Lines Matching refs:opt
32 extern struct options opt;
50 {"continent","names",opt.geoip2_locale,NULL,NULL},
52 {"country","names",opt.geoip2_locale,NULL,NULL},
54 {"subdivisions","0","names",opt.geoip2_locale,NULL},
56 {"subdivisions","1","names",opt.geoip2_locale,NULL},
57 {"city","names",opt.geoip2_locale,NULL,NULL},
60 {"registered_country","names",opt.geoip2_locale,NULL,NULL},
61 {"represented_country","names",opt.geoip2_locale,NULL,NULL},
102 xstrncpy(data->filename, opt.line->filename, FILESIZE); in add_entry()
104 data->linenum = opt.line->linenum; in add_entry()
105 data->count = opt.line->count; in add_entry()
106 data->local_time = opt.line->time; in add_entry()
107 data->start_time = opt.line->time; in add_entry()
108 data->end_time = opt.line->time; in add_entry()
109 xstrncpy(data->hostname, opt.line->hostname, SHOSTLEN); in add_entry()
110 xstrncpy(data->log_label, opt.line->log_label, SHORTLEN); in add_entry()
111 xstrncpy(data->branchname, opt.line->branchname, SHORTLEN); in add_entry()
112 xstrncpy(data->interface, opt.line->interface, SHORTLEN); /* drop this line */ in add_entry()
113 data->protocol = opt.line->protocol; in add_entry()
114 data->totlen = opt.line->totlen; in add_entry()
115 data->family = opt.line->family; in add_entry()
116 data->shost = opt.line->shost; in add_entry()
118 data->shost6 = opt.line->shost6; in add_entry()
120 xstrncpy(data->shost_s, opt.line->shost_s, INET6_ADDRSTRLEN); in add_entry()
121 xstrncpy(data->shostname, opt.line->shostname, SHORTLEN); in add_entry()
122 data->sport = opt.line->sport; in add_entry()
123 xstrncpy(data->sservice, opt.line->sservice, SHORTLEN); in add_entry()
124 data->dhost = opt.line->dhost; in add_entry()
126 data->dhost6 = opt.line->dhost6; in add_entry()
128 xstrncpy(data->dhost_s, opt.line->dhost_s, INET6_ADDRSTRLEN); in add_entry()
129 xstrncpy(data->dhostname, opt.line->dhostname, SHORTLEN); in add_entry()
130 data->dport = opt.line->dport; in add_entry()
131 xstrncpy(data->dservice, opt.line->dservice, SHORTLEN); in add_entry()
132 data->flags = opt.line->flags; in add_entry()
133 data->oob_protocol = opt.line->oob_protocol; in add_entry()
134 xstrncpy(data->mac_saddr_str, opt.line->mac_saddr_str, SHORTLEN); in add_entry()
135 xstrncpy(data->mac_daddr_str, opt.line->mac_daddr_str, SHORTLEN); in add_entry()
136 xstrncpy(data->raw_mac, opt.line->raw_mac, SHORTLEN); in add_entry()
137 data->fwmark = opt.line->fwmark; in add_entry()
138 xstrncpy(data->inif, opt.line->inif, SHORTLEN); in add_entry()
139 xstrncpy(data->outif, opt.line->outif, SHORTLEN); in add_entry()
140 data->tos = opt.line->tos; in add_entry()
141 data->ttl = opt.line->ttl; in add_entry()
142 data->ihl = opt.line->ihl; in add_entry()
143 data->csum = opt.line->csum; in add_entry()
144 data->ipid = opt.line->ipid; in add_entry()
145 data->fragoff = opt.line->fragoff; in add_entry()
146 data->pay_len = opt.line->pay_len; in add_entry()
147 data->flowlabel = opt.line->flowlabel; in add_entry()
148 data->tcp_seq = opt.line->tcp_seq; in add_entry()
149 data->tcp_ack_seq = opt.line->tcp_ack_seq; in add_entry()
150 data->tcp_window = opt.line->tcp_window; in add_entry()
151 data->tcp_urgp = opt.line->tcp_urgp; in add_entry()
152 data->udp_len = opt.line->udp_len; in add_entry()
