static void
nmsg_callback(nmsg_message_t msg, void *user) {
if (nmsg_message_get_vid(msg) == NMSG_VENDOR_BASE_ID &&
nmsg_message_get_msgtype(msg) == NMSG_VENDOR_BASE_PKT_ID)
{
process_msg(msg);
}
nmsg_message_destroy(&msg);
}
axa_w2n_res_t
axa_whit2nmsg(axa_emsg_t *emsg, nmsg_input_t nmsg_input,
nmsg_message_t *msgp, axa_p_whit_t *whit, size_t whit_len)
{
size_t msg_len;
nmsg_message_t *msgs;
size_t n_msgs;
struct timespec ts;
nmsg_res res;
*msgp = NULL;
msg_len = whit_len - sizeof(whit->nmsg.hdr);
if (msg_len <= 0) {
axa_pemsg(emsg, "truncated nmsg");
return (AXA_W2N_RES_FAIL);
}
ts.tv_sec = AXA_P2H32(whit->nmsg.hdr.ts.tv_sec);
ts.tv_nsec = AXA_P2H32(whit->nmsg.hdr.ts.tv_nsec);
res = nmsg_input_read_null(nmsg_input, whit->nmsg.b, msg_len,
&ts, &msgs, &n_msgs);
if (res != nmsg_res_success) {
axa_pemsg(emsg, "nmsg_input_read_null(): %s",
nmsg_res_lookup(res));
return (AXA_W2N_RES_FAIL);
}
/* if res == nmsg_res_success && n_msgs == 0, we have an NMSG fragment */
if (n_msgs < 1 || n_msgs > 1) {
while (n_msgs > 0)
nmsg_message_destroy(&msgs[--n_msgs]);
free(msgs);
return (AXA_W2N_RES_FRAGMENT);
}
*msgp = msgs[0];
free(msgs);
return (AXA_W2N_RES_SUCCESS);
}
static axa_json_res_t
add_whit(axa_emsg_t *emsg, yajl_gen g, struct axa_strbuf *yajl_sb, nmsg_input_t nmsg_input, axa_p_whit_t *whit, size_t whit_len)
{
axa_json_res_t json_res;
json_res = add_channel(emsg, g, whit->hdr.ch);
if (json_res != AXA_JSON_RES_SUCCESS)
return (json_res);
switch (whit->hdr.type) {
case AXA_P_WHIT_NMSG: {
struct axa_strbuf *sb;
nmsg_message_t msg;
axa_w2n_res_t wres;
nmsg_res nres;
const char *vname, *mname;
char *nmsg_json = NULL;
struct tm tm;
time_t t;
char when[32];
if (whit_len < sizeof(axa_p_whit_nmsg_t)) {
axa_pemsg(emsg, "whit_len %zu < %zu", whit_len, sizeof(axa_p_whit_nmsg_t));
return (AXA_JSON_RES_FAILURE);
}
wres = axa_whit2nmsg(emsg, nmsg_input, &msg, whit, whit_len);
if (wres != AXA_W2N_RES_SUCCESS) {
return (AXA_JSON_RES_FAILURE);
}
sb = axa_strbuf_init();
if (sb == NULL) {
axa_pemsg(emsg, "could not allocate axa_strbuf");
return (AXA_JSON_RES_MEMFAIL);
}
if(AXA_P2H_IDX(whit->nmsg.hdr.field_idx) < AXA_NMSG_IDX_RSVD) {
const char *field_name;
nres = nmsg_message_get_field_name(msg, whit->nmsg.hdr.field_idx, &field_name);
if (nres == nmsg_res_success) {
add_yajl_string(g, "field");
add_yajl_string(g, field_name);
} else {
add_yajl_string(g, "field_idx");
add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.field_idx));
}
}
if (AXA_P2H_IDX(whit->nmsg.hdr.val_idx) < AXA_NMSG_IDX_RSVD) {
add_yajl_string(g, "val_idx");
add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.val_idx));
}
vname = nmsg_msgmod_vid_to_vname(AXA_P2H_IDX(whit->nmsg.hdr.vid));
if (vname != NULL) {
add_yajl_string(g, "vname");
add_yajl_string(g, vname);
} else {
add_yajl_string(g, "vid");
add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.vid));
}
mname = nmsg_msgmod_msgtype_to_mname(
