OpengateM Source Repository
Révision | de6d2eaa2b7b25272be4e11d58f2d1cd65b74bef (tree) |
---|---|
l'heure | 2013-06-18 15:18:47 |
Auteur | watanaby <watanaby@user...> |
Commiter | watanaby |
modified to save all ip addresses
@@ -214,7 +214,12 @@ OpengateM History</H3> | ||
214 | 214 | </DD> |
215 | 215 | <DT>Ver.0.8.2 at 2013.6.13 |
216 | 216 | </DT><DD> |
217 | - Fixed bug in ip-address conversion(opengatemd) | |
217 | + Fixed bug in ip address conversion(opengatemd) | |
218 | + </DD> | |
219 | + <DT>Ver.0.8.3 at 2013.6.18 | |
220 | + </DT><DD> | |
221 | + Modified to save all ip addresses(opengatemd). | |
222 | + At updating, rerun createtablescript to add a table. | |
218 | 223 | </DD> |
219 | 224 | </DL> |
220 | 225 |
@@ -122,7 +122,7 @@ int queryMacFromMngDb(char* macAddress, char* userId, char* extraId){ | ||
122 | 122 | /****************************************** |
123 | 123 | put open log to management db |
124 | 124 | ******************************************/ |
125 | -int putOpenToMngDb(char* macAddress, char* ipAddress){ | |
125 | +int putOpenToMngDb(char* macAddress){ | |
126 | 126 | |
127 | 127 | char queryStr[BUFFMAXLN]; |
128 | 128 | struct utsname uts; |
@@ -133,9 +133,9 @@ int putOpenToMngDb(char* macAddress, char* ipAddress){ | ||
133 | 133 | /* prepare query string */ |
134 | 134 | snprintf(queryStr, BUFFMAXLN, |
135 | 135 | "insert into sessionmd " |
136 | - "(macAddress, ipAddress, gatewayName, openTime, closeTime) " | |
137 | - "values ('%s','%s','%s', now(), 0)", | |
138 | - macAddress, ipAddress, uts.nodename); | |
136 | + "(macAddress, gatewayName, openTime, closeTime) " | |
137 | + "values ('%s','%s', now(), 0)", | |
138 | + macAddress, uts.nodename); | |
139 | 139 | |
140 | 140 | /* send SQL query */ |
141 | 141 | if (mysql_query(&mysql, queryStr)){ |
@@ -170,6 +170,34 @@ int putCloseToMngDb(char* macAddress){ | ||
170 | 170 | |
171 | 171 | } |
172 | 172 | |
173 | +/****************************************** | |
174 | +put MAC-IP pair to management db | |
175 | +******************************************/ | |
176 | +int putMacIpPairToMngDb(char* macAddress, char* ipAddress){ | |
177 | + | |
178 | + char queryStr[BUFFMAXLN]; | |
179 | + struct utsname uts; | |
180 | + | |
181 | + /* get domain name */ | |
182 | + uname(&uts); | |
183 | + | |
184 | + /* prepare query string */ | |
185 | + snprintf(queryStr, BUFFMAXLN, | |
186 | + "insert into macippair " | |
187 | + "(macAddress, ipAddress, findTime) " | |
188 | + "values ('%s','%s', now())", | |
189 | + macAddress, ipAddress); | |
190 | + | |
191 | + /* send SQL query */ | |
192 | + if (mysql_query(&mysql, queryStr)){ | |
193 | + err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__, | |
194 | + mysql_error(&mysql)); | |
195 | + return FALSE; | |
196 | + } | |
197 | + | |
198 | + return TRUE; | |
199 | +} | |
200 | + | |
173 | 201 | /******************************************** |
174 | 202 | routines for debugging output |
175 | 203 | ********************************************/ |
@@ -200,11 +228,20 @@ int PutCloseToMngDb(char* macAddress){ | ||
200 | 228 | if(debug>1) err_msg("DEBUG:(%d)<=putCloseToMngDb()",ret); |
201 | 229 | return ret; |
202 | 230 | } |
203 | -int PutOpenToMngDb(char* macAddress, char* ipAddress){ | |
231 | + | |
232 | +int PutOpenToMngDb(char* macAddress){ | |
204 | 233 | int ret; |
205 | - if(debug>1) err_msg("DEBUG:=>putOpenToMngDb(%s,%s)", macAddress, ipAddress); | |
206 | - ret = putOpenToMngDb(macAddress, ipAddress); | |
234 | + if(debug>1) err_msg("DEBUG:=>putOpenToMngDb(%s)", macAddress); | |
235 | + ret = putOpenToMngDb(macAddress); | |
207 | 236 | if(debug>1) err_msg("DEBUG:(%d)<=putOpenToMngDb()",ret); |
208 | 237 | return ret; |
209 | 238 | } |
210 | 239 | |
240 | +int PutMacIpPairToMngDb(char* macAddress, char* ipAddress){ | |
241 | + int ret; | |
242 | + if(debug>1) err_msg("DEBUG:=>putMacIpPairToMngDb(%s,%s)", | |
243 | + macAddress, ipAddress); | |
244 | + ret = putMacIpPairToMngDb(macAddress, ipAddress); | |
245 | + if(debug>1) err_msg("DEBUG:(%d)<=putMacIpPairToMngDb()",ret); | |
246 | + return ret; | |
247 | +} |
@@ -29,7 +29,7 @@ to maintain the state of each terminal. | ||
29 | 29 | 1. Packet Check Cache |
30 | 30 | To speed up the packet check process, the address checked once |
31 | 31 | is ignored for a while. |
32 | - The cache (key: MAC address) is used to decide | |
32 | + The cache (key: MAC&IP address pair) is used to decide | |
33 | 33 | the necessity of checking. |
34 | 34 | The cache is maintained the information of arrived packets |
35 | 35 | by using hash-table and queue in the memory of local machine. |
@@ -47,7 +47,8 @@ to maintain the state of each terminal. | ||
47 | 47 | (key: MAC address) is maintained in the memory of local machine. |
48 | 48 | |
49 | 49 | MAC address is used as main key for the user terminal. |
50 | -IP address is kept only for information (firstly detected address only) | |
50 | +IP address is kept only for information. | |
51 | +The packet cache uses the MAC-IP pair, as to record all IP. | |
51 | 52 | *************************************/ |
52 | 53 | |
53 | 54 | #include "opengatemd.h" |
@@ -66,10 +67,10 @@ int main(int argc, char **argv) | ||
66 | 67 | { |
67 | 68 | char ipAddress[ADDRMAXLN]; /* packet source ip address */ |
68 | 69 | char macAddress[ADDRMAXLN]; /* packet source mac address */ |
69 | - unsigned char macAddressRaw[ADDRMAXLN];/* mac addr in raw form */ | |
70 | - unsigned char ipAddressRaw[ADDRMAXLN];/* ip addr in raw form */ | |
71 | - /* above is network raw binary, MAC(6bytes) and IP(4or16Bytes) */ | |
72 | - int ipAddrLen; /* ip address byte length 4 or 16 */ | |
70 | + unsigned char macAndIpAddressRaw[ADDRMAXLN];/* mac&ip addr in raw form */ | |
71 | + /* above is network raw binary concatenating MAC(6bytes) and IP(4or16Bytes) */ | |
72 | + int addrLen; /* ip address byte length 6+4 or 6+16 */ | |
73 | + | |
73 | 74 | char userId[USERMAXLN]; /* user id related to the mac address */ |
74 | 75 | char extraId[USERMAXLN]; /* optional id for the user */ |
75 | 76 | int macFound; /* flag: mac address is resistered in db */ |
@@ -80,6 +81,7 @@ int main(int argc, char **argv) | ||
80 | 81 | int stopServiceMode=FALSE; /* flag: start with stop service option */ |
81 | 82 | int showVersionMode=FALSE; /* flag: show version */ |
82 | 83 | int helpMode=FALSE; /* flag: start with help mode */ |
84 | + | |
83 | 85 | int ttl; /* packet ttl(time to live) or hlim(hop limit) */ |
84 | 86 | int i; /* for loop control */ |
85 | 87 | int uselessCheckTime=0; /* the last time for useless check */ |
@@ -181,14 +183,14 @@ int main(int argc, char **argv) | ||
181 | 183 | sigIoArrived=FALSE; |
182 | 184 | while(GetDataFromUdpPort(macAddrInUdp, ADDRMAXLN, clientIpAddress)>0){ |
183 | 185 | if(IsUdpClientTrusted(clientIpAddress)){ |
184 | - DelCacheItem(macAddrInUdp); | |
186 | + DelCacheItem(macAddrInUdp,""); | |
185 | 187 | DelMacCacheItem(macAddrInUdp); |
186 | 188 | } |
187 | 189 | } |
188 | 190 | } |
189 | 191 | |
190 | 192 | /* get one packet from pcap */ |
191 | - ret=GetNextPacketFromPcap(macAddressRaw, ipAddressRaw, &ipAddrLen, &ttl); | |
193 | + ret=GetNextPacketFromPcap(macAndIpAddressRaw, &addrLen, &ttl); | |
192 | 194 | |
193 | 195 | /* if no packet */ |
194 | 196 | if(ret==0){ |
@@ -211,13 +213,14 @@ int main(int argc, char **argv) | ||
211 | 213 | if(ttl<=1) continue; |
212 | 214 | |
213 | 215 | /* ignore the packet checked recently */ |
214 | - if( IsRecentlyCheckedAddress(macAddressRaw) ) continue; | |
216 | + if( IsRecentlyCheckedAddress(macAndIpAddressRaw, addrLen) ) continue; | |
215 | 217 | |
216 | 218 | /**** only cache timeout packets proceeds to below ****/ |
217 | 219 | |
218 | 220 | /* convert address from network-raw form to presentation form */ |
219 | - ConvertMacFromRawToDisplay(macAddressRaw,macAddress); | |
220 | - ConvertIpFromRawToDisplay(ipAddressRaw,ipAddrLen,ipAddress); | |
221 | + ConvertMacFromRawToDisplay(macAndIpAddressRaw, macAddress); | |
222 | + ConvertIpFromRawToDisplay(macAndIpAddressRaw+MACADDRLN, | |
