Changeset 1482

Timestamp:

07/08/06 15:34:13 (3 years ago)

Author:

aturner

Message:

first pass at adding split by mac
refs #1

Location:

trunk/src

Files:

• Makefile.am (modified) (1 diff)
• mac.c (modified) (2 diffs)
• mac.h (modified) (2 diffs)
• tcpprep.c (modified) (6 diffs)
• tcpprep.h (modified) (1 diff)
• tcpprep_opts.def (modified) (5 diffs)

trunk/src/Makefile.am

@@ -62 +62 @@
 tcpprep_LDADD = ./common/libcommon.a \
                   $(LIBSTRL) @LNETLIB@ @LPCAPLIB@ $(LIBOPTS_LDADD)
-tcpprep_SOURCES = tcpprep_opts.c tcpprep.c tree.c
+tcpprep_SOURCES = tcpprep_opts.c tcpprep.c tree.c mac.c
 tcpprep_OBJECTS: tcpprep_opts.h
 tcpprep_opts.h: tcpprep_opts.c

trunk/src/mac.c

@@ -1 @@
-/* $Id:$ */
+/* $Id$ */
 /* Copyright 2004-2005 Aaron Turner 
  * All rights reserved.
@@ -108 +108 @@
 }
 
+/*
+ * Figures out if a MAC is listed in a comma delimited
+ * string of MAC addresses.
+ * returns CACHE_PRIMARY if listed
+ * returns CACHE_SECONDARY if not listed
+ */
+int
+macinstring(const char *macstring, const u_char *mac)
+{
+    char *tok, *tempstr, *ourstring;
+    u_char *tempmac;
+    int len = 6, ret = CACHE_SECONDARY;
+    
+    ourstring = safe_strdup(macstring);
+    
+    tempstr = strtok_r(ourstring, ",", &tok);
+    if (strlen(tempstr)) {
+       mac2hex(tempstr, tempmac, len);
+       if (memcmp(mac, tempmac, len) == 0) {
+           ret = CACHE_PRIMARY;
+           goto EXIT_MACINSTRING;
+       }
+    } else {
+        goto EXIT_MACINSTRING;
+    }
+
+    while ((tempstr = strtok_r(NULL, ",", &tok)) != NULL) {
+       mac2hex(tempstr, tempmac, len);
+       if (memcmp(mac, tempmac, len) == 0) {
+           ret = CACHE_PRIMARY;
+           goto EXIT_MACINSTRING;
+       }
+    }
+
+EXIT_MACINSTRING:
+    free(ourstring);
+    return ret;
+}
 
 /*

trunk/src/mac.h

@@ -1 @@
-/* $Id:$ */
+/* $Id$ */
 /* Copyright 2004 Aaron Turner 
  * All rights reserved.
@@ -35 +35 @@
 void mac2hex(const char *mac, u_char *dst, int len);
 int dualmac2hex(const char *dualmac, u_char *first, u_char *second, int len);
+int macinstring(const char *macstring, const u_char *mac);
 
 #endif /* __MAC_H__ */

trunk/src/tcpprep.c

@@ -62 +62 @@
 #include "lib/sll.h"
 #include "lib/strlcpy.h"
+#include "mac.h"
 
 /*
@@ -121 +122 @@
         errx(1, "Error opening file: %s", errbuf);
 
-    switch((int)options.pcap) {
+    /* make sure we support the DLT type */
+    switch(pcap_datalink(options.pcap)) {
         case DLT_EN10MB:
         case DLT_LINUX_SLL:
@@ -129 +131 @@
         default:
             errx(1, "Unsupported pcap DLT type: 0x%x", pcap_datalink(options.pcap));
+    }
+
+    /* Can only split based on MAC address for ethernet */
+    if ((pcap_datalink(options.pcap) != DLT_EN10MB) &&
+        (options.mode == MAC_MODE)) {
+        err(1, "MAC mode splitting is only supported by DLT_EN10MB packet captures.");
     }
 
@@ -285 +293 @@
 {
     ip_hdr_t *ip_hdr = NULL;
+    eth_hdr_t *eth_hdr = NULL;
     struct pcap_pkthdr pkthdr;
     const u_char *pktdata = NULL;
@@ -316 +325 @@
             }
         }
+        
+        eth_hdr = (eth_hdr_t *)pktdata;
 
         /* get the IP header (if any) */
@@ -354 +365 @@
             cache_result = add_cache(&options.cachedata, SEND,
                       check_ip_cidr(options.cidrdata, ip_hdr->ip_src.s_addr));
+            break;
+        case MAC_MODE:
+            dbg(2, "processing mac mode...");
+            cache_result = add_cache(&options.cachedata, SEND,
+                macinstring(options.maclist, (u_char *)eth_hdr->ether_shost));
             break;
         case AUTO_MODE:

trunk/src/tcpprep.h

@@ -52 +52 @@
     tcpr_cache_t *cachedata;
     tcpr_cidr_t *cidrdata;
-
+    char *maclist;
     tcpr_xX_t xX;
     tcpr_bpf_t bpf;

trunk/src/tcpprep_opts.def

@@ -76 +76 @@
     flags-cant  = port;
     flags-cant  = regex;
+        flags-cant      = mac;
     flag-code   = <<- EOAuto
     
@@ -137 +138 @@
     flags-cant  = port;
     flags-cant  = regex;
+        flags-cant      = mac;
     flag-code   = <<- EOCidr
   
@@ -162 +164 @@
     flags-cant  = port;
     flags-cant  = cidr;
+        flags-cant      = mac;
     flag-code   = <<- EORegex
     
@@ -185 +188 @@
     value       = p;
     descrip     = "Port-split mode";
+        max                     = 1;
     flags-cant  = auto;
     flags-cant  = regex;
     flags-cant  = cidr;
+        flags-cant      = mac;
     flag-code   = <<- EOPort
     
@@ -197 +202 @@
 or server based upon the destination port of the header.
 EOText;
+};
+
+flag = {
+        name            = mac;
+        value           = e;
+        arg-type        = string;
+        max                     = 1;
+        descrip         = "Source MAC split mode";
+        flags-cant      = auto;
+        flags-cant      = regex;
+        flags-cant      = cidr;
+        flags-cant      = port;
+        flag-code       = <<- EOMac
+        
+        options.mode = MAC_MODE;
+        options.maclist = safe_strdup(OPT_ARG(MAC));
+        
+
+EOMac;
+        doc                     = <<- EOText
+Specify a list of MAC addresses to match against the source MAC
+of each packet.  Packets matching one of the values are classified
+as servers.     
+EOText;
+        
 };