oga's tools
Revisión | 876a6023572985e65dd35daabfbd9a799af16259 (tree) |
---|---|
Tiempo | 2022-05-13 15:07:38 |
Autor | hyperoga <hyperoga@gmai...> |
Commiter | hyperoga |
update V0.15, V0.16
@@ -14,6 +14,8 @@ | ||
14 | 14 | * 14/10/18 V0.12 support -n, -raw option |
15 | 15 | * 14/10/18 V0.13 support time-only format |
16 | 16 | * 14/10/23 V0.14 fix last data print, unprintable char proc |
17 | + * 22/04/19 V0.15 support latest export format | |
18 | + * 22/04/20 V0.16 support -ip -csv | |
17 | 19 | * |
18 | 20 | */ |
19 | 21 |
@@ -21,12 +23,13 @@ | ||
21 | 23 | #include <stdlib.h> |
22 | 24 | #include <errno.h> |
23 | 25 | #include <string.h> |
26 | +#include <ctype.h> /* V0.16-A */ | |
24 | 27 | #ifdef _WIN32 |
25 | 28 | #include <windows.h> |
26 | 29 | #include <sys/utime.h> |
27 | 30 | #endif /* _WIN32 */ |
28 | 31 | |
29 | -#define VER "0.14" | |
32 | +#define VER "0.16" | |
30 | 33 | |
31 | 34 | #define dprintf if (vf) printf |
32 | 35 | #define dprintf2 if (vf >= 2) printf |
@@ -34,6 +37,7 @@ | ||
34 | 37 | |
35 | 38 | #define MAX_NTCPDATA 200000 |
36 | 39 | #define MAX_NPORTID 50000 |
40 | +#define MAX_IPLIST 2 /* V0.16-A */ | |
37 | 41 | |
38 | 42 | #define KEY_TCP "Transmission" |
39 | 43 | #define KEY_PKTDATA "0030" |
@@ -45,6 +49,7 @@ typedef struct _tcpdata { | ||
45 | 49 | char srcip[16]; /* xxx.xxx.xxx.xxx */ |
46 | 50 | char dstip[16]; /* xxx.xxx.xxx.xxx */ |
47 | 51 | char proto[16]; /* protocol */ |
52 | + char len[16]; /* length V0.15-A */ | |
48 | 53 | char info[100]; |
49 | 54 | char portid[12]; /* <port1>-<port2> , port1 < port2 */ |
50 | 55 | int srcport; |
@@ -61,11 +66,15 @@ int portf = 0; /* -port V0.11-A */ | ||
61 | 66 | int cnt = 0; /* frm data count */ |
62 | 67 | int nportid = 0; /* num of portid */ |
63 | 68 | int contf = 0; /* . continue flag V0.12-A V0.14-M */ |
69 | +int oldf = 0; /* -oldf old format(no Length) V0.15-A */ | |
70 | +int ipcnt = 0; /* -ip ip addr count V0.16-A */ | |
71 | +int csvf = 0; /* -csv output csv format V0.16-A */ | |
64 | 72 | int max_ntcpdata = MAX_NTCPDATA; /* default num of data V0.11-A */ |
65 | 73 | tcpdata_t *tcpdatas = NULL; |
66 | 74 | char **portids = NULL; |
67 | 75 | char *start_time = "00:00:00.000000"; |
68 | 76 | char *end_time = "99:99:99.999999"; |
77 | +char iplist[MAX_IPLIST][32]; /* -ip target IP list V0.16-A */ | |
69 | 78 | |
70 | 79 | /* |
71 | 80 | * 不定長のデータをコピーし、次のデータ項目に位置づける |
@@ -124,6 +133,11 @@ void GetSummary(char *buf, tcpdata_t *tcpdatp) | ||
124 | 133 | CopyWord(tcpdatp->srcip, sizeof(tcpdatp->srcip), &pt, ' '); /* copy source ip */ |
125 | 134 | CopyWord(tcpdatp->dstip, sizeof(tcpdatp->dstip), &pt, ' '); /* copy dest ip */ |
126 | 135 | CopyWord(tcpdatp->proto, sizeof(tcpdatp->proto), &pt, ' '); /* copy protocol */ |
136 | + /* V0.15-A start */ | |
137 | + if (!oldf) { | |
138 | + CopyWord(tcpdatp->len, sizeof(tcpdatp->len), &pt, ' '); /* copy length */ | |
139 | + } | |
140 | + /* V0.15-A end */ | |
127 | 141 | CopyWord(tcpdatp->info, sizeof(tcpdatp->info), &pt, '\n'); /* copy info */ |
128 | 142 | /* V0.11-A start */ |
129 | 143 | if (tcpdatp->info[strlen(tcpdatp->info)-1] == 0x0d) { |
@@ -140,16 +154,33 @@ void GetPortNo(char *buf, tcpdata_t *tcpdatp) | ||
140 | 154 | { |
141 | 155 | char *pt = buf; |
142 | 156 | |
143 | - /* search source port */ | |
144 | - pt = strchr(pt, '('); | |
145 | - if (pt) { | |
146 | - tcpdatp->srcport = atoi(++pt); | |
147 | - } | |
148 | - /* search dest port */ | |
149 | - pt = strchr(pt, '('); | |
150 | - if (pt) { | |
151 | - tcpdatp->dstport = atoi(++pt); | |
152 | - } | |
157 | + dprintf3("### Start GetPortNo\n"); | |
158 | + | |
159 | + if (oldf) { /* V0.15-A */ | |
160 | + /* search source port */ | |
161 | + pt = strchr(pt, '('); | |
162 | + if (pt) { | |
163 | + tcpdatp->srcport = atoi(++pt); | |
164 | + } | |
165 | + /* search dest port */ | |
166 | + pt = strchr(pt, '('); | |
167 | + if (pt) { | |
168 | + tcpdatp->dstport = atoi(++pt); | |
169 | + } | |
170 | + } else { /* V0.15-A start */ | |
171 | + /* search source port */ | |
172 | + pt = strstr(pt, "Src Port:"); | |
173 | + if (pt) { | |
174 | + pt += 10; | |
175 | + tcpdatp->srcport = atoi(pt); | |
176 | + } | |
177 | + /* search dest port */ | |
178 | + pt = strstr(pt, "Dst Port:"); | |
179 | + if (pt) { | |
180 | + pt += 10; | |
181 | + tcpdatp->dstport = atoi(pt); | |
182 | + } | |
183 | + } /* V0.15-A end */ | |
153 | 184 | |
154 | 185 | /* search Seq number */ |
155 | 186 | pt = strstr(pt, "Seq:"); |
@@ -163,6 +194,8 @@ void GetPortNo(char *buf, tcpdata_t *tcpdatp) | ||
163 | 194 | pt += 5; |
164 | 195 | tcpdatp->ack = atoi(pt); |
165 | 196 | } |
197 | + | |
198 | + dprintf3("### end GetPortNo\n"); | |
166 | 199 | } |
167 | 200 | |
168 | 201 | /* |
@@ -266,7 +299,7 @@ void GetPktData(char *ibuf, tcpdata_t *tcpdatp, FILE *fp) | ||
266 | 299 | strcpy(buf, ibuf); |
267 | 300 | contf = 0; /* V0.14-A */ |
268 | 301 | do { |
269 | - if (strlen(buf) >= 8) { | |
302 | + if (strlen(buf) >= 8 && buf[4] == ' ') { /* V0.15-C */ | |
270 | 303 | /* 0000 00 01 02 03... */ |
271 | 304 | hex2str(&buf[6], wkstr); |
272 | 305 | if (vf) printf("buf:[%s]=>wkstr:[%s]\n", buf, wkstr); |
@@ -311,8 +344,43 @@ void PrintTcpDat(tcpdata_t *tcpdatp) | ||
311 | 344 | printf("@@@@@ [%s]\n", tcpdatp->pktdata); fflush(stdout); |
312 | 345 | printf("@@@@@ end\n"); fflush(stdout); |
313 | 346 | } |
347 | + /* V0.16-A start */ | |
348 | + if (ipcnt) { | |
349 | + if (ipcnt == 1) { | |
350 | + /* allow specified ip */ | |
351 | + if (strcmp(tcpdatp->srcip, iplist[0]) && strcmp(tcpdatp->dstip, iplist[0])) { | |
352 | + if (vf) fflush(stdout); | |
353 | + return; | |
354 | + } | |
355 | + } else if (ipcnt == 2) { | |
356 | + if (!strcmp(tcpdatp->srcip, iplist[0]) && !strcmp(tcpdatp->dstip, iplist[1]) || | |
357 | + !strcmp(tcpdatp->srcip, iplist[1]) && !strcmp(tcpdatp->dstip, iplist[0])) { | |
358 | + /* allow specified ip pair */ | |
359 | + } else { | |
360 | + if (vf )fflush(stdout); | |
361 | + return; | |
362 | + } | |
363 | + } | |
364 | + } | |
365 | + /* V0.16-A end */ | |
366 | + | |
314 | 367 | /* No date time portid src(port) dst(port) protocol Seq Ack info pktdat */ |
315 | - printf("%7d %s %s %11s %15s(%5d) %15s(%5d) Seq:%5u Ack:%5u %8s %s", | |
368 | + if (csvf) { /* V0.16-A start */ | |
369 | + printf("%7d,%s,%s,%11s,%15s(%5d),%15s(%5d),Seq:%5u,Ack:%5u,%8s,%s", | |
370 | + tcpdatp->frmno, | |
371 | + tcpdatp->date, | |
372 | + tcpdatp->time, | |
373 | + tcpdatp->portid, | |
374 | + tcpdatp->srcip, | |
375 | + tcpdatp->srcport, | |
376 | + tcpdatp->dstip, | |
377 | + tcpdatp->dstport, | |
378 | + tcpdatp->seq, /* option */ | |
379 | + tcpdatp->ack, /* option */ | |
380 | + tcpdatp->proto, | |
381 | + tcpdatp->info); | |
382 | + } else { /* V0.16-A end */ | |
383 | + printf("%7d %s %s %11s %15s(%5d) %15s(%5d) Seq:%5u Ack:%5u %8s %s", | |
316 | 384 | tcpdatp->frmno, |
317 | 385 | tcpdatp->date, |
318 | 386 | tcpdatp->time, |
@@ -325,8 +393,14 @@ void PrintTcpDat(tcpdata_t *tcpdatp) | ||
325 | 393 | tcpdatp->ack, /* option */ |
326 | 394 | tcpdatp->proto, |
327 | 395 | tcpdatp->info); |
396 | + } /* V0.16-A */ | |
397 | + | |
328 | 398 | if (tcpdatp->pktdata) { |
329 | - printf(" [%s]\n", tcpdatp->pktdata); | |
399 | + if (csvf) { /* V0.16-A */ | |
400 | + printf(",[%s]\n", tcpdatp->pktdata); /* V0.16-A */ | |
401 | + } else { /* V0.16-A */ | |
402 | + printf(" [%s]\n", tcpdatp->pktdata); | |
403 | + } /* V0.16-A */ | |
330 | 404 | } else { |
331 | 405 | printf("\n"); |
332 | 406 | } |
@@ -350,6 +424,7 @@ void ReadTcpFile(char *fname) | ||
350 | 424 | newdata = 0; |
351 | 425 | while(fgets(buf, sizeof(buf), fp)) { |
352 | 426 | if (!strncmp(buf, "No.", 3)) { |
427 | + dprintf3("### read packet: %s", buf); /* V0.15-A */ | |
353 | 428 | newdata = 1; |
354 | 429 | if (tcpdat.frmno > 0) { /* 1回目は出力されないようにする */ |
355 | 430 | /* 前回データの登録 (for -port) */ |
@@ -407,12 +482,18 @@ void DispByEachPortid() | ||
407 | 482 | void usage() |
408 | 483 | { |
409 | 484 | printf("tcpan ver. %s\n", VER); |
410 | - printf("usage: tcpan [-port] [-raw] [-n] [-s <start_time>] [-e <end_time>] <wireshark_exp_file.txt>\n"); | |
485 | + printf("usage: tcpan [-port] [-raw] [-n] [-oldf] [-csv]\n"); | |
486 | + printf(" [-s <start_time>] [-e <end_time>]\n"); | |
487 | + printf(" [-ip <ip_addr1> [-ip <ip_addr2>]]\n"); | |
488 | + printf(" <wireshark_exp_file.txt>\n"); | |
411 | 489 | printf(" -port: disp each communication port.\n"); |
412 | 490 | printf(" -raw : output raw packet data.\n"); |
491 | + printf(" -ip : filter by ip addr.\n"); /* V0.16-A */ | |
413 | 492 | printf(" -n : allocates memory by num of data.\n"); |
414 | 493 | printf(" -s : start time. (%s)\n", start_time); |
415 | 494 | printf(" -e : end time. (%s)\n", end_time); |
495 | + printf(" -oldf: old input file format (no Length)\n"); /* V0.15-A */ | |
496 | + printf(" -csv : output csv format\n"); /* V0.16-A */ | |
416 | 497 | printf(" Wireshark Export Option\n"); |
417 | 498 | printf(" [File]=>[Export]=>[File]\n"); |
418 | 499 | printf(" [v]Packet summary line\n"); |
@@ -438,6 +519,23 @@ int main(int a, char *b[]) | ||
438 | 519 | continue; |
439 | 520 | } |
440 | 521 | /* V0.11-A end */ |
522 | + /* V0.15-A start */ | |
523 | + if (!strcmp(b[i], "-oldf")) { | |
524 | + oldf = 1; | |
525 | + continue; | |
526 | + } | |
527 | + /* V0.15-A end */ | |
528 | + /* V0.16-A start */ | |
529 | + if (!strcmp(b[i], "-ip") && a > i+1) { | |
530 | + if (ipcnt >= 2) usage(); | |
531 | + strcpy(iplist[ipcnt++], b[++i]); | |
532 | + continue; | |
533 | + } | |
534 | + if (!strcmp(b[i], "-csv")) { | |
535 | + csvf = 1; | |
536 | + continue; | |
537 | + } | |
538 | + /* V0.16-A end */ | |
441 | 539 | if (!strcmp(b[i], "-v")) { |
442 | 540 | ++vf; |
443 | 541 | continue; |