neale
/
fluffy
mirror of https://github.com/dirtbags/fluffy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

my changes to the utilities

This commit is contained in:
pi-rho 2012-02-22 21:03:20 -06:00
parent 24c962c56d
commit 6d465dfbfe
9 changed files with 783 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
src/hdng.c
View File

@ -1,6 +1,22 @@
/*
* Last Modified: Fri 17 Feb 2012 12:08:33 PM CST
*
* _ _Hex Dumper _ ____ _ _
* | \ | | _____ _| |_ / ___| ___ _ __ ___ _ __ __ _| |_(_) ___ _ __
* | \| |/ _ \ \/ / __| | | _ / _ \ '_ \ / _ \ '__/ _` | __| |/ _ \| '_ \
* | |\ | __/> <| |_ | |_| | __/ | | | __/ | | (_| | |_| | (_) | | | |
* |_| \_|\___/_/\_\\__| \____|\___|_| |_|\___|_| \__,_|\__|_|\___/|_| |_|
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <sysexits.h>
#include <string.h> #include <string.h>
#include <getopt.h>
#include "netre.h"
const char* charset[] = { const char* charset[] = {
"·", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "·", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",
@ -21,76 +37,157 @@ const char* charset[] = {
"", "¹", "²", "³", "", "", "", "", "", "", "", "", "", "", "", "¤" "", "¹", "²", "³", "", "", "", "", "", "", "", "", "", "", "", "¤"
}; };
int int version(bool error) {
dump(FILE *f) fprintf(WHICHOUT(error), "hdng v.%s - %s\n\n", PACKAGE_VERSION,
{ "The Next Generation Hex Dumper");
return error ? EX_USAGE : EX_OK;
}
int usage(bool error, char *prog) {
int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [ [-oxsg] [-w width] | -X | -G ] [filename]\n", prog);
fprintf(WHICHOUT(error), "\t-o\tdo not print offsets\n");
fprintf(WHICHOUT(error), "\t-x\tdo not print hexadecimal bytes\n");
fprintf(WHICHOUT(error), "\t-s\tdo not abbreviate redundant bytes\n");
fprintf(WHICHOUT(error), "\t-g\tdo not print glyphs\n");
fprintf(WHICHOUT(error), "\t-w\tlength of data to show on each line\n\n");
fprintf(WHICHOUT(error), "\t-X\thex dump mode (continuous)\n");
fprintf(WHICHOUT(error), "\t-G\tglyph dump mode (continuous)\n\n");
fprintf(WHICHOUT(error), "\tif a filename is not specified, stdin will be used\n");
return retval;
}
void print_hexits(uint8_t buf[], size_t length, bool continuous) {
size_t i;
for (i = 0; i < length; i += 1) {
printf("%02x ", buf[i]);
if (continuous && ((i+1) % 8 == 0)) printf(" ");
}
if (continuous) printf(" ");
}
void print_glyphs(uint8_t buf[], size_t length, bool decoration) {
size_t i;
if (decoration) printf("");
for (i = 0; i < length; i += 1)
printf("%s", charset[buf[i]]);
if (decoration) printf("");
}
int dump(FILE *f, uint8_t width, bool offsets, bool hex, bool glyphs, bool skip, bool nl) {
uint64_t p = 0; uint64_t p = 0;
uint8_t buf[32]; uint64_t op = 0;
int offset = 0;
int skipping = 0; int skipping = 0;
size_t offset = 0;
uint8_t buf[2*width];
while (!feof(f)) { while (!feof(f)) {
uint8_t *bytes = buf + offset; uint8_t *bytes = buf + offset;
size_t len; size_t len;
int i;
offset = 16 - offset; offset = width - offset;
len = fread(bytes, 1, 16, f); len = fread(bytes, 1, width, f);
if (0 == len) break; if (len == 0) break;
op = p;
p += len;
if (p && (0 == memcmp(buf, buf + 16, 16))) { if (skip) {
if (! skipping) { if (op && (memcmp(buf, buf + width, width) == 0)) {
if (skipping == 1) {
printf("*\n"); printf("*\n");
skipping = 1; skipping = 1;
} }
p += 16;
continue; continue;
} else { } else {
skipping = 0; skipping = 0;
} }
}
printf("%08lx ", (long unsigned int)p); if (offsets) printf("%08lx ", (long unsigned int)op);
for (i = 0; i < 16; i += 1) { if (hex) print_hexits(bytes, len, nl);
if (i < len) { if (glyphs) print_glyphs(bytes, len, hex);
printf("%02x ", bytes[i]); if (nl) printf("\n");
} else {
printf(" ");
} }
if (7 == i) {
printf(" ");
}
}
printf("");
for (i = 0; i < len; i += 1) {
printf("%s", charset[bytes[i]]);
}
if (-1 == printf("\n")) {
perror("printf");
return 1;
}
p += len;
}
printf("%08lx\n", (long unsigned int)p);
return 0; if (offsets) printf("%08lx bytes", (long unsigned int)p);
printf("\n");
return EX_OK;
} }
int int main(int argc, char *argv[]) {
main(int argc, char *argv[]) int opt;
{ FILE *input = stdin;
if (1 == argc) {
dump(stdin);
} else {
FILE *f = fopen(argv[1], "rb");
if (! f) { /* defaults */
uint8_t width = 16;
bool hex = true;
bool skip = true;
bool glyphs = true;
bool offsets = true;
bool nl = true;
/* special modes */
bool hexdump = false;
bool glyphdump = false;
/* option parsing */
while ((opt = getopt(argc, argv, "hvoxsgw:XG")) != -1) {
switch (opt) {
case 'o': /* offset off */
offsets = false;
break;
case 'x': /* hex off */
hex = false;
break;
case 's': /* skip off */
skip = false;
break;
case 'g': /* glyphs off */
glyphs = false;
break;
case 'w': /* width */
if (optarg[0] == '-') optarg++;
width = (uint8_t)atoi(optarg);
if (width == 0) width = 16;
break;
case 'X': /* hex dump mode */
hexdump = true;
break;
case 'G': /* glyph dump mode */
glyphdump = true;
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
/* crazy user! */
if (!hex && !glyphs) glyphs = true;
/* modes override other options, hex wins vs. glyphs */
if (hexdump) {
glyphs = skip = offsets = nl = false;
hex = true;
width = 16;
} else if (glyphdump) {
hex = skip = offsets = nl = false;
glyphs = true;
width = 16;
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("open"); perror("open");
return 1; return EX_OSFILE;
}
} }
dump(f); return dump(input, width, offsets, hex, glyphs, skip, nl);
}
return 0;
} }

