コード例 #1
0
static void
nmsg_callback(nmsg_message_t msg, void *user) {
	if (nmsg_message_get_vid(msg) == NMSG_VENDOR_BASE_ID &&
	    nmsg_message_get_msgtype(msg) == NMSG_VENDOR_BASE_PKT_ID)
	{
		process_msg(msg);
	}

	nmsg_message_destroy(&msg);
}
コード例 #2
0
ファイル: whit2nmsg.c プロジェクト: synthesizerpatel/axa
axa_w2n_res_t
axa_whit2nmsg(axa_emsg_t *emsg, nmsg_input_t nmsg_input,
	      nmsg_message_t *msgp, axa_p_whit_t *whit, size_t whit_len)
{
	size_t msg_len;
	nmsg_message_t *msgs;
	size_t n_msgs;
	struct timespec ts;
	nmsg_res res;

	*msgp = NULL;

	msg_len = whit_len - sizeof(whit->nmsg.hdr);
	if (msg_len <= 0) {
		axa_pemsg(emsg, "truncated nmsg");
		return (AXA_W2N_RES_FAIL);
	}
	ts.tv_sec = AXA_P2H32(whit->nmsg.hdr.ts.tv_sec);
	ts.tv_nsec = AXA_P2H32(whit->nmsg.hdr.ts.tv_nsec);
	res = nmsg_input_read_null(nmsg_input, whit->nmsg.b, msg_len,
				   &ts, &msgs, &n_msgs);
	if (res != nmsg_res_success) {
		axa_pemsg(emsg, "nmsg_input_read_null(): %s",
			  nmsg_res_lookup(res));
		return (AXA_W2N_RES_FAIL);
	}
	/* if res == nmsg_res_success && n_msgs == 0, we have an NMSG fragment */
	if (n_msgs < 1 || n_msgs > 1) {
		while (n_msgs > 0)
			nmsg_message_destroy(&msgs[--n_msgs]);
		free(msgs);
		return (AXA_W2N_RES_FRAGMENT);
	}

	*msgp = msgs[0];
	free(msgs);
	return (AXA_W2N_RES_SUCCESS);
}
コード例 #3
0
ファイル: json.c プロジェクト: farsightsec/axa
static axa_json_res_t
add_whit(axa_emsg_t *emsg, yajl_gen g, struct axa_strbuf *yajl_sb, nmsg_input_t nmsg_input, axa_p_whit_t *whit, size_t whit_len)
{
	axa_json_res_t json_res;

	json_res = add_channel(emsg, g, whit->hdr.ch);
	if (json_res != AXA_JSON_RES_SUCCESS)
		return (json_res);

	switch (whit->hdr.type) {
	case AXA_P_WHIT_NMSG: {
		struct axa_strbuf *sb;
		nmsg_message_t msg;
		axa_w2n_res_t wres;
		nmsg_res nres;
		const char *vname, *mname;
		char *nmsg_json = NULL;
		struct tm tm;
		time_t t;
		char when[32];

		if (whit_len < sizeof(axa_p_whit_nmsg_t)) {
			axa_pemsg(emsg, "whit_len %zu < %zu", whit_len, sizeof(axa_p_whit_nmsg_t));
			return (AXA_JSON_RES_FAILURE);
		}

		wres = axa_whit2nmsg(emsg, nmsg_input, &msg, whit, whit_len);
		if (wres != AXA_W2N_RES_SUCCESS) {
			return (AXA_JSON_RES_FAILURE);
		}

		sb = axa_strbuf_init();
		if (sb == NULL) {
			axa_pemsg(emsg, "could not allocate axa_strbuf");
			return (AXA_JSON_RES_MEMFAIL);
		}

		if(AXA_P2H_IDX(whit->nmsg.hdr.field_idx) < AXA_NMSG_IDX_RSVD) {
			const char *field_name;
			nres = nmsg_message_get_field_name(msg, whit->nmsg.hdr.field_idx, &field_name);
			if (nres == nmsg_res_success) {
				add_yajl_string(g, "field");
				add_yajl_string(g, field_name);
			} else {
				add_yajl_string(g, "field_idx");
				add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.field_idx));
			}
		}

