#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <vector>
#include <iomanip>
#include <GeoIP.h>


using namespace std;
GeoIP* gi = 0;
bool lookup = false;

vector<string>  getTokens(const string& str){
	string buf;  
	stringstream ss(str);  
	vector<string> tokens;  
	while (ss >> buf)
	   tokens.push_back(buf);
	return tokens;
}

void lookupIP(const string& ip) {
	if (!lookup)
		return;
	const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());

	if (cc)
		cout << setw(3) << cc << " ";
	else
		cout << setw(3) << "n/a ";

}

void analyseWord(const string& word) {
	int delim = word.find("=");

	if (delim == -1) //delimiter not found;
		return;
	string key = word.substr(0,delim);
	string val = word.substr(delim+1, 1024); // the rest

	if (key == "SRC") {
		cout << setw(15) << left << val << " ";
		lookupIP(val);
	}

	if (key == "DST")
		cout << setw(15) << left << val << " ";

	if (key == "PROTO")
		cout << val << " ";

	if (key == "SPT")
		cout << setw(5) << right << val << " ";

	if (key == "DPT")
		cout << setw(6) << right << val << " ";
}

void analyseLine(string line) {
	vector<string> words = getTokens(line);
	
	if (words.size() < 7) {
		cout << "Illegal line format " << line << endl;
		return;
	}

	//print date and time
	cout << words[0] << " "; //month
	cout << setw(2) << words[1] << " " ; //day min width 2
	cout << words[2] << " "; //timestamp
	for (unsigned i=3; i<words.size(); i++) {
		analyseWord(words[i]);
	}


	cout << endl;	
}


void printUsage() {
	cout << "Usage: analyser [-l] <logfile>|-" << endl;
	cout << "Use '-' for reading logdata from std input" << endl;
	cout << "Options:" << endl;
	cout << "  -l : geoip lookup on source IP adresses" << endl;
}

int main(int argc, char** argv)
{
	if (argc < 2) {
		printUsage();
		return 1;
	}

	string file = "";

	if (string(argv[1]) == "-l") {
		if (argc != 3) {
			printUsage();
			return 1;
		}

		file = argv[2];
		lookup = true;
	} else {
		file = argv[1];
	}

	istream* in;
	ifstream infile;

	if ( file == "-") {
		in = &cin;
	} else {
		infile.open(file.c_str());

		if (!infile) {
			cout << "Could not open " << file << endl;
			return 1;
		}

		in = &infile;
	}

	

	if (lookup){
		gi = GeoIP_new(GEOIP_STANDARD);	
	}

	char buffer[1024];

	while (!in->eof()) {
		in->getline(buffer,1024);
		if (buffer[0] == 0)
			continue; //empty line 
		analyseLine(buffer);
	}

	if (lookup) {
		GeoIP_delete(gi);
	}

	return 0;
}