171
src/p4split.c
View File

@ -1,9 +1,24 @@
/*
* _ _ _ _ _
* _ __ | || | ___ _ __ | (_) |_
* | '_ \| || |_/ __| '_ \| | | __|
* | |_) |__ _\__ \ |_) | | | |_
* | .__/ |_| |___/ .__/|_|_|\__|
* |_| |_|
*
* split a pcap into multiple files, based on a CIDR filter
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdbool.h>
#include <stdlib.h> #include <stdlib.h>
#include <sysexits.h> #include <sysexits.h>
#include <strings.h> #include <strings.h>
#include <getopt.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
/* Gaah so much crap */ /* Gaah so much crap */
#include <sys/socket.h> #include <sys/socket.h>
@ -12,75 +27,57 @@
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/in.h> #include <netinet/in.h>
int version(bool error) {
fprintf(WHICHOUT(error), "p4split v.%s - %s\n\n", PACKAGE_VERSION,
"Splits PCAP into up to 256 files based on CIDR");
return error ? EX_USAGE : EX_OK;
}
int int usage(bool error, char *prog) {
usage(int ret) int retval = version(error);
{ fprintf(WHICHOUT(error), "Usage: %s [-i INPUT] <CIDR>\n", prog);
fprintf(stderr, "Usage: p4split CIDR\n"); fprintf(WHICHOUT(error), "\t-i INPUT\tA PCAP to read for input\n");
fprintf(stderr, "\n"); fprintf(WHICHOUT(error), "\tCIDR\t\tA network address in CIDR notation\n");
fprintf(stderr, "Splits pcap on stdin into up to 256 files, based on CIDR.\n"); fprintf(WHICHOUT(error), "\nif INPUT is not specified, stdin will be read\n");
return ret; return retval;
} }
int int parse_cidr(char *s, uint32_t *addr, uint8_t *bits) {
parse_cidr(char *s, uint32_t *addr, uint8_t *bits)
{
char *slash = index(s, '/'); char *slash = index(s, '/');
struct in_addr inp; struct in_addr inp;
if (slash) { if (slash != NULL) {
*slash = 0; *slash = '\0';
*bits = atoi(slash + 1); *bits = (uint8_t)atoi(slash + 1);
} else { } else {
*bits = 0; *bits = 0;
} }
if (0 == inet_aton(s, &inp)) return -1; if (inet_aton(s, &inp) == 0) return -1;
*addr = ntohl(inp.s_addr); *addr = ntohl(inp.s_addr);
return 0; return 0;
} }
int p4split(struct pcap_file input, uint32_t addr, uint8_t bits) {
int
main(int argc, char *argv[])
{
struct pcap_file p;
struct pcap_file out[256];
int ok = 0;
uint32_t addr;
uint32_t mask;
uint8_t bits;
uint8_t shr;
int i; int i;
struct pcap_file out[256];
int errid = 0;
uint32_t mask = ~((1 << (32-bits)) - 1);
uint8_t shr = (32-bits) - 8;
if (argc != 2) return usage(0);
if (-1 == parse_cidr(argv[1], &addr, &bits)) return usage(0);
if (bits > 24) return usage(0);
if (bits % 8) {
fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n");
}
mask = ~((1 << (32-bits)) - 1);
addr &= mask; addr &= mask;
shr = (32-bits) - 8;
for (i = 0; i < 256; i += 1) { for (i = 0; i < 256; i += 1) out[i].f = NULL;
out[i].f = NULL;
}
