00001
00039 #include <stdio.h>
00040 #include <stdlib.h>
00041 #include <unistd.h>
00042 #include <string.h>
00043 #include <netinet/if_ether.h>
00044 #include <flowmonexp/plugin_filter.h>
00045
00046 #include "../input-plugins/protocols.h"
00047
00065 #define VERSION "1.0"
00066
00070 #define PRINT(format,args...)
00071
00072
00076 #define PRINTERR(format,args...) fprintf(stderr,format,##args)
00077
00081 #define PRINTWARN(format,args...) fprintf(stderr,format,##args)
00082
00087 typedef struct
00088 {
00089 flow_record_getter_t *ethertype_getter;
00090 int not;
00091 }bacnet_filter_private_t;
00092
00096 unsigned int __attribute__((used))plugin_type = (PLUGIN_TYPE_FILTER);
00097
00101 static plugin_desc_t plugin_desc = {
00102 "filter-bacnet",
00103 "Version " VERSION
00104 "\nPlugin pass only BACnet and some other non-IP data (ARP). The behavior can be inverted by \'deny\' option.",
00105 0,
00106 0
00107 };
00108
00113 plugin_desc_t *plugin_filter_desc()
00114 {
00115 return(&plugin_desc);
00116 }
00117
00127 void *plugin_filter_init(char *params, flow_record_getter_t **getter_list)
00128 {
00129 bacnet_filter_private_t *retval;
00130 flow_record_getter_t *tmp;
00131
00132 PRINT ("plugin filter-bacnet init start\n");
00133 retval = malloc(sizeof(bacnet_filter_private_t));
00134 if(!retval){
00135 return(NULL);
00136 }
00137
00138 retval->ethertype_getter = NULL;
00139 retval->not = 0;
00140
00141 if (params != NULL) {
00142 if (strlen (params) == 0) {
00143 PRINTERR ("Invalid parameters\n");
00144 exit (-1);
00145 }
00146
00147 if (!strcmp ("allow", params)) {
00148 retval->not = 0;
00149 } else if (!strcmp ("deny", params)) {
00150 retval->not = 1;
00151 } else {
00152
00153 PRINTERR ("Invalid parameters\n");
00154 exit (-1);
00155 }
00156 }
00157
00158 tmp = getter_by_name(getter_list[0], "ETHERTYPE");
00159 if(tmp == NULL){
00160 PRINTERR ("Unable to find Ethertype getter\n");
00161 exit(-1);
00162 }
00163 getter_copy_to(&(retval->ethertype_getter), tmp);
00164
00165 PRINT ("plugin filter-bacnet init end\n");
00166
00167 return(retval);
00168 }
00169
00181 int plugin_filter_filter(void *plugin_private, flow_record_t *record)
00182 {
00183 bacnet_filter_private_t *p = (bacnet_filter_private_t*)plugin_private;
00184 uint16_t ethertype;
00185
00186 if (p->ethertype_getter && p->ethertype_getter->name){
00187 if(p->ethertype_getter->valid(p->ethertype_getter->self,record)){
00188 if (p->ethertype_getter->current_length(p->ethertype_getter->self, record) != 2) {
00189 return (FLOW_FILTER_DROP);
00190 }
00191
00192
00193 p->ethertype_getter->filler(p->ethertype_getter->self, record, ðertype, 2, 0);
00194
00195 switch (ethertype) {
00196 case BACNET_ETH_TYPE:
00197 case BACNET_IP_TYPE:
00198 case ETH_P_ARP:
00199 case ETH_P_ISMP:
00200 case ETH_P_SLOW:
00201 case ETH_P_LLDP:
00202 if(p->not){
00203 return(FLOW_FILTER_DROP);
00204 } else {
00205 return(FLOW_FILTER_PASS);
00206 }
00207 break;
00208 default:
00209 if(p->not){
00210 return(FLOW_FILTER_PASS);
00211 } else {
00212 return(FLOW_FILTER_DROP);
00213 }
00214 break;
00215 }
00216 }
00217 }
00218
00219 if(p->not){
00220 return(FLOW_FILTER_PASS);
00221 } else {
00222 return(FLOW_FILTER_DROP);
00223 }
00224 }
00225