發表文章

目前顯示的是 1月, 2016的文章

Darkstat DB parser patch

Here is the note to parse the Darkstat DB. Phil's original post:  http://phil.lavin.me.uk/2011/11/parsing-a-darkstat-database-with-php/#comment-207432 Darkstat's official DB format doc:  https://unix4lyfe.org/gitweb/darkstat/blob_plain/98907547c4c1b4b4dda1dc10d20643e2b680b352:/export-format.txt I tried to parse the Darkstat DB by Phil's code and found issues. However the blogger is not update since 2014 so let's hack this by myself. There are two bugs in the PHP source code: IPv6 address reader: IPv6 address is 128 bit long but the "readaddr_ipv6" function read 512 bits (8x8 bytes) hence the code stopped once IPv6 header is shown. function readaddr_ipv6($db) { $ip = array(); for($i = 0; $i < 8; $i++) { $ip[] = bin2hex(fread($db, 2)); //$ip[] = bin2hex(fread($db, 8)); //scott marked } return implode(':', $ip); } IP family decoder Raw data is "0x04" and "0x06" but PHP ...