neale
/
fluffy
mirror of https://github.com/dirtbags/fluffy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

my changes to the utilities

This commit is contained in:
pi-rho 2012-02-22 21:03:20 -06:00
parent 24c962c56d
commit 6d465dfbfe
9 changed files with 783 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

263
src/hdng.c
View File

@ -1,96 +1,193 @@
/*
* Last Modified: Fri 17 Feb 2012 12:08:33 PM CST
*
* _ _Hex Dumper _ ____ _ _
* | \ | | _____ _| |_ / ___| ___ _ __ ___ _ __ __ _| |_(_) ___ _ __
* | \| |/ _ \ \/ / __| | | _ / _ \ '_ \ / _ \ '__/ _` | __| |/ _ \| '_ \
* | |\ | __/> <| |_ | |_| | __/ | | | __/ | | (_| | |_| | (_) | | | |
* |_| \_|\___/_/\_\\__| \____|\___|_| |_|\___|_| \__,_|\__|_|\___/|_| |_|
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <sysexits.h>
#include <string.h> #include <string.h>
#include <getopt.h>
#include "netre.h"
const char* charset[] = { const char* charset[] = {
"·", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "·", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",
"", "", "", "", "", "§", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "§", "", "", "", "", "", "", "", "", "", "",
" ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/",
"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?",
"@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O",
"P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "[", "\\", "]", "^", "_", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "[", "\\", "]", "^", "_",
"`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "",
"Ç", "ü", "é", "â", "ä", "à", "å", "ç", "ê", "ë", "è", "ï", "î", "ì", "Ä", "Å", "Ç", "ü", "é", "â", "ä", "à", "å", "ç", "ê", "ë", "è", "ï", "î", "ì", "Ä", "Å",
"É", "æ", "Æ", "ô", "ö", "ò", "û", "ù", "ÿ", "Ö", "Ü", "¢", "£", "¥", "", "ƒ", "É", "æ", "Æ", "ô", "ö", "ò", "û", "ù", "ÿ", "Ö", "Ü", "¢", "£", "¥", "", "ƒ",
"á", "í", "ó", "ú", "ñ", "Ñ", "ª", "º", "½", "", "¼", "", "", "", "«", "»", "á", "í", "ó", "ú", "ñ", "Ñ", "ª", "º", "½", "", "¼", "", "", "", "«", "»",
"", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",
"", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",
"", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",
"α", "ß", "Γ", "π", "Σ", "σ", "µ", "τ", "Φ", "Θ", "Ω", "δ", "", "φ", "ε", "", "α", "ß", "Γ", "π", "Σ", "σ", "µ", "τ", "Φ", "Θ", "Ω", "δ", "", "φ", "ε", "",
"", "¹", "²", "³", "", "", "", "", "", "", "", "", "", "", "", "¤" "", "¹", "²", "³", "", "", "", "", "", "", "", "", "", "", "", "¤"
}; };
int int version(bool error) {
dump(FILE *f) fprintf(WHICHOUT(error), "hdng v.%s - %s\n\n", PACKAGE_VERSION,
{ "The Next Generation Hex Dumper");
uint64_t p = 0; return error ? EX_USAGE : EX_OK;
uint8_t buf[32];
int offset = 0;
int skipping = 0;
while (!feof(f)) {
uint8_t *bytes = buf + offset;
size_t len;
int i;
offset = 16 - offset;
len = fread(bytes, 1, 16, f);
if (0 == len) break;
if (p && (0 == memcmp(buf, buf + 16, 16))) {
if (! skipping) {
printf("*\n");
skipping = 1;
}
p += 16;
continue;
} else {
skipping = 0;
}
printf("%08lx ", (long unsigned int)p);
for (i = 0; i < 16; i += 1) {
if (i < len) {
printf("%02x ", bytes[i]);
} else {
printf(" ");
}
if (7 == i) {
printf(" ");
}
}
printf("");
for (i = 0; i < len; i += 1) {
printf("%s", charset[bytes[i]]);
}
if (-1 == printf("\n")) {
perror("printf");
return 1;
}
p += len;
}
printf("%08lx\n", (long unsigned int)p);
return 0;
} }
int int usage(bool error, char *prog) {
main(int argc, char *argv[]) int retval = version(error);
{ fprintf(WHICHOUT(error), "Usage: %s [ [-oxsg] [-w width] | -X | -G ] [filename]\n", prog);
if (1 == argc) { fprintf(WHICHOUT(error), "\t-o\tdo not print offsets\n");
dump(stdin); fprintf(WHICHOUT(error), "\t-x\tdo not print hexadecimal bytes\n");
} else { fprintf(WHICHOUT(error), "\t-s\tdo not abbreviate redundant bytes\n");
FILE *f = fopen(argv[1], "rb"); fprintf(WHICHOUT(error), "\t-g\tdo not print glyphs\n");
fprintf(WHICHOUT(error), "\t-w\tlength of data to show on each line\n\n");
fprintf(WHICHOUT(error), "\t-X\thex dump mode (continuous)\n");
fprintf(WHICHOUT(error), "\t-G\tglyph dump mode (continuous)\n\n");
fprintf(WHICHOUT(error), "\tif a filename is not specified, stdin will be used\n");
return retval;
}
if (! f) { void print_hexits(uint8_t buf[], size_t length, bool continuous) {
perror("open"); size_t i;
return 1;
for (i = 0; i < length; i += 1) {
printf("%02x ", buf[i]);
if (continuous && ((i+1) % 8 == 0)) printf(" ");
}
if (continuous) printf(" ");
}
void print_glyphs(uint8_t buf[], size_t length, bool decoration) {
size_t i;
if (decoration) printf("");
for (i = 0; i < length; i += 1)
printf("%s", charset[buf[i]]);
if (decoration) printf("");
}
int dump(FILE *f, uint8_t width, bool offsets, bool hex, bool glyphs, bool skip, bool nl) {
uint64_t p = 0;
uint64_t op = 0;
int skipping = 0;
size_t offset = 0;
uint8_t buf[2*width];
while (!feof(f)) {
uint8_t *bytes = buf + offset;
size_t len;
offset = width - offset;
len = fread(bytes, 1, width, f);
if (len == 0) break;
op = p;
p += len;
if (skip) {
if (op && (memcmp(buf, buf + width, width) == 0)) {
if (skipping == 1) {
printf("*\n");
skipping = 1;
}
continue;
} else {
skipping = 0;
}
}
if (offsets) printf("%08lx ", (long unsigned int)op);
if (hex) print_hexits(bytes, len, nl);
if (glyphs) print_glyphs(bytes, len, hex);
if (nl) printf("\n");
} }
dump(f); if (offsets) printf("%08lx bytes", (long unsigned int)p);
} printf("\n");
return EX_OK;
return 0; }
int main(int argc, char *argv[]) {
int opt;
FILE *input = stdin;
/* defaults */
uint8_t width = 16;
bool hex = true;
bool skip = true;
bool glyphs = true;
bool offsets = true;
bool nl = true;
/* special modes */
bool hexdump = false;
bool glyphdump = false;
/* option parsing */
while ((opt = getopt(argc, argv, "hvoxsgw:XG")) != -1) {
switch (opt) {
case 'o': /* offset off */
offsets = false;
break;
case 'x': /* hex off */
hex = false;
break;
case 's': /* skip off */
skip = false;
break;
case 'g': /* glyphs off */
glyphs = false;
break;
case 'w': /* width */
if (optarg[0] == '-') optarg++;
width = (uint8_t)atoi(optarg);
if (width == 0) width = 16;
break;
case 'X': /* hex dump mode */
hexdump = true;
break;
case 'G': /* glyph dump mode */
glyphdump = true;
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
/* crazy user! */
if (!hex && !glyphs) glyphs = true;
/* modes override other options, hex wins vs. glyphs */
if (hexdump) {
glyphs = skip = offsets = nl = false;
hex = true;
width = 16;
} else if (glyphdump) {
hex = skip = offsets = nl = false;
glyphs = true;
width = 16;
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("open");
return EX_OSFILE;
}
}
return dump(input, width, offsets, hex, glyphs, skip, nl);
} }