		if (AXA_P2H_IDX(whit->nmsg.hdr.val_idx) < AXA_NMSG_IDX_RSVD) {
			add_yajl_string(g, "val_idx");
			add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.val_idx));
		}

		vname = nmsg_msgmod_vid_to_vname(AXA_P2H_IDX(whit->nmsg.hdr.vid));
		if (vname != NULL) {
			add_yajl_string(g, "vname");
			add_yajl_string(g, vname);
		} else {
			add_yajl_string(g, "vid");
			add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.vid));
		}

		mname = nmsg_msgmod_msgtype_to_mname(
				AXA_P2H16(whit->nmsg.hdr.vid),
				AXA_P2H16(whit->nmsg.hdr.type));
		if (mname != NULL) {
			add_yajl_string(g, "mname");
			add_yajl_string(g, mname);
		} else {
			add_yajl_string(g, "msgtype");
			add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.type));
		}

		add_yajl_string(g, "time");
		t = AXA_P2H32(whit->nmsg.hdr.ts.tv_sec);
		gmtime_r(&t, &tm);
		strftime(when, sizeof(when), "%Y-%m-%d %T", &tm);

		axa_strbuf_reset(sb);
		axa_strbuf_append(sb, "%s.%09u", when,
				AXA_P2H32(whit->nmsg.hdr.ts.tv_nsec));
		add_yajl_string(g, sb->data);

		nres = nmsg_message_to_json(msg, &nmsg_json);
		if (nres == nmsg_res_success) {
			add_yajl_string(g, "nmsg");
			add_yajl_integer(g, 0);

			yajl_gen_clear(g);
			axa_strbuf_clip(yajl_sb, axa_strbuf_len(yajl_sb)-1);
			axa_strbuf_append(yajl_sb, "%s", nmsg_json);
			free(nmsg_json);
		}

		axa_strbuf_destroy(&sb);
		nmsg_message_destroy(&msg);

		return (AXA_JSON_RES_SUCCESS);
	}
	case AXA_P_WHIT_IP: {
		struct axa_strbuf *sb;
		struct nmsg_ipdg dg;
		nmsg_res res;
		struct tm tm;
		time_t t;
		char when[32];

		if (whit_len < sizeof(axa_p_whit_ip_t)) {
			axa_pemsg(emsg, "whit_len %zu < %zu",
					whit_len, sizeof(axa_p_whit_ip_t));
			return (AXA_JSON_RES_FAILURE);
		}

		add_yajl_string(g, "time");
		t = AXA_P2H32(whit->ip.hdr.tv.tv_sec);
		gmtime_r(&t, &tm);
		strftime(when, sizeof(when), "%Y-%m-%d %T", &tm);

		sb = axa_strbuf_init();
		if (sb == NULL) {
			axa_pemsg(emsg, "could not allocate axa_strbuf");
			return (AXA_JSON_RES_MEMFAIL);
		}
		axa_strbuf_append(sb, "%s.%06u", when,
				AXA_P2H32(whit->ip.hdr.tv.tv_usec));
		add_yajl_string(g, sb->data);
		axa_strbuf_destroy(&sb);

		res = nmsg_ipdg_parse_pcap_raw(&dg, DLT_RAW, whit->ip.b, whit_len - offsetof(axa_p_whit_ip_t, b));
		if (res != nmsg_res_success || dg.len_network == 0) {
			add_yajl_string(g, "parse_error");
			add_yajl_bool(g, true);

			return (AXA_JSON_RES_SUCCESS);
		}

		add_yajl_string(g, "af");
		switch(dg.proto_network) {
		case AF_INET: {
			struct ip *ip_hdr;
			char addr_str[INET_ADDRSTRLEN];

			add_yajl_string(g, "IPv4");