153 data->icmp_type = opt.line->icmp_type; in add_entry()
154 data->icmp_code = opt.line->icmp_code; in add_entry()
155 data->icmp_echoid = opt.line->icmp_echoid; in add_entry()
156 data->icmp_echoseq = opt.line->icmp_echoseq; in add_entry()
157 data->icmp_gw = opt.line->icmp_gw; in add_entry()
158 data->icmp_mtu = opt.line->icmp_mtu; in add_entry()
159 data->ahesp_spi = opt.line->ahesp_spi; in add_entry()
160 data->geoip_data_src = opt.line->geoip_data_src; in add_entry()
161 data->geoip_data_dst = opt.line->geoip_data_dst; in add_entry()
163 if (opt.resolve_hosts & CACHE_POPULATE_FULL) in add_entry()
164 add_data_sum(opt.line, rowid); in add_entry()
169 opt.report_rows++; in add_entry()
184 if (opt.mode == LOG_SUMMARY) { in build_list()
188 …if ((fields_used.shost) && this->family == AF_INET && (this->shost.s_addr != opt.line->shost.s_add… in build_list()
189 …if ((fields_used.dhost) && this->family == AF_INET && (this->dhost.s_addr != opt.line->dhost.s_add… in build_list()
191 …if ((fields_used.shost) && this->family == AF_INET6 && memcmp(this->shost6.s6_addr, opt.line->shos… in build_list()
192 …if ((fields_used.dhost) && this->family == AF_INET6 && memcmp(this->dhost6.s6_addr, opt.line->dhos… in build_list()
194 if ((fields_used.dport) && (this->dport != opt.line->dport)) {goto no_match;} in build_list()
195 if ((fields_used.sport) && (this->sport != opt.line->sport)) {goto no_match;} in build_list()
196 if ((fields_used.protocol) && (this->protocol != opt.line->protocol)) {goto no_match;} in build_list()
197 if ((fields_used.flags) && (this->flags != opt.line->flags)) {goto no_match;} in build_list()
198 …if ((fields_used.inif) && (strncmp (this->interface, opt.line->interface, SHORTLEN) != 0)) {goto n… in build_list()
199 …if ((fields_used.log_label) && (strncmp (this->log_label, opt.line->log_label, SHORTLEN) != 0)) {g… in build_list()
200 …if ((fields_used.hostname) && (strncmp (this->hostname, opt.line->hostname, SHOSTLEN) != 0)) {goto… in build_list()
201 …if ((fields_used.outif) && (strncmp(this->outif, opt.line->outif, SHORTLEN) != 0)) {goto no_match;} in build_list()
202 if ((fields_used.fwmark) && (this->fwmark != opt.line->fwmark)) {goto no_match;} in build_list()
203 … if ((fields_used.oob_protocol) && (this->oob_protocol != opt.line->oob_protocol)) {goto no_match;} in build_list()
204 …if ((fields_used.mac_saddr_str) && (strncmp(this->mac_saddr_str, opt.line->mac_saddr_str, SHORTLEN… in build_list()
205 …if ((fields_used.mac_daddr_str) && (strncmp(this->mac_daddr_str, opt.line->mac_daddr_str, SHORTLEN… in build_list()
206 …if ((fields_used.raw_mac) && (strncmp(this->raw_mac, opt.line->raw_mac, SHORTLEN) != 0)) {goto no_… in build_list()
207 …if ((fields_used.sname) && (strncmp(this->filename, opt.line->filename, SHORTLEN) != 0)) {goto no_… in build_list()
208 if ((fields_used.ipid) && (this->ipid != opt.line->ipid)) {goto no_match;} in build_list()
209 if ((fields_used.csum) && (this->csum != opt.line->csum)) {goto no_match;} in build_list()
210 if ((fields_used.fragoff) && (this->fragoff != opt.line->fragoff)) {goto no_match;} in build_list()
211 if ((fields_used.ihl) && (this->ihl != opt.line->ihl)) {goto no_match;} in build_list()
212 if ((fields_used.tos) && (this->tos != opt.line->tos)) {goto no_match;} in build_list()
