/* ---------------------------------------------------------- * FUNCTION : file_arp * DESC : This function prints an ARP asset to the log file * INPUT : 0 - Main asset * RETURN : VOID * ---------------------------------------------------------- */ void file_arp (output_plugin *log, asset *main) { /* ip,vlan,port,proto,ARP (mac-resolved),mac-address,timstamp*/ static char ip_addr_s[INET6_ADDRSTRLEN]; if ((FILE*)log->data == NULL) { if(log->flags & CONFIG_VERBOSE ) elog("[!] ERROR: File handle not open!\n"); return; } u_ntop(main->ip_addr, main->af, ip_addr_s); if (main->macentry != NULL) { /* ip,0,0,ARP (mac-resolved),mac-address,timstamp */ /* XXX: vendor info breaks csv niceness */ fprintf((FILE*)log->data, "%s,%u,0,0,ARP (%s),%s,0,%lu\n", ip_addr_s, main->vlan ? ntohs(main->vlan) : 0,main->macentry->vendor, hex2mac(main->mac_addr), main->last_seen); } else { /* ip,0,0,ARP,mac-address,timstamp */ fprintf((FILE*)log->data, "%s,%u,0,0,ARP,[%s],0,%lu\n", ip_addr_s, main->vlan ? ntohs(main->vlan) : 0,hex2mac(main->mac_addr), main->last_seen); } fflush((FILE*)log->data); }
/* ---------------------------------------------------------- * FUNCTION : fifo_arp * DESC : This function prints an ARP asset to the FIFO file. * INPUT : 0 - IP Address * : 1 - MAC Address * ---------------------------------------------------------- */ void fifo_arp (output_plugin *p, asset *main) { static char ip_addr_s[INET6_ADDRSTRLEN]; FILE *fd; /* Print to FIFO */ if (p->data == NULL) { elog("[!] ERROR: File handle not open!\n"); return; } fd = (FILE *)p->data; u_ntop(main->ip_addr, main->af, ip_addr_s); if (main->macentry != NULL) { /* prads_agent.tcl process each line until it receivs a dot by itself */ fprintf(fd, "02\n%s\n%u\n%s\n%s\n%lu\n.\n", ip_addr_s, htonl(IP4ADDR(&main->ip_addr)), main->macentry->vendor, hex2mac(main->mac_addr), main->last_seen); } else { /* prads_agent.tcl process each line until it receivs a dot by itself */ fprintf(fd, "02\n%s\n%u\nunknown\n%s\n%lu\n.\n", ip_addr_s, htonl(IP4ADDR(&main->ip_addr)), hex2mac(main->mac_addr), main->last_seen); } fflush(fd); }