			if (dg.network != NULL && dg.len_network >= sizeof(ip_hdr)) {
				ip_hdr = (void*)dg.network;

				add_yajl_string(g, "src");
				add_yajl_string(g, inet_ntop(AF_INET, &ip_hdr->ip_src, addr_str, sizeof(addr_str)));
				add_yajl_string(g, "dst");
				add_yajl_string(g, inet_ntop(AF_INET, &ip_hdr->ip_dst, addr_str, sizeof(addr_str)));

				add_yajl_string(g, "ttl");
				add_yajl_integer(g, ip_hdr->ip_ttl);
			}
			break;
		}
		case AF_INET6: {
			struct ip6_hdr *ip6_hdr;
			char addr_str[INET6_ADDRSTRLEN];
			
			add_yajl_string(g, "IPv6");

			if (dg.network != NULL && dg.len_network >= sizeof(ip6_hdr)) {
				ip6_hdr = (void*)dg.network;

				add_yajl_string(g, "src");
				add_yajl_string(g, inet_ntop(AF_INET6, &ip6_hdr->ip6_src, addr_str, sizeof(addr_str)));

				add_yajl_string(g, "dst");
				add_yajl_string(g, inet_ntop(AF_INET6, &ip6_hdr->ip6_dst, addr_str, sizeof(addr_str)));

				add_yajl_string(g, "ttl");
				add_yajl_integer(g, ip6_hdr->ip6_hlim);

			}
			break;
		}
		default:
			add_yajl_integer(g, dg.proto_network);
			return (AXA_JSON_RES_SUCCESS);
		} /* switch */

		add_yajl_string(g, "proto");
		switch(dg.proto_transport) {
		case IPPROTO_ICMP:
			add_yajl_string(g, "ICMP");
			break;
		case IPPROTO_ICMPV6:
			add_yajl_string(g, "ICMPv6");
			break;
		case IPPROTO_TCP:
			add_yajl_string(g, "TCP");
			if (dg.transport != NULL && dg.len_transport >= sizeof(struct tcphdr)) {
				struct tcphdr *tcp_hdr = (void*)dg.transport;

				add_yajl_string(g, "src_port");
				add_yajl_integer(g, ntohs(tcp_hdr->th_sport));

				add_yajl_string(g, "dst_port");
				add_yajl_integer(g, ntohs(tcp_hdr->th_dport));

				add_yajl_string(g, "flags");
				add_yajl_array(g);
				if ((tcp_hdr->th_flags & TH_FIN) != 0)
					add_yajl_string(g, "FIN");
				if ((tcp_hdr->th_flags & TH_SYN) != 0)
					add_yajl_string(g, "SYN");
				if ((tcp_hdr->th_flags & TH_ACK) != 0)
					add_yajl_string(g, "ACK");
				if ((tcp_hdr->th_flags & TH_RST) != 0)
					add_yajl_string(g, "RST");
				close_yajl_array(g);
			}
			break;
		case IPPROTO_UDP:
			add_yajl_string(g, "UDP");
			if (dg.transport != NULL && dg.len_transport >= sizeof(struct udphdr)) {
				struct udphdr *udp_hdr = (void*)dg.transport;

				add_yajl_string(g, "src_port");
				add_yajl_integer(g, ntohs(udp_hdr->uh_sport));

				add_yajl_string(g, "dst_port");
				add_yajl_integer(g, ntohs(udp_hdr->uh_dport));