239
src/p4split.c
View File

@ -1,9 +1,24 @@
/*
* _ _ _ _ _
* _ __ | || | ___ _ __ | (_) |_
* | '_ \| || |_/ __| '_ \| | | __|
* | |_) |__ _\__ \ |_) | | | |_
* | .__/ |_| |___/ .__/|_|_|\__|
* |_| |_|
*
* split a pcap into multiple files, based on a CIDR filter
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdbool.h>
#include <stdlib.h> #include <stdlib.h>
#include <sysexits.h> #include <sysexits.h>
#include <strings.h> #include <strings.h>
#include <getopt.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
/* Gaah so much crap */ /* Gaah so much crap */
#include <sys/socket.h> #include <sys/socket.h>
@ -12,123 +27,151 @@
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/in.h> #include <netinet/in.h>
int version(bool error) {
fprintf(WHICHOUT(error), "p4split v.%s - %s\n\n", PACKAGE_VERSION,
"Splits PCAP into up to 256 files based on CIDR");
return error ? EX_USAGE : EX_OK;
}
int int usage(bool error, char *prog) {
usage(int ret) int retval = version(error);
{ fprintf(WHICHOUT(error), "Usage: %s [-i INPUT] <CIDR>\n", prog);
fprintf(stderr, "Usage: p4split CIDR\n"); fprintf(WHICHOUT(error), "\t-i INPUT\tA PCAP to read for input\n");
fprintf(stderr, "\n"); fprintf(WHICHOUT(error), "\tCIDR\t\tA network address in CIDR notation\n");
fprintf(stderr, "Splits pcap on stdin into up to 256 files, based on CIDR.\n"); fprintf(WHICHOUT(error), "\nif INPUT is not specified, stdin will be read\n");
return ret; return retval;
} }
int int parse_cidr(char *s, uint32_t *addr, uint8_t *bits) {
parse_cidr(char *s, uint32_t *addr, uint8_t *bits) char *slash = index(s, '/');
{ struct in_addr inp;
char *slash = index(s, '/');
struct in_addr inp;
if (slash) { if (slash != NULL) {
*slash = 0; *slash = '\0';
*bits = atoi(slash + 1); *bits = (uint8_t)atoi(slash + 1);
} else { } else {
*bits = 0; *bits = 0;
} }
if (0 == inet_aton(s, &inp)) return -1; if (inet_aton(s, &inp) == 0) return -1;
*addr = ntohl(inp.s_addr); *addr = ntohl(inp.s_addr);
return 0; return 0;
} }
int int p4split(struct pcap_file input, uint32_t addr, uint8_t bits) {
main(int argc, char *argv[]) int i;
{ struct pcap_file out[256];
struct pcap_file p; int errid = 0;
struct pcap_file out[256]; uint32_t mask = ~((1 << (32-bits)) - 1);
int ok = 0; uint8_t shr = (32-bits) - 8;
uint32_t addr;
uint32_t mask;
uint8_t bits;
uint8_t shr;
int i;
if (argc != 2) return usage(0); addr &= mask;
if (-1 == parse_cidr(argv[1], &addr, &bits)) return usage(0);
if (bits > 24) return usage(0);
if (bits % 8) {
fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n");
}
mask = ~((1 << (32-bits)) - 1); for (i = 0; i < 256; i += 1) out[i].f = NULL;
addr &= mask;
shr = (32-bits) - 8;
for (i = 0; i < 256; i += 1) { while (true) {
out[i].f = NULL; struct pcap_pkthdr hdr;
} uint8_t octet;
char frame[MAXFRAME];
if (-1 == pcap_open_in(&p, stdin)) return usage(0); if (pcap_read_pkthdr(&input, &hdr) == -1) break;
if (fread(frame, hdr.caplen, 1, input.f) != 1) break;
while (1) { {
struct pcap_pkthdr hdr; struct ether_header *eh = (struct ether_header *)frame;
uint8_t octet; struct iphdr *ih = (struct iphdr *)(frame + sizeof(struct ether_header));
char frame[MAXFRAME]; uint32_t a;
ok = 1; /* VLAN tag */
if (-1 == pcap_read_pkthdr(&p, &hdr)) break; if (ntohs(eh->ether_type) == 0x8100) {
if (1 != fread(frame, hdr.caplen, 1, p.f)) break; ih = (struct iphdr *)((char *)ih + 4);
}
a = ntohl(ih->saddr);
{ if ((a & mask) != addr) {
struct ether_header *eh = (struct ether_header *)frame; a = ntohl(ih->daddr);
struct iphdr *ih = (struct iphdr *)(frame + sizeof(struct ether_header)); if ((a & mask) != addr) {
uint32_t a; fprintf(stderr,
"Warning: dropping unmatched packet %08x -> %08x\n",
/* VLAN tag */ ntohl(ih->saddr), ntohl(ih->daddr));
if (ntohs(eh->ether_type) == 0x8100) { continue;
ih = (struct iphdr *)((char *)ih + 4); }
} }
octet = (a & ~mask) >> shr;
a = ntohl(ih->saddr); }
if ((a & mask) != addr) {
a = ntohl(ih->daddr); if (! out[octet].f) {
if ((a & mask) != addr) { char fn[9];
fprintf(stderr, "Warning: dropping unmatched packet %08x -> %08x\n", FILE *f;
ntohl(ih->saddr), ntohl(ih->daddr));
continue; snprintf(fn, 9, "%d.pcap", octet);
if (((f = fopen(fn, "wb")) == NULL) ||
(pcap_open_out(&out[octet], f) == -1)) {
perror("Error creating output");
errid = EX_CANTCREAT;
break;
}
}
if ((pcap_write_pkthdr(&out[octet], &hdr) == -1) ||
(fwrite(frame, hdr.caplen, 1, out[octet].f) != 1)) {
perror("Error writing");
errid = EX_IOERR;
break;
} }
}
octet = (a & ~mask) >> shr;
} }
ok = 0; for (i = 0; i < 256; i++) if (out[i].f) pcap_close(&out[i]);
if (! out[octet].f) {
char fn[9];
FILE *f;
sprintf(fn, "%d.pcap", octet); pcap_close(&input);
if (NULL == (f = fopen(fn, "wb"))) break; return errid;
if (-1 == pcap_open_out(&out[octet], f)) break; }
}
int main(int argc, char *argv[]) {
if (-1 == pcap_write_pkthdr(&out[octet], &hdr)) break; int opt;
if (1 != fwrite(frame, hdr.caplen, 1, out[octet].f)) break; struct pcap_file p;
} uint32_t addr;
uint8_t bits;
if (! ok) { FILE *input;
perror("Error");
return 1; while ((opt = getopt(argc, argv, "hvi:")) != -1) {
} switch (opt) {
case 'i': /* input */
for (i = 0; i < 256; i += 1) { input = fopen(optarg, "rb");
if (out[i].f) { if (!input) {
pcap_close(&p); perror("open input");
} return EX_IOERR;
} }
break;
return 0; case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if ((optind >= argc) || (argc - optind != 1)) {
fprintf(stderr, "not enough arguments\n");
return usage(true, argv[0]);
}
if (parse_cidr(argv[optind], &addr, &bits) == -1) {
fprintf(stderr, "invalid CIDR\n");
return EX_USAGE;
}
if (bits > 24) {
fprintf(stderr, "subnet bits must be <= 24\n");
return EX_USAGE;
}
if (pcap_open_in(&p, input) == -1) return EX_IOERR;
if (bits % 8)
fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n");
return p4split(p, addr, bits);
} }