AXA_P2H16(whit->nmsg.hdr.vid),
AXA_P2H16(whit->nmsg.hdr.type));
if (mname != NULL) {
add_yajl_string(g, "mname");
add_yajl_string(g, mname);
} else {
add_yajl_string(g, "msgtype");
add_yajl_integer(g, AXA_P2H_IDX(whit->nmsg.hdr.type));
}
add_yajl_string(g, "time");
t = AXA_P2H32(whit->nmsg.hdr.ts.tv_sec);
gmtime_r(&t, &tm);
strftime(when, sizeof(when), "%Y-%m-%d %T", &tm);
axa_strbuf_reset(sb);
axa_strbuf_append(sb, "%s.%09u", when,
AXA_P2H32(whit->nmsg.hdr.ts.tv_nsec));
add_yajl_string(g, sb->data);
nres = nmsg_message_to_json(msg, &nmsg_json);
if (nres == nmsg_res_success) {
add_yajl_string(g, "nmsg");
add_yajl_integer(g, 0);
yajl_gen_clear(g);
axa_strbuf_clip(yajl_sb, axa_strbuf_len(yajl_sb)-1);
axa_strbuf_append(yajl_sb, "%s", nmsg_json);
free(nmsg_json);
}
axa_strbuf_destroy(&sb);
nmsg_message_destroy(&msg);
return (AXA_JSON_RES_SUCCESS);
}
case AXA_P_WHIT_IP: {
struct axa_strbuf *sb;
struct nmsg_ipdg dg;
nmsg_res res;
struct tm tm;
time_t t;
char when[32];
if (whit_len < sizeof(axa_p_whit_ip_t)) {
axa_pemsg(emsg, "whit_len %zu < %zu",
whit_len, sizeof(axa_p_whit_ip_t));
return (AXA_JSON_RES_FAILURE);
}
add_yajl_string(g, "time");
t = AXA_P2H32(whit->ip.hdr.tv.tv_sec);
gmtime_r(&t, &tm);
strftime(when, sizeof(when), "%Y-%m-%d %T", &tm);
sb = axa_strbuf_init();
if (sb == NULL) {
axa_pemsg(emsg, "could not allocate axa_strbuf");
return (AXA_JSON_RES_MEMFAIL);
}
axa_strbuf_append(sb, "%s.%06u", when,
AXA_P2H32(whit->ip.hdr.tv.tv_usec));
add_yajl_string(g, sb->data);
axa_strbuf_destroy(&sb);
res = nmsg_ipdg_parse_pcap_raw(&dg, DLT_RAW, whit->ip.b, whit_len - offsetof(axa_p_whit_ip_t, b));
if (res != nmsg_res_success || dg.len_network == 0) {
add_yajl_string(g, "parse_error");
add_yajl_bool(g, true);
return (AXA_JSON_RES_SUCCESS);
}
add_yajl_string(g, "af");
switch(dg.proto_network) {
case AF_INET: {
struct ip *ip_hdr;
char addr_str[INET_ADDRSTRLEN];
add_yajl_string(g, "IPv4");
if (dg.network != NULL && dg.len_network >= sizeof(ip_hdr)) {
ip_hdr = (void*)dg.network;
add_yajl_string(g, "src");
add_yajl_string(g, inet_ntop(AF_INET, &ip_hdr->ip_src, addr_str, sizeof(addr_str)));
add_yajl_string(g, "dst");
add_yajl_string(g, inet_ntop(AF_INET, &ip_hdr->ip_dst, addr_str, sizeof(addr_str)));
add_yajl_string(g, "ttl");
add_yajl_integer(g, ip_hdr->ip_ttl);
}
break;
}
case AF_INET6: {
struct ip6_hdr *ip6_hdr;
char addr_str[INET6_ADDRSTRLEN];
add_yajl_string(g, "IPv6");
if (dg.network != NULL && dg.len_network >= sizeof(ip6_hdr)) {
ip6_hdr = (void*)dg.network;
add_yajl_string(g, "src");
add_yajl_string(g, inet_ntop(AF_INET6, &ip6_hdr->ip6_src, addr_str, sizeof(addr_str)));
add_yajl_string(g, "dst");
add_yajl_string(g, inet_ntop(AF_INET6, &ip6_hdr->ip6_dst, addr_str, sizeof(addr_str)));
add_yajl_string(g, "ttl");
add_yajl_integer(g, ip6_hdr->ip6_hlim);
}
break;
}
default:
add_yajl_integer(g, dg.proto_network);
return (AXA_JSON_RES_SUCCESS);
