Imported Upstream version 1.0.1

parents
Nicholas Harbour
This diff is collapsed.
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004 Free
Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. (Caching is
disabled by default to prevent problems with accidental use of stale
cache files.)
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You only need
`configure.ac' if you want to change it or regenerate `configure' using
a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not support the `VPATH'
variable, you have to compile the package for one architecture at a
time in the source code directory. After you have installed the
package for one architecture, use `make distclean' before reconfiguring
for another architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PREFIX', the package will
use PREFIX as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the `--target=TYPE' option to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `config.site' that gives default
values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
will cause the specified gcc to be used as the C compiler (unless it is
overridden in the site shell script).
`configure' Invocation
======================
`configure' recognizes the following options to control how it operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
AM_CFLAGS = -D_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
bin_PROGRAMS = tcpxtract
tcpxtract_SOURCES = tcpxtract.c sessionlist.c sessionlist.h util.c util.h confy.y confl.l \
conf.c conf.h confy.h search.h search.c extract.h extract.c
#tcpxtract_LDADD = @LEXLIB@
sysconf_DATA = tcpxtract.conf
man_MANS = tcpxtract.1
EXTRA_DIST = tcpxtract.conf tcpxtract.1
AM_YFLAGS = -d
This diff is collapsed.
This diff is collapsed.
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#include "conf.h"
#include "util.h"
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include "search.h"
static int id;
void config_type(char *ext, char *maxlength, char *hspec, char *fspec)
{
unsigned long maxlen;
if (!sscanf(maxlength, "%lu", &maxlen))
error("Invalid maximum length in file format specifier");
compile_srch(&srch_machine, id, strdup(ext), maxlen, hspec, HEADER);
if (fspec != NULL)
compile_srch(&srch_machine, id, strdup(ext), maxlen, fspec, FOOTER);
id++;
}
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#ifndef CONF_H
#define CONF_H
extern void config_type(char *, char *, char *, char *);
#endif /* CONF_H */
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
AC_INIT(tcpxtract.c)
AM_INIT_AUTOMAKE(tcpxtract, 1.0.1)
AC_CANONICAL_HOST
AC_PROG_CC
AC_PROG_AWK
AC_PROG_YACC
AC_PROG_LEX
AC_PROG_INSTALL
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_CHECK_LIB(fl, main)
AC_CHECK_LIB(pcap, pcap_open_offline)
AC_HEADER_STDC
AC_OUTPUT(Makefile)
This diff is collapsed.
%{ /* -*-fundamental-*- */
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#include "confy.h"
%}
%%
[0-9]+ {yylval.string = strdup(yytext); return NUMBER;}
[a-zA-Z][a-zA-Z0-9]* {yylval.string = strdup(yytext); return WORD;}
[a-zA-Z0-9\\\?]+ {yylval.string = strdup(yytext); return SPECIFIER;}
[ \t] {;}
; {return ENDLINE;}
^#.* {;}
\n {;}
\r {;}
. {return yytext[0];}
%%
This diff is collapsed.
/* A Bison parser, made by GNU Bison 1.875c. */
/* Skeleton parser for Yacc-like parsing with Bison,
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
/* As a special exception, when this file is copied by Bison into a
Bison output file, you may use that output file without restriction.
This special exception was added by the Free Software Foundation
in version 1.24 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
NUMBER = 258,
WORD = 259,
SPECIFIER = 260,
ENDLINE = 261
};
#endif
#define NUMBER 258
#define WORD 259
#define SPECIFIER 260
#define ENDLINE 261
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
#line 28 "confy.y"
typedef union YYSTYPE {
char *string;
} YYSTYPE;
/* Line 1275 of yacc.c. */
#line 53 "confy.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
#endif
extern YYSTYPE yylval;
%{ /* -*-fundamental-*- */
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#include <stdlib.h>
#include "conf.h"
%}
%union {
char *string;
}
%token <string> NUMBER
%token <string> WORD
%token <string> SPECIFIER
%token ENDLINE
%%
expressionlist: expression
| expressionlist expression
;
expression: WORD '(' NUMBER ',' SPECIFIER ')' ENDLINE {config_type($1, $3, $5, NULL);}
| WORD '(' NUMBER ',' SPECIFIER ',' SPECIFIER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' SPECIFIER ',' NUMBER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' SPECIFIER ',' WORD ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' WORD ')' ENDLINE {config_type($1, $3, $5, NULL);}
| WORD '(' NUMBER ',' WORD ',' SPECIFIER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' WORD ',' NUMBER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' WORD ',' WORD ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' NUMBER ')' ENDLINE {config_type($1, $3, $5, NULL);}
| WORD '(' NUMBER ',' NUMBER ',' SPECIFIER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' NUMBER ',' NUMBER ')' ENDLINE {config_type($1, $3, $5, $7);}
| WORD '(' NUMBER ',' NUMBER ',' WORD ')' ENDLINE {config_type($1, $3, $5, $7);}
;
%%
#include <stdio.h>
yyerror(char *s)
{
printf("%s\n", s);
}
This diff is collapsed.
