├── INSTALL ├── src ├── tests │ ├── CMakeLists.txt │ ├── vermonttest │ │ ├── VermontTest.h │ │ ├── exp_output │ │ │ ├── pcap_export │ │ │ ├── connectionfilter │ │ │ └── state_connectionfilter │ │ ├── data │ │ │ └── connectionfiltertest.pcap │ │ ├── testpackets │ │ │ ├── incorrect_message_length.ipfix │ │ │ ├── two_correct_data_templates.ipfix │ │ │ ├── template_set_length_too_small.ipfix │ │ │ ├── correct_withdraw_all_templates.ipfix │ │ │ ├── two_correct_templates_in_one_set.ipfix │ │ │ ├── template_record_field_number_too_big.ipfix │ │ │ ├── two_correct_data_templates_withdrawals.ipfix │ │ │ ├── correct_variable_length_template_and_data.ipfix │ │ │ ├── template_set_length_exceeds_message_boundary.ipfix │ │ │ ├── README │ │ │ ├── correct_data_template_with_variable_length_fixed_data.ipfix │ │ │ └── variable_length_template_and_data_exceeding_message_boundary.ipfix │ │ ├── test_concentrator.h │ │ ├── BloomFilterTest.h │ │ ├── ConnectionFilterTest.h │ │ ├── PrinterModule.cpp │ │ ├── TestSuiteBase.cpp │ │ ├── ConfigTester.h │ │ ├── CounterDestination.h │ │ ├── test_configs │ │ │ ├── pcap_export │ │ │ ├── state_connectionfilter │ │ │ └── connectionfilter │ │ ├── ReconfTest.h │ │ ├── PrinterModule.h │ │ ├── TestSuiteBase.h │ │ ├── VermontTest.cpp │ │ ├── TestQueue.h │ │ └── AggregationPerfTest.h │ └── ipfixlolib │ │ ├── init_deinit.c │ │ └── CMakeLists.txt ├── CMakeLists.txt ├── common │ ├── anon │ │ ├── README │ │ ├── CrpytoPanInfoElements.h │ │ ├── CMakeLists.txt │ │ ├── AnonIdentity.cpp │ │ ├── AnonIdentity.h │ │ ├── AnonShuffle.h │ │ ├── AnonShorten.cpp │ │ ├── AnonContinuousChar.cpp │ │ ├── AnonBroadcastHandler.h │ │ ├── AnonRandomize.h │ │ ├── AnonShorten.h │ │ ├── AnonBytewiseHashSha1.h │ │ ├── AnonConstOverwrite.cpp │ │ ├── AnonBytewise.h │ │ ├── AnonBytewiseHashHmacSha1.h │ │ ├── AnonConstOverwrite.h │ │ ├── RandomNumberGenerator.h │ │ ├── AnonContinuousChar.h │ │ ├── AnonHashSha1.h │ │ ├── AnonWhitenoise.h │ │ ├── AnonCryptoPan.h │ │ ├── AnonBytewise.cpp │ │ ├── AnonRandomize.cpp │ │ ├── AnonBytewiseHashSha1.cpp │ │ ├── AnonHashHmacSha1.h │ │ ├── AnonShuffle.cpp │ │ ├── AnonBytewiseHashHmacSha1.cpp │ │ ├── AnonPrimitive.cpp │ │ └── AnonCryptoPan.cpp │ ├── ipfixlolib │ │ ├── Makefile.am │ │ ├── TODO │ │ ├── ipfixlolib_config.h │ │ ├── ipfixlolib_private.h │ │ ├── ipfixlolib_dtls_private.h │ │ ├── CMakeLists.txt │ │ └── ipfix_names.h │ ├── Makefile.am │ ├── Misc.cpp │ ├── hmacsha1 │ │ ├── sha1_hmac.h │ │ └── sha1.h │ ├── VermontControl.h │ ├── SignalInterface.h │ ├── VermontControl.cpp │ ├── cryptopan │ │ └── panonymizer.h │ ├── atomic_lock.h │ ├── openssl │ │ └── OpenSSL.h │ ├── CountingSemaphore.h │ ├── SignalHandler.h │ └── CMakeLists.txt ├── osdep │ ├── linux │ │ ├── sysinfo.h │ │ ├── version.h │ │ ├── version.c │ │ └── ThreadCPUInterface.h │ ├── osx │ │ ├── sem_timedwait.h │ │ └── sem_timedwait.cpp │ └── CMakeLists.txt ├── core │ ├── CfgNode.cpp │ ├── Node.cpp │ ├── GraphInstanceSupplier.cpp │ ├── CfgNode.h │ ├── CMakeLists.txt │ ├── XMLTextNode.cpp │ ├── XMLAttribute.cpp │ ├── MainSignalHandler.h │ ├── Node.h │ ├── GraphInstanceSupplier.h │ ├── XMLElement.h │ ├── XMLAttribute.h │ ├── Emitable.h │ ├── Edge.h │ ├── XMLDocument.h │ ├── XMLElement.cpp │ ├── Destination.h │ ├── Connector.h │ ├── Module.cpp │ ├── Notifiable.h │ └── ThreadSafeAdapter.h └── modules │ ├── packet │ ├── Packet.cpp │ ├── filter │ │ ├── PayloadFilter.h │ │ ├── PayloadFilter.cpp │ │ ├── AnonFilter.h │ │ ├── HostFilter.h │ │ ├── RegExFilter.cpp │ │ ├── SystematicSampler.cpp │ │ ├── PacketProcessor.h │ │ ├── FilterModule.h │ │ ├── StateConnectionFilter.h │ │ ├── StringFilter.h │ │ └── RegExFilter.h │ ├── PCAPExporterBase.h │ ├── PacketReportingCfg.h │ ├── PCAPExporterFileCfg.h │ ├── PCAPExporterBase.cpp │ └── PCAPExporterFile.h │ ├── analysis │ ├── autofocus_iprecord.h │ ├── AutoFocusCfg.h │ ├── fpsigmatcher │ │ └── Utils.h │ ├── TRWPortscanDetectorCfg.h │ ├── P2PDetectorCfg.h │ ├── RBSWormDetectorCfg.h │ ├── Host.h │ ├── FlowLenAnalyzerCfg.h │ ├── FrontPayloadSigMatcherCfg.h │ └── FlowLenAnalyzer.h │ ├── idmef │ ├── IDMEFExporterCfg.h │ ├── PacketIDMEFReporterCfg.h │ ├── PacketIDMEFReporter.h │ └── IDMEFExporterCfg.cpp │ ├── ipfix │ ├── IpfixRecordSender.h │ ├── aggregator │ │ ├── PacketAggregatorCfg.h │ │ ├── IpfixAggregatorCfg.h │ │ ├── AggregatorBaseCfg.h │ │ └── IpfixAggregator.hpp │ ├── FpaPacketGeneratorCfg.h │ ├── IpfixPrinterCfg.h │ ├── IpfixSamplerCfg.h │ ├── FpaPcapExporterCfg.h │ ├── IpfixNetflowExporterCfg.h │ ├── IpfixRawdirWriter.hpp │ ├── IpfixSampler.h │ ├── NetflowV9ConverterCfg.hpp │ ├── IpfixReceiverFileCfg.h │ ├── IpfixReceiverUdpIpV4.hpp │ └── IpfixRecordAnonymizer.h │ └── AnonymizerCfg.h ├── configs ├── mongo │ ├── test.pcap │ └── test.sh ├── oracle │ ├── oracletest.pcap │ ├── prepare_oracle.sh │ └── test.sh ├── signatures │ ├── HTTP │ └── signature_with_SIGNATUREID ├── udp_printer.xml ├── sctp_printer.xml ├── interop │ ├── sctp_collector.xml │ ├── simple_udp_collector.xml │ ├── filereader_to_printer.xml │ ├── file_udp_export.xml │ └── file_sctp_export.xml ├── analysis │ └── signature-detection.xml ├── pcapexport.xml ├── anonymize │ ├── payloaddrop.xml │ ├── record_anonym.xml │ ├── packet_anonym.xml │ └── dbanon.xml ├── dtls │ └── dtls_printer.xml ├── netflow │ └── netflow-converter.xml ├── filter │ ├── statefilter.xml │ └── connfilter.xml ├── file │ └── filereader.xml ├── idmef_templates │ ├── rbsdetector_template.xml │ ├── datafilter_template.xml │ ├── trwportscan_template.xml │ ├── trwportscan_example.xml │ └── p2pdetector_template.xml ├── psamp-export.xml └── flowinspector │ └── flowinspector_exporter.xml ├── .gitmodules ├── dev ├── playbook.yml ├── Vagrantfile ├── README.md └── roles │ └── base │ └── tasks │ └── main.yml ├── docs ├── ipfixlolib │ └── README.ipfixlolib └── README ├── cmake └── modules │ ├── Findcppcheck.cpp │ ├── FindGSL.cmake │ ├── FindSctp.cmake │ └── FindRedis.cmake ├── tools └── iana_ipfix_parser │ └── ipfix-information-element-data-types.csv └── .gitignore /INSTALL: -------------------------------------------------------------------------------- 1 | Installation instructions can be found in the README file. 2 | -------------------------------------------------------------------------------- /src/tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | SUBDIRS( 2 | vermonttest 3 | ipfixlolib 4 | ) 5 | -------------------------------------------------------------------------------- /configs/mongo/test.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/configs/mongo/test.pcap -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | SUBDIRS( 2 | osdep 3 | core 4 | common 5 | modules 6 | tests 7 | ) 8 | -------------------------------------------------------------------------------- /src/common/anon/README: -------------------------------------------------------------------------------- 1 | These files where imported from pktanon (http://www.tm.uka.de/pktanon) 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "docs/wiki"] 2 | path = docs/wiki 3 | url = git://github.com/tumi8/vermont.wiki.git 4 | -------------------------------------------------------------------------------- /configs/oracle/oracletest.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/configs/oracle/oracletest.pcap -------------------------------------------------------------------------------- /dev/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | become_user: root 4 | become: true 5 | roles: 6 | - base 7 | -------------------------------------------------------------------------------- /docs/ipfixlolib/README.ipfixlolib: -------------------------------------------------------------------------------- 1 | example programs using ipfixlolib can be found in 2 | src/tests/ipfixlolib 3 | -------------------------------------------------------------------------------- /src/tests/vermonttest/VermontTest.h: -------------------------------------------------------------------------------- 1 | #if !defined(VERMONTTEST_H) 2 | #define VERMONTTEST_H 3 | 4 | 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /src/osdep/linux/sysinfo.h: -------------------------------------------------------------------------------- 1 | #ifndef SYSINFO_H_ 2 | #define SYSINFO_H_ 3 | 4 | 5 | unsigned long long getHertzValue(); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /src/tests/vermonttest/exp_output/pcap_export: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/exp_output/pcap_export -------------------------------------------------------------------------------- /configs/signatures/HTTP: -------------------------------------------------------------------------------- 1 | TOKEN 2 | HTTP 3 | SUPPORT 4 | 0.50000 5 | TOKEN 6 | GET 7 | SUPPORT 8 | 0.50000 9 | THRESHOLD 10 | 1.0 11 | -------------------------------------------------------------------------------- /src/tests/vermonttest/exp_output/connectionfilter: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/exp_output/connectionfilter -------------------------------------------------------------------------------- /src/tests/vermonttest/data/connectionfiltertest.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/data/connectionfiltertest.pcap -------------------------------------------------------------------------------- /src/tests/vermonttest/exp_output/state_connectionfilter: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/exp_output/state_connectionfilter -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/incorrect_message_length.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/incorrect_message_length.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/two_correct_data_templates.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/two_correct_data_templates.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/template_set_length_too_small.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/template_set_length_too_small.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/correct_withdraw_all_templates.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/correct_withdraw_all_templates.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/two_correct_templates_in_one_set.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/two_correct_templates_in_one_set.ipfix -------------------------------------------------------------------------------- /configs/signatures/signature_with_SIGNATUREID: -------------------------------------------------------------------------------- 1 | SIGNATUREID 2 | HTTP reply 3 | TOKEN 4 | HTTP 5 | SUPPORT 6 | 0.50000 7 | TOKEN 8 | 200 OK 9 | SUPPORT 10 | 0.50000 11 | THRESHOLD 12 | 1.0 13 | -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/template_record_field_number_too_big.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/template_record_field_number_too_big.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/two_correct_data_templates_withdrawals.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/two_correct_data_templates_withdrawals.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/correct_variable_length_template_and_data.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/correct_variable_length_template_and_data.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/template_set_length_exceeds_message_boundary.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/template_set_length_exceeds_message_boundary.ipfix -------------------------------------------------------------------------------- /src/common/ipfixlolib/Makefile.am: -------------------------------------------------------------------------------- 1 | noinst_LIBRARIES=libipfixlo.a 2 | 3 | libipfixlo_a_SOURCES=encoding.c encoding.h ipfixlolib.c ipfixlolib.h ipfix_names.c ipfix_names.h 4 | 5 | AM_CFLAGS=-I$(top_srcdir) -Wall -Werror 6 | -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/README: -------------------------------------------------------------------------------- 1 | IPFIX Test Packets 2 | ================= 3 | 4 | Use netcat (nc) to send them to the UDP (test) collector. 5 | 6 | Use hex editor (e.g., ghex) to conveniently create your own packets. 7 | 8 | -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/correct_data_template_with_variable_length_fixed_data.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/correct_data_template_with_variable_length_fixed_data.ipfix -------------------------------------------------------------------------------- /src/tests/vermonttest/testpackets/variable_length_template_and_data_exceeding_message_boundary.ipfix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tumi8/vermont/HEAD/src/tests/vermonttest/testpackets/variable_length_template_and_data_exceeding_message_boundary.ipfix -------------------------------------------------------------------------------- /configs/udp_printer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | UDP 5 | 6 | 2 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/common/Makefile.am: -------------------------------------------------------------------------------- 1 | noinst_LIBRARIES=libcommon.a 2 | 3 | libcommon_a_SOURCES=\ 4 | TimeoutSemaphore.h TimeoutSemaphore.cpp \ 5 | CountingSemaphore.h CountingSemaphore.cpp \ 6 | msg.h msg.cc \ 7 | StatisticsManager.h StatisticsManager.cpp 8 | 9 | AM_CXXFLAGS=-Wall -Werror 10 | -------------------------------------------------------------------------------- /src/core/CfgNode.cpp: -------------------------------------------------------------------------------- 1 | #include "CfgNode.h" 2 | 3 | CfgNode::CfgNode(Graph* g, unsigned int id) 4 | : Node(g, id), cfg(NULL) 5 | { 6 | } 7 | 8 | CfgNode::~CfgNode() 9 | { 10 | if (cfg) 11 | delete cfg; 12 | } 13 | 14 | void CfgNode::setCfg(Cfg* config) 15 | { 16 | cfg = config; 17 | } 18 | -------------------------------------------------------------------------------- /configs/sctp_printer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | SCTP 5 | 4433 6 | 7 | 2 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /configs/interop/sctp_collector.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | SCTP 5 | 4433 6 | 7 | 2 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/tests/vermonttest/test_concentrator.h: -------------------------------------------------------------------------------- 1 | #if !defined(TESTCONCENTRATOR_H) 2 | #define TESTCONCENTRATOR_H 3 | 4 | #include "TestSuiteBase.h" 5 | 6 | class ConcentratorTestSuite : public Test 7 | { 8 | public: 9 | ConcentratorTestSuite(); 10 | 11 | virtual TestResult execTest(); 12 | }; 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /src/core/Node.cpp: -------------------------------------------------------------------------------- 1 | #include "Node.h" 2 | #include "Graph.h" 3 | 4 | #include 5 | 6 | Node::Node(Graph *g, unsigned int id) : graph(g), id(id) { } 7 | 8 | Node::~Node() { } 9 | 10 | unsigned int Node::getID() 11 | { 12 | return id; 13 | } 14 | 15 | void Node::setID(unsigned int id) 16 | { 17 | this->id = id; 18 | } 19 | -------------------------------------------------------------------------------- /src/core/GraphInstanceSupplier.cpp: -------------------------------------------------------------------------------- 1 | #include "GraphInstanceSupplier.h" 2 | 3 | 4 | 5 | void GraphInstanceSupplier::lockGraph() 6 | { 7 | mutex.lock(); 8 | } 9 | 10 | void GraphInstanceSupplier::unlockGraph() 11 | { 12 | mutex.unlock(); 13 | } 14 | 15 | bool GraphInstanceSupplier::tryLockGraph() 16 | { 17 | return mutex.try_lock(); 18 | } 19 | -------------------------------------------------------------------------------- /cmake/modules/Findcppcheck.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file Findcppcheck.cpp 3 | * \brief Dummy C++ source file used by CMake module Findcppcheck.cmake 4 | * 5 | * \author 6 | * Ryan Pavlik, 2009-2010 7 | * 8 | * http://academic.cleardefinition.com/ 9 | * 10 | */ 11 | 12 | 13 | 14 | int main(int argc, char* argv[]) { 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /src/common/Misc.cpp: -------------------------------------------------------------------------------- 1 | #include "Misc.h" 2 | 3 | #ifndef _GNU_SOURCE 4 | size_t strnlen(const char* s, size_t maxlen) 5 | { 6 | size_t len = 0; 7 | if (maxlen == 0 || !s) { 8 | return 0; 9 | } 10 | 11 | do { 12 | len++; 13 | if (len == maxlen) { 14 | return maxlen; 15 | } 16 | s++; 17 | } while (!s); 18 | 19 | return len; 20 | } 21 | #endif 22 | 23 | -------------------------------------------------------------------------------- /src/tests/vermonttest/BloomFilterTest.h: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONNECTION_FILTER 2 | 3 | #ifndef _BLOOMFILTER_TEST_H_ 4 | #define _BLOOMFILTER_TEST_H_ 5 | 6 | #include "TestSuiteBase.h" 7 | 8 | class BloomFilterTestSuite : public Test 9 | { 10 | public: 11 | BloomFilterTestSuite(); 12 | virtual TestResult execTest(); 13 | }; 14 | 15 | 16 | #endif 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/TODO: -------------------------------------------------------------------------------- 1 | -careful mem-freeing in deinit_exporter() 2 | -free all memory, also from templates, ... 3 | 4 | -decide endianess and make htonll/ntoll in encoding.c a noop, 5 | if big-endian machine 6 | -get info from autoconf OR via ?? 7 | 8 | -make API _strictly_ host byte order; automatically convert for internal use 9 | where necessary 10 | 11 | -------------------------------------------------------------------------------- /src/core/CfgNode.h: -------------------------------------------------------------------------------- 1 | #ifndef CFGNODE_H_ 2 | #define CFGNODE_H_ 3 | 4 | #include "Cfg.h" 5 | #include "Node.h" 6 | 7 | class CfgNode 8 | : public Node 9 | { 10 | public: 11 | CfgNode(Graph* g, unsigned int id); 12 | virtual ~CfgNode(); 13 | 14 | void setCfg(Cfg*); 15 | Cfg* getCfg() { return cfg; } 16 | private: 17 | Cfg* cfg; 18 | }; 19 | 20 | #endif /*CFGNODE_H_*/ 21 | -------------------------------------------------------------------------------- /src/core/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ADD_LIBRARY(core 2 | Cfg.cpp 3 | CfgNode.cpp 4 | Connector.cpp 5 | Graph.cpp 6 | GraphInstanceSupplier.cpp 7 | MainSignalHandler.cpp 8 | Module.cpp 9 | SensorManager.cpp 10 | Node.cpp 11 | XMLAttribute.cpp 12 | XMLElement.cpp 13 | XMLDocument.cpp 14 | XMLNode.cpp 15 | XMLTextNode.cpp 16 | ) 17 | 18 | add_cppcheck(core STYLE POSSIBLE_ERROR) 19 | -------------------------------------------------------------------------------- /src/tests/vermonttest/ConnectionFilterTest.h: -------------------------------------------------------------------------------- 1 | #ifdef HAVE_CONNECTION_FILTER 2 | 3 | #ifndef _CONNECTION_FILTER_TEST_H_ 4 | #define _CONNECTION_FILTER_TEST_H_ 5 | 6 | #include "TestSuiteBase.h" 7 | 8 | class ConnectionFilterTestSuite : public Test 9 | { 10 | public: 11 | ConnectionFilterTestSuite(); 12 | virtual TestResult execTest(); 13 | }; 14 | 15 | #endif 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /configs/interop/simple_udp_collector.