50
src/pcap.c
View File

@ -1,51 +1,53 @@
/*
* PCAP library
*
*/
#include <stdio.h> #include <stdio.h>
#include <sysexits.h> #include <sysexits.h>
#include <string.h> #include <string.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
int int pcap_open_in(struct pcap_file *ctx, FILE *f) {
pcap_open_in(struct pcap_file *ctx, FILE *f)
{
struct pcap_file_header h; struct pcap_file_header h;
if (1 != fread(&h, sizeof(h), 1, f)) { if (fread(&h, sizeof(h), 1, f) != 1) h.magic = 0;
h.magic = 0;
}
if (MAGIC == h.magic) { if (MAGIC == h.magic) {
ctx->swap = 0; ctx->swap = 0;
DDUMP("normal order");
} else if (bswap32(MAGIC) == h.magic) { } else if (bswap32(MAGIC) == h.magic) {
ctx->swap = 1; ctx->swap = 1;
DDUMP("swapped order");
} else { } else {
return -1; return -1;
} }
if ((h.version_major != 2) || (h.version_minor != 4)) return -1; if ((h.version_major != 2) || (h.version_minor != 4)) return -1;
DDUMP_d(h.version_major);
DDUMP_d(h.version_minor);
if (ctx->swap) h.snaplen = bswap32(h.snaplen); if (ctx->swap != 0) h.snaplen = bswap32(h.snaplen);
DDUMP_d(h.snaplen);
if (h.snaplen > MAXFRAME) return -1; if (h.snaplen > MAXFRAME) return -1;
ctx->f = f; ctx->f = f;
return 0; return 0;
} }
int int pcap_open_out(struct pcap_file *ctx, FILE *f) {
pcap_open_out(struct pcap_file *ctx, FILE *f)
{
struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 }; struct pcap_file_header h = { MAGIC, 2, 4, 0, 0, MAXFRAME, 1 };
if (1 != fwrite(&h, sizeof(h), 1, f)) return -1; if (fwrite(&h, sizeof(h), 1, f) != 1) return -1;
ctx->f = f; ctx->f = f;
ctx->swap = 0; ctx->swap = 0;
return 0; return 0;
} }
int int pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) {
pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) if (fread(hdr, sizeof(*hdr), 1, ctx->f) != 1) return -1;
{
if (1 != fread(hdr, sizeof(*hdr), 1, ctx->f)) {
return -1;
}
if (ctx->swap) { if (ctx->swap) {
hdr->ts.tv_sec = bswap32(hdr->ts.tv_sec); hdr->ts.tv_sec = bswap32(hdr->ts.tv_sec);
@ -59,9 +61,7 @@ pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
return 0; return 0;
} }
int int pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) {
pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
{
if (ctx->swap) { if (ctx->swap) {
struct pcap_pkthdr ohdr; struct pcap_pkthdr ohdr;
@ -71,16 +71,12 @@ pcap_write_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr)
hdr->caplen = bswap32(hdr->caplen); hdr->caplen = bswap32(hdr->caplen);
hdr->len = bswap32(hdr->len); hdr->len = bswap32(hdr->len);
if (1 != fwrite(&ohdr, sizeof(ohdr), 1, ctx->f)) return -1; if (fwrite(&ohdr, sizeof(ohdr), 1, ctx->f) != 1) return -1;
} else { } else {
if (1 != fwrite(hdr, sizeof(*hdr), 1, ctx->f)) return -1; if (fwrite(hdr, sizeof(*hdr), 1, ctx->f) != 1) return -1;
} }
return 0; return 0;
} }
void void pcap_close(struct pcap_file *ctx) { fclose(ctx->f); }
pcap_close(struct pcap_file *ctx)
{
fclose(ctx->f);
}

10
src/pcap.h
View File

@ -5,7 +5,7 @@
#include <stdint.h> #include <stdint.h>
#define MAGIC 0xa1b2c3d4 #define MAGIC 0xa1b2c3d4
#define MAXFRAME 9000 #define MAXFRAME 65535
struct pcap_file { struct pcap_file {
FILE *f; FILE *f;
@ -48,14 +48,6 @@ struct pcap_pkthdr {
/* Debugging help */ /* Debugging help */
#define DUMPf(fmt, args...) fprintf(stderr, "%s:%s:%d " fmt "\n", __FILE__, __FUNCTION__, __LINE__, ##args)
#define DUMP() DUMPf("")
#define DUMP_d(v) DUMPf("%s = %d", #v, v)
#define DUMP_u(v) DUMPf("%s = %u", #v, v)
#define DUMP_x(v) DUMPf("%s = 0x%x", #v, v)
#define DUMP_s(v) DUMPf("%s = %s", #v, v)
#define DUMP_c(v) DUMPf("%s = %c", #v, v)
#define DUMP_p(v) DUMPf("%s = %p", #v, v)
int pcap_open_in(struct pcap_file *ctx, FILE *f); int pcap_open_in(struct pcap_file *ctx, FILE *f);
int pcap_open_out(struct pcap_file *ctx, FILE *f); int pcap_open_out(struct pcap_file *ctx, FILE *f);

