<?php
/////////////////////////////////////////////////////////////////////////////////////
// IPTable log analyzer
// Copyright (C) 2002 Gerald GARCIA
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Plac<B2>e - Suite 330, Boston, MA 02111-1307, USA.
//
// Contact author : hide@address.com
/////////////////////////////////////////////////////////////////////////////////////
// $Id: from_host.php,v 1.6 2007/03/30 22:39:18 tarbuck Exp $
require_once("conf/config.php");
require_once("utils/Tabulator.php");
require_once("utils/Misc.php");
$tabulator = new Tabulator();
pageHeader();
$ip=$_REQUEST['ip'];
#$query = "SELECT host as name_src FROM host_cache where ip=INET_ATON('$ip')";
#$result = db_query ($query);
#if ($res=db_nextvalue($result)) {
# $host_name=$res;
#}
$host_name = getHostnameFromCache($ip);
?>
<b>Filtered packets from <?php print "$host_name ($ip)" ; ?> for chain <?php print $chain; ?> younger than <?php print $dateToString[$date]; ?> :</b><br><br>
Whois for <?php print "<a href=whois.php?host=$ip>"; ?><?php print "$ip"; ?></a>
<br><br>
<table cellspacing="0" cellpadding="0" width="100%"><tr bgcolor="#DDDDDD"><td>
<table cellspacing="1" cellpadding="2" width="100%">
<tr><td><center>Chain</center></td><td><center>Date</center></td>
<?php if ($display_netfilter_host) { ?><td><center>Host <a href="?_display_netfilter_host=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
<?php if ($display_netfilter_interface) { ?><td><center>Interf. <a href="?_display_netfilter_interface=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
<td><center>Proto</center></td>
<?php if ($display_netfilter_srcport) { ?><td nowrap><center>S. port <a href="?_display_netfilter_srcport=0" class="DelButton"
>[X]</a></center></td><?php } ?>
<td><center>Dest. port</center></td>
<?php if ($display_netfilter_destination) { ?><td><center>Dest. IP <a href="?_display_netfilter_destination=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
</tr>
<?php
if ($chain != 'ALL') {
$chain_where = " AND u.oob_prefix='$chain'";
}
if ($date < 1000) {
$date_where = "AND u.local_time > UNIX_TIMESTAMP(ADDDATE(CURDATE(),INTERVAL -$date DAY))";
}
$query = "SELECT count(id) FROM ulog u WHERE ip_saddr=INET_ATON('$ip') $date_where $chain_where";
$result = db_query ($query) or db_handleError("Unable to query log table");
$nb_records=db_nextvalue($result);
if ($first > ($nb_records - $number)) { $first = ($nb_records - $number); }
if ($first < 0) { $first = 0; }
$query = "SELECT FROM_UNIXTIME(u.local_time) as date,local_hostname AS host,u.oob_prefix AS chain,u.oob_in AS interface_in,u.oob_out AS interface_out,p.name AS proto,IFNULL(u.tcp_sport,IFNULL(u.udp_sport,0)) AS port_src,IFNULL(u.tcp_dport,IFNULL(u.udp_dport,0)) AS port_dest,IFNULL(dhc.host,'Unresolved') AS name_dest,INET_NTOA(u.ip_daddr) AS ip_dest FROM ulog u LEFT OUTER JOIN host_cache dhc ON u.ip_daddr = dhc.ip LEFT OUTER JOIN protos p ON u.ip_protocol = p.num WHERE ip_saddr=INET_ATON('$ip') $date_where $chain_where ORDER BY date DESC LIMIT $first,$number";
$result = db_query ($query);
if ( db_numrows($result) == 0 ) {
print "<tr bgcolor=\"#FFFFFF\"><td colspan=6>No packets match the request</td></tr>";
} else {
while($line = db_nextobject($result)){
print "<tr bgcolor=\"#FFFFFF\">";
print "<td>$line->chain</td>";
print "<td>$line->date</td>";
if ($display_netfilter_host) { print "<td>$line->host</td>"; }
if ($display_netfilter_interface) {
if ($line->interface_in) {
print "<td>$line->interface_in<-</td>";
} else {
print "<td>$line->interface_out-></td>";
}
}
print "<td>$line->proto</td>";
if ($display_netfilter_srcport) {
if (strcmp($line->proto,"ICMP")) { print "<td>$line->port_src</td>"; } else { echo "<td> </td>"; }
}
if (strcmp($line->proto,"ICMP")!=0) {
print "<td><a href=\"to_port.php?port=$line->port_dest\">$line->port_dest ";
# $query2 = "SELECT name FROM ports where port=$line->port_dest ORDER BY custom DESC limit 1";
# $result2 = db_query ($query2);
# if ($port_desc=db_nextobject($result2)) {
if ($port_desc=findPortNameFromNumber($line->port_dest)) {
print "($port_desc)";
}
print "</a></td>";
} else {
print "<td><center>-</center></td>";
}
if ($display_netfilter_destination) {
print "<td><a href=\"to_host.php?ip=$line->ip_dest\">";
if ($line->name_dest=="Unresolved") { print "$line->ip_dest"; } else { print "$line->name_dest"; }
print "</a></td>";
}
print "</tr>";
}
?>
<?php } // nb packet != 0 ?>
</table>
</td></tr></table>
<?php
$tabulator->display($nb_records);
?>
<?php if (!$display_netfilter_host) { ?><a href="?_display_netfilter_host=1&ip=<?php print $ip; ?>" class="AddButton">Show Host</a><br> <?php } ?>
<?php if (!$display_netfilter_interface) { ?><a href="?_display_netfilter_interface=1&ip=<?php print $ip; ?>" class="AddButton">Show Interface</a><br> <?php } ?>
<?php if (!$display_netfilter_srcport) { ?><a href="?_display_netfilter_srcport=1" class="AddButton">Show Source Port</a><br><?php } ?>
<?php if (!$display_netfilter_destination) { ?><a href="?_display_netfilter_destination=1&ip=<?php print $ip; ?>" class="AddButton">Show Destination IP</a><br><?php } ?>
<?php pageFooter(); ?>