////////////////////////////////////////////////////////////////////// // IP traffic analyzer - data objects // Written by Jonathan A. Foster // Started April 23rd, 2021 // Copyright JF Possibilities, Inc. All rights reserved. // // This is useful for breaking a text file line into fields. // // 2021-05-14 // Restructure: broke out of monolithic iptraffic.cpp and made its // own module. ////////////////////////////////////////////////////////////////////// #ifndef __JFP_IPTRAFFIC_DATA_H__ #define __JFP_IPTRAFFIC_DATA_H__ #include #include #include #include #include "strutil.h" ////////////////////////////////////////////////////////////////////// // Reduce IPv6 address string to optimal format. // // The resultant string is produced by standard routines in libC. Its // as optimal as it makes it. *DON'T* run filter strings through this // or you'll lose partial match capability. ////////////////////////////////////////////////////////////////////// std::string ipv6opt(const std::string &addr); ////////////////////////////////////////////////////////////////////// // Wild compare of two address strings // // returns: 0=match, -1 = <, 1 = > ////////////////////////////////////////////////////////////////////// int addr_wild_comp(const std::string &str1, const std::string &str2); ////////////////////////////////////////////////////////////////////// // Network connection between "us" and "them" ////////////////////////////////////////////////////////////////////// typedef unsigned short word; struct Conn { std::string us; // address on our side word us_port; // the port on our side std::string them; // address on their side word them_port; // the port on their side std::string name; // name of the address std::string protocol; // protocol used to communicate bool in; // whether this was an inward bound connection. Conn(): us_port(0), them_port(0), in(false) {} // clear data void clear(); // Compact IPv6 address strings void compact(); // swap polarity of record void swap(); // scan & copy data from log record in Conn &operator=(const Splits &sp); // compare to another Conn int cmp(const Conn >r) const; inline bool operator<(const Conn >r) const { return cmp(gtr) <0; } inline bool operator<=(const Conn >r) const { return cmp(gtr)<=0; } inline bool operator>(const Conn >r) const { return cmp(gtr) >0; } inline bool operator>=(const Conn >r) const { return cmp(gtr)>=0; } inline bool operator==(const Conn >r) const { return cmp(gtr)==0; } inline bool operator!=(const Conn >r) const { return cmp(gtr)!=0; } }; // A text output of Conn std::ostream &operator<<(std::ostream &out, const Conn &c); // Copy data from Splits into Conn const Splits &operator>>(const Splits &tsv, Conn &conn); ////////////////////////////////////////////////////////////////////// // List of connections ////////////////////////////////////////////////////////////////////// struct ConnList: public std::vector { int find(Conn &needle); }; ////////////////////////////////////////////////////////////////////// // Log Analyzer ////////////////////////////////////////////////////////////////////// struct LogAnalyzer { StringList *us; StringList dns_ignore, // DNS response prefixes to ignore dns_del; // DNS response prefixes to /delete/ (ignore) NameVal rdns; // Reverse DNS lookup cache Conn conn; // Last connection worked on Splits ln; // Work buffer for line processing LogAnalyzer(); // Process a log line. Returns "true" if it were a netfilter entry. bool line(const std::string &in); }; #endif