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | SCTP 5 | 4711 6 | 7 | 2 8 | 9 | 10 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /docs/README: -------------------------------------------------------------------------------- 1 | wiki/ModuleConfiguration.md contains Vermont's module configuration in 2 | the Markdown Markup language. 3 | 4 | Update this page whenever you make any changes to the configuration 5 | subsystem of vermont. The directory wiki is a git submodule that 6 | points directly to the wiki on the website, so you do not have to 7 | update both places. 8 | 9 | 10 | Lothar Braun, 20.02.2012 11 | -------------------------------------------------------------------------------- /configs/analysis/signature-detection.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | UDP 6 | 1500 7 | 8 | 5 9 | 10 | 11 | 12 | ./configs/signatures 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/ipfixlolib_config.h: -------------------------------------------------------------------------------- 1 | #ifndef IPFIXLOLIB_CONFIG_H 2 | #define IPFIXLOLIB_CONFIG_H 3 | 4 | #include 5 | 6 | typedef struct { 7 | uint16_t mtu; /*!< Maximum transmission unit (MTU). 8 | If set to 0, PMTU discovery will be used. 9 | (Only available on the Linux platform) 10 | Applies to UDP and DTLS over UDP only. */ 11 | } ipfix_aux_config_udp; 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/common/hmacsha1/sha1_hmac.h: -------------------------------------------------------------------------------- 1 | #ifndef __SHA1_HMAC_H 2 | #define __SHA1_HMAC_H 3 | 4 | namespace HmacSha1 { 5 | 6 | void sha1_hmac (char *dest, char *key, size_t klen, char *text, size_t tlen); 7 | void sha1_hmac_96 (char *dest, char *key, size_t klen, char *text, size_t tlen); 8 | 9 | #define SHA1HMAC_LEN 20 10 | #define SHA1HMAC96_LEN 12 11 | 12 | } // namespace HmacSha1 13 | 14 | #endif // __SHA1_HMAC_H 15 | -------------------------------------------------------------------------------- /src/common/anon/CrpytoPanInfoElements.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTOPANINFOELEMENTS_H_ 2 | #define _CRYPTOPANINFOELEMENTS_H_ 3 | 4 | 5 | #include 6 | #include 7 | 8 | 9 | typedef struct { 10 | std::string fromNet; 11 | std::string toNet; 12 | std::string cidr; 13 | } map_info; 14 | 15 | typedef struct { 16 | uint32_t fromNet; 17 | uint32_t toNet; 18 | uint8_t cidr; 19 | } cpan_net_info; 20 | 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /src/tests/vermonttest/PrinterModule.cpp: -------------------------------------------------------------------------------- 1 | #include "PrinterModule.h" 2 | 3 | PrinterModule::~PrinterModule() 4 | { 5 | printf("PrinterModule received %u packets!\n", count); 6 | } 7 | 8 | void PrinterModule::receive(Packet* p) 9 | { 10 | if (do_print) 11 | msg(LOG_CRIT, "%s: packet %lu received", prefix.c_str(), p->totalPacketsReceived); 12 | count++; 13 | 14 | if (isEndPoint) { 15 | p->removeReference(); 16 | } else 17 | send(p); 18 | } 19 | -------------------------------------------------------------------------------- /configs/pcapexport.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | nfe0 4 | ip 5 | 128 6 | 2 7 | 8 | 9 | 10 | 10 11 | 3 12 | 13 | 14 | 15 | vermont.pcap 16 | 128 17 | 18 | 19 | -------------------------------------------------------------------------------- /src/core/XMLTextNode.cpp: -------------------------------------------------------------------------------- 1 | #include "XMLNode.h" 2 | 3 | XMLTextNode::XMLTextNode(xmlNodePtr ptr) 4 | : XMLNode(ptr) 5 | { 6 | } 7 | 8 | XMLTextNode::~XMLTextNode() 9 | { 10 | } 11 | 12 | const std::string XMLTextNode::getContent() const 13 | { 14 | const char* content = (const char*)cobj()->content; 15 | if (!content) 16 | return ""; 17 | 18 | return content; 19 | } 20 | 21 | bool XMLTextNode::isBlank() const 22 | { 23 | return xmlIsBlankNode(cobj()); 24 | } 25 | -------------------------------------------------------------------------------- /src/osdep/osx/sem_timedwait.h: -------------------------------------------------------------------------------- 1 | #ifndef __OSX_SEM_TIMEDWAIT_H_ 2 | #define __OSX_SEM_TIMEDWAIT_H_ 3 | 4 | #ifdef __APPLE__ 5 | 6 | // Mac OS X does not have a working implementation of sem_init, sem_timedwait, ... 7 | // use Mach semaphores instead 8 | #include 9 | #include 10 | #include 11 | 12 | // Mac OS X timedwait wrapper 13 | int sem_timedwait_mach(semaphore_t* sem, long timeout_ms); 14 | 15 | #endif 16 | #endif 17 | -------------------------------------------------------------------------------- /src/tests/vermonttest/TestSuiteBase.cpp: -------------------------------------------------------------------------------- 1 | #include "TestSuiteBase.h" 2 | 3 | 4 | Test::~Test() 5 | { 6 | } 7 | 8 | TestSuite::TestSuite() 9 | { 10 | 11 | } 12 | 13 | TestSuite::~TestSuite() 14 | { 15 | for (unsigned i = 0; i != tests.size(); ++i) { 16 | delete tests[i]; 17 | } 18 | } 19 | 20 | void TestSuite::add(Test* t) 21 | { 22 | tests.push_back(t); 23 | } 24 | 25 | void TestSuite::run() 26 | { 27 | for (unsigned i = 0; i != tests.size(); ++i) { 28 | tests[i]->execTest(); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/modules/packet/Packet.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * PSAMP Reference Implementation 3 | * 4 | * Packet.cpp 5 | * 6 | * Encapsulates a captured packet with simple, thread-aware 7 | * reference-(usage-) counting. 8 | * 9 | * Author: Michael Drueing 10 | * 11 | */ 12 | 13 | /* 14 | changed by: Ronny T. Lampert, 2005, for VERMONT 15 | */ 16 | 17 | #include "Packet.h" 18 | 19 | 20 | // keeps track on how many packets we received until now 21 | unsigned long Packet::totalPacketsReceived = 0; 22 | -------------------------------------------------------------------------------- /src/common/anon/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ADD_LIBRARY(anon 2 | AnonModule.cpp 3 | RandomNumberGenerator.cpp 4 | AnonBroadcastHandler.cpp 5 | AnonBytewise.cpp 6 | AnonBytewiseHashHmacSha1.cpp 7 | AnonBytewiseHashSha1.cpp 8 | AnonConstOverwrite.cpp 9 | AnonContinuousChar.cpp 10 | AnonCryptoPan.cpp 11 | AnonCryptoPanPrefix.cpp 12 | AnonHashHmacSha1.cpp 13 | AnonHashSha1.cpp 14 | AnonIdentity.cpp 15 | AnonPrimitive.cpp 16 | AnonRandomize.cpp 17 | AnonShorten.cpp 18 | AnonShuffle.cpp 19 | AnonWhitenoise.cpp 20 | ) 21 | 22 | -------------------------------------------------------------------------------- /configs/interop/filereader_to_printer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1 4 | 5 | 6 | 7 | /home/phil/Documents/ipfixdata 8 | test 9 | true 10 | 15 11 | 5 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /configs/anonymize/payloaddrop.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | nfe0 4 | ip 5 | 128 6 | 2 7 | 8 | 9 | 10 | 11 | 3 12 | 13 | 14 | 15 | 10 16 | 4 17 | 18 | 19 | 20 | vermont.pcap 21 | 128 22 | 23 | 24 | -------------------------------------------------------------------------------- /src/tests/vermonttest/ConfigTester.h: -------------------------------------------------------------------------------- 1 | #ifndef _CONFIG_TESTER_H_ 2 | #define _CONFIG_TESTER_H_ 3 | 4 | #include "TestSuiteBase.h" 5 | 6 | #include 7 | #include 8 | 9 | class ConfigTester : public Test 10 | { 11 | public: 12 | ConfigTester(std::string config_dir); 13 | ~ConfigTester(); 14 | virtual TestResult execTest(); 15 | 16 | private: 17 | void test_Rules_parseProtoPattern(); 18 | void testConfig(const std::string& configFile); 19 | std::string config_dir; 20 | std::vector configFiles; 21 | }; 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /src/common/VermontControl.h: -------------------------------------------------------------------------------- 1 | #ifndef VERMONTCONTROL_H_ 2 | #define VERMONTCONTROL_H_ 3 | 4 | #ifdef __APPLE__ 5 | #include 6 | #else 7 | #include 8 | #endif 9 | 10 | #include "common/TimeoutSemaphore.h" 11 | 12 | extern bool run_program; 13 | extern bool reload_config; 14 | 15 | #ifdef __APPLE__ 16 | extern semaphore_t mainSemaphore; 17 | #else 18 | extern sem_t mainSemaphore; 19 | #endif 20 | extern TimeoutSemaphore timeoutsem; 21 | 22 | void initiateShutdown(); 23 | void wakeupMainThread(); 24 | 25 | #endif /*VERMONTCONTROL_H_*/ 26 | -------------------------------------------------------------------------------- /src/core/XMLAttribute.cpp: -------------------------------------------------------------------------------- 1 | #include "XMLAttribute.h" 2 | 3 | XMLAttribute::XMLAttribute(xmlNodePtr ptr) 4 | :XMLNode(ptr) 5 | { 6 | } 7 | 8 | XMLAttribute::~XMLAttribute() 9 | { 10 | } 11 | 12 | std::string XMLAttribute::getName() const 13 | { 14 | if (cobj()->name) 15 | return (const char*)cobj()->name; 16 | 17 | return ""; 18 | } 19 | 20 | std::string XMLAttribute::getValue() const 21 | { 22 | std::string ret; 23 | xmlChar *v = xmlGetProp(cobj()->parent, cobj()->name); 24 | ret = (v ? (const char*)v : ""); 25 | xmlFree(v); 26 | return ret; 27 | 28 | } 29 | 30 | 31 | -------------------------------------------------------------------------------- /src/common/SignalInterface.h: -------------------------------------------------------------------------------- 1 | #ifndef _SIGNALINTERFACE_ 2 | #define _SIGNALINTERFACE_ 3 | 4 | 5 | class SignalInterface 6 | { 7 | public: 8 | SignalInterface() {} 9 | virtual void handleSigAlrm(int sig) {} 10 | virtual void handleSigChld(int sig) {} 11 | virtual void handleSigHup(int sig) {} 12 | virtual void handleSigInt(int sig) {} 13 | virtual void handleSigPipe(int sig) {} 14 | virtual void handleSigQuit(int sig) {} 15 | virtual void handleSigTerm(int sig) {} 16 | virtual void handleSigUsr1(int sig) {} 17 | virtual void handleSigUsr2(int sig) {} 18 | }; 19 | #endif 20 | -------------------------------------------------------------------------------- /src/core/MainSignalHandler.h: -------------------------------------------------------------------------------- 1 | #ifndef _MAIN_SIGNAL_HANDLER 2 | #define _MAIN_SIGNAL_HANDLER 3 | 4 | #include "common/SignalInterface.h" 5 | #include "common/SignalHandler.h" 6 | 7 | #include "common/VermontControl.h" 8 | #include "modules/ConfigManager.hpp" 9 | 10 | class MainSignalHandler : public SignalInterface 11 | { 12 | 13 | public: 14 | MainSignalHandler(); 15 | virtual void handleSigUsr1(int x); 16 | virtual void handleSigInt(int x); 17 | virtual void handleSigTerm(int x); 18 | virtual void handleSigHup(int x); 19 | virtual void handleSigUsr2(int x); 20 | }; 21 | #endif 22 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/ipfixlolib_private.h: -------------------------------------------------------------------------------- 1 | #ifndef IPFIXLOLIB_PRIVATE_H 2 | #define IPFIXLOLIB_PRIVATE_H 3 | 4 | #include "ipfixlolib.h" 5 | #include "ipfixlolib_config.h" 6 | 7 | int enable_pmtu_discovery(int s); 8 | int update_collector_mtu(ipfix_exporter *exporter, ipfix_receiving_collector *col); 9 | void ipfix_update_header(ipfix_exporter *p_exporter, ipfix_receiving_collector *collector, ipfix_sendbuffer *sendbuf); 10 | void set_mtu_config(ipfix_receiving_collector *col, ipfix_aux_config_udp *aux_config_udp); 11 | void update_exporter_max_message_size(ipfix_exporter *exporter); 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/common/hmacsha1/sha1.h: -------------------------------------------------------------------------------- 1 | #ifndef __SHA1_H 2 | #define __SHA1_H 3 | 4 | #include 5 | 6 | namespace Sha1 { 7 | 8 | #define SHA1_DIGLEN 20 9 | 10 | typedef struct { 11 | uint32_t state[5]; 12 | uint32_t count[2]; 13 | unsigned char buffer[64]; 14 | } SHA1_CTX; 15 | 16 | void SHA1Transform (uint32_t state[5], unsigned char buffer[64]); 17 | void SHA1_Init (SHA1_CTX* context); 18 | void SHA1_Update (SHA1_CTX* context, unsigned char* data, unsigned int len); 19 | void SHA1_Final (unsigned char digest[20], SHA1_CTX* context); 20 | 21 | } // namespace Sha1 22 | 23 | #endif /* __SHA1_H */ 24 | 25 | -------------------------------------------------------------------------------- /dev/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.hostname = "vermont" 6 | config.vm.box = "debian/contrib-jessie64" 7 | config.vm.box_url = "https://app.vagrantup.com/debian/boxes/contrib-jessie64" 8 | config.vm.network "public_network" 9 | config.vm.synced_folder "../", "/vermont" 10 | 11 | config.vm.provision "shell", inline: "apt-get -y install python3" # For ansible to function 12 | config.vm.provision "ansible" do |ansible| 13 | ansible.playbook = "playbook.yml" 14 | ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3" } 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /configs/dtls/dtls_printer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | configs/example_certs/collector_cert.pem 4 | configs/example_certs/collector_key.pem 5 | configs/example_certs/vermontCA.pem 6 | /etc/ssl/certs 7 | 8 | 9 | DTLS_OVER_UDP 10 | 11 | 12 | 13 | 2 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /src/tests/vermonttest/CounterDestination.h: -------------------------------------------------------------------------------- 1 | #ifndef COUNTERDESTINATION_H 2 | #define COUNTERDESTINATION_H 3 | 4 | /** 5 | * class which counts incoming elements 6 | * used for tests where a chain of module is checked 7 | */ 8 | template 9 | class CounterDestination : public Destination 10 | { 11 | public: 12 | CounterDestination() : 13 | count(0) 14 | { 15 | } 16 | 17 | virtual void receive(T t) 18 | { 19 | t->removeReference(); 20 | count++; 21 | } 22 | 23 | unsigned int getCount() 24 | { 25 | return count; 26 | } 27 | 28 | void reset() 29 | { 30 | count = 0; 31 | } 32 | 33 | private: 34 | unsigned int count; 35 | }; 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /src/core/Node.h: -------------------------------------------------------------------------------- 1 | // 2 | // C++ Interface: node 3 | // 4 | // Description: 5 | // 6 | // 7 | // Author: Peter Baumann , (C) 2007 8 | // 9 | // Copyright: See COPYING file that comes with this distribution 10 | // 11 | // 12 | #ifndef NODE_H 13 | #define NODE_H 14 | 15 | /** 16 | @author Peter Baumann 17 | */ 18 | 19 | class Graph; 20 | 21 | class Node { 22 | friend class Graph; 23 | public: 24 | Node(Graph *g, unsigned int id); 25 | ~Node(); 26 | 27 | unsigned int getID(); 28 | 29 | 30 | protected: 31 | void setID(unsigned int); 32 | 33 | private: 34 | Graph *graph; 35 | unsigned int id; 36 | }; 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /configs/netflow/netflow-converter.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | UDP 5 | 3000 6 | 7 | 0 8 | 2 9 | 10 | 11 | 12 | true 13 | 3 14 | 15 | 16 | 17 | 1000 18 | 8 19 | 20 | 21 | 22 | tree 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /configs/interop/file_udp_export.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | /home/phil/Documents/ipfixdata 5 | test 6 | true 7 | 15 8 | 7 9 | 10 | 11 | 12 | 1 13 | 8 14 | 15 | 16 | 17 | 18 | 195.113.231.139 19 | UDP 20 | 4711 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /src/core/GraphInstanceSupplier.h: -------------------------------------------------------------------------------- 1 | #ifndef GRAPHINSTANCESUPPLIER_H_ 2 | #define GRAPHINSTANCESUPPLIER_H_ 3 | 4 | #include "Graph.h" 5 | 6 | #include "common/Mutex.h" 7 | 8 | 9 | /** 10 | * manages lock for module graph, as it is accessed by the main thread 11 | * and the SensorManager simultaneously 12 | * this interface is implemented by ConfigManager 13 | */ 14 | class GraphInstanceSupplier 15 | { 16 | public: 17 | virtual ~GraphInstanceSupplier() {} 18 | 19 | virtual void lockGraph(); 20 | virtual bool tryLockGraph(); 21 | virtual void unlockGraph(); 22 | virtual Graph* getGraph() = 0; 23 | 24 | private: 25 | Mutex mutex; 26 | }; 27 | 28 | #endif /*GRAPHINSTANCESUPPLIER_H_*/ 29 | -------------------------------------------------------------------------------- /src/core/XMLElement.h: -------------------------------------------------------------------------------- 1 | #ifndef XMLELEMENT_H_ 2 | #define XMLELEMENT_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "core/XMLNode.h" 8 | #include "core/XMLAttribute.h" 9 | 10 | #include 11 | #include 12 | 13 | class XMLAttribute; 14 | 15 | class XMLElement: public XMLNode 16 | { 17 | public: 18 | typedef std::vector XMLAttributeSet; 19 | 20 | XMLElement(xmlNodePtr ptr); 21 | virtual ~XMLElement(); 22 | 23 | XMLAttributeSet getAttributes(); 24 | XMLAttribute* getAttribute(const std::string& name); 25 | 26 | private: 27 | XMLAttributeSet getAttribHelper(const std::string&); 28 | }; 29 | 30 | #endif /*XMLNODE_H_*/ 31 | -------------------------------------------------------------------------------- /configs/interop/file_sctp_export.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | /home/phil/Documents/ipfixdata 5 | test 6 | true 7 | 15 8 | 7 9 | 10 | 11 | 12 | 1 13 | 8 14 | 15 | 16 | 17 | 18 | 195.113.231.139 19 | SCTP 20 | 4711 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /src/core/XMLAttribute.h: -------------------------------------------------------------------------------- 1 | #ifndef XMLATTRIBUTE_H_ 2 | #define XMLATTRIBUTE_H_ 3 | 4 | /** 5 | @author Peter Baumann 6 | */ 7 | 8 | #include "XMLNode.h" 9 | 10 | #include 11 | 12 | class XMLAttribute : public XMLNode 13 | { 14 | public: 15 | XMLAttribute(xmlNodePtr ptr); 16 | virtual ~XMLAttribute(); 17 | 18 | std::string getName() const; 19 | std::string getValue() const; 20 | 21 | protected: 22 | inline xmlAttrPtr cobj() 23 | { 24 | return reinterpret_cast(XMLNode::cobj()); 25 | } 26 | 27 | inline xmlAttrPtr cobj() const 28 | { 29 | return reinterpret_cast(XMLNode::cobj()); 30 | } 31 | }; 32 | 33 | #endif /*XMLATTRIBUTE_H_*/ 34 | -------------------------------------------------------------------------------- /dev/README.md: -------------------------------------------------------------------------------- 1 | # VERMONT VM 2 | 3 | This vagrant setup provides an entry point for directly testing vermont without 4 | further setup on a local machine. 5 | 6 | It creates a VM which automatically installs all necessary dependecies for 7 | vermont and builds the currently checked out version of it. 8 | The repository is available in the VM via /vermont 9 | 10 | ## Setup 11 | 12 | Install Vagrant and Ansible each with version >= 2.0. 13 | Then, in this folder 14 | 15 | ``` shell 16 | $ vagrant up 17 | ...wait... 18 | $ vagrant ssh 19 | # cd /vermont 20 | # ./vermont -f 21 | ``` 22 | ## Build Configuration 23 | 24 | The build process, its steps and parameters can be configured in 25 | roles/base/tasks/main.yml 26 | -------------------------------------------------------------------------------- /src/tests/vermonttest/test_configs/pcap_export: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2 4 | 5 | 6 | 7 | data/connectionfiltertest.pcap 8 | ip 9 | 1 10 | 0 11 | 65535 12 | 2 13 | 14 | 15 | 16 | 10 17 | 5 18 | 19 | 20 | 21 | gen_output/pcap_export 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /configs/filter/statefilter.