Start parsing pf data csv
This commit is contained in:
parent
3de1a8372a
commit
6162cf6676
|
@ -1,10 +1,14 @@
|
||||||
CC=gcc -Wall
|
CC=gcc -Wall
|
||||||
CFLAGS=-g -I.
|
CFLAGS=-g -I.
|
||||||
DEPS=
|
DEPS=
|
||||||
OBJ=main.o
|
OBJ=main.o pfparser.o
|
||||||
|
|
||||||
%.o: %.c $(DEPS)
|
%.o: %.c $(DEPS)
|
||||||
$(CC) -c -o $@ $< $(CFLAGS)
|
$(CC) -c -o $@ $< $(CFLAGS)
|
||||||
|
|
||||||
csyslog: $(OBJ)
|
csyslog: $(OBJ)
|
||||||
gcc -o $@ $^ $(CFLAGS)
|
gcc -o $@ $^ $(CFLAGS)
|
||||||
|
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -vf *.o csyslog
|
||||||
|
|
39
src/main.c
39
src/main.c
|
@ -10,6 +10,8 @@
|
||||||
#include <netdb.h>
|
#include <netdb.h>
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
#include "helpers.h"
|
#include "helpers.h"
|
||||||
|
#include "pfparser.h"
|
||||||
|
|
||||||
|
|
||||||
// UDP server-related mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf
|
// UDP server-related mostly lifted from https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/handout01.pdf
|
||||||
|
|
||||||
|
@ -31,6 +33,7 @@ struct Message {
|
||||||
int priority;
|
int priority;
|
||||||
char application[MSG_APP_LEN];
|
char application[MSG_APP_LEN];
|
||||||
struct Datefields date;
|
struct Datefields date;
|
||||||
|
pf_message data;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -134,8 +137,18 @@ int parse_message(struct Message* result, char* message) {
|
||||||
memcpy(result->application, application, sizeof(application));
|
memcpy(result->application, application, sizeof(application));
|
||||||
position += 1; // pass over the space
|
position += 1; // pass over the space
|
||||||
|
|
||||||
printf("remaining: '%s'\n", message + position);
|
// printf("remaining: '%s'\n", message + position);
|
||||||
return 0;
|
|
||||||
|
// trim original message to only the CSV portion
|
||||||
|
int msglen = strlen(message);
|
||||||
|
int datalen = msglen - position;
|
||||||
|
memmove(message, &message[position], datalen);
|
||||||
|
// zero the rest of the message
|
||||||
|
memset(&message[datalen], 0, msglen - datalen);
|
||||||
|
|
||||||
|
// pf_message result_msg;
|
||||||
|
if(pfparse_message(message, &(result->data)) != 0) return 1;
|
||||||
|
|
||||||
|
|
||||||
// char msg_remaining[4096];
|
// char msg_remaining[4096];
|
||||||
// memset(&msg_remaining, '\0', sizeof(msg_remaining));
|
// memset(&msg_remaining, '\0', sizeof(msg_remaining));
|
||||||
|
@ -145,6 +158,7 @@ int parse_message(struct Message* result, char* message) {
|
||||||
// memmove(message, &message[position], strlen(message) - position);
|
// memmove(message, &message[position], strlen(message) - position);
|
||||||
// printf("'%s'\n", message);
|
// printf("'%s'\n", message);
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -178,7 +192,7 @@ int main(int argc, char** argv) {
|
||||||
memset(&my_addr, 0, sizeof(my_addr));
|
memset(&my_addr, 0, sizeof(my_addr));
|
||||||
my_addr.sin_family = AF_INET;
|
my_addr.sin_family = AF_INET;
|
||||||
my_addr.sin_addr.s_addr = INADDR_ANY;
|
my_addr.sin_addr.s_addr = INADDR_ANY;
|
||||||
my_addr.sin_port = htons(port);
|
my_addr.sin_port = htons(port); // host to network short - converts a *s*hort from the *h*ost's to *n*etwork's endianness
|
||||||
if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0)
|
if (bind(sock_fd, (struct sockaddr*)&my_addr, sizeof(struct sockaddr_in)) < 0)
|
||||||
panic("bind failed");
|
panic("bind failed");
|
||||||
|
|
||||||
|
@ -186,17 +200,17 @@ int main(int argc, char** argv) {
|
||||||
while (1) {
|
while (1) {
|
||||||
int size_recvd;
|
int size_recvd;
|
||||||
if ((size_recvd = recvfrom(sock_fd, /* socket */
|
if ((size_recvd = recvfrom(sock_fd, /* socket */
|
||||||
msg, /* buffer */
|
msg, /* buffer */
|
||||||
sizeof(msg), /* size of buffer */
|
sizeof(msg), /* size of buffer */
|
||||||
0, /* flags = 0 */
|
0, /* flags = 0 */
|
||||||
(struct sockaddr*)&my_peer_addr, /* who’s sending */
|
(struct sockaddr*)&my_peer_addr, /* who’s sending */
|
||||||
&addrlen /* length of buffer to receive peer info */
|
&addrlen /* length of buffer to receive peer info */
|
||||||
)) < 0)
|
)) < 0)
|
||||||
panic("recvfrom");
|
panic("recvfrom");
|
||||||
assert(size_recvd < sizeof(msg)); // messages can't be longer than our buffer
|
assert(size_recvd < sizeof(msg)); // messages can't be longer than our buffer
|
||||||
|
|
||||||
assert(addrlen == sizeof(struct sockaddr_in));
|
assert(addrlen == sizeof(struct sockaddr_in));
|
||||||
printf("Got message: %s\n", msg);
|
printf("\nGot message: %s\n", msg);
|
||||||
|
|
||||||
// TODO should we check that msg[size_recvd] == \0 ?
