Skip to content

Commit

Permalink
- added csv,table and xml output options
Browse files Browse the repository at this point in the history 
- fixed a bug causing incorrect dns packets to be inserted into the dns table
  • Loading branch information
Per-Grana committed May 5, 2011
1 parent 64867a4 commit 3974e45
Show file tree
Hide file tree
Showing 6 changed files with 305 additions and 26 deletions.
4 changes: 3 additions & 1 deletion src/dns.cpp
View file
Expand Up @@ -233,7 +233,9 @@ bool Parse_dns::packet_insert(DNSMessage &message)
DNSMessage::Header &header = message.m_header;
IP_header &ip_header = message.m_ip_header;

bool err=(message.m_error!=0);
if(message.m_error!=0)
return false;

if (!header.qr)
{
if (header.qdcount==0)
Expand Down
31 changes: 16 additions & 15 deletions src/dns.h
View file
Expand Up @@ -128,11 +128,11 @@ class DNSMessage
int qclass;
int parse(DNSMessage &m,int offs)
{
offs=m.parse_dname(qname,sizeof(qname),offs);
qtype=m.get_ushort(offs);
offs+=2;
qclass=m.get_ushort(offs);
offs+=2;
offs = m.parse_dname(qname,sizeof(qname),offs);
qtype = m.get_ushort(offs);
offs += 2;
qclass = m.get_ushort(offs);
offs += 2;
return offs;
}
};
Expand Down Expand Up @@ -187,16 +187,16 @@ class DNSMessage

DNSMessage(unsigned char *data,int len,IP_header &head): m_ip_header(head)
{
m_opt_rr=0;
m_error=0;
m_data = data;
m_length = len;
m_edns0=false;
m_do=false;
m_extended_rcode=0;
m_version=0;
m_z=0;
m_udp_size=0;
m_opt_rr = 0;
m_error = 0;
m_data = data;
m_length = len;
m_edns0 = false;
m_do = false;
m_extended_rcode= 0;
m_version = 0;
m_z = 0;
m_udp_size = 0;

parse();
}
Expand Down Expand Up @@ -258,6 +258,7 @@ class DNSMessage
offs = m_questions[q].parse(*this,offs);
if (offs>m_length)
{
m_questions[q].qname[0]=0;
m_error=offs;
return;
}
Expand Down
51 changes: 44 additions & 7 deletions src/packetq.cpp
View file
Expand Up @@ -51,11 +51,11 @@
namespace se {

static void usage ( char * argv0, bool longversion ) {
fprintf (stdout, "usage: %s [ --select | -s select-statement ] [ --port | -p httpportnumber ] [ --daemon | -d ] [ --webroot | -w ] [ --pcaproot | -r ] [ --help | -h ] [ --limit | -l ] pcapfile(s)...\n", argv0);
fprintf (stdout, "usage: %s [ --select | -s select-statement ] [ --port | -p httpportnumber ] [ --csv | -c ] [ --table | -t ] [ --xml | -x ] [ --daemon | -d ] [ --webroot | -w ] [ --pcaproot | -r ] [ --help | -h ] [ --limit | -l ] pcapfile(s)...\n", argv0);
if (!longversion)
return;

fprintf (stdout, "\n sample:\n> packetq -s \"select count(*) as mycount,protocol from dns group by protocol;\" myfile.pcap\n");
fprintf (stdout, "\n sample:\n> packetq --csv -s \"select count(*) as mycount,protocol from dns group by protocol;\" myfile.pcap\n");
}

#ifdef WIN32
Expand Down Expand Up @@ -196,12 +196,15 @@ int main (int argc, char * argv [])
{"pcaproot",1, 0, 'r'},
{"port", 1, 0, 'p'},
{"deamon", 0, 0, 'd'},
{"csv", 0, 0, 'c'},
{"table", 0, 0, 't'},
{"xml", 0, 0, 'x'},
{"help", 0, 0, 'h'},
{"version", 0, 0, 'v'},
{NULL, 0, 0, 0}
};

int c = getopt_long (argc, argv, "w:r:s:l:p:hHdv", long_options, &option_index);
int c = getopt_long (argc, argv, "w:r:s:l:p:hHdvcxt", long_options, &option_index);
if (c == -1)
break;

Expand All @@ -213,6 +216,15 @@ int main (int argc, char * argv [])
case 's':
query = optarg;
break;
case 'c':
g_app->set_output(PacketQ::csv);
break;
case 't':
g_app->set_output(PacketQ::csv_format);
break;
case 'x':
g_app->set_output(PacketQ::xml);
break;
case 'd':
daemon = true;
break;
Expand Down Expand Up @@ -293,10 +305,35 @@ int main (int argc, char * argv [])
g_app->m_query.execute();
Table *result = g_app->m_query.m_result;

printf("[\n");
if (result)
result->json();
printf("]\n");
switch( g_app->get_output() )
{
case( PacketQ::csv_format ):
{
if (result)
result->csv(true);
}
break;
case( PacketQ::csv ):
{
if (result)
result->csv();
}
break;
case( PacketQ::xml ):
{
if (result)
result->xml();
}
break;
case( PacketQ::json ):
{
printf("[\n");
if (result)
result->json();
printf("]\n");
}
break;
}

delete g_app;
return 0;
Expand Down
20 changes: 17 additions & 3 deletions src/packetq.h
View file
Expand Up @@ -40,10 +40,18 @@ namespace se {
class PacketQ
{
public:
enum OutputOpts
{
json,
csv,
csv_format,
xml
};
PacketQ()
{
m_sample_counter = 0;
m_limit = 0;
m_output = json;
}
~PacketQ()
{
Expand All @@ -59,11 +67,17 @@ class PacketQ
{
m_limit = limit;
}
int get_limit() { return m_limit;}
void set_output(OutputOpts opt)
{
m_output = opt;
}
OutputOpts get_output() { return m_output; }
int get_limit() { return m_limit; }
Query m_query;
private:
int m_sample_counter;
int m_limit;
int m_sample_counter;
int m_limit;
OutputOpts m_output;
};

void read_file(const char *filename);
Expand Down

0 comments on commit 3974e45

Please sign in to comment.