chg: [pibs] added option to bypass synseen logic

2020-02-19 17:18:06 +01:00 · 2020-02-19 17:18:06 +01:00 · 38036c3f47
parent 347d6e4d71
commit 38036c3f47
1 changed files with 29 additions and 27 deletions
--- a/bin/synseen.c
+++ b/bin/synseen.c
@ -145,35 +145,37 @@ void synseen_process_frame(pibs_t *pibs, wtap *wth, uint8_t* eth,
    uint32_t ip;
    struct pcap_pkthdr pchdr;
    memcpy(&ip, &ipv4->ip_src, 4);
-    // Record only source ips where syn flag is set
-    // TODO check other connection establishment alternatives
-    if (tcp->th_flags  == 2 ){
-        insert_ip(pibs, ip, wth->rec.ts.secs);
-        return;
-    }
+    if (!pibs->bypass) {
+        // Record only source ips where syn flag is set
+        // TODO check other connection establishment alternatives
+        if (tcp->th_flags  == 2 ){
+            insert_ip(pibs, ip, wth->rec.ts.secs);
+            return;
+        }

-    lastseen =  get_last_timestamp(pibs, ip);
+        lastseen =  get_last_timestamp(pibs, ip);

-    if (lastseen > 0){
-        HDBG("IP %x %s was already seen before at %ld. Time difference %ld.\n"
-               , ip, inet_ntoa(ipv4->ip_src), lastseen, wth->rec.ts.secs-lastseen);
-        return;
-    }
-    // TODO keep these IPs in a hashtable and rank them
-    if (pibs->show_backscatter) {
-        printf("%ld,%s,%d,%d\n",
-               wth->rec.ts.secs, inet_ntoa(ipv4->ip_src), tcp->th_flags,
-               ntohs(tcp->th_sport));
-    }
-    //TODO relative time
-    //Purge old ips?
-    if (pibs->should_writepcap) {
-        pchdr.ts.tv_sec = wth->rec.ts.secs;
-        //TODO other part of the timestamp
-        pchdr.ts.tv_usec = wth->rec.ts.nsecs / 1000;
-        pchdr.caplen =  wth->rec.rec_header.packet_header.caplen;
-        pchdr.len =  wth->rec.rec_header.packet_header.len;
-        pcap_dump((u_char*)pibs->dumper, &pchdr, eth);
+        if (lastseen > 0){
+            HDBG("IP %x %s was already seen before at %ld. Time difference %ld.\n"
+                   , ip, inet_ntoa(ipv4->ip_src), lastseen, wth->rec.ts.secs-lastseen);
+            return;
+        }
+        // TODO keep these IPs in a hashtable and rank them
+        if (pibs->show_backscatter) {
+            printf("%ld,%s,%d,%d\n",
+                wth->rec.ts.secs, inet_ntoa(ipv4->ip_src), tcp->th_flags,
+                ntohs(tcp->th_sport));
+        }
+        //TODO relative time
+        //Purge old ips?
+        if (pibs->should_writepcap) {
+            pchdr.ts.tv_sec = wth->rec.ts.secs;
+            //TODO other part of the timestamp
+            pchdr.ts.tv_usec = wth->rec.ts.nsecs / 1000;
+            pchdr.caplen =  wth->rec.rec_header.packet_header.caplen;
+            pchdr.len =  wth->rec.rec_header.packet_header.len;
+            pcap_dump((u_char*)pibs->dumper, &pchdr, eth);
+        }
    }
    if (pibs->synseen_callback) {
        synseen_callback = pibs->synseen_callback;