#!/usr/bin/env python3 #from ctypes import * import ctypes import _ctypes from datetime import datetime import os class LogData(ctypes.Structure): _fields_ = [ ("tag", ctypes.c_char_p), ("iface_in", ctypes.c_char_p), ("iface_out", ctypes.c_char_p), ("mac", ctypes.c_char_p), ("dst_ip", ctypes.c_char_p), ("src_ip", ctypes.c_char_p), ("dst_port", ctypes.c_char_p), ("src_port", ctypes.c_char_p), ("proto", ctypes.c_char_p), ("tstamp", ctypes.c_char_p), ("len", ctypes.c_char_p) ] def c_parser(log_line): so_file = "lib/parser_lib.so" iptablesParser = CDLL(so_file) iptablesParser.iptablesParser.argtype = c_char_p iptablesParser.iptablesParser.restype = c_char_p iptablesParser.lineParser.argtype = c_char_p iptablesParser.lineParser.restype = c_char_p parser_arg = log_line.encode('utf-8') # c_return = iptablesParser.iptablesParser(parser_arg) c_return = iptablesParser.lineParser(parser_arg) _ctypes.dlclose(iptablesParser._handle) # iptablesParser.freeme(c_return) print() print("[ Return on Python ]"+"-"*50+"[+]") print(c_return.decode("utf-8")) print(c_return) def file_pointer(): f = open("/var/log/iptables.log", "r") i = 0 for x in f: print() print("*"*100) print("SEQUENCE : ",i) print("*"*100) print(str(i)+" -> "+x) c_parser(str(x)) if i >= 3: break i = i + 1 def struct_process(): path = os.getcwd() clibrary = ctypes.CDLL(os.path.join(path, 'lib/parser_lib.so')) #param_1=("ABC", "CDE") clibrary.main.restype = ctypes.POINTER(LogData) call_lib = clibrary.main() print(call_lib.contents.src_ip.decode('utf-8')) print(call_lib.contents.dst_ip.decode('utf-8')) print(call_lib.contents.src_port.decode('utf-8')) print(call_lib.contents.dst_port.decode('utf-8')) print(call_lib.contents.proto.decode('utf-8')) print(call_lib.contents.iface_in.decode('utf-8')) print(call_lib.contents.iface_out.decode('utf-8')) print(call_lib.contents.len) def line_process(): path = os.getcwd() log_file = "example/iptables.log" p_file = open(os.path.join(path, log_file)) p_lines = p_file.readlines() clibrary = ctypes.CDLL(os.path.join(path, 'lib/parser_lib.so')) clibrary.main.restype = ctypes.POINTER(LogData) clibrary.line_parse.restype = ctypes.POINTER(LogData) clibrary.line_parse.argtype = ctypes.c_char_p test_val = "HERRROOOO" for line in p_lines: print(line) parser_arg = line.encode('utf-8') call_lib = clibrary.line_parse(parser_arg) time_hr = datetime.fromisoformat(call_lib.contents.tstamp.decode('utf-8')) time_hr = time_hr.strftime("%d-%m-%Y %H:%M:%S (%Z)") print("-"*30) print("TSTAMP ",time_hr) print("SRC ",call_lib.contents.src_ip.decode('utf-8')) print("DST ",call_lib.contents.dst_ip.decode('utf-8')) print("LEN ",call_lib.contents.len.decode('utf-8')) print("IFACE_IN ",call_lib.contents.iface_in.decode('utf-8')) print("IFACE_OUT ",call_lib.contents.iface_out.decode('utf-8')) print("PROTO ",call_lib.contents.proto.decode('utf-8')) if (call_lib.contents.proto != b"ICMP"): print("SPT ",call_lib.contents.src_port.decode('utf-8')) print("DPT ",call_lib.contents.dst_port.decode('utf-8')) print() #_ctypes.dlclose(call_lib._handle) ##clibrary.main(param_1) #print(clibrary.main().contents.src_ip) #print(clibrary.main().contents.dst_ip) #file_pointer() #struct_process() line_process()