anon.c File Reference

#include <pcap.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/ethernet.h>
#include <sys/time.h>
#include <stdarg.h>
#include <time.h>
#include <math.h>
#include <getopt.h>
#include "anon.h"

Include dependency graph for anon.c:

Go to the source code of this file.

Defines
#define	_GNU_SOURCE
#define	FIRST_ANON_IP   "10.0.0.1"
#define	FIRST_ANON_PORT   300
#define	print(format, args...)   fprintf(output_stream, format, ##args)
#define	nb_fields_to_anonymise   (sizeof(fields_to_anonymise)/sizeof(fields_to_anonymise[0]))
#define	get_string_from_args(s)
#define	display_additional_info()
#define	find_anonymised_url(s)   find_url(s, 0)
#define	look_for_anonymised_url(s)   find_url(s, 4)
#define	get_extension(s)   get_infos(s, 1, 0)
#define	get_suffix(s)   get_infos(s, 0, 1)
#define	int_to_string(nb)   string_append(NULL,"%i",nb)
#define	display_string_table_with_data_sorted(title, table, data_title)   display_string_table_with_data(title, table, data_title, 1)
#define	display_string_table_with_data_unsorted(title, table, data_title)   display_string_table_with_data(title, table, data_title, 0)
#define	display_string_table(title, table)   display_string_table_with_data_sorted(title, table, "")
#define	display_string_table_unsorted(title, table)   display_string_table_with_data_unsorted(title, table, "")
#define	add_and_count_new_string_with_data(table, s, data)   add_and_count_string_with_data(table, s, data, 1)
#define	add_and_count_string(table, s)   add_and_count_string_with_data(table, s, NULL)
Functions
void	free_nb_table (nb_table table)
void	add_nb (nb_table *table, int nb)
void	stats_add_content_length_nb (int nb)
char *	find_end (char *ptr)
char *	base_name (register char *f)
	Returns the base name of a file (ie: /tmp/anon ==> anon).
int	is_ip_in_a_string (char *s)
	Returns 1 if the provided string is in the form "xxx.xxx.xxx.xxx".
char *	string_append (char *s, const char *fmt,...)
	Appends a string to another.
char *	get_pct (double pct)
	Returns a human readable string representing a percentage.
char *	get_speed (double speed)
	Returns a human readable string representing a speed in bytes/s.
char *	get_size (int s)
	Returns a human readable string representing a size in bytes.
char *	get_time (double t)
	Returns a human readable string representing a time.
void	catch_ctrl_c (int signum)
	Signal Handler to catch CTRL+C.
char *	add_flag (char *s, char *flag)
	It is a small function called by compute_flags().
char *	compute_flags (u_int8_t flags)
	Builds a string containing a textual representation of the flags present in a TCP header.
void	display_packet_infos (int nb, struct timeval *ts, char *ip_src, char *ip_dst, int sport, int dport)
	Displays infos about a IP packet.
void	anon_timestamp (register struct timeval *tvp)
	Anonymises an timestamp (8 bytes) in memory.
void	ts_print_diff (struct timeval *tvp)
	Prints a time difference following this format: 14.95ms.
void	ts_print (struct timeval *tvp_)
	Prints a timestamp following this format: 16:21:48.970264.
dialog *	buffer_request (char *request, int len, int nb, char *ip_src, char *ip_dst, int port_src, int port_dst)
	Buffers a request in memory.
dialog *	find_request (char *ip_src, char *ip_dst, int port_src, int port_dst)
	Finds a request in a dialog, matching some criteria.
char *	is_in (char **string_table, char *string)
	Checks if a string is contained in a string array.
void	memset_range (char *start, char *end, int c)
	Fills a memory area with a specified character (this is a wrapper for memset).
char	get_random_char ()
	Gets a random letter from the alphabet.
char *	generate_anonymised_url (char *s)
	Generates an anonymised URL from a genuine URL.
char *	get_infos (char *s, int extension, int suffix)
void	add_anonymised_url (char *url_, char *newurl_)
	Adds an anonymised URL the the table.
void *	xmalloc (size_t size)
	A wrapper to malloc() which quits the program if the memory allocation fails.
void *	xrealloc (void *ptr, size_t size)
	A wrapper to realloc() which quits the program if the memory allocation fails.
char *	find_url (char *s, int offset)
	Finds an URL (anonymised or not) in the table.
void	anon_url (char *s)
	Anonymises an URL (a string) in memory.
void	anon_sequence (u_int32_t *seq)
	Anonymises a sequence number (4 bytes) in memory and adds it to a table (if the -u option is used).
void	anon_date (char *date)
	Anonymises a date in memory.
void	anon_field (char *field, char *s)
	Anonymises a HTTP header field.
char *	strstr_limited (char *ptr, char *end, char *str)
	Wrapper for strstr, which limits the memory area to search.
char *	process_http (char *data, int len, int scan, int anon)
	This a wrapper to call either scan_http() or anon_http().
void	anon_http (char *data, int len)
	Anonymises a HTTP header in memory.
void	convert_to_small (char *ptr)
	Converts a string to lowercase.
void	scan_http (struct dialog *d)
	Scans two HTTP headers in memory (request and response) and gathers statistics.
void	free_string_table (string_and_nb *table)
	Frees a string table.
string_and_nb *	summarize_stats (nb_table *table, string_and_nb *new_table, int max, char *title)
double	compute_mean_value (nb_table table)
double	compute_variation (nb_table table)
double	compute_std_deviation (nb_table table)
void	freshness_stats ()
nb_table *	clone_nb_table (nb_table table)
char *	display_deviation (nb_table *t, char *title)
void	display_nb_table (char *title, nb_table *t)
void	latency_stats ()
void	content_length_stats ()
	Makes and prints statistics about content_lengh fields.
void	display_string_table_with_data (char *title, string_and_nb *table, char *data_title, int sorted)
	Displays a string table and associated counters and data.
string_and_nb *	add_and_count_string_with_data (string_and_nb *table, char *s, void *data)
	Adds a string in a table if not yet present. If the string is already present, a counter is incremented.
string_and_nb *	find_item (string_and_nb *table, char *s)
	Lookup a string in a string table. If found, the item is returned, Null otherwise.
void	stats_add_sequence_number (char *s)
void	stats_add_sequence_number_with_data (char *s, void *data)
void	stats_add_header (char *s)
void	stats_add_extension (char *s)
void	stats_add_suffix (char *s)
void	stats_add_server (char *s)
void	stats_add_server_simple (char *s)
void	stats_add_user_agent (char *s)
void	stats_add_http_response_code_with_data (char *s, char *data)
void	stats_add_content_type (char *s)
void	stats_add_content_type_simple (char *s)
void	stats_add_http_version (char *s)
void	stats_add_freshness (int nb)
void	stats_add_latency (int nb)
void	process_dialog (struct dialog *d)
	Scans a HTTP dialog (request+response) and displays it if needed.
void	free_dialog (struct dialog *d)
	Frees a HTTP dialog.
int	parse_size (char *string)
	: Parses a size in the form: "10m" or "1g", and returns the number of bytes
u_int32_t	getip32 (char *ip)
	Converts an IP address of the form XXX.XXX.XXX.XXX to an unsigned integer (32 bits).
void	anon_port (u_int16_t *port)
	Anonymises a port (2 bytes) in memory and adds it to a table.
char *	find_anonymised_ip (struct in_addr *ip)
	Finds an anonymised IP in the table.
void	anon_ip (struct in_addr *ip)
	Anonymises an IP (4 bytes) in memory and adds it to a table.
pcap_if_t *	get_pcap_interface (char *name)
	Gets a network interface given a name such as "eth0".
int	main (int argc, char **argv)
void	free_anonymised_url_table ()
	Frees the table of anonymised URLs.
void	packet_handler (u_char *param, const struct pcap_pkthdr *header, const u_char *packet)
	The packet handler function, which is called for every processed packet.
Variables
int	nb_response = 0
int	nb_request = 0
char *	input_file_size_s = NULL
int	input_file_size = 0
int	input_file_read = 0
int	input_file_last = 0
int	input_file_size_1pct = 0
int	output_file_written = 0
time_t	start_time
time_t	end_time
int	debug = 0
int	do_stats = 1
int	anonymise = 1
int	anonymise_mac = 1
int	anonymise_port = 1
int	anonymise_date = 1
int	anonymise_timestamp = 1
int	anonymise_url = 1
int	anonymise_http = 1
int	anonymise_ip = 1
int	anonymise_content = 1
int	anonymise_checksum = 1
int	anonymise_sequence = 1
int	display = 1
int	display_flags = 1
int	display_tcp_infos = 1
int	display_timestamp = 1
int	display_progress = 1
int	display_http = 1
int	display_http_only = 0
int	display_unanswered_requests = 0
int	display_raw_stats = 0
int	already_anonymised = 0
int	use_sequence_numbers = 0
int	truncate_packet = 0
int	nbip = 0
int	nbports = 0
int	nburl = 0
char *	ip_table = NULL
char *	port_table = NULL
char *	anon_url_table = NULL
double	pct_treshold = 0
string_and_nb *	server_version_table = NULL
string_and_nb *	server_version_simple_table = NULL
string_and_nb *	http_response_code_table = NULL
string_and_nb *	http_version_table = NULL
string_and_nb *	user_agent_table = NULL
string_and_nb *	extension_table = NULL
string_and_nb *	content_type_table = NULL
string_and_nb *	content_type_simple_table = NULL
string_and_nb *	header_table = NULL
string_and_nb *	sequence_number_table = NULL
string_and_nb *	suffix_table = NULL
nb_table	cl_table = {0, NULL}
nb_table	fresh_table = {0, NULL}
nb_table	latency_table = {0, NULL}
dialog *	dialog_table = NULL
u_int32_t	firstanonip = 0
int32_t	timeoffset = 0
int32_t	timeoffset_usec = 0
int	date_offset = 0
u_int32_t	rand_seq_nb = 0
int	maxpacketsize = 65536
int	maxfilesize = 0
int	nbpackets = 0
int	nbvalidpackets = 0
int	nbpacketstocapture = -1
int	max_display_space = 0
FILE *	output_stream
char *	ofile = NULL
char *	ifile = NULL
pcap_t *	adhandle = NULL
pcap_dumper_t *	dumphandle
pcap_if_t *	alldevs = NULL
char *	fields_to_anonymise []

---

Define Documentation

#define _GNU_SOURCE

Definition at line 29 of file anon.c.

#define add_and_count_new_string_with_data (  table, s, data   )     add_and_count_string_with_data(table, s, data, 1)

Definition at line 164 of file anon.c.

#define add_and_count_string (  table, s   )     add_and_count_string_with_data(table, s, NULL)

Definition at line 165 of file anon.c. Referenced by stats_add_content_type(), stats_add_content_type_simple(), stats_add_extension(), stats_add_http_version(), stats_add_sequence_number(), stats_add_server(), stats_add_server_simple(), stats_add_suffix(), stats_add_user_agent(), and summarize_stats().

#define display_additional_info (   )

Value: { \ int l; char len_space[]=" "; char seq_space[]=" "; \ l=sprintf(len_space, "%i", tcp_len); len_space[l]=' '; len_space[4]='\0'; \ strncpy(seq_space, seq_nb, strlen(seq_nb)); \ if(display_tcp_infos) {print("seq=%s len=%s hlen=%i ",seq_space, len_space, tcp->th_hlen_reserved/4); \ if(display_flags) print("%s ",flags);}; \ }; while(0) Definition at line 143 of file anon.c. Referenced by packet_handler().

#define display_string_table (  title, table   )     display_string_table_with_data_sorted(title, table, "")

Definition at line 160 of file anon.c. Referenced by main().

#define display_string_table_unsorted (  title, table   )     display_string_table_with_data_unsorted(title, table, "")

Definition at line 161 of file anon.c. Referenced by content_length_stats(), freshness_stats(), and latency_stats().

#define display_string_table_with_data_sorted (  title, table, data_title   )     display_string_table_with_data(title, table, data_title, 1)

Definition at line 158 of file anon.c. Referenced by main().

#define display_string_table_with_data_unsorted (  title, table, data_title   )     display_string_table_with_data(title, table, data_title, 0)

Definition at line 159 of file anon.c.

#define find_anonymised_url (  s   )     find_url(s, 0)

Definition at line 151 of file anon.c. Referenced by anon_url(), and generate_anonymised_url().

#define FIRST_ANON_IP   "10.0.0.1"

Definition at line 46 of file anon.c. Referenced by anon_ip().

#define FIRST_ANON_PORT   300

Definition at line 47 of file anon.c. Referenced by anon_port().

#define get_extension (  s   )     get_infos(s, 1, 0)

Definition at line 153 of file anon.c. Referenced by process_http().

#define get_string_from_args (  s   )

Value: {\ int n, size = 8000; \ char *p; va_list ap; \ if ((p = malloc (size+1)) == NULL) {va_end(ap);s=NULL;}\ else{ \ while (1) { \ va_start(ap, fmt); n = vsnprintf (p, size, fmt, ap); va_end(ap); \ if (n > -1 && n < size) {va_end(ap);p=realloc(p, n+1);*(p+n)=0;s=p;break;} \ if (n > -1) size = n+1; else size *= 2; \ if ((p = realloc (p, size+1)) == NULL) {va_end(ap);s=NULL;break;} \ }}} Definition at line 130 of file anon.c. Referenced by string_append().

