Merge pull request #118 from robbietu/master

add wildcard
Netis · Nov 9, 2021 · 85017f6 · 85017f6
2 parents 4a4a4ea + ea2426d
commit 85017f6
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -15,7 +15,7 @@ endif ()
 # set PKTMINERG_MAJOR_VERSION, PKTMINERG_MINOR_VERSION, etc.
 set(PKTMINERG_MAJOR_VERSION "0")
 set(PKTMINERG_MINOR_VERSION "5")
-set(PKTMINERG_PATCH_VERSION "5")
+set(PKTMINERG_PATCH_VERSION "6")
 set(PKTMINERG_VERSION_STRING "${PKTMINERG_MAJOR_VERSION}.${PKTMINERG_MINOR_VERSION}.${PKTMINERG_PATCH_VERSION}")
 
 if(WIN32)

diff --git a/src/pcaphandler.cpp b/src/pcaphandler.cpp
@@ -365,3 +365,58 @@ int PcapLiveHandler::openPcap(const std::string& dev, const pcap_init_t& param,
     _pcap_handle = pcap_handle;
     return 0;
 }
+
+void IpPortAddr::init(std::string express) {
+    std::vector<std::string> strs;
+    boost::split(strs, express, boost::is_any_of("_"));
+    for (int i = 0; i < strs.size()-1; i++) {
+        if (strs[i] == "host" || strs[i] == "(host") {
+            int len = strs[i+1].length();
+            if (strs[i+1][len-1] ==')') {
+                strs[i+1].erase(strs[i+1].end() - 1);
+            }
+            if (strs[i+1].find("nic.") == 0) {
+                std::vector<std::string> ips;
+                replaceWithIfIp(strs[i+1], ips);
+                for (auto i: ips) {
+                    struct in_addr ipV4;
+                    if (1 == inet_pton(AF_INET, i.c_str(), &ipV4)) {
+                        _ips.push_back(ipV4);
+                    }
+                }
+            }
+            else {
+                struct in_addr ipV4;
+
+                if (1 == inet_pton(AF_INET, strs[i+1].c_str(), &ipV4)) {
+                    _ips.push_back(ipV4);
+                }
+            }
+        }
+        else if (strs[i] == "port" || strs[i] == "(port") {
+            _ports.push_back(stoi(strs[i+1]));
+        }
+    }
+    _inited = true;
+    return;
+}
+bool IpPortAddr::matchIpPort (const in_addr *ip, const uint16_t port) {
+    bool ret = false;
+
+    for (auto ipv4: _ips) {
+        if (ipv4.s_addr == ip->s_addr) {
+            ret = true;
+            break;
+        }
+    }
+
+    if (ret) {
+        for (auto p : _ports) {
+            if (p == port) {
+                return true;
+            }
+            ret = false;
+        }
+    }
+    return ret;
+}
diff --git a/src/pcaphandler.h b/src/pcaphandler.h
@@ -20,7 +20,21 @@ typedef struct PcapInit {
     int buffer_size;
     int need_update_status;
 } pcap_init_t;
+
 bool replaceWithIfIp(std::string& expression, std::vector<std::string> &ips);
+
+class IpPortAddr {
+public:
+    void init(const std::string express);
+    bool matchIpPort (const in_addr *ip, const uint16_t port);
+    bool isInited() {return _inited;};
+
+private:
+    std::vector<in_addr> _ips;
+    std::vector<uint32_t> _ports;
+    bool _inited = false;
+};
+
 class PcapHandler {
 protected:
     pcap_t*_pcap_handle;
@@ -40,6 +54,7 @@ class PcapHandler {
     std::vector<in_addr> _ipv4s;
     std::vector<in6_addr> _ipv6s;
 
+    IpPortAddr _addr;
 
 protected:
     int openPcapDumper(pcap_t *pcap_handle);