} /* switch */
add_yajl_string(g, "proto");
switch(dg.proto_transport) {
case IPPROTO_ICMP:
add_yajl_string(g, "ICMP");
break;
case IPPROTO_ICMPV6:
add_yajl_string(g, "ICMPv6");
break;
case IPPROTO_TCP:
add_yajl_string(g, "TCP");
if (dg.transport != NULL && dg.len_transport >= sizeof(struct tcphdr)) {
struct tcphdr *tcp_hdr = (void*)dg.transport;
add_yajl_string(g, "src_port");
add_yajl_integer(g, ntohs(tcp_hdr->th_sport));
add_yajl_string(g, "dst_port");
add_yajl_integer(g, ntohs(tcp_hdr->th_dport));
add_yajl_string(g, "flags");
add_yajl_array(g);
if ((tcp_hdr->th_flags & TH_FIN) != 0)
add_yajl_string(g, "FIN");
if ((tcp_hdr->th_flags & TH_SYN) != 0)
add_yajl_string(g, "SYN");
if ((tcp_hdr->th_flags & TH_ACK) != 0)
add_yajl_string(g, "ACK");
if ((tcp_hdr->th_flags & TH_RST) != 0)
add_yajl_string(g, "RST");
close_yajl_array(g);
}
break;
case IPPROTO_UDP:
add_yajl_string(g, "UDP");
if (dg.transport != NULL && dg.len_transport >= sizeof(struct udphdr)) {
struct udphdr *udp_hdr = (void*)dg.transport;
add_yajl_string(g, "src_port");
add_yajl_integer(g, ntohs(udp_hdr->uh_sport));
add_yajl_string(g, "dst_port");
add_yajl_integer(g, ntohs(udp_hdr->uh_dport));
}
break;
default:
add_yajl_integer(g, dg.proto_transport);
break;
} /* switch */
if (dg.payload != NULL) {
base64_encodestate b64;
char *b64_str;
size_t b64_str_len;
base64_init_encodestate(&b64);
b64_str = alloca(2 * dg.len_payload + 1);
AXA_ASSERT(b64_str != NULL);
b64_str_len = base64_encode_block((void*)dg.payload,
dg.len_payload, b64_str, &b64);
b64_str_len += base64_encode_blockend(b64_str + b64_str_len, &b64);
add_yajl_string(g, "payload");
add_yajl_string_len(g, b64_str, b64_str_len);
}
return (AXA_JSON_RES_SUCCESS);
}
default:
axa_pemsg(emsg, "unknown whit hdr type: %d", whit->hdr.type);
return (AXA_JSON_RES_FAILURE);
}
}
/* forward watch hits as NMSG messages */
bool
out_whit_nmsg(axa_p_whit_t *whit, size_t whit_len)
{
nmsg_message_t msg;
struct timespec ts;
static const union {
uint e;
uint8_t c[0];
} pkt_enum = { .e = NMSG__BASE__PACKET_TYPE__IP };
size_t len;
struct timeval now;
nmsg_res res;
bool result;
switch ((axa_p_whit_enum_t)whit->hdr.type) {
case AXA_P_WHIT_NMSG:
/* pass NMSG messages along */
if (whit2nmsg(&msg, whit, whit_len) == AXA_W2N_RES_FRAGMENT) {
if (axa_debug != 0)
printf("ignoring NMSG fragment from "
AXA_OP_CH_PREFIX"%d",
AXA_P2H_CH(whit->hdr.ch));
return (false);
}
if (msg == NULL)
return (false);
break;
case AXA_P_WHIT_IP:
/* Convert raw IP packets to nmsg BASE_PACKET */
len = whit_len - sizeof(whit->ip.hdr);
if (AXA_P2H32(whit->ip.hdr.ip_len) != len)
return (false); /* Ignore incomplete packets. */
if (!out_nmsg_mod_checked) {
out_nmsg_mod_checked = true;
out_nmsg_mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID,
NMSG_VENDOR_BASE_PACKET_ID);
if (out_nmsg_mod == NULL) {
out_error("cannot get BASE_PACKET module");
return (false);
}
res = nmsg_msgmod_init(out_nmsg_mod, &out_nmsg_clos);