if (-1 == pcap_open_in(&p, stdin)) return usage(0); while (true) {
while (1) {
struct pcap_pkthdr hdr; struct pcap_pkthdr hdr;
uint8_t octet; uint8_t octet;
char frame[MAXFRAME]; char frame[MAXFRAME];
ok = 1; if (pcap_read_pkthdr(&input, &hdr) == -1) break;
if (-1 == pcap_read_pkthdr(&p, &hdr)) break; if (fread(frame, hdr.caplen, 1, input.f) != 1) break;
if (1 != fread(frame, hdr.caplen, 1, p.f)) break;
{ {
struct ether_header *eh = (struct ether_header *)frame; struct ether_header *eh = (struct ether_header *)frame;
@ -96,7 +93,8 @@ main(int argc, char *argv[])
if ((a & mask) != addr) { if ((a & mask) != addr) {
a = ntohl(ih->daddr); a = ntohl(ih->daddr);
if ((a & mask) != addr) { if ((a & mask) != addr) {
fprintf(stderr, "Warning: dropping unmatched packet %08x -> %08x\n", fprintf(stderr,
"Warning: dropping unmatched packet %08x -> %08x\n",
ntohl(ih->saddr), ntohl(ih->daddr)); ntohl(ih->saddr), ntohl(ih->daddr));
continue; continue;
} }
@ -104,31 +102,76 @@ main(int argc, char *argv[])
octet = (a & ~mask) >> shr; octet = (a & ~mask) >> shr;
} }
ok = 0;
if (! out[octet].f) { if (! out[octet].f) {
char fn[9]; char fn[9];
FILE *f; FILE *f;
sprintf(fn, "%d.pcap", octet); snprintf(fn, 9, "%d.pcap", octet);
if (NULL == (f = fopen(fn, "wb"))) break; if (((f = fopen(fn, "wb")) == NULL) ||
if (-1 == pcap_open_out(&out[octet], f)) break; (pcap_open_out(&out[octet], f) == -1)) {
} perror("Error creating output");
errid = EX_CANTCREAT;
if (-1 == pcap_write_pkthdr(&out[octet], &hdr)) break; break;
if (1 != fwrite(frame, hdr.caplen, 1, out[octet].f)) break;
}
if (! ok) {
perror("Error");
return 1;
}
for (i = 0; i < 256; i += 1) {
if (out[i].f) {
pcap_close(&p);
} }
} }
return 0; if ((pcap_write_pkthdr(&out[octet], &hdr) == -1) ||
(fwrite(frame, hdr.caplen, 1, out[octet].f) != 1)) {
perror("Error writing");
errid = EX_IOERR;
break;
}
}
for (i = 0; i < 256; i++) if (out[i].f) pcap_close(&out[i]);
pcap_close(&input);
return errid;
}
int main(int argc, char *argv[]) {
int opt;
struct pcap_file p;
uint32_t addr;
uint8_t bits;
FILE *input;
while ((opt = getopt(argc, argv, "hvi:")) != -1) {
switch (opt) {
case 'i': /* input */
input = fopen(optarg, "rb");
if (!input) {
perror("open input");
return EX_IOERR;
}
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if ((optind >= argc) || (argc - optind != 1)) {
fprintf(stderr, "not enough arguments\n");
return usage(true, argv[0]);
}
if (parse_cidr(argv[optind], &addr, &bits) == -1) {
fprintf(stderr, "invalid CIDR\n");
return EX_USAGE;
}
if (bits > 24) {
fprintf(stderr, "subnet bits must be <= 24\n");
return EX_USAGE;
}
if (pcap_open_in(&p, input) == -1) return EX_IOERR;
if (bits % 8)
fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n");
return p4split(p, addr, bits);
} }