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | sourcefile.pcap 4 | ip 5 | 65535 6 | -1 7 | 2 8 | 9 | 10 | 11 | 100 12 | 3 13 | 14 | 15 | 16 | 17 | 3 18 | 1000 19 | false 20 | 21 | 4 22 | 23 | 24 | 25 | statefilter.pcap 26 | 65535 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/common/VermontControl.cpp: -------------------------------------------------------------------------------- 1 | #include "VermontControl.h" 2 | 3 | #include "msg.h" 4 | 5 | bool run_program = true; 6 | bool reload_config = false; 7 | 8 | #ifdef __APPLE__ 9 | semaphore_t mainSemaphore; 10 | #else 11 | sem_t mainSemaphore; 12 | #endif 13 | TimeoutSemaphore timeoutsem; 14 | 15 | 16 | /** 17 | * initiates shutdown of Vermont 18 | */ 19 | void initiateShutdown() 20 | { 21 | run_program = false; 22 | wakeupMainThread(); 23 | } 24 | 25 | 26 | void wakeupMainThread() 27 | { 28 | #ifdef __APPLE__ 29 | if (semaphore_signal(mainSemaphore) != KERN_SUCCESS) THROWEXCEPTION("failed to execute sem_post"); 30 | #else 31 | if (sem_post(&mainSemaphore) == -1) THROWEXCEPTION("failed to execute sem_post"); 32 | #endif 33 | timeoutsem.post(); 34 | } 35 | -------------------------------------------------------------------------------- /src/core/Emitable.h: -------------------------------------------------------------------------------- 1 | #ifndef EMITABLE_H 2 | #define EMITABLE_H 3 | 4 | /** 5 | @author Peter Baumann 6 | */ 7 | class Emitable { 8 | public: 9 | virtual ~Emitable() { }; 10 | }; 11 | 12 | /* This class is here to mark Modules to be no Source/Destination 13 | * A module has to be from type Source and Destination, but e.g. Observer is _only_ 14 | * a Source and no Destination 15 | * So we derive Observer from Destination, and all our other wrapper classes 16 | * work as expected. 17 | */ 18 | class NullEmitable: public Emitable 19 | { 20 | public: 21 | NullEmitable(): Emitable() { }; 22 | 23 | inline void addReference(int count = 1) { }; 24 | inline void removeReference() { }; 25 | }; 26 | 27 | #endif 28 | 29 | -------------------------------------------------------------------------------- /cmake/modules/FindGSL.cmake: -------------------------------------------------------------------------------- 1 | #################################### Locate gsl 2 | FIND_PATH( 3 | GSL_INCLUDE_DIR 4 | gsl/gsl_cdf.h 5 | /usr/include/ /usr/include/gsl/ 6 | /use/local/include/ /usr/local/include/gsl/ 7 | ) 8 | 9 | FIND_LIBRARY( 10 | GSL_LIBRARY 11 | NAMES gsl 12 | PATHS /usr/lib /usr/local/lib 13 | PATH_SUFFIXES gsl 14 | ) 15 | 16 | FIND_LIBRARY( 17 | BLAS_LIBRARY 18 | NAMES gslcblas blas cblas 19 | PATHS /usr/lib /usr/local/lib 20 | PATH_SUFFIXES gsl blas cblas 21 | ) 22 | 23 | IF (GSL_LIBRARY AND BLAS_LIBRARY) 24 | SET(GSL_LIBRARIES ${GSL_LIBRARY} ${BLAS_LIBRARY}) 25 | ENDIF (GSL_LIBRARY AND BLAS_LIBRARY) 26 | 27 | IF (GSL_INCLUDE_DIR AND GSL_LIBRARIES) 28 | SET(GSL_FOUND TRUE) 29 | ENDIF (GSL_INCLUDE_DIR AND GSL_LIBRARIES) 30 | 31 | -------------------------------------------------------------------------------- /configs/filter/connfilter.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | sourcefile.pcap 4 | ip 5 | 1518 6 | 2 7 | 8 | 9 | 10 | 100 11 | 3 12 | 13 | 14 | 15 | 16 | 3 17 | 1000 18 | 1000 19 | 3 20 | false 21 | 22 | 4 23 | 24 | 25 | 26 | connfilter.pcap 27 | 1518 28 | 29 | 30 | -------------------------------------------------------------------------------- /src/tests/vermonttest/ReconfTest.h: -------------------------------------------------------------------------------- 1 | #ifndef RECONFTEST_H_ 2 | #define RECONFTEST_H_ 3 | 4 | 5 | #include "core/ConnectionQueue.h" 6 | #include "modules/packet/filter/FilterModule.h" 7 | #include "modules/ipfix/aggregator/IpfixAggregator.hpp" 8 | #include "core/InstanceManager.h" 9 | 10 | #include "TestSuiteBase.h" 11 | 12 | using boost::shared_ptr; 13 | 14 | class ReconfTest : public Test 15 | { 16 | public: 17 | ReconfTest(); 18 | ~ReconfTest(); 19 | 20 | virtual TestResult execTest(); 21 | private: 22 | void normalTest(); 23 | void splitterTest(); 24 | 25 | void setup(bool express); 26 | void sendPacketsTo(Destination* dest, size_t numpackets); 27 | void shutdown(); 28 | 29 | static InstanceManager packetManager; 30 | }; 31 | 32 | 33 | 34 | #endif /*RECONFTEST_H_*/ 35 | -------------------------------------------------------------------------------- /tools/iana_ipfix_parser/ipfix-information-element-data-types.csv: -------------------------------------------------------------------------------- 1 | Value,Description,Reference 2 | 0,octetArray,[RFC5102] 3 | 1,unsigned8,[RFC5102] 4 | 2,unsigned16,[RFC5102] 5 | 3,unsigned32,[RFC5102] 6 | 4,unsigned64,[RFC5102] 7 | 5,signed8,[RFC5102] 8 | 6,signed16,[RFC5102] 9 | 7,signed32,[RFC5102] 10 | 8,signed64,[RFC5102] 11 | 9,float32,[RFC5102] 12 | 10,float64,[RFC5102] 13 | 11,boolean,[RFC5102] 14 | 12,macAddress,[RFC5102] 15 | 13,string,[RFC5102] 16 | 14,dateTimeSeconds,[RFC5102] 17 | 15,dateTimeMilliseconds,[RFC5102] 18 | 16,dateTimeMicroseconds,[RFC5102] 19 | 17,dateTimeNanoseconds,[RFC5102] 20 | 18,ipv4Address,[RFC5102] 21 | 19,ipv6Address,[RFC5102] 22 | 20,basicList,[RFC6313] 23 | 21,subTemplateList,[RFC6313] 24 | 22,subTemplateMultiList,[RFC6313] 25 | 23-255,Unassigned, 26 | -------------------------------------------------------------------------------- /src/core/Edge.h: -------------------------------------------------------------------------------- 1 | // 2 | // C++ Interface: edge 3 | // 4 | // Description: 5 | // 6 | // 7 | // Author: Peter Baumann , (C) 2007 8 | // 9 | // Copyright: See COPYING file that comes with this distribution 10 | // 11 | // 12 | #ifndef EDGE_H 13 | #define EDGE_H 14 | 15 | 16 | /** 17 | @author Peter Baumann 18 | */ 19 | 20 | class Node; 21 | class Graph; 22 | 23 | 24 | class Edge { 25 | private: 26 | Graph* graph; 27 | unsigned int id; 28 | 29 | public: 30 | 31 | Edge(Graph* g, unsigned int id) : graph(g), id(id) { }; 32 | ~Edge() { } 33 | 34 | unsigned int getID() { return id; } 35 | 36 | inline Node* nodeA() 37 | { 38 | return graph->nodeA(this); 39 | } 40 | 41 | inline Node* NodeB() 42 | { 43 | return graph->nodeB(this); 44 | } 45 | }; 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /src/core/XMLDocument.h: -------------------------------------------------------------------------------- 1 | #ifndef XMLDOCUMENT_H_ 2 | #define XMLDOCUMENT_H_ 3 | 4 | #include "core/XMLElement.h" 5 | 6 | #include 7 | 8 | class XMLDocument 9 | { 10 | public: 11 | virtual ~XMLDocument(); 12 | 13 | /** create a XMLDocument 14 | * @return A pointer the XMLDocument representing the parsed file 15 | */ 16 | static XMLDocument* parse_file(const std::string& fileName); 17 | 18 | /** Return the root node. 19 | * @return A pointer to the root node if it exists, NULL otherwise. 20 | */ 21 | XMLElement* getRootNode() const; 22 | 23 | private: 24 | // hide the c'tor to create instances of this object only with parse_file 25 | XMLDocument(xmlDocPtr doc); 26 | 27 | xmlDocPtr xmlDocument; 28 | 29 | struct Initializer { 30 | Initializer(); 31 | }; 32 | 33 | static Initializer init; 34 | }; 35 | 36 | #endif /*XMLDOCUMENT_H_*/ 37 | -------------------------------------------------------------------------------- /src/modules/analysis/autofocus_iprecord.h: -------------------------------------------------------------------------------- 1 | #ifndef __autofocus_iprecord_h 2 | #define __autofocus_iprecord_h 3 | 4 | #include 5 | #include 6 | #include "autofocus_attribute.h" 7 | 8 | #define THRESHOLD 40 9 | 10 | class report; 11 | class af_attribute; 12 | 13 | /* 14 | * IPRecord Container 15 | * 16 | */ 17 | enum report_enum { payload_tcp, payload_udp, fanouts, fanins, packets_tcp, packets_udp, failed, simult, NUM_REPORTS }; 18 | 19 | 20 | typedef struct IPRecord { 21 | uint32_t subnetIP; 22 | uint32_t subnetBits; 23 | std::map m_attributes; 24 | }IPRecord; 25 | 26 | typedef struct treeNode { 27 | IPRecord data; 28 | uint32_t prio; 29 | treeNode* left; 30 | treeNode* right; 31 | }treeNode; 32 | 33 | typedef struct treeRecord { 34 | treeNode* root; 35 | std::list reports; 36 | }treeRecord; 37 | #endif 38 | -------------------------------------------------------------------------------- /configs/file/filereader.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1 4 | 5 | 6 | 7 | /home/sithhaue/filewriterfiles/ 8 | ipfixdump 9 | true 10 | 15 11 | 0 12 | 10 13 | 5 14 | 15 | 16 | 17 | 18 | 19 | trwportscandetector 20 | idmef/templates/trwportscan_template.xml 21 | 9 22 | 23 | 24 | 25 | http://localhost 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /src/common/cryptopan/panonymizer.h: -------------------------------------------------------------------------------- 1 | //Package: Crypto-PAn 1.0 2 | //File: panonymizer.h 3 | //Last Update: April 11, 2002 4 | //Author: Jinliang Fan 5 | 6 | #ifndef _PANONYMIZER_H_ 7 | #define _PANONYMIZER_H_ 8 | 9 | #include "rijndael.h" 10 | 11 | class PAnonymizer { //Prefix-preserving anonymizer 12 | public: 13 | // Contructor need a 256-bit key 14 | // The first 128 bits of the key are used as the secret key for rijndael cipher 15 | // The second 128 bits of the key are used as the secret pad for padding 16 | PAnonymizer(const UINT8 * key); 17 | ~PAnonymizer(); 18 | protected: 19 | UINT8 m_key[16]; //128 bit secret key 20 | UINT8 m_pad[16]; //128 bit secret pad 21 | Rijndael m_rin; //Rijndael cipher as pseudorandom function 22 | 23 | public: 24 | UINT32 anonymize( const UINT32 orig_addr); 25 | }; 26 | 27 | #endif //_PANONYMIZER_H_ 28 | -------------------------------------------------------------------------------- /src/modules/idmef/IDMEFExporterCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef IDMEFEXPORTERCFG_H_ 2 | #define IDMEFEXPORTERCFG_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "modules/idmef/IDMEFExporter.h" 8 | 9 | #include 10 | 11 | using namespace std; 12 | 13 | class IDMEFExporterCfg 14 | : public CfgHelper 15 | { 16 | public: 17 | friend class ConfigManager; 18 | 19 | virtual IDMEFExporterCfg* create(XMLElement* e); 20 | virtual ~IDMEFExporterCfg(); 21 | 22 | virtual IDMEFExporter* createInstance(); 23 | virtual bool deriveFrom(IDMEFExporterCfg* old); 24 | 25 | protected: 26 | string destDirectory; /**< directory where idmef message are to be saved temporarily */ 27 | string sendURL; /**< URL where IDMEF messages are to be sent */ 28 | 29 | IDMEFExporterCfg(XMLElement*); 30 | }; 31 | 32 | 33 | 34 | #endif /*IDMEFEXPORTERCFG_H_*/ 35 | -------------------------------------------------------------------------------- /src/common/atomic_lock.h: -------------------------------------------------------------------------------- 1 | #if !defined(ATOMIC_LOCK_H) 2 | #define ATOMIC_LOCK_H 3 | 4 | #include "Mutex.h" 5 | 6 | #include 7 | 8 | 9 | #if defined(__linux__) && (__GNUC__ >= 4) 10 | 11 | typedef uint32_t alock_t; 12 | #define atomic_lock(a) __sync_lock_test_and_set(a, 1) 13 | #define atomic_release(a) __sync_lock_release(a) 14 | 15 | #else 16 | 17 | struct alock_t { 18 | uint32_t value; 19 | Mutex mutex; 20 | 21 | alock_t() : value(0) {} 22 | alock_t(uint32_t v) : value(v) {} 23 | }; 24 | 25 | inline uint32_t atomic_lock(alock_t* a) 26 | { 27 | a->mutex.lock(); 28 | if (a->value==0) { 29 | a->value = 1; 30 | a->mutex.unlock(); 31 | return 0; 32 | } 33 | a->mutex.unlock(); 34 | return 1; 35 | } 36 | 37 | inline void atomic_release(alock_t* a) 38 | { 39 | a->mutex.lock(); 40 | a->value = 0; 41 | a->mutex.unlock(); 42 | } 43 | 44 | #endif // __linux__ 45 | 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/ipfixlolib_dtls_private.h: -------------------------------------------------------------------------------- 1 | #ifndef IPFIXLOLIB_DTLS_PRIVATE_H 2 | #define IPFIXLOLIB_DTLS_PRIVATE_H 3 | 4 | #include "ipfixlolib.h" 5 | #include "ipfixlolib_dtls.h" 6 | 7 | int dtls_manage_connection(ipfix_exporter *exporter, ipfix_receiving_collector *col); 8 | void deinit_openssl_ctx(ipfix_exporter_certificate *certificate); 9 | int setup_dtls_connection(ipfix_exporter *exporter, ipfix_receiving_collector *col, ipfix_dtls_connection *con); 10 | void dtls_shutdown_and_cleanup(ipfix_dtls_connection *con); 11 | int dtls_send_templates(ipfix_exporter *exporter, ipfix_receiving_collector *col); 12 | int dtls_send(ipfix_exporter *exporter, ipfix_receiving_collector *col, const struct iovec *iov, int iovcnt); 13 | int add_collector_dtls(ipfix_exporter *exporter, ipfix_receiving_collector *col, void *aux_config); 14 | int ipfix_dtls_advance_connections(ipfix_exporter *exporter); 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/osdep/linux/version.h: -------------------------------------------------------------------------------- 1 | #ifndef PROC_VERSION_H 2 | #define PROC_VERSION_H 3 | 4 | //#include "procps.h" 5 | 6 | /* Suite version information for procps utilities 7 | * Copyright (c) 1995 Martin Schulze 8 | * Linux kernel version information for procps utilities 9 | * Copyright (c) 1996 Charles Blake 10 | * Distributable under the terms of the GNU Library General Public License 11 | * 12 | * Copyright 2002 Albert Cahalan 13 | */ 14 | 15 | int linux_version_code; /* runtime version of LINUX_VERSION_CODE 16 | in /usr/include/linux/version.h */ 17 | 18 | /* Convenience macros for composing/decomposing version codes */ 19 | #define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) 20 | #define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) 21 | #define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) 22 | #define LINUX_VERSION_PATCH(x) ( (x) & 0xFF) 23 | 24 | #endif /* PROC_VERSION_H */ 25 | -------------------------------------------------------------------------------- /src/tests/ipfixlolib/init_deinit.c: -------------------------------------------------------------------------------- 1 | /* 2 | This file is part of IPFIXLOLIB 3 | TEST CODE 4 | Published under GPL v2 5 | Ronny T. Lampert, 2005-01 6 | 7 | based upon the original IPFIXLOLIB 8 | by Jan Petranek, University of Tuebingen 9 | 2004-11-18 10 | jan@petranek.de 11 | */ 12 | 13 | #include 14 | #include "ipfixlolib.h" 15 | 16 | #define TEST_INIT_LOOP 17 | #define TEST_ITERATIONS 1024 18 | #define MY_SOURCE_ID 70538 19 | 20 | int main(int argc, char *argv[]) 21 | { 22 | int ret; 23 | int i; 24 | ipfix_exporter *my_exporter; 25 | 26 | #ifdef TEST_INIT_LOOP 27 | for (i = 0; i < TEST_ITERATIONS; i++) { 28 | #endif 29 | ret = ipfix_init_exporter(MY_SOURCE_ID, &my_exporter); 30 | if (ret != 0) { 31 | fprintf(stderr, "ipfix_init_exporter failed!\n"); 32 | exit(-1); 33 | } 34 | 35 | ipfix_deinit_exporter(my_exporter); 36 | 37 | #ifdef TEST_INIT_LOOP 38 | } 39 | #endif 40 | printf("bravo\n"); 41 | exit(0); 42 | } 43 | -------------------------------------------------------------------------------- /configs/anonymize/record_anonym.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | SCTP 5 | 6 | 2 7 | 8 | 9 | 10 | 1000 11 | 3 12 | 6 13 | 14 | 15 | 16 | 17 | 18 | sourceIPv4Address 19 | 20 | CryptoPan 21 | insert key here 22 | 23 | 24 | 25 | destinationIPv4Address 26 | 4 27 | 28 | CryptoPan 29 | insert key here 30 | 31 | true 32 | 6 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /src/common/openssl/OpenSSL.h: -------------------------------------------------------------------------------- 1 | /* vim: set sts=4 sw=4 cindent nowrap: This modeline was added by Daniel Mentz */ 2 | 3 | #ifndef OPENSSLINIT_H 4 | #define OPENSSLINIT_H 5 | 6 | #ifdef SUPPORT_DTLS 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #include 13 | 14 | struct verify_peer_cb_data { 15 | int (*cb)(void *context, const char *dnsname); 16 | void *context; 17 | }; 18 | 19 | void ensure_openssl_init(void); 20 | void msg_openssl_errors(void); 21 | void msg_openssl_return_code(int level, const char *fn, int ret, int error); 22 | int verify_ssl_peer(SSL *ssl, int (*cb)(void *context, const char *dnsname), void *context); 23 | int verify_peer_cert_callback(int preverify_ok, X509_STORE_CTX *ctx); 24 | int get_openssl_ex_data_idx_vpcd(void); /* vpcd = verify_peer_cb_data */ 25 | const char *get_ssl_error_string(int ret); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif /* SUPPORT_DTLS */ 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /configs/idmef_templates/rbsdetector_template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | %ANALYZER_HOST% 8 |
9 |
%ANALYZER_IP%
10 |
11 | 12 | 13 | %CREATE_TIME% 14 | 15 | 16 |
17 |
%SOURCE_ADDRESS%
18 | %HOSTS% 19 |
