search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
graph ratio
[prads.git] / src / config.h
blobea59ee0bc537309684c84ff0f5c8763e24963497
1 #ifndef CONFIG_H
2 #define CONFIG_H
3
4 #define CONFIG_VERBOSE 0x01
5 #define CONFIG_UPDATES 0x02
6 #define CONFIG_SYSLOG 0x04
7 #define CONFIG_QUIET 0x08
8 #define CONFIG_CONNECT 0x10
9 #define CONFIG_CXWRITE 0x20
10 #define CONFIG_PDNS 0x40
11
12 #define DEFAULT_NETS "0.0.0.0/0,::/0"
13
14 /* Flags to set for enabling different OS Fingerprinting checks.
15 * Make these compatible with TCP flags!*/
16 #define CO_FIN 0x01 /* Check FIN packets */
17 #define CO_SYN 0x02 /* Check SYN packets */
18 #define CO_RST 0x04 /* Check RST packets */
19 // push 0x08
20 #define CO_SYNACK 0x08 /* Check SYNACK packets */
21 #define CO_ACK 0x10 /* Check Stray-ACK packets */
22 // urg 0x20
23 // ece 0x40
24 // cwr 0x80
25 #define CO_ICMP 0x20 /* Check ICMP Packets */
26 #define CO_UDP 0x40 /* Check UDP Packets */
27 #define CO_DHCP 0x80 /* Check DHCP Packets */
28 #define CO_OTHER 0x7f /* Check Other Packets - need a flag! */
29
30 /* Flags to set for enabling different service/client checks */
31 #define CS_TCP_SERVER 0x01
32 #define CS_TCP_CLIENT 0x02
33 #define CS_UDP_SERVICES 0x04 /* Currently implying server+client*/
34 #define CS_UDP_CLIENT 0x08
35 #define CS_MAC 0x10
36 #define CS_ICMP 0x20
37 #define CS_ARP 0x80
38
39 typedef struct _globalconfig {
40 pcap_t *handle; /* Pointer to libpcap handle */
41 struct pcap_stat ps; /* libpcap stats */
42 prads_stat pr_s; /* prads stats */
43 bpf_u_int32 net_mask; /**/
44 uint8_t cflags; /* config flags */
45 uint8_t verbose; /* Verbose or not */
46 uint8_t print_updates; /* Prints updates */
47 uint8_t setfilter;
48 uint8_t drop_privs_flag;
49 uint8_t daemon_flag;
50 uint8_t ctf; /* Flags for TCP checks, SYN,RST,FIN.... */
51 uint8_t cof; /* Flags for other; icmp,udp,other,.... */
52 uint32_t payload; /* dump how much of the payload ? */
53 char errbuf[PCAP_ERRBUF_SIZE]; /**/
54 char *bpff; /**/
55 char *user_filter; /**/
56 char *net_ip_string; /**/
57 connection *bucket[BUCKET_SIZE]; /* Pointer to list of ongoing connections */
58 connection *cxtbuffer; /* Pointer to list of expired connections */
59 asset *passet[BUCKET_SIZE]; /* Pointer to list of assets */
60 port_t *lports[MAX_IP_PROTO]; /* Pointer to list of known ports */
61 char cxtfname[4096]; /* cxtracker/sancp like output file */
62 char cxtlogdir[2048]; /* log dir for sancp/cxtracker output */
63 char *file; /* config file location, if known */
64 char *assetlog; /* Filename of prads-asset.log */
65 char *fifo; /* Path to FIFO output */
66 uint8_t ringbuffer; /* Enable logging to ringbuffer */
67 char *pcap_file; /* Filename to pcap too read */
68 char *sig_file_syn; /* Filename of TCP SYN sig file */
69 char *sig_file_synack; /* Filename of TCP SYNACK sig file */
70 char *sig_file_ack; /* Filename of TCP Stray-ACK sig file */
71 char *sig_file_fin; /* Filename of TCP FIN sig file */
72 char *sig_file_rst; /* Filename of TCP RST sig file */
73 char *sig_file_mac; /* Filename of MAC signature file */
74 char *sig_file_dhcp; /* Filename of DHCP signature file */
75 char *sig_file_serv_tcp; /* Filename of tcp server sig file */
76 char *sig_file_cli_tcp; /* Filename of tcp client sig file */
77 char *sig_file_serv_udp; /* Filename of udp server sig file */
78 char *sig_file_cli_udp; /* Filename of udp client sig file */
79 signature *sig_serv_tcp; /* Pointer to list of tcp service signatures */
80 signature *sig_serv_udp; /* Pointer to list of udp service signatures */
81 signature *sig_client_tcp; /* Pointer to list of tcp client signatures */
82 signature *sig_client_udp; /* Pointer to list of udp client signatures */
83 fmask *network[MAX_NETS]; /* Struct for fmask */
84 char *dev; /* Device name to use for sniffing */
85 char *chroot_dir; /* Directory to chroot to */
86 char *group_name; /* Groupe to drop privileges too */
87 char *user_name; /* User to drop privileges too */
88 char *pidfile; /* pidfile */
89 char *configpath; /* Path to config dir */
90 char *s_net; /* Nets to collect assets for */
91 uint32_t sig_hashsize; /* size of signature hash */
92 uint32_t mac_hashsize; /* size of mac hash */
93 fp_entry **sig_syn; /* SYN signature hash */
94 fp_entry **sig_synack; /* SYNACK signature hash */
95 fp_entry **sig_ack; /* Stray-ACK signature hash */
96 fp_entry **sig_fin; /* FIN signature hash */
97 fp_entry **sig_rst; /* RST signature hash */
98 mac_entry **sig_mac; /* Pointer to hash of mac signatures */
99 dhcp_fp_entry **sig_dhcp; /* DHCP signature hash */
100 char *bpf_file; /* filename of BPF file to load */
101 uint8_t tcpopt_parsable;
102
103 } globalconfig;
104 #define ISSET_CONFIG_VERBOSE(config) ((config).cflags & CONFIG_VERBOSE)
105 #define ISSET_CONFIG_UPDATES(config) ((config).cflags & CONFIG_UPDATES)
106 #define ISSET_CONFIG_SYSLOG(config) ((config).cflags & CONFIG_SYSLOG)
107 #define ISSET_CONFIG_QUIET(config) ((config).cflags & CONFIG_QUIET)
108
109 void display_config(globalconfig *conf);
110 void set_default_config_options(globalconfig *conf);
111 void parse_line (globalconfig *conf, bstring line);
112 void parse_config_file(const char *fname);
113 int parse_args(globalconfig *conf, int argc, char *argv[], char *args);
114 int brtrim (bstring string);
115 int bltrim (bstring string);
116 void free_config();
117
118 #endif // CONFIG_H
PRADS is a Passive Real-time Asset Detection System. It passively listen to network traffic and gathers information on hosts and services it sees on the network.