223 | + addrLen-MACADDRLN, ipAddress); | |
221 | 224 | |
222 | 225 | /* check nat/router and save info to db */ |
223 | 226 | isNatOrRouter=IsSentViaNatOrRouter(ipAddress, macAddress, ttl); |
@@ -225,25 +228,31 @@ int main(int argc, char **argv) | ||
225 | 228 | PutMacInfoToWorkDb(macAddress, ttl, isNatOrRouter); |
226 | 229 | |
227 | 230 | /*** get the status of the terminal from session table and DB ***/ |
231 | + | |
228 | 232 | /* search the address in session table */ |
229 | 233 | sessionFound = IsMatchedSessionFound(macAddress); |
230 | 234 | |
231 | - /* search the address in MAC DB cache */ | |
235 | + /* search the address in cache of MAC DB */ | |
232 | 236 | macFound = QueryMacFromMacCache(macAddress, userId, extraId); |
233 | 237 | |
234 | - /* if not found in MAC DB cache, search DB and add it to cache */ | |
238 | + /* if not found in MAC DB cache, access MAC DB and add result to cache */ | |
235 | 239 | if(!macFound){ |
236 | 240 | macFound = QueryMacFromMngDb(macAddress, userId, extraId); |
237 | 241 | if(macFound) AddMacCacheItem(macAddress, userId, extraId); |
238 | 242 | } |
239 | 243 | |
240 | 244 | /*** depending the states, add/del/renew the session ***/ |
245 | + | |
241 | 246 | /* if valid mac and no session, start session */ |
242 | 247 | if(macFound && !sessionFound){ |
243 | - AddSession(macAddress, ipAddress, userId, extraId); | |
248 | + AddSession(macAddress, userId, extraId); | |
249 | + | |
250 | + /* save MAC and IP address pair */ | |
251 | + SetMacIpPair(macAddress, ipAddress, userId, extraId); | |
244 | 252 | } |
245 | 253 | |
246 | 254 | /* if no mac and started session, stop session */ |
255 | + /* (MAC and IP pairs are removed in stop session) */ | |
247 | 256 | if(!macFound && sessionFound){ |
248 | 257 | DelSession(macAddress); |
249 | 258 | } |
@@ -257,11 +266,16 @@ int main(int argc, char **argv) | ||
257 | 266 | /* when no ipfw rule exists, reset the session */ |
258 | 267 | else{ |
259 | 268 | DelSession(macAddress); |
260 | - AddSession(macAddress, ipAddress, userId, extraId); | |
269 | + AddSession(macAddress, userId, extraId); | |
261 | 270 | } |
271 | + | |
272 | + /* save MAC and IP address pair */ | |
273 | + /* only when new pair is found. */ | |
274 | + SetMacIpPair(macAddress, ipAddress, userId, extraId); | |
262 | 275 | } |
263 | 276 | |
264 | 277 | /* check useless sessions at some interval */ |
278 | + /* (MAC and IP pairs are removed in stop session) */ | |
265 | 279 | if( time(NULL) - uselessCheckTime > checkInterval ){ |
266 | 280 | uselessCheckTime = time(NULL); |
267 | 281 | DelUselessSessions(); |
@@ -154,7 +154,7 @@ char *GetNextConfValue(void); | ||
154 | 154 | |
155 | 155 | /* pcap.c */ |
156 | 156 | int InitPcap(void); |
157 | -int GetNextPacketFromPcap(unsigned char* macAddressRaw, unsigned char* ipAddressRaw, int* pIpAddrLen, int* pTtl); | |
157 | +int GetNextPacketFromPcap(unsigned char* macAndIpAddressRaw, int* pAddrLen, int* pTtl); | |
158 | 158 | void ClosePcap(void); |
159 | 159 | int GetMyMacAddress(char* macAddress); |
160 | 160 | void ConvertIpFromRawToDisplay(unsigned char* ipAddressRaw, int ipAddrLen, char* ipAddress); |
@@ -162,9 +162,9 @@ void ConvertMacFromRawToDisplay(unsigned char* macAddressRaw, char* macAddress); | ||
162 | 162 | |
163 | 163 | /* packetcache.c */ |
164 | 164 | void InitCache(void); |
165 | -int IsRecentlyCheckedAddress(unsigned char* macAddressRaw); | |
165 | +int IsRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen); | |
166 | 166 | void FreeCache(void); |
167 | -int DelCacheItem(char* macAddress); | |
167 | +int DelCacheItem(char* macAddress, char* ipAddress); | |
168 | 168 | int DelOldestCacheItem(void); |
169 | 169 | int ReFormatMacAddr(char* macAddr); |
170 | 170 |
@@ -173,27 +173,30 @@ int InitMngDb(void); | ||
173 | 173 | int QueryMacFromMngDb(char* macAddress, char* userid, char* extraid); |
174 | 174 | void CloseMngDb(void); |
175 | 175 | int PutCloseToMngDb(char* macAddress); |
176 | -int PutOpenToMngDb(char* macAddress, char* ipAddress); | |
176 | +int PutOpenToMngDb(char* macAddress); | |
177 | +int PutMacIpPairToMngDb(char* macAddress, char* ipAddress); | |
177 | 178 | |
178 | 179 | /* workdb.c */ |
179 | 180 | int SetupSqliteBusyTimeoutValue(void); |
180 | 181 | int InitWorkDb(void); |
181 | 182 | int FinalizeWorkDb(void); |
182 | 183 | int InsertSessionToWorkDb(char* macAddress, char* userId, char* extraId, |
183 | - char* ipAddress, int ruleNumber); | |
184 | + int ruleNumber); | |
184 | 185 | int DelSessionFromWorkDb(char* macAddress); |
185 | 186 | int GetSessionFromWorkDb(char* macAddress, char* userId, char* extraId, |
186 | - int* openTime, int* checkTime, char *ipAddress, | |
187 | - int* ruleNumber); | |
187 | + int* openTime, int* checkTime, int* ruleNumber); | |
188 | 188 | int UpdateCheckTimeInWorkDb(char* macAddress); |
189 | 189 | int DelUselessSessionsInWorkDb(int delayed); |
190 | 190 | int GetSessionTableFromWorkDb(DB* sessionTable); |
191 | 191 | int PutMacInfoToWorkDb(char* macAddress, int ttl, int isNat); |
192 | 192 | int GetMacInfoFromWorkDb(char* macAddress, char* detectTimeStr, int* pTtl); |
193 | 193 | int IsActiveRuleInWorkDb(int ruleNumber); |
194 | +int IsFoundMacIpPairInWorkDb(char* macAddress, char* ipAddress); | |
195 | +int PutMacIpPairToWorkDb(char* macAddress, char* ipAddress); | |
196 | +int DelMacIpPairsInWorkDb(char* macAddress); | |
194 | 197 | |
195 | 198 | /* session.c */ |
196 | -int AddSession(char* macAddress, char* ipAddress, char* userId, char* extraId); | |
199 | +int AddSession(char* macAddress, char* userId, char* extraId); | |
197 | 200 | void DelSession(char* macAddress); |
198 | 201 | void RenewSession(char* macAddress); |
199 | 202 | void DelUselessSessions(void); |
@@ -201,12 +204,14 @@ void DelAllSessions(void); | ||
201 | 204 | int CloseSession(void* pParam, int argc, char *argv[], char* colName[]); |
202 | 205 | int IsMatchedSessionFound(char* macAddress); |
203 | 206 | void CloseUnmatchSessions(void); |
204 | -void WriteOpenToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress); | |
205 | -void WriteCloseToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int openTime); | |
206 | -void WriteSessionInfoToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int ruleNumber); | |
207 | +void WriteOpenToSyslog(char* userId, char* extraId, char* macAddress); | |
208 | +void WriteCloseToSyslog(char* userId, char* extraId, char* macAddress, int openTime); | |
209 | +void WriteSessionInfoToSyslog(char* userId, char* extraId, char* macAddress, int ruleNumber); | |
207 | 210 | void RemoveSessionUnmatchedToIpfwRule(DB* ruleTable, DB* sessionTable); |
208 | 211 | void RemoveIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable); |
209 | 212 | int IsProcessFoundForTheRule(int ruleNumber); |
213 | +void SetMacIpPair(char* macAddress, char* ipAddress, char* userId, char* extraId); | |
214 | +void ResetMacIpPairs(char* macAddress); | |
210 | 215 | |
211 | 216 | /* ttlcheck.c */ |
212 | 217 | int InitTtlCheck(void); |
@@ -1,19 +1,19 @@ | ||
1 | 1 | /************************************************** |
2 | -OpengateM - a MAC address authentication system | |
3 | - module to control packet check cache | |
2 | +opengate Mac addr auth program | |
4 | 3 | |
4 | + module to control cache of mac and ip address pair | |
5 | 5 | to skip checking every packets. |
6 | - All detected mac addresses are cached. | |
6 | + All detected address pair (allowable or not) are cached. | |
7 | 7 | |
8 | 8 | As checking packet is time consuming procedure, |
9 | 9 | the recently checked addresses are cached and skiped. |
10 | 10 | Implemented with HashTable and Queue. |
11 | 11 | HashTable: |
12 | - Key= MAC Addresses | |
12 | + Key= comcatenation of MAC and IP Addresses | |
13 | 13 | Val= checked time |
14 | - If address is included in table and time is new, skip checking. | |
14 | + If address pair is included in table and time is new, skip checking. | |
15 | 15 | Queue: |
16 | - Address odrered by checked time. | |
16 | + Address pair odrered by checked time. | |
17 | 17 | If an old item is found in table, elder items are removed from table. |
18 | 18 | The queue controls the remove sequence. |
19 | 19 |
@@ -46,40 +46,39 @@ int DeQueueForCache(unsigned char* addrRaw, int* pAddrLen); | ||
46 | 46 | int ListQueueForCache(void); |
47 | 47 | void FreeQueueForCache(void); |
48 | 48 | |
49 | -/* Queue to store MacAddress in time order */ | |
49 | +/* Queue to store MacAndIpAddress */ | |
50 | 50 | struct queueNode{ |
51 | 51 | int addrLen; |
52 | - unsigned char addrRaw[MACADDRLN]; | |
52 | + unsigned char addrRaw[MACADDRLN+IPV6ADDRLN]; | |
53 | 53 | struct queueNode *next; |
54 | 54 | }; |
55 | 55 | static struct queueNode* queueTail=NULL; |
56 | 56 | static struct queueNode* queueHead=NULL; |
57 | 57 | |
58 | -/* HashTable key=MacAddress and value=DetectTime */ | |
58 | +/* HashTable to store MacAndIpAddress and Time */ | |
59 | 59 | static DB* hashDb; |
60 | 60 | |
61 | 61 | /* Cache Timeout(seconds) : packet checking interval */ |
62 | 62 | static int cacheTimeout; |
63 | 63 | |
64 | -/* number of items in the cache */ | |
65 | 64 | static int cacheItemCount=0; |
66 | 65 | |
67 | 66 | /********************************** |
68 | 67 | This cache is made from HashTable and Queue. |
69 | -HashTable for quick access, and Queue for ordering. | |
68 | +HashTabel for quick access, and Queue for ordering. | |
70 | 69 | Same data are stored in the two data structures. |
71 | 70 | If you add/delete items in cache, treat both structures. |
72 | 71 | Don't add/delete items from one structure only. |
73 | 72 | ***********************************/ |
74 | 73 | |
75 | 74 | /**************************************** |
76 | -Is the macAddress checked recently or not | |
77 | - input=macAddress return TRUE if checked recently | |
75 | +Is the IpAddress checked recently or not | |
76 | + input=ipAddress return TRUE if checked recently | |
78 | 77 | ****************************************/ |
79 | -int isRecentlyCheckedAddress(unsigned char* macAddressRaw){ | |
78 | +int isRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen){ | |
80 | 79 | |
81 | 80 | int timeNow; |
82 | - unsigned char storedAddrRaw[ADDRMAXLN]; | |
81 | + unsigned char storedAddrRaw[MACADDRLN+IPV6ADDRLN]; | |
83 | 82 | int storedAddrLen; |
84 | 83 | int ret; |
85 | 84 | int* pTime; |
@@ -89,9 +88,9 @@ int isRecentlyCheckedAddress(unsigned char* macAddressRaw){ | ||
89 | 88 | /* get present time */ |
90 | 89 | timeNow=time(NULL); |
91 | 90 | |
92 | - /***** get item matched to the mac from hash table */ | |
93 | - hashKey.data = macAddressRaw; | |
94 | - hashKey.size = MACADDRLN; | |
91 | + /***** get item matched to the mac&ip from hash table */ | |
92 | + hashKey.data = macAndIpAddressRaw; | |
93 | + hashKey.size = addrLen; | |
95 | 94 | memset(&hashVal, 0, sizeof(DBT)); |
96 | 95 | ret=hashDb->get(hashDb, &hashKey, &hashVal, 0); |
97 | 96 |
@@ -117,10 +116,10 @@ int isRecentlyCheckedAddress(unsigned char* macAddressRaw){ | ||
117 | 116 | hashKey.data=storedAddrRaw; |
118 | 117 | hashKey.size = storedAddrLen; |
119 | 118 | hashDb->del(hashDb, &hashKey, 0); |
120 | - if(memcmp(macAddressRaw,storedAddrRaw,storedAddrLen)==0)break; | |
119 | + if(memcmp(macAndIpAddressRaw,storedAddrRaw,storedAddrLen)==0)break; | |
121 | 120 | } |
122 | 121 | |
123 | - /* insert last item after renewing the time */ | |
122 | + /* insert update item to queue and hashTable */ | |
124 | 123 | EnQueueForCache(storedAddrRaw, storedAddrLen); |
125 | 124 | hashVal.data = &timeNow; |
126 | 125 | hashVal.size = sizeof(int); |
@@ -145,7 +144,7 @@ int isRecentlyCheckedAddress(unsigned char* macAddressRaw){ | ||
145 | 144 | terminateProg(0); |
146 | 145 | } |
147 | 146 | /* insert to queue */ |
148 | - EnQueueForCache(macAddressRaw, MACADDRLN); | |
147 | + EnQueueForCache(macAndIpAddressRaw, addrLen); | |
149 | 148 | /*************** end adding item to Cache ***/ |
150 | 149 | |
151 | 150 | /* if cache size is over, remove oldest one */ |
@@ -159,8 +158,8 @@ int isRecentlyCheckedAddress(unsigned char* macAddressRaw){ | ||
159 | 158 | } |
160 | 159 | |
161 | 160 | /**************************************** |
162 | -initialize packet check Cache | |
163 | - The Cache is formed with in HashTable and Queue | |
161 | +initialize Mac&IpAddress Cache | |
162 | + Mac&Ip Cache is formed with in HashTable and Queue | |
164 | 163 | HashTable=to search an item quickly |
165 | 164 | Queue =to list items in FIFO order |
166 | 165 | ****************************************/ |
@@ -180,7 +179,7 @@ void initCache(void) { | ||
180 | 179 | } |
181 | 180 | |
182 | 181 | /**************************************** |
183 | -memory free for packet check Cache | |
182 | +memory free for Mac&IpAddress Cache | |
184 | 183 | ****************************************/ |
185 | 184 | void freeCache(void) { |
186 | 185 |
@@ -190,24 +189,67 @@ void freeCache(void) { | ||
190 | 189 | |
191 | 190 | |
192 | 191 | /**************************************** |
193 | -delete item from packet check cache matched to the mac address | |
192 | +delete item from MacAndIp cache matched to the mac or/and ip address | |
193 | +set arguments for mac and/or ip to detele | |
194 | +set argument as "", if the address is not known | |
195 | + eg: to delete item for an ipv4 and unknown mac, ("", "192.168.0.100") | |
194 | 196 | ****************************************/ |
195 | -int delCacheItem(char* macAddress) { | |
197 | +int delCacheItem(char* macAddress, char* ipAddress) { | |
196 | 198 | int found=FALSE; |
197 | 199 | DBT hashKey; |
198 | - unsigned char macAddressRaw[MACADDRLN]; | |
200 | + unsigned char addrRaw[MACADDRLN+IPV6ADDRLN]; | |
199 | 201 | unsigned char* pRawMac; |
200 | 202 | struct queueNode *temp; |
201 | 203 | struct queueNode *prev; |
204 | + int inMac=FALSE; | |
205 | + int inIpv4=FALSE; | |
206 | + int inIpv6=FALSE; | |
207 | + int shift=0; | |
208 | + int length=0; | |
202 | 209 | |
203 | 210 | /*** set the raw values */ |
204 | - /* if mac is null, return fail */ | |
205 | - if(isNull(macAddress)) return FALSE; | |
211 | + /* if mac is not null, set the mac raw value */ | |
212 | + if(!isNull(macAddress)) { | |
213 | + if((pRawMac=(unsigned char*)ether_aton(macAddress)) != NULL){ | |
214 | + memcpy(addrRaw, pRawMac, MACADDRLN); | |
215 | + inMac=TRUE; | |
216 | + } | |
217 | + } | |
206 | 218 | |
207 | - /* convert mac to raw form */ | |
208 | - if((pRawMac=(unsigned char*)ether_aton(macAddress)) != NULL){ | |
209 | - memcpy(macAddressRaw, pRawMac, MACADDRLN); | |
210 | - }else return FALSE; | |
219 | + /* if ip is not null, set the ipv6/ipv4 raw value */ | |
220 | + if(!isNull(ipAddress)) { | |
221 | + if(strchr(ipAddress, ':') != NULL) { | |
222 | + if(inet_pton(AF_INET6, ipAddress, addrRaw+MACADDRLN) > 0) inIpv6=TRUE; | |
223 | + } | |
224 | + else{ | |
225 | + if(inet_pton(AF_INET, ipAddress, addrRaw+MACADDRLN) > 0) inIpv4=TRUE; | |
226 | + } | |
227 | + } | |
228 | + | |
229 | + /*** set start point and length for comparing string */ | |
230 | + if(inMac && !inIpv6 && !inIpv4){ /* only mac is indivcated */ | |
231 | + shift=0; | |
232 | + length=MACADDRLN; | |
233 | + } | |
234 | + else if(!inMac && inIpv6){ /* only ipv6 is indicated */ | |
235 | + shift=MACADDRLN; | |
236 | + length=IPV6ADDRLN; | |
237 | + } | |
238 | + else if(!inMac && inIpv4){ /* only ipv4 is indicated */ | |
239 | + shift=MACADDRLN; | |
240 | + length=IPV4ADDRLN; | |
241 | + } | |
242 | + else if(inMac && inIpv6){ /* mac and ipv6 is indicated */ | |
243 | + shift=0; | |
244 | + length=MACADDRLN+IPV6ADDRLN; | |
245 | + } | |
246 | + else if(inMac && inIpv4){ /* mac and ipv4 is indicated */ | |
247 | + shift=0; | |
248 | + length=MACADDRLN+IPV4ADDRLN; | |
249 | + } | |
250 | + else{ /* no one is indicated */ | |
251 | + return FALSE; | |
252 | + } | |
211 | 253 | |
212 | 254 | /*** scan queue to find matched address */ |
213 | 255 | /* set search point to the head of mac-ip cache */ |
@@ -219,7 +261,7 @@ int delCacheItem(char* macAddress) { | ||
219 | 261 | while(temp->next!=NULL){ |
220 | 262 | |
221 | 263 | /* compare indicated value and queue value */ |