246
src/pmerge.c
View File

@ -1,127 +1,163 @@
/*
* _ __ _ __ ___ ___ _ __ __ _ ___
* | '_ \| '_ ` _ \ / _ \ '__/ _` |/ _ \
* | |_) | | | | | | __/ | | (_| | __/
* | .__/|_| |_| |_|\___|_| \__, |\___|
* |_| |___/
*
* Merges pcap files, outputting time-ordered pcap stream
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <sysexits.h> #include <sysexits.h>
#include <getopt.h>
#include "pcap.h" #include "pcap.h"
#include "netre.h"
struct input_file { struct input_file {
int active; int active;
struct pcap_file p; struct pcap_file p;
struct pcap_pkthdr next; struct pcap_pkthdr next;
}; };
int int version(bool error) {
usage(int ret) fprintf(WHICHOUT(error), "pmerge v.%s - %s\n\n", PACKAGE_VERSION,
{ "Merges pcap files, outputting time-ordered pcap stream");
fprintf(stderr, "Usage: pmerge FILE ...\n"); return error ? EX_USAGE : EX_OK;
fprintf(stderr, "\n");
fprintf(stderr, "Merges pcap files, outputting time-ordered pcap stream\n");
return ret;
} }
int int usage(bool error, char *prog) {
read_next(struct input_file *file) int retval = version(error);
{ fprintf(WHICHOUT(error), "Usage: %s [-o OUTPUT] FILE [FILE]*\n", prog);
if (! file->active) return -1; fprintf(WHICHOUT(error), "\tOUTPUT\toutput filename -- if not specified, stdout will be used\n");
fprintf(WHICHOUT(error), "\tFILE\tinput filename, at least one is required\n");
if (-1 == pcap_read_pkthdr(&file->p, &file->next)) { return retval;
pcap_close(&file->p);
file->active = 0;
file->next.ts.tv_sec = 0xffffffff;
file->next.ts.tv_usec = 0xffffffff;
return -1;
}
return 0;
} }
int int read_next(struct input_file *file) {
main(int argc, char *argv[]) if (! file->active) return -1;
{
struct input_file files[argc-1];
int nfiles = 0;
int nopen;
int i;
struct pcap_file out;
if (1 == argc) return usage(0); if (-1 == pcap_read_pkthdr(&file->p, &file->next)) {
pcap_close(&file->p);
/* Open input files */ file->active = 0;
for (i = 0; i < argc-1; i += 1) { file->next.ts.tv_sec = 0xffffffff;
char *fn = argv[i+1]; file->next.ts.tv_usec = 0xffffffff;
struct input_file *cur = &files[nfiles]; return -1;
FILE *f;
if ('-' == fn[0]) return usage(0);
f = fopen(fn, "rb");
if (NULL == f) {
perror(fn);
return EX_NOINPUT;
} }
if (-1 == pcap_open_in(&cur->p, f)) { return 0;
fprintf(stderr, "%s: unable to process\n", fn); }
return EX_IOERR;
}
cur->active = 1;
if (0 == read_next(cur)) { int pmerge(FILE *output, struct input_file files[], int nfiles) {
nfiles += 1; int nopen;
} int i;
} struct pcap_file out;
if (-1 == pcap_open_out(&out, stdout)) { if (pcap_open_out(&out, output) == -1) {
perror("writing header"); perror("writing pcap header");
return EX_IOERR;
}
nopen = nfiles;
while (nopen) {
struct input_file *cur = &files[0];
char frame[MAXFRAME];
size_t len;
/* Find next oldest frame */
for (i = 0; i < nfiles; i += 1) {
if (files[i].active &&
((files[i].next.ts.tv_sec < cur->next.ts.tv_sec) ||
((files[i].next.ts.tv_sec == cur->next.ts.tv_sec) &&
(files[i].next.ts.tv_usec < cur->next.ts.tv_usec)))) {
cur = &files[i];
}
}
/* Make sure it'll fit */
if (cur->next.caplen > sizeof(frame)) {
fprintf(stderr, "error: huge frame (size %u)\n", (unsigned int)len);
return EX_SOFTWARE;
}
/* Read it */
len = fread(frame, 1, cur->next.caplen, cur->p.f);
if (len < cur->next.caplen) {
/* Short read */
cur->next.caplen = len;
pcap_close(&cur->p);
cur->active = 0;
}
/* Write header + frame */
if (len) {
if (1 != fwrite(&cur->next, sizeof(cur->next), 1, stdout)) {
perror("error");
return EX_IOERR; return EX_IOERR;
}
if (len != fwrite(frame, 1, len, stdout)) {
perror("error");
return EX_IOERR;
}
} }
if (-1 == read_next(cur)) { nopen = nfiles;
nopen -= 1; while (nopen) {
} struct input_file *cur = &files[0];
} char frame[MAXFRAME];
size_t len;
return 0; /* Find next oldest frame */
for (i = 0; i < nfiles; i += 1) {
if ( files[i].active &&
((files[i].next.ts.tv_sec < cur->next.ts.tv_sec) ||
((files[i].next.ts.tv_sec == cur->next.ts.tv_sec) &&
( files[i].next.ts.tv_usec < cur->next.ts.tv_usec)))) {
cur = &files[i];
}
}
/* Make sure it'll fit */
if (cur->next.caplen > sizeof(frame)) {
fprintf(stderr, "error: huge frame (size %u)\n", (unsigned int)len);
return EX_SOFTWARE;
}
/* Read it */
len = fread(frame, 1, cur->next.caplen, cur->p.f);
if (len < cur->next.caplen) {
/* Short read */
cur->next.caplen = len;
pcap_close(&cur->p);
cur->active = 0;
}
/* Write header + frame */
if (len) {
if (fwrite(&cur->next, sizeof(cur->next), 1, output) != 1) {
perror("error");
return EX_IOERR;
}
if (len != fwrite(frame, 1, len, output)) {
perror("error");
return EX_IOERR;
}
}
if (read_next(cur) == -1) nopen -= 1;
}
return EX_OK;
}
int main(int argc, char *argv[]) {
int opt;
FILE *output = stdout;
while ((opt = getopt(argc, argv, "hvo:")) != -1) {
switch (opt) {
case 'o': /* output file */
output = fopen(optarg, "wb");
if (!output) {
perror("Open output");
return EX_OSFILE;
}
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind >= argc) return usage(true, argv[0]);
int i;
int nfiles = 0;
struct input_file files[argc - optind];
/* Open input files */
for (i = optind; i < argc; i++) {
char *fn = argv[i];
struct input_file *cur = &files[nfiles];
FILE *f;
if (fn[0] == '-') return usage(true, argv[0]);
f = fopen(fn, "rb");
if (!f) {
perror(fn);
return EX_NOINPUT;
}
if (pcap_open_in(&cur->p, f) == -1) {
fprintf(stderr, "%s: unable to process\n", fn);
return EX_IOERR;
}
cur->active = 1;
if (read_next(cur) == 0) nfiles += 1;
}
return pmerge(output, files, nfiles);
} }