#define get_suffix (  s   )     get_infos(s, 0, 1)

Definition at line 154 of file anon.c. Referenced by process_http().

#define int_to_string (  nb   )     string_append(NULL,"%i",nb)

Definition at line 156 of file anon.c.

#define look_for_anonymised_url (  s   )     find_url(s, 4)

Definition at line 152 of file anon.c. Referenced by anon_url().

#define nb_fields_to_anonymise   (sizeof(fields_to_anonymise)/sizeof(fields_to_anonymise[0]))

Definition at line 128 of file anon.c. Referenced by is_in().

#define print (  format, args...   )     fprintf(output_stream, format, ##args)

Definition at line 126 of file anon.c. Referenced by add_anonymised_url(), buffer_request(), display_nb_table(), display_packet_infos(), display_string_table_with_data(), generate_anonymised_url(), get_pcap_interface(), main(), packet_handler(), process_dialog(), ts_print(), ts_print_diff(), xmalloc(), and xrealloc().

---

Function Documentation

string_and_nb * add_and_count_string_with_data (  string_and_nb *  table, char *  s, void *  data )

Adds a string in a table if not yet present. If the string is already present, a counter is incremented. Parameters: string_and_nb  *table: The table to add the string to char  *s: the string to add void  *data: an optional data associated with the string Returns: The table containing the string Definition at line 1761 of file anon.c. References sandnb::data, display_raw_stats, sandnb::nb, nbpackets, sandnb::next, sandnb::s, string_append(), and xmalloc(). Referenced by stats_add_http_response_code_with_data(), and stats_add_sequence_number_with_data(). { string_and_nb *ptr=table; string_and_nb *tmp; string_and_nb *prev=NULL; int ret; //No need to sort and group results, if displaying raw stats if(!display_raw_stats) { while(ptr) { ret=strcmp(s, ptr->s); if(ret<0) { prev=ptr; } else if (ret>0) break; //We have to insert the string here else //ret=0, we've found the string { if(data) { if(ptr->data) free(ptr->data); ptr->data=data; } ptr->nb++; return table; } ptr=ptr->next; } } tmp=xmalloc(sizeof(string_and_nb)); if(display_raw_stats) { tmp->s=string_append(NULL, "%i:%s",nbpackets, s); } else { tmp->s=strdup(s); } tmp->nb=1; if(data) tmp->data=data; else tmp->data=NULL; //If this is the first string in the list if(table==NULL) { tmp->next=NULL; return tmp; } else { if(prev) { tmp->next=prev->next; prev->next=tmp; return table; } else { //We insert the new struct at the beginning of the table tmp->next=table; return tmp; } } } Here is the call graph for this function:

void add_anonymised_url (  char *  url, char *  newurl )

Adds an anonymised URL the the table. Parameters: char  *url: the non anonymised url char  *newurl: the corresponding anonymised url Definition at line 792 of file anon.c. References anon_url_table, debug, nburl, print, and xrealloc(). Referenced by anon_url(), and generate_anonymised_url(). { char *url=strdup(url_); char *newurl=strdup(newurl_); if(debug) print("ADDING URL:%s \n--> %s\n",url,newurl); nburl++; anon_url_table=(char*)xrealloc(anon_url_table, nburl*2*4); memcpy(anon_url_table+2*(nburl-1)*4,&url,4); memcpy(anon_url_table+2*(nburl-1)*4+4,&newurl,4); } Here is the call graph for this function:

char * add_flag (  char *  s, char *  flag )

It is a small function called by compute_flags(). Parameters: char  *s: The string containing the previous flags char  *flag: The flag to add to the string Returns: A string containing the new flag and the previous ones Definition at line 370 of file anon.c. References xrealloc(). Referenced by compute_flags(). { int len=0; if(s) len=strlen(s); s=xrealloc(s, len+strlen(flag)+2); if(len==0) sprintf(s+len, "%s", flag); else sprintf(s+len, ".%s", flag); return s; } Here is the call graph for this function:

void add_nb (  nb_table *  table, int  nb )

Definition at line 181 of file anon.c. References display_raw_stats, nb_table::len, nbpackets, nb_table::nbpackets, nb_table::start, and xrealloc(). Referenced by stats_add_content_length_nb(), stats_add_freshness(), and stats_add_latency(). { table->len+=1; table->start=xrealloc(table->start, table->len*sizeof(nb)); table->start[table->len-1]=nb; if(display_raw_stats) { table->nbpackets=xrealloc(table->nbpackets, table->len*sizeof(nb)); table->nbpackets[table->len-1]=nbpackets; } } Here is the call graph for this function:

void anon_date (  char *  date  )

Anonymises a date in memory. Parameters: char  *date: the non anonymised date (a string) Definition at line 886 of file anon.c. References date_offset, and strptime(). Referenced by anon_field(). { struct tm time; char *ret; time_t nb_seconds; char buffer[100]; int len=strlen(date); ret=strptime(date, "%a, %d %b %Y %T GMT", &time); nb_seconds=mktime(&time); //The first date seen in the capture will be anonymised to: Tue, 01 Jan 1980 00:00:00 GMT if(date_offset==0) date_offset=nb_seconds-(3600*24)*(365*10+2); nb_seconds-=date_offset; gmtime_r(&nb_seconds, &time); strftime(buffer, 99, "%a, %d %b %Y %T GMT", &time); //print("DATE NEW:%s\n",asctime(&time)); //print("DDATE:%i\n",ttime); //strcpy(date, buffer); strncpy(date, buffer, len); date[len]='\0'; //print("DATE NEW:%s\n",buffer); } Here is the call graph for this function:

void anon_field (  char *  field, char *  s )

Anonymises a HTTP header field. Parameters: char  *field: the field to anonymise (ie: Location:) char  *s: the field's content to anonymise (ie: www.google.com) Definition at line 914 of file anon.c. References anon_date(), anon_url(), anonymise, anonymise_date, anonymise_url, and is_ip_in_a_string(). Referenced by process_http(). { if(strcmp(field, "Host: ")==0 || strcmp(field, "Referer: ")==0 || strcmp(field, "Location: ")==0 || strcmp(field, "Content-Location: ")==0) { if(anonymise && anonymise_url) { //Some webservers send an IP in the Host field! if(strcmp(field, "Host: ")==0 && is_ip_in_a_string(s+strlen(field))) { snprintf(s+strlen(field), strlen(s+strlen(field)), "000.000.000.000"); } else { anon_url(s+strlen(field)); } } return; } if(strcmp(field, "GET ")==0) { if(anonymise && anonymise_url) { char backup_char; char *http_version=strstr(s, " HTTP/"); if(!http_version) { http_version=s+strlen(s); } backup_char=*http_version; *http_version='\0'; anon_url(s+strlen(field)); *http_version=backup_char; } return; } if(strcmp(field, "Date: ")==0 || strcmp(field, "Last-Modified: ")==0 || strcmp(field, "If-Modified-Since: ")==0 || strcmp(field, "Expires: ")==0) { if(anonymise && anonymise_date) anon_date(s+strlen(field)); return; } memset(s+strlen(field), 'X', strlen(s)-strlen(field)); return; } Here is the call graph for this function:

void anon_http (  char *  data, int  len )

Anonymises a HTTP header in memory. Parameters: char  *data: the HTTP header data int  len: its length Definition at line 1253 of file anon.c. References process_http(). Referenced by packet_handler(). { process_http(data, len, 0, 1); } Here is the call graph for this function:

void anon_ip (  struct in_addr *  ip  )

Anonymises an IP (4 bytes) in memory and adds it to a table. Parameters: struct  in_addr *ip: the non anonymised IP Definition at line 2010 of file anon.c. References find_anonymised_ip(), FIRST_ANON_IP, firstanonip, getip32(), ip_table, nbip, and xrealloc(). Referenced by packet_handler(). { char *ptr = NULL; struct in_addr newip; ptr=find_anonymised_ip(ip); if(ptr) { memcpy (&newip, ptr + 4, 4); } else /* We have a new IP to anonymise */ { u_int32_t tmp; if (firstanonip == 0) firstanonip = getip32 (FIRST_ANON_IP); tmp = firstanonip += nbip * 16777216; memcpy (&newip, &tmp, 4); /* We add the original and anonymised IPs to the table */ ip_table = xrealloc (ip_table, (nbip + 1) * 8); memcpy (ip_table + nbip * 8, ip, 4); memcpy (ip_table + nbip * 8 + 4, &newip, 4); nbip++; } memcpy (ip, &newip, 4); } Here is the call graph for this function:

void anon_port (  u_int16_t *  port  )

Anonymises a port (2 bytes) in memory and adds it to a table. Parameters: struct  u_int16_t *port: the non anonymised port Definition at line 1960 of file anon.c. References FIRST_ANON_PORT, nbports, port_table, and xrealloc(). Referenced by packet_handler(). { int i; u_int16_t *port2=(u_int16_t*)port_table; u_int16_t newport = 0; /* We look for the port in the table, if it has already been anonymised */ for (i = 0; i < nbports; i++) { /* If the IP is found, we get the IP to replace it */ if(*port==*port2) { memcpy (&newport, port_table+i*4+ 2, 2); break; } port2+=2; } if (newport == 0) /* We have a new port to anonymise */ { newport = htons (nbports + FIRST_ANON_PORT); /* We add the original and anonymised ports to the table */ port_table = xrealloc (port_table, (nbports + 1) * 4); memcpy (port_table + nbports * 4, port, 2); memcpy (port_table + nbports * 4 + 2, &newport, 2); port_table[nbports] = *port; port_table[nbports + 1] = newport; nbports++; } memcpy (port, &newport, 2); } Here is the call graph for this function:

void anon_sequence (  u_int32_t *  seq  )

Anonymises a sequence number (4 bytes) in memory and adds it to a table (if the -u option is used). Parameters: u_int32_t  *seq: the non anonymised sequence number Definition at line 880 of file anon.c. References rand_seq_nb. Referenced by packet_handler(). { if(rand_seq_nb==0) rand_seq_nb=(u_int32_t)*seq; *seq-=(u_int32_t)rand_seq_nb%65536; }

void anon_timestamp (  register struct timeval *  tvp  )

Anonymises an timestamp (8 bytes) in memory. Parameters: register  struct timeval *tvp: the non anonymised timestamp Definition at line 415 of file anon.c. References nbpackets, timeoffset, and timeoffset_usec. Referenced by packet_handler(). { //This if the first packet. //We take the timestamp and substract it from each following timestamp, //so the first packet's timestamp will be 0. if(nbpackets==0) { timeoffset=tvp->tv_sec; timeoffset_usec=tvp->tv_usec; } tvp->tv_sec-=timeoffset; if(timeoffset_usec <= tvp->tv_usec) tvp->tv_usec-=timeoffset_usec; else { tvp->tv_usec-=timeoffset_usec; tvp->tv_usec+=1000000; tvp->tv_sec--; } }

void anon_url (  char *  s  )

Anonymises an URL (a string) in memory. Parameters: char  *s: the non anonymised url Definition at line 847 of file anon.c. References add_anonymised_url(), find_anonymised_url, generate_anonymised_url(), and look_for_anonymised_url. Referenced by anon_field(). { char *start=strstr(s, "://"); char *newurl; int found=0; if(!start) start=s; else start=start+3; newurl=find_anonymised_url(s); if(!newurl) { int count=0; found=0; generate: newurl=generate_anonymised_url(s); //We make sure our anonymised url is not duplicated //After 3 tries, we give up, if the URL is "/" for example if(look_for_anonymised_url(newurl) && count<3) { count++; free(newurl); goto generate; } add_anonymised_url(s, newurl); } else found=1; memcpy(s, newurl, strlen(s)); if(found==0) free(newurl); } Here is the call graph for this function:

char * base_name (  register char *  f  )

Returns the base name of a file (ie: /tmp/anon ==> anon). Parameters: char  *f: The filename Returns: a string containing the base name Definition at line 212 of file anon.c. Referenced by main(). { char *file = strrchr(f, '/'); if (file == NULL) return f; return(file+1); }

struct dialog * buffer_request (  char *  request, int  len, int  nb, char *  ip_src, char *  ip_dst, int  port_src, int  port_dst )

Buffers a request in memory. Parameters: char  *request : A string containing the HTTP request (several lines) int  len : The len of this string int  nb : The number of the packet containing the request char  *ip_src : a string representation of the source ip, in this format: 10.0.0.1 char  *ip_dst : the same for the destination ip int  port_src : the source port of the packet containing the request int  port_dst : the destination port Returns: a pointer on a newly allocated dialog struct, filled with the above informations Definition at line 463 of file anon.c. References display, dialog::ip_dst, dialog::ip_src, dialog::next, dialog::port_dst, dialog::port_src, dialog::prev, print, dialog::req_nb, dialog::request, dialog::request_len, and xmalloc(). Referenced by packet_handler(). { struct dialog *newdialog; newdialog = xmalloc (sizeof (struct dialog)); strcpy (newdialog->ip_src, ip_src); strcpy (newdialog->ip_dst, ip_dst); newdialog->req_nb=nb; newdialog->request_len=len; newdialog->port_src = port_src; newdialog->port_dst = port_dst; newdialog->request = request; newdialog->next=NULL; if(dialog_table==NULL) { //We have no request buffered yet dialog_table=newdialog; newdialog->prev=NULL; } else { //We jump at the end of the list, //and we count the requests already buffered int i=0; struct dialog *ptr=dialog_table; while(ptr && ptr->next!=NULL) { if(ptr->request) i++; //We don't count the discarded responses ptr=ptr->next; } ptr->next=newdialog; newdialog->prev=ptr; if(request && display) print("[%d buffered] ",i+1); } return newdialog; } Here is the call graph for this function:

void catch_ctrl_c (  int  signum  )

