public static List <string> GetNewIPs(DateTime lastTime, MySqlConnection conn)
{
List <string> ips = new List <string>();
using (conn)
{
conn.Open();
MySqlCommand cmd;
cmd = new MySqlCommand("SELECT DISTINCT i.ip_ver, i.ip_src as ip FROM event e JOIN iphdr i ON e.cid = i.cid AND e.sid = i.sid WHERE e.timestamp > '"
+ lastTime.ToString("yyyy-MM-dd HH:mm:ss") + "'", conn);
using (MySqlDataReader reader = cmd.ExecuteReader())
{
Byte[] IP_bytes6 = new byte[16];
Byte[] IP_bytes4 = new byte[4];
while (reader.Read())
{
//IP v6
if (reader.GetInt32("ip_ver") != 4)
{
reader.GetBytes(reader.GetOrdinal("ip_src"), 0, IP_bytes6, 0, 16);
ips.Add(AlertMapper.ResolveIP(IP_bytes6));
}
else
{
reader.GetBytes(reader.GetOrdinal("ip_src"), 0, IP_bytes4, 0, 4);
ips.Add(AlertMapper.ResolveIP(IP_bytes6));
}
}
}
}
return(ips);
}
public static Iphdr GetIphdr(int cid, int sid, MySqlConnection conn)
{
Iphdr iphdr = new Iphdr();
UInt32 schema = AlertMapper.GetSchemaID(conn);
using (conn)
{
conn.Open();
MySqlCommand cmd;
cmd = new MySqlCommand("SELECT * FROM iphdr WHERE cid = " + cid.ToString() + " AND sid = " + sid.ToString(), conn);
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
iphdr.sid = sid;
iphdr.cid = cid;
iphdr.ip_ver = reader.GetInt32("ip_ver");
if (schema < 200) //UINT32 IP column
{
iphdr.source = AlertMapper.ResolveIP4(reader.GetUInt32("ip_src"));
iphdr.destination = AlertMapper.ResolveIP4(reader.GetUInt32("ip_dst"));
}
else
{
//IP v6
if ((iphdr.ip_ver) != 4)
{
iphdr.ip_src = new Byte[16];
iphdr.ip_dst = new Byte[16];
reader.GetBytes(reader.GetOrdinal("ip_src"), 0, iphdr.ip_src, 0, 16);
reader.GetBytes(reader.GetOrdinal("ip_dst"), 0, iphdr.ip_dst, 0, 16);
}
//IP v4
else
{
iphdr.ip_src = new Byte[4];
iphdr.ip_dst = new Byte[4];
reader.GetBytes(reader.GetOrdinal("ip_src"), 0, iphdr.ip_src, 0, 4);
reader.GetBytes(reader.GetOrdinal("ip_dst"), 0, iphdr.ip_dst, 0, 4);
}
}
iphdr.ip_hlen = reader.GetInt32("ip_hlen");
iphdr.ip_tos = reader.GetInt32("ip_tos");
iphdr.ip_ecn = iphdr.ip_tos & 3;
iphdr.ip_len = reader.GetInt32("ip_len");
iphdr.ip_id = reader.GetInt32("ip_id");
iphdr.ip_flags = reader.GetInt32("ip_flags");
iphdr.ip_off = reader.GetInt32("ip_off");
iphdr.ip_csum = reader.GetInt32("ip_csum");
iphdr.ip_ttl = reader.GetInt32("ip_ttl");
iphdr.ip_proto = reader.GetInt32("ip_proto");
}
}
}
return(iphdr);
}