20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /src/core/XMLElement.cpp: -------------------------------------------------------------------------------- 1 | #include "XMLElement.h" 2 | 3 | #include 4 | 5 | XMLElement::XMLElement(xmlNodePtr node) 6 | : XMLNode(node) 7 | { 8 | } 9 | 10 | XMLElement::~XMLElement() 11 | { 12 | } 13 | 14 | XMLElement::XMLAttributeSet XMLElement::getAttributes() 15 | { 16 | return getAttribHelper(""); 17 | } 18 | 19 | XMLAttribute* XMLElement::getAttribute(const std::string &name) 20 | { 21 | XMLAttributeSet set = getAttribHelper(name); 22 | if(set.size() == 0) 23 | return NULL; 24 | 25 | assert(set.size() >= 1); 26 | return set.front(); 27 | } 28 | 29 | XMLElement::XMLAttributeSet XMLElement::getAttribHelper(const std::string &name) 30 | { 31 | XMLAttributeSet attributes; 32 | 33 | for (xmlAttrPtr a = cobj()->properties; a; a = a->next) { 34 | if(a->_private && 35 | (name.empty() || name == (const char*)a->name)) { 36 | attributes.push_back(reinterpret_cast(a->_private)); 37 | } 38 | } 39 | 40 | return attributes; 41 | } 42 | 43 | -------------------------------------------------------------------------------- /src/tests/vermonttest/PrinterModule.h: -------------------------------------------------------------------------------- 1 | #ifndef PRINTERMODULE_H_ 2 | #define PRINTERMODULE_H_ 3 | 4 | /** 5 | @author Peter Baumann 6 | */ 7 | 8 | #include 9 | #include 10 | #include 11 | 12 | class PrinterModule 13 | : public Source, public Destination, public Module 14 | { 15 | public: 16 | PrinterModule(bool end = true) : isEndPoint(end), do_print(true), count(0) { } ; 17 | virtual ~PrinterModule(); 18 | 19 | virtual void receive(Packet *); 20 | 21 | void doPrint(bool b) 22 | { 23 | do_print = b; 24 | } 25 | 26 | void setPrefix(std::string s) 27 | { 28 | prefix = s; 29 | } 30 | 31 | unsigned int getCount() 32 | { 33 | return count; 34 | } 35 | 36 | void reset() 37 | { 38 | count = 0; 39 | } 40 | private: 41 | bool isEndPoint; 42 | bool do_print; 43 | unsigned int count; 44 | std::string prefix; 45 | }; 46 | 47 | #endif /*PRINTERMODULE_H_*/ 48 | -------------------------------------------------------------------------------- /src/modules/idmef/PacketIDMEFReporterCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef PACKETIDMEFREPORTERCFG_H_ 2 | #define PACKETIDMEFREPORTERCFG_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "modules/idmef/PacketIDMEFReporter.h" 8 | 9 | #include 10 | 11 | using namespace std; 12 | 13 | 14 | class PacketIDMEFReporterCfg 15 | : public CfgHelper 16 | { 17 | public: 18 | friend class ConfigManager; 19 | 20 | virtual PacketIDMEFReporterCfg* create(XMLElement* e); 21 | virtual ~PacketIDMEFReporterCfg(); 22 | 23 | virtual PacketIDMEFReporter* createInstance(); 24 | virtual bool deriveFrom(PacketIDMEFReporterCfg* old); 25 | 26 | protected: 27 | 28 | string analyzerId; /**< analyzer id for IDMEF messages */ 29 | string idmefTemplate; /**< template file for IDMEF messages */ 30 | uint16_t snapshotLength; /**< length of snapshot */ 31 | 32 | 33 | PacketIDMEFReporterCfg(XMLElement*); 34 | }; 35 | 36 | 37 | #endif /*PACKETIDMEFREPORTERCFG_H_*/ 38 | -------------------------------------------------------------------------------- /src/osdep/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # VERMONT build scripts for CMake 3 | # Copyright (C) 2007 Tobias Limmer 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | # 19 | 20 | ADD_LIBRARY(osdep 21 | linux/sysinfo.cpp 22 | linux/ThreadCPUInterface.cpp 23 | osx/sem_timedwait.cpp 24 | ) 25 | 26 | 27 | -------------------------------------------------------------------------------- /src/tests/vermonttest/test_configs/state_connectionfilter: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2 4 | 5 | 6 | 7 | data/connectionfiltertest.pcap 8 | ip 9 | 1 10 | 0 11 | 65535 12 | 2 13 | 14 | 15 | 16 | 10 17 | 3 18 | 19 | 20 | 21 | 22 | 5 23 | 100 24 | 25 | 4 26 | 27 | 28 | 29 | 10 30 | 5 31 | 32 | 33 | 34 | gen_output/state_connectionfilter 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /src/osdep/osx/sem_timedwait.cpp: -------------------------------------------------------------------------------- 1 | #ifdef __APPLE__ 2 | 3 | #include "sem_timedwait.h" 4 | #include 5 | #include 6 | #include 7 | 8 | // Mac OS X timedwait wrapper 9 | int sem_timedwait_mach(semaphore_t* sem, long timeout_ms) { 10 | int retval = 0; 11 | mach_timespec_t mts; 12 | if (timeout_ms >= 0) { 13 | mts.tv_sec = timeout_ms / 1000; 14 | mts.tv_nsec = (timeout_ms % 1000) * 1000000; 15 | } else { 16 | // FIX: If we really wait forever, we cannot shut down VERMONT 17 | // this is mac os x specific and does not happen on linux 18 | // hence, we just add a small timeout instead of blocking 19 | // indefinately 20 | mts.tv_sec = 1; 21 | mts.tv_nsec = 0; 22 | } 23 | retval = semaphore_timedwait(*sem, mts); 24 | switch (retval) { 25 | case KERN_SUCCESS: 26 | return 0; 27 | case KERN_OPERATION_TIMED_OUT: 28 | errno = ETIMEDOUT; 29 | break; 30 | case KERN_ABORTED: 31 | errno = EINTR; 32 | break; 33 | default: 34 | errno = EINVAL; 35 | break; 36 | } 37 | return -1; 38 | } 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /src/core/Destination.h: -------------------------------------------------------------------------------- 1 | #ifndef DESTINATION_H 2 | #define DESTINATION_H 3 | 4 | /** 5 | @author Peter Baumann 6 | */ 7 | 8 | #include "core/Emitable.h" 9 | #include "common/msg.h" 10 | 11 | #include 12 | #include 13 | 14 | 15 | template 16 | class Destination 17 | { 18 | public: 19 | typedef T dst_value_type; 20 | 21 | virtual ~Destination() { }; 22 | 23 | virtual void receive(T e) = 0; 24 | 25 | // See Source.h for comments on the queue running notification 26 | virtual void notifyQueueRunning() {} 27 | }; 28 | 29 | template<> 30 | class Destination 31 | { 32 | public: 33 | typedef NullEmitable* dst_value_type; 34 | 35 | virtual ~Destination() { }; 36 | 37 | virtual void receive(NullEmitable* e) 38 | { 39 | THROWEXCEPTION("this module is no destination!"); 40 | } 41 | 42 | // See Source.h for comments on the Start Signal 43 | virtual void notifyQueueRunning() 44 | { 45 | THROWEXCEPTION("this module is no destination!"); 46 | } 47 | }; 48 | 49 | 50 | #endif 51 | 52 | -------------------------------------------------------------------------------- /src/modules/analysis/AutoFocusCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef AUTOFOCUSCFG_H_ 2 | #define AUTOFOCUSCFG_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "AutoFocus.h" 8 | 9 | #include 10 | #include 11 | 12 | using namespace std; 13 | 14 | 15 | class AutoFocusCfg 16 | : public CfgHelper 17 | { 18 | public: 19 | friend class ConfigManager; 20 | 21 | virtual AutoFocusCfg* create(XMLElement* e); 22 | virtual ~AutoFocusCfg(); 23 | 24 | virtual AutoFocus* createInstance(); 25 | virtual bool deriveFrom(AutoFocusCfg* old); 26 | 27 | protected: 28 | 29 | uint32_t hashBits; /**< amount of bits used for hashtable */ 30 | uint32_t timeTreeInterval; // time in seconds of interval when tree is being rebuilt 31 | uint32_t numMaxResults; //max number of results 32 | uint32_t numTrees; 33 | uint32_t minSubbits; 34 | string analyzerId; /**< analyzer id for IDMEF messages */ 35 | string reportfile; /**< template file for IDMEF messages */ 36 | 37 | AutoFocusCfg(XMLElement*); 38 | }; 39 | 40 | 41 | #endif /*AUTOFOCUSCFG_H_*/ 42 | -------------------------------------------------------------------------------- /src/common/CountingSemaphore.h: -------------------------------------------------------------------------------- 1 | #ifndef __SEMAPHOR_HPP__ 2 | #define __SEMAPHOR_HPP__ 3 | 4 | #include "msg.h" 5 | 6 | #include 7 | 8 | class CountingSemaphore { 9 | private: 10 | pthread_mutex_t mutex; 11 | pthread_cond_t cond; 12 | unsigned int val; 13 | 14 | bool exitFlag; 15 | 16 | static const int STANDARD_TIMEOUT = 200; 17 | public: 18 | CountingSemaphore (unsigned int startvalue); 19 | ~CountingSemaphore(); 20 | 21 | /** decrement the semaphore 22 | * \param dec value on which the semaphore should be decremented 23 | * \param timeout_ms optional timeout to wait for decrementing the semaphore 24 | * (-1 means no timeout) 25 | * \return true if semaphore could be decremented, else false 26 | */ 27 | bool dec (unsigned int dec, long timeout_ms = STANDARD_TIMEOUT); 28 | 29 | /** increment the semaphore 30 | * \param inc value on which the semaphore is incremented 31 | */ 32 | void inc (unsigned int inc); 33 | 34 | inline void shutdown() 35 | { 36 | DPRINTF_INFO("shutting down"); 37 | exitFlag = true; 38 | } 39 | }; 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/tests/vermonttest/test_configs/connectionfilter: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2 4 | 5 | 6 | 7 | data/connectionfiltertest.pcap 8 | ip 9 | 1 10 | 0 11 | 65535 12 | 2 13 | 14 | 15 | 16 | 10 17 | 3 18 | 19 | 20 | 21 | 22 | 5 23 | 100 24 | 10 25 | 1000 26 | 27 | 4 28 | 29 | 30 | 31 | 10 32 | 5 33 | 34 | 35 | 36 | gen_output/connectionfilter 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /configs/idmef_templates/datafilter_template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | %ANALYZER_HOST% 8 |
9 |
%ANALYZER_IP%
10 |
11 | 12 | 13 | %CREATE_TIME% 14 | 15 | 16 |
17 |
%SOURCE_ADDRESS%
18 |
19 | 20 | 21 | 22 | 23 |
24 |
%TARGET_ADDRESS%
25 |
26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Vermont specific binaries 2 | vermont 3 | tools/testCollector 4 | tools/injectUDPToCollector 5 | src/tests/vermonttest/vermonttest 6 | src/tests/ipfixlolib/test_everything 7 | src/tests/ipfixlolib/mtutest 8 | src/tests/ipfixlolib/example_code_2 9 | src/tests/ipfixlolib/example_code 10 | # Vermont specific generated files 11 | sensor_output.xml 12 | 13 | # Created by https://www.gitignore.io/api/c++,cmake 14 | 15 | ### C++ ### 16 | # Prerequisites 17 | *.d 18 | 19 | # Compiled Object files 20 | *.slo 21 | *.lo 22 | *.o 23 | *.obj 24 | 25 | # Precompiled Headers 26 | *.gch 27 | *.pch 28 | 29 | # Compiled Dynamic libraries 30 | *.so 31 | *.dylib 32 | *.dll 33 | 34 | # Fortran module files 35 | *.mod 36 | *.smod 37 | 38 | # Compiled Static libraries 39 | *.lai 40 | *.la 41 | *.a 42 | *.lib 43 | 44 | # Executables 45 | *.exe 46 | *.out 47 | *.app 48 | 49 | ### CMake ### 50 | CMakeCache.txt 51 | CMakeFiles 52 | CMakeScripts 53 | Testing 54 | Makefile 55 | cmake_install.cmake 56 | install_manifest.txt 57 | compile_commands.json 58 | CTestTestfile.cmake 59 | build 60 | 61 | # End of https://www.gitignore.io/api/c++,cmake 62 | -------------------------------------------------------------------------------- /src/modules/packet/filter/PayloadFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _PAYLOAD_FILTER_H_ 22 | #define _PAYLOAD_FILTER_H_ 23 | 24 | #include "PacketProcessor.h" 25 | 26 | class PayloadFilter : public PacketProcessor { 27 | public: 28 | virtual bool processPacket(Packet* p); 29 | }; 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /configs/idmef_templates/trwportscan_template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | %ANALYZER_HOST% 8 |
9 |
%ANALYZER_IP%
10 |
11 | 12 | 13 | %CREATE_TIME% 14 | 15 | 16 |
17 |
%SOURCE_ADDRESS%
18 |
19 | 20 | 21 | 22 | 23 |
24 |
%TARGET_ADDRESS%
25 |
26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /src/modules/packet/filter/PayloadFilter.cpp: -------------------------------------------------------------------------------- 1 | #include "PayloadFilter.h" 2 | /* 3 | * Vermont Packet Filter 4 | * Copyright (C) 2009 Vermont Project 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License 8 | * as published by the Free Software Foundation; either version 2 9 | * of the License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | * 20 | */ 21 | 22 | 23 | 24 | bool PayloadFilter::processPacket(Packet* p) 25 | { 26 | if (p->classification & PCLASS_PAYLOAD) { 27 | // "drop" payload 28 | p->data_length = p->payload - p->layer2Start; 29 | p->classification ^= PCLASS_PAYLOAD; 30 | } 31 | return true; 32 | } 33 | -------------------------------------------------------------------------------- /configs/idmef_templates/trwportscan_example.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | vermont.rrze.uni-erlangen.de 8 |
9 |
131.188.2.46
10 |
11 | 12 | 13 | 2007-08-27-T11:52:31Z 14 | 15 | 16 |
17 |
1.2.3.4
18 |
19 | 20 | 21 | 22 | 23 |
24 |
255.255.255.0
25 |
26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /configs/oracle/prepare_oracle.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Need to run as root to create datafiles 4 | if [[ $EUID -ne 0 ]]; then 5 | echo "This script must be run as root" 1>&2 6 | exit 1 7 | fi 8 | 9 | # Setup oracle env 10 | export ORACLE_BASE=/usr/lib/oracle/xe/app/oracle/product 11 | export ORACLE_HOME=$ORACLE_BASE/10.2.0/server 12 | export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/usr/lib 13 | export PATH=$ORACLE_HOME/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:~/bin 14 | 15 | # SQLplus Options needed 16 | OPTS="-S" 17 | 18 | # !!! Ajust to need !!! 19 | # /@ 20 | LOGON="system/ph1lf3hr3@xe" 21 | USER="vermont" 22 | PASS="vermont" 23 | DB="oex" 24 | 25 | # Create directory for Datafiles 26 | mkdir -p /u/oracle/ 27 | chmod -R a+rw /u/oracle/ 28 | 29 | # Setup OracleDB 30 | sqlplus $OPTS $LOGON << EOF 31 | CREATE TABLESPACE $DB DATAFILE '/u/oracle/$DB.dbf' SIZE 10m AUTOEXTEND ON NEXT 10m MAXSIZE UNLIMITED; 32 | CREATE USER $USER IDENTIFIED BY $PASS DEFAULT TABLESPACE $DB QUOTA UNLIMITED ON $DB; 33 | GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW TO $USER; 34 | GRANT CREATE ANY SEQUENCE TO $USER; 35 | GRANT CREATE ANY TRIGGER TO $USER; 36 | EXIT; 37 | EOF 38 | 39 | -------------------------------------------------------------------------------- /src/common/anon/AnonIdentity.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | 20 | #include "./AnonIdentity.h" 21 | 22 | AnonIdentity::AnonIdentity () 23 | { 24 | } 25 | 26 | AnonIdentity::~AnonIdentity () 27 | { 28 | } 29 | 30 | AnonPrimitive::ANON_RESULT AnonIdentity::anonymize (void* buf, unsigned int len) 31 | { 32 | return ANON_RESULT (len); 33 | } 34 | 35 | -------------------------------------------------------------------------------- /src/modules/packet/filter/AnonFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Anonymization Subsystem 3 | * Copyright (C) 2008 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _ANON_FILTER_H_ 22 | #define _ANON_FILTER_H_ 23 | 24 | #include "PacketProcessor.h" 25 | #include 26 | 27 | class AnonFilter : public PacketProcessor, public AnonModule { 28 | public: 29 | virtual bool processPacket(Packet* p); 30 | void setIEHeaderOffsets(); 31 | }; 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # VERMONT build scripts for CMake 3 | # Copyright (C) 2007 Christoph Sommer 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | # 19 | 20 | 21 | set(ipfixlolib_SOURCES 22 | encoding.c 23 | ipfixlolib.c 24 | ipfix_names.c 25 | ) 26 | 27 | if (SUPPORT_DTLS) 28 | set(ipfixlolib_SOURCES ${ipfixlolib_SOURCES} ipfixlolib_dtls.c) 29 | endif() 30 | 31 | ADD_LIBRARY(ipfixlolib ${ipfixlolib_SOURCES}) 32 | 33 | add_cppcheck(ipfixlolib STYLE POSSIBLE_ERROR) 34 | -------------------------------------------------------------------------------- /configs/idmef_templates/p2pdetector_template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | %ANALYZER_HOST% 8 |
9 |
%ANALYZER_IP%
10 |
11 | 12 | 13 | %CREATE_TIME% 14 | 15 | 16 |
17 |
%PEER_ADDRESS%
18 |
19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /src/tests/vermonttest/TestSuiteBase.h: -------------------------------------------------------------------------------- 1 | #ifndef _TEST_SUITE_BASE_H_ 2 | #define _TEST_SUITE_BASE_H_ 3 | 4 | #include "common/msg.h" 5 | 6 | #include 7 | 8 | 9 | #define ERROR(...) vermont_exception(__LINE__, __FILE__, __PRETTY_FUNCTION__, __func__, __VA_ARGS__) 10 | 11 | // redefine assert, so that ASSERT is always properly defined in unit tests 12 | #undef ASSERT 13 | #define ASSERT(cond, description) \ 14 | { \ 15 | if (!(cond)) { \ 16 | vermont_assert(#cond, (description), __LINE__, __FILE__, __PRETTY_FUNCTION__, __func__);\ 17 | } \ 18 | } 19 | 20 | #define REQUIRE(cond) \ 21 | { \ 22 | if (!(cond)) { \ 23 | vermont_assert(#cond, "", __LINE__, __FILE__, __PRETTY_FUNCTION__, __func__); \ 24 | } \ 25 | } 26 | 27 | class Test { 28 | public: 29 | typedef enum { 30 | FAILED, 31 | PASSED 32 | } TestResult; 33 | virtual TestResult execTest() = 0; 34 | virtual ~Test(); 35 | }; 36 | 37 | class TestSuite { 38 | public: 39 | TestSuite(); 40 | ~TestSuite(); 41 | void add(Test* test); 42 | void run(); 43 | 44 | private: 45 | std::vector tests; 46 | }; 47 | 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/common/anon/AnonIdentity.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_IDENTITY_H 20 | #define __ANON_IDENTITY_H 21 | 22 | #include "AnonPrimitive.h" 23 | 24 | class AnonIdentity : public AnonPrimitive 25 | { 26 | public: 27 | AnonIdentity(); 28 | ~AnonIdentity(); 29 | 30 | protected: 31 | 32 | ANON_RESULT anonymize(void* buf, unsigned int len); 33 | 34 | }; 35 | 36 | #endif // __ANON_IDENTITY_H 37 | 38 | -------------------------------------------------------------------------------- /src/core/Connector.h: -------------------------------------------------------------------------------- 1 | #ifndef CONNECTOR_H_ 2 | #define CONNECTOR_H_ 3 | /** 4 | @author Peter Baumann 5 | */ 6 | 7 | //#include "cfg/Graph.h" 8 | 9 | #include 10 | 11 | #include "Graph.h" 12 | 13 | /** 14 | * This class is used to build up the configuration graph. 15 | * Normally it gets a Graph* which isn't connected yet (it has 16 | * only nodes, no edges). 17 | * The nodes are traversed topologically and then connected. 18 | */ 19 | class Connector 20 | { 21 | public: 22 | friend class Graph; 23 | 24 | /** c'tor 25 | * @param connectNodes set it to true if you want that the nodes should be connected 26 | * @param connectModules set to true if you want the modules/instances to be connected 27 | */ 28 | Connector(bool connectNodes = true, bool connectModules = true) 29 | : connectNodes(connectNodes), connectModules(connectModules) 30 | { 31 | } 32 | 33 | virtual ~Connector() { } 34 | 35 | /** 36 | * Connects the nodes in the Graph 37 | * @param g Graph which should be connected 38 | */ 39 | virtual Graph* connect(Graph* g); 40 | 41 | protected: 42 | std::map getId2Node(const std::vector& nodes); 43 | 44 | bool connectNodes; 45 | bool connectModules; 46 | }; 47 | 48 | #endif /*CONNECTOR_H_*/ 49 | -------------------------------------------------------------------------------- /src/common/SignalHandler.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include "common/msg.h" 8 | #include "SignalInterface.h" 9 | 10 | /** 11 | * Provides Signal handling for Vermont modules 12 | * If a module needs to respond to certain signals, 13 | * it must be derived from SignalInterface a overwrite 14 | * the appropriate methods for the signals to be handled 15 | */ 16 | class SignalHandler { 17 | private: 18 | SignalHandler(); 19 | virtual ~SignalHandler() {} 20 | SignalHandler(const SignalHandler &); /**< intentionally undefined */ 21 | SignalHandler & operator=(const SignalHandler &); /**< intentionally undefined */ 22 | int setupSignal(int signal); 23 | 24 | static void handleSignalWrapper(int sig); 25 | 26 | /** 27 | * this map holds a list for every registered signal 28 | * each list element points to a SignalInterface object 29 | */ 30 | std::map > signalList; 31 | 32 | pthread_mutex_t mutex; 33 | 34 | 35 | public: 36 | static SignalHandler &getInstance(); 37 | int registerSignalHandler(int signal, SignalInterface *t); 38 | int unregisterSignalHandler(int signal, SignalInterface *t); 39 | void handleSignal(int sig); 40 | }; 41 | 42 | -------------------------------------------------------------------------------- /src/modules/analysis/fpsigmatcher/Utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * VERMONT 3 | * Copyright (C) 2009 Informatik 7 Uni-Erlangen 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | 21 | #ifndef UTILS_H_ 22 | #define UTILS_H_ 23 | 24 | #include 25 | #include 26 | 27 | struct LinkedList{ 28 | struct LinkedList* head; 29 | struct LinkedList* next; 30 | }; 31 | 32 | double get_double(char []); 33 | int strtoken(char *, char *, char *[]); 34 | int get_length(char *); 35 | char ** get_filenames(const char *, int *); 36 | 37 | #endif /* UTILS_H_ */ 38 | -------------------------------------------------------------------------------- /src/common/anon/AnonShuffle.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_SHUFFLE_H 20 | #define __ANON_SHUFFLE_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include 24 | #include 25 | 26 | class AnonShuffle : public AnonPrimitive { 27 | public: 28 | AnonShuffle(); 29 | ~AnonShuffle(); 30 | 31 | protected: 32 | 33 | ANON_RESULT anonymize(void* buf, unsigned int len); 34 | 35 | }; 36 | 37 | #endif // __ANON_SHUFFLE_H 38 | -------------------------------------------------------------------------------- /src/common/anon/AnonShorten.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "./AnonShorten.h" 20 | 21 | AnonShorten::AnonShorten (unsigned int length) 22 | : newlen(length) 23 | { 24 | } 25 | 26 | AnonShorten::~AnonShorten () 27 | { 28 | } 29 | 30 | AnonPrimitive::ANON_RESULT AnonShorten::anonymize (void* buf, unsigned int len) 31 | { 32 | if (newlen >= len) 33 | return ANON_RESULT (len); 34 | else 35 | return ANON_RESULT (newlen); 36 | } 37 | 38 | -------------------------------------------------------------------------------- /src/common/anon/AnonContinuousChar.