2
* Copyright (C) 1998-2001 Luca Deri <deri@ntop.org>
3
* Portions by Stefano Suin <stefano@ntop.org>
7
* This program is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* This program is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23
#include "globals-report.h"
25
static int sqlSocket = -1;
28
static struct sockaddr_in dest;
30
/* **************************************** */
32
static void openSQLsocket(char* dstHost, int dstPort) {
33
struct hostent *hostAddr = gethostbyname(dstHost);
35
if(hostAddr == NULL) {
36
traceEvent(TRACE_INFO, "Unable to resolve address '%s'\n", dstHost);
40
memcpy(&dest.sin_addr.s_addr, hostAddr->h_addr_list[0],
42
dest.sin_family = AF_INET;
43
dest.sin_port = (int)htons((unsigned short int)dstPort);
45
sqlSocket = socket (AF_INET, SOCK_DGRAM, 0);
48
traceEvent(TRACE_INFO, "Unable to open SQLsocket\n");
51
traceEvent(TRACE_INFO, "Open channel with ntop SQL client running @ %s:%d\n", dstHost, dstPort);
55
/* **************************************** */
57
void handleDbSupport(char* addr /* host:port */, int* enableDBsupport) {
58
char *hostName, *strtokState;
61
if((addr == NULL) || (addr[0] == '\0'))
64
hostName = strtok_r(addr, ":", &strtokState);
65
portNumber = atoi(strtok_r(NULL, ":", &strtokState));
67
if((hostName == NULL) || (portNumber == 0)) {
68
traceEvent(TRACE_WARNING, "WARNING: invalid value specified for '-b' parameter. \n"
69
" It should be host:port.\n");
72
(*enableDBsupport) = 1;
73
openSQLsocket(hostName, portNumber); /* *** SQL Engine *** */
77
/* **************************************** */
79
void closeSQLsocket(void) {
83
closesocket(sqlSocket);
87
/* **************************************** */
89
void updateHostNameInfo(unsigned long numeric, char* symbolic) {
93
char sqlBuf[BUF_SIZE];
96
if(!capturePackets) return;
98
addr.s_addr = numeric;
99
hostName = _intoa(addr, buf, sizeof(buf));
101
/* Search the instance and update its name */
104
accessMutex(&addressResolutionMutex, "updateHostNameInfo");
107
idx = findHostIdxByNumIP(addr);
110
if(device[actualDeviceId].hash_hostTraffic[idx] != NULL) {
112
if(strlen(symbolic) >= (MAX_HOST_SYM_NAME_LEN-1))
113
symbolic[MAX_HOST_SYM_NAME_LEN-2] = '\0';
114
strcpy(device[actualDeviceId].hash_hostTraffic[idx]->hostSymIpAddress, symbolic);
119
releaseMutex(&addressResolutionMutex);
122
if(sqlSocket != -1) {
123
if(strcmp(hostName, symbolic) != 0) {
125
if(snprintf(sqlBuf, sizeof(sqlBuf), "DELETE FROM NameMapper WHERE IPaddress = '%s'", hostName) < 0)
126
traceEvent(TRACE_ERROR, "Buffer overflow!");
127
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0,
128
(struct sockaddr *)&dest, sizeof(dest));
131
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO NameMapper (IPaddress, Name)"
132
" VALUES ('%s', '%s')", hostName, symbolic) < 0)
133
traceEvent(TRACE_ERROR, "Buffer overflow!");
134
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0,
135
(struct sockaddr *)&dest, sizeof(dest));
140
mySQLupdateHostNameInfo(numeric, symbolic);
144
/* **************************************** */
146
void updateHostTraffic(HostTraffic *el) {
147
char theDate[32], theDate2[32];
148
char sqlBuf[2*BUF_SIZE];
152
|| (broadcastHost(el))
153
|| (el->hostNumIpAddress[0] == '\0'))
156
/* Fixes below courtesy of Andreas Pfaller <a.pfaller@pop.gun.de> */
157
strftime(theDate2, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&el->firstSeen, &t));
159
/* Added by David Moore <davem@mitre.org> */
160
strftime(theDate, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&el->lastSeen, &t));
162
/* ****************************** */
164
if(snprintf(sqlBuf, sizeof(sqlBuf), "UPDATE Hosts SET "
167
"PktMulticastSent = %llu, "
168
"PktBroadcastSent = %llu, "
171
"DataMulticastSent = %llu, "
172
"DataBroadcastSent = %llu, "
175
" WHERE IPaddress = '%s'",
178
(el->pktMulticastSent),
179
(el->pktBroadcastSent),
182
(el->bytesMulticastSent),
183
(el->bytesBroadcastSent),
185
el->hostNumIpAddress) < 0) traceEvent(TRACE_ERROR, "Buffer overflow!");
187
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
189
/* ****************************** */
191
if(snprintf(sqlBuf, sizeof(sqlBuf), "UPDATE IPtraffic SET "
192
"TCPSentLocally = %llu, "
193
"TCPSentRemotely = %llu, "
194
"TCPrcvdLocally = %llu, "
195
"TCPrcvdFromRemote = %llu, "
196
"UDPSentLocally = %llu, "
197
"UDPSentRemotely = %llu, "
198
"UDPrcvdLocally = %llu, "
199
"UDPrcvdFromRemote = %llu, "
206
" WHERE IPaddress = '%s'",
207
