diff options
| author | Junzy <[email protected]> | 2024-08-26 18:19:47 +0800 |
|---|---|---|
| committer | Junzy <[email protected]> | 2024-08-26 18:19:47 +0800 |
| commit | fd5f7e30d91495fec0f8943ac5ca360848f5f76b (patch) | |
| tree | c7ce025fc9129c09b263502f91633d26fd4898ec | |
| parent | f1506cb47e07da4f007a3fe16ca64ebddf587f4e (diff) | |
update src: fix syntax error
| -rw-r--r-- | src/nat_format.cpp | 109 | ||||
| -rw-r--r-- | src/nat_format.h | 4 |
2 files changed, 55 insertions, 58 deletions
diff --git a/src/nat_format.cpp b/src/nat_format.cpp index 20a8465..af043ba 100644 --- a/src/nat_format.cpp +++ b/src/nat_format.cpp @@ -4,13 +4,15 @@ #include <stdlib.h> #include <string.h> -#include <sys/socket.h> -#include <netinet/in.h> #include <arpa/inet.h> +#include <netinet/in.h> +#include <sys/socket.h> +#include <time.h> +#include <unistd.h> #include "nat_format.h" -#define NAT_FORMAT_NAT_FORMAT_CONFIG_FILE "./conf/nat_format.conf" +#define NAT_FORMAT_CONFIG_FILE "./conf/nat_format.conf" #define PAYLOAD_LEN 46 #define FORMAT_LOG_ACTION_ADD 0x00 @@ -43,8 +45,8 @@ int nat_format_init(void) { MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_RECEIVE_PORT", "dp_syslog", &g_nat_format_info.dp_syslog_port, 518); MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_RECEIVE_PORT", "dp_binary", &g_nat_format_info.dp_binary_port, 519); - MESA_load_profile_string_def(config_file, "NAT_FORMAT_LOG", "run_log_path", g_nat_format_info.log_path, sizeof(g_nat_format_info.root_log_path), "./log/nat_format.log"); - MESA_load_profile_uint_def(config_file, "NAT_FORMAT_LOG", "run_log_level", &g_nat_format_info.log_level, 10); + MESA_load_profile_string_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_LOG", "run_log_path", g_nat_format_info.log_path, sizeof(g_nat_format_info.log_path), "./log/nat_format.log"); + MESA_load_profile_uint_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_LOG", "run_log_level", &g_nat_format_info.log_level, 10); g_nat_format_info.log = MESA_create_runtime_log_handle(g_nat_format_info.log_path, g_nat_format_info.log_level); if (g_tf_dns_info.log == NULL) { printf("MESA_create_runtime_log_handle %s failed: %s\n", g_nat_format_info.log_path, strerror(errno)); @@ -107,56 +109,51 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void // 提取nat信息 struct nat_payload nat_payload; - inet_pton(AF_INET, a_udp->addr.tuple4_v4->s_addr, nat_payload.fw_ip); // 防火墙ip为源ip,需要进行点分十进制转换 + inet_pton(AF_INET, a_udp->addr.tuple4_v4->saddr, nat_payload.fw_ip); // 防火墙ip为源ip,需要进行点分十进制转换 // 根据数据来源的端口采取不同的处理策略 - switch (udp_port) { - // 华为syslog格式:防火墙日志生成时间需要转换为时间戳、动作字符串需要转换为序号、点分十进制格式ip需要转换为二进制 - case g_nat_format_info.hw_syslog_port: - char fw_log_time[21]; - char action_str[20]; - char src_intra_ip[20]; - char dst_ip[20]; - char src_extra_ip[20]; - int suc_num = sscanf(udp_data, "%*[^>]>%20[0-9: -]%*[^/]/%*[0-9]/%19[A-Z_]%*[^:]:SourceIP=%19[^,],DestinationIP=%19[^,],SourcePort=%hu,DestinationPort=%hu,SourceNatIP=%19[^,],SourceNatPort=%hu,BeginTime=%u,EndTime=%u", - fw_log_time, action_str, src_intra_ip, dst_ip, &nat_payload.src_intra_port, &nat_payload.dst_port, src_extra_ip, &nat_payload.src_extra_port, &nat_payload.stream_start_timestamp, &nat_payload.stream_end_timestamp); - if (suc_num != 10) { - MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "NAT extraction failed: %d/10", suc_num); - return APP_STATE_DROPME - } - - struct tm fw_time; - if (strptime(fw_log_time, "%Y-%m-%d %H:%M:%S ", &fw_time) == NULL) { - MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "firewall log generation time extraction failed: %s", fw_log_time); - return APP_STATE_GIVEME; - } - nat_payload.fw_log_timestamp = (unsigned int)mktime(fw_time); - - inet_pton(AF_INET, src_intra_ip, &nat_payload.src_intra_ip); - inet_pton(AF_INET, dst_ip, &nat_payload.dst_ip); - inet_pton(AF_INET, src_extra_ip, &nat_payload.src_extra_ip); - - if (strcmp(action_str, HW_EVENT_ADD) == 0) { - nat_payload.action = FORMAT_LOG_ACTION_ADD; - } else if (strcmp(action_str, HW_EVENT_DEL) == 0) { - nat_payload.action = FORMAT_LOG_ACTION_DEL; - } else { - MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str); - return APP_STATE_GIVEME; - } - - break; - case g_nat_format_info.hw_binary_port: - break; - case g_nat_format_info.h3_syslog_port: - break; - case g_nat_format_info.h3_binary_port: - break; - case g_nat_format_info.dp_syslog_port: - break; - case g_nat_format_info.dp_binary_port: - break; - default: - break; + // 华为syslog格式:防火墙日志生成时间需要转换为时间戳、动作字符串需要转换为序号、点分十进制格式ip需要转换为二进制 + if (udp_port == g_nat_format_info.hw_syslog_port) { + char fw_log_time[21]; + char action_str[20]; + char src_intra_ip[20]; + char dst_ip[20]; + char src_extra_ip[20]; + int suc_num = sscanf(udp_data, "%*[^>]>%20[0-9: -]%*[^/]/%*[0-9]/%19[A-Z_]%*[^:]:SourceIP=%19[^,],DestinationIP=%19[^,],SourcePort=%hu,DestinationPort=%hu,SourceNatIP=%19[^,],SourceNatPort=%hu,BeginTime=%u,EndTime=%u", + fw_log_time, action_str, src_intra_ip, dst_ip, &nat_payload.src_intra_port, &nat_payload.dst_port, src_extra_ip, &nat_payload.src_extra_port, &nat_payload.stream_start_timestamp, &nat_payload.stream_end_timestamp); + if (suc_num != 10) { + MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "NAT extraction failed: %d/10", suc_num); + return APP_STATE_DROPME; + } + + struct tm fw_time; + if (strptime(fw_log_time, "%Y-%m-%d %H:%M:%S ", &fw_time) == NULL) { + MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "firewall log generation time extraction failed: %s", fw_log_time); + return APP_STATE_GIVEME; + } + nat_payload.fw_log_timestamp = (unsigned int)mktime(fw_time); + + inet_pton(AF_INET, src_intra_ip, &nat_payload.src_intra_ip); + inet_pton(AF_INET, dst_ip, &nat_payload.dst_ip); + inet_pton(AF_INET, src_extra_ip, &nat_payload.src_extra_ip); + + if (strcmp(action_str, HW_EVENT_ADD) == 0) { + nat_payload.action = FORMAT_LOG_ACTION_ADD; + } else if (strcmp(action_str, HW_EVENT_DEL) == 0) { + nat_payload.action = FORMAT_LOG_ACTION_DEL; + } else { + MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str); + return APP_STATE_GIVEME; + } + } else if (udp_port == g_nat_format_info.hw_binary_port) { + return APP_STATE_GIVEME; + } else if (udp_port == g_nat_format_info.h3_syslog_port) { + return APP_STATE_GIVEME; + } else if (udp_port == g_nat_format_info.h3_binary_port) { + return APP_STATE_GIVEME; + } else if (udp_port == g_nat_format_info.dp_syslog_port) { + return APP_STATE_GIVEME; + } else if (udp_port == g_nat_format_info.dp_binary_port) { + return APP_STATE_GIVEME; } // 将提取出来的信息写进组播载荷 @@ -165,8 +162,8 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void // 攒够20个进行发送 if (cur_pkt == 20) { - if (sendto(udp_socket, buf, strlen(buf), 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) { - MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str); + if (sendto(udp_socket, multicast_payload, strlen(multicast_payload), 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) { + MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Send multicast failed: %s", strerror(errno)); } cur_pkt = 0; } diff --git a/src/nat_format.h b/src/nat_format.h index 33c773c..a7dd592 100644 --- a/src/nat_format.h +++ b/src/nat_format.h @@ -27,7 +27,7 @@ struct nat_format_global_info { int32_t dp_syslog_port; int32_t dp_binary_port; - char root_log_path[256]; + char log_path[256]; u_int32_t log_level; void *log; }; @@ -35,7 +35,7 @@ struct nat_format_global_info { // 格式化NAT报文载荷 struct nat_payload { unsigned int magic_num = FORMAT_LOG_MAGIC_NUMBER; - unsigned short magic_num = FORMAT_LOG_VERSION; + unsigned short version = FORMAT_LOG_VERSION; unsigned int fw_log_timestamp; unsigned int fw_ip; char action; |