Back to index

natlog  0.91.0
pcaprecord.h
Go to the documentation of this file.
00001 #ifndef INCLUDED_PCAPRECORD_
00002 #define INCLUDED_PCAPRECORD_
00003 
00004 #include <iosfwd>
00005 #include <vector>
00006 
00007 #include <pcap/pcap.h>
00008 #include <netinet/in.h>
00009 
00010 #include <bobcat/inetaddress>
00011 
00012 class PcapPacket;
00013 class Options;
00014 
00015 class PcapRecord
00016 {
00017     enum
00018     {
00019         TTL = 10            // INCOMPLETE records may live for 10 secs.
00020     };
00021     enum Status
00022     {
00023         INCOMPLETE,
00024         ESTABLISHED,
00025         FINISHED
00026     };
00027 
00028     public:
00029         enum Type
00030         {
00031             IN,
00032             OUT
00033         };
00034         struct AddrPort
00035         {
00036             struct in_addr addr;
00037             u_short port;
00038         };
00039         struct Record
00040         {
00041             Status              status;
00042             struct pcap_pkthdr  beginTime;
00043             AddrPort            source;
00044             AddrPort            via;
00045             AddrPort            dest;
00046             uint32_t            sequenceNr;
00047         };
00048 
00049     private:
00050         std::vector<Record *> d_connections;
00051         std::ostream &d_stdMsg;
00052         Options &d_options;
00053 
00054     public:
00055         struct Address: public FBB::InetAddress
00056         {
00057             Address(struct in_addr const &addr, u_short port);
00058         };
00059 
00060         PcapRecord(std::ostream &stdMsg);
00061         ~PcapRecord();
00062 
00063         void add(PcapPacket const &packet, Type type);
00064 
00065         void remove(PcapPacket const &packet);
00066         
00067         time_t seconds(Record const &record) const;        
00068         suseconds_t microSeconds(Record const &record) const;
00069 
00070         Address sourceIP(Record const &record) const;
00071         Address viaIP(Record const &record) const;
00072         Address destIP(Record const &record) const;
00073 
00074     private:
00075         void addIn(PcapPacket const &packet);
00076         void addOut(PcapPacket const &packet);
00077 
00078         size_t find(uint32_t sequenceNr);   // numlim<siz_t>::max if not
00079 
00080         void store(Record *);
00081         std::ostream &display(std::ostream &stdMsg, Record const *record) const;
00082         void log(Record const *record, time_t seconds, 
00083                                        suseconds_t musecs) const;
00084 
00085         Address inetAddr(struct in_addr const &addr, u_short port) const;
00086 };
00087 
00088 inline PcapRecord::Address::Address(struct in_addr const &addr, u_short port)
00089 :
00090     FBB::InetAddress( sockaddr_in{0, port, addr} )
00091 {}
00092 
00093 inline time_t PcapRecord::seconds(Record const &record) const
00094 {
00095     return record.beginTime.ts.tv_sec;
00096 }
00097         
00098 inline suseconds_t PcapRecord::microSeconds(Record const &record) const
00099 {
00100     return record.beginTime.ts.tv_usec;
00101 }
00102 
00103 inline PcapRecord::Address PcapRecord::sourceIP(Record const &record) const
00104 {
00105     return inetAddr(record.source.addr, record.source.port);
00106 }
00107 
00108 inline PcapRecord::Address PcapRecord::viaIP(Record const &record) const
00109 {
00110     return inetAddr(record.via.addr, record.via.port);
00111 }
00112 
00113 inline PcapRecord::Address PcapRecord::destIP(Record const &record) const
00114 {
00115     return inetAddr(record.dest.addr, record.dest.port);
00116 }
00117 
00118 inline PcapRecord::Address PcapRecord::inetAddr(struct in_addr const &addr, 
00119                                                 u_short port) const
00120 {
00121     return Address(addr, port);
00122 }
00123         
00124 #endif
00125 
00126 
00127 
00128 
00129 
00130