213 if ((fields_used.ttl) && (this->ttl != opt.line->ttl)) {goto no_match;} in build_list()
214 if ((fields_used.pay_len) && (this->pay_len != opt.line->pay_len)) {goto no_match;} in build_list()
215 if ((fields_used.flowlabel) && (this->flowlabel != opt.line->flowlabel)) {goto no_match;} in build_list()
216 if ((fields_used.icmp_type) && (this->icmp_type != opt.line->icmp_type)) {goto no_match;} in build_list()
217 if ((fields_used.icmp_code) && (this->icmp_code != opt.line->icmp_code)) {goto no_match;} in build_list()
218 if ((fields_used.totlen) && (this->totlen != opt.line->totlen)) {goto no_match;} in build_list()
219 if ((fields_used.tcp_seq) && (this->tcp_seq != opt.line->tcp_seq)) {goto no_match;} in build_list()
220 if ((fields_used.tcp_ack_seq) && (this->tcp_ack_seq != opt.line->tcp_ack_seq)) {goto no_match;} in build_list()
221 if ((fields_used.tcp_window) && (this->tcp_window != opt.line->tcp_window)) {goto no_match;} in build_list()
222 if ((fields_used.tcp_urgp) && (this->tcp_urgp != opt.line->tcp_urgp)) {goto no_match;} in build_list()
223 if ((fields_used.udp_len) && (this->udp_len != opt.line->udp_len)) {goto no_match;} in build_list()
224 if ((fields_used.icmp_echoid) && (this->icmp_echoid != opt.line->icmp_echoid)) {goto no_match;} in build_list()
225 … if ((fields_used.icmp_echoseq) && (this->icmp_echoseq != opt.line->icmp_echoseq)) {goto no_match;} in build_list()
226 … if ((fields_used.icmp_gw) && (this->icmp_gw.s_addr != opt.line->icmp_gw.s_addr)) {goto no_match;} in build_list()
227 if ((fields_used.icmp_mtu) && (this->icmp_mtu != opt.line->icmp_mtu)) {goto no_match;} in build_list()
228 if ((fields_used.ahesp_spi) && (this->ahesp_spi != opt.line->ahesp_spi)) {goto no_match;} in build_list()
229 …if ((fields_used.continent_code_s) && (strncmp(this->geoip_data_src->continent_code, opt.line->geo… in build_list()
230 …if ((fields_used.continent_name_s) && (strncmp(this->geoip_data_src->continent_name, opt.line->geo… in build_list()
231 …if ((fields_used.country_iso_code_s) && (strncmp(this->geoip_data_src->country_iso_code, opt.line-… in build_list()
232 …if ((fields_used.country_name_s) && (strncmp(this->geoip_data_src->country_name, opt.line->geoip_d… in build_list()
233 …on_1_iso_code_s) && (strncmp(this->geoip_data_src->subdivision_1_iso_code, opt.line->geoip_data_sr… in build_list()
234 …ubdivision_1_name_s) && (strncmp(this->geoip_data_src->subdivision_1_name, opt.line->geoip_data_sr… in build_list()
235 …on_2_iso_code_s) && (strncmp(this->geoip_data_src->subdivision_2_iso_code, opt.line->geoip_data_sr… in build_list()
236 …ubdivision_2_name_s) && (strncmp(this->geoip_data_src->subdivision_2_name, opt.line->geoip_data_sr… in build_list()
237 …if ((fields_used.city_name_s) && (strncmp(this->geoip_data_src->city_name, opt.line->geoip_data_sr… in build_list()
238 …if ((fields_used.metro_code_s) && (this->geoip_data_src->metro_code != opt.line->geoip_data_src->m… in build_list()
239 …if ((fields_used.accuracy_radius_s) && (this->geoip_data_src->accuracy_radius != opt.line->geoip_d… in build_list()
240 …if ((fields_used.time_zone_s) && (strncmp(this->geoip_data_src->time_zone, opt.line->geoip_data_sr… in build_list()
241 …ame_id_s) && (strncmp(this->geoip_data_src->registered_country_geoname_id, opt.line->geoip_data_sr… in build_list()