50
src/pcap.c
View File

@ -1,51 +1,53 @@
/*
* PCAP library
*
*/
#include <stdio.h> #include <stdio.h>
#include <sysexits.h> #include <sysexits.h>
#include <string.h> #include <string.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
int int pcap_open_in(struct pcap_file *ctx, FILE *f) {
pcap_open_in(struct pcap_file *ctx, FILE *f)
{
struct pcap_file_header h; struct pcap_file_header h;
if (1 != fread(&h, sizeof(h), 1, f)) { if (fread(&h, sizeof(h), 1, f) != 1) h.magic = 0;
h.magic = 0;
}
if (MAGIC == h.magic) { if (MAGIC == h.magic) {
ctx->swap = 0; ctx->swap = 0;
DDUMP("normal order");
} else if (bswap32(MAGIC) == h.magic) { } else if (bswap32(MAGIC) == h.magic) {
ctx->swap = 1; ctx->swap = 1;
DDUMP("swapped order");
} else { } else {
return -1; return -1;
} }
if ((h.version_major != 2) || (h.version_minor != 4)) return -1; if ((h.version_major != 2) || (h.version_minor != 4)) return -1;
DDUMP_d(h.version_major);
DDUMP_d(h.version_minor);
if (ctx->swap) h.snaplen = bswap32(h.snaplen); if (ctx->swap != 0) h.snaplen = bswap32(h.snaplen);
DDUMP_d(h.snaplen);
if (h.snaplen > MAXFRAME) return -1; if (h.snaplen > MAXFRAME) return -1;
ctx->f = f; ctx->f = f;
return 0; return 0;
} }
int int pcap_open_out(struct pcap_file *ctx, FILE *f) {
pcap_open_out(struct pcap_file *ctx, FILE *f)
{
struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 }; struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 };
if (1 != fwrite(&h, sizeof(h), 1, f)) return -1; if (fwrite(&h, sizeof(h), 1, f) != 1) return -1;
ctx->f = f; ctx->f = f;
ctx->swap = 0; ctx->swap = 0;
return 0; return 0;
} }
int int pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) {
pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) if (fread(hdr, sizeof(*hdr), 1, ctx->f) != 1) return -1;
{
if (1 != fread(hdr, sizeof(*hdr), 1, ctx->f)) {
return -1;
}
if (ctx->swap) { if (ctx->swap) {
hdr->ts.tv_sec = bswap32(hdr->ts.tv_sec); hdr->ts.tv_sec = bswap32(hdr->ts.tv_sec);
@ -59,9 +61,7 @@ pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
return 0; return 0;
} }
int int pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) {
pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
{
if (ctx->swap) { if (ctx->swap) {
struct pcap_pkthdr ohdr; struct pcap_pkthdr ohdr;
@ -71,16 +71,12 @@ pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
hdr->caplen = bswap32(hdr->caplen); hdr->caplen = bswap32(hdr->caplen);
hdr->len = bswap32(hdr->len); hdr->len = bswap32(hdr->len);
if (1 != fwrite(&ohdr, sizeof(ohdr), 1, ctx->f)) return -1; if (fwrite(&ohdr, sizeof(ohdr), 1, ctx->f) != 1) return -1;
} else { } else {
if (1 != fwrite(hdr, sizeof(*hdr), 1, ctx->f)) return -1; if (fwrite(hdr, sizeof(*hdr), 1, ctx->f) != 1) return -1;
} }
return 0; return 0;
} }
void void pcap_close(struct pcap_file *ctx) { fclose(ctx->f); }
pcap_close(struct pcap_file *ctx)
{
fclose(ctx->f);
}

