mitrecnd / libnids Goto Github PK
View Code? Open in Web Editor NEWlibnids
License: GNU General Public License v2.0
libnids
License: GNU General Public License v2.0
==================== libnids-1.26 ==================== 1. What is libnids ? ------------------------ Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. Libnids performs: a) assembly of TCP segments into TCP streams b) IP defragmentation c) TCP port scan detection More technical info can be found in MISC file. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS. 2. Why is libnids valuable ? ---------------------------- On January 98, Thomas H. Ptacek and Timothy N. Newsham published an excellent paper entitled "Eluding Network Intrusion Detection". It's a must-read for all security concerned people, available from http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html In this paper one can find description of variety of attack against NIDS. During libnids development a lot of effort was made to make libnids immune to these attacks. During tests libnids performed TCP assembly and IP defragmentation in exactly the same way as Linux 2.0.36 hosts (targets of test packets). For details, see file TESTS; here let's just mention two things: a) libnids passed all tests implemented in fragrouter by Dug Song (see http://www.anzen.com/research/nidsbench/ ). In fact, fragrouter's tests were fairly simple when compared with other, custom ones. b) libnids IP defragmenting module contains slightly modified Linux 2.0.36 kernel source files ip_fragment.c and ip_options.c. It means that libnids IP defragmentation is as reliable as one implemented in Linux 2.0.36. Libnids is easy to use and highly configurable - see API file for details. 3. On what platform does it run ? --------------------------------- Currently libnids will compile on Linux, Solaris, any *BSD. WIN32 port is available at http://www.datanerds.net/~mike/libnids.html, but currently only obsoleted versions are present there; newer ports may appear at http://www.checksum.org (in "downloads" section). 4. Who is allowed to use it ? ----------------------------- Libnids is licensed under GPL. See the file COPYING for details. 5. Contact info ? ----------------- The primary libnids site is http://libnids.sourceforge.net/ Please send bug reports, comments, or questions about this software to <[email protected]>.
Using this issue to brainstorm packet processing library test cases
I was wondering why packets' payload is stored as a char pointer, Would not that corrupt data because of the special characters which could not be represented as a char? I tried to print data or write it to file, and part of the data is corrupted.
Libnids有多线程的模式,我看源码是通过一个异步的线程安全队列来实现的,libpcap 捕获到的流量存入异步队列,然后有另外的线程从异步队列中进行流量获取进行流量的还原,但是我发现源码中流量捕获与流量还原都是在单线程中完成的,难道Libnids的多线程说的只是流量捕获和流量还原不在同一个线程吗?
#include
#include
#include <stdio.h>
extern "C" {
#include <nids.h>
}
void tcp_callback(struct tcp_stream * s, void ** x)
{
// never print
std::cout << "tcp callback 1" << std::endl;
// ok
printf("tcp callback 2\n");
}
int main()
{
if (!nids_init ())
{
std::cout << "nids init error: " << nids_errbuf << std::endl;
return 1;
}
std::cout << "init ok" << std::endl;
nids_register_tcp ((void *)tcp_callback);
nids_run ();
return 0;
}
why std::cout never print,but printf works in tcp_callback.
Commit cd888d8 changed SONAME but at a quick check, it doesn't seem like this was necessary. This breaks compatibility with applications already linked against older libnids and forces them to be rebuilt.
Did the ABI of libnids actually change since the last release or was the SONAME just accidentally changed (here)?
[root@centos65 home]# g++ test.cpp -lpcap -lnet -lnids -lgthread-2.0
test.cpp: 在函数‘int main()’中:
test.cpp:195:44: 错误:从类型‘void ()(tcp_stream, void**)’到类型‘void*’的转换无效 [-fpermissive]
nids_register_tcp(tcp_protocol_callback);
^
In file included from test.cpp:1:0:
/usr/local/include/nids.h:149:6: 附注:initializing argument 1 of ‘void nids_register_tcp(void*)’
void nids_register_tcp (void (*));
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.