ptr and regexp ptr searching now works

This commit is contained in:
Zane C. B-H 2019-02-28 09:38:55 -06:00
rodzic 5fb4f34090
commit 13184cf0d5
1 zmienionych plików z 199 dodań i 17 usunięć

Wyświetl plik

@ -95,6 +95,8 @@ sub new{
protocols=>{},
ports=>{},
states=>{},
ptrs=>{},
resolver=>Net::DNS::Resolver->new,
};
bless $self;
@ -190,6 +192,26 @@ sub get_states{
return keys( %{ $self->{states} } );
}
=head2 get_ptrs
Gets the list of PTRs to search for.
The returned value is a array. Each item is a PTR.
my @PTRs=$search->get_ptrs;
=cut
sub get_ptrs{
my $self=$_[0];
if( ! $self->errorblank ){
return undef;
}
return keys( %{ $self->{ptrs} } );
}
=head2 search
This runs the search results.
@ -226,6 +248,8 @@ sub search{
my $cidr_require=0;
my $protocol_require=0;
my $state_require=0;
my $ptr_require=0;
my $ptr_r_require=0;
# figure out what we need to check for
if (defined( $self->{cidrs}[0] )){
@ -240,6 +264,12 @@ sub search{
if (defined( (keys(%{ $self->{states} }))[0] )){
$state_require=1;
}
if (defined( (keys(%{ $self->{ptrs} }))[0] )){
$ptr_require=1;
}
if (defined( $self->{ptrs_r}[0] )){
$ptr_r_require=1;
}
my $res_int=0;
while ( defined( $res->[2]->{active_conns}->[$res_int] ) ){
@ -292,23 +322,19 @@ sub search{
my $port_meet=1;
my $cidr_meet=1;
my $protocol_meet=1;
my $ptr_meet=1;
my $ptr_r_meet=1;
my $protocol_search=lc( $protocol );
my $state_meet=1;
my $state_search=lc( $state );
# reset the meet checks
if ( $port_require ) {
$port_meet=0;
}
if ( $cidr_require ) {
$cidr_meet=0;
}
if ( $protocol_require ) {
$protocol_meet=0;
}
if ( $state_require ) {
$state_meet=0;
}
# XOR the meet and require, setting the meet to false if required
$port_meet = $port_meet ^ $port_require;
$cidr_meet = $cidr_meet ^ $cidr_require;
$protocol_meet = $protocol_meet ^ $protocol_require;
$state_meet = $state_meet ^ $state_require;
$ptr_meet = $ptr_meet ^ $ptr_require;
$ptr_r_meet = $ptr_r_meet ^ $ptr_r_require;
# checks the forient port against each CIDR
my @cidrs=@{ $self->{cidrs} };
@ -363,9 +389,82 @@ sub search{
$state_meet=1;
}
# check if the PTR of any matches
if ( $ptr_require ){
#look both up
my $answer_f=$self->{resolver}->search( $foreign_host );
my $answer_l=$self->{resolver}->search( $local_host );
# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_f='NOTFOUND';
if ( defined( $answer_f->{answer}[0] ) &&
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
}
# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_l='NOTFOUND';
if ( defined( $answer_l->{answer}[0] ) &&
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
}
# now that we have it, check if either are defined in the lookup table
if (
defined( $self->{ptrs}{$ptr_l} ) ||
defined( $self->{ptrs}{$ptr_f} )
){
$ptr_meet=1;
}
}
# check if the PTR of any matches
if ( $ptr_r_require ){
#look both up
my $answer_f=$self->{resolver}->search( $foreign_host );
my $answer_l=$self->{resolver}->search( $local_host );
# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_f='NOTFOUND';
if ( defined( $answer_f->{answer}[0] ) &&
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
}
# figure out if we have a ptr or not for foriegn host and if so grab it
my $ptr_l='NOTFOUND';
if ( defined( $answer_l->{answer}[0] ) &&
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
){
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
}
# check if any of them match
my @ptrs_r=@{ $self->{ptrs_r} };
my $ptr=pop( @ptrs_r );
while (
defined( $ptr ) &&
( ! $ptr_r_meet )
){
if (
( $ptr_f =~ /$ptr/ ) ||
( $ptr_l =~ /$ptr/ )
){
$ptr_r_meet=1;
}
$ptr=pop( @ptrs_r );
}
}
# if these are all good, add them
if (
$port_meet && $protocol_meet && $cidr_meet && $state_meet
$port_meet && $protocol_meet && $cidr_meet && $state_meet &&
$ptr_meet && $ptr_r_meet
){
push( @found, {
'foreign_port'=>$foreign_port,
@ -530,9 +629,6 @@ Starting and trailing white space is removed.
# Set the desired ports to the contents of @protocols.
$search->set_protocols( \@protocols );
if ( $search->error ){
warn("Bad value in ports array");
}
# removes any previous selections
$search->set_protocols;
@ -572,6 +668,92 @@ sub set_protocols{
return 1;
}
=head2 set_ptrs
This sets a list of PTRs to search for.
One value is taken and that is a array.
If this is undef, then previous settings will be cleared.
White space, [\ \t], at the start or end of each
item is removed. It is then converted to lowercase
and saved for later lookup.
# Set the desired PTRs to the contents of @ptrs.
$search->set_ptrs( \@ptrs );
# removes any previous selections
$search->set_ptrs;
=cut
sub set_ptrs{
my $self=$_[0];
my @ptrs;
if ( defined( $_[1] ) ){
@ptrs=@{ $_[1] };
}
if( ! $self->errorblank ){
return undef;
}
if ( !defined( $ptrs[0] ) ){
$self->{ptrs}={};
}
# convert each one to a array
my %lookup_hash;
my $ptr=pop( @ptrs );
while( defined( $ptr ) ){
$ptr=~s/^[\ \t]*//;
$ptr=~s/^[\ \t]*//;
#create a LCed version of the ptr name
$lookup_hash{ lc( $ptr) }=1;
$ptr=pop( @ptrs );
}
# save it for later use
$self->{ptrs}=\%lookup_hash;
return 1;
}
=head2 set_ptrs_r
This sets a list of PTRs to search for via regexp
One value is taken and that is a array.
If this is undef, then previous settings will be cleared.
# Set the desired PTRs regexps to the contents of @ptrs.
$search->set_ptrs_r( \@ptrs );
# removes any previous selections
$search->set_ptrs;
=cut
sub set_ptrs_r{
my $self=$_[0];
my @regexps;
if ( defined( $_[1] ) ){
@regexps=@{ $_[1] };
}
if( ! $self->errorblank ){
return undef;
}
$self->{ptrs_r}=\@regexps;
return 1;
}
=head2 set_states
Sets the list of desired states to match.