ptr and regexp ptr searching now works
This commit is contained in:
parent
5fb4f34090
commit
13184cf0d5
|
@ -95,6 +95,8 @@ sub new{
|
||||||
protocols=>{},
|
protocols=>{},
|
||||||
ports=>{},
|
ports=>{},
|
||||||
states=>{},
|
states=>{},
|
||||||
|
ptrs=>{},
|
||||||
|
resolver=>Net::DNS::Resolver->new,
|
||||||
};
|
};
|
||||||
bless $self;
|
bless $self;
|
||||||
|
|
||||||
|
@ -190,6 +192,26 @@ sub get_states{
|
||||||
return keys( %{ $self->{states} } );
|
return keys( %{ $self->{states} } );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
=head2 get_ptrs
|
||||||
|
|
||||||
|
Gets the list of PTRs to search for.
|
||||||
|
|
||||||
|
The returned value is a array. Each item is a PTR.
|
||||||
|
|
||||||
|
my @PTRs=$search->get_ptrs;
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub get_ptrs{
|
||||||
|
my $self=$_[0];
|
||||||
|
|
||||||
|
if( ! $self->errorblank ){
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
return keys( %{ $self->{ptrs} } );
|
||||||
|
}
|
||||||
|
|
||||||
=head2 search
|
=head2 search
|
||||||
|
|
||||||
This runs the search results.
|
This runs the search results.
|
||||||
|
@ -226,6 +248,8 @@ sub search{
|
||||||
my $cidr_require=0;
|
my $cidr_require=0;
|
||||||
my $protocol_require=0;
|
my $protocol_require=0;
|
||||||
my $state_require=0;
|
my $state_require=0;
|
||||||
|
my $ptr_require=0;
|
||||||
|
my $ptr_r_require=0;
|
||||||
|
|
||||||
# figure out what we need to check for
|
# figure out what we need to check for
|
||||||
if (defined( $self->{cidrs}[0] )){
|
if (defined( $self->{cidrs}[0] )){
|
||||||
|
@ -240,6 +264,12 @@ sub search{
|
||||||
if (defined( (keys(%{ $self->{states} }))[0] )){
|
if (defined( (keys(%{ $self->{states} }))[0] )){
|
||||||
$state_require=1;
|
$state_require=1;
|
||||||
}
|
}
|
||||||
|
if (defined( (keys(%{ $self->{ptrs} }))[0] )){
|
||||||
|
$ptr_require=1;
|
||||||
|
}
|
||||||
|
if (defined( $self->{ptrs_r}[0] )){
|
||||||
|
$ptr_r_require=1;
|
||||||
|
}
|
||||||
|
|
||||||
my $res_int=0;
|
my $res_int=0;
|
||||||
while ( defined( $res->[2]->{active_conns}->[$res_int] ) ){
|
while ( defined( $res->[2]->{active_conns}->[$res_int] ) ){
|
||||||
|
@ -292,23 +322,19 @@ sub search{
|
||||||
my $port_meet=1;
|
my $port_meet=1;
|
||||||
my $cidr_meet=1;
|
my $cidr_meet=1;
|
||||||
my $protocol_meet=1;
|
my $protocol_meet=1;
|
||||||
|
my $ptr_meet=1;
|
||||||
|
my $ptr_r_meet=1;
|
||||||
my $protocol_search=lc( $protocol );
|
my $protocol_search=lc( $protocol );
|
||||||
my $state_meet=1;
|
my $state_meet=1;
|
||||||
my $state_search=lc( $state );
|
my $state_search=lc( $state );
|
||||||
|
|
||||||
# reset the meet checks
|
# XOR the meet and require, setting the meet to false if required
|
||||||
if ( $port_require ) {
|
$port_meet = $port_meet ^ $port_require;
|
||||||
$port_meet=0;
|
$cidr_meet = $cidr_meet ^ $cidr_require;
|
||||||
}
|
$protocol_meet = $protocol_meet ^ $protocol_require;
|
||||||
if ( $cidr_require ) {
|
$state_meet = $state_meet ^ $state_require;
|
||||||
$cidr_meet=0;
|
$ptr_meet = $ptr_meet ^ $ptr_require;
|
||||||
}
|
$ptr_r_meet = $ptr_r_meet ^ $ptr_r_require;
|
||||||
if ( $protocol_require ) {
|
|
||||||
$protocol_meet=0;
|
|
||||||
}
|
|
||||||
if ( $state_require ) {
|
|
||||||
$state_meet=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# checks the forient port against each CIDR