(el->tcpSentLocally),
208
(el->tcpSentRemotely),
209
(el->tcpReceivedLocally),
210
(el->tcpReceivedFromRemote),
211
(el->udpSentLocally),
212
(el->udpSentRemotely),
213
(el->udpReceivedLocally),
214
(el->udpReceivedFromRemote),
221
el->hostNumIpAddress) < 0) traceEvent(TRACE_ERROR, "Buffer overflow!");
223
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
225
/* ****************************** */
227
if(snprintf(sqlBuf, sizeof(sqlBuf), "UPDATE NonIPTraffic SET "
236
"DECNETsent = %llu, "
237
"DECNETrcvd = %llu, "
244
" WHERE IPaddress = '%s'",
252
(el->arp_rarpReceived),
254
(el->decnetReceived),
256
(el->appletalkReceived),
258
(el->netbiosReceived),
261
el->hostNumIpAddress) < 0) traceEvent(TRACE_ERROR, "Buffer overflow!");
263
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
266
/* **************************************** */
268
void notifyHostCreation(HostTraffic *el) {
269
char sqlBuf[BUF_SIZE];
271
if((sqlSocket == -1) || broadcastHost(el))
276
if(el->hostNumIpAddress[0] != '\0') {
277
if(snprintf(sqlBuf, sizeof(sqlBuf), "DELETE FROM Hosts WHERE IPaddress = '%s'",
278
el->hostNumIpAddress) < 0)
279
traceEvent(TRACE_ERROR, "Buffer overflow!");
281
if(snprintf(sqlBuf, sizeof(sqlBuf), "DELETE FROM Hosts WHERE MACaddress = '%s'",
282
el->ethAddressString) < 0)
283
traceEvent(TRACE_ERROR, "Buffer overflow!");
286
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
289
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO Hosts (IPaddress, MACaddress, NICvendor)"
290
" VALUES ('%s', '%s', '%s')",
291
el->hostNumIpAddress,
292
el->ethAddressString,
293
getVendorInfo(el->ethAddress, 0)) < 0) traceEvent(TRACE_ERROR, "Buffer overflow!");
295
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
297
if(el->hostNumIpAddress[0] != '\0') {
298
if(snprintf(sqlBuf, sizeof(sqlBuf), "DELETE FROM NonIPTraffic WHERE IPaddress = '%s'",
299
el->hostNumIpAddress) < 0)
300
traceEvent(TRACE_ERROR, "Buffer overflow!");
301
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
303
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO NonIPTraffic (IPaddress) VALUES ('%s')",
304
el->hostNumIpAddress) < 0)
305
traceEvent(TRACE_ERROR, "Buffer overflow!");
306
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
308
if(snprintf(sqlBuf, sizeof(sqlBuf), "DELETE FROM IPtraffic WHERE IPaddress = '%s'",
309
el->hostNumIpAddress) < 0)
310
traceEvent(TRACE_ERROR, "Buffer overflow!");
311
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
313
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO IPtraffic (IPaddress) VALUES ('%s')",
314
el->hostNumIpAddress) < 0)
315
traceEvent(TRACE_ERROR, "Buffer overflow!");
316
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
319
/* traceEvent(TRACE_INFO, "%s\n", buf); */
323
/* **************************************** */
325
void notifyTCPSession(IPSession *session) {
326
HostTraffic *server, *client;
327
char dt1[32], dt2[32];
329
char sqlBuf[BUF_SIZE];
332
|| (session->initiatorIdx == NO_PEER)
333
|| (session->remotePeerIdx == NO_PEER))
336
client = device[actualDeviceId].hash_hostTraffic[checkSessionIdx(session->initiatorIdx)];
337
server = device[actualDeviceId].hash_hostTraffic[checkSessionIdx(session->remotePeerIdx)];
339
strftime(dt1, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&session->firstSeen, &t));
340
strftime(dt2, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&session->lastSeen, &t));
342
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO TCPsessions (Client, Server, ClientPort, "
343
"ServerPort, DataSent, DataRcvd, FirstSeen, LastSeen)"
344
" VALUES ('%s', '%s', '%d', '%d', '%llu', '%llu', '%s', '%s')",
345
client->hostNumIpAddress,
346
server->hostNumIpAddress,
349
(session->bytesSent),
350
(session->bytesReceived),
352
traceEvent(TRACE_ERROR, "Buffer overflow!");
355
traceEvent(TRACE_INFO, "%s\n", sqlBuf);
358
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));
361
/* **************************************** */
363
void updateDBOSname(HostTraffic *el) {
364
char sqlBuf[BUF_SIZE];
367
|| (el->osName == NULL)
368
|| (el->osName[0] == '\0'))
371
/* traceEvent(TRACE_INFO, "%s@%s\n", el->osName, el->hostNumIpAddress); */
373
if(snprintf(sqlBuf, sizeof(sqlBuf), "UPDATE Hosts SET "
374
"OsName = '%s' WHERE IPaddress = '%s'",
375
el->osName, el->hostNumIpAddress) < 0)
376
traceEvent(TRACE_ERROR, "Buffer overflow!");
378
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest, sizeof(dest));