if (res != nmsg_res_success) {
out_error("cannot init BASE_PACKET module");
out_nmsg_mod = NULL;
return (false);
}
}
if (out_nmsg_mod == NULL) {
out_error("cannot forward IP as NMSG messages"
" without PACKET nmsg_msgmod");
return (false);
}
msg = nmsg_message_init(out_nmsg_mod);
AXA_ASSERT(msg != NULL);
res = nmsg_message_set_field(msg, "payload_type", 0,
pkt_enum.c, sizeof(pkt_enum));
AXA_ASSERT(res == nmsg_res_success);
res = nmsg_message_set_field(msg, "payload", 0,
whit->ip.b, len);
AXA_ASSERT(res == nmsg_res_success);
ts.tv_sec = AXA_P2H32(whit->ip.hdr.tv.tv_sec);
ts.tv_nsec = AXA_P2H32(whit->ip.hdr.tv.tv_usec) * 1000;
nmsg_message_set_time(msg, &ts);
break;
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunreachable-code"
default:
out_error("cannot forward SRA #%d messages as NMSG messages",
whit->hdr.type);
return (false);
#pragma clang diagnostic pop
}
res = nmsg_output_write(out_nmsg_output, msg);
if (res == nmsg_res_success) {
result = true;
} else {
result = false;
gettimeofday(&now, NULL);
if (out_sock_type != SOCK_DGRAM
|| res != nmsg_res_errno
|| !AXA_IGNORED_UDP_ERRNO(errno)) {
/* Stop on non-UDP errors. */
clear_prompt();
error_msg("nmsg_output_write(): %s",
nmsg_res_lookup(res));
out_close(false);
disconnect(true);
} else if (output_errno != errno
|| 60*1000 <= axa_elapsed_ms(&now,
&output_errno_time)
|| axa_debug >= AXA_DEBUG_TRACE) {
/* Report occasional identical UDP errors. */
output_errno = errno;
gettimeofday(&output_errno_time, NULL);
clear_prompt();
error_msg("nmsg_output_write(): %s",
strerror(output_errno));
}
}
nmsg_message_destroy(&msg);
if (time_out_flush.tv_sec == 0)
gettimeofday(&time_out_flush, NULL);
return (result);
}
int
main(void) {
int nmsg_sock;
nmsg_message_t msg;
nmsg_msgmod_t mod;
nmsg_output_t output;
nmsg_res res;
struct sockaddr_in nmsg_sockaddr;
void *clos;
/* initialize libnmsg */
res = nmsg_init();
if (res != nmsg_res_success)
fail("unable to initialize libnmsg\n");
/* set dst address / port */
if (inet_pton(AF_INET, DST_ADDRESS, &nmsg_sockaddr.sin_addr)) {
nmsg_sockaddr.sin_family = AF_INET;
nmsg_sockaddr.sin_port = htons(DST_PORT);
} else {
perror("inet_pton");
exit(1);
}
/* open socket */
nmsg_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (nmsg_sock < 0) {
perror("socket");
exit(1);
}
/* connect socket */
if (connect(nmsg_sock, (struct sockaddr *) &nmsg_sockaddr,
sizeof(nmsg_sockaddr)) < 0)
{
perror("connect");
exit(1);
}
/* create nmsg output */
output = nmsg_output_open_sock(nmsg_sock, DST_MTU);
if (output == NULL)
fail("unable to nmsg_output_open_sock()");
/* open handle to the email module */
mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID, NMSG_VENDOR_BASE_EMAIL_ID);
if (mod == NULL)
fail("unable to acquire module handle");
/* initialize module */
res = nmsg_msgmod_init(mod, &clos);
if (res != nmsg_res_success)
exit(res);
/* create and send pbuf */
char srcip[] = "127.0.0.1";
char srchost[] = "localhost.localdomain";
char helo[] = "helo";
char from[] = "*****@*****.**";
char rcpt0[] = "*****@*****.**";
char rcpt1[] = "*****@*****.**";
uint32_t ip;
unsigned type;
msg = nmsg_message_init(mod);
assert(msg != NULL);
res = nmsg_message_enum_name_to_value(msg, "type", "spamtrap", &type);
assert(res == nmsg_res_success);
nmsf(msg, "type", 0, &type, sizeof(type));
inet_pton(AF_INET, srcip, &ip);
nmsf(msg, "srcip", 0, &ip, sizeof(ip));
nmsf(msg, "srchost", 0, srchost, sizeof(srchost));
nmsf(msg, "helo", 0, helo, sizeof(helo));
nmsf(msg, "from", 0, from, sizeof(from));
nmsf(msg, "rcpt", 0, rcpt0, sizeof(rcpt0));
nmsf(msg, "rcpt", 1, rcpt1, sizeof(rcpt1));
nmsg_output_write(output, msg);
nmsg_message_destroy(&msg);
/* finalize module */
nmsg_msgmod_fini(mod, &clos);
/* close nmsg output */
nmsg_output_close(&output);
return (res);
}
int
main(int argc, char *argv[])
{
int n, c, rc, ec = EXIT_FAILURE, fd_in = -1, fd_out = -1, verbosity = 0;
uint32_t ts_start = 0, ts_end = 0, count = 0, nmsg_cnt = 0;
MDB_env *env = NULL;
MDB_txn *txn = NULL;
MDB_dbi dbi;
MDB_val key, data;
MDB_cursor *cursor = NULL;
struct timespec ts, msg_ts;
off_t *offset;
nmsg_input_t nmsg_in = NULL;
nmsg_output_t nmsg_out = NULL;
nmsg_res res;
nmsg_message_t msg;
char *json;
bool input_json = false, input_nmsg = false, is_counting = false, need_exact = false;
const char *lmdb_filename = NULL, *nmsg_filename_in = NULL;
char nmsg_filename_out[BUFSIZ] = {0};
while ((c = getopt(argc, argv, "c:e:f:j:r:s:hvx")) != EOF) {
switch (c) {
case 'c':
count = atoi(optarg);
is_counting = true;
break;
case 'e':
ts_end = atoi(optarg);
break;
case 'f':
lmdb_filename = optarg;
break;
case 'j':
nmsg_filename_in = optarg;
input_json = true;
break;
case 'r':
nmsg_filename_in = optarg;
input_nmsg = true;
break;
case 's':
ts_start = atoi(optarg);
break;
case 'v':
verbosity++;
break;
case 'x':
need_exact = true;
break;
case 'h':
default:
usage(argv[0], NULL);
goto done;
}
}
if (ts_start == 0) {
usage(argv[0], "Need a starting timestamp (-s).");
goto done;
}
if (lmdb_filename == NULL) {
usage(argv[0], "Need a tsindex file (-f).");
goto done;
return (EXIT_FAILURE);
}
if ((input_json == false && input_nmsg == false) ||
(input_json && input_nmsg)) {
usage(argv[0], "Need either an nmsg json file (-j) or binary nmsg file (-r).");
goto done;
return (EXIT_FAILURE);
}
if ((ts_end == 0 && count == 0) ||
(ts_end != 0 && count != 0)) {
usage(argv[0], "Need either an ending timestamp (-e) or a count (-c).");
goto done;
return (EXIT_FAILURE);
}
res = nmsg_init();
if (res != nmsg_res_success) {
fprintf(stderr, "Error initializing NMSG library: %s\n",
nmsg_res_lookup(res));
goto done;
return (EXIT_FAILURE);
}
fd_in = open(nmsg_filename_in, O_RDONLY);
if (fd_in < 0) {
fprintf(stderr, "Can't open nmsg input file \"%s\": %s\n",
nmsg_filename_in, strerror(errno));
goto done;
