diff --git a/bin/Makefile b/bin/Makefile
index a8e1398..1a1801e 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -1,9 +1,12 @@
-pibs: pibs.o memutils.o
- gcc -Wall -o pibs pibs.o memutils.o -lwiretap `pkg-config --libs glib-2.0` -lpcap -lhiredis -ggdb
+pibs: pibs.o memutils.o synseen.o
+ gcc -Wall -o pibs pibs.o memutils.o synseen.o -lwiretap `pkg-config --libs glib-2.0` -lpcap -lhiredis -ggdb
memutils.o: memutils.c
gcc -Wall -c memutils.c `pkg-config --cflags glib-2.0` -I /usr/include/wireshark/wiretap -I /usr/include/wireshark/wsutil -I /usr/include/wireshark `pkg-config --libs glib-2.0` -I /usr/local/include/hiredis -ggdb
+synseen.o: synseen.c
+ gcc -D HASHDEBUG=0 -Wall -c synseen.c `pkg-config --cflags glib-2.0` -I /usr/include/wireshark/wiretap -I /usr/include/wireshark/wsutil -I /usr/include/wireshark `pkg-config --libs glib-2.0` -I /usr/local/include/hiredis -ggdb
+
pibs.o: pibs.c
gcc -D HASHDEBUG=0 -Wall -c pibs.c `pkg-config --cflags glib-2.0` -I /usr/include/wireshark/wiretap -I /usr/include/wireshark/wsutil -I /usr/include/wireshark `pkg-config --libs glib-2.0` -I /usr/local/include/hiredis -ggdb
diff --git a/bin/pibs.c b/bin/pibs.c
index d9caa50..2b323da 100644
--- a/bin/pibs.c
+++ b/bin/pibs.c
@@ -19,82 +19,6 @@
* along with this program. If not, see .
*/
#include "pibs.h"
-//TODO when attaching the next_item must be recovered if results
-//of previous runs need to be increased
-/*
- * Returns -1 if not found
- * returns last timestamp if found
- */
-int_fast64_t get_last_timestamp(pibs_t* pibs, uint32_t ip)
-{
- uint32_t idx;
- uint32_t i;
- //TODO explore alternative hashing functions
- //https://stackoverflow.com/questions/664014/what-integer-hash-function-are-good-that-accepts-an-integer-hash-key/12996028#12996028
- idx = ip % NBINS;
- HDBG("[TS] Checking for IP %x at index = %d\n", ip, idx);
- i = pibs->bin_table[idx];
- while (i){
- if (pibs->items[i].ipaddr == ip) {
- HDBG("[TS] Found item %x at position %d\n", ip , i);
- return pibs->items[i].timestamp;
- }
- i = pibs->items[i].next_item;
- }
- HDBG("[TS] IP: %x was not found return -1\n",ip);
- return -1;
-}
-
-void insert_ip(pibs_t* pibs, uint32_t ip, uint32_t ts)
-{
- uint32_t idx;
- uint32_t i;
- uint32_t parent;
-
- idx = ip % NBINS;
- HDBG("[INS] Lookup IP address %x. Hashed value: %d\n", ip, idx);
- parent = 0;
- if (pibs->bin_table[idx]){
- // There is already someone in the bin
- i = pibs->bin_table[idx];
- HDBG("[INS] Starting searching at position %d\n", i);
- do {
- HDBG("[INS] Iterating items at index %d. Current position: %d.\
- Next position = %d\n",
- idx,i,pibs->items[i].next_item);
- HDBG("[INS] Checking IP at address %p\n",&pibs->items[i]);
- if (pibs->items[i].ipaddr == ip) {
- HDBG("[INS] Found item %x at position %d\n", ip , i);
- HDBG("[INS] New timestamp for ip %x is %d\n",ip,ts);
- pibs->items[i].timestamp = ts;
- return;
- }
- parent = i;
- i = pibs->items[i].next_item;
- } while (i != 0 );
- HDBG("[INS] The IP %x was not found in the item list, last parent %d\n",
- ip, parent);
- }
- // The IP was not found in an item list or the hashed value wsa not present
- // in the bin table, so create a new item
- pibs->next_item++;
- if (pibs->next_item > pibs->max_item) {
- printf("FIXME run out of memory. Do something better than abort\n");
- //Go through old timestamps and keep linked list of stuff that can be
- //reused or do kind of defragmentation
- abort();
- }
- if (pibs->bin_table[idx] == 0) {
- pibs->bin_table[idx] = pibs->next_item;
- }
- HDBG("[INS] Insert ip %x at position %d, parent = %d\n", ip,
- pibs->next_item,parent);
- pibs->items[pibs->next_item].ipaddr = ip;
- pibs->items[pibs->next_item].timestamp = ts;
- if (parent) {
- pibs->items[parent].next_item = pibs->next_item;
- }
-}
void process_frame(pibs_t* pibs, wtap *wth,
uint8_t *eth)
@@ -229,46 +153,6 @@ pibs_t* init(void)
return pibs;
}
-void pibs_dump_raw(pibs_t* pibs)
-{
- int i;
- printf("#RAW table dump\n");
- printf("#Index next_item\n");
- printf("#BINs\n");
- for (i=0; i< NBINS; i++) {
- printf("%d %d\n", i, pibs->bin_table[i]);
- }
- printf("#ITEMS\n");
- printf("#Index next_item, timestamp, ipaddr\n");
- for (i=0; i < NBINITEMS * NBINS; i++) {
- printf("%d %d %d %x\n", i, pibs->items[i].next_item,
- pibs->items[i].timestamp,
- pibs->items[i].ipaddr);
- }
-}
-
-void pibs_dump_stats(pibs_t* pibs)
-{
- int i;
- int j;
- int cnt;
- uint64_t sum;
- sum = 0;
- printf("#Bin table\n");
- printf("#Bin number, Item offset, number of items\n");
- for (i=0; i < NBINS; i++) {
- j= pibs->bin_table[i];
- cnt = 0;
- while (j) {
- cnt++;
- j=pibs->items[j].next_item;
- }
- sum+=cnt;
- printf("%d %d %d\n", i, pibs->bin_table[i], cnt);
- }
- printf("#Number of unique IP addresses: %ld\n", sum);
-}
-
void process_redis_list(pibs_t* pibs)
{
redisReply *reply;
diff --git a/bin/synseen.c b/bin/synseen.c
new file mode 100644
index 0000000..f17bdc3
--- /dev/null
+++ b/bin/synseen.c
@@ -0,0 +1,138 @@
+/*
+* pibs - Passive Identification of BackScatter
+*
+* Copyright (C) 2019 Gerard Wagener
+* Copyright (C) 2019 CIRCL Computer Incident Response Center Luxembourg
+* (SMILE gie).
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program. If not, see .
+*/
+
+#include "pibs.h"
+//TODO when attaching the next_item must be recovered if results
+//of previous runs need to be increased
+/*
+ * Returns -1 if not found
+ * returns last timestamp if found
+ */
+int_fast64_t get_last_timestamp(pibs_t* pibs, uint32_t ip)
+{
+ uint32_t idx;
+ uint32_t i;
+ //TODO explore alternative hashing functions
+ //https://stackoverflow.com/questions/664014/what-integer-hash-function-are-good-that-accepts-an-integer-hash-key/12996028#12996028
+ idx = ip % NBINS;
+ HDBG("[TS] Checking for IP %x at index = %d\n", ip, idx);
+ i = pibs->bin_table[idx];
+ while (i){
+ if (pibs->items[i].ipaddr == ip) {
+ HDBG("[TS] Found item %x at position %d\n", ip , i);
+ return pibs->items[i].timestamp;
+ }
+ i = pibs->items[i].next_item;
+ }
+ HDBG("[TS] IP: %x was not found return -1\n",ip);
+ return -1;
+}
+
+void insert_ip(pibs_t* pibs, uint32_t ip, uint32_t ts)
+{
+ uint32_t idx;
+ uint32_t i;
+ uint32_t parent;
+
+ idx = ip % NBINS;
+ HDBG("[INS] Lookup IP address %x. Hashed value: %d\n", ip, idx);
+ parent = 0;
+ if (pibs->bin_table[idx]){
+ // There is already someone in the bin
+ i = pibs->bin_table[idx];
+ HDBG("[INS] Starting searching at position %d\n", i);
+ do {
+ HDBG("[INS] Iterating items at index %d. Current position: %d.\
+ Next position = %d\n",
+ idx,i,pibs->items[i].next_item);
+ HDBG("[INS] Checking IP at address %p\n",&pibs->items[i]);
+ if (pibs->items[i].ipaddr == ip) {
+ HDBG("[INS] Found item %x at position %d\n", ip , i);
+ HDBG("[INS] New timestamp for ip %x is %d\n",ip,ts);
+ pibs->items[i].timestamp = ts;
+ return;
+ }
+ parent = i;
+ i = pibs->items[i].next_item;
+ } while (i != 0 );
+ HDBG("[INS] The IP %x was not found in the item list, last parent %d\n",
+ ip, parent);
+ }
+ // The IP was not found in an item list or the hashed value wsa not present
+ // in the bin table, so create a new item
+ pibs->next_item++;
+ if (pibs->next_item > pibs->max_item) {
+ printf("FIXME run out of memory. Do something better than abort\n");
+ //Go through old timestamps and keep linked list of stuff that can be
+ //reused or do kind of defragmentation
+ abort();
+ }
+ if (pibs->bin_table[idx] == 0) {
+ pibs->bin_table[idx] = pibs->next_item;
+ }
+ HDBG("[INS] Insert ip %x at position %d, parent = %d\n", ip,
+ pibs->next_item,parent);
+ pibs->items[pibs->next_item].ipaddr = ip;
+ pibs->items[pibs->next_item].timestamp = ts;
+ if (parent) {
+ pibs->items[parent].next_item = pibs->next_item;
+ }
+}
+
+void pibs_dump_raw(pibs_t* pibs)
+{
+ int i;
+ printf("#RAW table dump\n");
+ printf("#Index next_item\n");
+ printf("#BINs\n");
+ for (i=0; i< NBINS; i++) {
+ printf("%d %d\n", i, pibs->bin_table[i]);
+ }
+ printf("#ITEMS\n");
+ printf("#Index next_item, timestamp, ipaddr\n");
+ for (i=0; i < NBINITEMS * NBINS; i++) {
+ printf("%d %d %d %x\n", i, pibs->items[i].next_item,
+ pibs->items[i].timestamp,
+ pibs->items[i].ipaddr);
+ }
+}
+
+void pibs_dump_stats(pibs_t* pibs)
+{
+ int i;
+ int j;
+ int cnt;
+ uint64_t sum;
+ sum = 0;
+ printf("#Bin table\n");
+ printf("#Bin number, Item offset, number of items\n");
+ for (i=0; i < NBINS; i++) {
+ j= pibs->bin_table[i];
+ cnt = 0;
+ while (j) {
+ cnt++;
+ j=pibs->items[j].next_item;
+ }
+ sum+=cnt;
+ printf("%d %d %d\n", i, pibs->bin_table[i], cnt);
+ }
+ printf("#Number of unique IP addresses: %ld\n", sum);
+}