|
# checks the forient port against each CIDR
|
||||||
my @cidrs=@{ $self->{cidrs} };
|
my @cidrs=@{ $self->{cidrs} };
|
||||||
|
@ -363,9 +389,82 @@ sub search{
|
||||||
$state_meet=1;
|
$state_meet=1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# check if the PTR of any matches
|
||||||
|
if ( $ptr_require ){
|
||||||
|
#look both up
|
||||||
|
my $answer_f=$self->{resolver}->search( $foreign_host );
|
||||||
|
my $answer_l=$self->{resolver}->search( $local_host );
|
||||||
|
|
||||||
|
# figure out if we have a ptr or not for foriegn host and if so grab it
|
||||||
|
my $ptr_f='NOTFOUND';
|
||||||
|
if ( defined( $answer_f->{answer}[0] ) &&
|
||||||
|
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
|
||||||
|
){
|
||||||
|
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
|
||||||
|
}
|
||||||
|
|
||||||
|
# figure out if we have a ptr or not for foriegn host and if so grab it
|
||||||
|
my $ptr_l='NOTFOUND';
|
||||||
|
if ( defined( $answer_l->{answer}[0] ) &&
|
||||||
|
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
|
||||||
|
){
|
||||||
|
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
|
||||||
|
}
|
||||||
|
|
||||||
|
# now that we have it, check if either are defined in the lookup table
|
||||||
|
if (
|
||||||
|
defined( $self->{ptrs}{$ptr_l} ) ||
|
||||||
|
defined( $self->{ptrs}{$ptr_f} )
|
||||||
|
){
|
||||||
|
$ptr_meet=1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# check if the PTR of any matches
|
||||||
|
if ( $ptr_r_require ){
|
||||||
|
#look both up
|
||||||
|
my $answer_f=$self->{resolver}->search( $foreign_host );
|
||||||
|
my $answer_l=$self->{resolver}->search( $local_host );
|
||||||
|
|
||||||
|
# figure out if we have a ptr or not for foriegn host and if so grab it
|
||||||
|
my $ptr_f='NOTFOUND';
|
||||||
|
if ( defined( $answer_f->{answer}[0] ) &&
|
||||||
|
( ref( $answer_f->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
|
||||||
|
){
|
||||||
|
$ptr_f=lc($answer_f->{answer}[0]->ptrdname);
|
||||||
|
}
|
||||||
|
|
||||||
|
# figure out if we have a ptr or not for foriegn host and if so grab it
|
||||||
|
my $ptr_l='NOTFOUND';
|
||||||
|
if ( defined( $answer_l->{answer}[0] ) &&
|
||||||
|
( ref( $answer_l->{answer}[0] ) eq 'Net::DNS::RR::PTR' )
|
||||||
|
){
|
||||||
|
$ptr_l=lc($answer_l->{answer}[0]->ptrdname);
|
||||||
|
}
|
||||||
|
|
||||||
|
# check if any of them match
|
||||||
|
my @ptrs_r=@{ $self->{ptrs_r} };
|
||||||
|
my $ptr=pop( @ptrs_r );
|
||||||
|
while (
|
||||||
|
defined( $ptr ) &&
|
||||||
|
( ! $ptr_r_meet )
|
||||||
|
){
|
||||||
|
|
||||||
|
if (
|
||||||
|
( $ptr_f =~ /$ptr/ ) ||
|
||||||
|
( $ptr_l =~ /$ptr/ )
|
||||||
|
){
|
||||||
|
$ptr_r_meet=1;
|
||||||
|
}
|
||||||
|
|
||||||
|
$ptr=pop( @ptrs_r );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# if these are all good, add them
|
# if these are all good, add them
|
||||||
if (
|
if (
|
||||||
$port_meet && $protocol_meet && $cidr_meet && $state_meet
|
$port_meet && $protocol_meet && $cidr_meet && $state_meet &&
|
||||||
|
$ptr_meet && $ptr_r_meet
|
||||||
){
|
){
|
||||||
push( @found, {
|
push( @found, {
|
||||||
'foreign_port'=>$foreign_port,
|
'foreign_port'=>$foreign_port,
|
||||||
|
@ -530,9 +629,6 @@ Starting and trailing white space is removed.
