EvEmu  0.8.4
11 September 2021
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages
EVEnids.cpp
Go to the documentation of this file.
1 /*
2  ------------------------------------------------------------------------------------
3  LICENSE:
4  ------------------------------------------------------------------------------------
5  This file is part of EVEmu: EVE Online Server Emulator
6  Copyright 2006 - 2021 The EVEmu Team
7  For the latest information visit http://evemu.mmoforge.org
8  ------------------------------------------------------------------------------------
9  This program is free software; you can redistribute it and/or modify it under
10  the terms of the GNU Lesser General Public License as published by the Free Software
11  Foundation; either version 2 of the License, or (at your option) any later
12  version.
13 
14  This program is distributed in the hope that it will be useful, but WITHOUT
15  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16  FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
17 
18  You should have received a copy of the GNU Lesser General Public License along with
19  this program; if not, write to the Free Software Foundation, Inc., 59 Temple
20  Place - Suite 330, Boston, MA 02111-1307, USA, or go to
21  http://www.gnu.org/copyleft/lesser.txt.
22  ------------------------------------------------------------------------------------
23  Author: Zhur
24 */
25 
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/socket.h>
29 #include <netinet/in.h>
30 #include <netinet/in_systm.h>
31 #include <arpa/inet.h>
32 #include <string.h>
33 #include <stdio.h>
34 #include <unistd.h>
35 #include "nids.h"
36 #include <string>
37 #include <queue>
38 #include <map>
39 
40 #include "../common/packet_dump.h"
41 #include "../common/packet_functions.h"
42 #include "../common/packet_types.h"
43 #include "../common/PyRep.h"
44 #include "../common/EVEUnmarshal.h"
45 #include "../common/PyPacket.h"
46 #include "../common/PyVisitor.h"
47 #include "../common/logsys.h"
48 #include "../common/StreamPacketizer.h"
49 #include "../common/CachedObjectMgr.h"
50 #include "../common/PyXMLGenerator.h"
51 #include "../common/PyDumpVisitor.h"
52 #include "../common/PyLookupDump.h"
53 
54 #include "EVECollectDisp.h"
55 
56 #include "../packets/General.h"
57 
58 using std::queue;
59 
60 
61 #define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
62 
63 // struct tuple4 contains addresses and port numbers of the TCP connections
64 // the following auxiliary function produces a string looking like
65 // 10.0.0.1,1024,10.0.0.2,23
66 char *
67 adres (struct tuple4 addr)
68 {
69  static char buf[256];
70  strcpy (buf, int_ntoa (addr.saddr));
71  sprintf (buf + strlen (buf), ",%i,", addr.source);
72  strcat (buf, int_ntoa (addr.daddr));
73  sprintf (buf + strlen (buf), ",%i", addr.dest);
74  return buf;
75 }
76 
77 void ProcessCallRequest(PyPacket *packet) {
78 
79 }
80 
81 
82 static EVECollectDispatcher *CollectDispatcher = NULL;
83 
84 //PyObject *loadfunc = NULL;
85 
86 StreamPacketizer clientPacketizer;
87 StreamPacketizer serverPacketizer;
88 void tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed) {
89  char buf[1024];
90  strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf
91 
92  if (a_tcp->nids_state == NIDS_JUST_EST) {
93 
94  //see if this is a stream we care about...
95  if(a_tcp->addr.source != 26000 && a_tcp->addr.dest != 26000 &&
96  a_tcp->addr.source != 26001 && a_tcp->addr.dest != 26001)
97  return;
98 
99  a_tcp->client.collect++; // we want data received by a client
100  a_tcp->server.collect++; // and by a server, too
101  _log(COLLECT__TCP, "%s established", buf);
102  return;
103  }
104  if (a_tcp->nids_state == NIDS_CLOSE) {
105  // connection has been closed normally
106  _log(COLLECT__TCP, "%s closing", buf);
107  return;
108  }
109  if (a_tcp->nids_state == NIDS_RESET) {
110  // connection has been closed by RST
111  _log(COLLECT__TCP, "%s reset", buf);
112  return;
113  }
114 
115  if (a_tcp->nids_state == NIDS_DATA) {
116  // new data has arrived; gotta determine in what direction
117  // and if it's urgent or not
118 
119  struct half_stream *hlf;
120  StreamPacketizer *sp;
121 
122  if (a_tcp->client.count_new) {
123  // new data for client
124  hlf = &a_tcp->client; // from now on, we will deal with hlf var,
125  // which will point to client side of conn
126  sp = &clientPacketizer;
127  strcat (buf, "(<-)"); // symbolic direction of data
128  } else {
129  sp = &serverPacketizer;
130  hlf = &a_tcp->server; // analogical
131  strcat (buf, "(->)");
132  }
133 
134  _log(COLLECT__TCP, "Data %s (len %d)", buf, hlf->count_new); // we print the connection parameters
135  // (saddr, daddr, sport, dport) accompanied
136  // by data flow direction (-> or <-)
137 
138  sp->InputBytes((const byte *) hlf->data, hlf->count_new);
139 
140  StreamPacketizer::Packet *p;
141  while((p = sp->PopPacket()) != NULL) {
142  //const PacketHeader *head = (const PacketHeader *) p->data;
143 
144  uint32 body_len = p->length;
145  const byte *body = p->data;
146 
147  _log(COLLECT__RAW_HEX, "Raw Hex Dump of len %d:", body_len);
148  _hex(COLLECT__RAW_HEX, body, body_len);
149 
150  PyRep *rep = InflateAndUnmarshal(body, body_len);
151  if(rep == NULL) {
152  printf("Failed to inflate or unmarshal!");
153  delete p;
154  continue;
155  }
156 
157  if(is_log_enabled(COLLECT__PYREP_DUMP)) {
158  //decode substreams to facilitate dumping better:
159  SubStreamDecoder v;
160  rep->visit(&v);
161  //TODO: make dump use logsys.
162  _log(COLLECT__PYREP_DUMP, "Unmarshaled PyRep:");
163  PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PYREP_DUMP);
164  rep->visit(&dumper);
165  }
166 
167  PyPacket *packet = new PyPacket;
168  if(!packet->Decode(rep)) {
169  _log(COLLECT__ERROR, "Failed to decode packet rep");
170  } else {
171  if(is_log_enabled(COLLECT__PACKET_DUMP)) {
172  //decode substreams to facilitate dumping better:
173  SubStreamDecoder v;
174  packet->payload->visit(&v);
175 
176  //TODO: make dump use logsys.
177  _log(COLLECT__PACKET_DUMP, "Decoded message:");
178  PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PACKET_DUMP);
179  packet->Dump(COLLECT__PACKET_DUMP, &dumper);
180 
181 
182  printf("\n\n");
183  }
184  fflush(stdout);
185 
186  CollectDispatcher->DispatchPacket(&packet);
187  }
188  delete packet;
189 
190  delete p;
191  } //end "while pop packet"
192  }
193  return ;
194 }
195 
196 int EVE_NIDS_main(EVECollectDispatcher *disp, int argc, char *argv[]) {
197  if(disp == NULL) {
198  fprintf(stderr,"NULL dispatcher provided to NIDS, not running\n",nids_errbuf);
199  return(1);
200  }
201  CollectDispatcher = disp;
202 
203  // here we can alter libnids params, for instance:
204  // nids_params.n_hosts=256;
205  if(argc == 2)
206  nids_params.filename = strdup(argv[1]);
207  if(argc == 3) //hack
208  nids_params.device = strdup(argv[2]);
209  if (!nids_init ()) {
210  fprintf(stderr,"%s\n",nids_errbuf);
211  return(1);
212  }
213 
214  nids_register_tcp ((void *) tcp_callback);
215  printf("Starting NIDS loop...\n");
216  nids_run ();
217  return(0);
218 }
219 
220 
PyRep
Base Python wire object.
Definition: PyRep.h:66
adres
char * adres(struct tuple4 addr)
Definition: EVEnids.cpp:67
serverPacketizer
StreamPacketizer serverPacketizer
Definition: EVEnids.cpp:87
_log
#define _log(type, fmt,...)
Definition: logsys.h:124
CollectDispatcher
static EVECollectDispatcher * CollectDispatcher
Definition: EVEnids.cpp:82
strdup
#define strdup
Definition: eve-compat.h:258
sprintf
std::string sprintf(const char *fmt,...)
sprintf for std::string.
Definition: eve-compat.cpp:106
ProcessCallRequest
void ProcessCallRequest(PyPacket *packet)
Definition: EVEnids.cpp:77
int_ntoa
#define int_ntoa(x)
Definition: EVEnids.cpp:61
PyPacket::payload
PyTuple * payload
Definition: PyPacket.h:119
is_log_enabled
#define is_log_enabled(type)
Definition: logsys.h:78
PyPacket::Dump
void Dump(LogType type, PyVisitor &dumper)
Definition: PyPacket.cpp:95
tcp_callback
void tcp_callback(struct tcp_stream *a_tcp, void **this_time_not_needed)
Definition: EVEnids.cpp:88
_hex
#define _hex(type, data, len)
Definition: logsys.h:133
uint32
unsigned __int32 uint32
Definition: eve-compat.h:50
clientPacketizer
StreamPacketizer clientPacketizer
Definition: EVEnids.cpp:86
PyPacket::Decode
bool Decode(PyRep **packet)
Definition: PyPacket.cpp:115
EVECollectDispatcher::lookResolver
PyLookupResolver lookResolver
Definition: EVECollectDisp.h:15
PyTuple::visit
bool visit(PyVisitor &v) const
Visits object.
Definition: PyRep.cpp:553
EVEPacketDispatcher::DispatchPacket
bool DispatchPacket(PyPacket *packet)
Definition: EVEPktDispatch.cpp:36
PyRep::visit
virtual bool visit(PyVisitor &v) const =0
Visits object.
EVE_NIDS_main
int EVE_NIDS_main(EVECollectDispatcher *disp, int argc, char *argv[])
Definition: EVEnids.cpp:196