diff --git a/jc/parsers/netstat.py b/jc/parsers/netstat.py index 363a50f1..7ddaa1ca 100644 --- a/jc/parsers/netstat.py +++ b/jc/parsers/netstat.py @@ -264,74 +264,77 @@ def process(proc_data): [ { - "proto": string, - "recv_q": integer, - "send_q": integer, - "transport_protocol" string, - "network_protocol": string, - "local_address": string, - "local_port": string, - "local_port_num": integer, - "foreign_address": string, - "foreign_port": string, - "foreign_port_num": integer, - "state": string, - "program_name": string, - "pid": integer, - "user": string, - "security_context": string, - "refcnt": integer, - "flags": string, - "type": string, - "inode": integer, - "path": string, - "kind": string, - "address": string, - "osx_inode": string, - "conn": string, - "refs": string, - "nextref": string, - "name": string, - "unit": integer, - "vendor": integer, - "class": integer, - "subcla": integer, - "osx_flags": integer, - "pcbcount": integer, - "rcvbuf": integer, - "sndbuf": integer, - "rxbytes": integer, - "txbytes": integer, - "destination": string, - "gateway": string, - "route_flags": string, - "route_refs": integer, - "use": integer, - "mtu": integer, - "expire": string, - "genmask": string, - "mss": integer, - "window": integer, - "irtt": integer, - "iface": string, - "metric": integer, - "network": string, - "address": string, - "ipkts": integer, - = null - "ierrs": integer, - = null - "idrop": integer, - = null - "opkts": integer, - = null - "oerrs": integer, - = null - "coll": integer, - = null - "rx_ok": integer, - "rx_err": integer, - "rx_drp": integer, - "rx_ovr": integer, - "tx_ok": integer, - "tx_err": integer, - "tx_drp": integer, - "tx_ovr": integer, - "flg": string + "proto": string, + "recv_q": integer, + "send_q": integer, + "transport_protocol" string, + "network_protocol": string, + "local_address": string, + "local_port": string, + "local_port_num": integer, + "foreign_address": string, + "foreign_port": string, + "foreign_port_num": integer, + "state": string, + "program_name": string, + "pid": integer, + "user": string, + "security_context": string, + "refcnt": integer, + "flags": string, + "type": string, + "inode": integer, + "path": string, + "kind": string, + "address": string, + "osx_inode": string, + "conn": string, + "refs": string, + "nextref": string, + "name": string, + "unit": integer, + "vendor": integer, + "class": integer, + "subcla": integer, + "osx_flags": integer, + "pcbcount": integer, + "rcvbuf": integer, + "sndbuf": integer, + "rxbytes": integer, + "txbytes": integer, + "destination": string, + "gateway": string, + "route_flags": string, + "route_flags_pretty": [ + string, + ] + "route_refs": integer, + "use": integer, + "mtu": integer, + "expire": string, + "genmask": string, + "mss": integer, + "window": integer, + "irtt": integer, + "iface": string, + "metric": integer, + "network": string, + "address": string, + "ipkts": integer, - = null + "ierrs": integer, - = null + "idrop": integer, - = null + "opkts": integer, - = null + "oerrs": integer, - = null + "coll": integer, - = null + "rx_ok": integer, + "rx_err": integer, + "rx_drp": integer, + "rx_ovr": integer, + "tx_ok": integer, + "tx_err": integer, + "tx_drp": integer, + "tx_ovr": integer, + "flg": string } ] """ diff --git a/jc/parsers/netstat_linux.py b/jc/parsers/netstat_linux.py index 92e0ffa3..9a764c16 100644 --- a/jc/parsers/netstat_linux.py +++ b/jc/parsers/netstat_linux.py @@ -152,6 +152,29 @@ def parse_post(raw_data): else: entry['network_protocol'] = 'ipv4' + # add route_flags_pretty + # Flag mapping from https://www.man7.org/linux/man-pages/man8/route.8.html + if 'route_flags' in entry: + flag_map = { + 'U': 'UP', + 'H': 'HOST', + 'G': 'GATEWAY', + 'R': 'REINSTATE', + 'D': 'DYNAMIC', + 'M': 'MODIFIED', + 'A': 'ADDRCONF', + 'C': 'CACHE', + '!': 'REJECT' + } + + pretty_flags = [] + + for flag in entry['route_flags']: + if flag in flag_map: + pretty_flags.append(flag_map[flag]) + + entry['route_flags_pretty'] = pretty_flags + return raw_data diff --git a/jc/parsers/netstat_osx.py b/jc/parsers/netstat_osx.py index 3d1edbce..a95d3aaf 100644 --- a/jc/parsers/netstat_osx.py +++ b/jc/parsers/netstat_osx.py @@ -1,4 +1,4 @@ -"""jc - JSON CLI output utility OSX netstat Parser""" +"""jc - JSON CLI output utility OSX and FreeBSD netstat Parser""" def normalize_headers(header): @@ -86,6 +86,41 @@ def parse_post(raw_data): else: entry['network_protocol'] = 'ipv4' + # add route_flags_pretty field + if 'route_flags' in entry: + flag_map = { + '1': 'PROTO1', + '2': 'PROTO2', + '3': 'PROTO3', + 'B': 'BLACKHOLE', + 'b': 'BROADCAST', + 'C': 'CLONING', + 'c': 'PRCLONING', + 'D': 'DYNAMIC', + 'G': 'GATEWAY', + 'H': 'HOST', + 'I': 'IFSCOPE', + 'i': 'IFREF', + 'L': 'LLINFO', + 'M': 'MODIFIED', + 'm': 'MULTICAST', + 'R': 'REJECT', + 'r': 'ROUTER', + 'S': 'STATIC', + 'U': 'UP', + 'W': 'WASCLONED', + 'X': 'XRESOLVE', + 'Y': 'PROXY', + } + + pretty_flags = [] + + for flag in entry['route_flags']: + if flag in flag_map: + pretty_flags.append(flag_map[flag]) + + entry['route_flags_pretty'] = pretty_flags + return raw_data