|
- //////////////////////////////////////////////////////////////////////
- // IP traffic analyzer - data objects
- // Written by Jonathan A. Foster <ChipMaster@YeOlPiShack.net>
- // Started April 23rd, 2021
- // Copyright JF Possibilities, Inc. All rights reserved.
- //
- // This is useful for breaking a text file line into fields.
- //
- // 2021-05-14 <ChipMaster@YeOlPiShack.net>
- // Restructure: broke out of monolithic iptraffic.cpp and made its
- // own module.
- //////////////////////////////////////////////////////////////////////
- #ifndef __JFP_IPTRAFFIC_DATA_H__
- #define __JFP_IPTRAFFIC_DATA_H__
- #include <string>
- #include <istream>
- #include <ostream>
- #include <vector>
- #include "strutil.h"
-
-
-
- //////////////////////////////////////////////////////////////////////
- // Reduce IPv6 address string to optimal format.
- //
- // The resultant string is produced by standard routines in libC. Its
- // as optimal as it makes it. *DON'T* run filter strings through this
- // or you'll lose partial match capability.
- //////////////////////////////////////////////////////////////////////
-
- std::string ipv6opt(const std::string &addr);
-
-
-
- //////////////////////////////////////////////////////////////////////
- // Wild compare of two address strings
- //
- // returns: 0=match, -1 = <, 1 = >
- //////////////////////////////////////////////////////////////////////
-
- int addr_wild_comp(const std::string &str1, const std::string &str2);
-
-
-
- //////////////////////////////////////////////////////////////////////
- // Network connection between "us" and "them"
- //////////////////////////////////////////////////////////////////////
- typedef unsigned short word;
- struct Conn {
- std::string us; // address on our side
- word us_port; // the port on our side
- std::string them; // address on their side
- word them_port; // the port on their side
- std::string name; // name of the address
- std::string protocol; // protocol used to communicate
- bool in; // whether this was an inward bound connection.
-
- Conn(): us_port(0), them_port(0), in(false) {}
- // clear data
- void clear();
- // Compact IPv6 address strings
- void compact();
- // swap polarity of record
- void swap();
- // scan & copy data from log record in
- Conn &operator=(const Splits &sp);
- // compare to another Conn
- int cmp(const Conn >r) const;
- inline bool operator<(const Conn >r) const { return cmp(gtr) <0; }
- inline bool operator<=(const Conn >r) const { return cmp(gtr)<=0; }
- inline bool operator>(const Conn >r) const { return cmp(gtr) >0; }
- inline bool operator>=(const Conn >r) const { return cmp(gtr)>=0; }
- inline bool operator==(const Conn >r) const { return cmp(gtr)==0; }
- inline bool operator!=(const Conn >r) const { return cmp(gtr)!=0; }
- };
- // A text output of Conn
- std::ostream &operator<<(std::ostream &out, const Conn &c);
- // Copy data from Splits into Conn
- const Splits &operator>>(const Splits &tsv, Conn &conn);
-
-
-
- //////////////////////////////////////////////////////////////////////
- // List of connections
- //////////////////////////////////////////////////////////////////////
-
- struct ConnList: public std::vector<Conn> {
- int find(Conn &needle);
- };
-
-
-
- //////////////////////////////////////////////////////////////////////
- // Log Analyzer
- //////////////////////////////////////////////////////////////////////
-
- struct LogAnalyzer {
- StringList *us;
- StringList dns_ignore, // DNS response prefixes to ignore
- dns_del; // DNS response prefixes to /delete/ (ignore)
- NameVal rdns; // Reverse DNS lookup cache
- Conn conn; // Last connection worked on
- Splits ln; // Work buffer for line processing
- std::string alias; // The name requiring CNAME resolution
- std::string cname; // The cname alias was pointing to.
-
- LogAnalyzer();
- // Process a log line. Returns "true" if it were a netfilter entry.
- bool line(const std::string &in);
- };
-
-
-
- #endif
|
Ye Ol' π Shack