469,602 Members | 1,998 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,602 developers. It's quick & easy.

My UDF for Snort/ACID

Well, under the heading of "If you want it done, do it yourself", I
wrote the following UDF this afternoon. I needed something to take the
4-byte integers representing IP addresses from Snort/ACID and turn them
into fully qualified domain names for reports. This works under Linux.
The examples that I found were written for Solaris and wouldn't work on
my box. Feel free to use this example. I've stripped all of the
unnecessary code and comments from the original example.

#ifdef STANDARD
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#ifdef __WIN__
typedef unsigned __int64 ulonglong; /* Microsofts 64 bit types */
typedef __int64 longlong;
#else
typedef unsigned long long ulonglong;
typedef long long longlong;
#endif /*__WIN__*/
#else
#include <my_global.h>
#include <my_sys.h>
#endif
#include <mysql.h>
#include <m_ctype.h>
#include <m_string.h> // To get strmov()
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>

#ifdef HAVE_DLOPEN

extern "C" {

my_bool reverse_lookup_init(UDF_INIT *initid, UDF_ARGS *args, char
*message);

char *reverse_lookup(UDF_INIT *initid, UDF_ARGS *args, char *result,
unsigned long *length, char *is_null, char *error);
}

my_bool reverse_lookup_init(UDF_INIT *initid, UDF_ARGS *args, char
*message) {
if (args->arg_count =3D=3D 1)
{
if (args->arg_type[0] =3D=3D STRING_RESULT)
{
args->arg_type[0] =3D=3D INT_RESULT;
}
}
else
{
strmov(message, "Wrong number of arguments to reverse_lookup_init");
return 1;
}
initid->max_length =3D 255;
initid->maybe_null =3D 1;
return 0;
}
char *reverse_lookup(UDF_INIT *initid, UDF_ARGS *args, char *result,
unsigned long *length, char *is_null, char *error)
{
struct in_addr addr;
struct hostent *hostent;

if (args->arg_count =3D=3D 1)
{
memcpy(&addr, args->args[0], 4); /* copy arg to struct */
addr.s_addr =3D htonl(addr.s_addr); /* convert to network byte =
order
*/
hostent =3D gethostbyaddr((const void *) &addr.s_addr,=20
sizeof(struct in_addr),=20
AF_INET);
if (hostent =3D=3D NULL)
{
strcpy(result, "----No lookup available----");
*length =3D strlen(result);
return result;
}
else
{
*is_null =3D 0;
*length =3D strlen(hostent->h_name);
return hostent->h_name;
}
}
else
{
strcpy(result, "Wrong number of arguments to reverse_lookup");
*length =3D strlen(result);
return result;
}
}

#endif /* HAVE_DLOPEN */

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/my***********...ie.nctu.edu.tw

Jul 19 '05 #1
0 1069

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Eugene Borukhovich | last post: by
1 post views Thread by Jamie Saker | last post: by
reply views Thread by Neil Zanella | last post: by
1 post views Thread by Jeremy Hefner | last post: by
1 post views Thread by RobG | last post: by
reply views Thread by krithika.143 | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.