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "./AnonContinuousChar.h" 20 | 21 | #include 22 | 23 | AnonContinuousChar::AnonContinuousChar () 24 | : current (0) 25 | { 26 | } 27 | 28 | AnonContinuousChar::~AnonContinuousChar () 29 | { 30 | } 31 | 32 | AnonPrimitive::ANON_RESULT AnonContinuousChar::anonymize (void* buf, unsigned int len) 33 | { 34 | memset (buf, current++, len); 35 | return 0; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /src/common/anon/AnonBroadcastHandler.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_BROADCAST_HANDLER_H 20 | #define __ANON_BROADCAST_HANDLER_H 21 | 22 | #include "AnonPrimitive.h" 23 | 24 | class AnonBroadcastHandler : public AnonPrimitive { 25 | public: 26 | AnonBroadcastHandler(); 27 | ~AnonBroadcastHandler(); 28 | protected: 29 | 30 | ANON_RESULT anonymize(void* buf, unsigned int len) ; 31 | }; 32 | 33 | #endif // __ANON_BROADCAST_HANDLER_H 34 | 35 | -------------------------------------------------------------------------------- /src/common/anon/AnonRandomize.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_RANDOMIZE_H 20 | #define __ANON_RANDOMIZE_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include "RandomNumberGenerator.h" 24 | 25 | class AnonRandomize : public AnonPrimitive { 26 | 27 | public: 28 | AnonRandomize(); 29 | ~AnonRandomize(); 30 | 31 | protected: 32 | 33 | ANON_RESULT anonymize(void* buf, unsigned int len); 34 | 35 | }; 36 | 37 | #endif // __ANON_RANDOMIZE_H 38 | 39 | -------------------------------------------------------------------------------- /src/common/anon/AnonShorten.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_SHORTEN_H 20 | #define __ANON_SHORTEN_H 21 | 22 | #include "AnonPrimitive.h" 23 | 24 | class AnonShorten : public AnonPrimitive 25 | { 26 | public: 27 | AnonShorten(unsigned int length); 28 | ~AnonShorten(); 29 | 30 | protected: 31 | ANON_RESULT anonymize(void* buf, unsigned int len); 32 | 33 | private: 34 | unsigned int newlen; 35 | }; 36 | 37 | #endif // __ANON_SHORTEN_H 38 | 39 | -------------------------------------------------------------------------------- /src/modules/packet/filter/HostFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * VERMONT 3 | * Copyright (C) 2009 Matthias Segschneider 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef HOSTFILTER_H_ 21 | #define HOSTFILTER_H_ 22 | 23 | #include 24 | #include "PacketProcessor.h" 25 | 26 | class HostFilter : public PacketProcessor 27 | { 28 | public: 29 | HostFilter(std::string addrfilter, std::set iplist); 30 | 31 | bool processPacket(Packet *p); 32 | 33 | private: 34 | std::string addrFilter; 35 | std::set ipList; 36 | }; 37 | 38 | #endif /*HOSTFILTER_H_*/ 39 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewiseHashSha1.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_BYTEWISE_HASH_SHA1_H 20 | #define __ANON_BYTEWISE_HASH_SHA1_H 21 | 22 | #include "AnonBytewise.h" 23 | #include "AnonHashSha1.h" 24 | #include 25 | 26 | 27 | class AnonBytewiseHashSha1 : public AnonBytewise { 28 | public: 29 | AnonBytewiseHashSha1(); 30 | ~AnonBytewiseHashSha1(); 31 | 32 | private: 33 | void fillTable(); 34 | 35 | }; 36 | 37 | #endif // __ANON_BYTEWISE_HASH_SHA1_H 38 | 39 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixRecordSender.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Concentrator Module Library 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | 22 | #ifndef IPFIXRECORDSOURCE_H 23 | #define IPFIXRECORDSOURCE_H 24 | 25 | /** 26 | * used by IpfixCollector to pass ability to send IpfixRecords to IpfixParser 27 | * (reduced needed interface to a minimum) 28 | */ 29 | class IpfixRecordSender 30 | { 31 | public: 32 | virtual ~IpfixRecordSender() {} 33 | virtual bool send(IpfixRecord* ipfixRecord) = 0; 34 | }; 35 | 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /src/common/anon/AnonConstOverwrite.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonConstOverwrite.h" 20 | 21 | #include 22 | 23 | AnonConstOverwrite::AnonConstOverwrite (unsigned char byte) 24 | : byteval (byte) 25 | { 26 | } 27 | 28 | AnonConstOverwrite::~AnonConstOverwrite () 29 | { 30 | } 31 | 32 | AnonPrimitive::ANON_RESULT AnonConstOverwrite::anonymize (void* buf, unsigned int len) 33 | { 34 | memset (buf, byteval, len); 35 | return ANON_RESULT (len); 36 | } 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewise.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_BYTEWISE_H 20 | #define __ANON_BYTEWISE_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include 24 | 25 | class AnonBytewise : public AnonPrimitive { 26 | public: 27 | AnonBytewise(); 28 | virtual ~AnonBytewise(); 29 | 30 | protected: 31 | ANON_RESULT anonymize(void* buf, unsigned int len); 32 | 33 | protected: 34 | 35 | unsigned char anonbytes [256]; 36 | 37 | }; 38 | 39 | #endif // __ANON_BYTEWISE_H 40 | 41 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewiseHashHmacSha1.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_BYTEWISE_HASH_HMAC_SHA1_H 20 | #define __ANON_BYTEWISE_HASH_HMAC_SHA1_H 21 | 22 | #include "AnonBytewise.h" 23 | #include "AnonHashHmacSha1.h" 24 | 25 | class AnonBytewiseHashHmacSha1 : public AnonBytewise { 26 | public: 27 | AnonBytewiseHashHmacSha1(std::string key); 28 | ~AnonBytewiseHashHmacSha1(); 29 | 30 | private: 31 | void fillTable(std::string hmackey); 32 | }; 33 | 34 | 35 | #endif // __ANON_BYTEWISE_HASH_HMAC_SHA1_H 36 | 37 | -------------------------------------------------------------------------------- /src/common/anon/AnonConstOverwrite.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_CONST_OVERWRITE_H 20 | #define __ANON_CONST_OVERWRITE_H 21 | 22 | #include "AnonPrimitive.h" 23 | 24 | class AnonConstOverwrite : public AnonPrimitive { 25 | 26 | public: 27 | AnonConstOverwrite(unsigned char byte); 28 | ~AnonConstOverwrite(); 29 | 30 | protected: 31 | ANON_RESULT anonymize(void* buf, unsigned int len); 32 | 33 | private: 34 | 35 | unsigned char byteval; 36 | 37 | }; 38 | 39 | #endif // __ANON_CONST_OVERWRITE_H 40 | 41 | -------------------------------------------------------------------------------- /src/common/anon/RandomNumberGenerator.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __RANDOM_NUMBER_GENERATOR_H 20 | #define __RANDOM_NUMBER_GENERATOR_H 21 | 22 | #ifdef WIN32 23 | #define _CRT_RAND_S 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | namespace RandomNumberGenerator { 31 | 32 | void init(); 33 | unsigned int generate(); 34 | unsigned int generate(unsigned int rangemin, unsigned int rangemax); 35 | 36 | } 37 | 38 | #endif // __RANDOM_NUMBER_GENERATOR_H 39 | 40 | -------------------------------------------------------------------------------- /src/modules/idmef/PacketIDMEFReporter.h: -------------------------------------------------------------------------------- 1 | #ifndef PACKETIDMEFREPORTER_H_ 2 | #define PACKETIDMEFREPORTER_H_ 3 | 4 | 5 | #include "modules/idmef/IDMEFMessage.h" 6 | 7 | #include "core/Destination.h" 8 | #include "modules/packet/Packet.h" 9 | 10 | #include 11 | 12 | using namespace std; 13 | 14 | 15 | class PacketIDMEFReporter 16 | : public Module, 17 | public Destination, 18 | public Source 19 | { 20 | public: 21 | static const char* PAR_SRCIP; 22 | static const char* PAR_DSTIP; 23 | static const char* PAR_PROTOCOL; 24 | static const char* PAR_LENGTH; 25 | static const char* PAR_SRCPORT; 26 | static const char* PAR_DSTPORT; 27 | static const char* PAR_SNAPSHOT; 28 | 29 | 30 | PacketIDMEFReporter(string idmeftemplate, string analyzerid, uint16_t snapshotlen); 31 | virtual ~PacketIDMEFReporter(); 32 | 33 | virtual void receive(Packet* p); 34 | 35 | private: 36 | string analyzerId; /**< analyzer id for IDMEF messages */ 37 | string idmefTemplate; /**< template file for IDMEF messages */ 38 | uint16_t snapshotLength; /**< length of snapshot */ 39 | char snapshotBuffer[3000]; /**< buffer for holding hexdump of snapshot */ 40 | 41 | // manages instances of IDMEFMessages 42 | static InstanceManager idmefManager; 43 | 44 | void analyzePacket(Packet* p, IDMEFMessage* msg); 45 | }; 46 | 47 | #endif /*PACKETIDMEFREPORTER_H_*/ 48 | -------------------------------------------------------------------------------- /src/modules/analysis/TRWPortscanDetectorCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef TRWPORTSCANDETECTORCFG_H_ 2 | #define TRWPORTSCANDETECTORCFG_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "modules/analysis/TRWPortscanDetector.h" 8 | 9 | #include 10 | 11 | using namespace std; 12 | 13 | 14 | class TRWPortscanDetectorCfg 15 | : public CfgHelper 16 | { 17 | public: 18 | friend class ConfigManager; 19 | 20 | virtual TRWPortscanDetectorCfg* create(XMLElement* e); 21 | virtual ~TRWPortscanDetectorCfg(); 22 | 23 | virtual TRWPortscanDetector* createInstance(); 24 | virtual bool deriveFrom(TRWPortscanDetectorCfg* old); 25 | 26 | protected: 27 | 28 | uint32_t hashBits; /**< amount of bits used for hashtable */ 29 | uint32_t timeExpirePending; // time in seconds until pending entries are expired 30 | uint32_t timeExpireScanner; // time in seconds until scanner entries are expired 31 | uint32_t timeExpireBenign; // time in seconds until benign entries are expired 32 | uint32_t timeCleanupInterval; // time in seconds of interval when hashtable with source hosts is cleaned up (trwEntries) 33 | string analyzerId; /**< analyzer id for IDMEF messages */ 34 | string idmefTemplate; /**< template file for IDMEF messages */ 35 | 36 | TRWPortscanDetectorCfg(XMLElement*); 37 | }; 38 | 39 | 40 | #endif /*TRWPORTSCANDETECTORCFG_H_*/ 41 | -------------------------------------------------------------------------------- /src/common/anon/AnonContinuousChar.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_CONTINUOUS_CHAR_H 20 | #define __ANON_CONTINUOUS_CHAR_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include 24 | 25 | class AnonContinuousChar : public AnonPrimitive { 26 | 27 | public: 28 | AnonContinuousChar(); 29 | ~AnonContinuousChar(); 30 | 31 | protected: 32 | ANON_RESULT anonymize(void* buf, unsigned int len); 33 | 34 | private: 35 | 36 | unsigned char current; 37 | 38 | }; 39 | 40 | #endif // __ANON_CONTINUOUS_CHAR_H 41 | 42 | -------------------------------------------------------------------------------- /src/common/anon/AnonHashSha1.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_HASH_SHA1_H 20 | #define __ANON_HASH_SHA1_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include 24 | 25 | class AnonHashSha1 : public AnonPrimitive { 26 | 27 | public: 28 | 29 | AnonHashSha1(); 30 | ~AnonHashSha1(); 31 | 32 | protected: 33 | ANON_RESULT anonymize(void* buf, unsigned int len); 34 | 35 | private: 36 | Sha1::SHA1_CTX sha; 37 | unsigned char digest [SHA1_DIGLEN]; 38 | 39 | }; 40 | 41 | #endif // __ANON_HASH_SHA1_H 42 | 43 | -------------------------------------------------------------------------------- /src/common/anon/AnonWhitenoise.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_WHITENOISE_H 20 | #define __ANON_WHITENOISE_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include "RandomNumberGenerator.h" 24 | #include 25 | 26 | class AnonWhitenoise : public AnonPrimitive { 27 | public: 28 | AnonWhitenoise(unsigned char strengthval); 29 | ~AnonWhitenoise(); 30 | 31 | protected: 32 | ANON_RESULT anonymize(void* buf, unsigned int len); 33 | 34 | private: 35 | 36 | unsigned char strength; 37 | 38 | }; 39 | 40 | #endif // __ANON_WHITENOISE_H 41 | 42 | -------------------------------------------------------------------------------- /src/modules/analysis/P2PDetectorCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef P2PDETECTORCFG_H_ 2 | #define P2PDETECTORCFG_H_ 3 | 4 | #include "P2PDetector.h" 5 | 6 | #include "core/XMLElement.h" 7 | #include "core/Cfg.h" 8 | 9 | #include 10 | 11 | using namespace std; 12 | 13 | 14 | class P2PDetectorCfg 15 | : public CfgHelper 16 | { 17 | public: 18 | friend class ConfigManager; 19 | 20 | virtual P2PDetectorCfg* create(XMLElement* e); 21 | virtual ~P2PDetectorCfg(); 22 | 23 | virtual P2PDetector* createInstance(); 24 | virtual bool deriveFrom(P2PDetectorCfg* old); 25 | 26 | protected: 27 | uint32_t intLength; /** length of interval in seconds when to check for p2p hosts*/ 28 | uint32_t subnet; // subnet to research 29 | uint32_t subnetmask; // corresponding subnetmask 30 | string analyzerid; // Analyzer ID which is inserted into the generated IDMEF message 31 | string idmefTemplate; // Path to IDMEF template which is used to generate the IDMEF message. 32 | 33 | //criterias 34 | double udpRateThreshold; 35 | double udpHostRateThreshold; 36 | double tcpRateThreshold; 37 | double coexistentTCPConsThreshold; 38 | double rateLongTCPConsThreshold; 39 | double tcpVarianceThreshold; 40 | double failedConsPercentThreshold; 41 | double tcpFailedRateThreshold; 42 | double tcpFailedVarianceThreshold; 43 | 44 | P2PDetectorCfg(XMLElement*); 45 | 46 | bool setSubnet(string& str); 47 | }; 48 | 49 | 50 | #endif /*P2PDETECTORCFG_H_*/ 51 | -------------------------------------------------------------------------------- /src/common/anon/AnonCryptoPan.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_CRYPTO_PAN_H 20 | #define __ANON_CRYPTO_PAN_H 21 | 22 | #include 23 | #include 24 | #include 25 | #include "AnonPrimitive.h" 26 | 27 | 28 | class AnonCryptoPan : public AnonPrimitive { 29 | public: 30 | AnonCryptoPan(char* _key); 31 | ~AnonCryptoPan(); 32 | 33 | protected: 34 | 35 | ANON_RESULT anonymize(void* buf, unsigned int len); 36 | 37 | private: 38 | 39 | PAnonymizer cryptopan; 40 | 41 | }; 42 | 43 | #endif // __ANON_CRYPTO_PAN_H 44 | 45 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewise.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonBytewise.h" 20 | #include 21 | 22 | AnonBytewise::AnonBytewise () 23 | { 24 | } 25 | 26 | AnonBytewise::~AnonBytewise () 27 | { 28 | } 29 | 30 | AnonPrimitive::ANON_RESULT AnonBytewise::anonymize (void* buf, unsigned int len) 31 | { 32 | unsigned char* pnt; 33 | 34 | for (unsigned int i=0; i 22 | 23 | AnonRandomize::AnonRandomize () 24 | { 25 | } 26 | 27 | AnonRandomize::~AnonRandomize () 28 | { 29 | } 30 | 31 | AnonPrimitive::ANON_RESULT AnonRandomize::anonymize (void* buf, unsigned int len) 32 | { 33 | unsigned int randval; 34 | 35 | for (unsigned int i=0; i 3 | * Ammended by cblake to only export the function symbol. 4 | * 5 | * Modified by Albert Cahalan, ????-2003 6 | * 7 | * Redistributable under the terms of the 8 | * GNU Library General Public License; see COPYING 9 | */ 10 | #ifdef HAVE_CONFIG_H 11 | #include 12 | #endif 13 | #include 14 | #include 15 | #include "version.h" 16 | 17 | 18 | /* Linux kernel version information for procps utilities 19 | * Copyright (c) 1996 Charles Blake 20 | */ 21 | #include 22 | 23 | #define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) 24 | 25 | 26 | static void init_Linux_version(void) __attribute__((constructor)); 27 | static void init_Linux_version(void) { 28 | static struct utsname uts; 29 | int x = 0, y = 0, z = 0; /* cleared in case sscanf() < 3 */ 30 | 31 | if (uname(&uts) == -1) /* failure implies impending death */ 32 | exit(1); 33 | // Linux 3.x has no patch level anymore, thus only check if two digits could be read 34 | if (sscanf(uts.release, "%d.%d.%d", &x, &y, &z) < 2) 35 | fprintf(stderr, /* *very* unlikely to happen by accident */ 36 | "Non-standard uts for running kernel:\n" 37 | "release %s=%d.%d.%d gives version code %d\n", 38 | uts.release, x, y, z, LINUX_VERSION(x,y,z)); 39 | linux_version_code = LINUX_VERSION(x, y, z); 40 | } 41 | -------------------------------------------------------------------------------- /cmake/modules/FindSctp.cmake: -------------------------------------------------------------------------------- 1 | # This line added for distribution with Vermont: 2 | MESSAGE(STATUS "Using bundled FindSctp.cmake...") 3 | 4 | 5 | FIND_PATH( 6 | SCTP_INCLUDE_DIR 7 | sctp.h 8 | /usr/include/ /usr/include/sctp/ /usr/include/netinet 9 | /usr/local/include/ /usr/local/include/sctp/ /usr/local/include/netinet/ 10 | ) 11 | 12 | 13 | # check wether we have we have all necessary functions within our libc 14 | INCLUDE(CheckFunctionExists) 15 | CHECK_FUNCTION_EXISTS(sctp_sendmsg SCTP_SENDMSGV_FOUND) 16 | 17 | # check for external libsctp 18 | FIND_LIBRARY( 19 | SCTP_LIBRARIES NAMES sctp 20 | PATHS /usr/lib/ /usr/local/lib/ 21 | ) 22 | 23 | IF (SCTP_LIBRARIES OR SCTP_SENDMSGV_FOUND) 24 | SET (FOUND_SCTP_LIBRARIES TRUE) 25 | ENDIF (SCTP_LIBRARIES OR SCTP_SENDMSGV_FOUND) 26 | 27 | IF (SCTP_INCLUDE_DIR) 28 | MESSAGE(STATUS "Found sctp include dirs") 29 | ELSE (SCTP_INCLUDE_DIR) 30 | MESSAGE(STATUS "Could not find sctp include dirs") 31 | ENDIF(SCTP_INCLUDE_DIR) 32 | 33 | IF (FOUND_SCTP_LIBRARIES) 34 | MESSAGE(STATUS "Found sctp libraries") 35 | SET(SCTP_FOUND TRUE) 36 | ELSE (FOUND_SCTP_LIBRARIES) 37 | MESSAGE(STATUS "Could not find sctp libraries") 38 | ENDIF(FOUND_SCTP_LIBRARIES) 39 | 40 | IF (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES) 41 | MESSAGE(STATUS "Found sctp") 42 | ELSE (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES) 43 | MESSAGE(FATAL_ERROR "ERROR: Could not find libsctp. Please install the library.") 