			}
			break;
		default:
			add_yajl_integer(g, dg.proto_transport);
			break;
		} /* switch */

		if (dg.payload != NULL) {
			base64_encodestate b64;
			char *b64_str;
			size_t b64_str_len;

			base64_init_encodestate(&b64);
			b64_str = alloca(2 * dg.len_payload + 1);
			AXA_ASSERT(b64_str != NULL);

			b64_str_len = base64_encode_block((void*)dg.payload,
					dg.len_payload, b64_str, &b64);
			b64_str_len += base64_encode_blockend(b64_str + b64_str_len, &b64);

			add_yajl_string(g, "payload");
			add_yajl_string_len(g, b64_str, b64_str_len);
		}

		return (AXA_JSON_RES_SUCCESS);
	}
	default:
		axa_pemsg(emsg, "unknown whit hdr type: %d", whit->hdr.type);
		return (AXA_JSON_RES_FAILURE);
	}
}
コード例 #4
0
ファイル: output.c プロジェクト: farsightsec/axa
/* forward watch hits as NMSG messages */
bool
out_whit_nmsg(axa_p_whit_t *whit, size_t whit_len)
{
	nmsg_message_t msg;
	struct timespec ts;
	static const union {
		uint    e;
		uint8_t	c[0];
	} pkt_enum = { .e = NMSG__BASE__PACKET_TYPE__IP };
	size_t len;
	struct timeval now;
	nmsg_res res;
	bool result;

	switch ((axa_p_whit_enum_t)whit->hdr.type) {
	case AXA_P_WHIT_NMSG:
		/* pass NMSG messages along */
		if (whit2nmsg(&msg, whit, whit_len) == AXA_W2N_RES_FRAGMENT) {
			if (axa_debug != 0)
				printf("ignoring NMSG fragment from "
						AXA_OP_CH_PREFIX"%d",
						AXA_P2H_CH(whit->hdr.ch));
			return (false);
		}
		if (msg == NULL)
			return (false);
		break;

	case AXA_P_WHIT_IP:
		/* Convert raw IP packets to nmsg BASE_PACKET */
		len = whit_len - sizeof(whit->ip.hdr);
		if (AXA_P2H32(whit->ip.hdr.ip_len) != len)
			return (false);	/* Ignore incomplete packets. */

		if (!out_nmsg_mod_checked) {
			out_nmsg_mod_checked = true;
			out_nmsg_mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID,
						NMSG_VENDOR_BASE_PACKET_ID);
			if (out_nmsg_mod == NULL) {
				out_error("cannot get BASE_PACKET module");
				return (false);
			}
			res = nmsg_msgmod_init(out_nmsg_mod, &out_nmsg_clos);
			if (res != nmsg_res_success) {
				out_error("cannot init BASE_PACKET module");
				out_nmsg_mod = NULL;
				return (false);
			}
		}
		if (out_nmsg_mod == NULL) {
			out_error("cannot forward IP as NMSG messages"
				  " without PACKET nmsg_msgmod");
			return (false);
		}

		msg = nmsg_message_init(out_nmsg_mod);
		AXA_ASSERT(msg != NULL);
		res = nmsg_message_set_field(msg, "payload_type", 0,
					     pkt_enum.c, sizeof(pkt_enum));
		AXA_ASSERT(res == nmsg_res_success);
		res = nmsg_message_set_field(msg, "payload", 0,
					     whit->ip.b, len);
		AXA_ASSERT(res == nmsg_res_success);
		ts.tv_sec = AXA_P2H32(whit->ip.hdr.tv.tv_sec);
		ts.tv_nsec = AXA_P2H32(whit->ip.hdr.tv.tv_usec) * 1000;
		nmsg_message_set_time(msg, &ts);
		break;

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunreachable-code"
	default:
		out_error("cannot forward SRA #%d messages as NMSG messages",
			  whit->hdr.type);
		return (false);
#pragma clang diagnostic pop
	}

	res = nmsg_output_write(out_nmsg_output, msg);
	if (res == nmsg_res_success) {
		result = true;
	} else {
		result = false;

