cleanup & planning

This commit is contained in:
dave 2018-05-28 12:48:37 -07:00
parent c1d99a1f86
commit 40d95d0924
5 changed files with 86 additions and 36 deletions

View File

@ -1,5 +1,5 @@
CC=gcc -Wall
CFLAGS=-g -I.
CC=gcc
override CFLAGS := -g -I. -Wall -Wpedantic $(CFLAGS)
CFLAGS_STATIC=$(CCLAGS) --static
DEPS=
OBJ=main.o pfparser.o sysparser.o

View File

@ -1,21 +1,14 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <limits.h>
#include "helpers.h"
// #include "pfparser.h"
#include "sysparser.h"
#include <signal.h>
/*UDP server-related mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/
#include "helpers.h"
#include "sysparser.h"
void panic(const char* s) {
@ -24,6 +17,7 @@ void panic(const char* s) {
}
/*defined here are they are used in conjunction with the shutdown signal handler*/
int running = 1;
int sock_fd;
@ -36,6 +30,7 @@ void sig_handler(int signum) {
}
/*UDP server bits mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/
int main(int argc, char** argv) {
if (argc != 2) {
fprintf(stderr, "usage: %s <port>\n", argv[0]);
@ -54,7 +49,6 @@ int main(int argc, char** argv) {
unsigned short port = (unsigned short)portl;
/*Create socket*/
char msg[4096];
if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
panic("socket");
@ -67,24 +61,27 @@ int main(int argc, char** argv) {
memset(&my_addr, 0, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_addr.s_addr = INADDR_ANY;
my_addr.sin_port = htons(port); /*host to network short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/
my_addr.sin_port = htons(port); /*host to network endianess for a short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/
if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0)
panic("bind failed");
socklen_t addrlen = sizeof(struct sockaddr_in);
char msg[4096];
while (running) {
int size_recvd;
if ((size_recvd = recvfrom(sock_fd, /* socket */
msg, /* buffer */
sizeof(msg), /* size of buffer */
0, /* flags = 0 */
msg, /* buffer */
sizeof(msg), /* size of buffer */
0, /* flags = 0 */
(struct sockaddr*)&my_peer_addr, /* whos sending */
&addrlen /* length of buffer to receive peer info */
&addrlen /* length of buffer to receive peer info */
)) < 0) {
if (running) panic("recvfrom");
else break;
else break; /*sock was closed by exit signal*/
}
assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer*/
assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer. TODO if they are longer we should
dump it and wait until the next loop. if the next buffer is some portion of a too-long message, we can expect
the various parsing below to fail.*/
assert(addrlen == sizeof(struct sockaddr_in));
printf("\nGot message: %s\n", msg);
@ -98,23 +95,29 @@ int main(int argc, char** argv) {
// printf("msg[size_recvd] is: %d", msg[size_recvd]);*/
msg[size_recvd] = '\0'; /*We receive 1 full string at a time*/
/*parse syslog message into fields*/
if(sysmsg_parse(&result, msg) != 0) {
printf("Failed to parse message: %s", msg);
} else {
printf("syslogmessage is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n",
result.priority, result.application, result.date.month, result.date.day, result.date.hour,
result.date.minute, result.date.second);
printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n",
result.priority,
result.application,
result.date.month,
result.date.day,
result.date.hour,
result.date.minute,
result.date.second);
pf_data fwdata;
memset(&fwdata, 0, sizeof(fwdata));
if(pfparse_message(msg, &fwdata) != 0) {
/*parse MSG field into pfsense data*/
pf_data fwdata = {0};
//memset(&fwdata, 0, sizeof(fwdata));
if(pfdata_parse(msg, &fwdata) != 0) {
printf("Failed to parse pfsense data: %s", msg);
} else {
printf("IP Data:\n\tInterface: %s\n\tIP version: %d\n",
fwdata.iface, fwdata.ipversion);
fwdata.iface,
fwdata.ipversion);
}
}
}

View File

@ -5,7 +5,7 @@
int pfparse_message(char* message, pf_data* result) {
int pfdata_parse(char* message, pf_data* result) {
printf("pfparse: '%s'\n", message);
char* token;
@ -58,14 +58,36 @@ int pfparse_message(char* message, pf_data* result) {
if(result->ipversion == 4) {
/*parse ipv4 fields*/
/*
- TOS, hex as a string field starting with "0x" or empty
- "Explicit Congestion Notification" - or empty, we will ignore
- TTL, int
- packet ID, int (seemingly useless?)
- fragment offset, int (???)
- flags ("none" or some string, each flag is an uppercase(?) character)
- protocol id, int
- protocol name, string
*/
}
else if(result->ipversion == 6) {
/*parse ipv6 fields*/
/*
- class, hex as a string field starting with "0x"
- flow label, "data" ???
- hop-limit, int (like ttl)
- protocol name, string
- protocol id, int
*/
} else {
return 1;
return 1; /*unknown ip version*/
}
/*Parse <ip-data>*/
/*
- packet length, int
- source addr, string (ipv4 OR ipv6!)
- dest addr, string (ipv4 OR ipv6!)
*/
/*Parse optional <protocol-specific-data>*/

View File

@ -1,22 +1,46 @@
#define IFACE_LEN 8
typedef enum pf_hit_reason {
pf_hit_match,
pf_hit_other
} pf_hit_reason;
const static char* pfhrstr[] __attribute__ ((unused)) =
{[pf_hit_match] = "match",
[pf_hit_other] = "other"};
typedef enum pf_hit_action {
pf_hit_block,
pf_hit_pass
} pf_hit_action;
const static char* pfhastr[] __attribute__ ((unused)) =
{[pf_hit_block] = "block",
[pf_hit_pass] = "pass"};
typedef enum pf_direction {
pf_dir_in,
pf_dir_out
} pf_direction;
const static char* pfdirstr[] __attribute__ ((unused)) =
{[pf_dir_in] = "in",
[pf_dir_out] = "out"};
typedef struct pf_data_ipv4 {
int derp;
} pf_data_ipv4;
typedef struct pf_data_ipv6 {
int derp;
int derp2;
} pf_data_ipv6;
typedef struct pf_data {
int rulenum;
char iface[IFACE_LEN];
@ -24,8 +48,11 @@ typedef struct pf_data {
pf_hit_action action;
pf_direction direction;
int ipversion;
union {
pf_data_ipv4 ipv4_data;
pf_data_ipv6 ipv6_data;
};
} pf_data;
int pfparse_message(char* message, pf_data* result);
int pfdata_parse(char* message, pf_data* result);

View File

@ -12,14 +12,12 @@ struct Datefields {
};
/*TODO check max app name length*/
#define MSG_APP_LEN 64
#define MSG_APP_LEN 16
struct SysMessage {
int priority;
char application[MSG_APP_LEN];
struct Datefields date;
// char message;
// pf_message data;
};