|
// TODO should we check that msg[size_recvd] == \0 ?
|
||||||
// printf("From host %s src port %d got message %.*s\n",
|
// printf("From host %s src port %d got message %.*s\n",
|
||||||
|
@ -206,9 +220,10 @@ int main(int argc, char** argv) {
|
||||||
//printf("msg[size_recvd] is: %d", msg[size_recvd]);
|
//printf("msg[size_recvd] is: %d", msg[size_recvd]);
|
||||||
msg[size_recvd] = '\0'; // We receive 1 full string at a time
|
msg[size_recvd] = '\0'; // We receive 1 full string at a time
|
||||||
if(parse_message(&result, msg) != 1) {
|
if(parse_message(&result, msg) != 1) {
|
||||||
printf("message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
|
printf("message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n"
|
||||||
|
"\tInterface: %s\n\tIP version: %d\n",
|
||||||
result.priority, result.application, result.date.month, result.date.day, result.date.hour,
|
result.priority, result.application, result.date.month, result.date.day, result.date.hour,
|
||||||
result.date.minute, result.date.second);
|
result.date.minute, result.date.second, result.data.iface, result.data.ipversion);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "pfparser.h"
|
||||||
|
|
||||||
|
|
||||||
|
int pfparse_message(char* message, pf_message* result) {
|
||||||
|
printf("pfparse: '%s'\n", message);
|
||||||
|
|
||||||
|
char* token;
|
||||||
|
int field = 0;
|
||||||
|
|
||||||
|
// Parse the first X fields
|
||||||
|
// They are: <rule-number>,<sub-rule-number>,<anchor>,<tracker>,<real-interface>,<reason>,<action>,<direction>,<ip-version>
|
||||||
|
// We only collect rule-number, real-interface, reason, action, direction, ip-version
|
||||||
|
while ( (token = strsep(&message, ",")) != NULL) {
|
||||||
|
printf("%02d: %s\n", field, token);
|
||||||
|
switch (field) {
|
||||||
|
case 0: // Rule number
|
||||||
|
{
|
||||||
|
char* rnend;
|
||||||
|
long int rulenum = strtol(token, &rnend, 10);
|
||||||
|
if(rnend == NULL) return 1;
|
||||||
|
result->rulenum = (int)rulenum;
|
||||||
|
}
|
||||||
|
// if(result->rulenum == NULL) return 1;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 4: // iface
|
||||||
|
if(strlen(token) > IFACE_LEN) return 1;
|
||||||
|
memcpy(result->iface, token, strlen(token));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 5: // reason
|
||||||
|
result->reason = strcmp(token, "match") ? pf_hit_other : pf_hit_match;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 6: // action
|
||||||
|
result->action = strcmp(token, "block") ? pf_hit_block : pf_hit_pass;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 7: // direction
|
||||||
|
result->direction = strcmp(token, "in") ? pf_dir_in : pf_dir_out;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 8: // ip-version
|
||||||
|
{
|
||||||
|
char* ipvend;
|
||||||
|
long int ip_ver = strtol(token, &ipvend, 10);
|
||||||
|
if(ipvend == NULL) return 1;
|
||||||
|
result->ipversion = (int)ip_ver;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
field++;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
#define IFACE_LEN 8
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
typedef enum pf_hit_reason {
|
||||||
|
pf_hit_match,
|
||||||
|
pf_hit_other
|
||||||
|
} pf_hit_reason;
|
||||||
|
|
||||||
|
typedef enum pf_hit_action {
|
||||||
|
pf_hit_block,
|
||||||
|
pf_hit_pass
|
||||||
|
} pf_hit_action;
|
||||||
|
|
||||||
|
typedef enum pf_direction {
|
||||||
|
pf_dir_in,
|
||||||
|
pf_dir_out
|
||||||
|
} pf_direction;
|
||||||
|
|
||||||
|
typedef struct pf_message {
|
||||||
|
int rulenum;
|
||||||
|
char iface[IFACE_LEN];
|
||||||
|
pf_hit_reason reason;
|
||||||
|
pf_hit_action action;
|
||||||
|
pf_direction direction;
|
||||||
|
int ipversion;
|
||||||
|
} pf_message;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int pfparse_message(char* message, pf_message* result);
|
Loading…
Reference in New Issue