Home > Software engineering >  Pray god to help analyze the meaning of the code of intrusion detection system
Pray god to help analyze the meaning of the code of intrusion detection system

Time:09-27

# include "sniff. H"

#include
#include
#include
#include
#include
#include

# include "dispatch. H"

//Application main sniffing loop
Void sniff (char * interface, int verbose) {
If (signal (SIGINT, sig_handler)==SIG_ERR) printf (" \ nCan 't catch SIGINT \ n ");
//the Open network interface for packet capture
Char errbuf [PCAP_ERRBUF_SIZE];
Pcap_t * pcap_handle=pcap_open_live (interface, 4096, 1, 0, errbuf);
If (pcap_handle==NULL) {
Fprintf (stderr, "Unable to open interface % s \ n", errbuf);
The exit (EXIT_FAILURE);
} else {
Printf (" SUCCESS! The Opened for the capture with a % s \ n ", interface);
}
//the Capture packets (very ugly code) - indeed
Const unsigned char * packet;
//struct pcap_pkthdr header;
Thread_create ();

While (1) {
//the Capture a packet
The header=struct pcap_pkthdr * malloc (sizeof (struct pcap_pkthdr));//declaration and allocation of memory done here to ensure that this data is not overwritten
Packet=pcap_next (pcap_handle, header);
Unsigned char * copy=malloc (header - & gt; Len);//declaration of new buffer, the allocation of the memory and copying the done in order to prevent overwriting of packet data
Memcpy (copy, packet, the header - & gt; Len);//cast things
If (packet==NULL) {
//pcap_next can return null if no packet is seen within a timeout
If (verbose) {
Printf (" No packet received. % s \ n ", pcap_geterr (pcap_handle));
}
} else {
//Optional: dump raw data to terminal
If (verbose) {
The dump (copy, the header - & gt; Len);
}
//Dispatch packet for processing
Dispatch (header, copy, verbose);
}
}
}

//Utility/was Debugging method for dumping raw packet data
Void dump (const unsigned char * data, int length) {
Unsigned int I;
The static unsigned long pcount=0;
//Decode Packet Header
Struct ether_header * eth_header=(struct ether_header *) data;
Printf (" \ n \ n===PACKET % ld HEADER===", pcount);
Printf (" \ nSource MAC: ");
For (I=0; i <6; + + I) {
Printf (" % 02 x ", eth_header - & gt; Ether_shost [I]);
If (I & lt; 5) {
Printf (" : ");
}
}
Printf (" \ nDestination MAC: ");
For (I=0; i <6; + + I) {
Printf (" % 02 x ", eth_header - & gt; Ether_dhost [I]);
If (I & lt; 5) {
Printf (" : ");
}
}
Printf (" % \ nType: hu \ n ", eth_header - & gt; Ether_type);
Printf ("===PACKET % ld DATA=HTTP://https://bbs.csdn.net/topics/=/n ", pcount);
//Decode Packet Data (Skipping over the header)
Int data_bytes=length - ETH_HLEN;
Const unsigned char * content=data + ETH_HLEN;
Const static int output_sz=20;//the Output this many bytes at a time
While (data_bytes & gt; 0 {
Int output_bytes=data_bytes & lt; Output_sz? Data_bytes: output_sz;
//Print data in raw hexadecimal form
For (I=0; i If (I & lt; Output_bytes) {
Printf (" % 02 x ", content [I]);
} else {
Printf (" ");//Maintain padding for partial lines
}
}
Printf (" | ");
//Print data in ASCII form
For (I=0; i Char byte=payload [I];
If (byte & gt; 31 & amp; & Byte & lt; 127) {
//Byte is printable ASCII range in
Printf (" % c ", byte);
} else {
Printf (". ");
}
}
printf("\n");
Content +=output_bytes;
Data_bytes -=output_bytes;
}
Pcount++;
}
The above is a sniff method for reading

Below is the dispatch method for reading
# include "dispatch. H"

#include
#include
#include
#include

# include "analysis. H"

# define MAX_THREAD_NUM 10

Pthread_mutex_t muxlock_queue=PTHREAD_MUTEX_INITIALIZER;//2 to change the queue by threads and 'dispatch'
Struct packet_queue * queue;//the queue, informs the to store packets for thread
Pthread_t threads [MAX_THREAD_NUM];//stores threads to be 2
Pthread_cond_t added.

Void * thread_code (void * arg) {
//struct thread_args * args=(struct thread_args *) arg.//stores the thread 's number (the when passed by thread_createh)
Struct packet_queue_elem * TMP;
//set the cancel state enabled so that the signal can terminate all threads
Pthread_setcancelstate (PTHREAD_CANCEL_ENABLE, NULL);
Pthread_setcanceltype (PTHREAD_CANCEL_ASYNCHRONOUS, NULL);

While (1) {
If (queue - & gt; The head==NULL) {
The pthread_cond_wait (& amp; Added, & amp; Muxlock_queue);//wait for a signal from dispatch saying that a packet has had been added to the queue
}

//at this point, the queue is already locked
//set the cancel state disabled so that if the thread is processing on termination, will wait until it is done before canceling
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull

Page link:https//www.codepudding.com/Softwareengineering/34474.html

Prev:Be urgent! Questions about MFCGridCtrl display appear gray not filled areas
Next:Use MFC FFTW
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding