init example osfp_match

5 files changed, 143 insertions, 2 deletions

diff --git a/.gitignore b/.gitignore
index f60965e..91f11d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ ltmain.sh
 missing
 compile
 libosfp-config
+osfp_match
diff --git a/Makefile.am b/Makefile.am
index 0f63482..12a4b6d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,2 +1,2 @@
-SUBDIRS = src
+SUBDIRS = src example
 ACLOCAL_AMFLAGS=-I m4
diff --git a/configure.ac b/configure.ac
index e1c9b11..64c659d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,5 +19,5 @@ AC_PROG_MAKE_SET
 AC_PROG_LIBTOOL
 
 
-AC_CONFIG_FILES([libosfp-config Makefile src/Makefile])
+AC_CONFIG_FILES([libosfp-config Makefile src/Makefile example/Makefile])
 AC_OUTPUT
diff --git a/example/Makefile.am b/example/Makefile.am
new file mode 100644
index 0000000..c700652
--- /dev/null
+++ b/example/Makefile.am
@@ -0,0 +1,11 @@
+bin_PROGRAMS = osfp_match
+
+osfp_match_SOURCES = \
+        osfp_match.c
+
+osfp_match_LDADD = \
+        ../src/.libs/libosfp.la
+
+osfp_match_LDFLAGS = \
+        -lpcap
+
diff --git a/example/osfp_match.c b/example/osfp_match.c
new file mode 100644
index 0000000..efde9c2
--- /dev/null
+++ b/example/osfp_match.c
@@ -0,0 +1,129 @@
+#include <stdio.h>
+#include <time.h>
+#include <pcap.h>
+#include <netinet/in.h>
+#include <netinet/if_ether.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+unsigned char *fp_file;
+unsigned char *if_name;
+unsigned char *pcap_file_name;
+unsigned char *bpf_string;
+
+int processed_packet;
+
+void usage(void) {
+    fprintf(stderr,
+        "Usage: osfp_match [ ...options... ] [ 'filter rule' ]\n"
+        "\n"
+        "Network interface options:\n"
+        "\n"
+        "  -i iface  - listen on the specified network interface\n"
+        "  -r file   - read offline pcap data from a given file\n"
+        "  -f file   - read fingerprint database from 'file' (%s)\n"
+        );
+    exit(1);
+}
+
+void process_packet(char *user, struct pcap_pkthdr *h, u_char *pkt)
+{
+    printf("packet count %d\n", ++processed_packet);
+}
+
+int main(int argc, char *argv[])
+{
+    int r;
+
+    while ((r = getopt(argc, argv, "+f:i:r")) != -1) {
+        switch(r) {
+            case 'f':
+                if (fp_file) {
+                    printf("Multiple -f options not supported.\n");
+                    exit(1);
+                }
+                fp_file = (unsigned char*)optarg;
+                break;
+            case 'i':
+                if (if_name) {
+                    printf("Multiple -i options not supported.\n");
+                    exit(1);
+                }
+                if_name = (unsigned char*)optarg;
+                break;
+            case 'r':
+                if (pcap_file_name) {
+                    printf("Multiple -r options not supported.\n");
+                    exit(1);
+                }
+                pcap_file_name = (unsigned char*)optarg;
+                break;
+            default:
+                usage();
+                break;
+        }
+    }
+
+    if (optind < argc) {
+        if (optind + 1 == argc) {
+            bpf_string = argv[optind];
+        } else {
+            printf("Filter rule must be a single parameter (use quotes).\n");
+            exit(1);
+        }
+    }
+
+    // prepare pcap handle
+
+    char pcap_err[PCAP_ERRBUF_SIZE];
+    pcap_t *pcap_handle;
+
+    if (pcap_file_name) {
+        if (access((char*)pcap_file_name, R_OK)) {
+            printf("No such file: %s\n", pcap_file_name);
+            exit(1);
+        }
+        pcap_handle = pcap_open_offline((char*)pcap_file_name, pcap_err);
+        if (pcap_handle == NULL ) {
+            printf("Pcap file open failed. File name: %s, Err: %s\n", pcap_file_name, pcap_err);
+            exit(1);
+        }
+    } else if (if_name) {
+        pcap_handle = pcap_open_live((char*)if_name, 65535, 1, 5, pcap_err);
+        if (pcap_handle == NULL) {
+            printf("Pcap live open failed. Interface name: %s, Err: %s\n", if_name, pcap_err);
+            exit(1);
+        }
+    } else {
+        usage();
+    }
+
+    // setup bpf filter
+    if (bpf_string) {
+        struct bpf_program bpf_filter;
+
+        if (pcap_compile(pcap_handle, &bpf_filter, bpf_string, 1, 0) < 0) {
+            printf("bpf compilation error %s", pcap_geterr(pcap_handle));
+            exit(1);
+        }
+        
+        if (pcap_setfilter(pcap_handle, &bpf_filter) < 0) {
+            printf("could not set bpf filter %s", pcap_geterr(pcap_handle));
+            pcap_freecode(&bpf_filter);
+            exit(1);
+        }
+        pcap_freecode(&bpf_filter);
+    }
+
+    // loop
+    while (1) {
+        int r = pcap_dispatch(pcap_handle, 0, (pcap_handler)process_packet, NULL);    
+        if (r < 0) {
+            printf("error code: %d, error: %s\n", r, pcap_geterr(pcap_handle));
+            break;
+        }
+    }
+
+    return 0;
+}
+