		gettimeofday(&now, NULL);
		if (out_sock_type != SOCK_DGRAM
		    || res != nmsg_res_errno
		    || !AXA_IGNORED_UDP_ERRNO(errno)) {
			/* Stop on non-UDP errors. */
			clear_prompt();
			error_msg("nmsg_output_write(): %s",
				  nmsg_res_lookup(res));
			out_close(false);
			disconnect(true);
		} else if (output_errno != errno
			   || 60*1000 <= axa_elapsed_ms(&now,
							&output_errno_time)
			   || axa_debug >= AXA_DEBUG_TRACE) {
			/* Report occasional identical UDP errors. */
			output_errno = errno;
			gettimeofday(&output_errno_time, NULL);
			clear_prompt();
			error_msg("nmsg_output_write(): %s",
				  strerror(output_errno));
		}
	}

	nmsg_message_destroy(&msg);
	if (time_out_flush.tv_sec == 0)
		gettimeofday(&time_out_flush, NULL);

	return (result);
}
コード例 #5
0
ファイル: email_client.c プロジェクト: farsightsec/nmsg
int
main(void) {
	int nmsg_sock;
	nmsg_message_t msg;
	nmsg_msgmod_t mod;
	nmsg_output_t output;
	nmsg_res res;
	struct sockaddr_in nmsg_sockaddr;
	void *clos;

	/* initialize libnmsg */
	res = nmsg_init();
	if (res != nmsg_res_success)
		fail("unable to initialize libnmsg\n");

	/* set dst address / port */
	if (inet_pton(AF_INET, DST_ADDRESS, &nmsg_sockaddr.sin_addr)) {
		nmsg_sockaddr.sin_family = AF_INET;
		nmsg_sockaddr.sin_port = htons(DST_PORT);
	} else {
		perror("inet_pton");
		exit(1);
	}

	/* open socket */
	nmsg_sock = socket(PF_INET, SOCK_DGRAM, 0);
	if (nmsg_sock < 0) {
		perror("socket");
		exit(1);
	}

	/* connect socket */
	if (connect(nmsg_sock, (struct sockaddr *) &nmsg_sockaddr,
		    sizeof(nmsg_sockaddr)) < 0)
	{
		perror("connect");
		exit(1);
	}

	/* create nmsg output */
	output = nmsg_output_open_sock(nmsg_sock, DST_MTU);
	if (output == NULL)
		fail("unable to nmsg_output_open_sock()");

	/* open handle to the email module */
	mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID, NMSG_VENDOR_BASE_EMAIL_ID);
	if (mod == NULL)
		fail("unable to acquire module handle");

	/* initialize module */
	res = nmsg_msgmod_init(mod, &clos);
	if (res != nmsg_res_success)
		exit(res);

	/* create and send pbuf */
	char srcip[] = "127.0.0.1";
	char srchost[] = "localhost.localdomain";
	char helo[] = "helo";
	char from[] = "*****@*****.**";
	char rcpt0[] = "*****@*****.**";
	char rcpt1[] = "*****@*****.**";
	uint32_t ip;
	unsigned type;

	msg = nmsg_message_init(mod);
	assert(msg != NULL);

	res = nmsg_message_enum_name_to_value(msg, "type", "spamtrap", &type);
	assert(res == nmsg_res_success);
	nmsf(msg, "type", 0, &type, sizeof(type));

	inet_pton(AF_INET, srcip, &ip);
	nmsf(msg, "srcip", 0, &ip, sizeof(ip));

	nmsf(msg, "srchost", 0, srchost, sizeof(srchost));

	nmsf(msg, "helo", 0, helo, sizeof(helo));
	nmsf(msg, "from", 0, from, sizeof(from));
	nmsf(msg, "rcpt", 0, rcpt0, sizeof(rcpt0));
	nmsf(msg, "rcpt", 1, rcpt1, sizeof(rcpt1));

	nmsg_output_write(output, msg);

	nmsg_message_destroy(&msg);

	/* finalize module */
	nmsg_msgmod_fini(mod, &clos);

	/* close nmsg output */
	nmsg_output_close(&output);

	return (res);
}
コード例 #6
0
ファイル: axa_tsindextool.c プロジェクト: farsightsec/axa
int
main(int argc, char *argv[])
{
	int n, c, rc, ec = EXIT_FAILURE, fd_in = -1, fd_out = -1, verbosity = 0;
	uint32_t ts_start = 0, ts_end = 0, count = 0, nmsg_cnt = 0;
	MDB_env *env = NULL;
	MDB_txn *txn = NULL;
	MDB_dbi dbi;
	MDB_val key, data;
	MDB_cursor *cursor = NULL;
	struct timespec ts, msg_ts;
	off_t *offset;
	nmsg_input_t nmsg_in = NULL;
	nmsg_output_t nmsg_out = NULL;
	nmsg_res res;
	nmsg_message_t msg;
	char *json;
	bool input_json = false, input_nmsg = false, is_counting = false, need_exact = false;
	const char *lmdb_filename = NULL, *nmsg_filename_in = NULL;
	char nmsg_filename_out[BUFSIZ] = {0};

	while ((c = getopt(argc, argv, "c:e:f:j:r:s:hvx")) != EOF) {
		switch (c) {
			case 'c':
				count = atoi(optarg);
				is_counting = true;
				break;
			case 'e':
				ts_end = atoi(optarg);
				break;
			case 'f':
				lmdb_filename = optarg;
				break;
			case 'j':
				nmsg_filename_in = optarg;
				input_json = true;
				break;
			case 'r':
				nmsg_filename_in = optarg;
				input_nmsg = true;
				break;
			case 's':
				ts_start = atoi(optarg);
				break;
			case 'v':
				verbosity++;
				break;
			case 'x':
				need_exact = true;
				break;
			case 'h':
			default:
				usage(argv[0], NULL);
				goto done;
		}
	}

	if (ts_start == 0) {
		usage(argv[0], "Need a starting timestamp (-s).");
		goto done;
	}
	if (lmdb_filename == NULL) {
		usage(argv[0], "Need a tsindex file (-f).");
		goto done;
		return (EXIT_FAILURE);
	}
	if ((input_json == false && input_nmsg == false) ||
			(input_json && input_nmsg)) {
		usage(argv[0], "Need either an nmsg json file (-j) or binary nmsg file (-r).");
		goto done;
		return (EXIT_FAILURE);
	}
	if ((ts_end == 0 && count == 0) ||
			(ts_end != 0 && count != 0)) {
		usage(argv[0], "Need either an ending timestamp (-e) or a count (-c).");
		goto done;
		return (EXIT_FAILURE);
	}

	res = nmsg_init();
	if (res != nmsg_res_success) {
		fprintf(stderr, "Error initializing NMSG library: %s\n",
				nmsg_res_lookup(res));
		goto done;
		return (EXIT_FAILURE);
	}

	fd_in = open(nmsg_filename_in, O_RDONLY);
	if (fd_in < 0) {
		fprintf(stderr, "Can't open nmsg input file \"%s\": %s\n",
				nmsg_filename_in, strerror(errno));
		goto done;
		return (EXIT_FAILURE);
	}
	n = strlcpy(nmsg_filename_out, nmsg_filename_in,
			sizeof (nmsg_filename_out));
	snprintf(nmsg_filename_out + n, sizeof (nmsg_filename_out) - n,
			"-tsindex.%u.%s", getpid(),
			input_json ? "json" : "nmsg");

	fd_out = open(nmsg_filename_out, O_CREAT | O_WRONLY, 0644);
	if (fd_out < 0) {
		fprintf(stderr, "Can't open nmsg output file \"%s\": %s\n",
				nmsg_filename_out, strerror(errno));
		goto done;
		return (EXIT_FAILURE);
	}