Signal Handler to catch CTRL+C. Parameters: int  signum: signal number with which the function has been called Here, it is SIGINT, received when the user presses CTRL+C Definition at line 360 of file anon.c. References adhandle. Referenced by main(). { //We break the loop and restore the initial signal handler struct sigaction sa; pcap_breakloop(adhandle); sa.sa_handler = SIG_DFL; sa.sa_flags = 0; sigaction(SIGINT, &sa, NULL); }

nb_table* clone_nb_table (  nb_table  table  )

Definition at line 1444 of file anon.c. References display_raw_stats, nb_table::len, nb_table::nbpackets, nb_table::start, and xmalloc(). Referenced by content_length_stats(), and latency_stats(). { nb_table *new_table=xmalloc(sizeof(nb_table)); new_table->len=table.len; new_table->start=xmalloc(table.len*sizeof(int)); memcpy(new_table->start, table.start, table.len*sizeof(int)); if(display_raw_stats) { new_table->nbpackets=xmalloc(table.len*sizeof(int)); memcpy(new_table->nbpackets, table.nbpackets, table.len*sizeof(int)); } return new_table; } Here is the call graph for this function:

char * compute_flags (  u_int8_t  flags  )

Builds a string containing a textual representation of the flags present in a TCP header. Parameters: u_int8_t  flags: The byte in memory containing the flags Returns: A string in the form "PSH.ACK" etc. Definition at line 379 of file anon.c. References add_flag(), TCP_ACK, TCP_FIN, TCP_PUSH, TCP_RST, TCP_SYN, and TCP_URG. Referenced by packet_handler(). { char *s=NULL; if(flags & TCP_FIN) s=add_flag(s, "FIN"); if(flags & TCP_SYN) s=add_flag(s, "SYN"); if(flags & TCP_RST) s=add_flag(s, "RST"); if(flags & TCP_PUSH) s=add_flag(s, "PSH"); if(flags & TCP_ACK) s=add_flag(s, "ACK"); if(flags & TCP_URG) s=add_flag(s, "URG"); if(s==NULL) s=strdup(""); return s; } Here is the call graph for this function:

double compute_mean_value (  nb_table  table  )

Definition at line 1369 of file anon.c. References nb_table::len, and nb_table::start. Referenced by compute_std_deviation(), and display_deviation(). { int *ptr=table.start; unsigned long int sum=0; int len=table.len; while(len--) { sum+=*ptr; ptr++; } if(table.len==0) return(0); return((double)sum/(table.len)); }

double compute_std_deviation (  nb_table  table  )

Definition at line 1402 of file anon.c. References compute_mean_value(), nb_table::len, and nb_table::start. Referenced by display_deviation(). { int *ptr=table.start; long double sum=0; int len=table.len; int i; double mean=compute_mean_value(table); if(mean==0) len=0; for(i=0;i<len;i++) { sum+=(double)pow((double)(mean-*ptr),2); ptr++; } if(len!=0) { sum=sqrt(sum/len); return(sum); } else return(0); } Here is the call graph for this function:

double compute_variation (  nb_table  table  )

Definition at line 1385 of file anon.c. References nb_table::len, and nb_table::start. Referenced by display_deviation(). { int *ptr=table.start; int *ptrm=table.start+1; unsigned long int sum=0; int len=table.len; int i; for(i=1;i<len-1;i++) { sum+=abs(*ptrm-*ptr); ptr++; ptrm++; } if(len>0) return((double)sum/(len-1)); else return(0); }

void content_length_stats (   )

Makes and prints statistics about content_lengh fields. Definition at line 1568 of file anon.c. References clone_nb_table(), display_deviation(), display_string_table_unsorted, free_nb_table(), free_string_table(), max, and summarize_stats(). Referenced by main(). { string_and_nb *new_content_length_table=NULL; int max; int i; char *title_s; nb_table *cloned_cl_table=clone_nb_table(cl_table); title_s=display_deviation(cloned_cl_table, "Content-Length:"); free_nb_table(*cloned_cl_table); free(cloned_cl_table); max=1000; for(i=0;i<7;i++) { new_content_length_table=summarize_stats(&cl_table, new_content_length_table, max, NULL); max*=10; } new_content_length_table=summarize_stats(&cl_table, new_content_length_table, -1, NULL); display_string_table_unsorted(title_s,new_content_length_table); free(title_s); free_string_table(new_content_length_table); } Here is the call graph for this function:

void convert_to_small (  char *  ptr  )

Converts a string to lowercase. Parameters: char  *ptr: a pointer to the string to convert Definition at line 1258 of file anon.c. Referenced by process_http(). { char c; while((c=*ptr)) { if(c>='A' && c<='Z') *ptr=c-'A'+'a'; ptr++; } }

char* display_deviation (  nb_table *  t, char *  title )

Definition at line 1458 of file anon.c. References compute_mean_value(), compute_std_deviation(), compute_variation(), display_raw_stats, nb_table::len, and string_append(). Referenced by content_length_stats(), display_nb_table(), and latency_stats(). { double mean; double variation; double std_deviation; char *mean_s=NULL; char *var_s=NULL; char *stddev_s=NULL; char *title_s=NULL; mean=compute_mean_value(*t); variation=compute_variation(*t); std_deviation=compute_std_deviation(*t); if(mean>0) mean_s=string_append(NULL, "%f", mean); else mean_s=strdup("??"); if(variation>0) var_s=string_append(NULL, "%f", variation); else var_s=strdup("??"); if(std_deviation>0) stddev_s=string_append(NULL, "%f", std_deviation); else stddev_s=strdup("??"); title_s=string_append(NULL,"%s\n|Variation: %s\n|Std Deviation: %s",title,mean_s,var_s,stddev_s); if(display_raw_stats) title_s=string_append(title_s, "\n|Total count: %i",t->len); free(mean_s); free(var_s); free(stddev_s); return title_s; } Here is the call graph for this function:

void display_nb_table (  char *  title, nb_table *  t )

Definition at line 1486 of file anon.c. References display_deviation(), display_raw_stats, nb_table::len, nb_table::nbpackets, print, and nb_table::start. Referenced by main(). { int i; int *nb; int *nbp; char *title_s=display_deviation(t,title); print("#%s\n",title_s); free(title_s); nb=t->start; nbp=t->nbpackets; for(i=0;i<t->len;i++) { if(display_raw_stats) { print("%i:%i\n",*nbp,*nb); nbp++; } else { print("%i\n",*nb); } nb++; } print("\n"); } Here is the call graph for this function:

void display_packet_infos (  int  nb, struct timeval *  ts, char *  ip_src, char *  ip_dst, int  sport, int  dport )

Displays infos about a IP packet. Definition at line 392 of file anon.c. References display, display_timestamp, max_display_space, print, and ts_print(). Referenced by packet_handler(). { //We format the output to be more readable char display_space[100]; int len=0; len=sprintf(display_space, "%s:%d",ip_src, sport); if(len>max_display_space) max_display_space=len; len=sprintf(display_space, "%s:%d",ip_dst, dport); if(len>max_display_space) max_display_space=len; memset(display_space,' ',100); sprintf(display_space, "%s:%d ",ip_src, sport); sprintf(display_space+max_display_space, " --> %s:%d ",ip_dst, dport); display_space[max_display_space*2+5]='\0'; if(ts) { print ("[%5i] ", nb); if(display && display_timestamp) ts_print(ts); } print("%s ",display_space); } Here is the call graph for this function:

display_string_table_with_data (  char *  title, string_and_nb *  table, char *  data_title, int  sorted )

Displays a string table and associated counters and data. Parameters: char  *title: The title of the table string_and_nb  *table: the table to display char  *data_title: a string to display before displaying the data sorted,:  1 if the table has to be sorted before displaying it, 0 otherwise Definition at line 1598 of file anon.c. References sandnb::data, display_raw_stats, get_pct(), max, sandnb::nb, sandnb::next, pct_treshold, print, sandnb::s, string_append(), and xmalloc(). { string_and_nb *ptr=table; string_and_nb *ptr_bak2; int i,j; int nb=0; int max=0; char buffer[100]; int len; int maxlen; int total=0; double pct; char *pct_s=NULL; int *sorted_table=NULL; int max_pos=0; int pos; string_and_nb *tmp; char *d_title=NULL; while(ptr) { nb++; max=max(ptr->nb , max); total+=ptr->nb; ptr=ptr->next; } print("#%s ",title); if(display_raw_stats) sorted=0; if(sorted) print("%i different strings ",nb); print("\n|Total count: %i\n",total); //if(sorted) print("\n"); //else print("\n"); maxlen=snprintf(buffer,99,"%i",max); ptr=table; sorted_table=xmalloc(nb*sizeof(nb)); if(data_title && strcmp(data_title,"")!=0) d_title=strdup(data_title); else d_title=strdup(" DATA:"); if(sorted) { //Sorting the results for(j=0;j<nb;j++) { pos=0; max=0; ptr=table; while(ptr) { if(ptr->nb > max) { max=ptr->nb; max_pos=pos; tmp=ptr; } ptr=ptr->next; pos++; } tmp->nb*=-1; sorted_table[j]=max_pos; } } else //not sorted { if(display_raw_stats) { for(j=0;j<nb;j++) sorted_table[j]=nb-j-1; } else { for(j=0;j<nb;j++) sorted_table[j]=j; } } ptr=table; ptr_bak2=table; //used if not sorted for(j=0;j<nb;j++) { if(sorted) { ptr=table; for(i=0;i<sorted_table[j];i++) ptr=ptr->next; ptr->nb*=-1; } else { ptr=ptr_bak2; } pct=(double)ptr->nb/total; //We group the values below the specified percentage if(pct_treshold!=0 && pct<pct_treshold/100.0 && sorted && j<nb-1 && table!=http_response_code_table) //We should pass a value to the function instead... { string_and_nb *ptr_bak=ptr; char *new_string=strdup("Various: "); int nb_total=0; int k; char *comma; ptr->nb*=-1; //This nb already have been reversed for(k=j;k<nb;k++) { ptr=table; for(i=0;i<sorted_table[k];i++) ptr=ptr->next; ptr->nb*=-1; nb_total+=ptr->nb; if(k==nb-1) comma=""; else comma=","; if(ptr->data==NULL) { new_string=string_append(new_string, "%s%s",ptr->s, comma); } else { new_string=string_append(new_string, "%s%s%s%s",ptr->s,d_title,(char*)ptr->data,comma); } } ptr=ptr_bak; ptr->nb=nb_total; free(ptr->s); ptr->s=new_string; if(ptr->data) {free(ptr->data);ptr->data=NULL;} j=nb; pct=(double)ptr->nb/total; } if(display_raw_stats) { print("%s\n",ptr->s); } else { pct_s=get_pct(pct); if(!pct_s) pct_s=strdup("[??]"); len=snprintf(buffer,99, "%i",ptr->nb); memset(buffer, ' ', 99); snprintf(buffer+maxlen-len,99, "%i",ptr->nb); buffer[maxlen+1]='\0'; if(ptr->data) print("[%7s] %s %s%s%s\n",pct_s,buffer,ptr->s,d_title,(char*)ptr->data); else print("[%7s] %s %s\n",pct_s,buffer, ptr->s); free(pct_s); } if(!sorted) { ptr_bak2=ptr->next; } } if(d_title) free(d_title); if(sorted_table) free(sorted_table); print("\n"); } Here is the call graph for this function:

char * find_anonymised_ip (  struct in_addr *  ip  )

Finds an anonymised IP in the table. Parameters: struct  in_addr *ip: The non-anonymised IP Returns: a string containing the corresponding anonymised IP, or NULL if not found Definition at line 1993 of file anon.c. References ip_table, and nbip. Referenced by anon_ip(). { char *ptr = ip_table; int i; for (i = 0; i < nbip; i++) { /* If the IP is found, we get the IP to replace it */ if (memcmp (ptr, ip, 4) == 0) { return ptr; } ptr += 8; } return NULL; }

char* find_end (  char *  ptr  )

Definition at line 198 of file anon.c. Referenced by generate_anonymised_url(), get_infos(), and process_http(). { if(ptr==NULL) return NULL; while(*ptr) { if(*ptr=='?' || *ptr=='&' || *ptr==';' || *ptr=='%' || *ptr=='+' || *ptr=='=' || *ptr=='!' || *ptr=='$' || *ptr=='@' || *ptr=='"' || *ptr==',') { return ptr; } ptr++; } return NULL; }

string_and_nb * find_item (  string_and_nb *  table, char *  s )

Lookup a string in a string table. If found, the item is returned, Null otherwise. Parameters: string_and_nb  *table: the table to search char  *s: the string to look for Returns: a pointer on a string_and_nb, giving access to the string, the counter and the associated data. Null is returned if the item is not found Definition at line 1836 of file anon.c. References sandnb::next, and sandnb::s. Referenced by packet_handler(), and summarize_stats(). { string_and_nb *ptr=table; int ret; while(ptr) { ret=strcmp(s, ptr->s); if(ret>0) return NULL; else if(ret==0) return ptr; ptr=ptr->next; } return NULL; }

struct dialog * find_request (  char *  ip_src, char *  ip_dst, int  port_src, int  port_dst )