242 …me_id_s) && (strncmp(this->geoip_data_src->represented_country_geoname_id, opt.line->geoip_data_sr… in build_list()
243 …if ((fields_used.is_anonymous_proxy_s) && (this->geoip_data_src->is_anonymous_proxy != opt.line->g… in build_list()
244 …s_satellite_provider_s) && (this->geoip_data_src->is_satellite_provider != opt.line->geoip_data_sr… in build_list()
245 …if ((fields_used.postal_code_s) && (strncmp(this->geoip_data_src->postal_code, opt.line->geoip_dat… in build_list()
246 …if ((fields_used.latitude_s) && (this->geoip_data_src->latitude != opt.line->geoip_data_src->latit… in build_list()
247 …if ((fields_used.longitude_s) && (this->geoip_data_src->longitude != opt.line->geoip_data_src->lon… in build_list()
248 …if ((fields_used.continent_code_d) && (strncmp(this->geoip_data_dst->continent_code, opt.line->geo… in build_list()
249 …if ((fields_used.continent_name_d) && (strncmp(this->geoip_data_dst->continent_name, opt.line->geo… in build_list()
250 …if ((fields_used.country_iso_code_d) && (strncmp(this->geoip_data_dst->country_iso_code, opt.line-… in build_list()
251 …if ((fields_used.country_name_d) && (strncmp(this->geoip_data_dst->country_name, opt.line->geoip_d… in build_list()
252 …on_1_iso_code_d) && (strncmp(this->geoip_data_dst->subdivision_1_iso_code, opt.line->geoip_data_ds… in build_list()
253 …ubdivision_1_name_d) && (strncmp(this->geoip_data_dst->subdivision_1_name, opt.line->geoip_data_ds… in build_list()
254 …on_2_iso_code_d) && (strncmp(this->geoip_data_dst->subdivision_2_iso_code, opt.line->geoip_data_ds… in build_list()
255 …ubdivision_2_name_d) && (strncmp(this->geoip_data_dst->subdivision_2_name, opt.line->geoip_data_ds… in build_list()
256 …if ((fields_used.city_name_d) && (strncmp(this->geoip_data_dst->city_name, opt.line->geoip_data_ds… in build_list()
257 …if ((fields_used.metro_code_d) && (this->geoip_data_dst->metro_code != opt.line->geoip_data_dst->m… in build_list()
258 …if ((fields_used.accuracy_radius_d) && (this->geoip_data_dst->accuracy_radius != opt.line->geoip_d… in build_list()
259 …if ((fields_used.time_zone_d) && (strncmp(this->geoip_data_dst->time_zone, opt.line->geoip_data_ds… in build_list()
260 …ame_id_d) && (strncmp(this->geoip_data_dst->registered_country_geoname_id, opt.line->geoip_data_ds… in build_list()
261 …me_id_d) && (strncmp(this->geoip_data_dst->represented_country_geoname_id, opt.line->geoip_data_ds… in build_list()
262 …if ((fields_used.is_anonymous_proxy_d) && (this->geoip_data_dst->is_anonymous_proxy != opt.line->g… in build_list()
263 …s_satellite_provider_d) && (this->geoip_data_dst->is_satellite_provider != opt.line->geoip_data_ds… in build_list()
264 …if ((fields_used.postal_code_d) && (strncmp(this->geoip_data_dst->postal_code, opt.line->geoip_dat… in build_list()
265 …if ((fields_used.latitude_d) && (this->geoip_data_dst->latitude != opt.line->geoip_data_dst->latit… in build_list()
266 …if ((fields_used.longitude_d) && (this->geoip_data_dst->longitude != opt.line->geoip_data_dst->lon… in build_list()
268 if (opt.line->time >= this->end_time || opt.line->time <= this->start_time) { in build_list()
269 if (opt.line->time >= this->end_time) { in build_list()
270 this->end_time = opt.line->time; in build_list()