10
src/pcap.h
View File

@ -5,7 +5,7 @@
#include <stdint.h> #include <stdint.h>
#define MAGIC 0xa1b2c3d4 #define MAGIC 0xa1b2c3d4
#define MAXFRAME 9000 #define MAXFRAME 65535
struct pcap_file { struct pcap_file {
FILE *f; FILE *f;
@ -48,14 +48,6 @@ struct pcap_pkthdr {
/* Debugging help */ /* Debugging help */
#define DUMPf(fmt, args...) fprintf(stderr, "%s:%s:%d " fmt "\n", __FILE__, __FUNCTION__, __LINE__, ##args)
#define DUMP() DUMPf("")
#define DUMP_d(v) DUMPf("%s = %d", #v, v)
#define DUMP_u(v) DUMPf("%s = %u", #v, v)
#define DUMP_x(v) DUMPf("%s = 0x%x", #v, v)
#define DUMP_s(v) DUMPf("%s = %s", #v, v)
#define DUMP_c(v) DUMPf("%s = %c", #v, v)
#define DUMP_p(v) DUMPf("%s = %p", #v, v)
int pcap_open_in(struct pcap_file *ctx, FILE *f); int pcap_open_in(struct pcap_file *ctx, FILE *f);
int pcap_open_out(struct pcap_file *ctx, FILE *f); int pcap_open_out(struct pcap_file *ctx, FILE *f);

140
src/pmerge.c
View File

@ -1,7 +1,22 @@
/*
* _ __ _ __ ___ ___ _ __ __ _ ___
* | '_ \| '_ ` _ \ / _ \ '__/ _` |/ _ \
* | |_) | | | | | | __/ | | (_| | __/
* | .__/|_| |_| |_|\___|_| \__, |\___|
* |_| |___/
*
* Merges pcap files, outputting time-ordered pcap stream
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <sysexits.h> #include <sysexits.h>
#include <getopt.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
struct input_file { struct input_file {
int active; int active;
@ -9,18 +24,21 @@ struct input_file {
struct pcap_pkthdr next; struct pcap_pkthdr next;
}; };
int int version(bool error) {
usage(int ret) fprintf(WHICHOUT(error), "pmerge v.%s - %s\n\n", PACKAGE_VERSION,
{ "Merges pcap files, outputting time-ordered pcap stream");
fprintf(stderr, "Usage: pmerge FILE ...\n"); return error ? EX_USAGE : EX_OK;
fprintf(stderr, "\n");
fprintf(stderr, "Merges pcap files, outputting time-ordered pcap stream\n");
return ret;
} }
int int usage(bool error, char *prog) {
read_next(struct input_file *file) int retval = version(error);
{ fprintf(WHICHOUT(error), "Usage: %s [-o OUTPUT] FILE [FILE]*\n", prog);
fprintf(WHICHOUT(error), "\tOUTPUT\toutput filename -- if not specified, stdout will be used\n");
fprintf(WHICHOUT(error), "\tFILE\tinput filename, at least one is required\n");
return retval;
}
int read_next(struct input_file *file) {
if (! file->active) return -1; if (! file->active) return -1;
if (-1 == pcap_read_pkthdr(&file->p, &file->next)) { if (-1 == pcap_read_pkthdr(&file->p, &file->next)) {
@ -34,44 +52,13 @@ read_next(struct input_file *file)
return 0; return 0;
} }
int int pmerge(FILE *output, struct input_file files[], int nfiles) {
main(int argc, char *argv[])
{
struct input_file files[argc-1];
int nfiles = 0;
int nopen; int nopen;
