/**
* sim_db_insert_host_os:
*
* Insert 'host os' event in @databse
*/
void
sim_db_insert_host_os (SimDatabase *database,
SimInet *inet,
gchar *date,
SimInet *sensor,
gchar *interface,
gchar *os,
SimUuid *context_id)
{
gchar *query = NULL;
gchar *os_escaped;
g_return_if_fail (SIM_IS_DATABASE (database));
g_return_if_fail (SIM_IS_INET (inet));
g_return_if_fail (date);
g_return_if_fail (os);
os_escaped = g_strescape (os, NULL);
query = g_strdup_printf ("INSERT INTO host_os (id, ctx, sensor, date, os, interface) "
"SELECT id, %s, %s, '%s', '%s', '%s' FROM host "
"WHERE ip = %s and ctx = %s LIMIT 1",
sim_uuid_get_db_string (context_id),
sensor ? sim_inet_get_db_string (sensor) : "NULL",
date,
os_escaped,
interface,
sim_inet_get_db_string (inet),
sim_uuid_get_db_string (context_id));
sim_db_execute_query (database, query);
g_free (os_escaped);
}
/**
* sim_db_insert_host_service:
*
* Insert 'host service' in @databse
*/
void
sim_db_insert_host_service (SimDatabase *database,
SimInet *inet,
gchar *date,
gint port,
gint protocol,
SimInet *sensor,
gchar *interface,
gchar *service,
gchar *application,
SimUuid *context_id)
{
gchar *query;
gint plugin_id;
struct servent *temp_serv = NULL;
struct protoent *temp_proto = NULL;
g_return_if_fail (SIM_IS_DATABASE (database));
g_return_if_fail (SIM_IS_INET (inet));
g_return_if_fail (date);
g_return_if_fail (port >= 0); /* Needed for ints */
g_return_if_fail (protocol >= 0);
g_return_if_fail (sensor);
g_return_if_fail (service);
g_return_if_fail (application);
temp_proto = getprotobynumber (protocol);
if (temp_proto->p_name == NULL)
return; /* Since we don't know the proto we wont insert a service without a protocol */
temp_serv = getservbyport (port, temp_proto->p_name);
query = g_strdup_printf ("INSERT INTO host_services "
"(id, date, port, protocol, service, service_type, version, origin, sensor, interface, ctx) "
"SELECT id, '%s', %u, %u, '%s', '%s', '%s', 0, %s, '%s', %s "
"FROM host WHERE ip = %s and ctx = %s LIMIT 1",
date,
port,
protocol,
(temp_serv != NULL) ? temp_serv->s_name : "unknown",
service,
application,
sim_inet_get_db_string (sensor),
interface,
sim_uuid_get_db_string (context_id),
sim_inet_get_db_string (inet),
sim_uuid_get_db_string (context_id));
sim_db_execute_query (database, query);
g_free (query);
plugin_id = SIM_PLUGIN_SERVICE;
sim_db_insert_host_plugin_sid (database, inet, plugin_id, port, context_id);
}
/**
* sim_db_insert_host_mac:
*
* Insert 'host mac' event in @databse
*/
void
sim_db_insert_host_mac (SimDatabase *database,
SimInet *inet,
gchar *date,
gchar *mac,
gchar *vendor,
gchar *interface,
SimInet *sensor,
SimUuid *context_id)
{
gchar *query;
gchar *vendor_esc;
g_return_if_fail (SIM_IS_DATABASE (database));
g_return_if_fail (SIM_IS_INET (inet));
g_return_if_fail (date);
g_return_if_fail (mac);
g_return_if_fail (interface);
g_return_if_fail (sensor);
// we want to insert only the hosts defined in Policy->hosts or inside a network from policy->networks
// if((sim_container_get_host_by_ia(container,ia) == NULL) && (sim_container_get_nets_has_ia(container,ia) == NULL))
// return;
vendor_esc = g_strescape (vendor, NULL);
query = g_strdup_printf ("INSERT INTO host_mac (id, ctx, sensor, date, mac, vendor, interface) "
"SELECT id, %s, %s, '%s', '%s', '%s', '%s' FROM host WHERE ip = %s and ctx = %s LIMIT 1",
sim_uuid_get_db_string (context_id),
sensor ? sim_inet_get_db_string (sensor) : "NULL",
date,
mac,
(vendor_esc) ? vendor_esc : "",
interface,
sim_inet_get_db_string (inet),
sim_uuid_get_db_string (context_id));
g_free (vendor_esc);
ossim_debug ("%s: query: %s", __func__, query);
sim_db_execute_query (database, query);
g_free (query);
}
const gchar *
sim_geoip_lookup (SimInet *inet)
{
uint8_t *inet_addr;
const gchar *ret;
g_return_val_if_fail (SIM_IS_INET (inet), 0);
inet_addr = sim_inet_get_in_addr (inet);
if (sim_inet_is_ipv4 (inet))
{
if (inet_addr[0] || inet_addr[1] || inet_addr[2] || inet_addr[3])
{
unsigned long r_addr;
r_addr = inet_addr[0] << 24 | inet_addr[1] << 16 | inet_addr[2] << 8 | inet_addr[3];
ret = GeoIP_code_by_id (GeoIP_id_by_ipnum (geoip_db, r_addr));
}
else
{
ret = "--";
}
}
else
{
geoipv6_t r_addr;
memcpy (r_addr.__in6_u.__u6_addr8, inet_addr, sizeof (geoipv6_t));
ret = GeoIP_code_by_id (GeoIP_id_by_ipnum_v6 (geoipV6_db, r_addr));
}
g_free (inet_addr);
return ret;
}
/**
* sim_db_insert_host_plugin_sid:
*
* Insert host plugin sid in @database
*/
void
sim_db_insert_host_plugin_sid (SimDatabase *database,
SimInet *inet,
gint plugin_id,
gint plugin_sid,
SimUuid *context_id)
{
gchar *query;
g_return_if_fail (SIM_IS_DATABASE (database));
g_return_if_fail (SIM_IS_INET (inet));
// this is a plugin_sid which comes from an special event, (the plugin_id)
query = g_strdup_printf ("REPLACE INTO host_plugin_sid (host_ip, plugin_id, plugin_sid, ctx) "
"VALUES (%s, %d, %d, %s)",
sim_inet_get_db_string (inet),
plugin_id,
plugin_sid,
sim_uuid_get_db_string (context_id));
sim_db_execute_query (database, query);
g_free (query);
}
