Skip to content

Commit

Permalink
inc: src/dst missing for CARP, too
Browse files Browse the repository at this point in the history 
While there, move errors to where they should be checked.

(Hint: as early as possible.)
  • Loading branch information
@fichtner
fichtner committed Apr 5, 2015
1 parent 81abe4d commit 1b9a2f2
Showing 1 changed file with 20 additions and 18 deletions.
38 changes: 20 additions & 18 deletions src/etc/inc/filter_log.inc
View file
Expand Up @@ -131,6 +131,12 @@ function parse_filter_line($line)
} }


list($all, $flent['time'], $host, $rule) = $log_split; list($all, $flent['time'], $host, $rule) = $log_split;

if (trim($flent['time']) == '') {
log_error(sprintf(gettext('There was an error parsing a rule: no time (`%s\')'), $log_split));
return '';
}

$rule_data = explode(',', $rule); $rule_data = explode(',', $rule);
$field = 0; $field = 0;


Expand All @@ -147,7 +153,7 @@ function parse_filter_line($line)


if ($flent['version'] != '4' && $flent['version'] != '6') { if ($flent['version'] != '4' && $flent['version'] != '6') {
log_error(sprintf( log_error(sprintf(
gettext("There was a error parsing rule number: %s -- not IPv4 or IPv6 (`%s')"), gettext('There was an error parsing rule number: %s -- not IPv4 or IPv6 (`%s\')'),
$flent['rulenum'], $flent['rulenum'],
$rule $rule
)); ));
Expand Down Expand Up @@ -175,6 +181,19 @@ function parse_filter_line($line)
$flent['srcip'] = $rule_data[$field++]; $flent['srcip'] = $rule_data[$field++];
$flent['dstip'] = $rule_data[$field++]; $flent['dstip'] = $rule_data[$field++];


/* bootstrap src and dst for non-port protocols */
$flent['src'] = $flent['srcip'];
$flent['dst'] = $flent['dstip'];

if (trim($flent['src']) == '' || trim($flent['dst']) == '') {
log_error(sprintf(
gettext('There was an error parsing rule number: %s -- no src or dst (`%s\')'),
$flent['rulenum'],
$rule
));
return '';
}

if ($flent['protoid'] == '6' || $flent['protoid'] == '17') { // TCP or UDP if ($flent['protoid'] == '6' || $flent['protoid'] == '17') { // TCP or UDP
$flent['srcport'] = $rule_data[$field++]; $flent['srcport'] = $rule_data[$field++];
$flent['dstport'] = $rule_data[$field++]; $flent['dstport'] = $rule_data[$field++];
Expand All @@ -192,11 +211,7 @@ function parse_filter_line($line)
$flent['options'] = explode(";",$rule_data[$field++]); $flent['options'] = explode(";",$rule_data[$field++]);
} }
} elseif ($flent['protoid'] == '1') { // ICMP } elseif ($flent['protoid'] == '1') { // ICMP
$flent['src'] = $flent['srcip'];
$flent['dst'] = $flent['dstip'];

$flent['icmp_type'] = $rule_data[$field++]; $flent['icmp_type'] = $rule_data[$field++];

switch ($flent['icmp_type']) { switch ($flent['icmp_type']) {
case 'request': case 'request':
case 'reply': case 'reply':
Expand Down Expand Up @@ -245,19 +260,6 @@ function parse_filter_line($line)
$flent['version'] = $rule_data[$field++]; $flent['version'] = $rule_data[$field++];
$flent['advskew'] = $rule_data[$field++]; $flent['advskew'] = $rule_data[$field++];
$flent['advbase'] = $rule_data[$field++]; $flent['advbase'] = $rule_data[$field++];
} else { // e.g. IGMP, simply write src/dst as we are IP
$flent['src'] = $flent['srcip'];
$flent['dst'] = $flent['dstip'];
}

/* If there isn't a src, a dst, or a time, then the line is unusable/bad */
if (trim($flent['src']) == '' || trim($flent['dst']) == '' || trim($flent['time']) == '') {
log_error(sprintf(
gettext("There was a error parsing rule: %s -- no src or test or time (`%s')"),
$flent['rulenum'],
$rule
));
return '';
} }


return $flent; return $flent;
Expand Down

0 comments on commit 1b9a2f2

Please sign in to comment.