TCP-Rebuild
1 match

 view release on metacpan or  search on metacpan

lib/TCP/Rebuild.pm  view on Meta::CPAN 


=head1 SUBROUTINES/METHODS

=head2 rebuild

  $r->rebuild('/path/to/file.pcap');

This method rebuilds a specific pcap file using the currently set options.

Will die if the file is not readable or if Net::LibNIDS cannot be initialised.

=cut

sub rebuild {
  my ($self, $filename) = @_;

  # Exception if we can't read the file
  if (!-r $filename) {
    die "File $filename is not readable";
  }

  # Net::LibNIDS is not currently object oriented, so this is the best we 
  # can do
  if ($self->{filter} ne '') {
    my $filter = $self->{filter} . ' or (ip[6:2] & 0x1fff != 0)';
    Net::LibNIDS::param::set_pcap_filter($filter);
  }
  Net::LibNIDS::param::set_filename($filename);

  if (!Net::LibNIDS::init) {
    die "libnids failed to initialise";
  }

  # Without this closure, the collector has no idea about $self
  my $callback = sub { 
    $self->_collector(@_);
  };
  Net::LibNIDS::tcp_callback($callback);
  Net::LibNIDS::run;

  $self->_cleanup;

  return 1;
}

=head2 new

  my $r = TCP::Rebuild->new;

This method constructs a new TCP::Rebuild object.  

=cut

sub new {
  my $class    = shift;
  my %defaults = (
    separator	=> 0,
    filter	=> ''
  );

  my $self = bless { %defaults, @_ } => $class;

  $self->{connections} = {};

  return $self;
}

sub _end_connection {
  my ($self, $key, $conn, $message) = @_;

  my $connections = $self->{connections};

#  _print 1, "Connection from " . $conn->client_ip . " " . $message;
#  _print 1, " (C->S: " . $connections{$key}{'client_bytes'} . " bytes, C<-S " . $connections{$key}{'server_bytes'} . " bytes)\n";

  # Close the output file, if appropriate
  undef $connections->{$key}{'fh'};

  delete $connections->{$key};
}

sub _save_data {
  my ($self, $key, $conn, $direction) = @_;

  my $connections = $self->{connections};

  # Extract the current connection object
  my $active = ($direction eq "server") ? $conn->client : $conn->server;

  my $data = substr($active->data, 0, $active->count_new);
  my $length = length $data;

  my $fh = $connections->{$key}{'fh'};

  # Print a separator delimiting packets, this could be customisable
  if ($self->{separator}) {
    print $fh "[$direction +$length] " . $conn->lastpacket_sec . "." . $conn->lastpacket_usec . "\n";
  }
  print $fh $data;

  return;
}

sub _collector {
  my ($self, $args) = @_;

  my $connections = $self->{connections};

  my $key = $args->client_ip . ":" . $args->client_port . "-" . $args->server_ip . ":" . $args->server_port;

  if($args->state == Net::LibNIDS::NIDS_JUST_EST()) {
    # Set the flags to say we want to collect this traffic
    $args->server->collect_on();
    $args->client->collect_on();

    # Create an empty buffer
    $connections->{$key}{'client_buffer'} = '';
    $connections->{$key}{'server_buffer'} = '';
    $connections->{$key}{'client_bytes'} = 0;             # Bytes FROM the client
    $connections->{$key}{'server_bytes'} = 0;             # Bytes FROM the server

 view all matches for this distribution
 view release on metacpan -  search on metacpan

( run in 0.886 second using v1.00-cache-2.02-grep-82fe00e-cpan-9e6bc14194b )