"Fossies" - the Fresh Open Source Software Archive

Member "ngrep-1_47/scripts/multi.pl" (7 Sep 2017, 2477 Bytes) of package /linux/misc/ngrep-1_47.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "multi.pl" see the Fossies "Dox" file reference documentation. 
    1 #!/usr/bin/perl
    2 #
    3 # Author: Jordan Ritter <jpr5@darkridge.com>
    4 # Date: Thu Jul  5 17:08:18 PDT 2001
    5 #
    6 # Input file format:
    7 #
    8 #      Rulename1 file1.gz rule1 bpf_filter1
    9 #      Rulename2 file2.gz rule2 bpf_filter2
   10 #      Rulename3 file3.gz rule3 bpf_filter3
   11 #
   12 # Output:
   13 # 
   14 #      ./ngrepped.Rulename1
   15 #      ./ngrepped.Rulename2
   16 #      ./ngrepped.Rulename3
   17 #
   18 # Considerations:
   19 #
   20 #      1. Not sure how previous script was able to get the pcap filters with spaces using split...
   21 #      2. Don't forget to tweak $max_procs in CONFIG section.
   22 #      3. Blank lines in rule file are bad bad bad.
   23 #      4. Assumes bash.
   24 #  
   25 
   26 ##########
   27 # CONFIG #
   28 ##########
   29 
   30 require 5.004;
   31 
   32 use POSIX qw(:signal_h);
   33 
   34 my($sig_set) = POSIX::SigSet->new(SIGINT);
   35 my($old_sig_set) = POSIX::SigSet->new();
   36 my($max_procs) = 10;
   37 
   38 my($rules_file,%rules, @rules);
   39 my($fork_level);
   40 my($loops);
   41 
   42 $|++;
   43 
   44 
   45 #############
   46 # FUNCTIONS #
   47 #############
   48 
   49 sub go {
   50     my($rule_name) = shift @_;
   51     return unless $rule_name;
   52 
   53     my(%rule) = %{$rules{$rule_name}};
   54 
   55     $fork_level++;
   56 
   57     sigprocmask(SIG_BLOCK, $sig_set, $old_sig_set);    
   58 
   59     my($pipe) = "pipe-$rule-$fork_level";
   60     my($daddy) = open($pipe, "-|");
   61 
   62     if (not defined $daddy) {
   63 
   64     warn "[$rule_name] fork() error: $!\n";
   65     sigprocmask(SIG_UNBLOCK, $old_sig_set);
   66     sleep(1);
   67 
   68     } elsif (not $daddy) {
   69 
   70     my(@args);
   71 
   72         $SIG{INT} = 'IGNORE';
   73         sigprocmask(SIG_UNBLOCK, $old_sig_set);
   74 
   75     system("zcat $rule{'file'} | " .
   76                "ngrep -qtI - $rule{'regex'} $rule{'filter'} 2&>1 > " .
   77                "ngrepped.$rule_name");
   78 
   79     exit;
   80     
   81     } else {
   82     
   83     sigprocmask(SIG_UNBLOCK, $old_sig_set);
   84 
   85     }
   86 
   87     &go(@_);
   88 
   89     close($pipe);
   90     print "[$rule_name] finished\n";
   91 }
   92 
   93 
   94 ########
   95 # MAIN #
   96 ########
   97 
   98 $rules_file = $ARGV[0];
   99 
  100 open(RULES, $rules_file) || die "Couldn't open rules file $rules_file: $!.\n";
  101 my(@lines) = <RULES>;
  102 close(RULES);
  103 
  104 if (($loops = scalar(@lines)) == 0) { 
  105     die "Rules file $rules_file empty, exiting.\n"; 
  106 }
  107 
  108 %rules = map { chomp(local(@fields) = split / /, $_); 
  109                $fields[0] => { "file" => $fields[1],
  110                                "regex" => $fields[2], 
  111                                "filter" => $fields[3] }; } @lines; 
  112 @rules = keys %rules;
  113 
  114 print "Hi, I'm ngrepper, and here we go.\n";
  115 
  116 for ( 0 .. int($loops / $max_procs) ) {
  117 
  118     $fork_level = 1;
  119     @rules_for_this_pass = splice(@rules, 0, $max_procs);
  120 
  121     &go(@rules_for_this_pass);
  122 
  123 }
  124 
  125 print "Welp, I'm done.\n";
  126 
  127 exit;
  128 
  129