Browse Source

ptr and regexp ptr searching now works

tags/0.2.0
Zane C. B-H 8 months ago
parent
commit
13184cf0d5
1 changed files with 199 additions and 17 deletions
  1. 199
    17
      Parse-Netstat-Search/lib/Parse/Netstat/Search.pm

+ 199
- 17
Parse-Netstat-Search/lib/Parse/Netstat/Search.pm View File

@@ -95,6 +95,8 @@ sub new{
protocols=>{},
ports=>{},
states=>{},
ptrs=>{},
resolver=>Net::DNS::Resolver->new,
};
bless $self;

@@ -190,6 +192,26 @@ sub get_states{
return keys( %{ $self->{states} } );
}

=head2 get_ptrs

Gets the list of PTRs to search for.

The returned value is a array. Each item is a PTR.

my @PTRs=$search->get_ptrs;

=cut

sub get_ptrs{
my $self=$_[0];

if( ! $self->errorblank ){
return undef;
}

return keys( %{ $self->{ptrs} } );
}

=head2 search

This runs the search results.
@@ -226,6 +248,8 @@ sub search{
my $cidr_require=0;
my $protocol_require=0;
my $state_require=0;
my $ptr_require=0;
my $ptr_r_require=0;

# figure out what we need to check for
if (defined( $self->{cidrs}[0] )){
@@ -240,6 +264,12 @@ sub search{
if (defined( (keys(%{ $self->{states} }))[0] )){
$state_require=1;
}
if (defined( (keys(%{ $self->{ptrs} }))[0] )){
$ptr_require=1;
}
if (defined( $self->{ptrs_r}[0] )){
$ptr_r_require=1;
}

my $res_int=0;
while ( defined( $res->[2]->{active_conns}->[$res_int] ) ){
@@ -292,23 +322,19 @@ sub search{
my $port_meet=1;
my $cidr_meet=1;
my $protocol_meet=1;
my $ptr_meet=1;
my $ptr_r_meet=1;
my $protocol_search=lc( $protocol );
my $state_meet=1;
my $state_search=lc( $state );

# reset the meet checks
if ( $port_require ) {
$port_meet=0;
}
if ( $cidr_require ) {
$cidr_meet=0;
}
if ( $protocol_require ) {
$protocol_meet=0;
}
if ( $state_require ) {
$state_meet=0;
}
# XOR the meet and require, setting the meet to false if required
$port_meet = $port_meet ^ $port_require;
$cidr_meet = $cidr_meet ^ $cidr_require;
$protocol_meet = $protocol_meet ^ $protocol_require;
$state_meet = $state_meet ^ $state_require;
$ptr_meet = $ptr_meet ^ $ptr_require;
$ptr_r_meet = $ptr_r_meet ^ $ptr_r_require;

# checks the forient port against each CIDR
my @cidrs=@{ $self->{cidrs} };
@@ -363,9 +389,82 @@ sub search{
$state_meet=1;
}

# check if the PTR of any matches
if ( $ptr_require ){
#look both up
my $answer_f=$self->{resolver}->search( $foreign_host );
my $answer_l=$self->{resolver}->search( $local_host );

# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_f='NOTFOUND';
if ( defined( $answer_f->{answer}[0] ) &&
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
}

# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_l='NOTFOUND';
if ( defined( $answer_l->{answer}[0] ) &&
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
}

# now that we have it, check if either are defined in the lookup table
if (
defined( $self->{ptrs}{$ptr_l} ) ||
defined( $self->{ptrs}{$ptr_f} )
){
$ptr_meet=1;
}
}

# check if the PTR of any matches
if ( $ptr_r_require ){
#look both up
my $answer_f=$self->{resolver}->search( $foreign_host );
my $answer_l=$self->{resolver}->search( $local_host );

# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_f='NOTFOUND';
if ( defined( $answer_f->{answer}[0] ) &&
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
}

# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_l='NOTFOUND';
if ( defined( $answer_l->{answer}[0] ) &&
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
}

# check if any of them match
my @ptrs_r=@{ $self->{ptrs_r} };
my $ptr=pop( @ptrs_r );
while (
defined( $ptr ) &&
( ! $ptr_r_meet )
){

if (
( $ptr_f =~ /$ptr/ ) ||
( $ptr_l =~ /$ptr/ )
){
$ptr_r_meet=1;
}

$ptr=pop( @ptrs_r );
}
}

# if these are all good, add them
if (
$port_meet && $protocol_meet && $cidr_meet && $state_meet
$port_meet && $protocol_meet && $cidr_meet && $state_meet &&
$ptr_meet && $ptr_r_meet
){
push( @found, {
'foreign_port'=>$foreign_port,
@@ -530,9 +629,6 @@ Starting and trailing white space is removed.

# Set the desired ports to the contents of @protocols.
$search->set_protocols( \@protocols );
if ( $search->error ){
warn("Bad value in ports array");
}

# removes any previous selections
$search->set_protocols;
@@ -572,6 +668,92 @@ sub set_protocols{
return 1;
}

=head2 set_ptrs

This sets a list of PTRs to search for.

One value is taken and that is a array.

If this is undef, then previous settings will be cleared.

White space, [\ \t], at the start or end of each
item is removed. It is then converted to lowercase
and saved for later lookup.

# Set the desired PTRs to the contents of @ptrs.
$search->set_ptrs( \@ptrs );

# removes any previous selections
$search->set_ptrs;

=cut

sub set_ptrs{
my $self=$_[0];
my @ptrs;
if ( defined( $_[1] ) ){
@ptrs=@{ $_[1] };
}

if( ! $self->errorblank ){
return undef;
}

if ( !defined( $ptrs[0] ) ){
$self->{ptrs}={};
}

# convert each one to a array
my %lookup_hash;
my $ptr=pop( @ptrs );
while( defined( $ptr ) ){
$ptr=~s/^[\ \t]*//;
$ptr=~s/^[\ \t]*//;

#create a LCed version of the ptr name
$lookup_hash{ lc( $ptr) }=1;

$ptr=pop( @ptrs );
}

# save it for later use
$self->{ptrs}=\%lookup_hash;

return 1;
}

=head2 set_ptrs_r

This sets a list of PTRs to search for via regexp

One value is taken and that is a array.

If this is undef, then previous settings will be cleared.

# Set the desired PTRs regexps to the contents of @ptrs.
$search->set_ptrs_r( \@ptrs );

# removes any previous selections
$search->set_ptrs;

=cut

sub set_ptrs_r{
my $self=$_[0];
my @regexps;
if ( defined( $_[1] ) ){
@regexps=@{ $_[1] };
}

if( ! $self->errorblank ){
return undef;
}

$self->{ptrs_r}=\@regexps;

return 1;
}

=head2 set_states

Sets the list of desired states to match.

Loading…
Cancel
Save