272 if (opt.line->time <= this->start_time) { in build_list()
273 this->start_time = opt.line->time; in build_list()
276 if(opt.verbose >= VERBOSE_WARNING in build_list()
277 && strcmp(this->filename, opt.line->filename) == 0) { in build_list()
280 strftime(stime, TIMESIZE, "%b %d %H:%M:%S", localtime(&opt.line->time)); in build_list()
285 this->count += opt.line->count; in build_list()
287 for (j = opt.line->count; j > 1; j--) { in build_list()
288 opt.matched_entries++; in build_list()
291 if (opt.resolve_hosts & CACHE_POPULATE_FULL) in build_list()
292 add_data_sum(opt.line, this->rowid); in build_list()
294 --opt.line->geoip_data_src->refcount; in build_list()
295 --opt.line->geoip_data_dst->refcount; in build_list()
297 if(opt.line->geoip_data_src != opt.geoip_data_init) in build_list()
298 free (opt.line->geoip_data_src); in build_list()
300 if(opt.line->geoip_data_dst != opt.geoip_data_init) in build_list()
301 free (opt.line->geoip_data_dst); in build_list()
311 for (j = opt.line->count; j > 1; j--) { in build_list()
312 opt.matched_entries++; in build_list()
315 if (opt.mode == LOG_SUMMARY) { in build_list()
318 for (j = opt.line->count; j > 0; j--) { in build_list()
319 opt.line->count = 1; in build_list()
355 DB *dbp = opt.dbp; in geoip_populate()
368 xstrncpy(ipstr, opt.line->shost_s, INET6_ADDRSTRLEN); in geoip_populate()
369 ldata = &opt.line->geoip_data_src; in geoip_populate()
372 xstrncpy(ipstr, opt.line->dhost_s, INET6_ADDRSTRLEN); in geoip_populate()
373 ldata = &opt.line->geoip_data_dst; in geoip_populate()
382 if (opt.geoip2_handle != NULL) { in geoip_populate()
384 result = MMDB_lookup_string(opt.geoip2_handle, ipstr, &gai_error, &mmdb_error); in geoip_populate()
387 if(opt.verbose >= VERBOSE_NOTICE) in geoip_populate()
396 if(opt.verbose >= VERBOSE_INFO) in geoip_populate()
406 if(opt.verbose >= VERBOSE_INFO) in geoip_populate()
413 if (opt.verbose >= VERBOSE_DEBUG) in geoip_populate()
420 …ret = convert_ip(opt.line->family, (char *)&ipstr, (struct in_addr *)&in_addr_ptr, &in_addr_ptr, N… in geoip_populate()
422 if (opt.line->family == AF_INET) { in geoip_populate()
427 } else if(opt.line->family == AF_INET6) { in geoip_populate()
436 if(inet_ntop(opt.line->family, &in_addr_ptr, (char *)&net_string, INET6_ADDRSTRLEN) != NULL) { in geoip_populate()
438 if(opt.verbose >= VERBOSE_DEBUG) in geoip_populate()
449 if (opt.verbose >= VERBOSE_DEBUG) in geoip_populate()
537 if (opt.verbose >= VERBOSE_NOTICE) in geoip_populate()
549 if (opt.verbose >= VERBOSE_DEBUG) in geoip_populate()
599 if (opt.repeated == 1) { in parse_line()
602 if(strncmp(opt.line->hostname, name, SHOSTLEN) == 0) { in parse_line()
605 opt.line->count = opt.orig_count * repeated; in parse_line()
607 if (opt.verbose >= VERBOSE_ERROR) in parse_line()
612 if (opt.verbose >= VERBOSE_ERROR) in parse_line()
619 if ((opt.format & PARSER_IPCHAINS) && (strstr(input, " kernel: Packet log: "))) { in parse_line()
623 } else if ((opt.format & PARSER_NETFILTER) && (strstr(input, " OUT="))) { in parse_line()
627 } else if ((opt.format & PARSER_CISCO_IOS) && (strstr(input, "%SEC-6-IPACCESSLOG"))) { in parse_line()
630 } else if ((opt.format & PARSER_IPFILTER) && (strstr(input, " ipmon["))) { in parse_line()
634 } else if ((opt.format & PARSER_IPFW) && (strstr(input, " ipfw: "))) { in parse_line()
636 …} else if ((opt.format & PARSER_CISCO_PIX) && ((strstr(input, "%PIX-") || strstr(input, "%FWSM-"))… in parse_line()
639 } else if ((opt.format & PARSER_NETSCREEN) && (strstr(input, " NetScreen "))) { in parse_line()
641 } else if (opt.format & PARSER_WIN_XP){ in parse_line()
643 } else if ((opt.format & PARSER_SNORT) && (strstr(input, " snort"))) { in parse_line()
650 if (opt.verbose >= VERBOSE_ERROR) in parse_line()
658 if (opt.use_geoip < GEOIP_OFF && ((opt.use_geoip & GEOIP_USE_SRC) == GEOIP_USE_SRC)) in parse_line()
661 opt.line->geoip_data_src->refcount++; in parse_line()
663 if (opt.use_geoip <GEOIP_OFF && ((opt.use_geoip & GEOIP_USE_DST) == GEOIP_USE_DST)) in parse_line()
666 opt.line->geoip_data_dst->refcount++; in parse_line()
724 line_value = opt.line->family; in parse_line()
728 line_value = opt.line->protocol; in parse_line()
732 line_value = opt.line->tos; in parse_line()
736 line_value = opt.line->ttl; in parse_line()
740 line_value = opt.line->ihl; in parse_line()
744 line_value = opt.line->icmp_type; in parse_line()
746 extra_test = opt.line->protocol != 1; in parse_line()
749 line_value = opt.line->icmp_code; in parse_line()
751 extra_test = opt.line->protocol != 1; in parse_line()
754 line_value = opt.line->icmp_type; in parse_line()
756 extra_test = opt.line->protocol !=58; in parse_line()
759 line_value = opt.line->icmp_code; in parse_line()
761 extra_test = opt.line->protocol !=58; in parse_line()
764 line_value = opt.line->oob_protocol; in parse_line()
768 line_value = opt.line->ipid; in parse_line()
772 line_value = opt.line->csum; in parse_line()
776 line_value = opt.line->fragoff; in parse_line()
780 line_value = opt.line->totlen; in parse_line()
784 line_value = opt.line->pay_len; in parse_line()
788 line_value = opt.line->tcp_window; in parse_line()
792 line_value = opt.line->tcp_urgp; in parse_line()
796 line_value = opt.line->udp_len; in parse_line()
800 line_value = opt.line->icmp_echoid; in parse_line()
802 … extra_test = opt.line->protocol != 1 || (opt.line->icmp_type != 8 && opt.line->icmp_type != 0); in parse_line()
805 line_value = opt.line->icmp_echoseq; in parse_line()
807 … extra_test = opt.line->protocol != 1 || (opt.line->icmp_type != 8 && opt.line->icmp_type != 0); in parse_line()
810 line_value = opt.line->icmp_mtu; in parse_line()
812 … extra_test = opt.line->protocol != 1 || !(opt.line->icmp_type == 3 && opt.line->icmp_code == 4); in parse_line()
815 line_value = opt.line->icmp_echoid; in parse_line()
817 …extra_test = opt.line->protocol != 58 || (opt.line->icmp_type != 128 && opt.line->icmp_type != 129… in parse_line()
820 line_value = opt.line->icmp_echoseq; in parse_line()
822 …extra_test = opt.line->protocol != 58 || (opt.line->icmp_type != 128 && opt.line->icmp_type != 129… in parse_line()
825 line_value = opt.line->fwmark; in parse_line()
829 line_value = opt.line->flowlabel; in parse_line()
833 line_value = opt.line->sport; in parse_line()
835 extra_test = opt.line->protocol !=6; in parse_line()
838 line_value = opt.line->dport; in parse_line()
840 extra_test = opt.line->protocol !=6; in parse_line()
843 line_value = opt.line->tcp_seq; in parse_line()
847 line_value = opt.line->tcp_ack_seq; in parse_line()
