/* gcc -Wall -pedantic af.c -lpcap -o af */ #include "af.h" u_int16_t handle_ethernet(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); u_char* handle_IP(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet); void errsys(char msg[50]) { syslog(LOG_ERR,msg); } unsigned long int putere(int a,int b) { unsigned long int p; int j; if (b==0) return 1; p=1; for(j=1;j<=b;j++) { p=p*a; } return p; } char *strpu(char w[20]) { char w1[20],*ps,cc[2],*c,a[20]; strcpy(w1,w); strcpy(cc,"."); ps=w1; strtok(ps,"."); strcpy(a,ps); strcat(a,"_"); strcpy(w1,w); ps=w1; while(strncmp(ps,cc,1)) ps++;ps++; strtok(ps,"."); strcat(a,ps); strcat(a,"_"); strcpy(w1,w); ps=w1; while(strncmp(ps,cc,1)) ps++;ps++; while(strncmp(ps,cc,1)) ps++;ps++; strtok(ps,"."); strcat(a,ps); strcat(a,"_"); strcpy(w1,w); ps=w1; while(strncmp(ps,cc,1)) ps++;ps++; while(strncmp(ps,cc,1)) ps++;ps++; while(strncmp(ps,cc,1)) ps++;ps++; strtok(ps,"."); strcat(a,ps); ps=a; return ps; } int init_db() { int conectat; strcpy(db_host,DB_HOST); strcpy(db_user,DB_USER); strcpy(db_password,DB_PASSWORD); strcpy(db_database,DB_DATABASE); memset(&mysql,0,sizeof(MYSQL)); mysql_init(&mysql); mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,"af"); if (!mysql_real_connect(&mysql, db_host , db_user, db_password,db_database,0,NULL,0)) { errsys("Failed to connect to database: Error:"); conectat = 0; } else { conectat = 1; if (mysql_select_db(&mysql, db_database)) { conectat=0; errsys("Nu pot selecta baza de date Error:"); } else { conectat = 1; } } return conectat; } void load_db() { struct in_addr intmp; char *buff,*buf; if ((buff = ( char * ) malloc ( MAX_QUERY )) == NULL) errsys ( "buffer alloc" ); if ((buf = ( char * ) malloc ( MAX_QUERY )) == NULL) errsys ( "buffer alloc" ); memset(buff, 0, MAX_QUERY); strcpy(buff,"select ip,subc,netmask from clients_subc order by ip"); init_db(); if (mysql_query(&mysql, buff)) { errsys("mysql_querry: eroare la citirea tabelei de clienti:load_db"); } if (!(res = mysql_store_result(&mysql))) { errsys("mysql_store_result"); } nripc=0; while(row = mysql_fetch_row(res)) { nripc++; strcpy(ipc[nripc].ipch,row[0]); inet_aton(ipc[nripc].ipch,&intmp); ipc[nripc].ipn=intmp.s_addr; strcpy(ipc[nripc].subrc,row[1]); inet_aton(ipc[nripc].subrc,&intmp); ipc[nripc].subrn=intmp.s_addr; ipc[nripc].nm=atoi(row[2]); ipc[nripc].tdownb=0; ipc[nripc].tupb=0; ipc[nripc].ltdownb=0; ipc[nripc].ltupb=0; ipc[nripc].atdownb=0; ipc[nripc].atupb=0; strcpy(ipc[nripc].table,strpu(ipc[nripc].ipch)); /* fprintf(stdout,"ip = %lu ipch=%s subc=%s subn=%lu nm=%d table=%s\n", ipc[nripc].ipn,ipc[nripc].ipch,ipc[nripc].subrc,ipc[nripc].subrn,ipc[nripc].nm,ipc[nripc].table);*/ } mysql_free_result(res); mysql_close(&mysql); } int prel() { int j,l; for(j=1;j<=nripc;j++) { strcpy(xipc[j].table,ipc[j].table); xipc[j].ipn=ipc[j].ipn; xipc[j].tdownb=ipc[j].tdownb; xipc[j].tupb=ipc[j].tupb; ipc[j].tdownb=0; ipc[j].tupb=0; } xnr=nripc; j=1; while (jlen; u_int hlen,off,version; unsigned long int ipb,ipx; int len; int is,id,i,gasit; /* jump pass the ethernet header */ ip = (struct my_ip*)(packet + sizeof(struct ether_header)); length -= sizeof(struct ether_header); /* check to see we have a packet of valid length */ if (length < sizeof(struct my_ip)) { printf("truncated ip %d",length); return NULL; } len = ntohs(ip->ip_len); hlen = IP_HL(ip); /* header length */ version = IP_V(ip);/* ip version */ /* if(((ip->ip_src.s_addr)!=locip) && ((ip->ip_dst.s_addr)!=locip))*/ /* Aici se pune numaratoarea */ i=1; while (i<=nripc) { if((ip->ip_src.s_addr==ipc[i].ipn)) { ipc[i].tupb+=len; break; } if((ip->ip_dst.s_addr==ipc[i].ipn)) { ipc[i].tdownb+=len; break; } ipx=ip->ip_src.s_addr; ipb=ipc[i].subrn+(putere(2,32-ipc[i].nm)-1)*16777216; if (((ipx-ipc[i].subrn)%16777216==0) && (ipx<=ipb) && (ipx>=ipc[i].subrn)) { ipc[i].tupb+=len; } ipx=ip->ip_dst.s_addr; ipb=ipc[i].subrn+(putere(2,32-ipc[i].nm)-1)*16777216; if (((ipx-ipc[i].subrn)%16777216==0) && (ipx<=ipb) && (ipx>=ipc[i].subrn)) { ipc[i].tdownb+=len; } i++; } } /* handle ethernet packets, much of this code gleaned from * print-ether.c from tcpdump source */ u_int16_t handle_ethernet(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { u_int caplen = pkthdr->caplen; /* u_int length = pkthdr->len;*/ struct ether_header *eptr; /* net/ethernet.h */ u_short ether_type; if (caplen < ETHER_HDRLEN) { fprintf(stdout,"Packet length less than ethernet header length\n"); return -1; } /* lets start with the ether header... */ eptr = (struct ether_header *) packet; ether_type = ntohs(eptr->ether_type); /* Lets print SOURCE DEST TYPE LENGTH */ /*fprintf(stdout,"ETH: "); fprintf(stdout,"%s ",ether_ntoa((struct ether_addr*)eptr->ether_shost)); fprintf(stdout,"%s ",ether_ntoa((struct ether_addr*)eptr->ether_dhost)); */ /* check to see if we have an ip packet */ if (ether_type == ETHERTYPE_IP) { /* fprintf(stdout,"(IP)");*/ }else if (ether_type == ETHERTYPE_ARP) { /* fprintf(stdout,"(ARP)");*/ }else if (eptr->ether_type == ETHERTYPE_REVARP) { /* fprintf(stdout,"(RARP)");*/ }else { /* fprintf(stdout,"(?)");*/ } /* fprintf(stdout," %d\n",length);*/ return ether_type; } void siga() { int j; prel(); contor++; if(contor%an==0) { load_db(); } if (contor==960000000) contor=0; pthread_create (&thread_id, NULL, &save_data, NULL); } void sigt(int signal) { /* save_data_zi(); save_data_luna(); save_data_an(); _exit(3);*/ } int main(int argc,char **argv) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* descr; struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ u_char* args = NULL; int k,j; struct in_addr adrc; struct itimerval del; pid_t pid, sid; /* locip=375591690;*/ /* Options must be passed in as a string because I am lazy */ /* if(argc < 2){ fprintf(stdout,"Usage: %s numpackets \"options\"\n",argv[0]); return 0; } */ /* grab a device to peak into... */ dev = pcap_lookupdev(errbuf); strcpy(dev,DEVICE); /* printf("device=%s\n",dev); */ if(dev == NULL) { printf("%s\n",errbuf); exit(1); } /* ask pcap for the network address and mask of the device */ /* pcap_lookupnet(dev,&netp,&maskp,errbuf);*/ /* open device for reading. NOTE: defaulting to * promiscuous mode*/ descr = pcap_open_live(dev,BUFSIZ,0,0,errbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } /* fprintf(stdout,"IP src, Ip dst, len, proto\n" );*/ /* ... and loop */ load_db(); contor=0; for(j=1;j<=nripc;j++) { xipc[j].ltdownb=0; xipc[j].ltupb=0; xipc[j].atdownb=0; xipc[j].atupb=0; } luna=40; an=240; signal(SIGALRM, siga); signal(SIGTERM, sigt); del.it_interval.tv_sec = 180; /* intervalul in s*/ del.it_interval.tv_usec = 0; del.it_value.tv_sec = 180; /*peste cate s sa plece*/ del.it_value.tv_usec = 0; setitimer(ITIMER_REAL, &del, NULL); /* pid=fork(); if (pid<0) { exit(EXIT_FAILURE); } if (pid>0) { exit(EXIT_SUCCESS); } umask(0); sid=setsid(); if (sid < 0) { exit(EXIT_FAILURE); } if ((chdir("/")) < 0) { exit(EXIT_FAILURE); } close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); */ /* atoi(argv[1])*/ pcap_loop(descr,-1,my_callback,args); /* for(k=1;k<=nripc;k++) { printf("down=%lu up=%lu",ipc[k].tdownb,ipc[k].tupb); printf("--------------------\n"); } printf("++++\n"); prel(); for(k=1;k<=xnr;k++) { printf("down=%lu up=%lu",xipc[k].tdownb,xipc[k].tupb); printf("--------------------\n"); } */ /* save_data_zi(); save_data_luna(); save_data_an(); fprintf(stdout,"\nfinished%d\n",init_db()); */ return 0; }