Finds a request in a dialog, matching some criteria. Parameters: char  *ip_src : a string representation of the source ip, in this format: 10.0.0.1 char  *ip_dst : the same for the destination ip int  port_src : the source port of the packet containing the request int  port_dst : the destination port Returns: a pointer on the first matching dialog struct if found, NULL otherwise Definition at line 503 of file anon.c. References dialog::ip_dst, dialog::ip_src, dialog::next, dialog::port_dst, dialog::port_src, and dialog::request. Referenced by packet_handler(). { struct dialog *ptr = dialog_table; while (ptr) { if (strcmp (ptr->ip_src, ip_dst) == 0 && strcmp (ptr->ip_dst, ip_src) == 0 && ptr->port_src == port_dst && ptr->port_dst == port_src && ptr->request!=NULL) { return ptr; } ptr = ptr->next; } return NULL; }

char * find_url (  char *  s, int  offset )

Finds an URL (anonymised or not) in the table. Parameters: char  *s: The non-anonymised URL int  offset: if offset=0: finds a non anonymised URL and returns the corresponding anonymised one if offset=4: finds an anonymised URL and returns it Returns: a string containing the corresponding anonymised URL, or NULL if not found Definition at line 826 of file anon.c. References anon_url_table, and nburl. { //offset=0: finds a non anonymised URL and returns the corresponding anonymised one //offset=4: finds an anonymised URL and returns it //print("looking for -%s-\n",s); int i; char *ptr=anon_url_table; char *tmp; for(i=0;i<nburl;i++) { memcpy(&tmp, ptr+offset, 4); if(strcmp(tmp,s)==0) { memcpy(&tmp, ptr+4, 4); return tmp; } ptr+=8; } return NULL; }

void free_anonymised_url_table (   )

Frees the table of anonymised URLs. Definition at line 2557 of file anon.c. References anon_url_table, and nburl. Referenced by main(). { char *ptr=anon_url_table; char *tmp; int i; for(i=0;i<nburl;i++) { memcpy(&tmp, ptr, 4); free(tmp); memcpy(&tmp, ptr+4, 4); free(tmp); ptr+=8; } free(anon_url_table); }

void free_dialog (  struct dialog *  d  )

Frees a HTTP dialog. Parameters: struct  dialog *d: the dialog structure to free Definition at line 1921 of file anon.c. References dialog::next, dialog::prev, dialog::request, and dialog::response. Referenced by main(), and packet_handler(). { if(d->request) free(d->request); if(d->response) free(d->response); if(d==dialog_table) { //If we are freeing the first dialog, we have to update dialog_table dialog_table=d->next; } if(d->next) d->next->prev=d->prev; if(d->prev) d->prev->next=d->next; free(d); }

void free_nb_table (  nb_table  table  )

Definition at line 176 of file anon.c. References nb_table::start. Referenced by content_length_stats(), latency_stats(), and main(). { if(table.start) free(table.start); }

void free_string_table (  string_and_nb *  table  )

Frees a string table. Parameters: string_and_nb  *table: the table to free Definition at line 1284 of file anon.c. References sandnb::data, sandnb::next, and sandnb::s. Referenced by content_length_stats(), freshness_stats(), latency_stats(), and main(). { string_and_nb *next=NULL; while(table) { next=table->next; if(table->s) free(table->s); if(table->data) free(table->data); free(table); table=next; } }

void freshness_stats (   )

Definition at line 1423 of file anon.c. References display_string_table_unsorted, free_string_table(), and summarize_stats(). Referenced by main(). { string_and_nb *new_fresh_table=NULL; new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 1*60, "< 1 min"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 5*60, "< 5 min"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 1*3600, "< 1 hour"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 10*3600, "< 10 hrs"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 24*3600, "< 1 day"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 7*24*3600, "< 1 week"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 10*24*3600, "< 10 days"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 30*24*3600, "< 1 month"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 1+3*30*24*3600, "< 3 months"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 3+6*30*24*3600, "< 6 months"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 5+9*30*24*3600, "< 9 months"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, 365*24*3600, "< 1 year"); new_fresh_table=summarize_stats(&fresh_table, new_fresh_table, -1, "> 1 year"); display_string_table_unsorted("Page freshness: ",new_fresh_table); free_string_table(new_fresh_table); } Here is the call graph for this function:

char * generate_anonymised_url (  char *  s  )

Generates an anonymised URL from a genuine URL. Parameters: char  *s: the non anonymised url Returns: a string containing the anonymised url Definition at line 545 of file anon.c. References add_anonymised_url(), debug, find_anonymised_url, find_end(), get_random_char(), memset_range(), and print. Referenced by anon_url(). { char *newurl=strdup(s); char *afterproto=strstr(newurl, "://"); char *first_slash; char *last_dot; char *ptr; int has_hostname=1; if(afterproto) { if(strncasecmp(newurl,"file:///",8)==0) { ptr=afterproto+4; } else { ptr=afterproto+3; } } else { //This is an url without a hostname (eg GET [url]) if(*newurl=='/') { has_hostname=0; } afterproto=newurl; ptr=newurl; } first_slash=strstr(ptr, "/"); // http://hostname.com/bla.ext?xxxx // ^ // | // ptr //Anonymising the host name if(has_hostname) { char *ptr_orig=ptr; //char *hostname; char *new_hostname; char bak; int found=0; if(first_slash) { bak=*first_slash; *first_slash='\0'; } new_hostname=find_anonymised_url(ptr); if(!new_hostname) { found=0; new_hostname=strdup(ptr); last_dot=rindex(new_hostname,'.'); if(!last_dot) last_dot=new_hostname+strlen(new_hostname); ptr=new_hostname; while(ptr<last_dot) { *ptr=get_random_char(); ptr++; } //If the url is only a hostname, we won't add it twice! (since full_url=hostname) if(strlen(ptr_orig)<strlen(s)) { add_anonymised_url(ptr_orig,new_hostname); } } else found=1; memcpy(ptr_orig, new_hostname, strlen(new_hostname)); if(found==0) free(new_hostname); if(first_slash) *first_slash=bak; } else { first_slash=strstr(ptr,"/"); } if(!first_slash) first_slash=newurl; //Anonymising the part after the hostname, and before the filename if(first_slash) { char bak; char *ptr=first_slash+1; char *end; char *slash; end=find_end(ptr); if(!end) end=newurl+strlen(newurl); bak=*end; *end='\0'; slash=rindex(ptr,'/'); if(slash) { memset_range(ptr, slash, 'i'); ptr=slash+1; } *end=bak; //Anonymising the base file name, keeping the extension bak=*end; *end='\0'; last_dot=rindex(ptr,'.'); *end=bak; if(!last_dot) last_dot=end; //while(ptr<end) while(ptr<last_dot) { *ptr=get_random_char(); ptr++; } //Anonymising optional parameters (e.g. ?cat=5) ptr=end; while(*ptr) { if(*ptr=='?' || *ptr=='&' || *ptr==';' || *ptr=='%' || *ptr=='+' || *ptr=='=' || *ptr=='!' || *ptr=='$' || *ptr=='@' || *ptr=='"' || *ptr==','){} else *ptr='z'; ptr++; } } if(debug) print("anon URL:%s --> %s\n",s,newurl); return newurl; } Here is the call graph for this function:

char* get_infos (  char *  s, int  extension, int  suffix )

Definition at line 688 of file anon.c. References find_end(), and is_ip_in_a_string(). { char *newurl=strdup(s); char *afterproto=strstr(newurl, "://"); char *first_slash; char *last_dot; char *ptr; char *ext=NULL; int has_hostname=1; if(afterproto) { if(strncasecmp(newurl,"file:///",8)==0) { ptr=afterproto+4; } else { ptr=afterproto+3; } } else { //This is an url without a hostname (eg GET [url]) if(*newurl=='/') { has_hostname=0; } afterproto=newurl; ptr=newurl; } first_slash=strstr(ptr, "/"); if(suffix) { if(has_hostname) { char *tmp; char *ret=NULL; if(first_slash) *(first_slash-ptr+newurl)='\0'; if(is_ip_in_a_string(newurl)) { if(newurl) free(newurl); return NULL; } if(!ret && (tmp=rindex(newurl, '.'))) ret=strdup(tmp); if(ret && (tmp=rindex(ret,':'))) *tmp='\0'; if(newurl) free(newurl); return ret; } else { if(newurl) free(newurl); return NULL; } } if(!first_slash) first_slash=newurl; //The part after the hostname, and before the filename if(first_slash) { char bak; char *ptr=first_slash+1; char *end; char *slash; end=find_end(ptr); if(!end) end=newurl+strlen(newurl); bak=*end; *end='\0'; slash=rindex(ptr,'/'); if(slash) { ptr=slash+1; } *end=bak; //The base file name, keeping the extension bak=*end; *end='\0'; last_dot=rindex(ptr,'.'); *end=bak; if(!last_dot) last_dot=end; bak=*end; *end='\0'; ext=strdup(last_dot); //sometimes, extensions end with spaces, eg ".gif " //we strip them. while(ext && *ext && *(ext+strlen(ext)-1)==' ') *(ext+strlen(ext)-1)='\0'; *end=bak; } if(newurl) free(newurl); return ext; } Here is the call graph for this function:

pcap_if_t * get_pcap_interface (  char *  name  )

Gets a network interface given a name such as "eth0". Parameters: char  *name: The name of the interface to look for. If this name is "show", then a list of available interfaces is displayed. Returns: a pointer to a pcap_if_t, or NULL is he interface is not available. Definition at line 2040 of file anon.c. References alldevs, and print. Referenced by main(). { char errbuf[PCAP_ERRBUF_SIZE]; pcap_if_t *d; int i = 0; int show = 0; /* * Retrieve the device list */ if (pcap_findalldevs (&alldevs, errbuf) == -1) { print("Error in pcap_findalldevs: %s\n", errbuf); exit (1); } if (name && strcasecmp (name, "show") == 0) show = 1; /* * Print the list */ if (show) print ("Available interfaces for live capture:\n"); for (d = alldevs; d; d = d->next) { if (name == NULL) return d; if (show) { print (" %s", d->name); if (d->description) print (" (%s)\n", d->description); else print (" (No description available)\n"); } else { if (name && strcmp (d->name, name) == 0) return d; } i++; } if(alldevs) { pcap_freealldevs (alldevs); alldevs=NULL; } if (i == 0) { print ("\nNo interfaces found!\n"); exit (1); } return NULL; }

char * get_pct (  double  pct  )  [inline]

Returns a human readable string representing a percentage. Definition at line 248 of file anon.c. References string_append(). Referenced by display_string_table_with_data(), and packet_handler(). { return string_append(NULL,"%.2f%c",(double)pct*100,'%'); } Here is the call graph for this function:

char get_random_char (   )  [inline]

Gets a random letter from the alphabet. Returns: a random character (a letter) Definition at line 539 of file anon.c. Referenced by generate_anonymised_url(). { return 'a' + (int)(rand()/(RAND_MAX+1.0)*26); }

char * get_size (  int  s  )

Returns a human readable string representing a size in bytes. Definition at line 279 of file anon.c. References string_append(). Referenced by main(), packet_handler(), and summarize_stats(). { double size; if(s==-1) { return strdup("???"); } if(s>999999) { size=(double) s / 1000000; if(size==(int)s/1000000) return string_append(NULL, "%i MB",(int)size); return string_append(NULL, "%.2f MB",size); } else if(s>999) { size=(double) s / 1000; if(size==(int)s/1000) return string_append(NULL, "%i KB",(int)size); return string_append(NULL, "%.2f KB",size); } else { size=(double) s; if(size==(int)s) return string_append(NULL, "%i B",(int)size); return string_append(NULL, "%.2f B",size); } return NULL; } Here is the call graph for this function:

char * get_speed (  double  speed  )

Returns a human readable string representing a speed in bytes/s. Definition at line 253 of file anon.c. References string_append(). Referenced by main(), and packet_handler(). { char *tmp; if(speed>999999) { speed=(double) speed / 1000000; tmp=string_append(NULL, "%.2f MB/s",speed); if(tmp && strncmp(tmp, "inf", 3)==0) { free(tmp); return NULL; } return tmp; } else if(speed>999) { speed=(double) speed / 1000; return string_append(NULL, "%.2f KB/s",speed); } else { return string_append(NULL, "%.2f B/s",speed); } } Here is the call graph for this function:

char * get_time (  double  t  )

Returns a human readable string representing a time. Definition at line 308 of file anon.c. References string_append(). Referenced by main(). { int years=0; int months=0; int days=0; int hours=0; int minutes=0; int seconds=0; char *tmp=NULL; seconds=t; if(seconds>59) { minutes=seconds/60; seconds=seconds%60; } if(minutes>59) { hours=minutes/60; minutes=minutes%60; } if(hours>23) { days=hours/24; hours=hours%24; } if(days>364) { years=days/365; days=days%365; } if(days>29) { months=days/30; days=days%30; } /* if(months>11) { years+=months/12; months=months%12; } */ if(years>0) tmp=string_append(NULL, "%iy%im%id%ih%im%is",years, months, days, hours, minutes, seconds); else if(months>0) tmp=string_append(NULL, "%im%id%ih%im%is",months, days, hours, minutes, seconds); else if(days>0) tmp=string_append(NULL, "%id%ih%im%is",days, hours, minutes, seconds); else if(hours>0) tmp=string_append(NULL, "%ih%im%is",hours, minutes, seconds); else if(minutes>0) tmp=string_append(NULL, "%im%is",minutes, seconds); else tmp=string_append(NULL, "%is",seconds); return tmp; } Here is the call graph for this function:

u_int32_t getip32 (  char *  ip  )