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#include <assert.h>
#include <sys/types.h>
#include <inttypes.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include "extract.h"
#include "search.h"
#include "util.h"
#include "sessionlist.h"
int filenum;
char *output_prefix;
static void add_extract(extract_list_t **, fileid_t *, slist_t *, int, int);
static void set_segment_marks(extract_list_t *, size_t);
static void mark_footer(extract_list_t *, srch_results_t *);
static void extract_segment(extract_list_t *, const uint8_t *);
static void sweep_extract_list(extract_list_t **);
static int open_extract(char *);
/* called once for each packet, this funciton starts, updates, and closes
* file extractions. this is the one-stop-shop for all your file extraction needs */
void extract(extract_list_t **elist, srch_results_t *results, slist_t *session, const uint8_t *data, size_t size)
{
srch_results_t *rptr;
extract_list_t *eptr;
assert(elist != NULL);
/* set all existing segment values to what they would be with no search results */
for (eptr = *elist; eptr != NULL; eptr = eptr->next)
set_segment_marks(eptr, size);
/* look for new headers in the results set */
for (rptr = results; rptr != NULL; rptr = rptr->next)
if (rptr->spectype == HEADER)
add_extract(elist, rptr->fileid, session, rptr->offset.start, size);
/* flip through any footers we found and close out those extracts */
for (rptr = results; rptr != NULL; rptr = rptr->next)
if (rptr->spectype == FOOTER)
mark_footer(*elist, rptr);
/* now lets do all the file writing and whatnot */
for (eptr = *elist; eptr != NULL; eptr = eptr->next)
extract_segment(eptr, data);
/* remove any finished extractions from the list */
sweep_extract_list(elist);
}
/* Add a new header match to the list of files being extracted */
static void add_extract(extract_list_t **elist, fileid_t *fileid, slist_t *session, int offset, int size)
{
extract_list_t *eptr;
assert(elist != NULL);
assert(fileid != NULL);
/* add a new entry to the list */
eptr = ecalloc(1, sizeof *eptr);
eptr->next = *elist;
eptr->fileid = fileid;
if (eptr->next != NULL)
eptr->next->prev = eptr;
report("Found file of type \"%s\" in session [", fileid->ext);
printip(session->connection.ip_src);
report(":%d -> ", session->connection.port_src);
printip(session->connection.ip_dst);
report(":%d], exporting to ", session->connection.port_dst);
eptr->fd = open_extract(fileid->ext);
eptr->segment.start = offset;
if (fileid->maxlen <= size - offset)
eptr->segment.end = offset + fileid->maxlen;
else
eptr->segment.end = size;
*elist = eptr;
}
/* open the next availible filename for writing */
static int open_extract(char *ext)
{
int retval;
char fname[FILENAME_BUFFER_SIZE] = {'\0'}; /* buffer to snprintf our filename to */
do
snprintf(fname, FILENAME_BUFFER_SIZE, "%s%08d.%s", output_prefix == NULL ? "" : output_prefix, filenum++, ext);
while ((retval = open(fname, O_WRONLY|O_CREAT|O_EXCL, S_IRWXU)) == -1);
report("%s\n", fname);
return retval;
}
/* set segment start and end values to the contraints of the data buffer or maxlen */
static void set_segment_marks(extract_list_t *elist, size_t size)
{
extract_list_t *eptr;
for (eptr = elist; eptr != NULL; eptr = eptr->next) {
eptr->segment.start = 0;
if (eptr->fileid->maxlen - eptr->nwritten < size) {
eptr->segment.end = eptr->fileid->maxlen - eptr->nwritten;
eptr->finish++;
} else
eptr->segment.end = size;
}
}
/* adjust segment end values depending on footers found */
static void mark_footer(extract_list_t *elist, srch_results_t *footer)
{
extract_list_t *eptr;
/* this associates the first footer found with the last header found of a given type
* this is to accommodate embedded document types. Somebody may have differing needs
* so this may want to be reworked later */
for (eptr = elist; eptr != NULL; eptr = eptr->next) {
if (footer->fileid->id == eptr->fileid->id && eptr->segment.start < footer->offset.start) {
eptr->segment.end = footer->offset.end; /* this could extend beyond maxlen */
eptr->finish++;
break;
}
}
}
/* write data to a specified extract file */
static void extract_segment(extract_list_t *elist, const uint8_t *data)
{
size_t nbytes = elist->segment.end - elist->segment.start;
if (nbytes != write(elist->fd, data + elist->segment.start, nbytes)) {
perror("Error Writing File");
error("Quiting.");
}
elist->nwritten += nbytes;
sync();
}
/* remove all finished extracts from the list */
static void sweep_extract_list(extract_list_t **elist)
{
extract_list_t *eptr, *nxt;
assert(elist != NULL);
for (eptr = *elist; eptr != NULL; eptr = nxt) {
nxt = eptr->next;
if (eptr->finish) {
if (eptr->prev != NULL)
eptr->prev->next = eptr->next;
if (eptr->next != NULL)
eptr->next->prev = eptr->prev;
if (*elist == eptr)
*elist = eptr->next;
close(eptr->fd);
free(eptr);
}
}
}
/* $Id$ */
/* Copyright (C) 2005 Nicholas Harbour
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* This file is part of
Tcpxtract, a sniffer that extracts files based on headers
by Nick Harbour
*/
#ifndef EXTRACT_H
#define EXTRACT_H
#include <sys/types.h>
#include <inttypes.h>
#include "search.h"
//#include "sessionlist.h"
typedef struct extract_list {
struct extract_list *next;
struct extract_list *prev;
fileid_t *fileid; /* the data about the file type */
int fd; /* the file descriptor for writing too */
off_t nwritten; /* The amount of data sofar written */