Merge pull request #117 from robbietu/master

add expression filter
Netis · Oct 27, 2021 · 4a4a4ea · 4a4a4ea
2 parents 117ac7f + 63ccd13
commit 4a4a4ea
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 5 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -15,7 +15,7 @@ endif ()
 # set PKTMINERG_MAJOR_VERSION, PKTMINERG_MINOR_VERSION, etc.
 set(PKTMINERG_MAJOR_VERSION "0")
 set(PKTMINERG_MINOR_VERSION "5")
-set(PKTMINERG_PATCH_VERSION "4")
+set(PKTMINERG_PATCH_VERSION "5")
 set(PKTMINERG_VERSION_STRING "${PKTMINERG_MAJOR_VERSION}.${PKTMINERG_MINOR_VERSION}.${PKTMINERG_PATCH_VERSION}")
 
 if(WIN32)

diff --git a/src/pcaphandler.cpp b/src/pcaphandler.cpp
@@ -13,6 +13,50 @@
 #include "agent_status.h"
 #include "vlan.h"
 
+bool replaceWithIfIp(std::string& expression, std::vector<std::string> &ips) {
+    std::string name = expression.substr(strlen("nic."));
+    expression = "";
+    pcap_if_t *alldevs;
+    pcap_if_t *d;
+    struct pcap_addr *addr;
+    char err_buf[PCAP_ERRBUF_SIZE];
+
+    if (pcap_findalldevs(&alldevs, err_buf) < 0)
+        return false;
+    for (d = alldevs; d; d = d->next) {
+        if (strcmp(d->name, (char*)name.data()) == 0) {
+            for (addr = d->addresses; addr; addr = addr->next) {
+                if (!addr->addr) {
+                    continue;
+                }
+
+                if (addr->addr->sa_family == AF_INET) {
+                    char str[INET_ADDRSTRLEN];
+                    inet_ntop(AF_INET, &(((sockaddr_in *) addr->addr)->sin_addr), str, sizeof(str));
+                    expression +=std::string(str);
+                    ips.push_back(std::string(str));
+                }
+                else if (addr->addr->sa_family == AF_INET6) {
+                    char str[INET6_ADDRSTRLEN];
+                    inet_ntop(AF_INET6, &(((sockaddr_in6 *) addr->addr)->sin6_addr), str, sizeof(str));
+                    expression += std::string(str);
+                }
+                else {
+                    continue;
+                }
+                if (addr->next != nullptr) {
+                    expression += " or host ";
+                }
+            }
+            pcap_freealldevs(alldevs);
+            return true;
+        }
+    }
+
+    pcap_freealldevs(alldevs);
+    return false;
+}
+
 PcapHandler::PcapHandler(std::string dumpDir, int16_t dumpInterval):
     _dumpDir(dumpDir),
     _dumpInterval(dumpInterval) {

diff --git a/src/pcaphandler.h b/src/pcaphandler.h
@@ -20,7 +20,7 @@ typedef struct PcapInit {
     int buffer_size;
     int need_update_status;
 } pcap_init_t;
-
+bool replaceWithIfIp(std::string& expression, std::vector<std::string> &ips);
 class PcapHandler {
 protected:
     pcap_t*_pcap_handle;

diff --git a/src/pktminerg.cpp b/src/pktminerg.cpp
@@ -156,9 +156,22 @@ int main(int argc, const char* argv[]) {
 
     std::string filter = "";
     if (vm.count("expression")) {
-        auto expressions = vm["expression"].as<std::vector<std::string>>();
-        std::for_each(expressions.begin(), expressions.end(),
-                      [&filter](const std::string& express) { filter = filter + express + " "; });
+        auto expressions = vm["expression"].as < std::vector < std::string >> ();
+        for (size_t i = 0; i < expressions.size(); i++) {
+            filter = filter + expressions[i] + " ";
+            if (expressions[i] == "host" && i + 1 < expressions.size()) {
+                if (i > 0 && expressions[i - 1] == "not") {
+                    continue;
+                }
+                if (expressions[i + 1].find("nic.") == 0) {
+                    std::vector <std::string> ips;
+                    if (!replaceWithIfIp(expressions[i + 1], ips)) {
+                        std::cerr << "Please input right interface name." << std::endl;
+                        return 1;
+                    }
+                }
+            }
+        }
     }
 
     // no filter option