Converts an IP address of the form XXX.XXX.XXX.XXX to an unsigned integer (32 bits). Parameters: char  *ip: The IP address to convert Returns: an unsigned 32-bit integer Definition at line 1950 of file anon.c. Referenced by anon_ip(). { int c1, c2, c3, c4; u_int32_t tmp; sscanf (ip, "%i.%i.%i.%i", &c1, &c2, &c3, &c4); tmp = c4 * 16777216 + c3 * 65536 + c2 * 256 + c1; return tmp; }

char * is_in (  char **  string_table, char *  string )

Checks if a string is contained in a string array. Parameters: char  **string_table : An array of strings char  *string : The string to look for Returns: a char * containing the matched string in the array, if present NULL otherwise Definition at line 521 of file anon.c. References nb_fields_to_anonymise. Referenced by process_http(). { int i; for(i=0;i<nb_fields_to_anonymise;i++) { if(strncmp(string_table[i], string, strlen(string_table[i]))==0) { return string_table[i]; } } return NULL; }

int is_ip_in_a_string (  char *  s  )

Returns 1 if the provided string is in the form "xxx.xxx.xxx.xxx". Parameters: char  *s: The string to analyse Returns: 1 if the string contains an IP, 0 otherwise Definition at line 219 of file anon.c. Referenced by anon_field(), and get_infos(). { int nb,tmp1,tmp2,tmp3,tmp4; if(!s) return(0); nb=sscanf(s, "%i.%i.%i.%i",&tmp1,&tmp2,&tmp3,&tmp4); if(nb==4) return(1); return(0); }

void latency_stats (   )

Definition at line 1521 of file anon.c. References clone_nb_table(), display_deviation(), display_string_table_unsorted, free_nb_table(), free_string_table(), nb_table::len, nb_table::start, string_append(), and summarize_stats(). Referenced by main(). { string_and_nb *new_latency_table=NULL; nb_table *cloned_latency_table=clone_nb_table(latency_table); int i; int *nb; int *nb2; char *title_s=NULL; char *tmp; //We divide each member of the cloned table by 1000, to obtain milliseconds nb=latency_table.start; nb2=cloned_latency_table->start; for(i=0;i<latency_table.len;i++) { *nb2=(int)*nb/1000.0; //FIXME: rounding error nb++; nb2++; } title_s=display_deviation(cloned_latency_table, "Latency between requests and responses:"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 5000, "< 5 ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 10000, "< 10 ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 15000, "< 15 ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 20000, "< 20 ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 25000, "< 25 ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 50000, "< 50 ms"); for(i=1;i<10;i++) { tmp=string_append(NULL, "< %i ms"); new_latency_table=summarize_stats(&latency_table, new_latency_table, i*100*1000, tmp); free(tmp); } new_latency_table=summarize_stats(&latency_table, new_latency_table, 1000000, "< 1 s"); new_latency_table=summarize_stats(&latency_table, new_latency_table, 5000000, "< 5 s"); new_latency_table=summarize_stats(&latency_table, new_latency_table, -1, "above"); free_nb_table(*cloned_latency_table); free(cloned_latency_table); display_string_table_unsorted(title_s,new_latency_table); free(title_s); free_string_table(new_latency_table); } Here is the call graph for this function:

int main (  int  argc, char **  argv )

Definition at line 2097 of file anon.c. References adhandle, alldevs, already_anonymised, anonymise, anonymise_checksum, anonymise_content, anonymise_date, anonymise_http, anonymise_ip, anonymise_mac, anonymise_port, anonymise_sequence, anonymise_timestamp, anonymise_url, base_name(), catch_ctrl_c(), content_length_stats(), display, display_flags, display_http, display_http_only, display_nb_table(), display_progress, display_raw_stats, display_string_table, display_string_table_with_data_sorted, display_tcp_infos, display_timestamp, display_unanswered_requests, do_stats, dumphandle, end_time, free_anonymised_url_table(), free_dialog(), free_nb_table(), free_string_table(), freshness_stats(), get_pcap_interface(), get_size(), get_speed(), get_time(), gmt2local(), ifile, input_file_read, input_file_size, input_file_size_1pct, input_file_size_s, ip_table, latency_stats(), maxfilesize, maxpacketsize, nb_request, nb_response, nbpackets, nbpacketstocapture, nbvalidpackets, dialog::next, ofile, output_file_written, output_stream, packet_handler(), parse_size(), pct_treshold, port_table, print, process_dialog(), dialog::response, dialog::response_len, start_time, timeoffset, timeoffset_usec, truncate_packet, and use_sequence_numbers. { pcap_if_t *dev = NULL; char *tmp; bpf_u_int32 net; struct sigaction sa; u_int netmask; char *packet_filter = "dst port 80 or src port 80"; struct bpf_program fcode; char errbuf[PCAP_ERRBUF_SIZE]; int c; struct dialog *ptr; struct dialog *next; output_stream=stdout; // Parsing the command line options //if(strcasecmp(base_name(argv[0]),"anon")==0) {} if(strcasecmp(base_name(argv[0]),"stat")==0) { display=0; anonymise=0; already_anonymised=1; } while (1) { int option_index = 0; static struct option long_options[] = { {"filter", 1, 0, 'f'}, {"interface", 1, 0, 'i'}, {"live", 0, 0, 'l'}, {"noanon", 2, 0, 'a'}, {"nodisplay", 2, 0, 'd'}, {"httponly", 0, 0, 'H'}, {"keeptable", 2, 0, 'k'}, {"size", 1, 0, 's'}, {"maxsize", 1, 0, 'm'}, {"treshold", 1, 0, 'p'}, {"rawstats", 0, 0, 'R'}, {"nostats", 0, 0, 'S'}, {"nbpackets", 1, 0, 'n'}, {"inputfile", 1, 0, 'r'}, {"outputfile", 1, 0, 'w'}, {"alreadyanon", 0, 0, 'x'}, {"useseqnum", 0, 0, 'u'}, {"truncate", 0, 0, 't'}, {"help", 0, 0, 'h'}, {0, 0, 0, 0} }; c = getopt_long (argc, argv, "Rp:txSus:d::f:i:a::lk::m:r:w:n:hH", long_options, &option_index); if (c == -1) break; switch (c) { case 0: print ("option %s", long_options[option_index].name); if (optarg) print (" with arg %s", optarg); print ("\n"); break; case 'h': print ("Usage: %s [options]\n\n", argv[0]); print ("Available options:\n"); print (" -i/--interface dev : Device name to use to capture the packets.\n"); print (" Defaults to the first interface.\n"); print (" Use 'show' to show available interfaces.\n"); print (" -S/--nostats : Do not compute nor print any statistics.\n"); print (" -p/--treshold XX : Group values below XX pct in statistics\n"); print (" -aXX/--noanon XX : Do not anonymise XX, where XX may be: \n"); print (" k (IP&TCP checksums), d (date), p (port), t (timestamp),\n"); print (" m (MAC), c (content), u (url), h (http), i (ip), s (seq nb),\n"); print (" or nothing. In this latter case, everything will be anonymised.\n"); print (" -f/--filter STRING : Use STRING as a filter.\n"); print (" -n/--nbpackets : Number of packets to read/capture.\n"); print (" -l/--live : If specified, capture is done in live mode.\n"); print (" -k/--keeptable [filename] : Save infos to de-anonymise in the specified file.\n"); print (" Default filename: key.txt.\n"); print (" -s/--size : Portion to keep from captured packets (for live mode).\n"); print (" -m/--maxsize : Maximum size of the output file (eg 1M, 100k, etc...).\n"); print (" No more data will be written if exceeded.\n"); print (" -t/--truncate : Truncate the packets. Keep only useful data (the HTTP headers)\n"); print (" -r/--inputfile filename : Read input trace from filename.\n"); print (" -w/--outputfile filename : Write output trace to filename.\n"); print (" -H/--httponly : Only display HTTP packets.\n"); print (" -dXX/--nodisplay XX : Do display XX, where XX may be:\n"); print (" h (HTTP), t (timestamp), f (tcp flags),\n"); print (" r (unanswered requests), T (tcp infos),\n"); print (" p (progress, has to be used explicitly), or nothing\n"); print (" -R/--rawstats : Display raw statistics\n"); print (" -x/--alreadyanon : Specify this option if the processed trace has already been\n"); print (" anonymised. Only statistics will be done.\n"); print (" -u/--useseqnum : Record and use sequence numbers to find continued connections.\n"); print (" (this leads to a big slowdown, so it is disabled by default).\n"); print (" -h/--help : display this help message.\n"); exit (0); case 'i': if (!(dev = get_pcap_interface (optarg))) { if (strcmp (optarg, "show") != 0) { print ("Device name not valid: %s. use -i show to display valid names\n", optarg); goto end_with_error; } else exit(0); } break; case 'R': display_raw_stats=1; pct_treshold=0; break; case 'H': display_http_only=1; break; case 'p': pct_treshold=atof(optarg); break; case 't': truncate_packet=1; break; case 'S': do_stats=0; break; case 'r': ifile = optarg; break; case 's': maxpacketsize = atoi (optarg); break; case 'a': if(optarg==NULL) anonymise=0; else { while(*optarg) { if(*optarg=='d') anonymise_date=0; else if(*optarg=='p') anonymise_port=0; else if(*optarg=='m') anonymise_mac=0; else if(*optarg=='t') anonymise_timestamp=0; else if(*optarg=='u') anonymise_url=0; else if(*optarg=='h') anonymise_http=0; else if(*optarg=='i') anonymise_ip=0; else if(*optarg=='c') anonymise_content=0; else if(*optarg=='k') anonymise_checksum=0; else if(*optarg=='s') anonymise_sequence=0; else { print ("Invalid anonymise option specified: %c\n",*optarg); goto end_with_error; } optarg++; } } break; case 'd': if(optarg==NULL) display=0; else { while(*optarg) { if(*optarg=='t') display_timestamp=0; else if(*optarg=='h') display_http=0; else if(*optarg=='f') display_flags=0; else if(*optarg=='T') display_tcp_infos=0; else if(*optarg=='p') display_progress=0; else if(*optarg=='r') display_unanswered_requests=0; else { print ("Invalid display option specified: %c\n",*optarg); goto end_with_error; } optarg++; } } break; case 'w': ofile = optarg; break; case 'n': nbpacketstocapture = atoi (optarg); break; case 'u': use_sequence_numbers=1; break; case 'm': maxfilesize=parse_size(optarg); break; case 'f': packet_filter=optarg; break; case 'x': packet_filter=""; already_anonymised=1; anonymise=0; break; case '?': exit (0); break; default: print ("Unknown option used\n"); break; } } if(ofile) output_file_written=24; if(ofile && strcmp(ofile,"-")==0) { output_stream=stderr; } if (optind < argc) { print ("Arguments not expected: "); while (optind < argc) { print ("%s ", argv[optind++]); } print ("!\n"); } // End of command line options parsing if(!anonymise && !already_anonymised) { timeoffset=gmt2local(0); timeoffset_usec=0; } srand(time(NULL)); //Initialise the random numbers generator if (ifile && dev) { print ("Please choose between live and file mode. -r and -i options are mutually exclusive.\n"); goto end_with_error; } if (ifile == NULL) // We are in live mode { if (dev == NULL) // If no interface was specified { // We try to use the first one dev = get_pcap_interface (NULL); if (dev == NULL) { print ("Interface name not specified. use -i show to display valid names\n"); goto end_with_error; } } // Open the adapter if ((adhandle = pcap_open_live (dev->name, // name of the device maxpacketsize, // portion of the packet to capture 1, // promiscuous mode 1000, // read timeout errbuf // error buffer )) == NULL) { print("Unable to open the adapter %s. Please check permissions.\n",dev->name); goto end_with_error; } if (pcap_lookupnet (dev->name, &net, &netmask, errbuf) == -1) { print ("Error while getting device properties: %s\n",errbuf); goto end_with_error; } print ("\nlistening on %s...\n", dev->name); // At this point, we don't need any more the device list. Free it pcap_freealldevs (alldevs); alldevs=NULL; } else /* if(ifile) */ { /* We read the data from a file */ //We get the input file size to print the progress input_file_read=24; //TCPDump trace header length if(strcmp(ifile, "-")!=0) { FILE *f; f=fopen(ifile,"rb"); if(f) { fseek(f, 0, SEEK_END); input_file_size=ftell(f); input_file_size_1pct=input_file_size/100; input_file_size_s=get_size(input_file_size); fclose(f); } } if (!(adhandle = pcap_open_offline (ifile, errbuf))) { print ("Unable to open %s for reading.\n", ifile); goto end_with_error; } } // compile the filter if (pcap_compile (adhandle, &fcode, packet_filter, 1, netmask) < 0) { print("Unable to compile the packet filter. Check the syntax.\n"); goto end_with_error; } // set the filter if (pcap_setfilter (adhandle, &fcode) < 0) { print("Error setting the filter.\n"); goto end_with_error; } //Check the link layer. We support only Ethernet if (pcap_datalink (adhandle) != DLT_EN10MB) { print("This program works only on Ethernet networks.\n"); goto end_with_error; } /* Open the output file, if needed */ if (ofile) { if ((dumphandle = pcap_dump_open (adhandle, ofile)) == NULL) { print ("Unable to open %s for writing.\n", ofile); end_with_error: //Free the device list if(alldevs) pcap_freealldevs(alldevs); exit(EXIT_FAILURE); } } //Set up the signal handler sa.sa_handler = catch_ctrl_c; sa.sa_flags = 0; sigaction(SIGINT, &sa, NULL); //start the capture time(&start_time); pcap_loop (adhandle, -1, packet_handler, NULL); //The capture is finished. We close the input trace file time(&end_time); pcap_close (adhandle); //We close the dump file if (ofile) pcap_dump_close (dumphandle); //Free the compiled filter code pcap_freecode (&fcode); tmp=get_time(difftime(end_time, start_time)); print ("\nProcessing time: %s",tmp); if(tmp) free(tmp); tmp=get_speed(input_file_read/difftime(end_time, start_time)); if(tmp) { print (" (at %s).",tmp); free(tmp); } print ("\n\n"); print ("%i packets captured, of which %i contain HTTP data.\n", nbpackets, nbvalidpackets); print ("%i requests, %i responses (Total: %i).\n", nb_request, nb_response, nb_request+nb_response); print ("---\n"); ptr=dialog_table; c=0; while(ptr) { c++; ptr=ptr->next; } if(display && display_unanswered_requests==1) print("Unanswered requests: %i\n",c); //We print and free the unanswered requests ptr=dialog_table; while(ptr) { ptr->response=NULL; ptr->response_len=0; if(do_stats && display && display_unanswered_requests==1) process_dialog(ptr); next=ptr->next; free_dialog(ptr); ptr=next; } if(do_stats) { print("\n"); display_string_table("Server versions:",server_version_table); display_string_table("Server versions (simple):",server_version_simple_table); display_string_table("User agents:",user_agent_table); display_string_table("HTTP version:",http_version_table); display_string_table_with_data_sorted("HTTP responses:",http_response_code_table," "); display_string_table("Extensions:",extension_table); display_string_table("Websites suffixes:",suffix_table); if(display_raw_stats) { display_nb_table("Latency (in us): ",&latency_table); } else { latency_stats(); } if(display_raw_stats) { display_nb_table("Content Length: ",&cl_table); } else { content_length_stats(); } if(display_raw_stats) { display_nb_table("Freshness (in seconds):",&fresh_table); } else { freshness_stats(); } //display_string_table_with_data("URLs:",url_table, "DATA:"); display_string_table("Content-Type:",content_type_table); display_string_table("Content-Type (simple):",content_type_simple_table); //display_string_table("Content-Length:",content_length_table); if(display_raw_stats) { display_string_table("Headers:",header_table); } //display_string_table("Sequence numbers:",sequence_number_table); } free_string_table(server_version_table); free_string_table(server_version_simple_table); free_string_table(user_agent_table); free_string_table(http_version_table); free_string_table(http_response_code_table); free_string_table(extension_table); free_string_table(suffix_table); //free_string_table(url_table); free_string_table(header_table); free_string_table(content_type_table); free_string_table(content_type_simple_table); //free_string_table(content_length_table); //free_string_table(freshness_table); free_string_table(sequence_number_table); free_nb_table(cl_table); free_nb_table(fresh_table); free_nb_table(latency_table); free_anonymised_url_table(); free(ip_table); free(port_table); if(input_file_size_s) free(input_file_size_s); if(alldevs) pcap_freealldevs (alldevs); return 0; } Here is the call graph for this function:

void memset_range (  char *  start, char *  end, int  c )

Fills a memory area with a specified character (this is a wrapper for memset). Parameters: char  *start : Start of the memory area char  *end : End of the memory area int  c : The character to fill the area with Definition at line 534 of file anon.c. Referenced by generate_anonymised_url(), and packet_handler(). { if(end-start>0) memset(start, c, end-start); }

void packet_handler (  u_char *  param, const struct pcap_pkthdr *  header, const u_char *  pkt_data )

The packet handler function, which is called for every processed packet. valid Definition at line 2575 of file anon.c. References adhandle, anon_http(), anon_ip(), anon_port(), anon_sequence(), anon_timestamp(), anonymise, anonymise_checksum, anonymise_content, anonymise_http, anonymise_ip, anonymise_mac, anonymise_port, anonymise_sequence, anonymise_timestamp, buffer_request(), compute_flags(), sandnb::data, display, display_additional_info, display_flags, display_http, display_http_only, display_packet_infos(), display_progress, display_tcp_infos, dumphandle, ETHER_HDRLEN, find_item(), find_request(), free_dialog(), get_pct(), get_size(), get_speed(), ifile, input_file_last, input_file_read, input_file_size, input_file_size_1pct, input_file_size_s, ip_s::ip_dst, IP_HL, ip_s::ip_sum, IP_V, maxfilesize, memset_range(), nb_request, nb_response, nbpackets, nbpacketstocapture, nbvalidpackets, ofile, output_file_written, output_stream, print, process_dialog(), dialog::req_nb, dialog::resp_nb, dialog::response, dialog::response_len, sandnb::s, start_time, stats_add_latency(), stats_add_sequence_number_with_data(), strstr_limited(), tcp_s::th_chksum, tcp_s::th_dport, tcp_s::th_flag, tcp_s::th_hlen_reserved, tcp_s::th_sport, truncate_packet, ts_print_diff(), dialog::ts_request, dialog::ts_response, use_sequence_numbers, and xmalloc(). Referenced by main(). { const u_char *data = packet; char *eop=(char*)packet+header->caplen; //End of packet (in memory) struct ether_header *eptr; /* net/ethernet.h */ struct ip_s *ip; u_int tcp_len; u_int len=header->caplen; u_int ip_hlen; char ip_src[] = "xxx.xxx.xxx.xxx"; char ip_dst[] = "xxx.xxx.xxx.xxx"; char real_ip_src[] = "xxx.xxx.xxx.xxx"; char real_ip_dst[] = "xxx.xxx.xxx.xxx"; u_short dport, sport, realdport, realsport; struct dialog *d = NULL; char *buffer; struct tcp_s *tcp; char *flags=NULL; u_int32_t seq; char seq_nb[12]; char next_seq_nb[12]; string_and_nb *item=NULL; int expected=0; char *eoh=NULL; *eop='\0'; input_file_read+=header->caplen+16; input_file_last+=header->caplen+16; if(!display && display_progress) { //stats are displayed every 1Mb (or 1%) for offline mode, or every 50kb for online mode if((ifile && input_file_last>=input_file_size_1pct && input_file_last>1000000) || (!ifile && input_file_read-input_file_last>=50000)) { time_t t; double diff; input_file_last=0; time(&t); diff=input_file_read/difftime(t, start_time); buffer=get_size(input_file_read); if(buffer) { if(input_file_size_s) { char *buffer2=get_pct((double)input_file_read/input_file_size); if(buffer2) { print("[%s] ",buffer2); free(buffer2); } print("Processed %s/%s",buffer,input_file_size_s); } else print("Processed %s",buffer); free(buffer); } buffer=get_speed(diff); if(buffer) { print(" at %s",buffer); free(buffer); } if(ofile) { char *tmp=get_size(output_file_written); if(tmp) { print(" (Written %s)",tmp); free(tmp); } } print("\n"); fflush(output_stream); } } if(anonymise && anonymise_timestamp) anon_timestamp((struct timeval*)&header->ts); // Packet is smaller than ethernet header length if ((header->caplen) < ETHER_HDRLEN) goto function_end; // Anoymise source & dest MAC address if (anonymise && anonymise_mac) memset ((char *) packet, 0, 12); eptr = (struct ether_header *) data; // We only process the packet if its type it is an IP packet. if (ntohs (eptr->ether_type) != ETHERTYPE_IP) goto function_end; if (len < sizeof (struct ip_s)) goto function_end; // We now have an IP packet data += sizeof (struct ether_header); len -= sizeof (struct ether_header); ip = (struct ip_s *) (data); // If the ip packet hasn't been truncated and it has a correct header length if (len < sizeof (struct ip_s) || IP_HL (ip) < 5) goto function_end; if (ip->ip_p != IPPROTO_TCP) goto function_end; if(anonymise && anonymise_checksum) ip->ip_sum=(u_int16_t)0; //We check that the used version of IP is 4 if (IP_V (ip) != 4) goto function_end; ip_hlen = (ip->ip_vhl & 0x0f) * 4; // We have a TCP packet data += ip_hlen; len -= ip_hlen; if (len < sizeof (struct tcp_s)) goto function_end; //The TCP packet is valid tcp = (struct tcp_s*) data; if(display && display_tcp_infos && display_flags) flags=compute_flags(tcp->th_flag); if(anonymise && anonymise_checksum) tcp->th_chksum=(u_int16_t)0; //Erasing tcp timestamp if(anonymise && anonymise_timestamp) { if (tcp->th_hlen_reserved > 80) { int offset=0; if (tcp-> th_hlen_reserved == 128) { if ((data[20] == 0x01) && (data[21] == 0x01) && (data[22] == 0x08) && (data[23] == 0x0a)) offset=24; } else if (tcp->th_hlen_reserved == 160) { if ((data[26] == 0x08) && (data[27] == 0x0a)) offset=28; } if(offset) { //print("TIME "); //ts_print((struct timeval*)data+offset); //print("\n"); //anon_timestamp((struct timeval*)data+offset); //print("TIME2 "); //ts_print((struct timeval*)data+offset); //print("\n\n"); memset((void*)data+offset,0,8); } } } /* Anonymising IP src & dest */ strcpy (real_ip_src,inet_ntoa(ip->ip_src)); strcpy (real_ip_dst,inet_ntoa(ip->ip_dst)); if (anonymise && anonymise_ip) { anon_ip(&(ip->ip_src)); anon_ip(&(ip->ip_dst)); } strcpy (ip_src,inet_ntoa(ip->ip_src)); strcpy (ip_dst,inet_ntoa(ip->ip_dst)); /* Anonymising source and destination ports */ realdport = ntohs (tcp->th_dport); // destination port number realsport = ntohs (tcp->th_sport); // source port number if (anonymise && anonymise_port) { anon_port(&(tcp->th_sport)); anon_port(&(tcp->th_dport)); } dport = ntohs (tcp->th_dport); // destination port number sport = ntohs (tcp->th_sport); // source port number nbpackets++; data += tcp->th_hlen_reserved/4; len -= tcp->th_hlen_reserved/4; tcp_len=header->len-sizeof(struct ether_header)-ip_hlen-tcp->th_hlen_reserved/4; if(anonymise && anonymise_sequence) anon_sequence(&(tcp->th_seq)); seq=htonl(tcp->th_seq); sprintf(seq_nb, "%u", seq); if(use_sequence_numbers) sprintf(next_seq_nb,"%u",seq+tcp_len); if (/*(already_anonymised ||realsport == 80 || realdport ==80) &&*/ len >sizeof(struct tcp_s) && (strncmp(data,"HTTP",4) == 0 || strncmp(data,"GET ",4) == 0)) { //We look for the end of the headers (CRLF CRLF) eoh= strstr_limited ((char*)data, eop, "\r\n\r\n"); //End of headers if (eoh) { //We only keep a final "\r\n" eoh+=2; len=eoh-(char*)data; } else eoh = eop; if(anonymise && anonymise_content) memset_range(eoh, eop,0); if(anonymise && anonymise_http) anon_http((char*)data,len); if(display) display_packet_infos(nbpackets, (struct timeval*)&(header->ts), ip_src, ip_dst, sport, dport); nbvalidpackets++; buffer = xmalloc (len + 1); memcpy (buffer, data, len); buffer[len] = '\0'; if (*data=='G') //This is a request { if(display) { print ("REQ "); display_additional_info(); } nb_request++; d=buffer_request(buffer,len,nbpackets,ip_src,ip_dst,sport,dport); memcpy(&(d->ts_request), (struct timeval*)&(header->ts), sizeof(struct timeval)); } else // This is a response { if(display) { print ("ANS "); display_additional_info(); } nb_response++; d = find_request (ip_src, ip_dst, sport, dport); if (d) //We have a buffered request corresponing to this response { int lat; struct timeval time_diff; memcpy(&(d->ts_response), (struct timeval*)&(header->ts), sizeof(struct timeval)); time_diff.tv_sec=d->ts_response.tv_sec-d->ts_request.tv_sec; if(d->ts_request.tv_usec <= d->ts_response.tv_usec) time_diff.tv_usec=d->ts_response.tv_usec - d->ts_request.tv_usec; else { time_diff.tv_usec=d->ts_response.tv_usec - d->ts_request.tv_usec + 1000000; time_diff.tv_sec--; } lat=time_diff.tv_sec*1000000.0+time_diff.tv_usec; stats_add_latency(lat); if(display) { print("lat="); ts_print_diff(&time_diff); print("[%i]",d->req_nb); } } else //We have found no corresponding request to this reply { d=buffer_request(NULL,0,0,real_ip_src,real_ip_dst,realsport,realdport); memcpy(&(d->ts_response), (struct timeval*)&(header->ts), sizeof(struct timeval)); if(display) print ("[??]"); } d->resp_nb=nbpackets; d->response = buffer; d->response_len=len; if(display && display_http) print ("\n-----------------\n"); process_dialog(d); free_dialog(d); if(display && display_http) print ("-----------------"); } if(display) print("\n"); } //end if is_valid else { if(truncate_packet) eoh=(char*)data; if(anonymise && anonymise_content) memset_range((char*)data, eop,'\0'); if(tcp_len>0) { if (use_sequence_numbers) { if((item=find_item(sequence_number_table, seq_nb))) { //If were expecting this sequence number //This is a continuation packet, containing HTTP data goto exp; } } else { exp: nbvalidpackets++; expected=1; } } if(!display_http_only && display) { display_packet_infos(nbpackets, (struct timeval*)&(header->ts), ip_src, ip_dst, sport, dport); if(expected) { //if(item && item->data) print("CNT %s ",(char*)item->data); //else print("CNT "); } else print(" "); display_additional_info(); print("\n"); } } if(use_sequence_numbers) { char tmp[12]; char *tmp2; sprintf(tmp, "%i", nbpackets); tmp2=strdup(tmp); if(expected) { free(item->s); item->s=strdup(next_seq_nb); if(item->data) { free(item->data); item->data=tmp2; } } else stats_add_sequence_number_with_data(next_seq_nb, tmp2); } if(nbpackets>=nbpacketstocapture && nbpacketstocapture>0) pcap_breakloop(adhandle); function_end: //We dump the (anonymised) packet to the output file, if needed if (ofile) { if(maxfilesize==0 || output_file_written<maxfilesize) { if(truncate_packet) { int diff; //if(eoh==NULL) eoh = eop; if(eoh==NULL) eoh = (char *)data; diff=eoh-(char*)packet; if(header->caplen!=diff) { //new_header=xmalloc(sizeof(struct pcap_pkthdr)); //memcpy(new_header, header, sizeof(struct pcap_pkthdr)); //new_header->caplen=diff+1; ((struct pcap_pkthdr*)header)->caplen=diff; //*((char*)packet+diff)='\0'; //printf("diff:%i\n",diff); //header=new_header; //printf("aaa\n"); //printf("%i %i\n",header->caplen,eoh-(char*)packet); } } pcap_dump ((u_char *) dumphandle, header, packet); output_file_written+=header->caplen+16; } } if(flags) free(flags); } Here is the call graph for this function:

int parse_size (  char *  string  )

: Parses a size in the form: "10m" or "1g", and returns the number of bytes Parameters: char  *string: the string to parse Returns: The corresponding number of bytes Definition at line 1936 of file anon.c. Referenced by main(). { char *s; int len; int mult=1; if(string==NULL) return 0; s=strdup(string); len=strlen(s); if(*(s+len-1)=='g' || *(s+len-1)=='G') {mult=1000000000;*(s+len-1)='\0';} else if(*(s+len-1)=='m' || *(s+len-1)=='M') {mult=1000000;*(s+len-1)='\0';} else if(*(s+len-1)=='k' || *(s+len-1)=='K') {mult=1000;*(s+len-1)='\0';} return mult*atoi(s); }

void process_dialog (  struct dialog *  d  )

Scans a HTTP dialog (request+response) and displays it if needed. Parameters: struct  dialog *d: a dialog structure containing the request, the response, and some additional information Definition at line 1909 of file anon.c. References display, display_http, do_stats, print, dialog::request, dialog::response, and scan_http(). Referenced by main(), and packet_handler(). { if(do_stats) scan_http(d); if(display && display_http) { if(d->request) print ("%s\n", d->request); print ("-----------------\n"); if(d->response) print ("%s\n", d->response); } } Here is the call graph for this function:

char * process_http (  char *  data, int  len, int  scan, int  anon )

This a wrapper to call either scan_http() or anon_http(). ! This is NOT an HTTP response code! This is a document beginning with "HTTP/1.1" Definition at line 981 of file anon.c. References anon_field(), anonymise, anonymise_http, convert_to_small(), display_raw_stats, fields_to_anonymise, find_end(), get_extension, get_suffix, is_in(), stats_add_content_length_nb(), stats_add_content_type(), stats_add_content_type_simple(), stats_add_extension(), stats_add_header(), stats_add_http_response_code_with_data(), stats_add_http_version(), stats_add_server(), stats_add_server_simple(), stats_add_suffix(), stats_add_user_agent(), string_append(), strptime(), and strstr_limited(). Referenced by anon_http(), and scan_http(). { char *ptr=data; char *tmp; char *last_modified=NULL; char *date=NULL; char *end=data+len; char *nextpos=NULL; char backup_char; if(data==NULL) return NULL; while(1) { tmp=strstr_limited(ptr, end, "\r"); if(!tmp) { tmp=strstr_limited(ptr, end, "\n"); } else { char *tmp2=strstr_limited(ptr, tmp, "\n"); if(tmp2 && tmp2<tmp) tmp=tmp2; } if(!tmp) { tmp=end; nextpos=NULL; //We skip the headers that have been truncated due to too small snaplen if(scan) break; } else { if(*tmp=='\r' && *(tmp+1)=='\n') { nextpos=tmp+2; } else if(*tmp=='\r' || *tmp=='\n') { nextpos=tmp+1; } } backup_char=*tmp; *tmp='\0'; if(anon && anonymise && anonymise_http) { char *field=is_in(fields_to_anonymise, ptr); if(field) { anon_field(field, ptr); } else { //Handle special Hotmail servers headers, beginning with "<" //Special thanks to Microsoft... if(ptr && *ptr=='<') { anon_field("",ptr); } } } if(scan) { //Uncomment to get headers stats if(display_raw_stats) { char *tmp=strstr(ptr, ":"); char bak; char *dup; if(!tmp) tmp=strstr(ptr," "); else { char *tmp2=strstr(ptr, " "); if(tmp2 && tmp2<tmp) tmp=tmp2; } if(tmp) { bak=*tmp; *tmp='\0'; } dup=strdup(ptr); //convert_to_small(dup); stats_add_header(dup); free(dup); if(tmp) *tmp=bak; } if(ptr+5<end && strncmp(ptr, "HTTP/",5)==0) { //We only keep the response code char bak; char *tmp=NULL; int tmp_i; bak=ptr[12]; if(ptr[12]==' ') { tmp=strdup(ptr+13); } else { //Some webservers are broken: //Normally, they should answer: //response-code [SPACE] reason-code //Unfortunately, that it not always the case tmp=strdup(""); } ptr[12]='\0'; if(sscanf(ptr+9,"%i ",&tmp_i)==1) { stats_add_http_response_code_with_data(ptr+9, tmp); ptr[12]=bak; bak=ptr[9]; ptr[9]='\0'; stats_add_http_version(ptr); ptr[9]=bak; } else { free(tmp); ptr[12]=bak; nextpos=NULL; } } else if(ptr+4<end && strncmp(ptr, "GET ",4)==0) { char *tmp; char *page=strdup(ptr+4); *(page+strlen(page)-8)='\0'; tmp=get_extension(page); if(tmp) { char *tmp2=find_end(tmp); //for URLs like: // ._zahi,7,2,15,108,verdenab,8,204,102,0_zahelp // ._zahello,7,3,18,328,verdenab,10,204,102,0_zaplease if(tmp2) { *tmp2='\0'; } convert_to_small(tmp); stats_add_extension(tmp); free(tmp); } free(page); } else if(strncmp(ptr, "Date: ",6)==0) { date=strdup(ptr+6); } else if(strncmp(ptr, "Server: ",8)==0) { char *dup=strdup(ptr+8); char *tmp; if(strncmp(dup, ".V", 2)==0) //Like .V15 Apache/xxx { char *space=index(ptr+8, ' '); if(space) { free(dup); dup=strdup(space+1); } } tmp=index(dup,'/'); if(tmp) *tmp='\0'; tmp=index(dup,' '); if(tmp) *tmp='\0'; tmp=strstr(dup,"Apache"); if(tmp) *(tmp+6)='\0'; tmp=index(dup,'-'); if(tmp) *tmp='\0'; stats_add_server(ptr+8); /* if(strncmp(ptr+8, ".V", 2)==0) //Like .V15 Apache/xxx { char *space=index(ptr+8, ' '); if(space) stats_add_server_simple(space+1); else stats_add_server_simple(dup); } else {*/ stats_add_server_simple(dup); //} free(dup); } else if(strncmp(ptr, "Content-Type: ",14)==0) { char *dup=strdup(ptr+14); char *tmp=strstr(dup,";"); char *dup2=NULL; if(tmp) *tmp='\0'; convert_to_small(dup); dup2=strdup(dup); if((tmp=strstr(dup2,"/"))) *tmp='\0'; stats_add_content_type(dup); stats_add_content_type_simple(dup2); free(dup); free(dup2); } else if(strncmp(ptr, "Host: ",6)==0) { char *tmp; tmp=get_suffix(ptr+6); if(tmp) { convert_to_small(tmp); stats_add_suffix(tmp); free(tmp); } } else if(strncmp(ptr, "Last-Modified: ",15)==0) { last_modified=strdup(ptr+15); } else if(strncmp(ptr, "Content-Length: ",16)==0) { stats_add_content_length_nb(atoi(ptr+16)); } else if(strncmp(ptr, "User-Agent: ",12)==0) { stats_add_user_agent(ptr+12); } } if(tmp) *tmp=backup_char; if(nextpos==NULL) break; ptr=nextpos; } if(scan) { if(last_modified && date) { struct tm time_date; struct tm time_lm; char *ret_date; char *ret_lm; ret_date=strptime(date, "%a, %d %b %Y %T GMT", &time_date); ret_lm=strptime(last_modified, "%a, %d %b %Y %T GMT", &time_lm); if(ret_date==date+strlen(date) && ret_lm==last_modified+strlen(last_modified)) { //The two dates have been correctly parsed time_t seconds_date=mktime(&time_date); time_t seconds_lm=mktime(&time_lm); double diff=difftime(seconds_date,seconds_lm); free(last_modified); free(date); last_modified=NULL; date=NULL; if(diff>=0) return string_append(NULL, "%i", (int)diff); } } /*else { if(date) printf("NOLAST LAST\n"); else printf("NOLAST DATE\n"); } */ } if(date) free(date); if(last_modified) free(last_modified); return NULL; } Here is the call graph for this function:

void scan_http (  struct dialog *  d  )

Scans two HTTP headers in memory (request and response) and gathers statistics. Parameters: struct  dialog *d: a dialog structure containing the request, the response, and some additional information Definition at line 1268 of file anon.c. References process_http(), dialog::request, dialog::request_len, dialog::response, dialog::response_len, and stats_add_freshness(). Referenced by process_dialog(). { char *freshness=NULL; //char *tmp=NULL; /*tmp=*/process_http(d->request, d->request_len, 1, 0); freshness=process_http(d->response, d->response_len, 1, 0); if(freshness) { stats_add_freshness(atoi(freshness)); free(freshness); } //if(tmp) free(tmp); } Here is the call graph for this function:

void stats_add_content_length_nb (  int  nb  )

Definition at line 193 of file anon.c. References add_nb(). Referenced by process_http(). { add_nb(&cl_table, nb); } Here is the call graph for this function:

void stats_add_content_type (  char *  s  )

Definition at line 1888 of file anon.c. References add_and_count_string. Referenced by process_http(). { content_type_table=add_and_count_string(content_type_table, s); }

void stats_add_content_type_simple (  char *  s  )

Definition at line 1892 of file anon.c. References add_and_count_string. Referenced by process_http(). { content_type_simple_table=add_and_count_string(content_type_simple_table, s); }

void stats_add_extension (  char *  s  )

Definition at line 1862 of file anon.c. References add_and_count_string. Referenced by process_http(). { extension_table=add_and_count_string(extension_table, s); }

void stats_add_freshness (  int  nb  )

Definition at line 1900 of file anon.c. References add_nb(). Referenced by scan_http(). { add_nb(&fresh_table, nb); } Here is the call graph for this function:

void stats_add_header (  char *  s  )

Definition at line 1858 of file anon.c. Referenced by process_http(). { // header_table=add_and_count_string(header_table, s); }

void stats_add_http_response_code_with_data (  char *  s, char *  data )

Definition at line 1883 of file anon.c. References add_and_count_string_with_data(). Referenced by process_http(). { http_response_code_table=add_and_count_string_with_data(http_response_code_table, s, data); } Here is the call graph for this function:

void stats_add_http_version (  char *  s  )

Definition at line 1896 of file anon.c. References add_and_count_string. Referenced by process_http(). { http_version_table=add_and_count_string(http_version_table, s); }

void stats_add_latency (  int  nb  )

Definition at line 1904 of file anon.c. References add_nb(). Referenced by packet_handler(). { add_nb(&latency_table, nb); } Here is the call graph for this function:

void stats_add_sequence_number (  char *  s  )

Definition at line 1850 of file anon.c. References add_and_count_string. { sequence_number_table=add_and_count_string(sequence_number_table, s); }

void stats_add_sequence_number_with_data (  char *  s, void *  data )

Definition at line 1854 of file anon.c. References add_and_count_string_with_data(). Referenced by packet_handler(). { sequence_number_table=add_and_count_string_with_data(sequence_number_table, s, data); } Here is the call graph for this function:

void stats_add_server (  char *  s  )

Definition at line 1870 of file anon.c. References add_and_count_string. Referenced by process_http(). { server_version_table=add_and_count_string(server_version_table, s); }

void stats_add_server_simple (  char *  s  )

