// // Constructor // DatagramSocket::DatagramSocket(const char* interface, bool ipv6) throw(SocketException, SystemException) { // New implementation object from factory, if defined _impl = (_factory) ? _factory->createDatagramSocketImpl() : new PlainSocketImpl; _status = TID_SOCKET_STATUS_UNSPECIFIED; _channel = NULL; _ipv6 = ipv6; // Create a SOCK_DGRAM socket _impl->create(_ipv6); _status |= TID_SOCKET_STATUS_CREATED; // Asocia el socket y lo pone en escucha try { InetSocketAddress inet(PlainSocketImpl::ANY_PORT, _ipv6); bind((SocketAddress*) &inet, interface); } catch(IllegalArgumentException& e) { throw SocketException(e.what()); } }
int lpg_log_struct(struct logger_t* log, connection_t* conn, const char* tag, void* data) { switch (conn->app_proto) { // log depening on the protoco case SMTP: { struct smtp_struct* logdata = (struct smtp_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into SMTP_LOGS (ClientIP,ClientPort,ServerIP,orig_ServerIP,ServerPort,orig_serverport,Message,Type,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d, %d,'%s', '%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->dest,conn->orig_dest,conn->dport,conn->orig_dport,logdata->Message,tag,conn->timestamp ); execute_statement(statement); break; } case FTP: { struct ftp_struct* logdata = (struct ftp_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into FTP_LOGS (ClientIP,ClientPort,ServerIP,orig_ServerIP,ServerPort,orig_serverport,Message,type,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d,'%s','%s', (select current_timestamp),'%s', (select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->dest,conn->orig_dest,conn->dport,conn->orig_dport,logdata->Message,tag,conn->timestamp ); execute_statement(statement); break; } case HTTP: { if (strcmp(tag,"client") == 0) { struct http_client_struct* logdata = (struct http_client_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into HTTP_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,requestedhost,requestedlocation,useragent,method,requestheader,requestbodybinarylocation,responsereturnedtype,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d, '%s', '%s', '%s', '%s', '%s', '%s','%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->requestedHost,logdata->requestedLocation,logdata->userAgent,logdata->method,logdata->requestHeader,logdata->requestBodyBinaryLocation,logdata->responseReturnedType,conn->timestamp ); execute_statement(statement); } else { struct http_server_struct* logdata = (struct http_server_struct *) data; snprintf(statement, MAX_STATEMENT, "update HTTP_LOGS set servertype = '%s', responsecontenttype = '%s', responselastmodified = '%s', responseheader = '%s', responsebodybinarylocation = '%s' where trumantimestamp = '%s'", logdata->serverType,logdata->responseContentType,logdata->responseLastModified,logdata->responseHeader,logdata->responseBodyBinaryLocation,conn->timestamp ); execute_statement(statement); } break; } break; case IRC: { if (strcmp(tag,"client") == 0) { struct irc_client_struct* logdata = (struct irc_client_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into IRC_CLIENT_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,Command,Arguments,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d, %d,'%s', '%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->command,logdata->arguments,conn->timestamp ); execute_statement(statement); } else if (strcmp(tag,"logfile") == 0) { char location[MAX_PATH_LENGTH]; snprintf(location,MAX_PATH_LENGTH,"irc/%s",conn->timestamp); snprintf(statement, MAX_STATEMENT, "insert into IRC_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,logfilelocation,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d, '%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,location,conn->timestamp ); execute_statement(statement); } else { struct irc_server_struct* logdata = (struct irc_server_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into IRC_SERVER_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,ServerName,NumericReply,RecipientNickname,Message,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d, '%s','%s','%s','%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->serverName,logdata->numericReply,logdata->recipientNickname,logdata->message,conn->timestamp ); execute_statement(statement); } break; } case UNKNOWN: { if (strcmp(conn->dest,"") == 0) { snprintf(conn->dest,IPLENGTH,"0.0.0.0"); } struct unknown_struct* logdata = (struct unknown_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into UNKNOWN_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,binaryLocation,type,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d,'%s','%s', (select current_timestamp),'%s', (select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->binaryLocation,tag,conn->timestamp ); msg(MSG_DEBUG,"try to execute: %s",statement); execute_statement(statement); break; } case DNS: { struct dns_struct* logdata = (struct dns_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into DNS_LOGS (clientIP,orig_ServerIP,ServerIP,DomainName,date,trumantimestamp,sample_id) Values (inet('%s'),inet('%s'),inet('%s'),'%s', (select current_timestamp),'%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", logdata->clientIP,logdata->serverIP,logdata->realServerIP,logdata->domain,conn->timestamp ); execute_statement(statement); break; } case FTP_data: { struct ftp_data_struct* logdata = (struct ftp_data_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into FTP_Passive_Logs (clientIP,clientport,orig_ServerIP,ServerIP,orig_serverport,Serverport,binarylocation, type, filename, date,Trumantimestamp,sample_id) VALUES \ (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d,'%s', \ (select case when type = '' then null else type end from awaited_pasv where serverport = %d and serverIP = inet('%s')), \ (select case when filename = '' then null else filename end from awaited_pasv where serverport = %d and serverIP = inet('%s')), (select current_timestamp), '%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->binaryLocation,conn->dport,conn->dest,conn->dport,conn->dest,conn->timestamp ); msg(MSG_DEBUG,"try to insert: %s",statement); execute_statement(statement); snprintf(statement, MAX_STATEMENT, "delete from awaited_pasv where serverport = %d and serverip = inet('%s')", conn->dport,conn->dest); execute_statement(statement); break; } case SSL_Proto: { struct ssl_struct* logdata = (struct ssl_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into SSL_Logs (clientIP,clientport,orig_ServerIP,ServerIP,orig_serverport,Serverport, Client_Hello_SSL_Version, server_certificate_location, http_request_location,date, Trumantimestamp,sample_id) VALUES (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d,'%s', '%s', '%s', (select current_timestamp), '%s',(select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->sslVersion,logdata->server_cert,logdata->http_request,conn->timestamp ); msg(MSG_DEBUG,"try to insert: %s",statement); execute_statement(statement); break; } case UNKNOWN_UDP: { struct unknown_struct* logdata = (struct unknown_struct *) data; snprintf(statement, MAX_STATEMENT, "insert into UNKNOWN_UDP_LOGS (ClientIP,ClientPort,orig_ServerIP,ServerIP,orig_serverport,ServerPort,binaryLocation,type,date,TrumanTimestamp,sample_id) Values (inet('%s'),%d,inet('%s'),inet('%s'),%d,%d,'%s','%s', (select current_timestamp),'%s', (select distinct value from trumanbox_settings where key = 'CURRENT_SAMPLE'))", conn->source,conn->sport,conn->orig_dest,conn->dest,conn->orig_dport,conn->dport,logdata->binaryLocation,tag,conn->timestamp ); msg(MSG_DEBUG,"try to execute: %s",statement); execute_statement(statement); break; }default: { msg(MSG_DEBUG, "Protocol not yet handled, abort..."); } } // end of switch return 0; } // end of lpg_log_struct