📄 spo_log_database.c
字号:
{
printf("Must enter database name in configuration file\n");
exit(-1);
}
}
/*
* Function: Log Database(Packet *, char * msg)
*
* Purpose: Insert data into the database
*
* Arguments: p => pointer to the current packet data struct
* msg => pointer to the signature message
*
* Returns: void function
*
*/
void LogDatabase(Packet *p, char *msg, void *arg)
{
char *i0;
char *i1;
char *i2;
char sip[16];
char dip[16];
char *s0,*s1,*s2,*s3,*d0,*d1,*d2,*d3;
if (p == NULL)
{
#ifdef DEBUG
printf("Attempted to log a NULL packet to database\n");
#endif
return;
}
/*
Still need code to handle fragments! For now we will not log them.
Fixing this is on the ToDo list
*/
if (!p->frag_flag)
{
i0 = (char *)malloc(MAX_QUERY_LENGTH);
i1 = (char *)malloc(MAX_QUERY_LENGTH);
i2 = (char *)malloc(MAX_QUERY_LENGTH);
/* have to do this since inet_ntoa is f^@%&d up and writes to
a static memory location */
strncpy(sip, inet_ntoa(p->iph->ip_src), 16);
strncpy(dip, inet_ntoa(p->iph->ip_dst), 16);
s0 = strtok(sip,".");
s1 = strtok(NULL,".");
s2 = strtok(NULL,".");
s3 = strtok(NULL,".");
d0 = strtok(dip,".");
d1 = strtok(NULL,".");
d2 = strtok(NULL,".");
d3 = strtok(NULL,".");
if (p->iph->ip_proto == IPPROTO_ICMP)
{
sprintf(i2,
"INSERT INTO icmphdr (sid,cid,type,code) VALUES ('%i','%i','%i','%i')",
sid, cid, p->icmph->type, p->icmph->code);
}
else if (p->iph->ip_proto == IPPROTO_TCP)
{
sprintf(i2,
"INSERT INTO tcphdr (sid,cid,th_sport,th_dport,th_flags,th_win,th_urp) VALUES ('%i','%i','%i','%i','%i','%i','%i')",
sid, cid, ntohs(p->tcph->th_sport), ntohs(p->tcph->th_dport),
p->tcph->th_flags, ntohs(p->tcph->th_win), p->tcph->th_urp);
}
else if (p->iph->ip_proto == IPPROTO_UDP)
{
sprintf(i2,
"INSERT INTO udphdr (sid,cid,uh_sport,uh_dport,uh_len) VALUES ('%i','%i','%i','%i','%i')",
sid, cid, ntohs(p->udph->uh_sport), ntohs(p->udph->uh_dport),
ntohs(p->udph->uh_len));
}
if (msg == NULL)
{
msg = "NULL MESSAGE";
}
sprintf(i0, "INSERT INTO event (sid,cid,signature,timestamp) VALUES ('%i','%i','%s',now());",sid,cid,msg);
sprintf(i1, "INSERT INTO iphdr (sid,cid,ip_proto,ip_src0,ip_src1,ip_src2,ip_src3,ip_dst0,ip_dst1,ip_dst2,ip_dst3,ip_tos,ip_ttl,ip_id,ip_off,ip_len) VALUES ('%i','%i','%i','%s','%s','%s','%s','%s','%s','%s','%s','%i','%i','%i','%i','%i');",sid,cid,p->iph->ip_proto,s0,s1,s2,s3,d0,d1,d2,d3,p->iph->ip_tos,p->iph->ip_ttl,ntohs(p->iph->ip_id),ntohs(p->frag_offset),ntohs(p->iph->ip_len));
/* Execute the qureies */
Insert(i0); free(i0);
Insert(i1); free(i1);
Insert(i2); free(i2);
cid++;
/* A Unixodbc bugfix */
if (cid == 600) { cid = 601; }
}
}
/* Function: Insert(char * query)
*
* Purpose: Database independent function for SQL inserts
*
* Arguments: query (An SQL insert)
*
* Returns: 1 if successful, 0 if fail
*/
int Insert(char * query)
{
int result = 0;
#ifdef ENABLE_POSTGRESQL
if(!strcasecmp(dbtype,POSTGRESQL))
{
p_result = PQexec(p_connection,query);
if(!(PQresultStatus(p_result) != PGRES_COMMAND_OK))
{
result = 1;
}
if(!result)
{
ErrorMessage("Error: %s\n",PQerrorMessage(p_connection));
}
}
#endif
#ifdef ENABLE_MYSQL
if(!strcasecmp(dbtype,MYSQL))
{
if(!(mysql_query(m_sock,query)))
{
result = 1;
}
if(!result)
{
ErrorMessage("Error: %s\n", mysql_error(m_sock));
}
}
#endif
#ifdef ENABLE_UNIXODBC
if(!strcasecmp(dbtype,UNIXODBC))
