3rd-party/libtins
1
0
Fork 0
mirror of https://github.com/mfontanini/libtins synced 2026-01-28 04:34:27 +01:00
Code Issues Releases Wiki Activity

Merge pull request #33 from mfontanini/sniffer-config-object

Browse Source 
Sniffer config object
This commit is contained in:
Matias Fontanini
2014-08-31 18:44:02 -03:00
parent 7135473d19 b6fdba0077
commit 4d8658ca54
11 changed files with 438 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
build/**
include/config.h

8
examples/arpmonitor.cpp
View File

@@ -87,10 +87,14 @@ int main(int argc, char *argv[])
return 1;
}
arp_monitor monitor;
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], Sniffer::PROMISC);
Sniffer sniffer(argv[1], config);
// Only capture arp packets
sniffer.set_filter("arp");
monitor.run(sniffer);
}

6
examples/beacon_display.cpp
View File

@@ -47,7 +47,11 @@ private:
};
void BeaconSniffer::run(const std::string &iface) {
Sniffer sniffer(iface, Sniffer::PROMISC, "type mgt subtype beacon", true);
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("type mgt subtype beacon");
config.set_rfmon(true);
Sniffer sniffer(iface, config);
sniffer.sniff_loop(make_sniffer_handler(this, &BeaconSniffer::callback));
}

7
examples/dns_queries.cpp
View File

@@ -55,10 +55,11 @@ int main(int argc, char *argv[])
return 1;
}
// Sniff on the provided interface in promiscuos mode
Sniffer sniffer(argv[1], Sniffer::PROMISC);
SnifferConfiguration config;
config.set_promisc_mode(true);
// Only capture udp packets sent to port 53
sniffer.set_filter("udp and dst port 53");
config.set_filter("udp and dst port 53");
Sniffer sniffer(argv[1], config);
// Start the capture
sniffer.sniff_loop(callback);

7
examples/dns_spoof.cpp
View File

@@ -90,10 +90,11 @@ int main(int argc, char *argv[])
return 1;
}
// Sniff on the provided interface in promiscuos mode
Sniffer sniffer(argv[1], Sniffer::PROMISC);
SnifferConfiguration config;
config.set_promisc_mode(true);
// Only capture udp packets sent to port 53
sniffer.set_filter("udp and dst port 53");
config.set_filter("udp and dst port 53");
Sniffer sniffer(argv[1], config);
// All packets will be sent through the provided interface
sender.default_interface(argv[1]);

6
examples/dns_stats.cpp
View File

@@ -166,8 +166,10 @@ int main(int argc, char *argv[]) {
return 1;
}
try {
Sniffer sniffer(argv[1], Sniffer::PROMISC);
sniffer.set_filter("udp and port 53");
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("udp and dst port 53");
Sniffer sniffer(argv[1], config);
dns_monitor monitor;
std::thread thread(
[&]() {

4
examples/portscan.cpp
View File

@@ -117,7 +117,9 @@ void scan(int argc, char *argv[]) {
cout << "Sniffing on interface: " << iface.name() << endl;
// 300 bytes are enough to receive SYNs and RSTs.
Sniffer sniffer(iface.name(), 300);
SnifferConfiguration config;
config.set_snap_len(300);
Sniffer sniffer(iface.name(), config);
sniffer_data data(&sniffer, argv[1]);
pthread_t thread;
// Launch our sniff thread.

10
examples/traceroute.cpp
View File

@@ -47,10 +47,12 @@ public:
result_type trace() {
// ICMPs that aren't sent from us.
Sniffer sniffer(
iface.name(), 500, false,
"ip proto \\icmp and not src host " + iface.addresses().ip_addr.to_string()
);
SnifferConfiguration config;
config.set_snap_len(500);
config.set_promisc_mode(false);
config.set_filter(
"ip proto \\icmp and not src host " + iface.addresses().ip_addr.to_string());
Sniffer sniffer(iface.name(), config);
PacketSender sender;
// Create our handler

6
examples/wps_detect.cpp
View File

@@ -69,6 +69,10 @@ int main(int argc, char *argv[]) {
return 1;
}
// Only sniff beacons
Sniffer sniffer(argv[1], 2000, true, "wlan type mgt subtype beacon");
SnifferConfiguration config;
config.set_snap_len(2000);
config.set_promisc_mode(true);
config.set_filter("wlan type mgt subtype beacon");
Sniffer sniffer(argv[1], config);
sniffer.sniff_loop(handler);
}

156
include/sniffer.h
View File

@@ -45,6 +45,7 @@
namespace Tins {
class SnifferIterator;
class SnifferConfiguration;
/**
* \class BaseSniffer
@@ -238,17 +239,16 @@ namespace Tins {
* Default constructor.
*/
BaseSniffer();
/**
* \brief Initialices this BaseSniffer.
*
* \param phandle The pcap handle to be used for sniffing.
* \param filter The pcap filter which will be applied to the
* stream.
* \param if_mask The interface's subnet mask. If 0 is provided,
* then some IP broadcast tests won't work correctly.
*/
void init(pcap_t *phandle, const std::string &filter, bpf_u_int32 if_mask);
void set_pcap_handle(pcap_t* const pcap_handle);
pcap_t* get_pcap_handle();
const pcap_t* get_pcap_handle() const;
void set_if_mask(bpf_u_int32 if_mask);
bpf_u_int32 get_if_mask() const;
private:
BaseSniffer(const BaseSniffer&);
BaseSniffer &operator=(const BaseSniffer&);
@@ -264,12 +264,24 @@ namespace Tins {
*/
class Sniffer : public BaseSniffer {
public:
/**
* \deprecated
*/
enum promisc_type {
NON_PROMISC,
PROMISC
};
/**
* Constructs an instance of Sniffer.
*
* \param device The device which will be sniffed.
* \param configuration The configuration object to use to setup the sniffer.
*/
Sniffer(const std::string &device, const SnifferConfiguration& configuration);
/**
* \deprecated
* Constructs an instance of Sniffer.
*
* By default the interface won't be put into promiscuous mode, and won't
@@ -285,6 +297,7 @@ namespace Tins {
bool promisc = false, const std::string &filter = "", bool rfmon = false);
/**
* \deprecaetd
* \brief Constructs an instance of Sniffer.
*
* The maximum capture size is set to 65535. By default the interface won't
@@ -297,9 +310,17 @@ namespace Tins {
*/
Sniffer(const std::string &device, promisc_type promisc = NON_PROMISC,
const std::string &filter = "", bool rfmon = false);
private:
void init_sniffer(const std::string &device, unsigned max_packet_size,
bool promisc = false, const std::string &filter = "", bool rfmon = false);
friend class SnifferConfiguration;
void set_snap_len(unsigned snap_len);
void set_buffer_size(unsigned buffer_size);
void set_promisc_mode(bool promisc_enabled);
void set_rfmon(bool rfmon_enabled);
};
/**
@@ -316,6 +337,15 @@ namespace Tins {
* \param file_name The pcap file which will be parsed.
* \param filter A capture filter to be used on the file.(optional);
*/
FileSniffer(const std::string &file_name, const SnifferConfiguration& configuration);
/**
* \deprecated
*
* \brief Constructs an instance of FileSniffer.
* \param file_name The pcap file which will be parsed.
* \param filter A capture filter to be used on the file.(optional);
*/
FileSniffer(const std::string &file_name, const std::string &filter = "");
};
@@ -417,6 +447,106 @@ namespace Tins {
Packet pkt;
};
/**
* \class SnifferConfiguration
* \brief Represents the configuration of a BaseSniffer object.
*
* This class can be used as an easy way to configure a Sniffer
* or FileSniffer object.
*
* It can be used by constructing an object of this type,
* setting the desired values and then passing it to the
* Sniffer or FileSniffer object's constructor.
*
* For example:
*
* \code
* // Initialize the configuration.
* SnifferConfiguration config;
* config.set_filter("ip and port 80");
* config.set_promisc_mode(true);
*
* // Use it on a Sniffer object.
* Sniffer sniffer("eth0", config);
* \endcode
*/
class SnifferConfiguration {
public:
/**
* \brief The default snapshot length.
*
* This is 65535 by default.
*/
static const unsigned DEFAULT_SNAP_LEN;
/**
* \brief The default timeout.
*
* This is 1000 by default.
*/
static const unsigned DEFAULT_TIMEOUT;
/**
* Default constructs a SnifferConfiguration.
*/
SnifferConfiguration();
/**
* Sets the snapshot length option.
* \param snap_len The snapshot length to be set.
*/
void set_snap_len(unsigned snap_len);
/**
* Sets the buffer size option.
* \param buffer_size The buffer size to be set.
*/
void set_buffer_size(unsigned buffer_size);
/**
* Sets the promiscuous mode option.
* \param enabled The promiscuous mode value.
*/
void set_promisc_mode(bool enabled);
/**
* Sets a pcap filter to use on the sniffer.
* \param filter The pcap filter to be used.
*/
void set_filter(const std::string& filter);
/**
* Sets the rfmon option.
* \param enabled The rfmon option value.
*/
void set_rfmon(bool enabled);
/**
* Sets the timeout option.
* \param timeout The timeout to be set.
*/
void set_timeout(unsigned timeout);
protected:
friend class Sniffer;
friend class FileSniffer;
void configure_sniffer_pre_activation(Sniffer& sniffer) const;
void configure_sniffer_pre_activation(FileSniffer& sniffer) const;
void configure_sniffer_post_activation(Sniffer& sniffer) const;
unsigned _snap_len;
bool _has_buffer_size;
unsigned _buffer_size;
bool _has_promisc;
bool _promisc;
bool _has_rfmon;
bool _rfmon;
bool _has_filter;
std::string _filter;
unsigned _timeout;
};
template<class Functor>
void Tins::BaseSniffer::sniff_loop(Functor function, uint32_t max_packets) {
for(iterator it = begin(); it != end(); ++it) {