|
||||||
|
|
||||||
# Set the desired ports to the contents of @protocols.
|
# Set the desired ports to the contents of @protocols.
|
||||||
$search->set_protocols( \@protocols );
|
$search->set_protocols( \@protocols );
|
||||||
if ( $search->error ){
|
|
||||||
warn("Bad value in ports array");
|
|
||||||
}
|
|
||||||
|
|
||||||
# removes any previous selections
|
# removes any previous selections
|
||||||
$search->set_protocols;
|
$search->set_protocols;
|
||||||
|
@ -572,6 +668,92 @@ sub set_protocols{
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
=head2 set_ptrs
|
||||||
|
|
||||||
|
This sets a list of PTRs to search for.
|
||||||
|
|
||||||
|
One value is taken and that is a array.
|
||||||
|
|
||||||
|
If this is undef, then previous settings will be cleared.
|
||||||
|
|
||||||
|
White space, [\ \t], at the start or end of each
|
||||||
|
item is removed. It is then converted to lowercase
|
||||||
|
and saved for later lookup.
|
||||||
|
|
||||||
|
# Set the desired PTRs to the contents of @ptrs.
|
||||||
|
$search->set_ptrs( \@ptrs );
|
||||||
|
|
||||||
|
# removes any previous selections
|
||||||
|
$search->set_ptrs;
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub set_ptrs{
|
||||||
|
my $self=$_[0];
|
||||||
|
my @ptrs;
|
||||||
|
if ( defined( $_[1] ) ){
|
||||||
|
@ptrs=@{ $_[1] };
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ! $self->errorblank ){
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( !defined( $ptrs[0] ) ){
|
||||||
|
$self->{ptrs}={};
|
||||||
|
}
|
||||||
|
|
||||||
|
# convert each one to a array
|
||||||
|
my %lookup_hash;
|
||||||
|
my $ptr=pop( @ptrs );
|
||||||
|
while( defined( $ptr ) ){
|
||||||
|
$ptr=~s/^[\ \t]*//;
|
||||||
|
$ptr=~s/^[\ \t]*//;
|
||||||
|
|
||||||
|
#create a LCed version of the ptr name
|
||||||
|
$lookup_hash{ lc( $ptr) }=1;
|
||||||
|
|
||||||
|
$ptr=pop( @ptrs );
|
||||||
|
}
|
||||||
|
|
||||||
|
# save it for later use
|
||||||
|
$self->{ptrs}=\%lookup_hash;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
=head2 set_ptrs_r
|
||||||
|
|
||||||
|
This sets a list of PTRs to search for via regexp
|
||||||
|
|
||||||
|
One value is taken and that is a array.
|
||||||
|
|
||||||
|
If this is undef, then previous settings will be cleared.
|
||||||
|
|
||||||
|
# Set the desired PTRs regexps to the contents of @ptrs.
|
||||||
|
$search->set_ptrs_r( \@ptrs );
|
||||||
|
|
||||||
|
# removes any previous selections
|
||||||
|
$search->set_ptrs;
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
sub set_ptrs_r{
|
||||||
|
my $self=$_[0];
|
||||||
|
my @regexps;
|
||||||
|
if ( defined( $_[1] ) ){
|
||||||
|
@regexps=@{ $_[1] };
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ! $self->errorblank ){
|
||||||
|
return undef;
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->{ptrs_r}=\@regexps;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
=head2 set_states
|
=head2 set_states
|
||||||
|
|
||||||
Sets the list of desired states to match.
|
Sets the list of desired states to match.
|
||||||
|
|
Loading…
Reference in New Issue