...
Note: it is possible to extend the above config file format to have multiple sessions configured in one file. Config file could have sections named like this: [wlan0-v6], [eth0-v4], and so on. Each section would hold one session config. Reading such config file would have started all the sessions. Do we need this? Or is it too complicated?
Session Config File Overview
In this section, the session configuration is described. Valid parameters are described from config file perspective. However, it is assumed that for each parameter in config file, there is a corresponding field in the BTCAP_SessionConfig structure.
capture_ip: IPv4 or IPv6 address of local network interface, defining the capture point. Example: capture_ip = 192.168.5.111
peer_ip_include: We DO capture traffic between these IP addresses and our capture_ip. The value is a comma-separated list. Example: peer_ip_include = 192.168.5.112, 192.168.5.113
peer_ip_exclude: We IGNORE traffic between these IP addresses and our capture_ip. The value is a comma-separated list. Example: peer_ip_exclude = 192.168.5.*. Note: Multicast addresses are always excluded.
tcp_packets: Capture TCP packets. Example: tcp_packets = 1
udp_packets: Capture UDPP packets. Example: udp_packets = 1
local_port_include: We DO capture traffic on these local ports. The value is a comma-separated list. Example: local_port_include = 1983, 1984, 2010-2025
local_port_exclude: We IGNORE traffic on these local ports. The value is a comma-separated list. Example: local_port_exclude = 1980,11908,9898
remote_port_include: We DO capture traffic on these remote ports. The value is a comma-separated list. Example: remote_port_include = 1983, 1984, 2010-2025
remote_port_exclude: We IGNORE traffic on these remote ports. The value is a comma-separated list. Example: remote_port_exclude = 1980,11908,9898
results_dir: The path to a directory where the pcapng files are saved by this session. Example: results_dir = ../bin/pcapng-output
max_result_file_size: Max pcapng file size before it roll over. Example: max_result_file_size = 55555
More parameters will be added as necessary.
Basic API
With the terms defined above, the exposed API is very simple. The API is the same for Windows and Linux. There are only a few C-style entry points exported from the library.
...
-----
#include "../include/btcap-helper.h"
#ifdef WIN32
const char* libraryPath = "./btcap.dll";
#else
const char* libraryPath = "./btcap.so";
#endif
int main(int argc, char* argv[])
{
// TODO: pass this as a command line argument.
const char* btcapConfigPath = "./btcap.cfg";
printf("Checking if BTCap is available...\n");
bool ok = BTCap_isAvailable(libraryPath);
if (!ok)
{
printf(" BTCap is NOT available. Exiting.\n");
return 10;
}
printf(" BTCap is available.\n");
int rc;
BTCapHelper* btcap = BTCap_GetHelper(libraryPath);
BTCAP_SessionConfig btcapConfig = {0};
printf("Reading btcap session config file (%s) ...\n", btcapConfigPath);
rc = btcap->ReadConfig(btcapConfigPath, &btcapConfig);
printf("Starting btcap session...\n");
rc = btcap->Start(&btcapConfig);
#ifdef WIN32
SetConsoleCtrlHandler(console_ctrl_handler, TRUE);
#else
signal(SIGINT, sig_handler);
signal(SIGHUP, sig_handler);
signal(SIGSTOP, sig_handler);
signal(SIGKILL, sig_handler);
signal(SIGTERM, sig_handler);
#endif
printf("Running btcap session...\n");
while (!g_exit)
{
// Do other stuff
Sleep(1000);
}
printf("Stopping btcap session...\n");
btcap->Stop();
delete btcap;
printf("Exiting...\n");
return 0;
}
----
Implementation Overview
...
Questions
Below is a list of questions to be addressed as a result of this requirements document:
...