168
src/puniq.c
View File

@ -1,63 +1,117 @@
/* _
* _ __ _ _ _ __ (_) __ _
* | '_ \| | | | '_ \| |/ _` |
* | |_) | |_| | | | | | (_| |
* | .__/ \__,_|_| |_|_|\__, |
* |_| |_|
*
* filter one to many PCAPs for unique frames
*
*/
#include <getopt.h>
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h> #include <sysexits.h>
#include <string.h> #include <string.h>
#include "netre.h"
#include "pcap.h" #include "pcap.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "puniq v.%s - %s\n\n", PACKAGE_VERSION,
{ "filter one to many PCAPs for unique frames");
int i; return error ? EX_USAGE : EX_OK;
struct pcap_pkthdr hdr[2]; }
char frame[2][MAXFRAME];
int cur = 0; int usage(bool error, char *prog) {
struct pcap_file out; int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [-o OUTPUT] <FILE> [FILE]*\n", prog);
memset(&hdr, 0, sizeof(hdr)); fprintf(WHICHOUT(error), "\t-o OUTPUT\tfile in which to write output; if not specified, output will be written to stdout\n");
memset(frame, 0, 2 * MAXFRAME); fprintf(WHICHOUT(error), "\tFILE\tinput pcap file, at least one file is required\n");
return retval;
if (-1 == pcap_open_out(&out, stdout)) { }
perror("writing header");
return EX_IOERR; int puniq(FILE *output, char *inputs[], int ninputs) {
} int i;
struct pcap_pkthdr hdr[2];
i = 1; char frame[2][MAXFRAME];
do { struct pcap_file out;
char *fn = argv[i]; int cur;
FILE *f;
struct pcap_file p; if (pcap_open_out(&out, output) == -1) {
perror("writing header");
if ((! fn) || (0 == strcmp("-", fn))) { return EX_IOERR;
f = stdin; }
} else {
f = fopen(fn, "rb"); for (i = 0; i < ninputs; i++) {
if (NULL == f) { char *fn = inputs[i];
perror(fn); FILE *f;
return EX_IOERR; struct pcap_file p;
}
} if ((! fn) || (strcmp("-", fn) == 0)) {
f = stdin;
if (-1 == pcap_open_in(&p, f)) { } else {
fprintf(stderr, "%s: unable to process\n", fn); printf("processing: %s\n", fn);
return EX_IOERR; f = fopen(fn, "rb");
} if (NULL == f) {
perror(fn);
while (1) { return EX_IOERR;
if (-1 == pcap_read_pkthdr(&p, &hdr[cur])) break; }
if (1 != fread(frame[cur], hdr[cur].caplen, 1, p.f)) break; }
if ((0 == memcmp(&hdr[0], &hdr[1], sizeof(hdr[0]))) && if (pcap_open_in(&p, f) == -1) {
(0 == memcmp(frame[0], frame[1], hdr[cur].caplen))) { fprintf(stderr, "unable to process: %s\n", fn);
/* Skip this duplicate */ return EX_IOERR;
} else { }
if (-1 == pcap_write_pkthdr(&out, &hdr[cur])) break;
if (1 != fwrite(frame[cur], hdr[cur].caplen, 1, out.f)) break; cur = 0;
} while (true) {
cur = (1 - cur);
} memset(&hdr[cur], 0, sizeof(hdr[cur]));
pcap_close(&p); memset(&frame[cur], 0, MAXFRAME);
i += 1; if (pcap_read_pkthdr(&p, &hdr[cur]) == -1) break;
} while (i < argc); if (fread(frame[cur], hdr[cur].caplen, 1, p.f) != 1) break;
if ((memcmp(&hdr[0], &hdr[1], sizeof(hdr[cur])) == 0) &&
return 0; (memcmp(frame[0], frame[1], hdr[cur].caplen) == 0)) {
/* Skip this duplicate */
DDUMP("duplicate!");
} else {
if (pcap_write_pkthdr(&out, &hdr[cur]) == -1) break;
if (fwrite(frame[cur], hdr[cur].caplen, 1, out.f) != 1) break;
}
cur = (1 - cur);
}
pcap_close(&p);
}
pcap_close(&out);
return EX_OK;
}
int main (int argc, char *argv[]) {
int opt;
FILE *output = stdout;
while ((opt = getopt(argc, argv, "hvo:")) != -1) {
switch (opt) {
case 'o': /* output file */
output = fopen(optarg, "wb");
if (!output) {
perror("opening output");
return EX_OSFILE;
}
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
/* at least one file is required */
if (argc <= optind) return usage(true, argv[0]);
return puniq(output, &argv[optind], argc - optind);
} }

63
src/repr.c
View File

@ -1,14 +1,39 @@
/*
* _ __ ___ _ __ _ __
* | '__/ _ \ '_ \| '__|
* | | | __/ |_) | |
* |_| \___| .__/|_|
* |_|
*
* Quote non-printable bytes, similar to python's repr()
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "repr v.%s - %s\n\n", PACKAGE_VERSION,
{ "quote non-printable bytes, similar to python's repr()");
while (1) { return error ? EX_USAGE : EX_OK;
int c = getchar(); }
int usage(bool error, char *prog) {
int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [filename]\n\n", prog);
fprintf(WHICHOUT(error), "if a file is not specified, stdin will be read\n");
return retval;
}
int repr(FILE *f) {
int c;
while (EOF != (c = getc(f))) {
switch (c) { switch (c) {
case EOF: case EOF: return 0;
return 0;
case 134: case 134:
printf("\\\\"); printf("\\\\");
break; break;
@ -22,5 +47,29 @@ main(int argc, char *argv[])
} }
} }
printf("\n");
return 0; return 0;
} }
int main(int argc, char *argv[]) {
int opt;
FILE *input = stdin;
/* option parsing */
while ((opt = getopt(argc, argv, "hv")) != -1) {
switch (opt) {
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("opening input file");
return EX_OSFILE;
}
}
return repr(input);
}

