From 40d95d0924ae1bd41edc705482e2033d01cd486c Mon Sep 17 00:00:00 2001 From: dave Date: Mon, 28 May 2018 12:48:37 -0700 Subject: [PATCH] cleanup & planning --- src/Makefile | 4 ++-- src/main.c | 55 ++++++++++++++++++++++++++----------------------- src/pfparser.c | 26 +++++++++++++++++++++-- src/pfparser.h | 33 ++++++++++++++++++++++++++--- src/sysparser.h | 4 +--- 5 files changed, 86 insertions(+), 36 deletions(-) diff --git a/src/Makefile b/src/Makefile index 3cc90c4..c9c4755 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,5 +1,5 @@ -CC=gcc -Wall -CFLAGS=-g -I. +CC=gcc +override CFLAGS := -g -I. -Wall -Wpedantic $(CFLAGS) CFLAGS_STATIC=$(CCLAGS) --static DEPS= OBJ=main.o pfparser.o sysparser.o diff --git a/src/main.c b/src/main.c index 7457f4a..e0c0804 100644 --- a/src/main.c +++ b/src/main.c @@ -1,21 +1,14 @@ #include #include -#include #include #include -#include #include #include #include -#include -#include #include -#include "helpers.h" -// #include "pfparser.h" -#include "sysparser.h" #include - -/*UDP server-related mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/ +#include "helpers.h" +#include "sysparser.h" void panic(const char* s) { @@ -24,6 +17,7 @@ void panic(const char* s) { } +/*defined here are they are used in conjunction with the shutdown signal handler*/ int running = 1; int sock_fd; @@ -36,6 +30,7 @@ void sig_handler(int signum) { } +/*UDP server bits mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf*/ int main(int argc, char** argv) { if (argc != 2) { fprintf(stderr, "usage: %s \n", argv[0]); @@ -54,7 +49,6 @@ int main(int argc, char** argv) { unsigned short port = (unsigned short)portl; /*Create socket*/ - char msg[4096]; if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) panic("socket"); @@ -67,24 +61,27 @@ int main(int argc, char** argv) { memset(&my_addr, 0, sizeof(my_addr)); my_addr.sin_family = AF_INET; my_addr.sin_addr.s_addr = INADDR_ANY; - my_addr.sin_port = htons(port); /*host to network short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/ + my_addr.sin_port = htons(port); /*host to network endianess for a short - converts a *s*hort from the *h*ost's to *n*etwork's endianness*/ if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0) panic("bind failed"); socklen_t addrlen = sizeof(struct sockaddr_in); + char msg[4096]; while (running) { int size_recvd; if ((size_recvd = recvfrom(sock_fd, /* socket */ - msg, /* buffer */ - sizeof(msg), /* size of buffer */ - 0, /* flags = 0 */ + msg, /* buffer */ + sizeof(msg), /* size of buffer */ + 0, /* flags = 0 */ (struct sockaddr*)&my_peer_addr, /* who’s sending */ - &addrlen /* length of buffer to receive peer info */ + &addrlen /* length of buffer to receive peer info */ )) < 0) { if (running) panic("recvfrom"); - else break; + else break; /*sock was closed by exit signal*/ } - assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer*/ + assert(size_recvd < sizeof(msg)); /*messages can't be longer than our buffer. TODO if they are longer we should + dump it and wait until the next loop. if the next buffer is some portion of a too-long message, we can expect + the various parsing below to fail.*/ assert(addrlen == sizeof(struct sockaddr_in)); printf("\nGot message: %s\n", msg); @@ -98,23 +95,29 @@ int main(int argc, char** argv) { // printf("msg[size_recvd] is: %d", msg[size_recvd]);*/ msg[size_recvd] = '\0'; /*We receive 1 full string at a time*/ + /*parse syslog message into fields*/ if(sysmsg_parse(&result, msg) != 0) { printf("Failed to parse message: %s", msg); } else { - printf("syslogmessage is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n", - result.priority, result.application, result.date.month, result.date.day, result.date.hour, - result.date.minute, result.date.second); + printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n\t\n", + result.priority, + result.application, + result.date.month, + result.date.day, + result.date.hour, + result.date.minute, + result.date.second); - pf_data fwdata; - memset(&fwdata, 0, sizeof(fwdata)); - - if(pfparse_message(msg, &fwdata) != 0) { + /*parse MSG field into pfsense data*/ + pf_data fwdata = {0}; + //memset(&fwdata, 0, sizeof(fwdata)); + if(pfdata_parse(msg, &fwdata) != 0) { printf("Failed to parse pfsense data: %s", msg); } else { printf("IP Data:\n\tInterface: %s\n\tIP version: %d\n", - fwdata.iface, fwdata.ipversion); + fwdata.iface, + fwdata.ipversion); } - } } diff --git a/src/pfparser.c b/src/pfparser.c index b9da973..010d6f0 100644 --- a/src/pfparser.c +++ b/src/pfparser.c @@ -5,7 +5,7 @@ -int pfparse_message(char* message, pf_data* result) { +int pfdata_parse(char* message, pf_data* result) { printf("pfparse: '%s'\n", message); char* token; @@ -58,14 +58,36 @@ int pfparse_message(char* message, pf_data* result) { if(result->ipversion == 4) { /*parse ipv4 fields*/ + /* + - TOS, hex as a string field starting with "0x" or empty + - "Explicit Congestion Notification" - or empty, we will ignore + - TTL, int + - packet ID, int (seemingly useless?) + - fragment offset, int (???) + - flags ("none" or some string, each flag is an uppercase(?) character) + - protocol id, int + - protocol name, string + */ } else if(result->ipversion == 6) { /*parse ipv6 fields*/ + /* + - class, hex as a string field starting with "0x" + - flow label, "data" ??? + - hop-limit, int (like ttl) + - protocol name, string + - protocol id, int + */ } else { - return 1; + return 1; /*unknown ip version*/ } /*Parse */ + /* + - packet length, int + - source addr, string (ipv4 OR ipv6!) + - dest addr, string (ipv4 OR ipv6!) + */ /*Parse optional */ diff --git a/src/pfparser.h b/src/pfparser.h index 2cce218..d56e582 100644 --- a/src/pfparser.h +++ b/src/pfparser.h @@ -1,22 +1,46 @@ #define IFACE_LEN 8 - typedef enum pf_hit_reason { pf_hit_match, pf_hit_other } pf_hit_reason; +const static char* pfhrstr[] __attribute__ ((unused)) = + {[pf_hit_match] = "match", + [pf_hit_other] = "other"}; + + typedef enum pf_hit_action { pf_hit_block, pf_hit_pass } pf_hit_action; +const static char* pfhastr[] __attribute__ ((unused)) = + {[pf_hit_block] = "block", + [pf_hit_pass] = "pass"}; + + typedef enum pf_direction { pf_dir_in, pf_dir_out } pf_direction; +const static char* pfdirstr[] __attribute__ ((unused)) = + {[pf_dir_in] = "in", + [pf_dir_out] = "out"}; + + +typedef struct pf_data_ipv4 { + int derp; +} pf_data_ipv4; + +typedef struct pf_data_ipv6 { + int derp; + int derp2; +} pf_data_ipv6; + + typedef struct pf_data { int rulenum; char iface[IFACE_LEN]; @@ -24,8 +48,11 @@ typedef struct pf_data { pf_hit_action action; pf_direction direction; int ipversion; + union { + pf_data_ipv4 ipv4_data; + pf_data_ipv6 ipv6_data; + }; } pf_data; - -int pfparse_message(char* message, pf_data* result); +int pfdata_parse(char* message, pf_data* result); diff --git a/src/sysparser.h b/src/sysparser.h index c3491c2..bac832a 100644 --- a/src/sysparser.h +++ b/src/sysparser.h @@ -12,14 +12,12 @@ struct Datefields { }; /*TODO check max app name length*/ -#define MSG_APP_LEN 64 +#define MSG_APP_LEN 16 struct SysMessage { int priority; char application[MSG_APP_LEN]; struct Datefields date; - // char message; - // pf_message data; };