44 | ENDIF (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES) 45 | -------------------------------------------------------------------------------- /src/modules/idmef/IDMEFExporterCfg.cpp: -------------------------------------------------------------------------------- 1 | #include "IDMEFExporterCfg.h" 2 | 3 | #include "common/msg.h" 4 | 5 | IDMEFExporterCfg* IDMEFExporterCfg::create(XMLElement* e) 6 | { 7 | ASSERT(e, "e must not be NULL"); 8 | ASSERT(e->getName() == getName(), "invalid name specified for this module"); 9 | return new IDMEFExporterCfg(e); 10 | } 11 | 12 | IDMEFExporterCfg::IDMEFExporterCfg(XMLElement* elem) 13 | : CfgHelper(elem, "idmefExporter"), 14 | destDirectory("idmef_work") 15 | { 16 | if (!elem) return; 17 | 18 | XMLNode::XMLSet set = _elem->getElementChildren(); 19 | for (XMLNode::XMLSet::iterator it = set.begin(); 20 | it != set.end(); 21 | it++) { 22 | XMLElement* e = *it; 23 | 24 | if (e->matches("destdir")) { 25 | destDirectory = e->getFirstText(); 26 | } else if (e->matches("sendurl")) { 27 | sendURL = e->getFirstText(); 28 | } else { 29 | msg(LOG_CRIT, "Unknown IDMEFExporter config statement %s\n", e->getName().c_str()); 30 | continue; 31 | } 32 | } 33 | 34 | if (sendURL == "") THROWEXCEPTION("no destination URL specified for IDMEFExporter"); 35 | } 36 | 37 | IDMEFExporterCfg::~IDMEFExporterCfg() 38 | { 39 | } 40 | 41 | IDMEFExporter* IDMEFExporterCfg::createInstance() 42 | { 43 | instance = new IDMEFExporter(destDirectory, sendURL); 44 | return instance; 45 | } 46 | 47 | bool IDMEFExporterCfg::deriveFrom(IDMEFExporterCfg* old) 48 | { 49 | return false; 50 | } 51 | -------------------------------------------------------------------------------- /src/tests/ipfixlolib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ADD_EXECUTABLE(test_everything 2 | test_everything.cc 3 | ) 4 | 5 | ADD_EXECUTABLE(mtutest 6 | mtutest.c 7 | ) 8 | 9 | TARGET_LINK_LIBRARIES(mtutest 10 | ipfixlolib 11 | common 12 | ) 13 | SET_TARGET_PROPERTIES(mtutest 14 | PROPERTIES 15 | LINKER_LANGUAGE CXX) 16 | 17 | TARGET_LINK_LIBRARIES(test_everything 18 | ipfixlolib 19 | common 20 | ) 21 | 22 | ADD_EXECUTABLE(example_code 23 | example_code.cc 24 | ) 25 | 26 | TARGET_LINK_LIBRARIES(example_code 27 | ipfixlolib 28 | common 29 | ) 30 | 31 | ADD_EXECUTABLE(example_code_2 32 | example_code_2.c 33 | ) 34 | 35 | TARGET_LINK_LIBRARIES(example_code_2 36 | ipfixlolib 37 | common 38 | ) 39 | 40 | SET_TARGET_PROPERTIES(example_code_2 41 | PROPERTIES 42 | LINKER_LANGUAGE CXX) 43 | 44 | IF (SUPPORT_DTLS) 45 | TARGET_LINK_LIBRARIES(test_everything ${OPENSSL_LIBRARIES}) 46 | TARGET_LINK_LIBRARIES(mtutest ${OPENSSL_LIBRARIES}) 47 | TARGET_LINK_LIBRARIES(example_code ${OPENSSL_LIBRARIES}) 48 | TARGET_LINK_LIBRARIES(example_code_2 ${OPENSSL_LIBRARIES}) 49 | ENDIF (SUPPORT_DTLS) 50 | 51 | IF (JOURNALD_FOUND) 52 | TARGET_LINK_LIBRARIES(test_everything ${JOURNALD_LIBRARIES}) 53 | TARGET_LINK_LIBRARIES(mtutest ${JOURNALD_LIBRARIES}) 54 | TARGET_LINK_LIBRARIES(example_code ${JOURNALD_LIBRARIES}) 55 | TARGET_LINK_LIBRARIES(example_code_2 ${JOURNALD_LIBRARIES}) 56 | ENDIF (JOURNALD_FOUND) 57 | 58 | ADD_TEST(example_2 example_code_2) 59 | IF (NOT DISABLE_UDP_CONNECT) 60 | ADD_TEST(mtutest mtutest) 61 | ENDIF (NOT DISABLE_UDP_CONNECT) -------------------------------------------------------------------------------- /cmake/modules/FindRedis.cmake: -------------------------------------------------------------------------------- 1 | 2 | # - Find Redis client db (hiredis from https://github.com/antirez/hiredis) 3 | # Find the hiredis includes and client library 4 | # This module defines 5 | # HIREDIS_INCLUDE_DIR, where to find hiredis/hiredis.h 6 | # HIREDIS_LIBRARIES, the libraries needed to use redis. 7 | # HIREDIS_FOUND, If false, do not try to use redis. 8 | # 9 | # Copyright (c) 2012, Lothar Braun, 10 | # 11 | 12 | # Add the redis include paths here 13 | IF (HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 14 | SET (HIREDIS_FOUND TRUE) 15 | ELSE(HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 16 | FIND_PATH(HIREDIS_INCLUDE_DIR hiredis/hiredis.h 17 | /usr/include/ 18 | /usr/include/hiredis 19 | /usr/local/include/ 20 | /usr/local/include/hiredis 21 | /opt/local/include/ 22 | /opt/local/include/hiredis 23 | ) 24 | 25 | FIND_LIBRARY(HIREDIS_LIBRARIES NAMES hiredis libhiredis 26 | PATHS 27 | /usr/lib 28 | /usr/local/lib 29 | /opt/local/lib 30 | ) 31 | 32 | IF(HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 33 | SET(HIREDIS_FOUND TRUE) 34 | MESSAGE(STATUS "Found hiredis: ${HIREDIS_INCLUDE_DIR}, ${HIREDIS_LIBRARIES}") 35 | INCLUDE_DIRECTORIES(${HIREDIS_INCLUDE_DIR}) 36 | ELSE(HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 37 | SET(HIREDIS_FOUND FALSE) 38 | MESSAGE(STATUS "hiredis client library not found.") 39 | ENDIF(HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 40 | 41 | MARK_AS_ADVANCED(HIREDIS_INCLUDE_DIR HIREDIS_LIBRARIES) 42 | ENDIF(HIREDIS_INCLUDE_DIR AND HIREDIS_LIBRARIES) 43 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewiseHashSha1.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonBytewiseHashSha1.h" 20 | 21 | AnonBytewiseHashSha1::AnonBytewiseHashSha1 () 22 | { 23 | fillTable (); 24 | } 25 | 26 | AnonBytewiseHashSha1::~AnonBytewiseHashSha1 () 27 | { 28 | } 29 | 30 | void AnonBytewiseHashSha1::fillTable () 31 | { 32 | unsigned char data; 33 | AnonHashSha1 hashobj; 34 | 35 | for (unsigned short i = 0; i<256; i++) { 36 | data = (unsigned char) i; 37 | bool anonymized = false; 38 | hashobj.anonymizeBuffer (&data, 1, anonymized); 39 | anonbytes [i] = data; 40 | 41 | } // for (unsigned short i = 0; i<256; i++) 42 | 43 | } 44 | 45 | -------------------------------------------------------------------------------- /src/modules/ipfix/aggregator/PacketAggregatorCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef PACKETAGGREGATORCFG_H_ 22 | #define PACKETAGGREGATORCFG_H_ 23 | 24 | #include "AggregatorBaseCfg.h" 25 | #include "PacketAggregator.h" 26 | 27 | class PacketAggregatorCfg 28 | : public CfgHelper, public AggregatorBaseCfg 29 | { 30 | public: 31 | PacketAggregatorCfg(XMLElement* elem); 32 | virtual ~PacketAggregatorCfg(); 33 | 34 | virtual PacketAggregatorCfg* create(XMLElement* elem); 35 | 36 | virtual PacketAggregator* createInstance(); 37 | 38 | bool deriveFrom(PacketAggregatorCfg* old); 39 | }; 40 | 41 | #endif /*PACKETAGGREGATORCFG_H_*/ 42 | -------------------------------------------------------------------------------- /src/common/anon/AnonHashHmacSha1.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #ifndef __ANON_HASH_HMAC_SHA1_H 20 | #define __ANON_HASH_HMAC_SHA1_H 21 | 22 | #include "AnonPrimitive.h" 23 | #include 24 | #include 25 | 26 | class AnonHashHmacSha1 : public AnonPrimitive { 27 | 28 | public: 29 | AnonHashHmacSha1(std::string hmackey); 30 | ~AnonHashHmacSha1(); 31 | 32 | protected: 33 | ANON_RESULT anonymize(void* buf, unsigned int len); 34 | 35 | private: 36 | 37 | char* key; 38 | unsigned short keylen; 39 | unsigned char digest [SHA1_DIGLEN]; 40 | }; 41 | 42 | 43 | #endif // __ANON_HASH_HMAC_SHA1_H 44 | 45 | -------------------------------------------------------------------------------- /src/modules/packet/filter/RegExFilter.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | 22 | #include "RegExFilter.h" 23 | 24 | 25 | inline bool RegExFilter::compare(char *pdata) 26 | { 27 | 28 | if (boost::regex_search(pdata, rexp)) { 29 | return true; 30 | } 31 | 32 | return false; 33 | 34 | } 35 | 36 | bool RegExFilter::processPacket(Packet* p) 37 | { 38 | const unsigned char* pdata; 39 | unsigned int payloadOffset; 40 | bool result; 41 | 42 | payloadOffset = p->payloadOffset; 43 | if( payloadOffset == 0) return false; 44 | pdata = p->data.netHeader + payloadOffset; 45 | 46 | if(pdata == NULL) return false; 47 | 48 | result = compare((char*)pdata); 49 | 50 | return result; 51 | 52 | } 53 | -------------------------------------------------------------------------------- /configs/anonymize/packet_anonym.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | nfe0 4 | ip 5 | 128 6 | 2 7 | 8 | 9 | 10 | 10 11 | 3 12 | 13 | 14 | 15 | 16 | 17 | 18 | sourceIPv4Address 19 | 20 | CryptoPan 21 | insert key here 22 | 23 | 24 | 25 | destinationIPv4Address 26 | 4 27 | 28 | CryptoPan 29 | insert key here 30 | 31 | 32 | 6 33 | 34 | 35 | 36 | 37 | 200 38 | 500 39 | 40 | 41 | 888 42 | 43 | sourceIPv4Address 44 | 45 | 46 | destinationIPv4Address 47 | 48 | 49 | 50 | 127.0.0.1 51 | 17 52 | 1500 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /src/tests/vermonttest/VermontTest.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "VermontTest.h" 4 | #include "AggregationPerfTest.h" 5 | #include "ReconfTest.h" 6 | #include "BloomFilterTest.h" 7 | #include "ConnectionFilterTest.h" 8 | #include "test_concentrator.h" 9 | #include "ConfigTester.h" 10 | 11 | #include "TestSuiteBase.h" 12 | 13 | 14 | 15 | int main(int argc, char* argv[]) 16 | { 17 | printf("Vermont Testsuite, testing ...\n"); 18 | 19 | bool perftest = false; 20 | int opt, option_index; 21 | const char *config_dir = nullptr; 22 | 23 | static const struct option long_opts[] = { 24 | { "config-dir", required_argument, NULL, 'c' }, 25 | { "perf", required_argument, NULL, 'p' }, 26 | { NULL, 0, NULL, 0} 27 | }; 28 | 29 | while ((opt = getopt_long(argc, argv, "pc:", long_opts, 30 | &option_index)) != EOF) { 31 | switch (opt) { 32 | case 'p': 33 | perftest = true; 34 | break; 35 | case 'c': 36 | config_dir = optarg; 37 | break; 38 | } 39 | } 40 | 41 | if (!config_dir) { 42 | ERROR("--config-dir is required"); 43 | } 44 | 45 | //msg_setlevel(LOG_INFO); 46 | 47 | TestSuite testSuite; 48 | 49 | testSuite.add(new ReconfTest()); 50 | testSuite.add(new AggregationPerfTest(!perftest)); 51 | testSuite.add(new ConcentratorTestSuite()); 52 | #ifdef HAVE_CONNECTION_FILTER 53 | testSuite.add(new BloomFilterTestSuite()); 54 | testSuite.add(new ConnectionFilterTestSuite()); 55 | #endif 56 | testSuite.add(new ConfigTester(config_dir)); 57 | 58 | testSuite.run(); 59 | 60 | return 0; 61 | } 62 | 63 | -------------------------------------------------------------------------------- /configs/mongo/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # handle cleanup 4 | trap cleanup 2 5 | 6 | cleanup() { 7 | echo "Caught Signal ... cleaning up." 8 | rm -rf /tmp/temp_out.$$ 9 | if [ -n "$XPPID" ]; then 10 | echo "shutting down exporter ..." 11 | kill $XPPID 12 | fi 13 | if [ -n "$WRPID" ]; then 14 | echo "shutting down writer ..." 15 | kill $WRPID 16 | fi 17 | if [ -n "$TPID" ]; then 18 | echo "shutting down log viewer ..." 19 | kill $TPID 20 | fi 21 | echo "Done cleanup ... quitting." 22 | exit 1 23 | } 24 | 25 | # Vars 26 | VMT='../../vermont' 27 | EXC='udpexp.xml' 28 | WRC='mongow.xml' 29 | 30 | print_output(){ 31 | # Show the output 32 | echo "" 33 | echo "" 34 | echo "OUTPUT:" 35 | echo "" 36 | echo "" 37 | tail -f /tmp/temp_out.$$ 38 | TPID=$(pidof tail) 39 | } 40 | 41 | # Tests 42 | test_writer() { 43 | echo "testing writer" 44 | $VMT -ddd -f $WRC >> /tmp/temp_out.$$ 2>&1 & 45 | WRPID=$(pidof -o $XPPID $VMT) 46 | sleep 3 47 | print_output 48 | } 49 | 50 | test_db() { 51 | echo "testing write to db" 52 | $VMT -ddd -f $EXC >> /tmp/temp_out.$$ 2>&1 & 53 | $VMT -ddd -f $WRC >> /tmp/temp_out.$$ 2>&1 & 54 | sleep 3 55 | print_output 56 | } 57 | 58 | # Run 59 | command=`basename $0` 60 | usage="Usage: $command -h [-t test]" 61 | 62 | while getopts ht: o; do 63 | case "$o" in 64 | h) echo $usage && exit 1;; 65 | t) testcase="$OPTARG";; 66 | esac 67 | done 68 | 69 | case $testcase in 70 | wr) test_writer;; 71 | db) test_db;; 72 | esac 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /src/tests/vermonttest/TestQueue.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Testsuite 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef TESTQUEUE_H_ 22 | #define TESTQUEUE_H_ 23 | 24 | 25 | #include "core/Destination.h" 26 | #include "common/ConcurrentQueue.h" 27 | 28 | 29 | template 30 | class TestQueue : public Destination 31 | { 32 | public: 33 | TestQueue() {} 34 | virtual ~TestQueue() {} 35 | 36 | bool pop(uint32_t timeout_ms, T* res) 37 | { 38 | return queue.pop(timeout_ms, res); 39 | } 40 | 41 | // inherited from Destination 42 | virtual void receive(T packet) 43 | { 44 | queue.push(packet); 45 | } 46 | 47 | private: 48 | ConcurrentQueue queue; 49 | }; 50 | 51 | #endif /*TESTQUEUE_H_*/ 52 | -------------------------------------------------------------------------------- /src/core/Module.cpp: -------------------------------------------------------------------------------- 1 | #include "Module.h" 2 | 3 | #include "common/VermontControl.h" 4 | 5 | #include 6 | 7 | Module::Module() 8 | : exitFlag(false), running(false) 9 | { 10 | } 11 | 12 | 13 | Module::~Module() 14 | { 15 | if (running) { 16 | THROWEXCEPTION("you must shutdown the module first before destroying it!"); 17 | } 18 | } 19 | 20 | void Module::start(bool fail_if_already_running) 21 | { 22 | if (running && fail_if_already_running) 23 | THROWEXCEPTION("module must not be in state 'running' when started"); 24 | 25 | if(running) { 26 | // Gerhard: call postReconfiguration here and not in Cfg::connectInstances 27 | postReconfiguration(); 28 | } else { 29 | performStart(); 30 | running = true; 31 | } 32 | exitFlag = false; 33 | } 34 | 35 | void Module::notifyShutdown(bool shutdownProperly) 36 | { 37 | this->shutdownProperly = shutdownProperly; 38 | exitFlag = true; 39 | } 40 | 41 | void Module::shutdown(bool fail_if_not_running, bool shutdownProperly) 42 | { 43 | if (!running && !fail_if_not_running) 44 | return; 45 | 46 | ASSERT(running, "module must be in state running when it is shut down"); 47 | 48 | notifyShutdown(shutdownProperly); 49 | performShutdown(); 50 | running = false; 51 | } 52 | 53 | bool Module::getExitFlag() const 54 | { 55 | return exitFlag; 56 | } 57 | 58 | bool Module::getShutdownProperly() const 59 | { 60 | return shutdownProperly; 61 | } 62 | 63 | void Module::shutdownVermont() 64 | { 65 | DPRINTF_INFO("initiating Vermont shutdown"); 66 | ::initiateShutdown(); 67 | } 68 | 69 | 70 | -------------------------------------------------------------------------------- /configs/anonymize/dbanon.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 10.159.5.10 4 | 3306 5 | test 6 | netadmin 7 | nastyAdm1n 8 | true 9 | false 10 | 2 11 | 12 | 13 | 14 | 1000 15 | 6 16 | 17 | 18 | 19 | 20 | 21 | sourceIPv4Address 22 | 23 | CryptoPan 24 | insert key here 25 | 26 | 27 | 28 | destinationIPv4Address 29 | 4 30 | 31 | CryptoPan 32 | insert key here 33 | 34 | 6 35 | 36 | 37 | 38 | 39 | 40 | 41 | mysql 42 | 10.159.5.10 43 | 3306 44 | test2 45 | netadmin 46 | nastyAdm1n 47 | 48 | dstIP 49 | srcIP 50 | srcPort 51 | dstPort 52 | proto 53 | dstTos 54 | bytes 55 | pkts 56 | exporterID 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /src/modules/analysis/RBSWormDetectorCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef RBSWORMDETECTORCFG_H_ 2 | #define RBSWORMDETECTORCFG_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include "modules/analysis/RBSWormDetector.h" 8 | 9 | #include 10 | #include 11 | 12 | using namespace std; 13 | 14 | 15 | class RBSWormDetectorCfg 16 | : public CfgHelper 17 | { 18 | public: 19 | friend class ConfigManager; 20 | 21 | virtual RBSWormDetectorCfg* create(XMLElement* e); 22 | virtual ~RBSWormDetectorCfg(); 23 | 24 | virtual RBSWormDetector* createInstance(); 25 | virtual bool deriveFrom(RBSWormDetectorCfg* old); 26 | 27 | protected: 28 | 29 | uint32_t hashBits; /**< amount of bits used for hashtable */ 30 | uint32_t timeExpirePending; // time in seconds until pending entries are expired 31 | uint32_t timeExpireWorm; // time in seconds until worm entries are expired 32 | uint32_t timeExpireBenign; // time in seconds until benign entries are expired 33 | uint32_t timeAdaptInterval; // time in seconds of interval when lambdas are being recalculated 34 | uint32_t timeCleanupInterval; // time in seconds of interval when hashtable with source hosts is cleaned up (rbsEntries) 35 | string analyzerId; /**< analyzer id for IDMEF messages */ 36 | string idmefTemplate; /**< template file for IDMEF messages */ 37 | float lambda_ratio; //**< expected connection ratio of good and bad hosts */ 38 | map subnets; 39 | RBSWormDetectorCfg(XMLElement*); 40 | }; 41 | 42 | 43 | #endif /*RBSWORMDETECTORCFG_H_*/ 44 | -------------------------------------------------------------------------------- /src/common/anon/AnonShuffle.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonShuffle.h" 20 | 21 | #include 22 | 23 | AnonShuffle::AnonShuffle () 24 | { 25 | } 26 | 27 | AnonShuffle::~AnonShuffle () 28 | { 29 | } 30 | 31 | AnonPrimitive::ANON_RESULT AnonShuffle::anonymize (void* buf, unsigned int len) 32 | { 33 | std::vector permvector; 34 | 35 | for (unsigned int i=0; i 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | #ifndef FPA_PACKET_GENERATOR_CFG_H_ 21 | #define FPA_PACKET_GENERATOR_CFG_H_ 22 | 23 | #include "core/Cfg.h" 24 | #include "FpaPacketGenerator.h" 25 | 26 | #include 27 | 28 | 29 | class FpaPacketGeneratorCfg 30 | : public CfgHelper 31 | { 32 | friend class ConfigManager; 33 | public: 34 | virtual ~FpaPacketGeneratorCfg(); 35 | 36 | virtual FpaPacketGeneratorCfg* create(XMLElement* elem); 37 | 38 | virtual FpaPacketGenerator* createInstance(); 39 | 40 | bool deriveFrom(FpaPacketGeneratorCfg* old); 41 | 42 | protected: 43 | FpaPacketGeneratorCfg(XMLElement* elem); 44 | }; 45 | 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /dev/roles/base/tasks/main.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Add ZMQ key 3 | apt_key: 4 | url: http://download.opensuse.org/repositories/network:/messaging:/zeromq:/release-stable/Debian_8.0/Release.key 5 | state: present 6 | 7 | - name: Add ZMQ ppa 8 | apt_repository: 9 | repo: deb http://download.opensuse.org/repositories/network:/messaging:/zeromq:/release-stable/Debian_8.0/ ./ 10 | state: present 11 | filename: 'mq' 12 | 13 | #- name: Add toolchain 14 | # apt_repository: repo='ppa:ubuntu-toolchain-r/test' 15 | 16 | - name: install dependencies 17 | apt: name={{item}} state=present install_recommends=no update_cache=yes 18 | with_items: 19 | - ntp 20 | - cmake 21 | - pkg-config 22 | - libboost-dev 23 | - libboost-filesystem-dev 24 | - libboost-regex-dev 25 | - libboost-test-dev 26 | - libboost-thread-dev 27 | - libxml2-dev 28 | - libpcap-dev 29 | - libsystemd-journal-dev 30 | - libsctp-dev 31 | - libssl-dev 32 | - libczmq-dev 33 | - g++ 34 | 35 | - name: remove build directory 36 | file: path='/vermont/build-vagrant/' state=absent 37 | 38 | - name: create build directory 39 | file: path='/vermont/build-vagrant' state=directory 40 | 41 | - name: cmake vermont 42 | command: "{{item}}" 43 | with_items: 44 | - cmake -DCMAKE_INSTALL_PREFIX=/tmp -DCMAKE_BUILD_TYPE=RelWithDebInfo -DSUPPORT_JOURNALD=ON -DSUPPORT_DTLS=ON -DSUPPORT_ZMQ=ON .. 45 | - make -k 46 | - make test 47 | - make install 48 | environment: 49 | CXX: g++ 50 | CC: gcc 51 | args: 52 | chdir: /vermont/build-vagrant/ 53 | -------------------------------------------------------------------------------- /src/common/anon/AnonBytewiseHashHmacSha1.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonBytewiseHashHmacSha1.h" 20 | 21 | AnonBytewiseHashHmacSha1::AnonBytewiseHashHmacSha1(std::string key) 22 | { 23 | fillTable (key); 24 | } 25 | 26 | AnonBytewiseHashHmacSha1::~AnonBytewiseHashHmacSha1 () 27 | { 28 | } 29 | 30 | void AnonBytewiseHashHmacSha1::fillTable (std::string hmackey) 31 | { 32 | unsigned char data; 33 | AnonHashHmacSha1 hashobj (hmackey); 34 | 35 | for (unsigned short i = 0; i<256; i++) { 36 | 37 | data = (unsigned char) i; 38 | bool anonymized = false; 39 | hashobj.anonymizeBuffer (&data, 1, anonymized); 40 | anonbytes[i] = data; 41 | 42 | } // for (unsigned short i = 0; i<256; i++) 43 | } 44 | 45 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixPrinterCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef IPFIXPRINTERCFG_H_ 22 | #define IPFIXPRINTERCFG_H_ 23 | 24 | #include "core/Cfg.h" 25 | #include "modules/ipfix/IpfixPrinter.hpp" 26 | 27 | class IpfixPrinterCfg 28 | : public CfgHelper 29 | { 30 | public: 31 | friend class ConfigManager; 32 | 33 | virtual ~IpfixPrinterCfg(); 34 | 35 | virtual IpfixPrinterCfg* create(XMLElement* e); 36 | 37 | virtual IpfixPrinter* createInstance(); 38 | 39 | virtual bool deriveFrom(IpfixPrinterCfg* old); 40 | 41 | protected: 42 | IpfixPrinterCfg(XMLElement*); 43 | 44 | private: 45 | IpfixPrinter::OutputType outputType; 46 | string filename; 47 | 48 | }; 49 | 50 | #endif /*IPFIXPRINTERCFG_H_*/ 51 | -------------------------------------------------------------------------------- /src/modules/packet/PCAPExporterBase.