return (EXIT_FAILURE);
}
n = strlcpy(nmsg_filename_out, nmsg_filename_in,
sizeof (nmsg_filename_out));
snprintf(nmsg_filename_out + n, sizeof (nmsg_filename_out) - n,
"-tsindex.%u.%s", getpid(),
input_json ? "json" : "nmsg");
fd_out = open(nmsg_filename_out, O_CREAT | O_WRONLY, 0644);
if (fd_out < 0) {
fprintf(stderr, "Can't open nmsg output file \"%s\": %s\n",
nmsg_filename_out, strerror(errno));
goto done;
return (EXIT_FAILURE);
}
if (input_json) {
nmsg_in = nmsg_input_open_json(fd_in);
if (nmsg_in == NULL) {
fprintf(stderr, "nmsg_input_open_json() failed\n");
goto done;
}
nmsg_out = nmsg_output_open_json(fd_out);
if (nmsg_out == NULL) {
fprintf(stderr, "nmsg_ouput_open_json() failed\n");
goto done;
}
}
else if (input_nmsg) {
nmsg_in = nmsg_input_open_file(fd_in);
if (nmsg_in == NULL) {
fprintf(stderr, "nmsg_input_open_file() failed\n");
goto done;
}
nmsg_out = nmsg_output_open_file(fd_out, NMSG_WBUFSZ_MAX);
if (nmsg_out == NULL) {
fprintf(stderr, "nmsg_ouput_open_file() failed\n");
goto done;
}
}
rc = mdb_env_create(&env);
if (rc != 0) {
fprintf(stderr, "mdb_create() failed: %s\n", mdb_strerror(rc));
goto done;
}
rc = mdb_env_open(env, lmdb_filename, MDB_NOSUBDIR | MDB_RDONLY, 0664);
if (rc != 0) {
fprintf(stderr, "mdb_env_open failed(): %s\n",
mdb_strerror(rc));
goto done;
}
rc = mdb_txn_begin(env, NULL, MDB_RDONLY, &txn);
if (rc != 0) {
fprintf(stderr, "mdb_txn_begin failed(): %s\n",
mdb_strerror(rc));
goto done;
}
rc = mdb_open(txn, NULL, MDB_INTEGERKEY, &dbi);
if (rc) {
fprintf(stderr, "mdb_open(): %s\n", mdb_strerror(rc));
goto done;
}
rc = mdb_set_compare(txn, dbi, axa_tsi_mdb_cmp);
if (rc) {
fprintf(stderr, "mdb_set_compare(): %s\n", mdb_strerror(rc));
goto done;
}
ts.tv_sec = ts_start;
ts.tv_nsec = 0;
key.mv_size = sizeof (ts);
key.mv_data = &ts;
rc = mdb_cursor_open(txn, dbi, &cursor);
if (rc) {
fprintf(stderr, "mdb_cursor_open(): %s\n", mdb_strerror(rc));
goto done;
}
rc = mdb_cursor_get(cursor, &key, &data,
need_exact ? MDB_SET : MDB_SET_RANGE);
if (rc == MDB_NOTFOUND) {
printf("Did not find starting timestamp %u in %s.\n",
ts_start, lmdb_filename);
goto done;
}
if (rc) {
fprintf(stderr, "mdb_cursor_get(): %s\n", mdb_strerror(rc));
goto done;
}
(void) mdb_cursor_close(cursor);
offset = (off_t *)data.mv_data;
if (verbosity > 0)
printf("Found %u at offset 0x%"PRIu64".\n", ts_start, *offset);
if (lseek(fd_in, *offset, SEEK_SET) == sizeof (off_t) - 1) {
fprintf(stderr, "lseek(): %s\n", strerror(errno));
goto done;
}
while (1) {
if (is_counting) {
if (count-- <= 0)
break;
}
res = nmsg_input_read(nmsg_in, &msg);
if (res == nmsg_res_eof) {
if (verbosity > 0)
printf("End of file reached.\n");
break;
}
if (res != nmsg_res_success) {
fprintf(stderr, "nmsg_input_read(): %s\n", nmsg_res_lookup(res));
goto done;
}
if (is_counting == false) {
nmsg_message_get_time(msg, &msg_ts);
if (msg_ts.tv_sec >= ts_end) {
nmsg_message_destroy(&msg);
break;