	if (input_json) {
		nmsg_in = nmsg_input_open_json(fd_in);
		if (nmsg_in == NULL) {
			fprintf(stderr, "nmsg_input_open_json() failed\n");
			goto done;
		}
		nmsg_out = nmsg_output_open_json(fd_out);
		if (nmsg_out == NULL) {
			fprintf(stderr, "nmsg_ouput_open_json() failed\n");
			goto done;
		}
	}
	else if (input_nmsg) {
		nmsg_in = nmsg_input_open_file(fd_in);
		if (nmsg_in == NULL) {
			fprintf(stderr, "nmsg_input_open_file() failed\n");
			goto done;
		}
		nmsg_out = nmsg_output_open_file(fd_out, NMSG_WBUFSZ_MAX);
		if (nmsg_out == NULL) {
			fprintf(stderr, "nmsg_ouput_open_file() failed\n");
			goto done;
		}
	}

	rc = mdb_env_create(&env);
	if (rc != 0) {
		fprintf(stderr, "mdb_create() failed: %s\n", mdb_strerror(rc));
		goto done;
	}

	rc = mdb_env_open(env, lmdb_filename, MDB_NOSUBDIR | MDB_RDONLY, 0664);
	if (rc != 0) {
		fprintf(stderr, "mdb_env_open failed(): %s\n",
				mdb_strerror(rc));
		goto done;
	}

	rc = mdb_txn_begin(env, NULL, MDB_RDONLY, &txn);
	if (rc != 0) {
		fprintf(stderr, "mdb_txn_begin failed(): %s\n",
				mdb_strerror(rc));
		goto done;
	}

	rc = mdb_open(txn, NULL, MDB_INTEGERKEY, &dbi);
	if (rc) {
		fprintf(stderr, "mdb_open(): %s\n", mdb_strerror(rc));
		goto done;
	}

	rc = mdb_set_compare(txn, dbi, axa_tsi_mdb_cmp);
	if (rc) {
		fprintf(stderr, "mdb_set_compare(): %s\n", mdb_strerror(rc));
		goto done;
	}

	ts.tv_sec = ts_start;
	ts.tv_nsec = 0;

	key.mv_size = sizeof (ts);
	key.mv_data = &ts;

	rc = mdb_cursor_open(txn, dbi, &cursor);
	if (rc) {
		fprintf(stderr, "mdb_cursor_open(): %s\n", mdb_strerror(rc));
		goto done;
	}

	rc = mdb_cursor_get(cursor, &key, &data,
			need_exact ? MDB_SET : MDB_SET_RANGE);
	if (rc == MDB_NOTFOUND) {
		printf("Did not find starting timestamp %u in %s.\n",
				ts_start, lmdb_filename);
		goto done;
	}
	if (rc) {
		fprintf(stderr, "mdb_cursor_get(): %s\n", mdb_strerror(rc));
		goto done;
	}

	(void) mdb_cursor_close(cursor);

	offset = (off_t *)data.mv_data;
	if (verbosity > 0)
		printf("Found %u at offset 0x%"PRIu64".\n", ts_start, *offset);

	if (lseek(fd_in, *offset, SEEK_SET) == sizeof (off_t) - 1) {
		fprintf(stderr, "lseek(): %s\n", strerror(errno));
		goto done;
	}

	while (1) {
		if (is_counting) {
			if (count-- <= 0)
				break;
		}
		res = nmsg_input_read(nmsg_in, &msg);
		if (res == nmsg_res_eof) {
			if (verbosity > 0)
				printf("End of file reached.\n");
			break;
		}
		if (res != nmsg_res_success) {
			fprintf(stderr, "nmsg_input_read(): %s\n", nmsg_res_lookup(res));
			goto done;
		}

		if (is_counting == false) {
			nmsg_message_get_time(msg, &msg_ts);
			if (msg_ts.tv_sec >= ts_end) {
				nmsg_message_destroy(&msg);
				break;
			}
		}

		res = nmsg_output_write(nmsg_out, msg);
		if (res != nmsg_res_success) {
			fprintf(stderr, "nmsg_output_write(): %s\n", nmsg_res_lookup(res));
			nmsg_message_destroy(&msg);
			goto done;
		}

		if (verbosity > 1) {
			res = nmsg_message_to_json(msg, &json);
			if (res != nmsg_res_success) {
				fprintf(stderr, "nmsg_message_to_pres(): %s\n", nmsg_res_lookup(res));
				nmsg_message_destroy(&msg);
				goto done;
			}