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont PCAP Exporter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _PCAP_EXPORTER_LIB_H_ 22 | #define _PCAP_EXPORTER_LIB_H_ 23 | 24 | #include "core/Module.h" 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | class Packet; 32 | 33 | class PCAPExporterBase 34 | { 35 | //friend class PCAPCExporterFile; 36 | //friend class PCAPCExporterFifo; 37 | 38 | public: 39 | PCAPExporterBase(); 40 | ~PCAPExporterBase(); 41 | 42 | void writePCAP(Packet* packet); 43 | 44 | void setDataLinkType(int type); 45 | void setSnaplen(int len); 46 | protected: 47 | static void* pcapExporterSink(void* data); 48 | int link_type; 49 | int snaplen; 50 | pcap_dumper_t* dumper; 51 | 52 | 53 | }; 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /src/modules/AnonymizerCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _RECORD_ANONYMIZER_CFG_H_ 22 | #define _RECORD_ANONYMIZER_CFG_H_ 23 | 24 | #include 25 | 26 | #include 27 | 28 | class AnonymizerCfg 29 | : public CfgHelper 30 | { 31 | public: 32 | friend class ConfigManager; 33 | 34 | virtual AnonymizerCfg* create(XMLElement* e); 35 | 36 | virtual ~AnonymizerCfg(); 37 | 38 | virtual IpfixRecordAnonymizer* createInstance(); 39 | 40 | virtual bool deriveFrom(AnonymizerCfg* old); 41 | 42 | static void initInstance(CfgBase* c, AnonModule* module, XMLNode::XMLSet set); 43 | 44 | protected: 45 | AnonymizerCfg(XMLElement*); 46 | }; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /src/modules/analysis/Host.h: -------------------------------------------------------------------------------- 1 | /* 2 | * VERMONT 3 | * Copyright (C) 2012 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef _HOST_H_ 21 | #define _HOST_H_ 22 | 23 | #include "modules/ipfix/Connection.h" 24 | #include "common/ManagedInstance.h" 25 | 26 | class Host : public ManagedInstance { 27 | public: 28 | Host(InstanceManager* im); 29 | ~Host(); 30 | void setIP(uint32_t address) { ip = address; } 31 | 32 | void addConnection(Connection* c); 33 | 34 | uint32_t ip; 35 | 36 | uint32_t answeredFlows; 37 | uint32_t unansweredFlows; 38 | 39 | uint64_t sentBytes; 40 | uint64_t sentPackets; 41 | uint64_t recBytes; 42 | uint64_t recPackets; 43 | 44 | uint64_t recHighPorts; 45 | uint64_t sentHighPorts; 46 | uint64_t recLowPorts; 47 | uint64_t sentLowPorts; 48 | 49 | uint64_t lastSeen; 50 | }; 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixSamplerCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef IPFIXSAMPLERCFG_H_ 22 | #define IPFIXSAMPLERCFG_H_ 23 | 24 | #include 25 | #include 26 | 27 | #include "modules/ipfix/IpfixSampler.h" 28 | 29 | #include 30 | 31 | using namespace std; 32 | 33 | 34 | class IpfixSamplerCfg 35 | : public CfgHelper 36 | { 37 | public: 38 | friend class ConfigManager; 39 | 40 | virtual IpfixSamplerCfg* create(XMLElement* e); 41 | virtual ~IpfixSamplerCfg(); 42 | 43 | virtual IpfixSampler* createInstance(); 44 | virtual bool deriveFrom(IpfixSamplerCfg* old); 45 | 46 | protected: 47 | 48 | double flowRate; 49 | 50 | IpfixSamplerCfg(XMLElement*); 51 | }; 52 | 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/modules/packet/PacketReportingCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef REPORTEDIECFG_H_ 22 | #define REPORTEDIECFG_H_ 23 | 24 | #include "core/Cfg.h" 25 | 26 | #include 27 | 28 | // forward declaration 29 | class InfoElementCfg; 30 | class Template; 31 | 32 | class PacketReportingCfg 33 | : public CfgBase 34 | { 35 | public: 36 | PacketReportingCfg(XMLElement* elem); 37 | ~PacketReportingCfg(); 38 | 39 | Template* getTemplate(); 40 | 41 | uint16_t getRecordLength(); 42 | 43 | uint16_t getRecordsVariableLen(); 44 | 45 | private: 46 | uint16_t recordVLFields; 47 | uint16_t recordLength; 48 | 49 | unsigned templateId; 50 | std::vector exportedFields; 51 | Template* t; 52 | }; 53 | 54 | #endif /*REPORTEDIECFG_H_*/ 55 | -------------------------------------------------------------------------------- /src/modules/analysis/FlowLenAnalyzerCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | VERMONT 3 | * Copyright (C) 2012 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef _FLOWLENALYZER_CFG_H_ 21 | #define _FLOWLENALYZER_CFG_H_ 22 | 23 | #include 24 | #include 25 | 26 | #include "FlowLenAnalyzer.h" 27 | 28 | class FlowLenAnalyzerCfg 29 | : public CfgHelper 30 | { 31 | public: 32 | friend class ConfigManager; 33 | 34 | virtual FlowLenAnalyzerCfg* create(XMLElement* e); 35 | virtual ~FlowLenAnalyzerCfg(); 36 | 37 | virtual FlowLenAnalyzer* createInstance(); 38 | virtual bool deriveFrom(FlowLenAnalyzerCfg* old); 39 | 40 | protected: 41 | std::string flowFilename; 42 | std::string binFilename; 43 | std::vector bins; 44 | 45 | FlowLenAnalyzerCfg(XMLElement*); 46 | }; 47 | 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/modules/packet/filter/SystematicSampler.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * PSAMP Reference Implementation 3 | * 4 | * SystematicSampler.cpp 5 | * 6 | * Implementation of systematic sampler 7 | * 8 | * Author: Michael Drueing 9 | * 10 | */ 11 | 12 | #include "SystematicSampler.h" 13 | 14 | #include 15 | 16 | bool SystematicSampler::processPacket(Packet *p) 17 | { 18 | struct timeval elapsed; 19 | unsigned long msecs; 20 | 21 | packetCount++; 22 | 23 | switch(samplingType) { 24 | case SYSTEMATIC_SAMPLER_TIME_BASED: 25 | // calculate time elapsed since start of sampling 26 | timersub(&p->timestamp, &this->startTime, &elapsed); 27 | 28 | // calculate number of milliseconds 29 | msecs = (elapsed.tv_sec * 1000) + (elapsed.tv_usec / 1000); 30 | 31 | // normalize to interval borders and check if it's <= onTime 32 | return ((msecs % interval) < samplingOnTime); 33 | break; 34 | 35 | case SYSTEMATIC_SAMPLER_COUNT_BASED: 36 | return ((packetCount % interval) < samplingOnTime); 37 | break; 38 | } 39 | 40 | return 0; 41 | } 42 | 43 | std::string SystematicSampler::getStatisticsXML(double interval) 44 | { 45 | ostringstream oss; 46 | 47 | oss << ""; 51 | break; 52 | case SYSTEMATIC_SAMPLER_COUNT_BASED: 53 | oss << "countBased\">"; 54 | break; 55 | } 56 | 57 | oss << "" << samplingOnTime << ""; 58 | oss << "" << this->interval << ""; 59 | oss << ""; 60 | return oss.str(); 61 | } 62 | 63 | -------------------------------------------------------------------------------- /src/modules/ipfix/FpaPcapExporterCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * FPA PCAP Exporter 3 | * Copyright (C) 2009 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | #ifndef FPA_PCAP_EXPORTER_CFG_H_ 21 | #define FPA_PCAP_EXPORTER_CFG_H_ 22 | 23 | #include "core/Cfg.h" 24 | #include "FpaPcapExporter.h" 25 | 26 | #include 27 | 28 | 29 | class FpaPcapExporterCfg 30 | : public CfgHelper 31 | { 32 | friend class ConfigManager; 33 | public: 34 | virtual ~FpaPcapExporterCfg(); 35 | 36 | virtual FpaPcapExporterCfg* create(XMLElement* elem); 37 | 38 | virtual FpaPcapExporter* createInstance(); 39 | 40 | bool deriveFrom(FpaPcapExporterCfg* old); 41 | 42 | protected: 43 | FpaPcapExporterCfg(XMLElement* elem); 44 | 45 | private: 46 | std::string fileName; 47 | int link_type; 48 | int snaplen; 49 | }; 50 | 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /src/modules/ipfix/aggregator/IpfixAggregatorCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef FLOWMETERINGCFG_H_ 22 | #define FLOWMETERINGCFG_H_ 23 | 24 | #include "AggregatorBaseCfg.h" 25 | #include "core/Cfg.h" 26 | #include "modules/ipfix/aggregator/IpfixAggregator.hpp" 27 | 28 | class IpfixAggregatorCfg 29 | : public CfgHelper, public AggregatorBaseCfg 30 | { 31 | public: 32 | friend class ConfigManager; 33 | 34 | virtual ~IpfixAggregatorCfg(); 35 | 36 | virtual IpfixAggregatorCfg* create(XMLElement* elem); 37 | 38 | virtual IpfixAggregator* createInstance(); 39 | 40 | bool deriveFrom(IpfixAggregatorCfg* old); 41 | 42 | 43 | protected: 44 | IpfixAggregatorCfg(XMLElement* elem); 45 | 46 | }; 47 | 48 | #endif /*FLOWMETERINGCFG_H_*/ 49 | -------------------------------------------------------------------------------- /src/common/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # VERMONT build scripts for CMake 3 | # Copyright (C) 2007 Christoph Sommer 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | # 19 | 20 | ADD_LIBRARY(common 21 | CountingSemaphore.cpp 22 | SignalHandler.cpp 23 | SignalInterface.h 24 | msg.cc 25 | Sensor.cpp 26 | VermontControl.cpp 27 | Misc.cpp 28 | bloom/BloomFilter.cpp 29 | bloom/AgeBloomFilter.cpp 30 | bloom/CountBloomFilter.cpp 31 | cryptopan/panonymizer.cpp 32 | cryptopan/rijndael.cpp 33 | hmacsha1/sha1.cpp 34 | hmacsha1/sha1_hmac.cpp 35 | openssl/OpenSSL.cpp 36 | openssl/SSLCTXWrapper.cpp 37 | ) 38 | 39 | # Copied library and just way too many abuses of this to fix 40 | set_source_files_properties(cryptopan/rijndael.cpp PROPERTIES COMPILE_FLAGS -Wno-strict-aliasing) 41 | 42 | add_cppcheck(common STYLE POSSIBLE_ERROR) 43 | 44 | SUBDIRS( 45 | anon 46 | ipfixlolib 47 | ) 48 | 49 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixNetflowExporterCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Netflow Exporter 3 | * Copyright (C) 2010 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | #ifndef IPFIXNETFLOWEXPORTERCFG_H_ 21 | #define IPFIXNETFLOWEXPORTERCFG_H_ 22 | 23 | #include "core/Cfg.h" 24 | #include "IpfixNetflowExporter.h" 25 | 26 | class IpfixNetflowExporterCfg 27 | : public CfgHelper 28 | { 29 | public: 30 | friend class ConfigManager; 31 | 32 | virtual ~IpfixNetflowExporterCfg(); 33 | 34 | virtual IpfixNetflowExporterCfg* create(XMLElement* e); 35 | 36 | virtual IpfixNetflowExporter* createInstance(); 37 | 38 | virtual bool deriveFrom(IpfixNetflowExporterCfg* old); 39 | 40 | protected: 41 | IpfixNetflowExporterCfg(XMLElement*); 42 | 43 | private: 44 | string destHost; 45 | uint16_t destPort; 46 | uint32_t maxRecordRate; 47 | }; 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixRawdirWriter.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Concentrator Module Library 3 | * Copyright (C) 2004 Christoph Sommer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifdef IPFIXLOLIB_RAWDIR_SUPPORT 22 | 23 | #ifndef _IPFIX_RAWDIR_WRITER_H_ 24 | #define _IPFIX_RAWDIR_WRITER_H_ 25 | 26 | #include "common/ipfixlolib/ipfixlolib.h" 27 | #include "modules/ipfix/IpfixSender.hpp" 28 | #include 29 | 30 | /** 31 | * IPFIX Exporter interface that exports raw packets as a series of files in a directory 32 | */ 33 | class IpfixRawdirWriter : public IpfixSender 34 | { 35 | public: 36 | IpfixRawdirWriter(uint32_t observationDomainId, std::string packetDirectoryName = ""); 37 | ~IpfixRawdirWriter(); 38 | 39 | int addCollector(std::string packetDirectoryName); 40 | }; 41 | 42 | #endif 43 | 44 | #endif //IPFIXLOLIB_RAWDIR_SUPPORT 45 | -------------------------------------------------------------------------------- /src/tests/vermonttest/AggregationPerfTest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Testsuite 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #if !defined(AGGREGATIONPERFTEST_H) 22 | #define AGGREGATIONPERFTEST_H 23 | 24 | #include "modules/ipfix/aggregator/IpfixAggregator.hpp" 25 | #include "core/InstanceManager.h" 26 | 27 | #include "TestSuiteBase.h" 28 | 29 | class AggregationPerfTest : public Test 30 | { 31 | public: 32 | AggregationPerfTest(bool fast); 33 | ~AggregationPerfTest(); 34 | 35 | virtual TestResult execTest(); 36 | private: 37 | static InstanceManager packetManager; 38 | 39 | Rule::Field* createRuleField(const std::string& typeId); 40 | Rules* createRules(); 41 | void sendPacketsTo(Destination* dest, uint32_t numpackets); 42 | 43 | int numPackets; 44 | }; 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /src/common/ipfixlolib/ipfix_names.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX structs and lookup functions 3 | * Copyright (C) 2014 Oliver Gasser 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef IPFIX_NAMES_H 22 | #define IPFIX_NAMES_H 23 | 24 | #include 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | 31 | struct ipfix_identifier { 32 | uint16_t id; 33 | uint16_t length; 34 | uint32_t pen; // enterprise type-id 35 | char *name; 36 | uint16_t type; // IPFIX data type 37 | }; 38 | 39 | struct ipfix_semantic { 40 | uint8_t id; 41 | char *name; 42 | }; 43 | 44 | int ipfix_id_rangecheck(int id); 45 | const struct ipfix_identifier* ipfix_id_lookup(uint16_t id, uint32_t pen); 46 | const struct ipfix_identifier* ipfix_name_lookup(const char *name); 47 | const uint8_t* ipfix_semantic_lookup(const char *name); 48 | 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /configs/psamp-export.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | eth1 4 | ip 5 | 500 6 | 2 7 | 8 | 9 | 10 | 10 11 | 3 12 | 13 | 14 | 15 | 16 | 1500 17 | 500 18 | 19 | 20 | 888 21 | 22 | sourceIPv4Address 23 | 24 | 25 | destinationIPv4Address 26 | 27 | 28 | protocolIdentifier 29 | 30 | 31 | sourceTransportPort 32 | 33 | 34 | destinationTransportPort 35 | 36 | 37 | observationTimeMilliSeconds 38 | 39 | 40 | ippayloadpacketsection 41 | 20 42 | 43 | 44 | frontPayload 45 | 2003828736 46 | 65535 47 | 48 | 49 | 50 | 127.0.0.1 51 | 17 52 | 1500 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /src/osdep/linux/ThreadCPUInterface.h: -------------------------------------------------------------------------------- 1 | #ifndef THREADCPUINTERFACE_H_ 2 | #define THREADCPUINTERFACE_H_ 3 | 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | class ThreadCPUInterface 10 | { 11 | public: 12 | #if defined(__linux__) 13 | struct JiffyTime { 14 | pid_t pid; 15 | pid_t tid; 16 | uint32_t sysJiffies; 17 | uint32_t userJiffies; 18 | uint64_t volCtxtSwitches; /**< voluntary context switches, only available with Linux CFS kernel */ 19 | uint64_t nonvolCtxtSwitches; /**< non-voluntary context switches, only available with Linux CFS kernel */ 20 | time_t lastAccess; 21 | /** 22 | * threads are marked as active when they are registered. Inactive 23 | * threads are not polled for new sensor data. This variable purely exists to 24 | * retain thread data during Vermont shutdown. 25 | */ 26 | bool active; 27 | }; 28 | 29 | 30 | struct SystemInfo 31 | { 32 | uint16_t noCPUs; 33 | std::vector userJiffies; 34 | std::vector sysJiffies; 35 | uint64_t totalMemory; // in bytes 36 | uint64_t freeMemory; // in bytes 37 | }; 38 | 39 | static JiffyTime getJiffies(pid_t pid, pid_t tid); 40 | static JiffyTime getThreadJiffies(pid_t tid); 41 | static JiffyTime getProcessJiffies(pid_t pid); 42 | static JiffyTime extractJiffies(char* statfile, char* schedfile); 43 | static SystemInfo getSystemInfo(); 44 | 45 | static unsigned long long getHertzValue(); 46 | #else 47 | struct SystemInfo 48 | { 49 | }; 50 | #endif // __linux__ 51 | 52 | private: 53 | ThreadCPUInterface(); 54 | virtual ~ThreadCPUInterface(); 55 | }; 56 | 57 | #endif /*THREADCPUINTERFACE_H_*/ 58 | -------------------------------------------------------------------------------- /src/core/Notifiable.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef NOTIFIABLE_H_ 22 | #define NOTIFIABLE_H_ 23 | 24 | // forward declaration 25 | class Timer; 26 | 27 | /** 28 | * to be implemented by modules which need to be triggered after a timeout 29 | * trigger is always a module which implements interface Timer 30 | */ 31 | class Notifiable 32 | { 33 | public: 34 | Notifiable() : timer(0) {} 35 | virtual ~Notifiable() {} 36 | 37 | /** 38 | * function is called after the specified timeout in function 39 | * Timer::addTimeout 40 | * @param flag flag which was passed to Timer::addTimeout 41 | */ 42 | virtual void onTimeout(void* dataPtr) = 0; 43 | 44 | inline void useTimer(Timer* t) { timer = t; } 45 | 46 | protected: 47 | Timer* timer; 48 | }; 49 | 50 | #endif /*NOTIFIABLE_H_*/ 51 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixSampler.h: -------------------------------------------------------------------------------- 1 | /* 2 | * VERMONT 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #if !defined(IPFIXSAMPLER_H) 21 | #define IPFIXSAMPLER_H 22 | 23 | #include "IpfixRecordDestination.h" 24 | #include "Connection.h" 25 | #include "core/Source.h" 26 | 27 | #include 28 | #include 29 | 30 | using namespace std; 31 | 32 | class IpfixSampler 33 | : public Module, 34 | public IpfixRecordDestination, 35 | public Source 36 | { 37 | public: 38 | IpfixSampler(double flowrate); 39 | virtual ~IpfixSampler(); 40 | 41 | virtual void onDataRecord(IpfixDataRecord* record); 42 | 43 | private: 44 | double flowRate; 45 | uint64_t counter; 46 | uint64_t modulo; 47 | uint64_t statDropped; 48 | uint64_t statTotalDropped; 49 | 50 | virtual string getStatisticsXML(double interval); 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/core/ThreadSafeAdapter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont 3 | * Copyright (C) 2007 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef THREADSAFEADAPTER_H_ 22 | #define THREADSAFEADAPTER_H_ 23 | 24 | #include "Adapter.h" 25 | 26 | #include "common/Mutex.h" 27 | 28 | 29 | /** 30 | * extension of Adapter module: 31 | * this adapter cares for thread safe forwarding of elements, but still 32 | * puts calls through synchronously 33 | */ 34 | template 35 | class ThreadSafeAdapter : public Adapter 36 | { 37 | public: 38 | ThreadSafeAdapter() 39 | { 40 | } 41 | 42 | virtual ~ThreadSafeAdapter() 43 | { 44 | } 45 | 46 | // inherited from Destination 47 | virtual void receive(T element) 48 | { 49 | mutex.lock(); 50 | send(element); 51 | mutex.unlock(); 52 | } 53 | 54 | protected: 55 | Mutex mutex; 56 | }; 57 | 58 | #endif /*THREADSAFEADAPTER_H_*/ 59 | -------------------------------------------------------------------------------- /src/modules/packet/filter/PacketProcessor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | /* 22 | * PSAMP Reference Implementation 23 | * 24 | * PacketProcessor.h 25 | * 26 | * Base class for a packet processor (filter/sampler) 27 | * 28 | * Author: Michael Drueing 29 | * 30 | */ 31 | 32 | #ifndef PACKET_PROCESSOR_H 33 | #define PACKET_PROCESSOR_H 34 | 35 | #include "modules/packet/Packet.h" 36 | 37 | #include 38 | 39 | class PacketProcessor 40 | { 41 | public: 42 | /* 43 | processPacket(Packet *) 44 | processes a packet and returns true if the packet passes the 45 | filter/sampler and false if it should be dropped 46 | */ 47 | virtual bool processPacket(Packet *p) = 0; 48 | 49 | virtual ~PacketProcessor() { }; 50 | 51 | virtual std::string getStatisticsXML(double interval) { return ""; } 52 | }; 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/modules/packet/filter/FilterModule.