}
}
res = nmsg_output_write(nmsg_out, msg);
if (res != nmsg_res_success) {
fprintf(stderr, "nmsg_output_write(): %s\n", nmsg_res_lookup(res));
nmsg_message_destroy(&msg);
goto done;
}
if (verbosity > 1) {
res = nmsg_message_to_json(msg, &json);
if (res != nmsg_res_success) {
fprintf(stderr, "nmsg_message_to_pres(): %s\n", nmsg_res_lookup(res));
nmsg_message_destroy(&msg);
goto done;
}
printf("%s\n", json);
free(json);
}
nmsg_cnt++;
nmsg_message_destroy(&msg);
}
ec = EXIT_SUCCESS;
printf("Wrote %u nmsgs to %s.\n", nmsg_cnt, nmsg_filename_out);
done:
if (fd_in != -1)
close(fd_in);
if (fd_out != -1)
close(fd_out);
if (nmsg_in != NULL)
nmsg_input_close(&nmsg_in);
if (nmsg_out != NULL)
nmsg_output_close(&nmsg_out);
if (txn != NULL)
mdb_txn_abort(txn);
if (env != NULL)
mdb_env_close(env);
return (ec);
}
int
main(void) {
int nmsg_sock;
nmsg_message_t msg;
nmsg_msgmod_t mod;
nmsg_output_t output;
nmsg_res res;
struct sockaddr_in nmsg_sockaddr;
void *clos;
/* initialize libnmsg */
res = nmsg_init();
if (res != nmsg_res_success)
fail("unable to initialize libnmsg\n");
/* set dst address / port */
if (inet_pton(AF_INET, DST_ADDRESS, &nmsg_sockaddr.sin_addr)) {
nmsg_sockaddr.sin_family = AF_INET;
nmsg_sockaddr.sin_port = htons(DST_PORT);
} else {
perror("inet_pton");
exit(1);
}
/* open socket */
nmsg_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (nmsg_sock < 0) {
perror("socket");
exit(1);
}
/* connect socket */
if (connect(nmsg_sock, (struct sockaddr *) &nmsg_sockaddr,
sizeof(nmsg_sockaddr)) < 0)
{
perror("connect");
exit(1);
}
/* create nmsg output */
output = nmsg_output_open_sock(nmsg_sock, DST_MTU);
if (output == NULL)
fail("unable to nmsg_output_open_sock()");
/* open handle to the http module */
mod = nmsg_msgmod_lookup(NMSG_VENDOR_BASE_ID, NMSG_VENDOR_BASE_HTTP_ID);
if (mod == NULL)
fail("unable to acquire module handle");
/* initialize module */
res = nmsg_msgmod_init(mod, &clos);
if (res != nmsg_res_success)
exit(res);
/* initialize message */
msg = nmsg_message_init(mod);
assert(msg != NULL);
nmsg_message_set_time(msg, NULL);
/* create and send pbuf */
uint32_t srcport = 49152;
uint32_t dstport = 8080;
char request[] = "GET / HTTP/1.0\n";
char srcip[] = "127.0.0.1";
char dstip[] = "192.0.2.1";
char srchost[] = "localhost.localdomain";
uint32_t ip;
inet_pton(AF_INET, srcip, &ip);
nmsf(msg, "srcip", 0, (uint8_t *) &ip, sizeof(ip));
inet_pton(AF_INET, dstip, &ip);
nmsf(msg, "dstip", 0, (uint8_t *) &ip, sizeof(ip));
nmsf(msg, "srchost", 0, (uint8_t *) srchost, sizeof(srchost));
nmsf(msg, "srcport", 0, (uint8_t *) &srcport, sizeof(srcport));
nmsf(msg, "dstport", 0, (uint8_t *) &dstport, sizeof(dstport));
nmsf(msg, "request", 0, (uint8_t *) request, sizeof(request));
nmsg_output_write(output, msg);
nmsg_message_destroy(&msg);
/* finalize module */
nmsg_msgmod_fini(mod, &clos);
/* close nmsg output */
nmsg_output_close(&output);
return (res);
}