int i; int i;
struct pcap_file out; struct pcap_file out;
if (1 == argc) return usage(0); if (pcap_open_out(&out, output) == -1) {
perror("writing pcap header");
/* Open input files */
for (i = 0; i < argc-1; i += 1) {
char *fn = argv[i+1];
struct input_file *cur = &files[nfiles];
FILE *f;
if ('-' == fn[0]) return usage(0);
f = fopen(fn, "rb");
if (NULL == f) {
perror(fn);
return EX_NOINPUT;
}
if (-1 == pcap_open_in(&cur->p, f)) {
fprintf(stderr, "%s: unable to process\n", fn);
return EX_IOERR;
}
cur->active = 1;
if (0 == read_next(cur)) {
nfiles += 1;
}
}
if (-1 == pcap_open_out(&out, stdout)) {
perror("writing header");
return EX_IOERR; return EX_IOERR;
} }
@ -83,10 +70,10 @@ main(int argc, char *argv[])
/* Find next oldest frame */ /* Find next oldest frame */
for (i = 0; i < nfiles; i += 1) { for (i = 0; i < nfiles; i += 1) {
if (files[i].active && if ( files[i].active &&
((files[i].next.ts.tv_sec < cur->next.ts.tv_sec) || ((files[i].next.ts.tv_sec < cur->next.ts.tv_sec) ||
((files[i].next.ts.tv_sec == cur->next.ts.tv_sec) && ((files[i].next.ts.tv_sec == cur->next.ts.tv_sec) &&
(files[i].next.ts.tv_usec < cur->next.ts.tv_usec)))) { ( files[i].next.ts.tv_usec < cur->next.ts.tv_usec)))) {
cur = &files[i]; cur = &files[i];
} }
} }
@ -108,20 +95,69 @@ main(int argc, char *argv[])
/* Write header + frame */ /* Write header + frame */
if (len) { if (len) {
if (1 != fwrite(&cur->next, sizeof(cur->next), 1, stdout)) { if (fwrite(&cur->next, sizeof(cur->next), 1, output) != 1) {
perror("error"); perror("error");
return EX_IOERR; return EX_IOERR;
} }
if (len != fwrite(frame, 1, len, stdout)) { if (len != fwrite(frame, 1, len, output)) {
perror("error"); perror("error");
return EX_IOERR; return EX_IOERR;
} }
} }
if (-1 == read_next(cur)) { if (read_next(cur) == -1) nopen -= 1;
nopen -= 1;
}
} }
return 0; return EX_OK;
}
int main(int argc, char *argv[]) {
int opt;
FILE *output = stdout;
while ((opt = getopt(argc, argv, "hvo:")) != -1) {
switch (opt) {
case 'o': /* output file */
output = fopen(optarg, "wb");
if (!output) {
perror("Open output");
return EX_OSFILE;
}
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind >= argc) return usage(true, argv[0]);
int i;
int nfiles = 0;
struct input_file files[argc - optind];
/* Open input files */
for (i = optind; i < argc; i++) {
char *fn = argv[i];
struct input_file *cur = &files[nfiles];
FILE *f;
if (fn[0] == '-') return usage(true, argv[0]);
f = fopen(fn, "rb");
if (!f) {
perror(fn);
return EX_NOINPUT;
}
if (pcap_open_in(&cur->p, f) == -1) {
fprintf(stderr, "%s: unable to process\n", fn);
return EX_IOERR;
}
cur->active = 1;
if (read_next(cur) == 0) nfiles += 1;
}
return pmerge(output, files, nfiles);
} }

104
src/puniq.c
View File

@ -1,34 +1,57 @@
/* _
* _ __ _ _ _ __ (_) __ _
* | '_ \| | | | '_ \| |/ _` |
* | |_) | |_| | | | | | (_| |
* | .__/ \__,_|_| |_|_|\__, |
* |_| |_|
*
* filter one to many PCAPs for unique frames
*
*/
#include <getopt.h>
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h> #include <sysexits.h>
#include <string.h> #include <string.h>
#include "netre.h"
#include "pcap.h" #include "pcap.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "puniq v.%s - %s\n\n", PACKAGE_VERSION,
{ "filter one to many PCAPs for unique frames");
return error ? EX_USAGE : EX_OK;
}
int usage(bool error, char *prog) {
int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [-o OUTPUT] <FILE> [FILE]*\n", prog);
fprintf(WHICHOUT(error), "\t-o OUTPUT\tfile in which to write output; if not specified, output will be written to stdout\n");
fprintf(WHICHOUT(error), "\tFILE\tinput pcap file, at least one file is required\n");
return retval;
}
int puniq(FILE *output, char *inputs[], int ninputs) {
int i; int i;
struct pcap_pkthdr hdr[2]; struct pcap_pkthdr hdr[2];
char frame[2][MAXFRAME]; char frame[2][MAXFRAME];
int cur = 0;
struct pcap_file out; struct pcap_file out;
int cur;
memset(&hdr, 0, sizeof(hdr)); if (pcap_open_out(&out, output) == -1) {
memset(frame, 0, 2 * MAXFRAME);
if (-1 == pcap_open_out(&out, stdout)) {
perror("writing header"); perror("writing header");
return EX_IOERR; return EX_IOERR;
} }
i = 1; for (i = 0; i < ninputs; i++) {
do { char *fn = inputs[i];
char *fn = argv[i];
FILE *f; FILE *f;
struct pcap_file p; struct pcap_file p;
if ((! fn) || (0 == strcmp("-", fn))) { if ((! fn) || (strcmp("-", fn) == 0)) {
f = stdin; f = stdin;
} else { } else {
printf("processing: %s\n", fn);
f = fopen(fn, "rb"); f = fopen(fn, "rb");
if (NULL == f) { if (NULL == f) {
perror(fn); perror(fn);
@ -36,28 +59,59 @@ main(int argc, char *argv[])
} }
} }
if (-1 == pcap_open_in(&p, f)) { if (pcap_open_in(&p, f) == -1) {
fprintf(stderr, "%s: unable to process\n", fn); fprintf(stderr, "unable to process: %s\n", fn);
return EX_IOERR; return EX_IOERR;
} }
while (1) { cur = 0;
if (-1 == pcap_read_pkthdr(&p, &hdr[cur])) break; while (true) {
if (1 != fread(frame[cur], hdr[cur].caplen, 1, p.f)) break;
if ((0 == memcmp(&hdr[0], &hdr[1], sizeof(hdr[0]))) && memset(&hdr[cur], 0, sizeof(hdr[cur]));
(0 == memcmp(frame[0], frame[1], hdr[cur].caplen))) { memset(&frame[cur], 0, MAXFRAME);
if (pcap_read_pkthdr(&p, &hdr[cur]) == -1) break;
if (fread(frame[cur], hdr[cur].caplen, 1, p.f) != 1) break;
if ((memcmp(&hdr[0], &hdr[1], sizeof(hdr[cur])) == 0) &&
(memcmp(frame[0], frame[1], hdr[cur].caplen) == 0)) {
/* Skip this duplicate */ /* Skip this duplicate */
DDUMP("duplicate!");
} else { } else {
if (-1 == pcap_write_pkthdr(&out, &hdr[cur])) break; if (pcap_write_pkthdr(&out, &hdr[cur]) == -1) break;
if (1 != fwrite(frame[cur], hdr[cur].caplen, 1, out.f)) break; if (fwrite(frame[cur], hdr[cur].caplen, 1, out.f) != 1) break;
} }
cur = (1 - cur); cur = (1 - cur);
} }
pcap_close(&p); pcap_close(&p);
}
pcap_close(&out);
i += 1; return EX_OK;
} while (i < argc); }
return 0; int main (int argc, char *argv[]) {
int opt;
FILE *output = stdout;
while ((opt = getopt(argc, argv, "hvo:")) != -1) {
switch (opt) {
case 'o': /* output file */
output = fopen(optarg, "wb");
if (!output) {
perror("opening output");
return EX_OSFILE;
}
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
/* at least one file is required */
if (argc <= optind) return usage(true, argv[0]);
return puniq(output, &argv[optind], argc - optind);
} }

63
src/repr.c
View File

@ -1,14 +1,39 @@
/*
* _ __ ___ _ __ _ __
* | '__/ _ \ '_ \| '__|
* | | | __/ |_) | |
* |_| \___| .__/|_|
* |_|
*
* Quote non-printable bytes, similar to python's repr()
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "repr v.%s - %s\n\n", PACKAGE_VERSION,
{ "quote non-printable bytes, similar to python's repr()");
while (1) { return error ? EX_USAGE : EX_OK;
int c = getchar(); }
int usage(bool error, char *prog) {
int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [filename]\n\n", prog);
fprintf(WHICHOUT(error), "if a file is not specified, stdin will be read\n");
return retval;
}
int repr(FILE *f) {
int c;
while (EOF != (c = getc(f))) {
switch (c) { switch (c) {
case EOF: case EOF: return 0;
return 0;
case 134: case 134:
printf("\\\\"); printf("\\\\");
break; break;
@ -22,5 +47,29 @@ main(int argc, char *argv[])
} }
} }
printf("\n");
return 0; return 0;
} }
int main(int argc, char *argv[]) {
int opt;
FILE *input = stdin;
/* option parsing */
while ((opt = getopt(argc, argv, "hv")) != -1) {
switch (opt) {
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("opening input file");
return EX_OSFILE;
}
}
return repr(input);
}

