static void filter(char *filename,char *operation)
{
char file_m[100],buffer[100];
int len;
printf("%s %s\n",filename,operation);
if(*(filename+0)!='.')
{
if(strstr(filename,"~")!=NULL && strcmp(operation,"CREATED")==0)
{
len=strlen(filename);
*(filename+len-1)='\0';
strcpy(buffer,filename);
strcat(buffer,"\n");
if(if_exists(buffer,0)==0)
strcpy(u_files[u_cnt++],buffer);
return;
}
strcpy(buffer,filename);
strcat(buffer,"\n");
if(strcmp(operation,"DELETED")==0)
{
if(if_exists(buffer,1)==0)
strcpy(d_files[d_cnt++],buffer);
return;
}
else
{
if(if_exists(buffer,0)==0)
strcpy(u_files[u_cnt++],buffer);
return;
}
}
else
{
if(strstr(filename,"swp")!=NULL && strcmp(operation,"MODIFIED")==0)
{
sscanf(filename,".%[^.].swp",file_m);
len=strlen(file_m);
*(file_m+len)='\n';
*(file_m+len+1)='\0';
if(if_exists(file_m,0)==0)
strcpy(u_files[u_cnt++],file_m);
}
}
return;
}
int
main(int argc, char **argv)
{
int ch, np, ret, Xflag = 0;
pcap_handler phandler = dump_packet;
const char *errstr = NULL;
char *pidf = NULL;
ret = 0;
closefrom(STDERR_FILENO + 1);
while ((ch = getopt(argc, argv, "Dxd:f:i:p:s:")) != -1) {
switch (ch) {
case 'D':
Debug = 1;
break;
case 'd':
delay = strtonum(optarg, 5, 60*60, &errstr);
if (errstr)
usage();
break;
case 'f':
filename = optarg;
break;
case 'i':
interface = optarg;
break;
case 'p':
pidf = optarg;
break;
case 's':
snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
&errstr);
if (snaplen <= 0)
snaplen = DEF_SNAPLEN;
if (errstr)
snaplen = PFLOGD_MAXSNAPLEN;
break;
case 'x':
Xflag++;
break;
default:
usage();
}
}
log_debug = Debug;
argc -= optind;
argv += optind;
/* does interface exist */
if (!if_exists(interface)) {
warn("Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
if (!Debug) {
openlog("pflogd", LOG_PID | LOG_CONS, LOG_DAEMON);
if (daemon(0, 0)) {
logmsg(LOG_WARNING, "Failed to become daemon: %s",
strerror(errno));
}
pidfile(pidf);
}
tzset();
(void)umask(S_IRWXG | S_IRWXO);
/* filter will be used by the privileged process */
if (argc) {
filter = copy_argv(argv);
if (filter == NULL)
logmsg(LOG_NOTICE, "Failed to form filter expression");
}
/* initialize pcap before dropping privileges */
if (init_pcap()) {
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
/* Privilege separation begins here */
if (priv_init()) {
logmsg(LOG_ERR, "unable to privsep");
exit(1);
}
setproctitle("[initializing]");
/* Process is now unprivileged and inside a chroot */
signal(SIGTERM, sig_close);
signal(SIGINT, sig_close);
signal(SIGQUIT, sig_close);
signal(SIGALRM, sig_alrm);
signal(SIGUSR1, sig_usr1);
signal(SIGHUP, sig_hup);
alarm(delay);
buffer = malloc(PFLOGD_BUFSIZE);
if (buffer == NULL) {
logmsg(LOG_WARNING, "Failed to allocate output buffer");
phandler = dump_packet_nobuf;
} else {
bufleft = buflen = PFLOGD_BUFSIZE;
bufpos = buffer;
bufpkt = 0;
}
if (reset_dump(Xflag) < 0) {
if (Xflag)
return (1);
logmsg(LOG_ERR, "Logging suspended: open error");
set_suspended(1);
} else if (Xflag)
return (0);
while (1) {
np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
phandler, (u_char *)dpcap);
if (np < 0) {
if (!if_exists(interface) == -1) {
logmsg(LOG_NOTICE, "interface %s went away",
interface);
ret = -1;
break;
}
logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
}
if (gotsig_close)
break;
if (gotsig_hup) {
if (reset_dump(0)) {
logmsg(LOG_ERR,
"Logging suspended: open error");
set_suspended(1);
}
gotsig_hup = 0;
}
