Bug #34545 for Net-LibNIDS: Updates for libnids-1.19

On Sat Mar 29 19:01:05 2008, edeca wrote: Show quoted text
An update to the patch, now supports multiproc to make libnids use a separate thread for processing. An example called example-new.pl that works is included. Some more cleanups. David

diff -Nu Net-LibNIDS-0.01/Changes Net-LibNIDS-0.02/Changes --- Net-LibNIDS-0.01/Changes 2008-03-29 21:59:48.000000000 +0000 +++ Net-LibNIDS-0.02/Changes 2008-04-01 22:02:56.000000000 +0100 @@ -1,5 +1,8 @@ Revision history for Perl extension Lib::nids. +0.02 Sat Mar 29 12:00:00 2008 + - updated now that libnids exports last_hdr by default, added multiproc option, some tidy up + 0.01 Sat Jun 12 12:13:38 2004 - original version; created by h2xs 1.22 with options -a -a --name=Lib::nids --use-new-tests --skip-exporter --skip-autoloader /Users/sky/Documents/Projects/perlnids/include/nids.h diff -Nu Net-LibNIDS-0.01/LibNIDS.pm Net-LibNIDS-0.02/LibNIDS.pm --- Net-LibNIDS-0.01/LibNIDS.pm 2008-03-29 21:59:48.000000000 +0000 +++ Net-LibNIDS-0.02/LibNIDS.pm 2008-04-01 22:03:38.000000000 +0100 @@ -7,7 +7,7 @@ our @ISA = qw(); -our $VERSION = '0.01'; +our $VERSION = '0.02'; sub AUTOLOAD { # This AUTOLOAD is used to 'autoload' constants from the constant() @@ -85,7 +85,7 @@ =head1 DESCRIPTION -The workflow of using libnids is to set all paremeters, then call init, set up a callback then run. +The workflow of using libnids is to set all parameters, then call init, set up a callback then run. =head1 Net::LibNIDS::init( ) @@ -149,15 +149,15 @@ =head2 $tcp_stream->lastpacket_sec -Returns the seconds from epoch that this packet was recorded. Only available if libnids was compiled with the patch that comes with this package. +Returns the seconds from epoch that this packet was recorded. Only available with libnids version >= 1.19. =head2 $tcp_stream->lastpacket_usec -Returns the microsecond fraction that this packet was recorded. Used together with $tcp_stream->lastpacket to get the most correct timestamp possible. Only available if libnids was compiled with the patch that comes with this package. +Returns the microsecond fraction that this packet was recorded. Used together with $tcp_stream->lastpacket to get the most correct timestamp possible. Only available with libnids version >= 1.19. =head2 $tcp_stream->server $tcp_stream->client -Returns a Net::LibNIDS::tcp_stream::half object, corresponding for the client hald and the server half. +Returns a Net::LibNIDS::tcp_stream::half object, corresponding to the client half and the server half. =head1 Net::LibNIDS::tcp_stream::half @@ -221,6 +221,8 @@ The pcap filter to apply on the packets. Note however that if you have fragmented packets you cannot use the pcap filter on for example ports, since fragmented ip packets might not contain enough tcp information to determine port. +See the note in the libnids manpage for a workaround. + =head2 n_tcp_streams (Net::LibNIDS::param::set_n_tcp_streams(numbers) Net::LibNIDS::param::get_n_tcp_streams) From libnids documentation: @@ -256,6 +258,10 @@ type of the interface libnids will listen on. Default value: -1." +=head2 multiproc (Net::LibNIDS::param::set_multiproc(number) Net::LibNIDS::param::get_multiproc) + +If this is set to a non-zero value, libnids will create a new thread for packet processing. + =head2 syslog Not supported by this extension @@ -307,6 +313,10 @@ Not currently supported by this extension +=head2 Note + +Previous versions of Net::LibNIDS included a patch against libnids in order to obtain packet timings. This is no longer necessary as long as libnids-1.19 or greater is used. + =head1 SEE ALSO libnids man page @@ -317,6 +327,7 @@ =head1 AUTHOR Arthur Bergman, E<lt>sky@nanisky.comE<gt> +Modified for libnids >= 1.19 by David Cannings, E<lt>david@edeca.netE<gt> =head1 COPYRIGHT AND LICENSE diff -Nu Net-LibNIDS-0.01/LibNIDS.xs Net-LibNIDS-0.02/LibNIDS.xs --- Net-LibNIDS-0.01/LibNIDS.xs 2008-03-29 21:59:48.000000000 +0000 +++ Net-LibNIDS-0.02/LibNIDS.xs 2008-04-01 21:49:39.000000000 +0100 @@ -69,6 +69,10 @@ return "NIDS_CLOSE"; case NIDS_RESET: return "NIDS_RESET"; + case NIDS_TIMED_OUT: + return "NIDS_TIMED_OUT"; + case NIDS_EXITING: + return "NIDS_EXITING"; default: return "UNKNOWN"; } @@ -80,12 +84,13 @@ MODULE = Net::LibNIDS PACKAGE = Net::LibNIDS::tcp_stream -#ifdef NIDS_SAVES_LAST_PCAP_HDR +# Export of last_pcap_header was added in libnids-1.19 +#if NIDS_MINOR>=19 IV lastpacket_sec(obj) SV* obj CODE: - RETVAL = last_pcap_header->ts.tv_sec; + RETVAL = nids_last_pcap_header->ts.tv_sec; OUTPUT: RETVAL @@ -93,7 +98,7 @@ lastpacket_usec(obj) SV* obj CODE: - RETVAL = last_pcap_header->ts.tv_usec; + RETVAL = nids_last_pcap_header->ts.tv_usec; OUTPUT: RETVAL @@ -103,13 +108,13 @@ lastpacket_sec(obj) SV* obj CODE: - croak("You need a patched libnids that saves the last pcap header"); + croak("You need libnids >1.19 