75
src/unhex.c
View File

@ -1,26 +1,45 @@
/* Hex Decoder -- 2012 Zephyr <zephyr@dirtbags.net> /*
* _
* _ _ _ __ | |__ _____ __
* | | | | '_ \| '_ \ / _ \ \/ /
* | |_| | | | | | | | __/> <
* \__,_|_| |_|_| |_|\___/_/\_\
*
* convert hexits to their binary equivalent
* *
* This file is in the public domain. I make no promises
* about the functionality of this program.
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "unhex v.%s - %s\n\n", PACKAGE_VERSION,
{ "convert hexits to their binary equivalent");
unsigned char acc = 0; return error ? EX_USAGE : EX_OK;
unsigned char nybble = 0; }
int usage(bool error, char *prog) {
int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [filename]\n\n", prog);
fprintf(WHICHOUT(error), "if a file is not specified, stdin will be read\n");
return retval;
}
int unhex(FILE *f) {
unsigned char acc = '\0';
unsigned char nybble = '\0';
unsigned long int count = 0; unsigned long int count = 0;
while (1) { while (true) {
int c = getchar(); int c = getc(f);
count += 1; count += 1;
switch (c) { switch (c) {
case EOF: case EOF: return EX_OK;
return 0;
case '0' ... '9': case '0' ... '9':
acc = (acc << 4) + c - '0'; acc = (acc << 4) + c - '0';
nybble += 1; nybble += 1;
@ -34,9 +53,9 @@ main(int argc, char *argv[])
nybble += 1; nybble += 1;
break; break;
default: default:
if (nybble != 0) { if (nybble != 0)
fprintf(stderr, "Warning: non-hex character mid-octet at offset %lu\n", count); fprintf(stderr,
} "Warning: non-hex character mid-octet at offset %lu\n", count);
break; break;
} }
@ -47,5 +66,29 @@ main(int argc, char *argv[])
} }
} }
return 0; return EX_OK;
}
int main(int argc, char *argv[]) {
int opt;
FILE *input = stdin;
/* option parsing */
while ((opt = getopt(argc, argv, "hv")) != -1) {
switch (opt) {
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("opening input");
return EX_OSFILE;
}
}
return unhex(input);
} }

108
src/xor.c
View File

@ -1,48 +1,76 @@
/* xor filter -- 2012 Zephyr <zephyr@dirtbags.net> /*
* __ _ _ _
* __ _____ _ __ / _(_) | |_ ___ _ __
* \ \/ / _ \| '__| | |_| | | __/ _ \ '__|
* > < (_) | | | _| | | || __/ |
* /_/\_\___/|_| |_| |_|_|\__\___|_|
*
* apply mask bytes to the pipeline
* *
* This file is in the public domain. I make no promises
* about the functionality of this program.
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h>
#include <string.h> #include <string.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "xor v.%s - %s\n\n", PACKAGE_VERSION,
{ "apply mask bytes to the pipeline, using XOR");
int start = 1; return error ? EX_USAGE : EX_OK;
int base = 0; }
int arg;
int usage(bool error, char *prog) {
if (argc < 2) { int retval = version(error);
fprintf(stderr, "Usage: %s [-x] m1 [m2 ...]\n", argv[0]); fprintf(WHICHOUT(error), "Usage: %s [-x] MASK [MASK]*\n", prog);
return 1; fprintf(WHICHOUT(error), "\t-x\tmask bytes are hexadecimal\n");
} fprintf(WHICHOUT(error), "\tMASK\ta mask byte\n");
return retval;
if (0 == strcmp(argv[1], "-x")) { }
base = 16;
start += 1; void do_xor(uint8_t mask[], int len) {
} int i = 0;
while (true) {
arg = start; int c = getchar();
while (1) { if (EOF == c) break;
int c = getchar();
unsigned char mask; c ^= mask[i];
putchar(c);
if (! argv[arg]) { i = (i + 1) % len;
arg = start; }
} }
mask = strtol(argv[arg++], NULL, base);
int main(int argc, char *argv[]) {
if (EOF == c) { int opt;
break; int masklen = 0;
} int base = 0;
int i;
c ^= mask;
putchar(c); /* option parsing */
} while ((opt = getopt(argc, argv, "hvx")) != -1) {
switch (opt) {
return 0; case 'x':
base = 16;
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind >= argc) return usage(true, argv[0]);
masklen = argc - optind;
uint8_t mask[masklen];
for (i = optind; i < argc; i++)
mask[i-optind] = (uint8_t)strtol(argv[i], NULL, base);
do_xor(mask, masklen);
return EX_OK;
} }