define LLC_I_NS(is) (((is) >> 1) & 0x7f) 57 | 58 | #ifndef LLCSAP_NULL 59 | #define LLCSAP_NULL 0x00 60 | #endif 61 | #ifndef LLCSAP_GLOBAL 62 | #define LLCSAP_GLOBAL 0xff 63 | #endif 64 | #ifndef LLCSAP_8021B_I 65 | #define LLCSAP_8021B_I 0x02 66 | #endif 67 | #ifndef LLCSAP_8021B_G 68 | #define LLCSAP_8021B_G 0x03 69 | #endif 70 | #ifndef LLCSAP_SNA 71 | #define LLCSAP_SNA 0x04 72 | #endif 73 | #ifndef LLCSAP_IP 74 | #define LLCSAP_IP 0x06 75 | #endif 76 | #ifndef LLCSAP_PROWAYNM 77 | #define LLCSAP_PROWAYNM 0x0e 78 | #endif 79 | #ifndef LLCSAP_8021D 80 | #define LLCSAP_8021D 0x42 81 | #endif 82 | #ifndef LLCSAP_RS511 83 | #define LLCSAP_RS511 0x4e 84 | #endif 85 | #ifndef LLCSAP_ISO8208 86 | #define LLCSAP_ISO8208 0x7e 87 | #endif 88 | #ifndef LLCSAP_PROWAY 89 | #define LLCSAP_PROWAY 0x8e 90 | #endif 91 | #ifndef LLCSAP_SNAP 92 | #define LLCSAP_SNAP 0xaa 93 | #endif 94 | #ifndef LLCSAP_IPX 95 | #define LLCSAP_IPX 0xe0 96 | #endif 97 | #ifndef LLCSAP_NETBEUI 98 | #define LLCSAP_NETBEUI 0xf0 99 | #endif 100 | #ifndef LLCSAP_ISONS 101 | #define LLCSAP_ISONS 0xfe 102 | #endif 103 | 104 | /* 105 | * PIDs for use with OUI_CISCO. 106 | */ 107 | #define PID_CISCO_CDP 0x2000 /* Cisco Discovery Protocol */ 108 | 109 | /* 110 | * PIDs for use with OUI_RFC2684. 111 | */ 112 | #define PID_RFC2684_ETH_FCS 0x0001 /* Ethernet, with FCS */ 113 | #define PID_RFC2684_ETH_NOFCS 0x0007 /* Ethernet, without FCS */ 114 | #define PID_RFC2684_802_4_FCS 0x0002 /* 802.4, with FCS */ 115 | #define PID_RFC2684_802_4_NOFCS 0x0008 /* 802.4, without FCS */ 116 | #define PID_RFC2684_802_5_FCS 0x0003 /* 802.5, with FCS */ 117 | #define PID_RFC2684_802_5_NOFCS 0x0009 /* 802.5, without FCS */ 118 | #define PID_RFC2684_FDDI_FCS 0x0004 /* FDDI, with FCS */ 119 | #define PID_RFC2684_FDDI_NOFCS 0x000a /* FDDI, without FCS */ 120 | #define PID_RFC2684_802_6_FCS 0x0005 /* 802.6, with FCS */ 121 | #define PID_RFC2684_802_6_NOFCS 0x000b /* 802.6, without FCS */ 122 | #define PID_RFC2684_BPDU 0x000e /* BPDUs */ 123 | 124 | /* Jeff: endian-fixed llc/snap header + ethernet type */ 125 | struct llc_hdr_t { 126 | uint8_t dsap; 127 | uint8_t ssap; 128 | uint8_t control; 129 | uint16_t oui; 130 | uint16_t type; 131 | }; 132 | #endif 133 | --------------------------------------------------------------------------------