json output
This commit is contained in:
parent
ff7b709118
commit
bb3e5c75ed
13
src/main.c
13
src/main.c
@ -85,7 +85,7 @@ int main(int argc, char** argv) {
|
||||
the various parsing below to fail.*/
|
||||
|
||||
assert(addrlen == sizeof(struct sockaddr_in));
|
||||
printf("\nGot message: %s\n", msg);
|
||||
// printf("\nGot message: %s\n", msg);
|
||||
|
||||
/*TODO should we check that msg[size_recvd] == \0 ?
|
||||
printf("From host %s src port %d got message %.*s\n",
|
||||
@ -100,14 +100,14 @@ int main(int argc, char** argv) {
|
||||
if(sysmsg_parse(&result, msg) != 0) {
|
||||
printf("Failed to parse message: %s", msg);
|
||||
} else {
|
||||
printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
|
||||
/*printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
|
||||
result.priority,
|
||||
result.application,
|
||||
result.date.month,
|
||||
result.date.day,
|
||||
result.date.hour,
|
||||
result.date.minute,
|
||||
result.date.second);
|
||||
result.date.second);*/
|
||||
|
||||
/*parse MSG field into pfsense data*/
|
||||
pf_data fwdata = {0};
|
||||
@ -115,12 +115,11 @@ int main(int argc, char** argv) {
|
||||
if(pfdata_parse(msg, &fwdata) != 0) {
|
||||
printf("Failed to parse pfsense data: %s\n\n", msg);
|
||||
} else {
|
||||
pfdata_print(&fwdata);
|
||||
// pfdata_print(&fwdata);
|
||||
|
||||
json_object* jobj = json_object_new_object();
|
||||
json_object *jstring = json_object_new_string("bar");
|
||||
json_object_object_add(jobj,"foo", jstring);
|
||||
printf("The json object created: %s\n",json_object_to_json_string(jobj));
|
||||
pfdata_to_json(&fwdata, jobj);
|
||||
printf("%s\n",json_object_to_json_string(jobj));
|
||||
json_object_put(jobj);
|
||||
|
||||
}
|
||||
|
@ -4,7 +4,7 @@
|
||||
|
||||
|
||||
int pfdata_parse(char* message, pf_data* result) {
|
||||
printf("pfparse: '%s'\n", message);
|
||||
/*printf("pfparse: '%s'\n", message);*/
|
||||
|
||||
char* token;
|
||||
int field = 0;
|
||||
@ -13,7 +13,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
They are: <rule-number>,<sub-rule-number>,<anchor>,<tracker>,<real-interface>,<reason>,<action>,<direction>,<ip-version>
|
||||
We only collect rule-number, real-interface, reason, action, direction, ip-version */
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /* Rule number*/
|
||||
{ /*language limitation, the `char*` label (or `unsigned`) is not supported after a switch case TODO look up the underlying reason again*/
|
||||
@ -61,7 +61,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
/*parse ipv4 fields*/
|
||||
field = 0;
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /*TOS, hex as a string field starting with "0x" or empty*/
|
||||
{
|
||||
@ -108,7 +108,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
/*parse ipv6 fields*/
|
||||
field = 0;
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /*class, hex as a string field starting with "0x"*/
|
||||
break;
|
||||
@ -146,7 +146,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
/*parse ipv6 fields*/
|
||||
field = 0;
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /*packet length, int*/
|
||||
{
|
||||
@ -181,7 +181,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
/*parse ipv6 fields*/
|
||||
field = 0;
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /*src port, int*/
|
||||
{
|
||||
@ -218,7 +218,7 @@ int pfdata_parse(char* message, pf_data* result) {
|
||||
/*<source-port>,<destination-port>,<data-length>*/
|
||||
field = 0;
|
||||
while ( (token = strsep(&message, ",")) != NULL) {
|
||||
printf("%02d: %s\n", field, token);
|
||||
/*printf("%02d: %s\n", field, token);*/
|
||||
switch (field) {
|
||||
case 0: /*src port, int*/
|
||||
{
|
||||
@ -296,3 +296,61 @@ void pfdata_print(pf_data* data) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void add_intfield(json_object* obj, char* name, int value) {
|
||||
json_object *ipversion = json_object_new_int(value);
|
||||
json_object_object_add(obj, name, ipversion);
|
||||
}
|
||||
|
||||
|
||||
void add_strfield(json_object* obj, char* name, char* value) {
|
||||
json_object *ipversion = json_object_new_string(value);
|
||||
json_object_object_add(obj, name, ipversion);
|
||||
}
|
||||
|
||||
|
||||
int pfdata_to_json(pf_data* data, json_object* obj) {
|
||||
/*
|
||||
Populate the passed json_object obj with data from from pf_data data.
|
||||
*/
|
||||
add_strfield(obj, "interface", data->iface);
|
||||
add_intfield(obj, "ipversion", data->ipversion);
|
||||
|
||||
add_strfield(obj, "action", (char*)(pfhastr[data->action]));
|
||||
|
||||
if(data->ipversion == 4) {
|
||||
add_intfield(obj, "ttl", data->ipv4_data.ttl);
|
||||
add_intfield(obj, "protocol_id", data->ipv4_data.protocol);
|
||||
} else if(data->ipversion == 6) {
|
||||
add_intfield(obj, "ttl", data->ipv6_data.hoplimit);
|
||||
add_intfield(obj, "protocol_id", data->ipv6_data.protocol);
|
||||
}
|
||||
|
||||
add_strfield(obj, "src_addr", data->src_addr);
|
||||
add_strfield(obj, "dest_addr", data->dest_addr);
|
||||
|
||||
if (data->ipversion == 4) {
|
||||
if (data->ipv4_data.protocol == 6) {
|
||||
add_intfield(obj, "src_port", data->tcp_data.srcport);
|
||||
add_intfield(obj, "dest_port", data->tcp_data.destport);
|
||||
add_intfield(obj, "length", data->tcp_data.length);
|
||||
} else if (data->ipv4_data.protocol == 11) {
|
||||
add_intfield(obj, "src_port", data->udp_data.srcport);
|
||||
add_intfield(obj, "dest_port", data->udp_data.destport);
|
||||
add_intfield(obj, "length", data->udp_data.length);
|
||||
}
|
||||
} else if (data->ipversion == 6) {
|
||||
if (data->ipv6_data.protocol == 6) {
|
||||
add_intfield(obj, "src_port", data->tcp_data.srcport);
|
||||
add_intfield(obj, "dest_port", data->tcp_data.destport);
|
||||
add_intfield(obj, "length", data->tcp_data.length);
|
||||
} else if (data->ipv6_data.protocol == 11) {
|
||||
add_intfield(obj, "src_port", data->udp_data.srcport);
|
||||
add_intfield(obj, "dest_port", data->udp_data.destport);
|
||||
add_intfield(obj, "length", data->udp_data.length);
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,6 @@
|
||||
#include <stdlib.h>
|
||||
#include <json-c/json.h>
|
||||
|
||||
|
||||
#define IFACE_LEN 8
|
||||
|
||||
@ -102,3 +104,5 @@ typedef struct pf_data {
|
||||
int pfdata_parse(char* message, pf_data* result);
|
||||
|
||||
void pfdata_print(pf_data* data);
|
||||
|
||||
int pfdata_to_json(pf_data* data, json_object* obj);
|
||||
|
Loading…
x
Reference in New Issue
Block a user