#!/bin/bash
#
# FIAIF is an Intelligent firewall
#
# description: Convert syslog entries logged by FIAIF to human readable form.
#
# Script Author:	Anders Fugmann <afu at fugmann dot net>
# 
# FIAIF is an Intelligent firewall
# Copyright (C) 2002-2011 Anders Peter Fugmann
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

shopt -s extglob

source /usr/share/fiaif/constants.sh
source /etc/fiaif/fiaif.conf 
source /usr/share/fiaif/iptables.sh
source /usr/share/fiaif/functions.sh
source /usr/share/fiaif/zones.sh

function scan ()
{
    local LINE="$@"
    local REASON DATE DEV_IN DEV_OUT MAC SRC DST PROTO SPT DPT TYPE TCP_FLAGS

    declare -a TMP_ARRAY=( $@ )
    DATE="${TMP_ARRAY[0]} ${TMP_ARRAY[1]} ${TMP_ARRAY[2]}"
    REASON=${TMP_ARRAY[5]%:*}
    DEV_IN=${TMP_ARRAY[5]#*=}
    DEV_OUT=${TMP_ARRAY[6]#*=}

    local I
    TCP_FLAGS=""
    for (( I=8;I<${#TMP_ARRAY[*]};I++ )); do
	# Dont process ICMP packets
	if [[ -z "${TMP_ARRAY[I]%[*}" ]]; then
	    break
	fi

	if [[ "${TMP_ARRAY[I]%=*}" != "${TMP_ARRAY[I]#*=}" ]]; then
	    declare "${TMP_ARRAY[I]%=*}"="${TMP_ARRAY[I]#*=}" 
	else
	    if [[ "${TMP_ARRAY[I]}" != "DF" ]]; then 
		TCP_FLAGS="${TCP_FLAGS}${TMP_ARRAY[I]} "
	    fi
	fi

    done

    echo -ne "$DATE: ${REASON} queue="
    #Convert device to zones.
    get_zone_name ${DEV_IN} ${SRC}
    ZONE_IN=${RESULT}
    get_zone_name ${DEV_OUT} ${DST}
    ZONE_OUT=${RESULT}

    local CHAIN 
    if [[ -n "${DEV_IN}" ]]; then 
	if [[ -n "${DEV_OUT}" ]]; then
	    CHAIN="FORWARD"
	    echo -n "FORWARD(${ZONE_IN}->${ZONE_OUT})" 
	else 
	    echo -n "INPUT(${ZONE_IN})" 
	    CHAIN="INPUT"
	fi	
    elif [[ -n "${DEV_OUT}" ]]; then
	CHAIN="OUTPUT"
        echo -n "OUTPUT(${ZONE_OUT})" 
    fi

    if [[ -n "${PROTO}" ]]; then
	echo -n " protocol=${PROTO}"
    fi

    if (( RESOLVE == 1 )); then
    	get_host_name ${SRC}
    	SRC=${RESULT}
    	get_host_name ${DST}
    	DST=${RESULT}
    fi

    if (( SERVICE == 1 )) && [[ "${PROTO}" == "TCP" || "${PROTO}" == "UDP" ]]; then
	    get_service_name ${PROTO} ${SPT} 
	    SPT=${RESULT}	
	    get_service_name ${PROTO} ${DPT} 
	    DPT=${RESULT}
    fi
    
    if [[ -n "${SRC}" ]]; then
	echo -n " source=${SRC}"
	if [[ -n "${SPT}" ]]; then
	    echo -n ":${SPT}"
	fi
    fi

    if [[ -n "${DST}" ]]; then
	echo -n " destination=${DST}"
	if [[ -n "${DPT}" ]]; then
	    echo -n ":${DPT}"
	fi
    fi
        
    if [[ "${PROTO}" == "TCP" ]]; then
        echo -n " flags='${TCP_FLAGS}'"
    fi

    if [[ "${PROTO}" == "ICMP" ]]; then
	echo -n " type=${TYPE}"
    fi

    if (( PRINT_MAC == 1 )); then 
	echo -n " mac: ${MAC}"
    fi
    
    echo
}

# Damn bash. We really needed this to be in a function, but declare 
# only declares locally to functions.
for ZONE in ${ZONES}; do
    read_zone ${ZONE}
    if (( $? != 0 )); then
	continue
    fi
    declare ${ZONE}_DEV="${DEV}"
    declare ${ZONE}_IP="${IP}"
    declare ${ZONE}_DYNAMIC="${DYNAMIC}"
    declare ${ZONE}_BCAST="${BCAST}"
    declare ${ZONE}_NETS="${NET} ${NET_EXTRA}"	
done

RESOLVE=1
SERVICE=0
PRINT_MAC=0
for OPTION in $@; do
    case ${OPTION} in
	-n)
	    RESOLVE=0
	    SERVICE=0
	    ;;
	-m)
	    PRINT_MAC=1
	    ;;
	-s)
	    SERVICE=1
	    RESOLVE=0
	    ;;
    esac
done

# Main loop.
grep -e "[A-Z_]*: *IN=" | while read line; do
    scan $line
done