{
if(SQLAllocStmt(u_connection, &u_statement) == SQL_SUCCESS)
if(SQLPrepare(u_statement, query, SQL_NTS) == SQL_SUCCESS)
if(SQLExecute(u_statement) == SQL_SUCCESS)
result = 1;
}
#endif
#ifdef DEBUG
if (result) { printf("(%s) executed\n", query); }
else { printf("(%s) failed\n", query); }
#endif
return result;
}
/* Function: Select(char * query)
*
* Purpose: Database independent function for SQL selects that
* return a non zero int
*
* Arguments: query (An SQL insert)
*
* Returns: result of query if successful, 0 if fail
*/
int Select(char * query)
{
int result = 0;
#ifdef ENABLE_POSTGRESQL
if(!strcasecmp(dbtype,POSTGRESQL))
{
p_result = PQexec(p_connection,query);
if((PQresultStatus(p_result) == PGRES_TUPLES_OK))
{
if(PQntuples(p_result))
{
if((PQntuples(p_result)) > 1)
{
ErrorMessage("ERROR (%s) returned more than one result\n", query);
result = 0;
}
else
{
result = atoi(PQgetvalue(p_result,0,0));
}
}
}
if(!result)
{
ErrorMessage("Error: %s\n",PQerrorMessage(p_connection));
}
}
#endif
#ifdef ENABLE_MYSQL
if(!strcasecmp(dbtype,MYSQL))
{
if(mysql_query(m_sock,query))
{
result = 0;
}
else
{
if(!(m_result = mysql_use_result(m_sock)))
{
result = 0;
}
else
{
if((m_row = mysql_fetch_row(m_result)))
{
if(m_row[0] != NULL)
{
result = atoi(m_row[0]);
}
}
}
}
mysql_free_result(m_result);
if(!result)
{
ErrorMessage("Error: %s\n", mysql_error(m_sock));
}
}
#endif
#ifdef ENABLE_UNIXODBC
if(!strcasecmp(dbtype,UNIXODBC))
{
if(SQLAllocStmt(u_connection, &u_statement) == SQL_SUCCESS)
if(SQLPrepare(u_statement, query, SQL_NTS) == SQL_SUCCESS)
if(SQLExecute(u_statement) == SQL_SUCCESS)
if(SQLRowCount(u_statement, &u_rows) == SQL_SUCCESS)
if(u_rows)
{
if(u_rows > 1)
{
ErrorMessage("ERROR (%s) returned more than one result\n", query);
result = 0;
}
else
{
if(SQLFetch(u_statement) == SQL_SUCCESS)
if(SQLGetData(u_statement,1,SQL_INTEGER,&u_col,
sizeof(u_col), NULL) == SQL_SUCCESS)
result = (int)u_col;
}
}
}
#endif
#ifdef DEBUG
if (result) { printf("(%s) returned %i\n", query, result); }
else { printf("(%s) failed\n", query); }
#endif
return result;
}
/* Function: Connect()
*
* Purpose: Database independent function to initiate a database
* connection
*/
void Connect()
{
#ifdef ENABLE_MYSQL
int x;
#endif
#ifdef ENABLE_POSTGRESQL
if(!strcasecmp(dbtype,POSTGRESQL))
{
p_connection = PQsetdbLogin(host,port,NULL,NULL,dbname,user,password);
if (PQstatus(p_connection) == CONNECTION_BAD)
{
PQfinish(p_connection);
FatalError("Connection to database '%s' failed\n", dbname);
}
}
#endif
#ifdef ENABLE_MYSQL
if(!strcasecmp(dbtype,MYSQL))
{
m_sock = mysql_init(NULL);
if(m_sock == NULL)
{
FatalError("Connection to database '%s' failed\n", dbname);
}
if (port != NULL)
{
x = atoi(port);
}
else
{
x = 0;
}
if (mysql_real_connect(m_sock, host, user, password, dbname,
x, NULL, 0) == 0)
{
ErrorMessage("Failed to logon to database '%s'\n", dbname);
FatalError("Error: %s\n", mysql_error(m_sock));
}
}
#endif
#ifdef ENABLE_UNIXODBC
if(!strcasecmp(dbtype,UNIXODBC))
{
if (!(SQLAllocEnv(&u_handle) == SQL_SUCCESS)) {exit(-5);}
if (!(SQLAllocConnect(u_handle, &u_connection) ==
SQL_SUCCESS)) {exit(-6);}
if (!(SQLConnect(u_connection, dbname, SQL_NTS, user, SQL_NTS,
password, SQL_NTS) == SQL_SUCCESS)) {exit(-7);}
}
#endif
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -