لطفا منتظر باشید ...
Initialization and Execution Functions
Unlike libpcap and libnet, libnids does not give the user a descriptor to pass around to subordinate functions. The main control structure is initialized by nids_init (), but it is referenced in a global context (to which all of the libnids functions then refer). The first function initializes the library for use, and the rest control execution of programs built on top of the library. The use of this global data, while convenient, is not intrinsically thread-safe because there are no synchronization mechanisms inside libnids.
int nids_init ();
nids_init () initializes the library based on the values set in the monolithic control structure nids_params. By default, these values are as follows:
n_tcp_streams = 1040;
n_hosts = 256;
device = pcap_lookupdev (nids_errbuf);
sk_buff_size = 168;
dev_addon = -1;
syslog = nids_syslog;
syslog_level = LOG_ALERT;
scan_num_hosts = 256;
scan_delay = 3000;
scan_num_ports = 10;
no_mem = nids_no_mem;
ip_filter = nids_ip_filter;
pcap_filter = NULL;
promise = 1;
one_loop_less = 0;
Upon success, the function returns 1 and libnids is then ready for use; upon failure, the function returns 0 and libnids_errbuf contains the reason.
| Note | The libpcap interface is initialized with a timeout of 1024 ms. |
int nids_run (void);
nids_run () starts the game. Once called, this function loops—capturing packets and calling the appropriate registered callback functions on packets received. nids_run () is basically a wrapper to pcap_loop (), as described in Chapter 2.
int nids_next (void);
nids_next () is an alternate to nids_run (). The function sleeps until a packet arrives. When a packet arrives, the function wakes up and passes the received packet to an internal handler that runs through the callback function lists. Upon success, the function returns 1; upon failure, it returns 0 and sets nids_errbuf. nids_next () is basically a wrapper to pcap_next (), as described in Chapter 2. It can fail if the library is not initialized or if pcap_next () returns NULL.
| Note | Note that nids_next () calls pcap_next () (which, as noted in Chapter 2, exhibits inconsistent cross-platform behavior when a read timeout is used). Under BSDish operating systems, the timeout is observed and pcap_next () waits 1024 ms to gather as many packets as it can before returning to nids_next (). Under Linux, the timeout is ignored and pcap_next () returns immediately after a single packet is captured. |
int nids_getfd (void);
nids_getfd () returns the underlying (libpcap) file descriptor of the packet capture device. This procedure is useful in conjunction with select () for an application that wants to do other stuff while libnids waits (sleeps) for packets. nids_getfd () is basically a wrapper to pcap_fileno (), as we described in Chapter 2. Upon success, the function returns the file descriptor; upon failure, it returns -1 and the global error buffer nids_errbuf contains the reason.