342
src/sniffer.cpp
View File

@@ -49,19 +49,36 @@ BaseSniffer::BaseSniffer()
}
BaseSniffer::~BaseSniffer() {
if(handle)
BaseSniffer::~BaseSniffer()
{
if (handle) {
pcap_close(handle);
}
}
void BaseSniffer::init(pcap_t *phandle, const std::string &filter,
bpf_u_int32 if_mask)
void BaseSniffer::set_pcap_handle(pcap_t* const pcap_handle)
{
handle = pcap_handle;
}
pcap_t* BaseSniffer::get_pcap_handle()
{
return handle;
}
const pcap_t* BaseSniffer::get_pcap_handle() const
{
return handle;
}
void BaseSniffer::set_if_mask(bpf_u_int32 if_mask)
{
handle = phandle;
mask = if_mask;
if(!filter.empty() && !set_filter(filter))
throw runtime_error("Invalid filter");
}
bpf_u_int32 BaseSniffer::get_if_mask() const
{
return mask;
}
struct sniff_data {
@@ -183,8 +200,10 @@ BaseSniffer::iterator BaseSniffer::end() {
bool BaseSniffer::set_filter(const std::string &filter) {
bpf_program prog;
if(pcap_compile(handle, &prog, filter.c_str(), 0, mask) == -1)
if(pcap_compile(handle, &prog, filter.c_str(), 0, mask) == -1) {
std::cout << pcap_geterr(handle) << std::endl;
return false;
}
bool result = pcap_setfilter(handle, &prog) != -1;
pcap_freecode(&prog);
return result;
@@ -196,94 +215,245 @@ void BaseSniffer::set_timeout(int ms) {
// ****************************** Sniffer ******************************
pcap_t *
pcap_open_live_extended(const char *source, int snaplen, int promisc, int to_ms, int rfmon, std::string& error)
{
pcap_t *p;
char errbuf[PCAP_ERRBUF_SIZE];
int status;
p = pcap_create(source, errbuf);
if (p == NULL) {
error = errbuf;
return (NULL);
}
status = pcap_set_snaplen(p, snaplen);
if (status < 0)
goto fail;
status = pcap_set_promisc(p, promisc);
if (status < 0)
goto fail;
status = pcap_set_timeout(p, to_ms);
if (status < 0)
goto fail;
#ifndef WIN32
if(pcap_can_set_rfmon(p) == 1) {
status = pcap_set_rfmon(p, rfmon);
if (status < 0)
goto fail;
}
#endif // WIN32
status = pcap_activate(p);
if (status < 0)
goto fail;
return (p);
fail:
std::ostringstream oss;
oss << source << ": " << pcap_geterr(p);
error = oss.str();
pcap_close(p);
return (NULL);
}
Sniffer::Sniffer(const string &device, unsigned max_packet_size,
bool promisc, const string &filter, bool rfmon)
{
init_sniffer(device, max_packet_size, promisc, filter, rfmon);
}
Sniffer::Sniffer(const std::string &device, promisc_type promisc,
const std::string &filter, bool rfmon)
{
init_sniffer(device, 65535, promisc == PROMISC, filter, rfmon);
}
void Sniffer::init_sniffer(const std::string &device, unsigned max_packet_size,
bool promisc, const std::string &filter, bool rfmon)
Sniffer::Sniffer(const string &device, const SnifferConfiguration& configuration)
{
char error[PCAP_ERRBUF_SIZE];
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(device.c_str(), &ip, &if_mask, error) == -1) {
ip = 0;
if_mask = 0;
pcap_t* phandle = pcap_create(device.c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
std::string string_error;
pcap_t *phandle = pcap_open_live_extended(
device.c_str(),
max_packet_size,
promisc,
1000,
rfmon,
string_error
);
if(!phandle)
throw runtime_error(string_error);
init(phandle, filter, if_mask);
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(device.c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw std::runtime_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
Sniffer::Sniffer(const std::string &device, unsigned max_packet_size, bool promisc,
const std::string &filter, bool rfmon)
{
SnifferConfiguration configuration;
configuration.set_snap_len(max_packet_size);
configuration.set_promisc_mode(promisc);
configuration.set_filter(filter);
configuration.set_rfmon(rfmon);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(device.c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(device.c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw std::runtime_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