in order to use this function"); void lastpacket_usec(obj) SV* obj CODE: - croak("You need a patched libnids that saves the last pcap header"); + croak("You need libnids >1.19 in order to use this function"); #endif @@ -468,12 +473,20 @@ CODE: nids_params.one_loop_less = one_loop_less; + # TODO: TEST THESE + # TODO: What version of libnids were these added in? Use preprocessor + # to leave out those that aren't supported +IV +get_multiproc() + CODE: + RETVAL = nids_params.multiproc; + OUTPUT: + RETVAL - - - - - - +void +set_multiproc(multiproc) + IV multiproc + CODE: + nids_params.multiproc = multiproc; diff -Nu Net-LibNIDS-0.01/META.yml Net-LibNIDS-0.02/META.yml --- Net-LibNIDS-0.01/META.yml 2008-03-29 21:59:48.000000000 +0000 +++ Net-LibNIDS-0.02/META.yml 2008-03-29 21:59:48.000000000 +0000 @@ -1,6 +1,6 @@ #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# name: Net-LibNIDS -version: 0.01 +version: 0.02 version_from: LibNIDS.pm installdirs: site requires: diff -Nu Net-LibNIDS-0.01/example-new.pl Net-LibNIDS-0.02/example-new.pl --- Net-LibNIDS-0.01/example-new.pl 1970-01-01 01:00:00.000000000 +0100 +++ Net-LibNIDS-0.02/example-new.pl 2008-04-01 21:59:19.000000000 +0100 @@ -0,0 +1,94 @@ +#!/usr/bin/perl + +use Net::LibNIDS; +use strict; +use warnings; +use Socket qw(inet_ntoa); + +my $total_connections = 0; +my $current_connections = 0; + +# This is an example of how to use Net::LibNIDS and not of decent perl coding! +# Please report any bugs or suggestions on the cpan bug tracker. + +# Either set a device name (requires priviledges) or choose a filename +# This script prints data to the terminal, it might be a bad idea to capture straight +# from a network device. Either filter below or load the HTTP sample capture from the t/ +# directory. +#Net::LibNIDS::param::set_device('eth0'); +Net::LibNIDS::param::set_filename('t/http-test.dump'); + +# Set a pcap filter, see the manpage for tcpdump for more information. The manpage for +# libnids explains why the 'or (..)' is required. +Net::LibNIDS::param::set_pcap_filter('port 80 or (ip[6:2] & 0x1fff != 0)'); + +if (!Net::LibNIDS::init()) { + warn "Uh oh, libnids failed to initialise!\n"; + warn "Check you have successfully built and installed the module first.\n"; + exit; +} + +# Set the callback function and run libnids +Net::LibNIDS::tcp_callback(\&collector ); +Net::LibNIDS::run(); + +print "Finished! There were $total_connections connections in total, $current_connections of these were still established at the end.\n"; + + +sub collector { + my $args = shift; + #print "Collector subroutine was called with state: " . $args->state_string . "\n"; + + # A new connection was established + if($args->state == Net::LibNIDS::NIDS_JUST_EST()) { + $total_connections++; + $current_connections++; + + # Here you can specify whether or not to collect the data from this connection. You could + # also filter using set_pcap_filter(). + #if($args->server_ip eq '127.0.0.1' || $args->server_port eq '1234') { + #} + + # By default, this script captures all traffic. + $args->server->collect_on(); + $args->client->collect_on(); + + print "New connection: " . $args->client_ip . ":" . $args->client_port . " -> " . $args->server_ip . ":" . $args->server_port; + print " (currently handling $current_connections connections)\n"; + return; + + } elsif ($args->state == Net::LibNIDS::NIDS_CLOSE()) { + print "Connection from " . $args->client_ip . " was closed\n"; + $current_connections--; + return; + + } elsif ($args->state == Net::LibNIDS::NIDS_RESET()) { + print "Connection from " . $args->client_ip . " was reset\n"; + $current_connections--; + return; + + } elsif ($args->state == Net::LibNIDS::NIDS_TIMED_OUT()) { + print "Connection from " . $args->client_ip . " timed out\n"; + $current_connections--; + return; + + } elsif ($args->state == Net::LibNIDS::NIDS_DATA()) { + # Data toward the server + if ($args->server->count_new) { + print $args->lastpacket_sec . " " . $args->client_ip . ":" . $args->client_port . " -> " . $args->server_ip . ":" . $args->server_port . " (" . $args->server->count_new . " new, " . $args->server->count . " total, offset " . $args->server->offset . ")\n"; + print "***\n"; + print substr($args->server->data, 0, $args->server->count_new); + print "***\n"; + return; + } + + # Data toward the client + if ($args->client->count_new) { + print $args->lastpacket_sec . " " . $args->client_ip . ":" . $args->client_port . " <- " . $args->server_ip . ":" . $args->server_port . " (" . $args->client->count_new . " new, " . $args->client->count . " total, offset " . $args->client->offset . ")\n"; + print "***\n"; + print substr($args->client->data, 0, $args->client->count_new); + print "***\n"; + return; + } + } +} Common subdirectories: Net-LibNIDS-0.01/fallback and Net-LibNIDS-0.02/fallback Common subdirectories: Net-LibNIDS-0.01/t and Net-LibNIDS-0.02/t