/**
* @brief Prints the given kernel log-row in a user-row format.
*
* @param kernelRow - the kernel row to print.
*
* @return TRUE for success, FALSE for failure.
*/
Bool printKernelLogRow(const char * kernelRow)
{
log_row_t logRow = { 0 };
char reasonStr[30] = "";
struct in_addr srcIp = {0};
struct in_addr dstIp = {0};
int sscanfResult = 0;
/* Using unsigned short variables for the log_row_t's fields that are unsigned char,
so they could be scanned as a number */
unsigned short protocol = 0;
unsigned short action = 0;
unsigned short hooknum = 0;
/* The kernel format is in the order of the log_row_t definition */
sscanfResult = sscanf(kernelRow, "%lu %hu %hu %hu %u %u %hu %hu %d %u",
&logRow.timestamp,
&protocol,
&action,
&hooknum,
&logRow.src_ip,
&logRow.dst_ip,
&logRow.src_port,
&logRow.dst_port,
&logRow.reason,
&logRow.count);
if (sscanfResult != 10)
{
printf("Failed scanning the log row from the string which was read from the device.\n");
return FALSE;
}
srcIp.s_addr = logRow.src_ip;
dstIp.s_addr = logRow.dst_ip;
setReasonString(reasonStr, logRow.reason);
if (!printTimestamp(&logRow.timestamp))
{
return FALSE;
}
/* Splitting the printing of the IP's because inet_ntoa returns a static buffer which changes */
printf("%-20s ", inet_ntoa(srcIp));
printf("%-20s ", inet_ntoa(dstIp));
printf("%-10hu %-10hu %-10s %-10u %-10s %-30s %u\n",
ntohs(logRow.src_port),
ntohs(logRow.dst_port),
getProtocolString(protocol),
hooknum,
getActionString(action),
reasonStr,
logRow.count);
return TRUE;
}
static json_t *monsterAttack_toJson(const void *vma)
{
monsterAttack_t *ma = (monsterAttack_t *)vma;
json_t *node = NULL;
if (ma->type) {
node = json_object();
JSON_STRING(node, "type", getActionString(ma->type));
json_object_set_new(node, "action",
btAction_toJson(ma->action));
}
return node;
}
/**
* @brief Prints a description of the given rule.
*
* @param singleRule
*/
void printSingleRule(const char * singleRule)
{
char name[20] = "";
unsigned short direction;
unsigned int srcIp;
unsigned short srcPrefixSize;
unsigned int dstIp;
unsigned short dstPrefixSsize;
unsigned short srcPort;
unsigned short dstPort;
unsigned short protocol;
unsigned short ack;
unsigned short action;
sscanf(singleRule,
"%s %hu %d %hu %d %hu %hu %hu %hu %hu %hu",
name,
&direction,
&srcIp,
&srcPrefixSize,
&dstIp,
&dstPrefixSsize,
&protocol,
&srcPort,
&dstPort,
&ack,
&action);
/* Printing the rule */
printf("%s %s ",
name,
getDirectionString(direction));
printSubnetString(srcIp, srcPrefixSize);
printf(" ");
printSubnetString(dstIp, dstPrefixSsize);
printf(" ");
printf("%s ", getProtocolString(protocol));
printPort(srcPort);
printf(" ");
printPort(dstPort);
printf(" %s %s\n",
getAckString(ack),
getActionString(action));
}
