|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 |
- //////////////////////////////////////////////////////////////////////
- // IP traffic analyzer - data objects
- // Written by Jonathan A. Foster <ChipMaster@YeOlPiShack.net>
- // Started April 23rd, 2021
- // Copyright JF Possibilities, Inc. All rights reserved.
- //////////////////////////////////////////////////////////////////////
- #include <string.h>
- #include <stdlib.h>
- #include <stdexcept>
- #include "data.h"
-
-
-
- //////////////////////////////////////////////////////////////////////
- // Conn
- //////////////////////////////////////////////////////////////////////
-
- void Conn::clear() {
- us = them = name = protocol = "";
- in=false;
- us_port = them_port = 0;
- }
-
-
-
- void Conn::swap() {
- std::string s;
- int x;
-
- s = us;
- us = them;
- them =s;
-
- x = us_port;
- us_port = them_port;
- them_port = x;
-
- in=!in;
- }
-
-
-
- Conn &Conn::operator=(const Splits &sp) {
- int x;
-
- clear();
- for(x=0; x<sp.count; x++) {
- if(!strncmp(sp.fields[x], "SRC=", 4)) {
- us = sp.fields[x]+4;
- continue;
- }
- if(!strncmp(sp.fields[x], "DST=", 4)) {
- them = sp.fields[x]+4;
- continue;
- }
- if(!strncmp(sp.fields[x], "SPT=", 4)) {
- us_port = atoi(sp.fields[x]+4);
- continue;
- }
- if(!strncmp(sp.fields[x], "DPT=", 4)) {
- them_port = atoi(sp.fields[x]+4);
- continue;
- }
- if(!strncmp(sp.fields[x], "TYPE=", 5) && protocol=="ICMP") {
- us_port = them_port = atoi(sp.fields[x]+5);
- continue;
- }
- if(!strncmp(sp.fields[x], "PROTO=", 6))
- protocol = sp.fields[x]+6;
- }
- }
-
-
-
- // TODO: does < > have any actual meaning in this context?
- int Conn::cmp(const Conn >r) const {
- if(us!="*" && gtr.us!="*") {
- if(us<gtr.us) return -1;
- if(us>gtr.us) return 1;
- }
- // TODO: auto-wildcard port based on in?
- if(us_port && gtr.us_port) { // 0 = no comparison wildcard
- if(us_port<gtr.us_port) return -1;
- if(us_port>gtr.us_port) return 1;
- }
- if(them!="*" && gtr.them!="*") {
- if(them<gtr.them) return -1;
- if(them>gtr.them) return 1;
- }
- if(them_port && gtr.them_port) { // 0 = no comparison wildcard
- if(them_port<gtr.them_port) return -1;
- if(them_port>gtr.them_port) return 1;
- }
- // TODO: do we want to consider the name?
- if(name!="*" && gtr.name!="*") {
- if(name<gtr.name) return -1;
- if(name>gtr.name) return 1;
- }
- if(protocol<gtr.protocol) return -1;
- if(protocol>gtr.protocol) return 1;
- if(in<gtr.in) return -1;
- if(in>gtr.in) return 1;
- return 0;
- }
-
-
-
- std::ostream &operator<<(std::ostream &out, const Conn &c) {
- out << c.us
- << ( c.in ? " <- " : " -> " )
- << c.them
- << " " << c.protocol
- << "[" << ( c.in ? c.us_port : c.them_port ) << "] "
- << c.name;
- return out;
- }
-
-
-
- const Splits &operator>>(const Splits &tsv, Conn &conn) {
- if(tsv.count<7) throw std::runtime_error("Conn=TSV: too few columns");
- conn.clear();
- conn.us = tsv[0];
- conn.us_port = atoi(tsv.fields[1]);
- conn.them = tsv[2];
- conn.them_port = atoi(tsv.fields[3]);
- conn.name = tsv[4];
- conn.protocol = tsv[5];
- conn.in = tsv[6]=="1";
- return tsv;
- }
-
-
-
- //////////////////////////////////////////////////////////////////////
- // ConnList
- //////////////////////////////////////////////////////////////////////
-
- int ConnList::find(Conn &needle) {
- int r;
-
- for(r=0; r<size(); r++) if((*this)[r]==needle) return r;
- return -1;
- }
|