Sniffer::Sniffer(const std::string &device, promisc_type promisc, const std::string &filter,
bool rfmon)
{
SnifferConfiguration configuration;
configuration.set_promisc_mode(promisc == PROMISC);
configuration.set_filter(filter);
configuration.set_rfmon(rfmon);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(device.c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(device.c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw std::runtime_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
void Sniffer::set_snap_len(unsigned snap_len)
{
if (pcap_set_snaplen(get_pcap_handle(), snap_len)) {
throw std::runtime_error(pcap_geterr(get_pcap_handle()));
}
}
void Sniffer::set_buffer_size(unsigned buffer_size)
{
if (pcap_set_buffer_size(get_pcap_handle(), buffer_size)) {
throw std::runtime_error(pcap_geterr(get_pcap_handle()));
}
}
void Sniffer::set_promisc_mode(bool promisc_enabled)
{
if (pcap_set_promisc(get_pcap_handle(), promisc_enabled)) {
throw runtime_error(pcap_geterr(get_pcap_handle()));
}
}
void Sniffer::set_rfmon(bool rfmon_enabled)
{
#ifndef WIN32
if (pcap_can_set_rfmon(get_pcap_handle()) == 1) {
if (pcap_set_rfmon(get_pcap_handle(), rfmon_enabled)) {
throw runtime_error(pcap_geterr(get_pcap_handle()));
}
}
#endif
}
// **************************** FileSniffer ****************************
FileSniffer::FileSniffer(const string &file_name, const string &filter) {
FileSniffer::FileSniffer(const string &file_name, const SnifferConfiguration& configuration) {
char error[PCAP_ERRBUF_SIZE];
pcap_t *phandle = pcap_open_offline(file_name.c_str(), error);
if(!phandle)
if(!phandle) {
throw std::runtime_error(error);
}
set_pcap_handle(phandle);
// Configure the sniffer
configuration.configure_sniffer_pre_activation(*this);
init(phandle, filter, 0);
}
FileSniffer::FileSniffer(const std::string &file_name, const std::string &filter)
{
SnifferConfiguration config;
config.set_filter(filter);
char error[PCAP_ERRBUF_SIZE];
pcap_t *phandle = pcap_open_offline(file_name.c_str(), error);
if(!phandle) {
throw std::runtime_error(error);
}
set_pcap_handle(phandle);
// Configure the sniffer
config.configure_sniffer_pre_activation(*this);
}
// ************************ SnifferConfiguration ************************
const unsigned SnifferConfiguration::DEFAULT_SNAP_LEN = 65535;
const unsigned SnifferConfiguration::DEFAULT_TIMEOUT = 1000;
SnifferConfiguration::SnifferConfiguration() :
_snap_len(DEFAULT_SNAP_LEN),
_has_buffer_size(false), _buffer_size(0),
_has_promisc(false), _promisc(false),
_has_rfmon(false), _rfmon(false),
_has_filter(false),
_timeout(DEFAULT_TIMEOUT)
{
}
void SnifferConfiguration::configure_sniffer_pre_activation(Sniffer& sniffer) const
{
sniffer.set_snap_len(_snap_len);
sniffer.set_timeout(_timeout);
if (_has_buffer_size) {
sniffer.set_buffer_size(_buffer_size);
}
if (_has_promisc) {
sniffer.set_promisc_mode(_promisc);
}
if (_has_rfmon) {
sniffer.set_rfmon(_rfmon);
}
}
void SnifferConfiguration::configure_sniffer_pre_activation(FileSniffer& sniffer) const
{
if (_has_filter) {
if (!sniffer.set_filter(_filter)) {
throw std::runtime_error("Could not set the filter!");
}
}
}
void SnifferConfiguration::configure_sniffer_post_activation(Sniffer& sniffer) const
{
if (_has_filter) {
if (!sniffer.set_filter(_filter)) {
throw std::runtime_error("Could not set the filter! ");
}
}
}
void SnifferConfiguration::set_snap_len(unsigned snap_len)
{
_snap_len = snap_len;
}
void SnifferConfiguration::set_buffer_size(unsigned buffer_size)
{
_has_buffer_size = true;
_buffer_size = buffer_size;
}
void SnifferConfiguration::set_promisc_mode(bool enabled)
{
_has_promisc = true;
_promisc = enabled;
}
void SnifferConfiguration::set_filter(const std::string& filter)
{
_has_filter = true;
_filter = filter;
}
void SnifferConfiguration::set_rfmon(bool enabled)
{
_has_rfmon = true;
_rfmon = enabled;
}
void SnifferConfiguration::set_timeout(unsigned timeout)
{
_timeout = timeout;
}
}