			printf("%s\n", json);
			free(json);
		}
		nmsg_cnt++;
		nmsg_message_destroy(&msg);
	}

	ec = EXIT_SUCCESS;
	printf("Wrote %u nmsgs to %s.\n", nmsg_cnt, nmsg_filename_out);
done:
	if (fd_in != -1)
		close(fd_in);
	if (fd_out != -1)
		close(fd_out);
	if (nmsg_in != NULL)
		nmsg_input_close(&nmsg_in);
	if (nmsg_out != NULL)
		nmsg_output_close(&nmsg_out);
	if (txn != NULL)
		mdb_txn_abort(txn);
	if (env != NULL)
		mdb_env_close(env);

	return (ec);
}
コード例 #7
0
ファイル: http_client.c プロジェクト: farsightsec/nmsg
int
main(void) {
	int nmsg_sock;
	nmsg_message_t msg;
	nmsg_msgmod_t mod;
	nmsg_output_t output;
	nmsg_res res;
	struct sockaddr_in nmsg_sockaddr;
	void *clos;

	/* initialize libnmsg */
	res = nmsg_init();
	if (res != nmsg_res_success)
		fail("unable to initialize libnmsg\n");

	/* set dst address / port */
	if (inet_pton(AF_INET, DST_ADDRESS, &nmsg_sockaddr.sin_addr)) {
		nmsg_sockaddr.sin_family = AF_INET;
		nmsg_sockaddr.sin_port = htons(DST_PORT);
	} else {
		perror("inet_pton");
		exit(1);
	}

	/* open socket */
	nmsg_sock = socket(PF_INET, SOCK_DGRAM, 0);
	if (nmsg_sock < 0) {
		perror("socket");
		exit(1);
	}

	/* connect socket */
	if (connect(nmsg_sock, (struct sockaddr *) &nmsg_sockaddr,
		    sizeof(nmsg_sockaddr)) < 0)
	{
		perror("connect");
		exit(1);
	}

	/* create nmsg output */
	output = nmsg_output_open_sock(nmsg_sock, DST_MTU);
	if (output == NULL)
		fail("unable to nmsg_output_open_sock()");

	/* open handle to the http module */
	mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID, NMSG_VENDOR_BASE_HTTP_ID);
	if (mod == NULL)
		fail("unable to acquire module handle");

	/* initialize module */
	res = nmsg_msgmod_init(mod, &clos);
	if (res != nmsg_res_success)
		exit(res);

	/* initialize message */
	msg = nmsg_message_init(mod);
	assert(msg != NULL);

	nmsg_message_set_time(msg, NULL);

	/* create and send pbuf */

	uint32_t srcport = 49152;
	uint32_t dstport = 8080;
	char request[] = "GET / HTTP/1.0\n";
	char srcip[] = "127.0.0.1";
	char dstip[] = "192.0.2.1";
	char srchost[] = "localhost.localdomain";
	uint32_t ip;

	inet_pton(AF_INET, srcip, &ip);
	nmsf(msg, "srcip", 0, (uint8_t *) &ip, sizeof(ip));

	inet_pton(AF_INET, dstip, &ip);
	nmsf(msg, "dstip", 0, (uint8_t *) &ip, sizeof(ip));

	nmsf(msg, "srchost", 0, (uint8_t *) srchost, sizeof(srchost));

	nmsf(msg, "srcport", 0, (uint8_t *) &srcport, sizeof(srcport));
	nmsf(msg, "dstport", 0, (uint8_t *) &dstport, sizeof(dstport));

	nmsf(msg, "request", 0, (uint8_t *) request, sizeof(request));

	nmsg_output_write(output, msg);

	nmsg_message_destroy(&msg);

	/* finalize module */
	nmsg_msgmod_fini(mod, &clos);

	/* close nmsg output */
	nmsg_output_close(&output);

	return (res);
}