1 /* 2 ** Modular Logfile Analyzer 3 ** Copyright 2000 Jan Kneschke <jan@kneschke.de> 4 ** 5 ** Homepage: http://www.modlogan.org 6 ** 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version, and provided that the above 12 copyright and permission notice is included with all distributed 13 copies of this or derived software. 14 15 This program is distributed in the hope that it will be useful, 16 but WITHOUT ANY WARRANTY; without even the implied warranty of 17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 GNU General Public License for more details. 19 20 You should have received a copy of the GNU General Public License 21 along with this program; if not, write to the Free Software 22 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 23 24 ** 25 ** $Id: parse.c,v 1.8 2003/05/17 18:53:52 miham Exp $ 26 */ 27 28 #include <stdlib.h> 29 #include <stdio.h> 30 #include <string.h> 31 #include <time.h> 32 #include <ctype.h> 33 #include <errno.h> 34 35 #include "config.h" 36 #include "mlocale.h" 37 #include "mplugins.h" 38 #include "mrecord.h" 39 #include "mdatatypes.h" 40 #include "misc.h" 41 42 #include "plugin_config.h" 43 44 45 #ifdef HAVE_FLOWTOOLS 46 #include "ftlib.h" 47 48 typedef union { 49 struct fts3rec_v1 v1; 50 struct fts3rec_v5 v5; 51 struct fts3rec_v6 v6; 52 struct fts3rec_v7 v7; 53 struct fts3rec_v8_1 v8_1; 54 struct fts3rec_v8_2 v8_2; 55 struct fts3rec_v8_3 v8_3; 56 struct fts3rec_v8_4 v8_4; 57 struct fts3rec_v8_5 v8_5; 58 struct fts3rec_gen gen; 59 } ftrecord; 60 61 int parse_record(mconfig *ext_conf, mlogrec *record, ftrecord *buf) { 62 config_input *conf = ext_conf->plugin_conf; 63 mlogrec_traffic *rectrf = NULL; 64 mlogrec_traffic_flow *recflw = NULL; 65 66 record->ext_type = M_RECORD_TYPE_TRAFFIC; 67 record->ext = mrecord_init_traffic(); 68 69 rectrf = record->ext; 70 71 if (rectrf == NULL) return -1; 72 73 rectrf->ext = mrecord_init_traffic_flow(); 74 rectrf->ext_type = M_RECORD_TYPE_TRAFFIC_FLOW; 75 76 recflw = rectrf->ext; 77 78 if (recflw == NULL) return -1; 79 80 record->timestamp = buf->gen.unix_secs; 81 rectrf->src = malloc(16); 82 sprintf(rectrf->src, "%d.%d.%d.%d", 83 (buf->gen.srcaddr >> 24) & 0xff, 84 (buf->gen.srcaddr >> 16) & 0xff, 85 (buf->gen.srcaddr >> 8) & 0xff, 86 (buf->gen.srcaddr >> 0) & 0xff 87 ); 88 rectrf->dst = malloc(16); 89 sprintf(rectrf->dst, "%d.%d.%d.%d", 90 (buf->gen.dstaddr >> 24) & 0xff, 91 (buf->gen.dstaddr >> 16) & 0xff, 92 (buf->gen.dstaddr >> 8) & 0xff, 93 (buf->gen.dstaddr >> 0) & 0xff 94 ); 95 recflw->protocol = buf->gen.prot; 96 recflw->src_port = buf->gen.srcport; 97 recflw->dst_port = buf->gen.dstport; 98 rectrf->xfer_incoming = buf->gen.dOctets; 99 recflw->packets = buf->gen.dPkts; 100 recflw->src_as = buf->v5.src_as; 101 recflw->dst_as = buf->v5.dst_as; 102 103 recflw->src_interface = buf->v5.input; 104 recflw->dst_interface = buf->v5.output; 105 106 return 0; 107 } 108 109 #endif 110 int mplugins_input_flowraw_get_next_record(mconfig *ext_conf, mlogrec *record) { 111 int ret = 0; 112 #ifdef HAVE_FLOWTOOLS 113 config_input *conf = ext_conf->plugin_conf; 114 void *rec; 115 116 if ((rec = ftio_read(&(conf->ftio)))) { 117 ret = parse_record(ext_conf, record, rec); 118 /* free(rec); */ 119 } else { 120 ret = M_RECORD_EOF; 121 } 122 #else 123 ret = M_RECORD_EOF; 124 #endif 125 126 return ret; 127 } 128