222 | - if(memcmp(macAddressRaw, (temp->addrRaw), MACADDRLN)==0){ | |
264 | + if(memcmp(addrRaw+shift, (temp->addrRaw)+shift, length)==0){ | |
223 | 265 | |
224 | 266 | /* set found flag */ |
225 | 267 | found=TRUE; |
@@ -243,11 +285,11 @@ int delCacheItem(char* macAddress) { | ||
243 | 285 | } |
244 | 286 | |
245 | 287 | /**************************************** |
246 | -delete oldest item from packet cache | |
288 | +delete oldest item from MacAndIp cache | |
247 | 289 | ****************************************/ |
248 | 290 | int delOldestCacheItem(void) { |
249 | 291 | DBT hashKey; |
250 | - unsigned char addrRaw[ADDRMAXLN]; | |
292 | + unsigned char addrRaw[MACADDRLN+IPV6ADDRLN]; | |
251 | 293 | int addrLen=0; |
252 | 294 | |
253 | 295 | /* delete oldest item(=head) from queue */ |
@@ -265,16 +307,15 @@ int delOldestCacheItem(void) { | ||
265 | 307 | } |
266 | 308 | |
267 | 309 | /********************************************* |
268 | -initialize Queue | |
310 | +initialize MacAndIpAddress Queue | |
269 | 311 | Queue |
270 | 312 | HeadNode - DataNode - DataNode - TailNode |
271 | 313 | (dummy) (dummy) |
272 | 314 | ^queueHead ^queueTail |
273 | -* this queue is internal struct of packet cache | |
274 | 315 | *********************************************/ |
275 | 316 | int initQueueForCache(void){ |
276 | 317 | |
277 | - unsigned char addrRaw[MACADDRLN]; | |
318 | + unsigned char addrRaw[MACADDRLN+IPV6ADDRLN]; | |
278 | 319 | int addrLen; |
279 | 320 | |
280 | 321 | /* if not exist, prepare head and tail */ |
@@ -289,9 +330,9 @@ int initQueueForCache(void){ | ||
289 | 330 | err_msg("ERR at %s#%d: fail to malloc",__FILE__,__LINE__); |
290 | 331 | terminateProg(0); |
291 | 332 | } |
292 | - bzero(queueHead->addrRaw, MACADDRLN); | |
333 | + bzero(queueHead->addrRaw, MACADDRLN+IPV6ADDRLN); | |
293 | 334 | queueHead->addrLen=0; |
294 | - bzero(queueTail->addrRaw, MACADDRLN); | |
335 | + bzero(queueTail->addrRaw, MACADDRLN+IPV6ADDRLN); | |
295 | 336 | queueTail->addrLen=0; |
296 | 337 | queueHead->next=queueTail; |
297 | 338 | queueTail->next=NULL; |
@@ -310,7 +351,7 @@ int initQueueForCache(void){ | ||
310 | 351 | } |
311 | 352 | |
312 | 353 | /**************************************** |
313 | -Add data to the tail of Queue | |
354 | +Add data to the tail of MacAndIP Queue | |
314 | 355 | input=addr |
315 | 356 | ****************************************/ |
316 | 357 | int enQueueForCache(unsigned char* addrRaw, int addrLen){ |
@@ -322,12 +363,6 @@ int enQueueForCache(unsigned char* addrRaw, int addrLen){ | ||
322 | 363 | return FALSE; |
323 | 364 | } |
324 | 365 | |
325 | - /* check length */ | |
326 | - if(addrLen>MACADDRLN){ | |
327 | - err_msg("ERR at %s#%d: queue data is too long",__FILE__,__LINE__); | |
328 | - return FALSE; | |
329 | - } | |
330 | - | |
331 | 366 | /* add item after the tail and set it as new tail*/ |
332 | 367 | newNode=(struct queueNode*)malloc(sizeof(struct queueNode)); |
333 | 368 | if(newNode==NULL){ |
@@ -338,7 +373,7 @@ int enQueueForCache(unsigned char* addrRaw, int addrLen){ | ||
338 | 373 | queueTail->addrLen=addrLen; |
339 | 374 | queueTail->next=newNode; |
340 | 375 | queueTail=newNode; |
341 | - bzero(queueTail->addrRaw,MACADDRLN); | |
376 | + bzero(queueTail->addrRaw,MACADDRLN+IPV6ADDRLN); | |
342 | 377 | queueTail->addrLen=0; |
343 | 378 | queueTail->next=NULL; |
344 | 379 |
@@ -349,15 +384,15 @@ int enQueueForCache(unsigned char* addrRaw, int addrLen){ | ||
349 | 384 | } |
350 | 385 | |
351 | 386 | /**************************************** |
352 | -Get and remove address data from the head of Queue | |
387 | +Get and remove address data from the head of MacAndIP Queue | |
353 | 388 | output |
354 | - addrRaw:binary string of Mac (length=MACADDRLN) | |
389 | + addrRaw:binary string of Mac&Ip (length=MACADDRLN+IPV6ADDRLN) | |
355 | 390 | pAddrLen: pointer to the aquired string length |
356 | 391 | ****************************************/ |
357 | 392 | int deQueueForCache(unsigned char* addrRaw, int* pAddrLen){ |
358 | 393 | |
359 | 394 | /* set null string as default */ |
360 | - bzero(addrRaw, MACADDRLN); | |
395 | + bzero(addrRaw, MACADDRLN+IPV6ADDRLN); | |
361 | 396 | |
362 | 397 | /* if not prepared, error */ |
363 | 398 | if(queueHead==NULL){ |
@@ -391,7 +426,7 @@ int deQueueForCache(unsigned char* addrRaw, int* pAddrLen){ | ||
391 | 426 | } |
392 | 427 | |
393 | 428 | /**************************************** |
394 | -Listing Queue (for debugging) | |
429 | +Listing MacAndIpAddress Queue (for debugging) | |
395 | 430 | ****************************************/ |
396 | 431 | int listQueueForCache(void){ |
397 | 432 |
@@ -413,10 +448,10 @@ int listQueueForCache(void){ | ||
413 | 448 | } |
414 | 449 | |
415 | 450 | /**************************************** |
416 | -memory free for Queue | |
451 | +memory free for MacAndIpAddress Queue | |
417 | 452 | ****************************************/ |
418 | 453 | void freeQueueForCache(void){ |
419 | - unsigned char addrRaw[MACADDRLN]; | |
454 | + unsigned char addrRaw[MACADDRLN+IPV6ADDRLN]; | |
420 | 455 | int addrLen; |
421 | 456 | while(DeQueueForCache(addrRaw,&addrLen)); |
422 | 457 | free(queueHead); |
@@ -456,18 +491,18 @@ void FreeCache(void) { | ||
456 | 491 | if(debug>1) err_msg("DEBUG:<=freeCache()"); |
457 | 492 | } |
458 | 493 | |
459 | -int IsRecentlyCheckedAddress(unsigned char* macAddressRaw){ | |
494 | +int IsRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen){ | |
460 | 495 | int ret; |
461 | - if(debug>1) err_msg("DEBUG:=>isRecentlyCheckedAddress(%x)", macAddressRaw[0]); | |
462 | - ret = isRecentlyCheckedAddress(macAddressRaw); | |
496 | + if(debug>1) err_msg("DEBUG:=>isRecentlyCheckedAddress(%x,%d)", macAndIpAddressRaw[0],addrLen); | |
497 | + ret = isRecentlyCheckedAddress(macAndIpAddressRaw, addrLen); | |
463 | 498 | if(debug>1) err_msg("DEBUG:(%d)<=isRecentlyCheckedAddress( )",ret); |
464 | 499 | return ret; |
465 | 500 | } |
466 | 501 | |
467 | -int DelCacheItem(char* macAddress) { | |
502 | +int DelCacheItem(char* macAddress, char* ipAddress) { | |
468 | 503 | int ret; |
469 | - if(debug>1) err_msg("DEBUG:=>delCacheItem(%s)", macAddress); | |
470 | - ret = delCacheItem(macAddress); | |
504 | + if(debug>1) err_msg("DEBUG:=>delCacheItem(%s,5s)", macAddress,ipAddress); | |
505 | + ret = delCacheItem(macAddress,ipAddress); | |
471 | 506 | if(debug>1) err_msg("DEBUG:(%d)<=delCacheItem( )",ret); |
472 | 507 | return ret; |
473 | 508 | } |
@@ -85,7 +85,7 @@ int initPcap(void){ | ||
85 | 85 | get next packet from pcap |
86 | 86 | ret=0:no packet,1:ip packet,-1:other packet |
87 | 87 | *******************************/ |
88 | -int getNextPacketFromPcap(unsigned char* macAddressRaw, unsigned char* ipAddressRaw, int* pIpAddrLen, int* pTtl){ | |
88 | +int getNextPacketFromPcap(unsigned char* macAndIpAddressRaw, int* pAddrLen, int* pTtl){ | |
89 | 89 | struct pcap_pkthdr header; /* The header captured by pcap */ |
90 | 90 | const u_char *packet; /* The actual packet */ |
91 | 91 | struct ip *ipv4h; |
@@ -94,10 +94,9 @@ int getNextPacketFromPcap(unsigned char* macAddressRaw, unsigned char* ipAddress | ||
94 | 94 | int ret=0; |
95 | 95 | |
96 | 96 | /* initialize to null string */ |
97 | - bzero(macAddressRaw,MACADDRLN); | |
98 | - bzero(ipAddressRaw,IPV6ADDRLN); | |
97 | + bzero(macAndIpAddressRaw,MACADDRLN+IPV6ADDRLN); | |
99 | 98 | *pTtl=0; |
100 | - *pIpAddrLen=0; | |
99 | + *pAddrLen=0; | |
101 | 100 | |
102 | 101 | /* Grab a packet */ |
103 | 102 | if((packet = pcap_next(handle, &header)) == NULL)return 0; /* 0=no packet*/ |
@@ -109,22 +108,22 @@ int getNextPacketFromPcap(unsigned char* macAddressRaw, unsigned char* ipAddress | ||
109 | 108 | |
110 | 109 | /* get mac address from ether header */ |
111 | 110 | ethhdr = (struct ether_header *)packet; |
112 | - memcpy(macAddressRaw, ethhdr->ether_shost, MACADDRLN); | |
111 | + memcpy(macAndIpAddressRaw, ethhdr->ether_shost, MACADDRLN); | |
113 | 112 | |
114 | 113 | /* get ip address from ip header */ |
115 | 114 | switch (ntohs(ethhdr->ether_type)) { |
116 | 115 | case ETHERTYPE_IP: |
117 | - *pIpAddrLen=IPV4ADDRLN; | |
116 | + *pAddrLen=IPV4ADDRLN+MACADDRLN; | |
118 | 117 | ipv4h = (struct ip *)(packet + sizeof(struct ether_header)); |
119 | - memcpy( ipAddressRaw, &ipv4h->ip_src, IPV4ADDRLN); | |
118 | + memcpy( macAndIpAddressRaw+MACADDRLN, &ipv4h->ip_src, IPV4ADDRLN); | |
120 | 119 | *pTtl = ipv4h->ip_ttl; |
121 | 120 | ret=1; /* 1=success */ |
122 | 121 | break; |
123 | 122 | |
124 | 123 | case ETHERTYPE_IPV6: |
125 | - *pIpAddrLen=IPV6ADDRLN; | |
124 | + *pAddrLen=IPV6ADDRLN+MACADDRLN; | |
126 | 125 | ipv6h = (struct ip6_hdr *)(packet + sizeof(struct ether_header)); |
127 | - memcpy(ipAddressRaw, &ipv6h->ip6_src, IPV6ADDRLN); | |
126 | + memcpy(macAndIpAddressRaw+MACADDRLN, &ipv6h->ip6_src, IPV6ADDRLN); | |
128 | 127 | *pTtl = ipv6h->ip6_ctlun.ip6_un1.ip6_un1_hlim; |
129 | 128 | ret=1; /* 1=success */ |
130 | 129 | break; |
@@ -234,11 +233,12 @@ int InitPcap(void){ | ||
234 | 233 | if(debug>1) err_msg("DEBUG:(%d)<=initPcap( )",ret); |
235 | 234 | return ret; |
236 | 235 | } |
237 | -int GetNextPacketFromPcap(unsigned char* macAddressRaw, unsigned char* ipAddressRaw, int* pIpAddrLen, int* pTtl){ | |
236 | + | |
237 | +int GetNextPacketFromPcap(unsigned char* macAndIpAddressRaw, int* pAddrLen, int* pTtl){ | |
238 | 238 | int ret; |
239 | 239 | if(debug>2) err_msg("DEBUG:=>getNextPacketFromPcap( )"); |
240 | - ret = getNextPacketFromPcap(macAddressRaw, ipAddressRaw, pIpAddrLen, pTtl); | |
241 | - if(debug>2) err_msg("DEBUG:(%d)<=getNextPacketFromPcap(%x,%x,%d,%d)",ret,macAddressRaw[0],ipAddressRaw,*pIpAddrLen,*pTtl); | |
240 | + ret = getNextPacketFromPcap(macAndIpAddressRaw, pAddrLen, pTtl); | |
241 | + if(debug>2) err_msg("DEBUG:(%d)<=getNextPacketFromPcap(%x,%d,%d)",ret,macAndIpAddressRaw[0],*pAddrLen,*pTtl); | |
242 | 242 | return ret; |
243 | 243 | } |
244 | 244 |
@@ -27,11 +27,10 @@ Email: watanaby@is.saga-u.ac.jp | ||
27 | 27 | add session for the mac address |
28 | 28 | add ipfw-rule and table-entry, write db and log |
29 | 29 | *******************************/ |
30 | -int addSession(char* macAddress, char* ipAddress, char* userId, char* extraId){ | |
30 | +int addSession(char* macAddress, char* userId, char* extraId){ | |
31 | 31 | int ruleNumber; |
32 | 32 | static int nSerialError=0; /* number of serial errors for addition */ |
33 | 33 | int failToAdd=FALSE; |
34 | - char ipAddressInDb[ADDRMAXLN]; | |
35 | 34 | int openTime; |
36 | 35 | int checkTime; |
37 | 36 | int ruleNumberInDb; |
@@ -47,7 +46,7 @@ int addSession(char* macAddress, char* ipAddress, char* userId, char* extraId){ | ||
47 | 46 | |
48 | 47 | /* if mac is active session in work db, do nothing */ |
49 | 48 | if(GetSessionFromWorkDb(macAddress, userId, extraId, &openTime, |
50 | - &checkTime, ipAddressInDb, &ruleNumberInDb)){ | |
49 | + &checkTime, &ruleNumberInDb)){ | |
51 | 50 | return FALSE; |
52 | 51 | } |
53 | 52 | /* if not active session in work db, invert sign and goto write db */ |
@@ -60,7 +59,7 @@ int addSession(char* macAddress, char* ipAddress, char* userId, char* extraId){ | ||
60 | 59 | /* as to prevent error loop, retry count is limitted */ |
61 | 60 | if( failToAdd || !IsMacAddressFoundInIpfw(macAddress) ){ |
62 | 61 | nSerialError++; |
63 | - if(nSerialError<1) DelCacheItem(macAddress); | |
62 | + if(nSerialError<1) DelCacheItem(macAddress,""); | |
64 | 63 | err_msg("ERR at %s#%d: ipfw rule addition is failed(%d-%d)", |
65 | 64 | __FILE__,__LINE__, failToAdd, nSerialError); |
66 | 65 | return FALSE; |
@@ -68,13 +67,13 @@ int addSession(char* macAddress, char* ipAddress, char* userId, char* extraId){ | ||
68 | 67 | nSerialError=0; |
69 | 68 | |
70 | 69 | /* write to session db */ |
71 | - InsertSessionToWorkDb(macAddress, userId, extraId, ipAddress, ruleNumber); | |
70 | + InsertSessionToWorkDb(macAddress, userId, extraId, ruleNumber); | |
72 | 71 | |
73 | 72 | /* write open log to syslog */ |
74 | - WriteOpenToSyslog(userId, extraId, ipAddress, macAddress); | |
73 | + WriteOpenToSyslog(userId, extraId, macAddress); | |
75 | 74 | |
76 | 75 | /* write log to management db */ |
77 | - PutOpenToMngDb(macAddress, ipAddress); | |
76 | + PutOpenToMngDb(macAddress); | |
78 | 77 | return TRUE; |
79 | 78 | } |
80 | 79 |
@@ -85,7 +84,6 @@ delete session for the mac address | ||
85 | 84 | void delSession(char* macAddress){ |
86 | 85 | char userId[USERMAXLN]=""; |
87 | 86 | char extraId[USERMAXLN]=""; |
88 | - char ipAddress[ADDRMAXLN]=""; | |
89 | 87 | int openTime=0; |
90 | 88 | int ruleNumber=0; |
91 | 89 | int checkTime=0; |
@@ -93,24 +91,27 @@ void delSession(char* macAddress){ | ||
93 | 91 | |
94 | 92 | /* get information from session table in work db */ |
95 | 93 | success=GetSessionFromWorkDb(macAddress, userId, extraId, &openTime, |
96 | - &checkTime, ipAddress, &ruleNumber); | |
94 | + &checkTime, &ruleNumber); | |
97 | 95 | |
98 | 96 | /* close firewall and refresh the cache */ |
99 | 97 | if(success) CloseClientGate(ruleNumber); |
100 | 98 | |
101 | 99 | /* del from cache */ |
102 | - DelCacheItem(macAddress); | |
100 | + DelCacheItem(macAddress,""); | |
103 | 101 | |
104 | 102 | /* del from session from session table in work db */ |
105 | 103 | DelSessionFromWorkDb(macAddress); |
106 | 104 | |
107 | 105 | /* write close log to syslog */ |
108 | - WriteCloseToSyslog(userId, extraId, ipAddress, macAddress, openTime); | |
109 | - if(debug>0) WriteSessionInfoToSyslog(userId, extraId, ipAddress, | |
106 | + WriteCloseToSyslog(userId, extraId, macAddress, openTime); | |
107 | + if(debug>0) WriteSessionInfoToSyslog(userId, extraId, | |
110 | 108 | macAddress, ruleNumber); |
111 | 109 | |
112 | 110 | /* write close log to management db */ |
113 | 111 | PutCloseToMngDb(macAddress); |
112 | + | |
113 | + /* reset the memory of MAC IP pair */ | |
114 | + ResetMacIpPairs(macAddress); | |
114 | 115 | } |
115 | 116 | |
116 | 117 | /******************************* |
@@ -146,7 +147,6 @@ int closeSession(void* pParam, int argc, char *argv[], char* colName[]){ | ||
146 | 147 | int ruleNumber; |
147 | 148 | char* userId; |
148 | 149 | char* extraId; |
149 | - char* ipAddress; | |
150 | 150 | char* macAddress; |
151 | 151 | int openTime; |
152 | 152 |
@@ -155,22 +155,23 @@ int closeSession(void* pParam, int argc, char *argv[], char* colName[]){ | ||
155 | 155 | ruleNumber=atoi(argv[0]); |
156 | 156 | userId=argv[1]; |
157 | 157 | extraId=argv[2]; |
158 | - ipAddress=argv[3]; | |
159 | - macAddress=argv[4]; | |
160 | - openTime=atoi(argv[5]); | |
158 | + macAddress=argv[3]; | |
159 | + openTime=atoi(argv[4]); | |
161 | 160 | |
162 | 161 | /* close firewall */ |
163 | 162 | CloseClientGate(ruleNumber); |
164 | - DelCacheItem(macAddress); | |
163 | + DelCacheItem(macAddress,""); | |
165 | 164 | |
166 | 165 | /* write close log to syslog */ |
167 | - WriteCloseToSyslog(userId, extraId, ipAddress, macAddress, openTime); | |
168 | - if(debug>0) WriteSessionInfoToSyslog(userId, extraId, ipAddress, | |
169 | - macAddress, ruleNumber); | |
166 | + WriteCloseToSyslog(userId, extraId, macAddress, openTime); | |
167 | + if(debug>0) WriteSessionInfoToSyslog(userId, extraId, macAddress, ruleNumber); | |
170 | 168 | |
171 | 169 | /* write close log to management db */ |
172 | 170 | PutCloseToMngDb(macAddress); |
173 | 171 | |
172 | + /* reset the memory of MAC IP pair */ | |
173 | + ResetMacIpPairs(macAddress); | |
174 | + | |
174 | 175 | return 0; /* SQLITE_OK */ |
175 | 176 | } |
176 | 177 |
@@ -195,13 +196,11 @@ int isMatchedSessionFound(char* macAddress){ | ||
195 | 196 | char extraId[USERMAXLN]; |
196 | 197 | int openTime; |
197 | 198 | int checkTime; |
198 | - char ipAddress[ADDRMAXLN]; | |
199 | 199 | int ruleNumber; |
200 | 200 | |
201 | 201 | /* get info for the macAddress */ |
202 | 202 | return GetSessionFromWorkDb(macAddress, userId, extraId, |
203 | - &openTime, &checkTime, ipAddress, | |
204 | - &ruleNumber); | |
203 | + &openTime, &checkTime, &ruleNumber); | |
205 | 204 | } |
206 | 205 | |
207 | 206 | /************************************ |
@@ -289,7 +288,6 @@ void removeSessionUnmatchedToIpfwRule(DB* ruleTable, DB* sessionTable){ | ||
