Back to index

natlog  0.91.0
run.cc
Go to the documentation of this file.
00001 #include "conntrack.ih"
00002 
00003 // Example conntrack line: 
00004 // [1338987414.52626 ]         [NEW] tcp      6 120 SYN_SENT 
00005 //      src=192.168.1.4 dst=129.125.14.80 sport=59783 dport=22  [UNREPLIED] 
00006 //      src=129.125.14.80 dst=129.125.100.246 sport=22 dport=59783
00007 
00008 void Conntrack::run(ostream &parent)
00009 {
00010     Signal::instance().add(SIGTERM, *this);
00011 
00012     Pattern pat(
00013     //     1        2      3
00014     "\\[(\\d+)\\.(\\d+).*(NEW|DESTROY).*"   // time: [1338899277.41469 ]
00015     //      4             5
00016     "src=(\\S+)\\s+dst=(\\S+)\\s+"          // source to nat,  dest
00017     //        6               7
00018     "sport=(\\d+)\\s+dport=(\\d+).*"        // source from,    dest port
00019     //      8               
00020     "dst=(\\S+).*"                          // natted source 
00021     //        9
00022     "dport=(\\d+)");                        // natted sport
00023 
00024 
00025     parent << 0 << endl;                    // all OK
00026 
00027     d_stdMsg << "starting: using " << d_options.conntrackPath() << endl;
00028     d_conntrack.start();
00029 
00030     string line;
00031     while (getline(d_conntrack, line))
00032     {
00033         imsg << "LINE: " << line << endl;
00034 
00035         if (pat << line)
00036         {
00037             string key(pat[8] + pat[9]);
00038 
00039             if (pat[3] == "NEW")
00040                 d_connections.add(key, pat);
00041             else 
00042             {
00043                 size_t idx = d_connections.find(key);
00044                 if (idx == numeric_limits<size_t>::max())
00045                     wmsg << "UNAVAILABLE: " << line << endl;
00046                 else
00047                 {
00048                     log(*d_connections[idx], pat[1], pat[2]);
00049                     d_connections.erase(idx);  // erase processed element
00050                 }
00051             }
00052         }
00053     }
00054 }
00055 
00056 
00057 
00058