json output

This commit is contained in:
dave 2018-07-04 17:09:03 -07:00
parent ff7b709118
commit bb3e5c75ed
3 changed files with 75 additions and 14 deletions

View File

@ -85,7 +85,7 @@ int main(int argc, char** argv) {
the various parsing below to fail.*/
assert(addrlen == sizeof(struct sockaddr_in));
printf("\nGot message: %s\n", msg);
// printf("\nGot message: %s\n", msg);
/*TODO should we check that msg[size_recvd] == \0 ?
printf("From host %s src port %d got message %.*s\n",
@ -100,14 +100,14 @@ int main(int argc, char** argv) {
if(sysmsg_parse(&result, msg) != 0) {
printf("Failed to parse message: %s", msg);
} else {
printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
/*printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
result.priority,
result.application,
result.date.month,
result.date.day,
result.date.hour,
result.date.minute,
result.date.second);
result.date.second);*/
/*parse MSG field into pfsense data*/
pf_data fwdata = {0};
@ -115,12 +115,11 @@ int main(int argc, char** argv) {
if(pfdata_parse(msg, &fwdata) != 0) {
printf("Failed to parse pfsense data: %s\n\n", msg);
} else {
pfdata_print(&fwdata);
// pfdata_print(&fwdata);
json_object* jobj = json_object_new_object();
json_object *jstring = json_object_new_string("bar");
json_object_object_add(jobj,"foo", jstring);
printf("The json object created: %s\n",json_object_to_json_string(jobj));
pfdata_to_json(&fwdata, jobj);
printf("%s\n",json_object_to_json_string(jobj));
json_object_put(jobj);
}

View File

@ -4,7 +4,7 @@
int pfdata_parse(char* message, pf_data* result) {
printf("pfparse: '%s'\n", message);
/*printf("pfparse: '%s'\n", message);*/
char* token;
int field = 0;
@ -13,7 +13,7 @@ int pfdata_parse(char* message, pf_data* result) {
They are: <rule-number>,<sub-rule-number>,<anchor>,<tracker>,<real-interface>,<reason>,<action>,<direction>,<ip-version>
We only collect rule-number, real-interface, reason, action, direction, ip-version */
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /* Rule number*/
{ /*language limitation, the `char*` label (or `unsigned`) is not supported after a switch case TODO look up the underlying reason again*/
@ -61,7 +61,7 @@ int pfdata_parse(char* message, pf_data* result) {
/*parse ipv4 fields*/
field = 0;
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /*TOS, hex as a string field starting with "0x" or empty*/
{
@ -108,7 +108,7 @@ int pfdata_parse(char* message, pf_data* result) {
/*parse ipv6 fields*/
field = 0;
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /*class, hex as a string field starting with "0x"*/
break;
@ -146,7 +146,7 @@ int pfdata_parse(char* message, pf_data* result) {
/*parse ipv6 fields*/
field = 0;
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /*packet length, int*/
{
@ -181,7 +181,7 @@ int pfdata_parse(char* message, pf_data* result) {
/*parse ipv6 fields*/
field = 0;
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /*src port, int*/
{
@ -218,7 +218,7 @@ int pfdata_parse(char* message, pf_data* result) {
/*<source-port>,<destination-port>,<data-length>*/
field = 0;
while ( (token = strsep(&message, ",")) != NULL) {
printf("%02d: %s\n", field, token);
/*printf("%02d: %s\n", field, token);*/
switch (field) {
case 0: /*src port, int*/
{
@ -296,3 +296,61 @@ void pfdata_print(pf_data* data) {
}
}
}
void add_intfield(json_object* obj, char* name, int value) {
json_object *ipversion = json_object_new_int(value);
json_object_object_add(obj, name, ipversion);
}
void add_strfield(json_object* obj, char* name, char* value) {
json_object *ipversion = json_object_new_string(value);
json_object_object_add(obj, name, ipversion);
}
int pfdata_to_json(pf_data* data, json_object* obj) {
/*
Populate the passed json_object obj with data from from pf_data data.
*/
add_strfield(obj, "interface", data->iface);
add_intfield(obj, "ipversion", data->ipversion);
add_strfield(obj, "action", (char*)(pfhastr[data->action]));
if(data->ipversion == 4) {
add_intfield(obj, "ttl", data->ipv4_data.ttl);
add_intfield(obj, "protocol_id", data->ipv4_data.protocol);
} else if(data->ipversion == 6) {
add_intfield(obj, "ttl", data->ipv6_data.hoplimit);
add_intfield(obj, "protocol_id", data->ipv6_data.protocol);
}
add_strfield(obj, "src_addr", data->src_addr);
add_strfield(obj, "dest_addr", data->dest_addr);
if (data->ipversion == 4) {
if (data->ipv4_data.protocol == 6) {
add_intfield(obj, "src_port", data->tcp_data.srcport);
add_intfield(obj, "dest_port", data->tcp_data.destport);
add_intfield(obj, "length", data->tcp_data.length);
} else if (data->ipv4_data.protocol == 11) {
add_intfield(obj, "src_port", data->udp_data.srcport);
add_intfield(obj, "dest_port", data->udp_data.destport);
add_intfield(obj, "length", data->udp_data.length);
}
} else if (data->ipversion == 6) {
if (data->ipv6_data.protocol == 6) {
add_intfield(obj, "src_port", data->tcp_data.srcport);
add_intfield(obj, "dest_port", data->tcp_data.destport);
add_intfield(obj, "length", data->tcp_data.length);
} else if (data->ipv6_data.protocol == 11) {
add_intfield(obj, "src_port", data->udp_data.srcport);
add_intfield(obj, "dest_port", data->udp_data.destport);
add_intfield(obj, "length", data->udp_data.length);
}
}
return 0;
}

View File

@ -1,4 +1,6 @@
#include <stdlib.h>
#include <json-c/json.h>
#define IFACE_LEN 8
@ -102,3 +104,5 @@ typedef struct pf_data {
int pfdata_parse(char* message, pf_data* result);
void pfdata_print(pf_data* data);
int pfdata_to_json(pf_data* data, json_object* obj);