/** * @brief Prints the given kernel log-row in a user-row format. * * @param kernelRow - the kernel row to print. * * @return TRUE for success, FALSE for failure. */ Bool printKernelLogRow(const char * kernelRow) { log_row_t logRow = { 0 }; char reasonStr[30] = ""; struct in_addr srcIp = {0}; struct in_addr dstIp = {0}; int sscanfResult = 0; /* Using unsigned short variables for the log_row_t's fields that are unsigned char, so they could be scanned as a number */ unsigned short protocol = 0; unsigned short action = 0; unsigned short hooknum = 0; /* The kernel format is in the order of the log_row_t definition */ sscanfResult = sscanf(kernelRow, "%lu %hu %hu %hu %u %u %hu %hu %d %u", &logRow.timestamp, &protocol, &action, &hooknum, &logRow.src_ip, &logRow.dst_ip, &logRow.src_port, &logRow.dst_port, &logRow.reason, &logRow.count); if (sscanfResult != 10) { printf("Failed scanning the log row from the string which was read from the device.\n"); return FALSE; } srcIp.s_addr = logRow.src_ip; dstIp.s_addr = logRow.dst_ip; setReasonString(reasonStr, logRow.reason); if (!printTimestamp(&logRow.timestamp)) { return FALSE; } /* Splitting the printing of the IP's because inet_ntoa returns a static buffer which changes */ printf("%-20s ", inet_ntoa(srcIp)); printf("%-20s ", inet_ntoa(dstIp)); printf("%-10hu %-10hu %-10s %-10u %-10s %-30s %u\n", ntohs(logRow.src_port), ntohs(logRow.dst_port), getProtocolString(protocol), hooknum, getActionString(action), reasonStr, logRow.count); return TRUE; }
static json_t *monsterAttack_toJson(const void *vma) { monsterAttack_t *ma = (monsterAttack_t *)vma; json_t *node = NULL; if (ma->type) { node = json_object(); JSON_STRING(node, "type", getActionString(ma->type)); json_object_set_new(node, "action", btAction_toJson(ma->action)); } return node; }
/** * @brief Prints a description of the given rule. * * @param singleRule */ void printSingleRule(const char * singleRule) { char name[20] = ""; unsigned short direction; unsigned int srcIp; unsigned short srcPrefixSize; unsigned int dstIp; unsigned short dstPrefixSsize; unsigned short srcPort; unsigned short dstPort; unsigned short protocol; unsigned short ack; unsigned short action; sscanf(singleRule, "%s %hu %d %hu %d %hu %hu %hu %hu %hu %hu", name, &direction, &srcIp, &srcPrefixSize, &dstIp, &dstPrefixSsize, &protocol, &srcPort, &dstPort, &ack, &action); /* Printing the rule */ printf("%s %s ", name, getDirectionString(direction)); printSubnetString(srcIp, srcPrefixSize); printf(" "); printSubnetString(dstIp, dstPrefixSsize); printf(" "); printf("%s ", getProtocolString(protocol)); printPort(srcPort); printf(" "); printPort(dstPort); printf(" %s %s\n", getAckString(ack), getActionString(action)); }