update log

62970123 · NGUYEN Do Duc Anh · b21af716 · 62970123 · 62970123
Commit 62970123 authored 1 month ago by NGUYEN Do Duc Anh
--- a/simple-IDS/rules.ml
+++ b/simple-IDS/rules.ml
@@ -2,6 +2,9 @@ let log = Logs.Src.create "rules" ~doc:"IDS rules management"

 module Log = (val Logs.src_log log : Logs.LOG)

+let print_red s = Log.app (fun f -> f "\027[48;5;196m\027[38;5;232m%s\027[48;5;0m\027[38;5;255m" s)
+let print_green s = Log.app (fun f -> f "\027[48;5;118m\027[38;5;232m%s\027[48;5;0m\027[38;5;255m" s)
+
 (* flow option *)
 type flow = TO_CLIENT | TO_SERVER | FROM_CLIENT | FROM_SERVER | ESTABLISHED | NOT_ESTABLISHED | STATELESS | ONLY_STREAM | ONLY_FRAG | NO_FRAG

@@ -360,6 +363,7 @@ let is_match_rule : t -> Ipv4_packet.t * Cstruct.t -> bool =
           && is_match_smb packet
           && is_match_option ipv4_hdr.src p_psrc ipv4_hdr.dst p_pdst ipv4_hdr.Ipv4_packet.proto option packet ->
        Log.warn (fun f -> f "Alert a packet from %a to %a..." Ipaddr.V4.pp p_src Ipaddr.V4.pp p_dst);
+        Log.app (fun f -> f "\027[48;5;196m\027[38;5;232m[ALERT]: an attacker %a attempts to %a \027[48;5;0m\027[38;5;255m" Ipaddr.V4.pp p_src Ipaddr.V4.pp p_dst);
        (* Logs.warn (fun f -> f "Packet data: %a" Cstruct.hexdump_pp packet); *)
        true
    (* If the packet matches (ICMP, TCP, UDP), conditions, no consider rule option and has an alert action *)

--- a/simple-fw/rules.ml
+++ b/simple-fw/rules.ml
@@ -2,6 +2,8 @@ let log = Logs.Src.create "rules" ~doc:"FW rules management"

 module Log = (val Logs.src_log log : Logs.LOG)

+let count = ref 5
+
 type decision = ACCEPT | DROP
 (* TODO:
   | ESTABLISHED
@@ -147,6 +149,7 @@ let update_rule frame t =
      if action = None then Log.err (fun f -> f "Cannot recognize rule: %s" (rule_to_string r))
      else (
        Log.info (fun f -> f "Recognized rule: %s" (rule_to_string r));
+        Log.app (fun f -> f "\027[48;5;118m\027[38;5;232mRecognized rule: %s\027[48;5;0m\027[38;5;255m" (rule_to_string r));
        t.l <- List.append [ r ] t.l);
      false)
    else (
@@ -207,6 +210,13 @@ let filter t (ipv4_hdr, packet) =
           && is_matching_port packet ipv4_hdr.Ipv4_packet.proto psrc pdst
           (* TODO: also check the ports :) *) ->
        Log.debug (fun f -> f "Filter out a packet from %a to %a..." Ipaddr.V4.pp ipv4_hdr.src Ipaddr.V4.pp ipv4_hdr.dst);
+        count := !count-1 ;
+        if (!count>0) then (
+          Log.app (fun f -> f "\027[48;5;118m\027[38;5;232mFilter out a packet from %a to %a\027[48;5;0m\027[38;5;255m" Ipaddr.V4.pp ipv4_hdr.src Ipaddr.V4.pp ipv4_hdr.dst)
+        );
+        if (!count = 0) then (
+          Log.app (fun f -> f "\027[48;5;118m\027[38;5;232m...\027[48;5;0m\027[38;5;255m")
+        );
        false
    (* Or finally the packet does not match the condition *)
    | _ :: tail -> apply_rules default (ipv4_hdr, packet) tail