79
src/unhex.c
View File

@ -1,26 +1,45 @@
/* Hex Decoder -- 2012 Zephyr <zephyr@dirtbags.net> /*
* * _
* This file is in the public domain. I make no promises * _ _ _ __ | |__ _____ __
* about the functionality of this program. * | | | | '_ \| '_ \ / _ \ \/ /
* | |_| | | | | | | | __/> <
* \__,_|_| |_|_| |_|\___/_/\_\
*
* convert hexits to their binary equivalent
*
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "unhex v.%s - %s\n\n", PACKAGE_VERSION,
{ "convert hexits to their binary equivalent");
unsigned char acc = 0; return error ? EX_USAGE : EX_OK;
unsigned char nybble = 0; }
unsigned long int count = 0;
while (1) { int usage(bool error, char *prog) {
int c = getchar(); int retval = version(error);
fprintf(WHICHOUT(error), "Usage: %s [filename]\n\n", prog);
fprintf(WHICHOUT(error), "if a file is not specified, stdin will be read\n");
return retval;
}
int unhex(FILE *f) {
unsigned char acc = '\0';
unsigned char nybble = '\0';
unsigned long int count = 0;
while (true) {
int c = getc(f);
count += 1; count += 1;
switch (c) { switch (c) {
case EOF: case EOF: return EX_OK;
return 0;
case '0' ... '9': case '0' ... '9':
acc = (acc << 4) + c - '0'; acc = (acc << 4) + c - '0';
nybble += 1; nybble += 1;
@ -34,9 +53,9 @@ main(int argc, char *argv[])
nybble += 1; nybble += 1;
break; break;
default: default:
if (nybble != 0) { if (nybble != 0)
fprintf(stderr, "Warning: non-hex character mid-octet at offset %lu\n", count); fprintf(stderr,
} "Warning: non-hex character mid-octet at offset %lu\n", count);
break; break;
} }
@ -47,5 +66,29 @@ main(int argc, char *argv[])
} }
} }
return 0; return EX_OK;
}
int main(int argc, char *argv[]) {
int opt;
FILE *input = stdin;
/* option parsing */
while ((opt = getopt(argc, argv, "hv")) != -1) {
switch (opt) {
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind < argc) {
input = fopen(argv[optind], "rb");
if (!input) {
perror("opening input");
return EX_OSFILE;
}
}
return unhex(input);
} }

110
src/xor.c
View File

@ -1,48 +1,76 @@
/* xor filter -- 2012 Zephyr <zephyr@dirtbags.net> /*
* * __ _ _ _
* This file is in the public domain. I make no promises * __ _____ _ __ / _(_) | |_ ___ _ __
* about the functionality of this program. * \ \/ / _ \| '__| | |_| | | __/ _ \ '__|
* > < (_) | | | _| | | || __/ |
* /_/\_\___/|_| |_| |_|_|\__\___|_|
*
* apply mask bytes to the pipeline
*
*/ */
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h>
#include <string.h> #include <string.h>
#include <sysexits.h>
#include <getopt.h>
#include "netre.h"
int int version(bool error) {
main(int argc, char *argv[]) fprintf(WHICHOUT(error), "xor v.%s - %s\n\n", PACKAGE_VERSION,
{ "apply mask bytes to the pipeline, using XOR");
int start = 1; return error ? EX_USAGE : EX_OK;
int base = 0; }
int arg;
int usage(bool error, char *prog) {
if (argc < 2) { int retval = version(error);
fprintf(stderr, "Usage: %s [-x] m1 [m2 ...]\n", argv[0]); fprintf(WHICHOUT(error), "Usage: %s [-x] MASK [MASK]*\n", prog);
return 1; fprintf(WHICHOUT(error), "\t-x\tmask bytes are hexadecimal\n");
} fprintf(WHICHOUT(error), "\tMASK\ta mask byte\n");
return retval;
if (0 == strcmp(argv[1], "-x")) { }
base = 16;
start += 1; void do_xor(uint8_t mask[], int len) {
} int i = 0;
while (true) {
arg = start; int c = getchar();
while (1) { if (EOF == c) break;
int c = getchar();
unsigned char mask; c ^= mask[i];
putchar(c);
if (! argv[arg]) { i = (i + 1) % len;
arg = start; }
} }
mask = strtol(argv[arg++], NULL, base);
int main(int argc, char *argv[]) {
if (EOF == c) { int opt;
break; int masklen = 0;
} int base = 0;
int i;
c ^= mask;
putchar(c); /* option parsing */
} while ((opt = getopt(argc, argv, "hvx")) != -1) {
switch (opt) {
return 0; case 'x':
base = 16;
break;
case 'v': return version(false);
case 'h': return usage(false, argv[0]);
default: return usage(true, argv[0]);
}
}
if (optind >= argc) return usage(true, argv[0]);
masklen = argc - optind;
uint8_t mask[masklen];
for (i = optind; i < argc; i++)
mask[i-optind] = (uint8_t)strtol(argv[i], NULL, base);
do_xor(mask, masklen);
return EX_OK;
} }