289 | 288 | int retRuleTbl; |
290 | 289 | int retSesTbl; |
291 | 290 | int ruleNumber; |
292 | - char ipAddress[ADDRMAXLN]; | |
293 | 291 | char userId[USERMAXLN]; |
294 | 292 | char extraId[USERMAXLN]; |
295 | 293 | char macAddress[ADDRMAXLN]; |
@@ -323,16 +321,16 @@ void removeSessionUnmatchedToIpfwRule(DB* ruleTable, DB* sessionTable){ | ||
323 | 321 | else{ |
324 | 322 | /* write log and close session */ |
325 | 323 | if(!GetSessionFromWorkDb(macAddress, userId, extraId, |
326 | - &openTime, &checkTime,ipAddress, &ruleNumber)){ | |
324 | + &openTime, &checkTime, &ruleNumber)){ | |
327 | 325 | err_msg("ERR at %s#%d: fail to get session info",__FILE__,__LINE__); |
328 | 326 | }else{ |
329 | - WriteCloseToSyslog(userId, extraId, ipAddress, macAddress, openTime); | |
327 | + WriteCloseToSyslog(userId, extraId, macAddress, openTime); | |
330 | 328 | PutCloseToMngDb(macAddress); |
331 | 329 | DelSessionFromWorkDb(macAddress); |
332 | 330 | } |
333 | 331 | |
334 | 332 | /* write session info to syslog */ |
335 | - if(debug>0) WriteSessionInfoToSyslog(userId, extraId, ipAddress, | |
333 | + if(debug>0) WriteSessionInfoToSyslog(userId, extraId, | |
336 | 334 | macAddress, ruleNumber); |
337 | 335 | } |
338 | 336 |
@@ -381,14 +379,14 @@ void removeIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable){ | ||
381 | 379 | |
382 | 380 | /* remove entry in ipfw rule */ |
383 | 381 | CloseClientGate(ruleNumber); |
384 | - DelCacheItem(macAddress); | |
382 | + DelCacheItem(macAddress,""); | |
385 | 383 | |
386 | 384 | /* write log */ |
387 | - WriteCloseToSyslog("?", "", "?", macAddress, time(NULL)); | |
385 | + WriteCloseToSyslog("?", "", macAddress, time(NULL)); | |
388 | 386 | PutCloseToMngDb(macAddress); |
389 | 387 | |
390 | 388 | /* write session info to syslog */ |
391 | - if(debug>0) WriteSessionInfoToSyslog("?","","?",macAddress, ruleNumber); | |
389 | + if(debug>0) WriteSessionInfoToSyslog("?","", macAddress, ruleNumber); | |
392 | 390 | } |
393 | 391 | |
394 | 392 | /* get next rule entry */ |
@@ -400,22 +398,21 @@ void removeIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable){ | ||
400 | 398 | /****************************************** |
401 | 399 | write open message to syslog |
402 | 400 | ******************************************/ |
403 | -void writeOpenToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress){ | |
401 | +void writeOpenToSyslog(char* userId, char* extraId, char* macAddress){ | |
404 | 402 | |
405 | 403 | if(extraId[0]=='\0'){ |
406 | - err_msg("OPEN: user %s from %s at %s", | |
407 | - userId, ipAddress, macAddress); | |
404 | + err_msg("OPEN: user %s at %s", | |
405 | + userId, macAddress); | |
408 | 406 | }else{ |
409 | - err_msg("OPEN: user %s%s%s from %s at %s", | |
410 | - userId, GetConfValue("UserIdSeparator"), extraId, | |
411 | - ipAddress, macAddress); | |
407 | + err_msg("OPEN: user %s%s%s at %s", | |
408 | + userId, GetConfValue("UserIdSeparator"), extraId, macAddress); | |
412 | 409 | } |
413 | 410 | } |
414 | 411 | |
415 | 412 | /****************************************** |
416 | 413 | write close message to syslog |
417 | 414 | ******************************************/ |
418 | -void writeCloseToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int openTime){ | |
415 | +void writeCloseToSyslog(char* userId, char* extraId, char* macAddress, int openTime){ | |
419 | 416 | |
420 | 417 | double time_l; |
421 | 418 | int hour, min, sec; |
@@ -426,19 +423,19 @@ void writeCloseToSyslog(char* userId, char* extraId, char* ipAddress, char* macA | ||
426 | 423 | sec=(time_l-hour*60*60-min*60); |
427 | 424 | |
428 | 425 | if(extraId[0]=='\0'){ |
429 | - err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )", | |
430 | - userId, ipAddress, macAddress, hour,min,sec); | |
426 | + err_msg("CLOS: user %s at %s ( %02d:%02d:%02d )", | |
427 | + userId, macAddress, hour,min,sec); | |
431 | 428 | }else{ |
432 | - err_msg("CLOS: user %s%s%s from %s at %s ( %02d:%02d:%02d )", | |
429 | + err_msg("CLOS: user %s%s%s at %s ( %02d:%02d:%02d )", | |
433 | 430 | userId, GetConfValue("UserIdSeparator"), extraId, |
434 | - ipAddress, macAddress, hour,min,sec); | |
431 | + macAddress, hour,min,sec); | |
435 | 432 | } |
436 | 433 | } |
437 | 434 | |
438 | 435 | /****************************************** |
439 | 436 | write session info message to syslog |
440 | 437 | ******************************************/ |
441 | -void writeSessionInfoToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int ruleNumber){ | |
438 | +void writeSessionInfoToSyslog(char* userId, char* extraId, char* macAddress, int ruleNumber){ | |
442 | 439 | |
443 | 440 | char detectTimeStr[WORDMAXLN]; |
444 | 441 | int ttl; |
@@ -447,27 +444,59 @@ void writeSessionInfoToSyslog(char* userId, char* extraId, char* ipAddress, char | ||
447 | 444 | GetMacInfoFromWorkDb(macAddress, detectTimeStr, &ttl); |
448 | 445 | |
449 | 446 | if(extraId[0]=='\0'){ |
450 | - err_msg("INFO: user=%s ipaddr=%s macaddr=%s " | |
447 | + err_msg("INFO: user=%s macaddr=%s " | |
451 | 448 | "ipfwrule=%d ttl=%d lastcheck=%s", |
452 | - userId, ipAddress, macAddress, ruleNumber, ttl, detectTimeStr); | |
449 | + userId, macAddress, ruleNumber, ttl, detectTimeStr); | |
453 | 450 | }else{ |
454 | - err_msg("INFO: user=%s%s%s ipaddr=%s macaddr=%s " | |
451 | + err_msg("INFO: user=%s%s%s macaddr=%s " | |
455 | 452 | "ipfwrule=%d ttl=%d lastcheck=%s", |
456 | 453 | userId, GetConfValue("UserIdSeparator"), extraId, |
457 | - ipAddress, macAddress, ruleNumber, ttl, detectTimeStr); | |
454 | + macAddress, ruleNumber, ttl, detectTimeStr); | |
458 | 455 | } |
459 | 456 | } |
460 | 457 | |
458 | +/********************************************** | |
459 | +Memorize the MAC&IP address pair to DB and log | |
460 | +**********************************************/ | |
461 | +void setMacIpPair(char* macAddress, char* ipAddress, char* userId, char* extraId){ | |
462 | + | |
463 | + /* if the pair is not found in work db, record it */ | |
464 | + if(!IsFoundMacIpPairInWorkDb(macAddress, ipAddress)){ | |
465 | + PutMacIpPairToWorkDb(macAddress, ipAddress); | |
466 | + | |
467 | + /* record the pair to management db */ | |
468 | + PutMacIpPairToMngDb(macAddress, ipAddress); | |
469 | + | |
470 | + /* write to syslog */ | |
471 | + if(isNull(extraId)){ | |
472 | + err_msg("FIND: user %s from %s at %s", userId, ipAddress, macAddress); | |
473 | + }else{ | |
474 | + err_msg("FIND: user %s%s%s from %s at %s", | |
475 | + userId, GetConfValue("UserIdSeparator"), extraId, | |
476 | + ipAddress, macAddress); | |
477 | + } | |
478 | + } | |
479 | +} | |
480 | + | |
481 | +/********************************** | |
482 | +Reset the MAC&IP address pair in DB | |
483 | +***********************************/ | |
484 | +void resetMacIpPairs(char* macAddress){ | |
485 | + | |
486 | + /* remove the all-pairs having the MAC from work db */ | |
487 | + DelMacIpPairsInWorkDb(macAddress); | |
488 | +} | |
489 | + | |
461 | 490 | |
462 | 491 | /************************************************** |
463 | 492 | routines for debugging output |
464 | 493 | *************************************************/ |
465 | 494 | |
466 | -int AddSession(char* macAddress, char* ipAddress, char* userId, char* extraId){ | |
495 | +int AddSession(char* macAddress, char* userId, char* extraId){ | |
467 | 496 | int ret; |
468 | - if(debug>1) err_msg("DEBUG:=>addSession(%s,%s,%s,%s)", | |
469 | - macAddress, ipAddress, userId, extraId); | |
470 | - ret = addSession(macAddress, ipAddress, userId, extraId); | |
497 | + if(debug>1) err_msg("DEBUG:=>addSession(%s,%s,%s)", | |
498 | + macAddress, userId, extraId); | |
499 | + ret = addSession(macAddress, userId, extraId); | |
471 | 500 | if(debug>1) err_msg("DEBUG:(%d)<=addSession( )",ret); |
472 | 501 | return ret; |
473 | 502 | } |
@@ -513,21 +542,21 @@ void CloseUnmatchSessions(void){ | ||
513 | 542 | if(debug>1) err_msg("DEBUG:<=closeUnmatchSessions( )"); |
514 | 543 | } |
515 | 544 | |
516 | -void WriteOpenToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress){ | |
517 | - if(debug>1) err_msg("DEBUG:=>writeOpenToSyslog(%s,%s,%s,%s)", userId, extraId, ipAddress, macAddress); | |
518 | - writeOpenToSyslog(userId, extraId, ipAddress, macAddress); | |
545 | +void WriteOpenToSyslog(char* userId, char* extraId, char* macAddress){ | |
546 | + if(debug>1) err_msg("DEBUG:=>writeOpenToSyslog(%s,%s,%s)", userId, extraId, macAddress); | |
547 | + writeOpenToSyslog(userId, extraId, macAddress); | |
519 | 548 | if(debug>1) err_msg("DEBUG:<=writeOpenToSyslog( )"); |
520 | 549 | } |
521 | 550 | |
522 | -void WriteCloseToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int openTime){ | |
523 | - if(debug>1) err_msg("DEBUG:=>writeCloseToSyslog(%s,%s,%s,%s,%d)", userId, extraId, ipAddress, macAddress, openTime); | |
524 | - writeCloseToSyslog(userId, extraId, ipAddress, macAddress, openTime); | |
551 | +void WriteCloseToSyslog(char* userId, char* extraId, char* macAddress, int openTime){ | |
552 | + if(debug>1) err_msg("DEBUG:=>writeCloseToSyslog(%s,%s,%s,%d)", userId, extraId, macAddress, openTime); | |
553 | + writeCloseToSyslog(userId, extraId, macAddress, openTime); | |
525 | 554 | if(debug>1) err_msg("DEBUG:<=writeCloseToSyslog( )"); |
526 | 555 | } |
527 | 556 | |
528 | -void WriteSessionInfoToSyslog(char* userId, char* extraId, char* ipAddress, char* macAddress, int ruleNumber){ | |
529 | - if(debug>1) err_msg("DEBUG:=>writeSessionInfoToSyslog(%s,%s,%s,%s,%d)", userId, extraId, ipAddress, macAddress, ruleNumber); | |
530 | - writeSessionInfoToSyslog(userId, extraId, ipAddress, macAddress, ruleNumber); | |
557 | +void WriteSessionInfoToSyslog(char* userId, char* extraId, char* macAddress, int ruleNumber){ | |
558 | + if(debug>1) err_msg("DEBUG:=>writeSessionInfoToSyslog(%s,%s,%s,%d)", userId, extraId, macAddress, ruleNumber); | |
559 | + writeSessionInfoToSyslog(userId, extraId, macAddress, ruleNumber); | |
531 | 560 | if(debug>1) err_msg("DEBUG:<=writeSessionInfoToSyslog( )"); |
532 | 561 | } |
533 | 562 |
@@ -545,6 +574,18 @@ void RemoveIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable){ | ||
545 | 574 | |
546 | 575 | } |
547 | 576 | |
577 | +void SetMacIpPair(char* macAddress, char* ipAddress, char* userId, char* extraId){ | |
578 | + if(debug>1) err_msg("DEBUG:=>setMacIpPair(%s,%s,%s,%s)", | |
579 | + macAddress, ipAddress, userId, extraId); | |
580 | + setMacIpPair(macAddress, ipAddress, userId, extraId); | |
581 | + if(debug>1) err_msg("DEBUG:<=setMacIpPair( )"); | |
582 | +} | |
583 | + | |
584 | +void ResetMacIpPairs(char* macAddress){ | |
585 | + if(debug>1) err_msg("DEBUG:=>resetMacIpPairs(%s)", macAddress); | |
586 | + resetMacIpPairs(macAddress); | |
587 | + if(debug>1) err_msg("DEBUG:<=resetMacIpPairs( )"); | |
588 | +} | |
548 | 589 | |
549 | 590 | /********************testmain******************** |
550 | 591 | void testmain(){ |
@@ -52,10 +52,13 @@ int initWorkDb(void){ | ||
52 | 52 | char *createCmd1="CREATE TABLE IF NOT EXISTS sessionmd " |
53 | 53 | "(macAddress TEXT PRIMARY KEY, " |
54 | 54 | "userId TEXT, extraId TEXT, openTime INTEGER, checkTime INTEGER, " |
55 | - "ipAddress TEXT, ruleNumber INTEGER)"; | |
55 | + "ruleNumber INTEGER)"; | |
56 | 56 | char *createCmd2="CREATE TABLE IF NOT EXISTS macinfo " |
57 | 57 | "(macAddress TEXT PRIMARY KEY ON CONFLICT REPLACE, " |
58 | 58 | "detectTime INTEGER, ttl INTEGER, isNat INTEGER)"; |
59 | + char *createCmd3="CREATE TABLE IF NOT EXISTS macippair " | |
60 | + "(macAddress TEXT, " | |
61 | + "ipAddress TEXT, findTime INTEGER)"; | |
59 | 62 | |
60 | 63 | /* setup static variable value for SqLite3_busy_timeout from conf */ |
61 | 64 | SetupSqliteBusyTimeoutValue(); |
@@ -79,6 +82,12 @@ int initWorkDb(void){ | ||
79 | 82 | terminateProg(0); |
80 | 83 | } |
81 | 84 | |
85 | + /* create table3 */ | |
86 | + if(sqlite3_exec(dbMd, createCmd3, NULL, NULL, &pErrMsg)!=SQLITE_OK){ | |
87 | + err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg); | |
88 | + terminateProg(0); | |
89 | + } | |
90 | + | |
82 | 91 | return TRUE; |
83 | 92 | } |
84 | 93 |
@@ -97,21 +106,21 @@ int finalizeWorkDb(void){ | ||
97 | 106 | insert session info to db at start |
98 | 107 | ************************************************************/ |
99 | 108 | int insertSessionToWorkDb(char* macAddress, char* userId, char* extraId, |
100 | - char* ipAddress, int ruleNumber){ | |
109 | + int ruleNumber){ | |
101 | 110 | |
102 | 111 | int rc; |
103 | 112 | char *pErrMsg=NULL; |
104 | 113 | |
105 | 114 | /* SQL INSERT COMMAND, where %x is replaced in snprintf */ |
106 | 115 | char *insertFormat="INSERT INTO sessionmd " |
107 | - "(macAddress, userId, extraId, openTime, checkTime, ipAddress, ruleNumber) " | |
108 | - "values ('%s','%s','%s', %d, %d,'%s', %d)"; | |
116 | + "(macAddress, userId, extraId, openTime, checkTime, ruleNumber) " | |
117 | + "values ('%s','%s','%s', %d, %d, %d)"; | |
109 | 118 | char *insertCmd; |
110 | 119 | int resultFlag=TRUE; |
111 | 120 | |
112 | 121 | /* Prepare insert command */ |
113 | 122 | insertCmd=sqlite3_mprintf(insertFormat, macAddress, userId,extraId, |
114 | - time(NULL), time(NULL), ipAddress, ruleNumber); | |
123 | + time(NULL), time(NULL), ruleNumber); | |
115 | 124 | |
116 | 125 | /* Execute insert to sqlite */ |
117 | 126 | if((rc=sqlite3_exec(dbMd, insertCmd, NULL, NULL, &pErrMsg))!=SQLITE_OK){ |
@@ -154,7 +163,7 @@ int updateCheckTimeInWorkDb(char* macAddress){ | ||
154 | 163 | } |
155 | 164 | |
156 | 165 | /************************************************************* |
157 | - delete session info to db at stop | |
166 | + delete session info in db at stop | |
158 | 167 | *************************************************************/ |
159 | 168 | int delSessionFromWorkDb(char* macAddress){ |
160 | 169 |
@@ -177,22 +186,22 @@ int delSessionFromWorkDb(char* macAddress){ | ||
177 | 186 | /*memory free for sqlite3 string */ |
178 | 187 | sqlite3_free(deleteCmd); |
179 | 188 | |
180 | - return TRUE; | |
189 | + return resultFlag; | |
181 | 190 | } |
182 | 191 | |
183 | 192 | /************************************************ |
184 | - get info for active session about ip addr from db | |
193 | + get info for active session about mac addr from db | |
185 | 194 | input = macAddress, output = others |
186 | 195 | *************************************************/ |
187 | 196 | int getSessionFromWorkDb(char* macAddress, char* userId, char* extraId, |
188 | - int* openTime, int* checkTime, char *ipAddress, | |
197 | + int* openTime, int* checkTime, | |
189 | 198 | int* ruleNumber){ |
190 | 199 | |
191 | 200 | sqlite3_stmt *stmt; |
192 | 201 | |
193 | 202 | /* SQL SELECT COMMAND, where %x is replaced in snprintf */ |
194 | 203 | char *selectFormat="SELECT userId, extraId, openTime, checkTime, " |
195 | - "ipAddress, ruleNumber FROM sessionmd WHERE macAddress='%s'"; | |
204 | + "ruleNumber FROM sessionmd WHERE macAddress='%s'"; | |
196 | 205 | char *selectCmd; |
197 | 206 | int resultFlag=TRUE; |
198 | 207 |
@@ -217,15 +226,13 @@ int getSessionFromWorkDb(char* macAddress, char* userId, char* extraId, | ||
217 | 226 | strncpy(extraId, (char*)sqlite3_column_text(stmt, 1), USERMAXLN); |
218 | 227 | *openTime=(int)sqlite3_column_int(stmt, 2); |
219 | 228 | *checkTime=(int)sqlite3_column_int(stmt, 3); |
220 | - strncpy(ipAddress, (char*)sqlite3_column_text(stmt, 4), ADDRMAXLN); | |
221 | - *ruleNumber=(int)sqlite3_column_int(stmt, 5); | |
229 | + *ruleNumber=(int)sqlite3_column_int(stmt, 4); | |
222 | 230 | resultFlag=TRUE; |
223 | 231 | }else{ |
224 | 232 | userId[0]='\0'; |
225 | 233 | extraId[0]='\0'; |
226 | 234 | *openTime=0; |
227 | 235 | *checkTime=0; |
228 | - ipAddress[0]='\0'; | |
229 | 236 | *ruleNumber=0; |
230 | 237 | resultFlag=FALSE; |
231 | 238 | } |
@@ -256,7 +263,7 @@ int delUselessSessionsInWorkDb(int delayed){ | ||
256 | 263 | if(!delayed) uselessLimitTime = time(NULL); |
257 | 264 | |
258 | 265 | /* SQL SELECT COMMAND, where %x is replaced in snprintf */ |
259 | - char *selectFormat="SELECT ruleNumber, userId, extraId, ipAddress, " | |
266 | + char *selectFormat="SELECT ruleNumber, userId, extraId, " | |