if (gotsig_alrm) {
if (dpcap)
flush_buffer(dpcap);
else
gotsig_hup = 1;
gotsig_alrm = 0;
alarm(delay);
}
if (gotsig_usr1) {
log_pcap_stats();
gotsig_usr1 = 0;
}
}
logmsg(LOG_NOTICE, "Exiting");
if (dpcap) {
flush_buffer(dpcap);
fclose(dpcap);
}
purge_buffer();
log_pcap_stats();
pcap_close(hpcap);
if (!Debug)
closelog();
return (ret);
}
for_each(line,lines)
{
int col, accept = 0, /*proxyflag = 0, */valid = 1, setchainname = 0, commonflag = 0;
unsigned long long traffic = 0;
unsigned long pkts = 0;
char *ipaddr = NULL,*ptr;
valid_columns(ptr, line->str, ' ', col)
if(valid) switch(col)
{
case 1: if(eq(ptr,"Chain"))
{
setchainname = 1;
}
else if(eq(ptr,"pkts"))
{
valid = 0;
}
else
{
sscanf(ptr,"%lu",&pkts);
}
break;
case 2: if(setchainname)
{
if(!strncmp(ptr,"post_",5) || eq(ptr,"POSTROUTING"))
{
downloadflag = 1;
}
else
{
if(!strncmp(ptr,"forw_",5) || eq(ptr,"FORWARD"))
{
downloadflag = 0;
}
}
if(eq(ptr,"post_common") || eq(ptr,"forw_common"))
{
commonflag = 1;
}
}
else
{
sscanf(ptr,"%Lu",&traffic);
traffic += (1<<19);
traffic >>= 20;
}
break;
case 3: if((strncmp(ptr,"post_",5) && strncmp(ptr,"forw_",5)) || commonflag)
{
accept = eq(ptr,mark);
}
break;
case 7: if(ipv6 && !downloadflag)
{
ipaddr = ptr;
}
break;
case 8: if(ipv6 && downloadflag)
{
ipaddr = ptr;
}
else if(!ipv6)
{
/* if(downloadflag)
{
if(strstr(proxy_ip,ptr))
{
proxyflag = 1;
}
}
else
{ */
if(!downloadflag)
{
ipaddr = ptr;
}
}
break;
case 9: if(!ipv6 && downloadflag)
{
ipaddr = ptr;
}
break;
}
if(accept && traffic>0 && ipaddr)
{
/* IPv6 subnet - /64 */
char *isipv6 = strstr(ipaddr,"/64");
if(ipv6 && isipv6)
{
*isipv6=0;
printf("(IPv6) ");
}
else
{
printf("(IPv4) ");
}
/*
if(proxyflag)
{
printf("(proxy) ");
}
else
*/
if(!downloadflag)
{
printf("(up) ");
}
else
{
printf("(down) ");
}
traffic_detected = 1;
printf("%s %Lu MB (%ld pkts)\n", ipaddr, traffic, pkts);
if_exists(ip, ips, eqi(ip->addr,ipaddr));
else
{
int64_t prune_local_prefix_tree(trans* orig_tree, int64_t tree_size, int64_t *freq1,
trans* pruned_tree, int64_t* pruned_freq, trans* label_list, int64_t
list_size){
#if 0
if(!orig_tree or !freq1 or tree_size == 0) {
cout << "Cannot prune a empty tree \n";
return -1;
}
if(!pruned_tree or !pruned_freq){
cout << "Please allocate memory for pruned tree\n";
return -1;
}
if(!label_list){
cout << "No lables assigned to this process, returning empty tree \n";
pruned_tree = NULL;
pruned_freq = NULL;
return 0;
}
trans label, tmp;
int64_t label_freq;
stack s;
/* copy root to result and on top of stack */
pruned_tree[0] = ROOT;
pruned_freq[0] = freq1[0];
int64_t pruned_size = 1;
s.push(ROOT, freq1[0]);
/* Start after Root of tree*/
for(int64_t i=1; i < tree_size; i++) {
label = orig_tree[i];
label_freq = freq1[i];
if(label != delimiter){
s.push(label, label_freq);
}
else{
/* next label in tree is a delimiter
* Find what is on top of stack
*/
tmp = s.peek_label();
if(tmp == ROOT)
{
// add delimiter to result if stack top is ROOT
pruned_tree[pruned_size] = label;
pruned_freq[pruned_size] = freq1[i];
pruned_size++;
}
else if(if_exists(tmp, label_list, list_size)) {
/* empty the stacks and add everythign
* including current delimiter to result */
s.push(label, label_freq);
pruned_size = s.pop_to_array(pruned_tree, pruned_freq, pruned_size);
}else{
//pop the label on top and discard
s.pop();
}
}// end of "if delimiter"
}// end of for loop/original tree
return pruned_size;
#endif
}
