From bb3e5c75ed994adecaa195f22ed6900a9c426e18 Mon Sep 17 00:00:00 2001
From: dave <dave@davepedu.com>
Date: Wed, 4 Jul 2018 17:09:03 -0700
Subject: [PATCH] json output

---
 src/main.c     | 13 +++++----
 src/pfparser.c | 72 +++++++++++++++++++++++++++++++++++++++++++++-----
 src/pfparser.h |  4 +++
 3 files changed, 75 insertions(+), 14 deletions(-)

diff --git a/src/main.c b/src/main.c
index 47efb65..53a49de 100644
--- a/src/main.c
+++ b/src/main.c
@@ -85,7 +85,7 @@ int main(int argc, char** argv) {
         the various parsing below to fail.*/
 
         assert(addrlen == sizeof(struct sockaddr_in));
-        printf("\nGot message: %s\n", msg);
+        // printf("\nGot message: %s\n", msg);
 
         /*TODO should we check that msg[size_recvd] == \0 ?
         printf("From host %s src port %d got message %.*s\n",
@@ -100,14 +100,14 @@ int main(int argc, char** argv) {
         if(sysmsg_parse(&result, msg) != 0) {
             printf("Failed to parse message: %s", msg);
         } else {
-            printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
+            /*printf("syslog message is valid:\n\tpriority: %d\n\tapplication: %s\n\tDate: %s %d %02d:%02d:%02d\n",
                    result.priority,
                    result.application,
                    result.date.month,
                    result.date.day,
                    result.date.hour,
                    result.date.minute,
-                   result.date.second);
+                   result.date.second);*/
 
             /*parse MSG field into pfsense data*/
             pf_data fwdata = {0};
@@ -115,12 +115,11 @@ int main(int argc, char** argv) {
             if(pfdata_parse(msg, &fwdata) != 0) {
                 printf("Failed to parse pfsense data: %s\n\n", msg);
             } else {
-                pfdata_print(&fwdata);
+                // pfdata_print(&fwdata);
 
                 json_object* jobj = json_object_new_object();
-                json_object *jstring = json_object_new_string("bar");
-                json_object_object_add(jobj,"foo", jstring);
-                printf("The json object created: %s\n",json_object_to_json_string(jobj));
+                pfdata_to_json(&fwdata, jobj);
+                printf("%s\n",json_object_to_json_string(jobj));
                 json_object_put(jobj);
 
             }
diff --git a/src/pfparser.c b/src/pfparser.c
index 0c5db8e..0fd4335 100644
--- a/src/pfparser.c
+++ b/src/pfparser.c
@@ -4,7 +4,7 @@
 
 
 int pfdata_parse(char* message, pf_data* result) {
-    printf("pfparse: '%s'\n", message);
+    /*printf("pfparse: '%s'\n", message);*/
 
     char* token;
     int field = 0;
@@ -13,7 +13,7 @@ int pfdata_parse(char* message, pf_data* result) {
        They are: <rule-number>,<sub-rule-number>,<anchor>,<tracker>,<real-interface>,<reason>,<action>,<direction>,<ip-version>
        We only collect rule-number, real-interface, reason, action, direction, ip-version */
     while ( (token = strsep(&message, ",")) != NULL) {
-        printf("%02d: %s\n", field, token);
+        /*printf("%02d: %s\n", field, token);*/
         switch (field) {
             case 0: /* Rule number*/
                 {  /*language limitation, the `char*` label (or `unsigned`) is not supported after a switch case TODO look up the underlying reason again*/
@@ -61,7 +61,7 @@ int pfdata_parse(char* message, pf_data* result) {
         /*parse ipv4 fields*/
         field = 0;
         while ( (token = strsep(&message, ",")) != NULL) {
-            printf("%02d: %s\n", field, token);
+            /*printf("%02d: %s\n", field, token);*/
             switch (field) {
                 case 0: /*TOS, hex as a string field starting with "0x" or empty*/
                     {
@@ -108,7 +108,7 @@ int pfdata_parse(char* message, pf_data* result) {
         /*parse ipv6 fields*/
         field = 0;
         while ( (token = strsep(&message, ",")) != NULL) {
-            printf("%02d: %s\n", field, token);
+            /*printf("%02d: %s\n", field, token);*/
             switch (field) {
                 case 0: /*class, hex as a string field starting with "0x"*/
                 break;
@@ -146,7 +146,7 @@ int pfdata_parse(char* message, pf_data* result) {
     /*parse ipv6 fields*/
     field = 0;
     while ( (token = strsep(&message, ",")) != NULL) {
-        printf("%02d: %s\n", field, token);
+        /*printf("%02d: %s\n", field, token);*/
         switch (field) {
             case 0: /*packet length, int*/
                 {
@@ -181,7 +181,7 @@ int pfdata_parse(char* message, pf_data* result) {
         /*parse ipv6 fields*/
         field = 0;
         while ( (token = strsep(&message, ",")) != NULL) {
-            printf("%02d: %s\n", field, token);
+            /*printf("%02d: %s\n", field, token);*/
             switch (field) {
                 case 0: /*src port, int*/
                     {
@@ -218,7 +218,7 @@ int pfdata_parse(char* message, pf_data* result) {
         /*<source-port>,<destination-port>,<data-length>*/
         field = 0;
         while ( (token = strsep(&message, ",")) != NULL) {
-            printf("%02d: %s\n", field, token);
+            /*printf("%02d: %s\n", field, token);*/
             switch (field) {
                 case 0: /*src port, int*/
                     {
@@ -296,3 +296,61 @@ void pfdata_print(pf_data* data) {
         }
     }
 }
+
+
+void add_intfield(json_object* obj, char* name, int value) {
+    json_object *ipversion = json_object_new_int(value);
+    json_object_object_add(obj, name, ipversion);
+}
+
+
+void add_strfield(json_object* obj, char* name, char* value) {
+    json_object *ipversion = json_object_new_string(value);
+    json_object_object_add(obj, name, ipversion);
+}
+
+
+int pfdata_to_json(pf_data* data, json_object* obj) {
+    /*
+    Populate the passed json_object obj with data from from pf_data data.
+    */
+    add_strfield(obj, "interface", data->iface);
+    add_intfield(obj, "ipversion", data->ipversion);
+
+    add_strfield(obj, "action", (char*)(pfhastr[data->action]));
+
+    if(data->ipversion == 4) {
+        add_intfield(obj, "ttl", data->ipv4_data.ttl);
+        add_intfield(obj, "protocol_id", data->ipv4_data.protocol);
+    } else if(data->ipversion == 6) {
+        add_intfield(obj, "ttl", data->ipv6_data.hoplimit);
+        add_intfield(obj, "protocol_id", data->ipv6_data.protocol);
+    }
+
+    add_strfield(obj, "src_addr", data->src_addr);
+    add_strfield(obj, "dest_addr", data->dest_addr);
+
+    if (data->ipversion == 4) {
+        if (data->ipv4_data.protocol == 6) {
+            add_intfield(obj, "src_port", data->tcp_data.srcport);
+            add_intfield(obj, "dest_port", data->tcp_data.destport);
+            add_intfield(obj, "length", data->tcp_data.length);
+        } else if (data->ipv4_data.protocol == 11) {
+            add_intfield(obj, "src_port", data->udp_data.srcport);
+            add_intfield(obj, "dest_port", data->udp_data.destport);
+            add_intfield(obj, "length", data->udp_data.length);
+        }
+    } else if (data->ipversion == 6) {
+        if (data->ipv6_data.protocol == 6) {
+            add_intfield(obj, "src_port", data->tcp_data.srcport);
+            add_intfield(obj, "dest_port", data->tcp_data.destport);
+            add_intfield(obj, "length", data->tcp_data.length);
+        } else if (data->ipv6_data.protocol == 11) {
+            add_intfield(obj, "src_port", data->udp_data.srcport);
+            add_intfield(obj, "dest_port", data->udp_data.destport);
+            add_intfield(obj, "length", data->udp_data.length);
+        }
+    }
+
+    return 0;
+}
diff --git a/src/pfparser.h b/src/pfparser.h
index 01c72e9..6d32923 100644
--- a/src/pfparser.h
+++ b/src/pfparser.h
@@ -1,4 +1,6 @@
 #include <stdlib.h>
+#include <json-c/json.h>
+
 
 #define IFACE_LEN 8
 
@@ -102,3 +104,5 @@ typedef struct pf_data {
 int pfdata_parse(char* message, pf_data* result);
 
 void pfdata_print(pf_data* data);
+
+int pfdata_to_json(pf_data* data, json_object* obj);