851 line_value = opt.line->sport; in parse_line()
853 extra_test = opt.line->protocol !=17; in parse_line()
856 line_value = opt.line->dport; in parse_line()
858 extra_test = opt.line->protocol !=17; in parse_line()
861 line_value = opt.line->ahesp_spi; in parse_line()
863 extra_test = opt.line->protocol != 50 && opt.line->protocol != 51; in parse_line()
866 line_value = opt.line->geoip_data_src->metro_code; in parse_line()
870 line_value = opt.line->geoip_data_src->accuracy_radius; in parse_line()
874 line_value = opt.line->geoip_data_dst->metro_code; in parse_line()
878 line_value = opt.line->geoip_data_dst->accuracy_radius; in parse_line()
904 line_value = opt.line->geoip_data_src->is_anonymous_proxy; in parse_line()
907 line_value = opt.line->geoip_data_src->is_satellite_provider; in parse_line()
910 line_value = opt.line->geoip_data_dst->is_anonymous_proxy; in parse_line()
913 line_value = opt.line->geoip_data_dst->is_satellite_provider; in parse_line()
930 double_value = opt.line->geoip_data_src->latitude; in parse_line()
934 double_value = opt.line->geoip_data_src->longitude; in parse_line()
938 double_value = opt.line->geoip_data_dst->latitude; in parse_line()
942 double_value = opt.line->geoip_data_dst->longitude; in parse_line()
997 line_string = (char *)&opt.line->log_label; in parse_line()
1000 line_string = (char *)&opt.line->hostname; in parse_line()
1003 line_string = (char *)&opt.line->inif; in parse_line()
1006 line_string = (char *)&opt.line->outif; in parse_line()
1009 line_string = (char *)&opt.line->mac_saddr_str; in parse_line()
1012 line_string = (char *)&opt.line->mac_daddr_str; in parse_line()
1015 line_string = (char *)&opt.line->raw_mac; in parse_line()
1018 line_string = (char *)&opt.line->geoip_data_src->continent_code; in parse_line()
1021 line_string = (char *)&opt.line->geoip_data_src->continent_name; in parse_line()
1024 line_string = (char *)&opt.line->geoip_data_src->country_iso_code; in parse_line()
1027 line_string = (char *)&opt.line->geoip_data_src->country_name; in parse_line()
1030 line_string = (char *)&opt.line->geoip_data_src->subdivision_1_iso_code; in parse_line()
1033 line_string = (char *)&opt.line->geoip_data_src->subdivision_1_name; in parse_line()
1036 line_string = (char *)&opt.line->geoip_data_src->subdivision_2_iso_code; in parse_line()
1039 line_string = (char *)&opt.line->geoip_data_src->subdivision_2_name; in parse_line()
1042 line_string = (char *)&opt.line->geoip_data_src->city_name; in parse_line()
1045 line_string = (char *)&opt.line->geoip_data_src->time_zone; in parse_line()
1048 line_string = (char *)&opt.line->geoip_data_src->registered_country_geoname_id; in parse_line()
1051 line_string = (char *)&opt.line->geoip_data_src->represented_country_geoname_id; in parse_line()
1054 line_string = (char *)&opt.line->geoip_data_src->postal_code; in parse_line()
1057 line_string = (char *)&opt.line->geoip_data_dst->continent_code; in parse_line()
1060 line_string = (char *)&opt.line->geoip_data_dst->continent_name; in parse_line()
1063 line_string = (char *)&opt.line->geoip_data_dst->country_iso_code; in parse_line()
1066 line_string = (char *)&opt.line->geoip_data_dst->country_name; in parse_line()
1069 line_string = (char *)&opt.line->geoip_data_dst->subdivision_1_iso_code; in parse_line()
1072 line_string = (char *)&opt.line->geoip_data_dst->subdivision_1_name; in parse_line()
1075 line_string = (char *)&opt.line->geoip_data_dst->subdivision_2_iso_code; in parse_line()
1078 line_string = (char *)&opt.line->geoip_data_dst->subdivision_2_name; in parse_line()
1081 line_string = (char *)&opt.line->geoip_data_dst->city_name; in parse_line()
1084 line_string = (char *)&opt.line->geoip_data_dst->time_zone; in parse_line()
1087 line_string = (char *)&opt.line->geoip_data_dst->registered_country_geoname_id; in parse_line()
1090 line_string = (char *)&opt.line->geoip_data_dst->represented_country_geoname_id; in parse_line()
1093 line_string = (char *)&opt.line->geoip_data_dst->postal_code; in parse_line()
1106 if (opt.line->time < (time_t)sel->value) in parse_line()
1110 if (opt.line->time > (time_t)sel->value) in parse_line()
1116 if (opt.line->protocol == 6 && in parse_line()
1117 !(opt.line->flags & TCP_FLAGS_MATCH)) { in parse_line()
1119 if (opt.line->flags == (sel->value ^ TCP_OPTS_EXACT)) in parse_line()
1122 if (!(opt.line->flags | sel->value) || in parse_line()
1123 (opt.line->flags & sel->value)) in parse_line()
1136 host = opt.line->shost; in parse_line()
1138 host6 = opt.line->shost6; in parse_line()
1143 host = opt.line->dhost; in parse_line()
1145 host6 = opt.line->dhost6; in parse_line()
1150 extra_test = opt.line->protocol != 1 || opt.line->icmp_type != 5; in parse_line()
1151 host = opt.line->icmp_gw; in parse_line()
1159 if (sel->family == AF_INET && opt.line->family == AF_INET) { in parse_line()
1171 } else if (sel->family == AF_INET6 && opt.line->family == AF_INET6){ in parse_line()
1185 if (opt.verbose >= VERBOSE_ALERT) in parse_line()
1193 if (opt.verbose >= VERBOSE_ERROR) in parse_line()
1196 --opt.line->geoip_data_src->refcount; in parse_line()
1197 --opt.line->geoip_data_dst->refcount; in parse_line()
1199 if(opt.line->geoip_data_src != opt.geoip_data_init) in parse_line()
1200 free (opt.line->geoip_data_src); in parse_line()
1202 if(opt.line->geoip_data_dst != opt.geoip_data_init) in parse_line()
1203 free (opt.line->geoip_data_dst); in parse_line()
1210 opt.orig_count = opt.line->count; in parse_line()
1211 xstrncpy(opt.line->filename, opt.filename, FILESIZE); in parse_line()
1212 opt.line->linenum = linenum; in parse_line()
1214 if (opt.verbose >= VERBOSE_ERROR) in parse_line()
1267 if (opt.format_sel[0] == '\0') { in select_parsers()
1270 opt.format = 0; in select_parsers()
1271 while ((i < SHORTLEN) && (opt.format_sel[i] != '\0')) { in select_parsers()
1272 switch (opt.format_sel[i]) { in select_parsers()
1274 opt.format = opt.format | PARSER_IPCHAINS; in select_parsers()
1277 opt.format = opt.format | PARSER_NETFILTER; in select_parsers()
1280 opt.format = opt.format | PARSER_IPFILTER; in select_parsers()
1283 opt.format = opt.format | PARSER_CISCO_IOS; in select_parsers()
1286 opt.format = opt.format | PARSER_CISCO_PIX; in select_parsers()
1289 opt.format = opt.format | PARSER_NETSCREEN; in select_parsers()
1292 opt.format = opt.format | PARSER_WIN_XP; in select_parsers()
1295 opt.format = opt.format | PARSER_SNORT; in select_parsers()
1298 opt.format = opt.format | PARSER_IPFW; in select_parsers()
1302 fprintf(stderr, "Unknown parser: '%c'.\n", opt.format_sel[i]); in select_parsers()