From 81356312ca1de67e211cd15c7e8b118eda37a909 Mon Sep 17 00:00:00 2001 From: Gerard Wagener Date: Wed, 22 May 2019 11:16:03 +0200 Subject: [PATCH] added pibs.c file --- bin/pibs.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 bin/pibs.c diff --git a/bin/pibs.c b/bin/pibs.c new file mode 100644 index 0000000..6b65842 --- /dev/null +++ b/bin/pibs.c @@ -0,0 +1,131 @@ +/* +* pibs - Passive Identification of BackScatter +* +* Copyright (C) 2019 Gerard Wagener +* Copyright (C) 2019 CIRCL Computer Incident Response Center Luxembourg +* (SMILE gie). +* +* This program is free software: you can redistribute it and/or modify +* it under the terms of the GNU Affero General Public License as published by +* the Free Software Foundation, either version 3 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Affero General Public License for more details. +* +* You should have received a copy of the GNU Affero General Public License +* along with this program. If not, see . +*/ +#include "pibs.h" + +int main(int argc, char* argv[]) +{ + + int opt; + pibs_t* pibs; + + pibs = init(); + + fprintf(stderr, "[INFO] pid = %d\n",(int)getpid()); + + while ((opt = getopt(argc, argv, "r:dbsni:au:z:p:w:y:")) != -1) { + switch (opt) { + case 'r': + strncpy(pibs->filename, optarg, FILENAME_MAX); + break; + case 'd': + pibs->should_dump_table = 1; + break; + case 'b': + pibs->show_backscatter = 1; + break; + case 's': + pibs->show_stats = 1; + break; + case 'n': + pibs->should_create_shm = 1; + break; + case 'i': + strncpy(pibs->shmid_file, optarg, FILENAME_MAX); + break; + case 'a': + pibs->should_attach = 1; + break; + case 'u': + strncpy(pibs->uuid, optarg, SZUUID); + break; + case 'z': + strncpy(pibs->server,optarg, SZSERVER); + break; + case 'p': + pibs->port=atoi(optarg); + break; + case 'w': + strncpy(pibs->outputfile,optarg, FILENAME_MAX); + pibs->should_writepcap = 1; + break; + case 'y': + pibs->redisdb = atoi(optarg); + break; + + default: /* '?' */ + + fprintf(stderr, "[ERROR] Invalid command line was specified\n"); + } + } + if (pibs->should_create_shm) { + pibs_shmget(pibs); + if (pibs->shmid >0){ + printf("Create a new shared memory segment %d\n", pibs->shmid); + } else { + printf("Failed to get shared memory segment. Cause = %s\n", + strerror(pibs->errno_copy)); + } + } + if (pibs->should_attach) { + if (pibs_shmat(pibs) > 0 ) { + printf("Attached to shared memory segment %d\n", pibs->shmid); + } else { + printf("Failed to attach to shared memory segment. System error:%s\n", + strerror(pibs->errno_copy)); + return EXIT_FAILURE; + } + } + if (pibs->uuid[0]) { + if ((pibs->server[0] == 0) || (pibs->port == 0)) { + fprintf(stderr,"Redis parameter server and port are incomplete. Use -z and -p options.\n"); + return EXIT_FAILURE; + } + process_redis_list(pibs); + } + + //FIXME Add proper error handling for writecap + if (pibs->should_writepcap) { + pibs->outcap = pcap_open_dead(DLT_EN10MB, 65535); + pibs->dumper = pcap_dump_open(pibs->outcap, pibs->outputfile); + if (pibs->dumper == NULL) { + printf("Failed to open outputfile. Reason=%s\n", pcap_geterr(pibs->outcap)); + return EXIT_FAILURE; + } + } + + if (pibs->show_backscatter) + printf("#timestamp, source IP, TCP flags, source port\n"); + if (pibs->filename[0]) { + process_file(pibs); + } + if (pibs->should_dump_table){ + pibs_dump_raw(pibs); + pibs_dump_raw(pibs); + } + if (pibs->show_stats){ + pibs_dump_stats(pibs); + } + if (pibs->should_writepcap) { + pcap_dump_close(pibs->dumper); + printf("[INFO] Created pcap file %s\n", pibs->outputfile); + } + return EXIT_FAILURE; +}