Definition at line 1874 of file anon.c. References add_and_count_string. Referenced by process_http(). { server_version_simple_table=add_and_count_string(server_version_simple_table, s); }

void stats_add_suffix (  char *  s  )

Definition at line 1866 of file anon.c. References add_and_count_string. Referenced by process_http(). { suffix_table=add_and_count_string(suffix_table, s); }

void stats_add_user_agent (  char *  s  )

Definition at line 1878 of file anon.c. References add_and_count_string. Referenced by process_http(). { user_agent_table=add_and_count_string(user_agent_table, s); }

char * string_append (  char *  s, const char *  fmt,   ... )

Appends a string to another. Definition at line 228 of file anon.c. References get_string_from_args, xmalloc(), and xrealloc(). Referenced by add_and_count_string_with_data(), display_deviation(), display_string_table_with_data(), get_pct(), get_size(), get_speed(), get_time(), latency_stats(), process_http(), and summarize_stats(). { char *tmp; get_string_from_args(tmp); if(!tmp) return NULL; if(s==NULL) { s=xmalloc( strlen(tmp)+1); strcpy(s, tmp); } else { s=xrealloc(s, strlen(s)+strlen(tmp)+1); strcat(s, tmp); } free(tmp); if(s==NULL) return NULL; return s; } Here is the call graph for this function:

char * strstr_limited (  char *  ptr, char *  end, char *  str )

Wrapper for strstr, which limits the memory area to search. Parameters: char  *ptr: start of the memory area char  *end: end of the memory area char  *str: the string to find Returns: If found, a char * pointing to the searched string. NULL otherwise. Definition at line 963 of file anon.c. Referenced by packet_handler(), and process_http(). { char *first; if(!str) return NULL; while(1) { first=memchr(ptr, *str, end-ptr); if(first) { int len=strlen(str); if(first+len<=end && strncmp(str, first, len)==0) return first; } else return NULL; ptr=first+1; if(ptr>end) return NULL; } }

string_and_nb* summarize_stats (  nb_table *  table, string_and_nb *  new_table, int  max, char *  title )

Definition at line 1297 of file anon.c. References add_and_count_string, find_item(), get_size(), nb_table::len, sandnb::nb, sandnb::s, nb_table::start, and string_append(). Referenced by content_length_stats(), freshness_stats(), and latency_stats(). { int *ptr=table->start; string_and_nb *item=NULL; int nb=0; int sum=0; int is_time=0; int is_size=0; int is_latency=0; char *size_s=NULL; char *size_s2=NULL; int len=table->len; if(table==&cl_table ) {is_size=1;} else if(table==&fresh_table) {is_time=1;} else if(table==&latency_table) {is_latency=1;} while(len--) { if((*ptr<max || max==-1) && *ptr!=-1) { nb++; sum+=*ptr; *ptr=-1; } ptr++; } if(nb>0) { new_table=add_and_count_string(new_table, "DUMMY"); item=find_item(new_table, "DUMMY"); item->nb=nb; free(item->s); if(is_size) { size_s2=get_size(sum); if(max==-1) { size_s=strdup("above"); } else { size_s=get_size(max); } item->s=string_append(NULL, "< %7s (total: %s)", size_s, size_s2); } else if(is_time) { if(title) item->s=strdup(title); else item->s=strdup(""); } else if(is_latency) { if(max==-1) { size_s=strdup("above"); } else { size_s=string_append(NULL, "%i ms",max/1000); } item->s=string_append(NULL, "< %7s", size_s); } } if(size_s) free(size_s); if(size_s2) free(size_s2); return new_table; } Here is the call graph for this function:

void ts_print (  struct timeval *  tvp_  )

Prints a timestamp following this format: 16:21:48.970264. Parameters: struct  timeval *tvp_: A pointer on a timeval Definition at line 447 of file anon.c. References anonymise, anonymise_timestamp, print, and timeoffset. Referenced by display_packet_infos(). { register int s; struct timeval tv; struct timeval *tvp=&tv; tv.tv_sec=tvp_->tv_sec; tv.tv_usec=tvp_->tv_usec; if(!anonymise && anonymise_timestamp) s = (tvp->tv_sec+timeoffset) % 86400; else s = (tvp->tv_sec) % 86400; (void)print("%02d:%02d:%02d.%06u ", s / 3600, (s % 3600) / 60, s % 60, (unsigned)tvp->tv_usec); }

void ts_print_diff (  struct timeval *  tvp_  )

Prints a time difference following this format: 14.95ms. Parameters: struct  timeval *tvp_: A pointer on a timeval Definition at line 438 of file anon.c. References print. Referenced by packet_handler(). { //Print the latency in miliseconds float time=tvp->tv_sec*1000.0+tvp->tv_usec/1000.0; print("%.02fms ",time); }

void * xmalloc (  size_t  size  )

A wrapper to malloc() which quits the program if the memory allocation fails. Definition at line 804 of file anon.c. References print. Referenced by add_and_count_string_with_data(), buffer_request(), clone_nb_table(), display_string_table_with_data(), packet_handler(), and string_append(). { void *tmp=malloc(size); if(!tmp) { print("Memory allocation error!\n"); exit(EXIT_FAILURE); } return tmp; }

void * xrealloc (  void *  ptr, size_t  size )

A wrapper to realloc() which quits the program if the memory allocation fails. Definition at line 815 of file anon.c. References print. Referenced by add_anonymised_url(), add_flag(), add_nb(), anon_ip(), anon_port(), and string_append(). { void *tmp=realloc(ptr,size); if(!tmp) { print("Memory allocation error!\n"); exit(1); } return tmp; }

---

Variable Documentation

pcap_t* adhandle = NULL

Definition at line 117 of file anon.c. Referenced by catch_ctrl_c(), main(), and packet_handler().

pcap_if_t* alldevs = NULL

Definition at line 119 of file anon.c. Referenced by get_pcap_interface(), and main().

int already_anonymised = 0

Definition at line 73 of file anon.c. Referenced by main().

char* anon_url_table = NULL

Definition at line 81 of file anon.c. Referenced by add_anonymised_url(), find_url(), and free_anonymised_url_table().

int anonymise = 1

Definition at line 52 of file anon.c. Referenced by anon_field(), main(), packet_handler(), process_http(), and ts_print().

int anonymise_checksum = 1

Definition at line 61 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_content = 1

Definition at line 60 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_date = 1

Definition at line 55 of file anon.c. Referenced by anon_field(), and main().

int anonymise_http = 1

Definition at line 58 of file anon.c. Referenced by main(), packet_handler(), and process_http().

int anonymise_ip = 1

Definition at line 59 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_mac = 1

Definition at line 53 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_port = 1

Definition at line 54 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_sequence = 1

Definition at line 62 of file anon.c. Referenced by main(), and packet_handler().

int anonymise_timestamp = 1

Definition at line 56 of file anon.c. Referenced by main(), packet_handler(), and ts_print().

int anonymise_url = 1

Definition at line 57 of file anon.c. Referenced by anon_field(), and main().

nb_table cl_table = {0, NULL}

Definition at line 95 of file anon.c.

string_and_nb* content_type_simple_table = NULL

Definition at line 91 of file anon.c.

string_and_nb* content_type_table = NULL

Definition at line 90 of file anon.c.

int date_offset = 0

Definition at line 103 of file anon.c. Referenced by anon_date().

int debug = 0

Definition at line 49 of file anon.c. Referenced by add_anonymised_url(), and generate_anonymised_url().

struct dialog* dialog_table = NULL

Definition at line 99 of file anon.c.

int display = 1

Definition at line 63 of file anon.c. Referenced by buffer_request(), display_packet_infos(), main(), packet_handler(), and process_dialog().

int display_flags = 1

Definition at line 64 of file anon.c. Referenced by main(), and packet_handler().

int display_http = 1

Definition at line 68 of file anon.c. Referenced by main(), packet_handler(), and process_dialog().

int display_http_only = 0

Definition at line 69 of file anon.c. Referenced by main(), and packet_handler().

int display_progress = 1

Definition at line 67 of file anon.c. Referenced by main(), and packet_handler().

int display_raw_stats = 0

Definition at line 71 of file anon.c. Referenced by add_and_count_string_with_data(), add_nb(), clone_nb_table(), display_deviation(), display_nb_table(), display_string_table_with_data(), main(), and process_http().

int display_tcp_infos = 1

Definition at line 65 of file anon.c. Referenced by main(), and packet_handler().

int display_timestamp = 1

Definition at line 66 of file anon.c. Referenced by display_packet_infos(), and main().

int display_unanswered_requests = 0

Definition at line 70 of file anon.c. Referenced by main().

int do_stats = 1

Definition at line 51 of file anon.c. Referenced by main(), and process_dialog().

pcap_dumper_t* dumphandle

Definition at line 118 of file anon.c. Referenced by main(), and packet_handler().

time_t end_time

Definition at line 44 of file anon.c. Referenced by main().

string_and_nb* extension_table = NULL

Definition at line 89 of file anon.c.

char* fields_to_anonymise[]

Initial value: { "Host: ", "Client-IP: ", "From: ", "Location: ", "Content-Location: ","ETag: ", "If-None-Match: ", "Referer: ", "Age: ", "Title: ", "Expires: ", "Last-Modified: ", "If-Modified-Since: ", "Cookie: ", "Set-Cookie: ", "Date: ", "GET ", "WWW-Authenticate: ", "PPServer: "} Definition at line 121 of file anon.c. Referenced by process_http().

u_int32_t firstanonip = 0

Definition at line 100 of file anon.c. Referenced by anon_ip().

nb_table fresh_table = {0, NULL}

Definition at line 96 of file anon.c.

string_and_nb* header_table = NULL

Definition at line 92 of file anon.c.

string_and_nb* http_response_code_table = NULL

Definition at line 86 of file anon.c.

string_and_nb* http_version_table = NULL

Definition at line 87 of file anon.c.

char* ifile = NULL

Definition at line 116 of file anon.c. Referenced by main(), and packet_handler().

int input_file_last = 0

Definition at line 40 of file anon.c. Referenced by packet_handler().

int input_file_read = 0

Definition at line 39 of file anon.c. Referenced by main(), and packet_handler().

int input_file_size = 0

Definition at line 38 of file anon.c. Referenced by main(), and packet_handler().

int input_file_size_1pct = 0

Definition at line 41 of file anon.c. Referenced by main(), and packet_handler().

char* input_file_size_s = NULL

Definition at line 37 of file anon.c. Referenced by main(), and packet_handler().

char* ip_table = NULL

Definition at line 79 of file anon.c. Referenced by anon_ip(), find_anonymised_ip(), and main().

nb_table latency_table = {0, NULL}

Definition at line 97 of file anon.c.

int max_display_space = 0

Definition at line 112 of file anon.c. Referenced by display_packet_infos().

int maxfilesize = 0

Definition at line 107 of file anon.c. Referenced by main(), and packet_handler().

int maxpacketsize = 65536

Definition at line 106 of file anon.c. Referenced by main().

int nb_request = 0

Definition at line 35 of file anon.c. Referenced by main(), and packet_handler().

int nb_response = 0

Definition at line 34 of file anon.c. Referenced by main(), and packet_handler().

int nbip = 0

Definition at line 76 of file anon.c. Referenced by anon_ip(), and find_anonymised_ip().

int nbpackets = 0

Definition at line 108 of file anon.c. Referenced by add_and_count_string_with_data(), add_nb(), anon_timestamp(), main(), and packet_handler().

int nbpacketstocapture = -1

Definition at line 110 of file anon.c. Referenced by main(), and packet_handler().

int nbports = 0

Definition at line 77 of file anon.c. Referenced by anon_port().

int nburl = 0

Definition at line 78 of file anon.c. Referenced by add_anonymised_url(), find_url(), and free_anonymised_url_table().

int nbvalidpackets = 0

Definition at line 109 of file anon.c. Referenced by main(), and packet_handler().

char* ofile = NULL

Definition at line 115 of file anon.c. Referenced by main(), and packet_handler().

int output_file_written = 0

Definition at line 42 of file anon.c. Referenced by main(), and packet_handler().

FILE* output_stream

Definition at line 114 of file anon.c. Referenced by main(), and packet_handler().

double pct_treshold = 0

Definition at line 82 of file anon.c. Referenced by display_string_table_with_data(), and main().

char* port_table = NULL

Definition at line 80 of file anon.c. Referenced by anon_port(), and main().

u_int32_t rand_seq_nb = 0

Definition at line 104 of file anon.c. Referenced by anon_sequence().

string_and_nb* sequence_number_table = NULL

Definition at line 93 of file anon.c.

string_and_nb* server_version_simple_table = NULL

Definition at line 85 of file anon.c.

string_and_nb* server_version_table = NULL

Definition at line 84 of file anon.c.

time_t start_time

Definition at line 43 of file anon.c. Referenced by main(), and packet_handler().

string_and_nb* suffix_table = NULL

Definition at line 94 of file anon.c.

int32_t timeoffset = 0

Definition at line 101 of file anon.c. Referenced by anon_timestamp(), main(), and ts_print().

int32_t timeoffset_usec = 0

Definition at line 102 of file anon.c. Referenced by anon_timestamp(), and main().

int truncate_packet = 0

Definition at line 75 of file anon.c. Referenced by main(), and packet_handler().

int use_sequence_numbers = 0

Definition at line 74 of file anon.c. Referenced by main(), and packet_handler().

string_and_nb* user_agent_table = NULL

Definition at line 88 of file anon.c.

---