The Poor Man's (or Woman's) Intrusion Detection System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

93 lines
3.1 KiB

  1. //////////////////////////////////////////////////////////////////////
  2. // IP traffic analyzer - data objects
  3. // Written by Jonathan A. Foster <ChipMaster@YeOlPiShack.net>
  4. // Started April 23rd, 2021
  5. // Copyright JF Possibilities, Inc. All rights reserved.
  6. //
  7. // This is useful for breaking a text file line into fields.
  8. //
  9. // 2021-05-14 <ChipMaster@YeOlPiShack.net>
  10. // Restructure: broke out of monolithic iptraffic.cpp and made its
  11. // own module.
  12. //////////////////////////////////////////////////////////////////////
  13. #ifndef __JFP_IPTRAFFIC_DATA_H__
  14. #define __JFP_IPTRAFFIC_DATA_H__
  15. #include <string>
  16. #include <ostream>
  17. #include <vector>
  18. #include "strutil.h"
  19. //////////////////////////////////////////////////////////////////////
  20. // Reduce IPv6 address string to optimal format.
  21. //
  22. // The resultant string is produced by standard routines in libC. Its
  23. // as optimal as it makes it. *DON'T* run filter strings through this
  24. // or you'll lose partial match capability.
  25. //////////////////////////////////////////////////////////////////////
  26. std::string ipv6opt(const std::string &addr);
  27. //////////////////////////////////////////////////////////////////////
  28. // Wild compare of two address strings
  29. //
  30. // returns: 0=match, -1 = <, 1 = >
  31. //////////////////////////////////////////////////////////////////////
  32. int addr_wild_comp(const std::string &str1, const std::string &str2);
  33. //////////////////////////////////////////////////////////////////////
  34. // Network connection between "us" and "them"
  35. //////////////////////////////////////////////////////////////////////
  36. typedef unsigned short word;
  37. struct Conn {
  38. std::string us; // address on our side
  39. word us_port; // the port on our side
  40. std::string them; // address on their side
  41. word them_port; // the port on their side
  42. std::string name; // name of the address
  43. std::string protocol; // protocol used to communicate
  44. bool in; // whether this was an inward bound connection.
  45. Conn(): us_port(0), them_port(0), in(false) {}
  46. // clear data
  47. void clear();
  48. // Compact IPv6 address strings
  49. void compact();
  50. // swap polarity of record
  51. void swap();
  52. // scan & copy data from log record in
  53. Conn &operator=(const Splits &sp);
  54. // compare to another Conn
  55. int cmp(const Conn &gtr) const;
  56. inline bool operator<(const Conn &gtr) const { return cmp(gtr) <0; }
  57. inline bool operator<=(const Conn &gtr) const { return cmp(gtr)<=0; }
  58. inline bool operator>(const Conn &gtr) const { return cmp(gtr) >0; }
  59. inline bool operator>=(const Conn &gtr) const { return cmp(gtr)>=0; }
  60. inline bool operator==(const Conn &gtr) const { return cmp(gtr)==0; }
  61. inline bool operator!=(const Conn &gtr) const { return cmp(gtr)!=0; }
  62. };
  63. // A text output of Conn
  64. std::ostream &operator<<(std::ostream &out, const Conn &c);
  65. // Copy data from Splits into Conn
  66. const Splits &operator>>(const Splits &tsv, Conn &conn);
  67. //////////////////////////////////////////////////////////////////////
  68. // List of connections
  69. //////////////////////////////////////////////////////////////////////
  70. struct ConnList: public std::vector<Conn> {
  71. int find(Conn &needle);
  72. };
  73. #endif