260 | 267 | "macAddress, openTime FROM sessionmd WHERE checkTime<%d"; |
261 | 268 | char *deleteFormat="DELETE FROM sessionmd WHERE checkTime<%d"; |
262 | 269 | char *selectCmd; |
@@ -451,7 +458,98 @@ int isActiveRuleInWorkDb(int ruleNumber){ | ||
451 | 458 | return resultFlag; |
452 | 459 | } |
453 | 460 | |
461 | +/******************************************** | |
462 | +Is the MAC-IP pair found in work db | |
463 | +********************************************/ | |
464 | +int isFoundMacIpPairInWorkDb(char* macAddress, char* ipAddress){ | |
465 | + sqlite3_stmt *stmt; | |
466 | + | |
467 | + /* SQL SELECT COMMAND, where %x is replaced in snprintf */ | |
468 | + char *selectFormat="SELECT * FROM macippair " | |
469 | + " WHERE macAddress='%s' AND ipAddress='%s'"; | |
470 | + char *selectCmd; | |
471 | + int resultFlag=TRUE; | |
454 | 472 | |
473 | + /* prepare command string */ | |
474 | + selectCmd=sqlite3_mprintf(selectFormat, macAddress, ipAddress); | |
475 | + | |
476 | + /* compile to internal statement */ | |
477 | + if(sqlite3_prepare(dbMd, selectCmd, BUFFMAXLN, &stmt, NULL)!=SQLITE_OK){ | |
478 | + resultFlag=FALSE; | |
479 | + err_msg("ERR at %s#%d: sqlite3_prepare",__FILE__,__LINE__); | |
480 | + | |
481 | + /* finalize */ | |
482 | + sqlite3_free(selectCmd); | |
483 | + sqlite3_finalize(stmt); | |
484 | + return FALSE; | |
485 | + } | |
486 | + | |
487 | + /* get first record */ | |
488 | + if(sqlite3_step(stmt)==SQLITE_ROW) resultFlag=TRUE; | |
489 | + else resultFlag=FALSE; | |
490 | + | |
491 | + /* finalize */ | |
492 | + sqlite3_free(selectCmd); | |
493 | + sqlite3_finalize(stmt); | |
494 | + return resultFlag; | |
495 | +} | |
496 | + | |
497 | + | |
498 | +/******************************************** | |
499 | +Insert MAC-IP pair to work db | |
500 | +********************************************/ | |
501 | +int putMacIpPairToWorkDb(char* macAddress, char* ipAddress){ | |
502 | + int rc; | |
503 | + char *pErrMsg=NULL; | |
504 | + | |
505 | + /* SQL INSERT COMMAND, where %x is replaced in snprintf */ | |
506 | + char *insertFormat="INSERT INTO macippair " | |
507 | + "(macAddress, ipAddress, findTime) " | |
508 | + "values ('%s','%s', %d)"; | |
509 | + char *insertCmd; | |
510 | + int resultFlag=TRUE; | |
511 | + | |
512 | + /* Prepare insert command */ | |
513 | + insertCmd=sqlite3_mprintf(insertFormat, macAddress, ipAddress, time(NULL)); | |
514 | + | |
515 | + /* Execute insert to sqlite */ | |
516 | + if((rc=sqlite3_exec(dbMd, insertCmd, NULL, NULL, &pErrMsg))!=SQLITE_OK){ | |
517 | + resultFlag=FALSE; | |
518 | + err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg); | |
519 | + } | |
520 | + | |
521 | + /*Memory free for sqlite3 string */ | |
522 | + sqlite3_free(insertCmd); | |
523 | + | |
524 | + return resultFlag; | |
525 | +} | |
526 | + | |
527 | +/******************************************** | |
528 | +Delete the mac-ip pairs in work db for the mac | |
529 | +********************************************/ | |
530 | +int delMacIpPairsInWorkDb(char* macAddress){ | |
531 | + char *pErrMsg=NULL; | |
532 | + | |
533 | + /* SQL DELETE COMMAND, where %x is replaced in mprintf */ | |
534 | + char *deleteFormat="DELETE FROM macippair WHERE macAddress='%s'"; | |
535 | + char *deleteCmd; | |
536 | + int resultFlag=TRUE; | |
537 | + | |
538 | + /* prepare command */ | |
539 | + deleteCmd=sqlite3_mprintf(deleteFormat, macAddress); | |
540 | + | |
541 | + /* execute delete */ | |
542 | + if(sqlite3_exec(dbMd, deleteCmd, NULL, NULL, &pErrMsg)!=SQLITE_OK){ | |
543 | + resultFlag=FALSE; | |
544 | + err_msg("ERR at %s#%d: sqlite3_exec: %s",__FILE__,__LINE__,pErrMsg); | |
545 | + } | |
546 | + | |
547 | + /*memory free for sqlite3 string */ | |
548 | + sqlite3_free(deleteCmd); | |
549 | + | |
550 | + return resultFlag; | |
551 | + | |
552 | +} | |
455 | 553 | |
456 | 554 | /********************************************************* |
457 | 555 | routines for debugging output |
@@ -481,11 +579,11 @@ int FinalizeWorkDb(void){ | ||
481 | 579 | } |
482 | 580 | |
483 | 581 | int InsertSessionToWorkDb(char* macAddress, char* userId, char* extraId, |
484 | - char* ipAddress, int ruleNumber){ | |
582 | + int ruleNumber){ | |
485 | 583 | int ret; |
486 | - if(debug>1) err_msg("DEBUG:=>insertSessionToWorkDb(%s,%s,%s,%s,%d)", | |
487 | - macAddress, userId, extraId, ipAddress, ruleNumber); | |
488 | - ret = insertSessionToWorkDb(macAddress, userId, extraId, ipAddress, ruleNumber); | |
584 | + if(debug>1) err_msg("DEBUG:=>insertSessionToWorkDb(%s,%s,%s,%d)", | |
585 | + macAddress, userId, extraId, ruleNumber); | |
586 | + ret = insertSessionToWorkDb(macAddress, userId, extraId, ruleNumber); | |
489 | 587 | if(debug>1) err_msg("DEBUG:(%d)<=insertSessionToWorkDb( )",ret); |
490 | 588 | return ret; |
491 | 589 | } |
@@ -507,15 +605,13 @@ int DelSessionFromWorkDb(char* macAddress){ | ||
507 | 605 | } |
508 | 606 | |
509 | 607 | int GetSessionFromWorkDb(char* macAddress, char* userId, char* extraId, |
510 | - int* openTime, int* checkTime, char *ipAddress, | |
511 | - int* ruleNumber){ | |
608 | + int* openTime, int* checkTime, int* ruleNumber){ | |
512 | 609 | int ret; |
513 | 610 | if(debug>1) err_msg("DEBUG:=>getSessionFromWorkDb(%s)", macAddress); |
514 | 611 | ret = getSessionFromWorkDb(macAddress, userId, extraId, openTime, |
515 | - checkTime, ipAddress, ruleNumber); | |
516 | - if(debug>1) err_msg("DEBUG:(%d)<=getSessionFromWorkDb(,%s,%s,%d,%d,%s,%d)", | |
517 | - ret,userId,extraId,*openTime,*checkTime,ipAddress, | |
518 | - *ruleNumber); | |
612 | + checkTime, ruleNumber); | |
613 | + if(debug>1) err_msg("DEBUG:(%d)<=getSessionFromWorkDb(,%s,%s,%d,%d,%d)", | |
614 | + ret,userId,extraId,*openTime,*checkTime, *ruleNumber); | |
519 | 615 | return ret; |
520 | 616 | } |
521 | 617 |
@@ -559,3 +655,31 @@ int GetMacInfoFromWorkDb(char* macAddress, char* detectTimeStr, int* pTtl){ | ||
559 | 655 | ret, detectTimeStr, *pTtl); |
560 | 656 | return ret; |
561 | 657 | } |
658 | + | |
659 | +int IsFoundMacIpPairInWorkDb(char* macAddress, char* ipAddress){ | |
660 | + int ret; | |
661 | + if(debug>1) err_msg("DEBUG:=>isFoundMacIpPairInWorkDb(%s,%s)", | |
662 | + macAddress,ipAddress); | |
663 | + ret=isFoundMacIpPairInWorkDb(macAddress, ipAddress); | |
664 | + if(debug>1) err_msg("DEBUG:(%d)<=isfoundMacIpPairInWorkDb( )", ret); | |
665 | + return ret; | |
666 | +} | |
667 | + | |
668 | +int PutMacIpPairToWorkDb(char* macAddress, char* ipAddress){ | |
669 | + int ret; | |
670 | + if(debug>1) err_msg("DEBUG:=>putMacIpPairToWorkDb(%s,%s)", | |
671 | + macAddress,ipAddress); | |
672 | + ret=putMacIpPairToWorkDb(macAddress, ipAddress); | |
673 | + if(debug>1) err_msg("DEBUG:(%d)<=putMacIpPairtoWorkDb( )", ret); | |
674 | + return ret; | |
675 | +} | |
676 | + | |
677 | + | |
678 | +int DelMacIpPairsInWorkDb(char* macAddress){ | |
679 | + int ret; | |
680 | + if(debug>1) err_msg("DEBUG:=>delMacIpPairsInWorkDb(%s)", | |
681 | + macAddress); | |
682 | + ret=delMacIpPairsInWorkDb(macAddress); | |
683 | + if(debug>1) err_msg("DEBUG:(%d)<=delMacIpPairsInWorkDb( )", ret); | |
684 | + return ret; | |
685 | +} |
@@ -17,11 +17,15 @@ create table if not exists macaddrs( | ||
17 | 17 | |
18 | 18 | create table if not exists sessionmd( |
19 | 19 | macAddress CHAR(18), |
20 | - ipAddress TINYTEXT, | |
21 | 20 | gatewayName TINYTEXT, |
22 | 21 | openTime DATETIME, |
23 | 22 | closeTime DATETIME); |
24 | 23 | |
24 | +create table if not exists macippair( | |
25 | + macAddress CHAR(18), | |
26 | + ipAddress TINYTEXT, | |
27 | + findTime DATETIME); | |
28 | + | |
25 | 29 | create table if not exists macmodify( |
26 | 30 | userId TINYTEXT, |
27 | 31 | extraId TINYTEXT, |
@@ -40,8 +44,8 @@ create view sessionview as select | ||
40 | 44 | device, |
41 | 45 | openTime, |
42 | 46 | closeTime, |
43 | - gatewayName, | |
44 | - ipAddress | |
47 | + gatewayName | |
45 | 48 | from macaddrs,sessionmd |
46 | 49 | where macaddrs.macAddress=sessionmd.macAddress |
47 | 50 | and entryDate<openTime and openTime<limitDate; |
51 | + |