cleanup & planning
This commit is contained in:
parent
c1d99a1f86
commit
40d95d0924
|
@ -1,5 +1,5 @@
|
|||
CC=gcc -Wall
|
||||
CFLAGS=-g -I.
|
||||
CC=gcc
|
||||
override CFLAGS := -g -I. -Wall -Wpedantic $(CFLAGS)
|
||||
CFLAGS_STATIC=$(CCLAGS) --static
|
||||
DEPS=
|
||||
OBJ=main.o pfparser.o sysparser.o
|
||||
|
|
55
src/main.c
55
src/main.c
|
@ -1,21 +1,14 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include <unistd.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netdb.h>
|
||||
#include <limits.h>
|
||||
#include "helpers.h"
|
||||
// #include "pfparser.h"
|
||||
#include "sysparser.h"
|
||||
#include <signal.h>
|
||||
|
||||
/*UDP server-related mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/
|
||||
#include "helpers.h"
|
||||
#include "sysparser.h"
|
||||
|
||||
|
||||
void panic(const char* s) {
|
||||
|
@ -24,6 +17,7 @@ void panic(const char* s) {
|
|||
}
|
||||
|
||||
|
||||
/*defined here are they are used in conjunction with the shutdown signal handler*/
|
||||
int running = 1;
|
||||
int sock_fd;
|
||||
|
||||
|
@ -36,6 +30,7 @@ void sig_handler(int signum) {
|
|||
}
|
||||
|
||||
|
||||
/*UDP server bits mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/
|
||||
int main(int argc, char** argv) {
|
||||
if (argc != 2) {
|
||||
fprintf(stderr, "usage: %s <port>\n", argv[0]);
|
||||
|
@ -54,7 +49,6 @@ int main(int argc, char** argv) {
|
|||
unsigned short port = (unsigned short)portl;
|
||||
|
||||
/*Create socket*/
|
||||
char msg[4096];
|
||||
if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||
panic("socket");
|
||||
|
||||
|
@ -67,24 +61,27 @@ int main(int argc, char** argv) {
|
|||
memset(&my_addr, 0, sizeof(my_addr));
|
||||
my_addr.sin_family = AF_INET;
|
||||
my_addr.sin_addr.s_addr = INADDR_ANY;
|
||||
my_addr.sin_port = htons(port); /*host to network short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/
|
||||
my_addr.sin_port = htons(port); /*host to network endianess for a short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/
|
||||
if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0)
|
||||
panic("bind failed");
|
||||
|
||||
socklen_t addrlen = sizeof(struct sockaddr_in);
|
||||
char msg[4096];
|
||||
while (running) {
|
||||
int size_recvd;
|
||||
if ((size_recvd = recvfrom(sock_fd, /* socket */
|
||||
msg, /* buffer */
|
||||
sizeof(msg), /* size of buffer */
|
||||
0, /* flags = 0 */
|
||||
msg, /* buffer */
|
||||
sizeof(msg), /* size of buffer */
|
||||
0, /* flags = 0 */
|
||||
(struct sockaddr*)&my_peer_addr, /* who’s sending */
|
||||
&addrlen /* length of buffer to receive peer info */
|
||||
&addrlen /* length of buffer to receive peer info */
|
||||
)) < 0) {
|
||||
if (running) panic("recvfrom");
|
||||
else break;
|
||||
else break; /*sock was closed by exit signal*/
|
||||
}
|
||||
assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer*/
|
||||
assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer. TODO if they are longer we should
|
||||
dump it and wait until the next loop. if the next buffer is some portion of a too-long message, we can expect
|
||||
the various parsing below to fail.*/
|
||||
|
||||
assert(addrlen == sizeof(struct sockaddr_in));
|
||||
printf("\nGot message: %s\n", msg);
|
||||
|
@ -98,23 +95,29 @@ int main(int argc, char** argv) {
|
|||
// printf("msg[size_recvd] is: %d", msg[size_recvd]);*/
|
||||
msg[size_recvd] = '\0'; /*We receive 1 full string at a time*/
|
||||
|
||||
/*parse syslog message into fields*/
|
||||
if(sysmsg_parse(&result, msg) != 0) {
|
||||
printf("Failed to parse message: %s", msg);
|
||||
} else {
|
||||
printf("syslogmessage is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n",
|
||||
result.priority, result.application, result.date.month, result.date.day, result.date.hour,
|
||||
result.date.minute, result.date.second);
|
||||
printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n",
|
||||
result.priority,
|
||||
result.application,
|
||||
result.date.month,
|
||||
result.date.day,
|
||||
result.date.hour,
|
||||
result.date.minute,
|
||||
result.date.second);
|
||||
|
||||
pf_data fwdata;
|
||||
memset(&fwdata, 0, sizeof(fwdata));
|
||||
|
||||
if(pfparse_message(msg, &fwdata) != 0) {
|
||||
/*parse MSG field into pfsense data*/
|
||||
pf_data fwdata = {0};
|
||||
//memset(&fwdata, 0, sizeof(fwdata));
|
||||
if(pfdata_parse(msg, &fwdata) != 0) {
|
||||
printf("Failed to parse pfsense data: %s", msg);
|
||||
} else {
|
||||
printf("IP Data:\n\tInterface: %s\n\tIP version: %d\n",
|
||||
fwdata.iface, fwdata.ipversion);
|
||||
fwdata.iface,
|
||||
fwdata.ipversion);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
|
||||
|
||||
int pfparse_message(char* message, pf_data* result) {
|
||||
int pfdata_parse(char* message, pf_data* result) {
|
||||
printf("pfparse: '%s'\n", message);
|
||||
|
||||
char* token;
|
||||
|
@ -58,14 +58,36 @@ int pfparse_message(char* message, pf_data* result) {
|
|||
|
||||
if(result->ipversion == 4) {
|
||||
/*parse ipv4 fields*/
|
||||
/*
|
||||
- TOS, hex as a string field starting with "0x" or empty
|
||||
- "Explicit Congestion Notification" - or empty, we will ignore
|
||||
- TTL, int
|
||||
- packet ID, int (seemingly useless?)
