2023-10-24 07:09:29 -04:00
|
|
|
#!/usr/bin/env python3
|
2023-10-25 12:51:08 -04:00
|
|
|
#from ctypes import *
|
|
|
|
import ctypes
|
2023-10-24 07:09:29 -04:00
|
|
|
import _ctypes
|
2023-10-25 13:30:35 -04:00
|
|
|
from datetime import datetime
|
2023-10-25 12:51:08 -04:00
|
|
|
import os
|
|
|
|
|
|
|
|
class LogData(ctypes.Structure):
|
|
|
|
_fields_ = [
|
|
|
|
("tag", ctypes.c_char_p),
|
|
|
|
("iface_in", ctypes.c_char_p),
|
|
|
|
("iface_out", ctypes.c_char_p),
|
|
|
|
("mac", ctypes.c_char_p),
|
|
|
|
("dst_ip", ctypes.c_char_p),
|
|
|
|
("src_ip", ctypes.c_char_p),
|
|
|
|
("dst_port", ctypes.c_char_p),
|
|
|
|
("src_port", ctypes.c_char_p),
|
|
|
|
("proto", ctypes.c_char_p),
|
2023-10-25 13:30:35 -04:00
|
|
|
("tstamp", ctypes.c_char_p),
|
2023-10-25 12:51:08 -04:00
|
|
|
("len", ctypes.c_char_p)
|
|
|
|
]
|
2023-10-24 07:09:29 -04:00
|
|
|
|
|
|
|
def c_parser(log_line):
|
|
|
|
so_file = "lib/parser_lib.so"
|
|
|
|
iptablesParser = CDLL(so_file)
|
|
|
|
iptablesParser.iptablesParser.argtype = c_char_p
|
|
|
|
iptablesParser.iptablesParser.restype = c_char_p
|
|
|
|
iptablesParser.lineParser.argtype = c_char_p
|
|
|
|
iptablesParser.lineParser.restype = c_char_p
|
|
|
|
|
|
|
|
parser_arg = log_line.encode('utf-8')
|
|
|
|
|
|
|
|
# c_return = iptablesParser.iptablesParser(parser_arg)
|
|
|
|
c_return = iptablesParser.lineParser(parser_arg)
|
|
|
|
|
|
|
|
_ctypes.dlclose(iptablesParser._handle)
|
|
|
|
|
|
|
|
# iptablesParser.freeme(c_return)
|
|
|
|
|
|
|
|
print()
|
|
|
|
print("[ Return on Python ]"+"-"*50+"[+]")
|
|
|
|
print(c_return.decode("utf-8"))
|
|
|
|
print(c_return)
|
|
|
|
|
|
|
|
def file_pointer():
|
|
|
|
f = open("/var/log/iptables.log", "r")
|
|
|
|
i = 0
|
|
|
|
for x in f:
|
|
|
|
print()
|
|
|
|
print("*"*100)
|
|
|
|
print("SEQUENCE : ",i)
|
|
|
|
print("*"*100)
|
|
|
|
print(str(i)+" -> "+x)
|
|
|
|
c_parser(str(x))
|
|
|
|
if i >= 3:
|
|
|
|
break
|
|
|
|
i = i + 1
|
|
|
|
|
2023-10-25 12:51:08 -04:00
|
|
|
def struct_process():
|
|
|
|
path = os.getcwd()
|
|
|
|
clibrary = ctypes.CDLL(os.path.join(path, 'lib/parser_lib.so'))
|
|
|
|
|
|
|
|
#param_1=("ABC", "CDE")
|
|
|
|
clibrary.main.restype = ctypes.POINTER(LogData)
|
|
|
|
call_lib = clibrary.main()
|
|
|
|
print(call_lib.contents.src_ip.decode('utf-8'))
|
|
|
|
print(call_lib.contents.dst_ip.decode('utf-8'))
|
|
|
|
print(call_lib.contents.src_port.decode('utf-8'))
|
|
|
|
print(call_lib.contents.dst_port.decode('utf-8'))
|
|
|
|
print(call_lib.contents.proto.decode('utf-8'))
|
|
|
|
print(call_lib.contents.iface_in.decode('utf-8'))
|
|
|
|
print(call_lib.contents.iface_out.decode('utf-8'))
|
|
|
|
print(call_lib.contents.len)
|
|
|
|
|
|
|
|
def line_process():
|
|
|
|
path = os.getcwd()
|
|
|
|
log_file = "example/iptables.log"
|
|
|
|
|
|
|
|
p_file = open(os.path.join(path, log_file))
|
|
|
|
p_lines = p_file.readlines()
|
|
|
|
|
|
|
|
clibrary = ctypes.CDLL(os.path.join(path, 'lib/parser_lib.so'))
|
|
|
|
clibrary.main.restype = ctypes.POINTER(LogData)
|
|
|
|
|
|
|
|
clibrary.line_parse.restype = ctypes.POINTER(LogData)
|
|
|
|
clibrary.line_parse.argtype = ctypes.c_char_p
|
|
|
|
|
|
|
|
test_val = "HERRROOOO"
|
|
|
|
|
|
|
|
for line in p_lines:
|
2023-10-25 13:30:35 -04:00
|
|
|
print(line)
|
2023-10-25 12:51:08 -04:00
|
|
|
parser_arg = line.encode('utf-8')
|
|
|
|
call_lib = clibrary.line_parse(parser_arg)
|
2023-10-25 13:30:35 -04:00
|
|
|
time_hr = datetime.fromisoformat(call_lib.contents.tstamp.decode('utf-8'))
|
|
|
|
time_hr = time_hr.strftime("%d-%m-%Y %H:%M:%S (%Z)")
|
2023-10-25 12:51:08 -04:00
|
|
|
print("-"*30)
|
2023-10-25 13:30:35 -04:00
|
|
|
print("TSTAMP ",time_hr)
|
2023-10-25 12:51:08 -04:00
|
|
|
print("SRC ",call_lib.contents.src_ip.decode('utf-8'))
|
|
|
|
print("DST ",call_lib.contents.dst_ip.decode('utf-8'))
|
|
|
|
print("LEN ",call_lib.contents.len.decode('utf-8'))
|
2023-10-25 13:30:35 -04:00
|
|
|
|
2023-10-25 12:51:08 -04:00
|
|
|
print("IFACE_IN ",call_lib.contents.iface_in.decode('utf-8'))
|
|
|
|
print("IFACE_OUT ",call_lib.contents.iface_out.decode('utf-8'))
|
|
|
|
print("PROTO ",call_lib.contents.proto.decode('utf-8'))
|
2023-10-25 13:30:35 -04:00
|
|
|
if (call_lib.contents.proto != b"ICMP"):
|
|
|
|
print("SPT ",call_lib.contents.src_port.decode('utf-8'))
|
|
|
|
print("DPT ",call_lib.contents.dst_port.decode('utf-8'))
|
2023-10-25 12:51:08 -04:00
|
|
|
print()
|
|
|
|
#_ctypes.dlclose(call_lib._handle)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##clibrary.main(param_1)
|
|
|
|
#print(clibrary.main().contents.src_ip)
|
|
|
|
#print(clibrary.main().contents.dst_ip)
|
|
|
|
#file_pointer()
|
|
|
|
|
|
|
|
#struct_process()
|
|
|
|
line_process()
|
2023-10-24 07:09:29 -04:00
|
|
|
|
|
|
|
|