 |
flowmon-http-plugins
1.0
FlowMon HTTP Input/Process/export plugins
|
|
flowmon-http-plugins
1.0
FlowMon HTTP Input/Process/export plugins
|
Input plugin for flowmon, parse HTTP headers. More...
#include <stdio.h>#include <string.h>#include <stdlib.h>#include <unistd.h>#include <pcap.h>#include <stdbool.h>#include <sys/timeb.h>#include <time.h>#include <signal.h>#include <sys/cdefs.h>#include <flowmonexp/plugin_input.h>#include <netinet/ip.h>#include <netinet/ip6.h>#include <netinet/ether.h>#include "flowmon-input-http.h"#include "lex.h"#include <openssl/md5.h>#include <inttypes.h>Go to the source code of this file.
Data Structures | |
| struct | plugin_private_http |
Macros | |
| #define | PRINTV(format, args...) do {if (VERBOSE) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
| #define | PRINTD(format, args...) do {if (DEBUG) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
| #define | PRINTA(format, args...) do {if (VERBOSE || DEBUG) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
Functions | |
| SET_PLUGIN_TYPE (PLUGIN_TYPE_INPUT|PLUGIN_TYPE_PROCESS) | |
| int | lex_strstr (char *buf, int n, http_record_t *http) |
| Function to parse buffer with flex. | |
| void | plugin_input_getter_init (void *plugin_private, flow_record_getter_t **getter_list) |
| Function to initialize getters. | |
| char * | getfilter (char *file) |
| reads libpcap filter from file | |
| void * | plugin_input_init (char *params, int full_packet, int data_offset) |
| initialization of input-http plugin | |
| void | plugin_process_update (void *plugin_private, flow_record_t *record, flow_record_t *update) |
| process update function, refills flow data if flow is not already filled | |
| unsigned char * | getbuf (int counter, unsigned char *packets[40], int min, int max) |
| Get buffer for benchmarking from C array isntead of pcap. | |
| int | parse_headers (unsigned char *buf, http_record_t *http, int buflen) |
| parse HTTP headers from data payload | |
| char | YY_GET_EOF_CHAR () |
| YY_BUFFER_STATE | my_scan_buffer (char *base, yy_size_t size, yyscan_t yyscanner) |
| void | my_init_extra (yyscan_t backup_scanner, YY_EXTRA_TYPE user_defined, yyscan_t scanner) |
| YY_BUFFER_STATE | my_scan_bytes (yyconst char *yybytes, yy_size_t _yybytes_len, yyscan_t yyscanner) |
| void | my_delete_buffer (YY_BUFFER_STATE b, yyscan_t yyscanner) |
| plugin_desc_t * | plugin_process_desc () |
| Returns plugin description. | |
| void * | plugin_process_init (char *params, int data_offset) |
| blank function | |
Variables | |
| int | GLOBAL_FLOW_OFFSET |
| bool | VERBOSE |
| bool | DEBUG |
| yyscan_t | backup_scanner |
| yyscan_t | scanner |
Input plugin for flowmon, parse HTTP headers.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
This software is provided ``as is'', and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the company or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
Definition in file flowmon-input-http.c.
| #define PRINTV | ( | format, | |
| args... | |||
| ) | do {if (VERBOSE) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
Print when verbose mode is on
Definition at line 64 of file flowmon-input-http.c.
| #define PRINTD | ( | format, | |
| args... | |||
| ) | do {if (DEBUG) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
Print when debug mode is on
Definition at line 67 of file flowmon-input-http.c.
| #define PRINTA | ( | format, | |
| args... | |||
| ) | do {if (VERBOSE || DEBUG) { fprintf(stdout, format, ##args); fflush(stdout); } } while (0) |
Print when debug of verbose mode is on
Definition at line 70 of file flowmon-input-http.c.
| SET_PLUGIN_TYPE | ( | PLUGIN_TYPE_INPUT| | PLUGIN_TYPE_PROCESS | ) |
Set plugin type for flowmonexp
|
inline |
Function to parse buffer with flex.
| *buf | pointer to start of data payload |
| n | length of buffer |
| *http | pointer to plugin internal structure |
| void plugin_input_getter_init | ( | void * | plugin_private, |
| flow_record_getter_t ** | getter_list | ||
| ) |
Function to initialize getters.
| *plugin_private | allocated plugin's private structure |
| **getter_list | list of getters to export |
| char* getfilter | ( | char * | file | ) |
reads libpcap filter from file
| *file | with filter on first line |
| void* plugin_input_init | ( | char * | params, |
| int | full_packet, | ||
| int | data_offset | ||
| ) |
initialization of input-http plugin
| *params | = character field |
| full_packet | = ??? |
| data_offset | = offset to acces plugin's private structure |
| void plugin_process_update | ( | void * | plugin_private, |
| flow_record_t * | record, | ||
| flow_record_t * | update | ||
| ) |
process update function, refills flow data if flow is not already filled
| *plugin_private | = plugin private structure |
| *record | = data got from prevous packets |
| *update | = data got from current packet |
|
inline |
Get buffer for benchmarking from C array isntead of pcap.
| counter | number of passed packets |
| *packets | array with different packets exported from wireshark |
| min | specify range of packets |
| max | specify range of packets |
|
inline |
parse HTTP headers from data payload
| *buf | = pointer to start of data payload |
| *http | = structure to fill parsed data |
| buflen | = length of buffer |
|
inline |
Optimized version of lexer function
YY_END_OF_BUFFER_CHAR wrapper
Definition at line 60 of file lex.functions.c.
|
inline |
Optimized version of lexer function
Optimized lexer functio n
Definition at line 66 of file lex.functions.c.
| void my_init_extra | ( | yyscan_t | backup_scanner, |
| YY_EXTRA_TYPE | user_defined, | ||
| yyscan_t | scanner | ||
| ) |
Optimized version of lexer function
Optimized lexer function
Definition at line 40 of file lex.functions.c.
| YY_BUFFER_STATE my_scan_bytes | ( | yyconst char * | yybytes, |
| yy_size_t | _yybytes_len, | ||
| yyscan_t | yyscanner | ||
| ) |
Optimized version of lexer function
Optimized lexer function
Definition at line 90 of file lex.functions.c.
| void my_delete_buffer | ( | YY_BUFFER_STATE | b, |
| yyscan_t | yyscanner | ||
| ) |
Optimized version of lexer function
Optimized lexer function
Definition at line 119 of file lex.functions.c.
| plugin_desc_t* plugin_process_desc | ( | ) |
Returns plugin description.
Definition at line 1091 of file flowmon-input-http.c.
| void* plugin_process_init | ( | char * | params, |
| int | data_offset | ||
| ) |
blank function
Definition at line 1100 of file flowmon-input-http.c.
| int GLOBAL_FLOW_OFFSET |
Used to share flow data between input and process plugin
Definition at line 76 of file flowmon-input-http.c.
| bool VERBOSE |
Verbose mode flag
Definition at line 79 of file flowmon-input-http.c.
| bool DEBUG |
Debug mode flag
Definition at line 82 of file flowmon-input-http.c.
| yyscan_t backup_scanner |
Buffer used in flex
Definition at line 171 of file flowmon-input-http.c.
| yyscan_t scanner |
Buffer used in flex
Definition at line 174 of file flowmon-input-http.c.