/*
* defs.h
* Copyright (c) 2004-2006 Vlad GALU <dudu@dudu.ro>
* Andrei GAVRILOAIE <gavriloaie_andrei@yahoo.com>
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef DEFS_H
#define DEFS_H
/* define section */
#define __FAVOR_BSD 1
#define _BSD_SOURCE 1
#define SNAPLEN 68
#define TIME_BETWEEN_FLOW_CLEANUPS 10 // time between cleanups in seconds
#define TIME_BETWEEN_HOST_CLEANUPS 20 // time between cleanups in seconds
#define FLOW_LIFETIME 20 // the number of seconds of
// inactivity after which a flow is
// discarded
#define MAX_FLOWS_PER_SEC 100 // the maximum number of flows
// per second that hit a target
#define MAX_PACKETS_PER_SEC_IN_FLOW 2000
#define MAX_PPS_PER_HOST 5000 // the maximum number of
// packets per second towards a
// specific host
#define HOST_LIFETIME 30 // the number of seconds of
// inactivity for a specific host
/* link layer offset section */
#define ETHSIZE 14
#define TRSIZE 22
#define PPPSIZE 4
#define SLIPSIZE 16
#define RAWSIZE 0
#define LOOPSIZE 4
#define FDDISIZE 21
#define ISDNSIZE 16
/* include section */
#include <config.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IP_ICMP_H
#include <netinet/ip_icmp.h>
#endif
#ifndef _LINUX
#ifdef HAVE_NETINET_UDP_H
#include <netinet/udp.h>
#endif // HAVE_NETINET_UDP_H
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif // HAVE_NETINET_TCP_H
#endif //_LINUX
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_PCAP_H
extern "C" {
#include <pcap.h>
}
#endif
#ifdef _USE_MD4
#include <openssl/md4.h>
#else
#ifdef _USE_MD5
#include <openssl/md5.h>
#endif //_USE_MD5
#endif //_USE_MD4
#include <stack>
using namespace std;
#ifdef _DEBUG
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#endif //_DEBUG
/* type declaration section */
typedef bool(*CLEANFUNC) (void *, void*);
typedef struct {
struct pdu {
struct in_addr saddr; /* source host */
struct in_addr daddr; /* destination host */
u_short sport; /* source port */
u_short dport; /* destination port */
u_int packets; /* total packets in flow */
u_int bytes; /* total bytes in flow */
time_t first; /* timestamp of the first packet in the flow */
time_t last; /* timestamp of the last packet in the flow */
u_char tcp_flags; /* TCP flags, if any */
u_char proto; /* IP protocol (eg. TCP/UDP/other) */
u_char tos; /* Type Of Service */
} records;
struct counters {
time_t lastcheck;
} stats;
} flow_t;
#ifdef _LINUX
typedef u_int32_t tcp_seq;
/*
* TCP header.
* Per RFC 793, September, 1981.
*/
struct tcphdr
{
u_int16_t th_sport; /* source port */
u_int16_t th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
#if __BYTE_ORDER == __LITTLE_ENDIAN
u_int8_t th_x2:4; /* (unused) */
u_int8_t th_off:4; /* data offset */
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
u_int8_t th_off:4; /* data offset */
u_int8_t th_x2:4; /* (unused) */
#endif
u_int8_t th_flags;
# define TH_FIN 0x01
# define TH_SYN 0x02
# define TH_RST 0x04
# define TH_PUSH 0x08
# define TH_ACK 0x10
# define TH_URG 0x20
u_int16_t th_win; /* window */
u_int16_t th_sum; /* checksum */
u_int16_t th_urp; /* urgent pointer */
};
struct udphdr {
u_short uh_sport; /* source port */
u_short uh_dport; /* destination port */
u_short uh_ulen; /* udp length */
u_short uh_sum; /* udp checksum */
};
#endif //_LINUX
/* macro section */
#ifdef _DEBUG
#define dprintf(args...) fprintf(stdout, args)
#else
#define dprintf(args...)
#endif //_DEBUG
#ifdef _USE_MD4
#define HASH(src, srcSize, dst) {\
MD4_CTX context;\
MD4_Init(&context);\
MD4_Update(&context,src,srcSize);\
MD4_Final(dst,&context);\
}
#else
#ifdef _USE_MD5
#define HASH(src, srcSize, dst) {\
MD5_CTX context;\
MD5_Init(&context);\
MD5_Update(&context,src,srcSize);\
MD5_Final(dst,&context);\
}
#endif //_USE_MD5
#endif //_USE_MD4
/* prototype section */
int getIPLayerOffset(pcap_t *pPcap);
void handlePacket(u_char *pIPLayerOffsetV, const pcap_pkthdr *pPcapHeader, const u_char *pPacketData);
bool cleanupFlowTest(void *current, void *udata);
bool cleanupHostTest(void *current, void *udata);
#endif //DEFS_H
// vi:ts=4
syntax highlighted by Code2HTML, v. 0.9.1