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef FILTERMODULE_H 22 | #define FILTERMODULE_H 23 | 24 | /** 25 | @author Peter Baumann 26 | */ 27 | 28 | 29 | #include "core/Module.h" 30 | #include "core/Destination.h" 31 | #include "core/Source.h" 32 | #include "modules/packet/filter/PacketProcessor.h" 33 | 34 | class FilterModule 35 | : public Module, public Source, public Destination 36 | { 37 | public: 38 | FilterModule(); 39 | virtual ~FilterModule(); 40 | 41 | virtual void receive(Packet *); 42 | 43 | void addProcessor(PacketProcessor *p); 44 | std::vector getProcessors(); 45 | 46 | bool hasReceiver(); 47 | virtual std::string getStatisticsXML(double interval); 48 | 49 | private: 50 | std::vector processors; 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/modules/packet/filter/StateConnectionFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Connection Filter 3 | * Copyright (C) 2008 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _STATE_CONNECTION_FILTER_H_ 22 | #define _STATE_CONNECTION_FILTER_H_ 23 | 24 | #include 25 | #include 26 | 27 | #include 28 | #include 29 | 30 | class MemStatistics; 31 | 32 | class StateConnectionFilter : public PacketProcessor { 33 | public: 34 | StateConnectionFilter(unsigned timeout, unsigned bytes); 35 | ~StateConnectionFilter(); 36 | 37 | bool processPacket(Packet* p, bool connFilterResult); 38 | virtual bool processPacket(Packet* p); 39 | 40 | void setExportControlPackets(bool e) { exportControlPackets = e; } 41 | protected: 42 | unsigned timeout; 43 | unsigned exportBytes; 44 | std::map exportList; 45 | bool exportControlPackets; 46 | }; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /configs/flowinspector/flowinspector_exporter.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | en0 4 | ip 5 | 2 6 | 7 | 8 | 9 | 1000 10 | 6 11 | 12 | 13 | 14 | 15 | 998 16 | 17 | sourceIPv4Address 18 | 19 | 20 | destinationIPv4Address 21 | 22 | 23 | protocolIdentifier 24 | 25 | 26 | sourceTransportPort 27 | 28 | 29 | destinationTransportPort 30 | 31 | 32 | flowStartSeconds 33 | 34 | 35 | flowEndSeconds 36 | 37 | 38 | octetDeltaCount 39 | 40 | 41 | packetDeltaCount 42 | 43 | 44 | 45 | 300 46 | 600 47 | 48 | 1000 49 | 7 50 | 51 | 52 | 53 | 54 | 1000 55 | 9 56 | 57 | 58 | 59 | 60 | 61 | 127.0.0.1 62 | entry:queue 63 | 64 | 65 | -------------------------------------------------------------------------------- /src/common/anon/AnonPrimitive.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonPrimitive.h" 20 | 21 | AnonPrimitive::AnonPrimitive () 22 | : next (NULL) 23 | { 24 | } 25 | 26 | AnonPrimitive* AnonPrimitive::getNext () 27 | { 28 | return next; 29 | } 30 | 31 | unsigned int AnonPrimitive::anonymizeBuffer (void* buf, unsigned int len, bool& anonymized, int *cont) 32 | { 33 | ANON_RESULT myres = anonymize (buf, len); 34 | ANON_RESULT nextres = myres; 35 | if (cont != NULL) { 36 | if (myres.cont) 37 | *cont = 1; 38 | else 39 | *cont = 0; 40 | } 41 | 42 | if (!myres.cont) anonymized = true; 43 | 44 | if (myres.cont && next != NULL) 45 | nextres = next->anonymizeBuffer(buf, myres.newlength, anonymized); 46 | 47 | return std::min(myres.newlength, nextres.newlength); 48 | } 49 | 50 | -------------------------------------------------------------------------------- /src/common/anon/AnonCryptoPan.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2008 Institut fuer Telematik, Universitaet Karlsruhe (TH) 3 | // 4 | // This program is free software; you can redistribute it and/or 5 | // modify it under the terms of the GNU General Public License 6 | // as published by the Free Software Foundation; either version 2 7 | // of the License, or (at your option) any later version. 8 | // 9 | // This program is distributed in the hope that it will be useful, 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | // GNU General Public License for more details. 13 | // 14 | // You should have received a copy of the GNU General Public License 15 | // along with this program; if not, write to the Free Software 16 | // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 | // 18 | 19 | #include "AnonCryptoPan.h" 20 | 21 | #include "common/msg.h" 22 | 23 | #include 24 | 25 | /** 26 | * expects a fully filled 32 byte key buffer 27 | */ 28 | AnonCryptoPan::AnonCryptoPan (char* _key) 29 | : cryptopan ((const UINT8*)_key) 30 | { 31 | } 32 | 33 | AnonCryptoPan::~AnonCryptoPan () 34 | { 35 | } 36 | 37 | AnonPrimitive::ANON_RESULT AnonCryptoPan::anonymize(void* buf, unsigned int len) 38 | { 39 | // IPv4 addresses are usually 4 bytes long, but Vermont internally handles 5 bytes with 1 byte ip mask 40 | assert ((len=sizeof(UINT32)) || (len == 5)); 41 | UINT32 orig = 0; 42 | memcpy (&orig, buf, sizeof (UINT32)); 43 | orig = cryptopan.anonymize (orig); 44 | memcpy (buf, &orig, sizeof (UINT32)); 45 | 46 | return ANON_RESULT (len); 47 | } 48 | 49 | 50 | -------------------------------------------------------------------------------- /src/modules/ipfix/NetflowV9ConverterCfg.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * NetflowV9 to IPFIX Converter Module 3 | * Copyright (C) 2009 Gerhard Muenz 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _NETFLOWV9CONVERTERCFG_H_ 22 | #define _NETFLOWV9CONVERTERCFG_H_ 23 | 24 | #include 25 | #include 26 | 27 | #include "modules/ipfix/NetflowV9Converter.hpp" 28 | 29 | #include 30 | 31 | using namespace std; 32 | 33 | 34 | class NetflowV9ConverterCfg 35 | : public CfgHelper 36 | { 37 | public: 38 | friend class ConfigManager; 39 | 40 | virtual NetflowV9ConverterCfg* create(XMLElement* e); 41 | virtual ~NetflowV9ConverterCfg(); 42 | 43 | virtual NetflowV9Converter* createInstance(); 44 | virtual bool deriveFrom(NetflowV9ConverterCfg* old); 45 | 46 | protected: 47 | 48 | bool copyMode; 49 | bool keepFlowSysUpTime; 50 | 51 | NetflowV9ConverterCfg(XMLElement*); 52 | }; 53 | 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /src/modules/ipfix/aggregator/AggregatorBaseCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef AGGREGATORBASECFG_H_ 22 | #define AGGREGATORBASECFG_H_ 23 | 24 | #include "core/Cfg.h" 25 | #include "modules/ipfix/aggregator/Rule.hpp" 26 | 27 | // forward declarations 28 | class Rule; 29 | class Rules; 30 | 31 | class AggregatorBaseCfg 32 | : private CfgBase 33 | { 34 | public: 35 | AggregatorBaseCfg(XMLElement* elem); 36 | virtual ~AggregatorBaseCfg(); 37 | bool equalTo(AggregatorBaseCfg *other); 38 | 39 | protected: 40 | Rule* readRule(XMLElement* elem); 41 | 42 | static Rule::Field* readFlowKeyRule(XMLElement* e); 43 | static Rule::Field* readNonFlowKeyRule(XMLElement* e); 44 | 45 | unsigned activeTimeout; 46 | unsigned inactiveTimeout; 47 | unsigned pollInterval; 48 | uint8_t htableBits; 49 | 50 | Rules* rules; 51 | }; 52 | 53 | #endif /*AGGREGATORBASECFG_H_*/ 54 | -------------------------------------------------------------------------------- /src/modules/packet/PCAPExporterFileCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef PCAPEXPORTERFILECFG_H_ 22 | #define PCAPEXPORTERFILECFG_H_ 23 | 24 | #include "core/Cfg.h" 25 | #include "modules/packet/PCAPExporterFile.h" 26 | #include "modules/packet/PCAPExporterBase.h" 27 | 28 | #include 29 | 30 | 31 | class PCAPExporterFileCfg 32 | : public CfgHelper 33 | { 34 | friend class ConfigManager; 35 | public: 36 | virtual ~PCAPExporterFileCfg(); 37 | 38 | virtual PCAPExporterFileCfg* create(XMLElement* elem); 39 | 40 | virtual PCAPExporterFile* createInstance(); 41 | 42 | bool deriveFrom(PCAPExporterFileCfg* old); 43 | 44 | protected: 45 | PCAPExporterFileCfg(XMLElement* elem); 46 | 47 | private: 48 | std::string fileName; 49 | int link_type; 50 | int snaplen; 51 | }; 52 | 53 | 54 | #endif /*PCAP_EXPORTERFILECFG_H_*/ 55 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixReceiverFileCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Configuration Subsystem 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef IPFIXRECEIVERFILECFG_H_ 22 | #define IPFIXRECEIVERFILECFG_H_ 23 | 24 | #include "core/Cfg.h" 25 | #include 26 | #include 27 | 28 | class IpfixReceiverFileCfg 29 | : public CfgHelper 30 | { 31 | public: 32 | IpfixReceiverFileCfg(XMLElement* elem); 33 | virtual ~IpfixReceiverFileCfg(); 34 | 35 | virtual IpfixReceiverFileCfg* create(XMLElement* elem); 36 | 37 | virtual IpfixCollector* createInstance(); 38 | 39 | bool deriveFrom(IpfixReceiverFileCfg* old); 40 | 41 | private: 42 | std::string packetFileBasename; 43 | std::string packetFileDirectory; 44 | int c_from; 45 | int c_to; 46 | bool ignore; 47 | float offlinespeed; 48 | }; 49 | 50 | #endif /*IPFIXRECEIVERFILECFG_H_*/ 51 | -------------------------------------------------------------------------------- /src/modules/packet/PCAPExporterBase.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont PCAP Exporter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #include "PCAPExporterBase.h" 22 | 23 | #include "modules/packet/Packet.h" 24 | 25 | PCAPExporterBase::PCAPExporterBase() 26 | : link_type(0), snaplen(PCAP_MAX_CAPTURE_LENGTH), dumper(NULL) 27 | { 28 | } 29 | 30 | PCAPExporterBase::~PCAPExporterBase() 31 | { 32 | } 33 | 34 | void PCAPExporterBase::setDataLinkType(int type) 35 | { 36 | link_type = type; 37 | } 38 | 39 | void PCAPExporterBase::setSnaplen(int len) 40 | { 41 | snaplen = len; 42 | } 43 | 44 | void PCAPExporterBase::writePCAP(Packet* packet) 45 | { 46 | static struct pcap_pkthdr packetHeader; 47 | packetHeader.ts = packet->timestamp; 48 | packetHeader.caplen = packet->data_length; 49 | packetHeader.len = packet->pcapPacketLength; 50 | pcap_dump((unsigned char*)dumper, &packetHeader, packet->layer2Start); 51 | packet->removeReference(); 52 | } 53 | 54 | -------------------------------------------------------------------------------- /src/modules/packet/filter/StringFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | /** @file 22 | * Filter a packet by checking if it is containing a predefined string 23 | */ 24 | 25 | #ifndef STRINGFILTER_H 26 | #define STRINGFILTER_H 27 | 28 | #include 29 | #include 30 | #include "common/msg.h" 31 | #include "PacketProcessor.h" 32 | 33 | 34 | 35 | class StringFilter : public PacketProcessor 36 | { 37 | public: 38 | StringFilter(); 39 | virtual ~StringFilter(); 40 | 41 | static std::string hexparser(const std::string input); 42 | virtual bool processPacket (Packet * p); 43 | void addandFilter(std::string string); 44 | void addnotFilter(std::string string); 45 | 46 | protected: 47 | std::vector andFilters; 48 | std::vector notFilters; 49 | 50 | bool compare (unsigned char *data, std::string toMatch, unsigned int plength); 51 | }; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/modules/analysis/FrontPayloadSigMatcherCfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * VERMONT 3 | * Copyright (C) 2009 Tobias Limmer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef FRONTPAYLOADSIGMATCHERCFG_H_ 21 | #define FRONTPAYLOADSIGMATCHERCFG_H_ 22 | 23 | #include 24 | #include 25 | 26 | #include "modules/analysis/FrontPayloadSigMatcher.h" 27 | 28 | #include 29 | 30 | using namespace std; 31 | 32 | 33 | class FrontPayloadSigMatcherCfg 34 | : public CfgHelper 35 | { 36 | public: 37 | friend class ConfigManager; 38 | 39 | virtual FrontPayloadSigMatcherCfg* create(XMLElement* e); 40 | virtual ~FrontPayloadSigMatcherCfg(); 41 | 42 | virtual FrontPayloadSigMatcher* createInstance(); 43 | virtual bool deriveFrom(FrontPayloadSigMatcherCfg* old); 44 | 45 | protected: 46 | 47 | string signatureDir; 48 | 49 | FrontPayloadSigMatcherCfg(XMLElement*); 50 | }; 51 | 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/modules/packet/filter/RegExFilter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont Packet Filter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | /** @file 22 | * Filter a packet by checking if it is containing a predefined regEx string 23 | */ 24 | 25 | #ifndef REGEXFILTER_H 26 | #define REGEXFILTER_H 27 | 28 | #include 29 | #include 30 | #include 31 | #include "common/msg.h" 32 | #include "PacketProcessor.h" 33 | #include 34 | #include 35 | 36 | 37 | 38 | class RegExFilter 39 | : public PacketProcessor 40 | { 41 | 42 | public: 43 | 44 | RegExFilter () 45 | { 46 | }; 47 | 48 | virtual ~RegExFilter () 49 | { 50 | }; 51 | 52 | void regcre() 53 | { 54 | rexp.assign(match); 55 | }; 56 | 57 | virtual bool processPacket (Packet * p); 58 | 59 | int filtertype; 60 | std::string match; 61 | boost::regex rexp; 62 | 63 | protected: 64 | bool compare (char *data); 65 | 66 | }; 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /configs/oracle/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # handle cleanup 4 | trap cleanup 2 5 | 6 | cleanup() { 7 | echo "Caught Signal ... cleaning up." 8 | rm -rf /tmp/temp_out.$$ 9 | if [ -n "$XPPID" ]; then 10 | echo "shutting down exporter ..." 11 | kill $XPPID 12 | fi 13 | if [ -n "$WRPID" ]; then 14 | echo "shutting down writer ..." 15 | kill $WRPID 16 | fi 17 | if [ -n "$TPID" ]; then 18 | echo "shutting down log viewer ..." 19 | kill $TPID 20 | fi 21 | echo "Done cleanup ... quitting." 22 | exit 1 23 | } 24 | 25 | # Vars 26 | VMT='../../vermont' 27 | EXC='udpexp.xml' 28 | WRC='oxewriter.xml' 29 | 30 | print_output(){ 31 | # Show the output 32 | echo "" 33 | echo "" 34 | echo "OUTPUT:" 35 | echo "" 36 | echo "" 37 | tail -f /tmp/temp_out.$$ 38 | TPID=$(pidof tail) 39 | } 40 | 41 | # Tests 42 | test_exporter() { 43 | echo "testing exporter" 44 | $VMT -ddd -f $EXC >> /tmp/temp_out.$$ 2>&1 & 45 | XPPID=$(pidof $VMT) 46 | sleep 3 47 | print_output 48 | } 49 | 50 | test_writer() { 51 | echo "testing writer" 52 | $VMT -ddd -f $WRC >> /tmp/temp_out.$$ 2>&1 & 53 | WRPID=$(pidof -o $XPPID $VMT) 54 | sleep 3 55 | print_output 56 | } 57 | 58 | test_db() { 59 | echo "testing write to db" 60 | $VMT -ddd -f $EXC >> /tmp/temp_out.$$ 2>&1 & 61 | $VMT -ddd -f $WRC >> /tmp/temp_out.$$ 2>&1 & 62 | sleep 3 63 | print_output 64 | } 65 | 66 | # Run 67 | command=`basename $0` 68 | usage="Usage: $command -h [-t test]" 69 | 70 | while getopts ht: o; do 71 | case "$o" in 72 | h) echo $usage && exit 1;; 73 | t) testcase="$OPTARG";; 74 | esac 75 | done 76 | 77 | case $testcase in 78 | exp) test_exporter;; 79 | wr) test_writer;; 80 | db) test_db;; 81 | esac 82 | 83 | 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /src/modules/analysis/FlowLenAnalyzer.h: -------------------------------------------------------------------------------- 1 | /* 2 | VERMONT 3 | * Copyright (C) 2012 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef _FLOWLEN_ANALYZER_H_ 21 | #define _FLOWLEN_ANALYZER_H_ 22 | 23 | #include "modules/ipfix/IpfixRecordDestination.h" 24 | 25 | #include 26 | #include 27 | 28 | class FlowLenAnalyzer : public Module, public Source, public IpfixRecordDestination { 29 | public: 30 | FlowLenAnalyzer(std::string& flowFilename, std::string& binFilename, std::vector& bins); 31 | virtual ~FlowLenAnalyzer(); 32 | 33 | virtual void onDataRecord(IpfixDataRecord* record); 34 | 35 | private: 36 | virtual std::string getStatistics(); 37 | virtual std::string getStatisticsXML(double interval); 38 | 39 | std::string flowFilename; 40 | std::ofstream flowOutstream; 41 | std::string binsFilename; 42 | std::ofstream binsOutstream; 43 | std::vector bins; 44 | std::map binStats; 45 | }; 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /src/modules/packet/PCAPExporterFile.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Vermont PCAP Exporter 3 | * Copyright (C) 2009 Vermont Project 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _PCAP_EXPORTER_MODULE_H_ 22 | #define _PCAP_EXPORTER_MODULE_H_ 23 | 24 | #include "core/Module.h" 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | #include "PCAPExporterBase.h" 31 | 32 | class Packet; 33 | 34 | class PCAPExporterFile : public Module, public Destination, public Source, public PCAPExporterBase 35 | { 36 | public: 37 | PCAPExporterFile(const std::string& file); 38 | ~PCAPExporterFile(); 39 | 40 | virtual void receive(Packet* packet); 41 | virtual void performStart(); 42 | virtual void performShutdown(); 43 | virtual std::string getStatisticsXML(double interval); 44 | 45 | private: 46 | static void* pcapExporterSink(void* data); 47 | 48 | std::string fileName; 49 | pcap_t* dummy; 50 | uint64_t statPktsForwarded; 51 | uint64_t statBytesForwarded; 52 | }; 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixReceiverUdpIpV4.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Concentrator Module Library 3 | * Copyright (C) 2004 Christoph Sommer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _IPFIX_RECEIVER_UDPIPV4_H_ 22 | #define _IPFIX_RECEIVER_UDPIPV4_H_ 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #include "IpfixReceiver.hpp" 32 | #include "IpfixPacketProcessor.hpp" 33 | 34 | class IpfixReceiverUdpIpV4 : public IpfixReceiver, Sensor { 35 | public: 36 | IpfixReceiverUdpIpV4(int port, std::string ipAddr = "", 37 | const uint32_t buffer = 0, unsigned int moduleId = 0); 38 | virtual ~IpfixReceiverUdpIpV4(); 39 | 40 | virtual void run(); 41 | virtual std::string getStatisticsXML(double interval); 42 | 43 | private: 44 | int listen_socket; 45 | uint32_t statReceivedPackets; /**< number of received packets */ 46 | }; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /src/modules/ipfix/IpfixRecordAnonymizer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Record Anonymizer 3 | * Copyright (C) 2008 Lothar Braun 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef _RECORD_ANONYMIZER_H_ 22 | #define _RECORD_ANONYMIZER_H_ 23 | 24 | #include "core/Source.h" 25 | #include 26 | #include 27 | 28 | class IpfixRecordAnonymizer : public Source, public IpfixRecordDestination, public AnonModule, public Module { 29 | public: 30 | IpfixRecordAnonymizer() : copyMode(false) {} 31 | virtual ~IpfixRecordAnonymizer() {} 32 | 33 | void setCopyMode(bool mode); 34 | 35 | protected: 36 | bool copyMode; // if true, the anomymization is applied to a copy of the record 37 | 38 | static InstanceManager dataRecordIM; 39 | 40 | virtual void onTemplate(IpfixTemplateRecord* record); 41 | virtual void onDataRecord(IpfixDataRecord* record); 42 | virtual void onTemplateDestruction(IpfixTemplateDestructionRecord* record); 43 | }; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /src/modules/ipfix/aggregator/IpfixAggregator.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * IPFIX Concentrator Module Library 3 | * Copyright (C) 2004 Christoph Sommer 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | */ 20 | 21 | #ifndef AGGREGATOR_H 22 | #define AGGREGATOR_H 23 | 24 | #include "modules/ipfix/IpfixRecord.hpp" 25 | #include "Rules.hpp" 26 | #include "BaseAggregator.h" 27 | #include "modules/ipfix/IpfixRecordDestination.h" 28 | #include "core/Module.h" 29 | 30 | 31 | /** 32 | * Represents an Aggregator. 33 | * 34 | * Uses Rules and Hashtable to implement an IPFIX Aggregator. 35 | */ 36 | class IpfixAggregator 37 | : public BaseAggregator, public IpfixRecordDestination 38 | { 39 | public: 40 | IpfixAggregator(uint32_t pollinterval); 41 | virtual ~IpfixAggregator(); 42 | 43 | virtual void onDataRecord(IpfixDataRecord* record); 44 | 45 | protected: 46 | BaseHashtable* createHashtable(Rule* rule, uint16_t inactiveTimeout, 47 | uint16_t activeTimeout, uint8_t hashbits); 48 | }; 49 | 50 | #endif 51 | --------------------------------------------------------------------------------