|
||||
- fragment offset, int (???)
|
||||
- flags ("none" or some string, each flag is an uppercase(?) character)
|
||||
- protocol id, int
|
||||
- protocol name, string
|
||||
*/
|
||||
}
|
||||
else if(result->ipversion == 6) {
|
||||
/*parse ipv6 fields*/
|
||||
/*
|
||||
- class, hex as a string field starting with "0x"
|
||||
- flow label, "data" ???
|
||||
- hop-limit, int (like ttl)
|
||||
- protocol name, string
|
||||
- protocol id, int
|
||||
*/
|
||||
} else {
|
||||
return 1;
|
||||
return 1; /*unknown ip version*/
|
||||
}
|
||||
|
||||
/*Parse <ip-data>*/
|
||||
/*
|
||||
- packet length, int
|
||||
- source addr, string (ipv4 OR ipv6!)
|
||||
- dest addr, string (ipv4 OR ipv6!)
|
||||
*/
|
||||
|
||||
/*Parse optional <protocol-specific-data>*/
|
||||
|
||||
|
|
|
@ -1,22 +1,46 @@
|
|||
#define IFACE_LEN 8
|
||||
|
||||
|
||||
|
||||
typedef enum pf_hit_reason {
|
||||
pf_hit_match,
|
||||
pf_hit_other
|
||||
} pf_hit_reason;
|
||||
|
||||
const static char* pfhrstr[] __attribute__ ((unused)) =
|
||||
{[pf_hit_match] = "match",
|
||||
[pf_hit_other] = "other"};
|
||||
|
||||
|
||||
typedef enum pf_hit_action {
|
||||
pf_hit_block,
|
||||
pf_hit_pass
|
||||
} pf_hit_action;
|
||||
|
||||
const static char* pfhastr[] __attribute__ ((unused)) =
|
||||
{[pf_hit_block] = "block",
|
||||
[pf_hit_pass] = "pass"};
|
||||
|
||||
|
||||
typedef enum pf_direction {
|
||||
pf_dir_in,
|
||||
pf_dir_out
|
||||
} pf_direction;
|
||||
|
||||
const static char* pfdirstr[] __attribute__ ((unused)) =
|
||||
{[pf_dir_in] = "in",
|
||||
[pf_dir_out] = "out"};
|
||||
|
||||
|
||||
typedef struct pf_data_ipv4 {
|
||||
int derp;
|
||||
} pf_data_ipv4;
|
||||
|
||||
typedef struct pf_data_ipv6 {
|
||||
int derp;
|
||||
int derp2;
|
||||
} pf_data_ipv6;
|
||||
|
||||
|
||||
typedef struct pf_data {
|
||||
int rulenum;
|
||||
char iface[IFACE_LEN];
|
||||
|
@ -24,8 +48,11 @@ typedef struct pf_data {
|
|||
pf_hit_action action;
|
||||
pf_direction direction;
|
||||
int ipversion;
|
||||
union {
|
||||
pf_data_ipv4 ipv4_data;
|
||||
pf_data_ipv6 ipv6_data;
|
||||
};
|
||||
} pf_data;
|
||||
|
||||
|
||||
|
||||
int pfparse_message(char* message, pf_data* result);
|
||||
int pfdata_parse(char* message, pf_data* result);
|
||||
|
|
|
@ -12,14 +12,12 @@ struct Datefields {
|
|||
};
|
||||
|
||||
/*TODO check max app name length*/
|
||||
#define MSG_APP_LEN 64
|
||||
#define MSG_APP_LEN 16
|
||||
|
||||
struct SysMessage {
|
||||
int priority;
|
||||
char application[MSG_APP_LEN];
|
||||
struct Datefields date;
|
||||
// char message;
|
||||
// pf_message data;
|
||||
};
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue