diff options
| author | laforge <laforge> | 2004-07-23 03:22:16 +0000 |
|---|---|---|
| committer | laforge <laforge> | 2004-07-23 03:22:16 +0000 |
| commit | 2dc0dd85c2e851e9b2dacd9dfaa40c70cc61ff95 (patch) | |
| tree | 18d1d23e47b5142ede938165c616bbc942f14bd5 /extensions | |
| parent | e67fb3fbdc6ac83e884d9741e3b4a759b1bd8c5f (diff) | |
further tree reorganization
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/chtons.h | 32 | ||||
| -rw-r--r-- | extensions/printpkt.c | 275 | ||||
| -rw-r--r-- | extensions/printpkt.h | 7 | ||||
| -rw-r--r-- | extensions/ulogd_LOGEMU.c | 130 | ||||
| -rw-r--r-- | extensions/ulogd_OPRINT.c | 141 | ||||
| -rw-r--r-- | extensions/ulogd_PWSNIFF.c | 160 | ||||
| -rw-r--r-- | extensions/ulogd_SYSLOG.c | 149 |
7 files changed, 0 insertions, 894 deletions
diff --git a/extensions/chtons.h b/extensions/chtons.h deleted file mode 100644 index 4506e33..0000000 --- a/extensions/chtons.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _CHTONS_H_ -#define _CHTONS_H_ - -#include <endian.h> - -#if __BYTE_ORDER == __BIG_ENDIAN -# define BITNR(X) ((X)^31) -# if !defined(__constant_htonl) -# define __constant_htonl(x) (x) -# endif -# if !defined(__constant_htons) -# define __constant_htons(x) (x) -# endif -#elif __BYTE_ORDER == __LITTLE_ENDIAN -# define BITNR(X) ((X)^7) -# if !defined(__constant_htonl) -# define __constant_htonl(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -# endif -# if !defined(__constant_htons) -# define __constant_htons(x) \ - ((unsigned short int)((((unsigned short int)(x) & 0x00ff) << 8) | \ - (((unsigned short int)(x) & 0xff00) >> 8))) -# endif -#else -# error "Don't know if bytes are big- or little-endian!" -#endif - -#endif diff --git a/extensions/printpkt.c b/extensions/printpkt.c deleted file mode 100644 index a8cbf03..0000000 --- a/extensions/printpkt.c +++ /dev/null @@ -1,275 +0,0 @@ -/* printpkt.c - * - * build something looking like a iptables LOG message - * - * (C) 2000-2003 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id: printpkt.c,v 1.1 2003/10/10 15:56:37 laforge Exp $ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <time.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <arpa/inet.h> -#include <netinet/ip.h> -#include <netinet/ip_icmp.h> -#include <ulogd/ulogd.h> -#include <ulogd/conffile.h> - -#ifndef HOST_NAME_MAX -#warning this libc does not define HOST_NAME_MAX -#define HOST_NAME_MAX (255+1) -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -struct intr_id { - char* name; - unsigned int id; -}; - -static char hostname[HOST_NAME_MAX+1]; - -#define INTR_IDS 35 -static struct intr_id intr_ids[INTR_IDS] = { - { "oob.time.sec", 0 }, - { "oob.prefix", 0 }, - { "oob.in", 0 }, - { "oob.out", 0 }, - { "raw.mac", 0 }, - { "ip.saddr", 0 }, - { "ip.daddr", 0 }, - { "ip.totlen", 0 }, - { "ip.tos", 0 }, - { "ip.ttl", 0 }, - { "ip.id", 0 }, - { "ip.fragoff", 0 }, - { "ip.protocol", 0 }, - { "tcp.sport", 0 }, - { "tcp.dport", 0 }, - { "tcp.seq", 0 }, - { "tcp.ackseq", 0 }, - { "tcp.window", 0 }, - { "tcp.urg", 0 }, - { "tcp.ack", 0 }, - { "tcp.psh", 0 }, - { "tcp.rst", 0 }, - { "tcp.syn", 0 }, - { "tcp.fin", 0 }, - { "tcp.urgp", 0 }, - { "udp.sport", 0 }, - { "udp.dport", 0 }, - { "udp.len", 0 }, - { "icmp.type", 0 }, - { "icmp.code", 0 }, - { "icmp.echoid", 0 }, - { "icmp.echoseq", 0 }, - { "icmp.gateway", 0 }, - { "icmp.fragmtu", 0 }, - { "ahesp.spi", 0 }, -}; - -#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags - -int printpkt_print(ulog_iret_t *res, char *buf, int prefix) -{ - char *timestr; - char *tmp; - time_t now; - - char *buf_cur = buf; - - if (prefix) { - now = (time_t) GET_VALUE(0).ui32; - timestr = ctime(&now) + 4; - - /* truncate time */ - if ((tmp = strchr(timestr, '\n'))) - *tmp = '\0'; - - /* truncate hostname */ - if ((tmp = strchr(hostname, '.'))) - *tmp = '\0'; - - /* print time and hostname */ - buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname); - } - - if (*(char *) GET_VALUE(1).ptr) - buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(1).ptr); - - buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", - (char *) GET_VALUE(2).ptr, - (char *) GET_VALUE(3).ptr); - - /* FIXME: configurable */ - buf_cur += sprintf(buf_cur, "MAC=%s ", - (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : ""); - - buf_cur += sprintf(buf_cur, "SRC=%s ", - inet_ntoa((struct in_addr) {htonl(GET_VALUE(5).ui32)})); - buf_cur += sprintf(buf_cur, "DST=%s ", - inet_ntoa((struct in_addr) {htonl(GET_VALUE(6).ui32)})); - - buf_cur += sprintf(buf_cur,"LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", - GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK, - GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8, - GET_VALUE(10).ui16); - - if (GET_VALUE(10).ui16 & IP_RF) - buf_cur += sprintf(buf_cur, "CE "); - - if (GET_VALUE(11).ui16 & IP_DF) - buf_cur += sprintf(buf_cur, "DF "); - - if (GET_VALUE(11).ui16 & IP_MF) - buf_cur += sprintf(buf_cur, "MF "); - - if (GET_VALUE(11).ui16 & IP_OFFMASK) - buf_cur += sprintf(buf_cur, "FRAG:%u ", - GET_VALUE(11).ui16 & IP_OFFMASK); - - switch (GET_VALUE(12).ui8) { - - case IPPROTO_TCP: - buf_cur += sprintf(buf_cur, "PROTO=TCP "); - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u ", - GET_VALUE(13).ui16, GET_VALUE(14).ui16); - /* FIXME: config */ - buf_cur += sprintf(buf_cur, "SEQ=%u ACK=%u ", - GET_VALUE(15).ui32, GET_VALUE(16).ui32); - - buf_cur += sprintf(buf_cur, "WINDOW=%u ", GET_VALUE(17).ui16); - -// buf_cur += sprintf(buf_cur, "RES=0x%02x ", - - if (GET_VALUE(18).b) - buf_cur += sprintf(buf_cur, "URG "); - - if (GET_VALUE(19).b) - buf_cur += sprintf(buf_cur, "ACK "); - - if (GET_VALUE(20).b) - buf_cur += sprintf(buf_cur, "PSH "); - - if (GET_VALUE(21).b) - buf_cur += sprintf(buf_cur, "RST "); - - if (GET_VALUE(22).b) - buf_cur += sprintf(buf_cur, "SYN "); - - if (GET_VALUE(23).b) - buf_cur += sprintf(buf_cur, "FIN "); - - buf_cur += sprintf(buf_cur, "URGP=%u ", GET_VALUE(24).ui16); - - break; - case IPPROTO_UDP: - - buf_cur += sprintf(buf_cur, "PROTO=UDP "); - - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u LEN=%u ", - GET_VALUE(25).ui16, GET_VALUE(26).ui16, - GET_VALUE(27).ui16); - break; - case IPPROTO_ICMP: - - buf_cur += sprintf(buf_cur, "PROTO=ICMP "); - - buf_cur += sprintf(buf_cur, "TYPE=%u CODE=%u ", - GET_VALUE(28).ui8, GET_VALUE(29).ui8); - - switch (GET_VALUE(28).ui8) { - case ICMP_ECHO: - case ICMP_ECHOREPLY: - buf_cur += sprintf(buf_cur, "ID=%u SEQ=%u ", - GET_VALUE(30).ui16, - GET_VALUE(31).ui16); - break; - case ICMP_PARAMETERPROB: - buf_cur += sprintf(buf_cur, "PARAMETER=%u ", - GET_VALUE(32).ui32 >> 24); - break; - case ICMP_REDIRECT: - buf_cur += sprintf(buf_cur, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); - break; - case ICMP_DEST_UNREACH: - if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED) - buf_cur += sprintf(buf_cur, "MTU=%u ", - GET_VALUE(33).ui16); - break; - } - break; - case IPPROTO_ESP: - case IPPROTO_AH: - buf_cur += sprintf(buf_cur, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH"); - /* FIXME: "INCOMPLETE [%u bytes]" in case of short pkt */ - if (intr_ids[34].id > 0) { - buf_cur += sprintf(buf_cur, "SPI=0x%x ", GET_VALUE(34).ui32); - } - break; - default: - - buf_cur += sprintf(buf_cur, "PROTO=%u ", GET_VALUE(11).ui8); - } - strcat(buf_cur, "\n"); - - return 0; -} - -/* get all key id's for the keys we are intrested in */ -static int get_ids(void) -{ - int i; - struct intr_id *cur_id; - - for (i = 0; i < INTR_IDS; i++) { - cur_id = &intr_ids[i]; - cur_id->id = keyh_getid(cur_id->name); - if (!cur_id->id) { - ulogd_log(ULOGD_ERROR, - "Cannot resolve keyhash id for %s\n", - cur_id->name); - return 1; - } - } - return 0; -} - -int printpkt_init(void) -{ - if (gethostname(hostname, sizeof(hostname)) < 0) { - ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", - strerror(errno)); - exit(2); - } - - if (get_ids()) - return 1; - - return 0; -} diff --git a/extensions/printpkt.h b/extensions/printpkt.h deleted file mode 100644 index ce42de4..0000000 --- a/extensions/printpkt.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef _PRINTPKT_H -#define _PRINTPKT_H - -int printpkt_print(ulog_iret_t *res, char *buf, int prefix); -int printpkt_init(void); - -#endif diff --git a/extensions/ulogd_LOGEMU.c b/extensions/ulogd_LOGEMU.c deleted file mode 100644 index 049bcd4..0000000 --- a/extensions/ulogd_LOGEMU.c +++ /dev/null @@ -1,130 +0,0 @@ -/* ulogd_LOGEMU.c, Version $Revision: 1.15 $ - * - * ulogd output target for syslog logging emulation - * - * This target produces a file which looks the same like the syslog-entries - * of the LOG target. - * - * (C) 2000-2001 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <ulogd/ulogd.h> -#include <ulogd/conffile.h> -#include "printpkt.c" - -#ifndef ULOGD_LOGEMU_DEFAULT -#define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" -#endif - -#ifndef ULOGD_LOGEMU_SYNC_DEFAULT -#define ULOGD_LOGEMU_SYNC_DEFAULT 0 -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -static config_entry_t syslogf_ce = { NULL, "file", CONFIG_TYPE_STRING, - CONFIG_OPT_NONE, 0, - { string: ULOGD_LOGEMU_DEFAULT } }; - -static config_entry_t syslsync_ce = { &syslogf_ce, "sync", - CONFIG_TYPE_INT, CONFIG_OPT_NONE, 0, - { value: ULOGD_LOGEMU_SYNC_DEFAULT } - }; - -static FILE *of = NULL; - -static int _output_logemu(ulog_iret_t *res) -{ - static char buf[4096]; - - printpkt_print(res, buf, 1); - - fprintf(of, "%s", buf); - - if (syslsync_ce.u.value) - fflush(of); - - return 0; -} - -static void signal_handler_logemu(int signal) -{ - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "syslogemu: reopening logfile\n"); - fclose(of); - of = fopen(syslogf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", - strerror(errno)); - exit(2); - } - break; - default: - break; - } -} - - -static int init_logemu(void) { -#ifdef DEBUG_LOGEMU - of = stdout; -#else - of = fopen(syslogf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", - strerror(errno)); - exit(2); - } -#endif - if (printpkt_init()) { - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - } - - return 1; -} - -static void fini_logemu(void) { - if (of != stdout) - fclose(of); -} - -static ulog_output_t logemu_op = { - .name = "syslogemu", - .init = &init_logemu, - .fini = &fini_logemu, - .output = &_output_logemu, - .signal = &signal_handler_logemu, -}; - -void _init(void) -{ - /* FIXME: error handling */ - config_parse_file("LOGEMU", &syslsync_ce); - - register_output(&logemu_op); -} diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c deleted file mode 100644 index 186e3c9..0000000 --- a/extensions/ulogd_OPRINT.c +++ /dev/null @@ -1,141 +0,0 @@ -/* ulogd_MAC.c, Version $Revision: 1.9 $ - * - * ulogd output target for logging to a file - * - * (C) 2000-2001 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ulogd/ulogd.h> -#include <ulogd/conffile.h> - -#ifndef ULOGD_OPRINT_DEFAULT -#define ULOGD_OPRINT_DEFAULT "/var/log/ulogd.pktlog" -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -#define HIPQUAD(addr) \ - ((unsigned char *)&addr)[3], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[0] - -static FILE *of = NULL; - -static int _output_print(ulog_iret_t *res) -{ - ulog_iret_t *ret; - - fprintf(of, "===>PACKET BOUNDARY\n"); - for (ret = res; ret; ret = ret->cur_next) { - fprintf(of,"%s=", ret->key); - switch (ret->type) { - case ULOGD_RET_STRING: - fprintf(of, "%s\n", (char *) ret->value.ptr); - break; - case ULOGD_RET_BOOL: - case ULOGD_RET_INT8: - case ULOGD_RET_INT16: - case ULOGD_RET_INT32: - fprintf(of, "%d\n", ret->value.i32); - break; - case ULOGD_RET_UINT8: - case ULOGD_RET_UINT16: - case ULOGD_RET_UINT32: - fprintf(of, "%u\n", ret->value.ui32); - break; - case ULOGD_RET_IPADDR: - fprintf(of, "%u.%u.%u.%u\n", - HIPQUAD(ret->value.ui32)); - break; - case ULOGD_RET_NONE: - fprintf(of, "<none>"); - break; - } - } - return 0; -} - -static config_entry_t outf_ce = { NULL, "file", CONFIG_TYPE_STRING, - CONFIG_OPT_NONE, 0, - { string: ULOGD_OPRINT_DEFAULT } }; - -static void sighup_handler_print(int signal) -{ - - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "PKTLOG: reopening logfile\n"); - fclose(of); - of = fopen(outf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", - strerror(errno)); - exit(2); - } - break; - default: - break; - } -} - -static int oprint_init(void) -{ -#ifdef DEBUG - of = stdout; -#else - config_parse_file("OPRINT", &outf_ce); - - of = fopen(outf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", - strerror(errno)); - exit(2); - } -#endif - return 0; -} - -static void oprint_fini(void) -{ - if (of != stdout) - fclose(of); - - return; -} - -static ulog_output_t oprint_op = { - .name = "oprint", - .output = &_output_print, - .signal = &sighup_handler_print, - .init = &oprint_init, - .fini = &oprint_fini, -}; - -void _init(void) -{ - register_output(&oprint_op); -} diff --git a/extensions/ulogd_PWSNIFF.c b/extensions/ulogd_PWSNIFF.c deleted file mode 100644 index 7c2cb65..0000000 --- a/extensions/ulogd_PWSNIFF.c +++ /dev/null @@ -1,160 +0,0 @@ -/* ulogd_PWSNIFF.c, Version $Revision: 1.9 $ - * - * ulogd logging interpreter for POP3 / FTP like plaintext passwords. - * - * (C) 2000-2003 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id: ulogd_PWSNIFF.c,v 1.9 2003/08/23 13:02:11 laforge Exp $ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/socket.h> -#include <netinet/ip.h> -#include <netinet/in.h> -#include <netinet/tcp.h> -#include "chtons.h" -#include <ulogd/ulogd.h> - -#ifdef DEBUG_PWSNIFF -#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) -#else -#define DEBUGP(format, args...) -#endif - - -#define PORT_POP3 110 -#define PORT_FTP 21 - -static u_int16_t pwsniff_ports[] = { - __constant_htons(PORT_POP3), - __constant_htons(PORT_FTP), - /* feel free to include any other ports here, provided that their - * user/password syntax is the same */ -}; - -#define PWSNIFF_MAX_PORTS 2 - -static char *_get_next_blank(char* begp, char *endp) -{ - char *ptr; - - for (ptr = begp; ptr < endp; ptr++) { - if (*ptr == ' ' || *ptr == '\n' || *ptr == '\r') { - return ptr-1; - } - } - return NULL; -} - -static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *pkt) -{ - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *)iph + iph->ihl; - struct tcphdr *tcph = protoh; - u_int32_t tcplen = ntohs(iph->tot_len) - iph->ihl * 4; - unsigned char *ptr, *begp, *pw_begp, *endp, *pw_endp; - ulog_iret_t *ret = ip->result; - int len, pw_len, i, cont = 0; - - len = pw_len = 0; - begp = pw_begp = NULL; - - if (iph->protocol != IPPROTO_TCP) - return NULL; - - for (i = 0; i < PWSNIFF_MAX_PORTS; i++) - { - if (tcph->dest == pwsniff_ports[i]) { - cont = 1; - break; - } - } - if (!cont) - return NULL; - - DEBUGP("----> pwsniff detected, tcplen=%d, struct=%d, iphtotlen=%d, ihl=%d\n", tcplen, sizeof(struct tcphdr), ntohs(iph->tot_len), iph->ihl); - - for (ptr = (unsigned char *) tcph + sizeof(struct tcphdr); - ptr < (unsigned char *) tcph + tcplen; ptr++) - { - if (!strncasecmp(ptr, "USER ", 5)) { - begp = ptr+5; - endp = _get_next_blank(begp, (char *)tcph + tcplen); - if (endp) - len = endp - begp + 1; - } - if (!strncasecmp(ptr, "PASS ", 5)) { - pw_begp = ptr+5; - pw_endp = _get_next_blank(pw_begp, - (char *)tcph + tcplen); - if (pw_endp) - pw_len = pw_endp - pw_begp + 1; - } - } - - if (len) { - ret[0].value.ptr = (char *) malloc(len+1); - ret[0].flags |= ULOGD_RETF_VALID; - if (!ret[0].value.ptr) { - ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", len); - return NULL; - } - strncpy(ret[0].value.ptr, begp, len); - *((char *)ret[0].value.ptr + len + 1) = '\0'; - } - if (pw_len) { - ret[1].value.ptr = (char *) malloc(pw_len+1); - ret[1].flags |= ULOGD_RETF_VALID; - if (!ret[1].value.ptr){ - ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", pw_len); - return NULL; - } - strncpy(ret[1].value.ptr, pw_begp, pw_len); - *((char *)ret[1].value.ptr + pw_len + 1) = '\0'; - - } - return ret; -} - -static ulog_iret_t pwsniff_rets[] = { - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.user", - { ptr: NULL } }, - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.pass", - { ptr: NULL } }, -}; -static ulog_interpreter_t base_ip[] = { - - { NULL, "pwsniff", 0, &_interp_pwsniff, 2, pwsniff_rets }, - { NULL, "", 0, NULL, 0, NULL }, -}; -void _base_reg_ip(void) -{ - ulog_interpreter_t *ip = base_ip; - ulog_interpreter_t *p; - - for (p = ip; p->interp; p++) - register_interpreter(p); - -} - - -void _init(void) -{ - _base_reg_ip(); -} diff --git a/extensions/ulogd_SYSLOG.c b/extensions/ulogd_SYSLOG.c deleted file mode 100644 index cb87fa9..0000000 --- a/extensions/ulogd_SYSLOG.c +++ /dev/null @@ -1,149 +0,0 @@ -/* ulogd_SYSLOG.c, Version $Revision: 1.15 $ - * - * ulogd output target for real syslog() logging - * - * This target produces a syslog entries identical to the LOG target. - * - * (C) 2003 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <syslog.h> -#include <ulogd/ulogd.h> -#include <ulogd/conffile.h> -#include "printpkt.h" - -#ifndef SYSLOG_FACILITY_DEFAULT -#define SYSLOG_FACILITY_DEFAULT "LOG_KERN" -#endif - -#ifndef SYSLOG_LEVEL_DEFAULT -#define SYSLOG_LEVEL_DEFAULT "LOG_NOTICE" -#endif - -static config_entry_t facility_ce = { - .key = "facility", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = SYSLOG_FACILITY_DEFAULT } -}; - -static config_entry_t level_ce = { - .next = &facility_ce, - .key = "level", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_NONE, - .u = { .string = SYSLOG_LEVEL_DEFAULT } -}; - -static int syslog_level, syslog_facility; - -static int _output_syslog(ulog_iret_t *res) -{ - static char buf[4096]; - - printpkt_print(res, buf, 0); - syslog(syslog_level|syslog_facility, buf); - - return 0; -} - -static int syslog_init(void) -{ - /* FIXME: error handling */ - config_parse_file("SYSLOG", &level_ce); - - if (!strcmp(facility_ce.u.string, "LOG_DAEMON")) - syslog_facility = LOG_DAEMON; - else if (!strcmp(facility_ce.u.string, "LOG_KERN")) - syslog_facility = LOG_KERN; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL0")) - syslog_facility = LOG_LOCAL0; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL1")) - syslog_facility = LOG_LOCAL1; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL2")) - syslog_facility = LOG_LOCAL2; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL3")) - syslog_facility = LOG_LOCAL3; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL4")) - syslog_facility = LOG_LOCAL4; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL5")) - syslog_facility = LOG_LOCAL5; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL6")) - syslog_facility = LOG_LOCAL6; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL7")) - syslog_facility = LOG_LOCAL7; - else if (!strcmp(facility_ce.u.string, "LOG_USER")) - syslog_facility = LOG_USER; - else { - ulogd_log(ULOGD_FATAL, "unknown facility '%s'\n", - facility_ce.u.string); - exit(2); - } - - if (!strcmp(level_ce.u.string, "LOG_EMERG")) - syslog_level = LOG_EMERG; - else if (!strcmp(level_ce.u.string, "LOG_ALERT")) - syslog_level = LOG_ALERT; - else if (!strcmp(level_ce.u.string, "LOG_CRIT")) - syslog_level = LOG_CRIT; - else if (!strcmp(level_ce.u.string, "LOG_ERR")) - syslog_level = LOG_ERR; - else if (!strcmp(level_ce.u.string, "LOG_WARNING")) - syslog_level = LOG_WARNING; - else if (!strcmp(level_ce.u.string, "LOG_NOTICE")) - syslog_level = LOG_NOTICE; - else if (!strcmp(level_ce.u.string, "LOG_INFO")) - syslog_level = LOG_INFO; - else if (!strcmp(level_ce.u.string, "LOG_DEBUg")) - syslog_level = LOG_DEBUG; - else { - ulogd_log(ULOGD_FATAL, "unknown level '%s'\n", - facility_ce.u.string); - exit(2); - } - - openlog("ulogd", LOG_NDELAY|LOG_PID, syslog_facility); - - return 0; -} - -static void syslog_fini(void) -{ - closelog(); -} - -static ulog_output_t syslog_op = { - .name = "syslog", - .init = &syslog_init, - .fini = &syslog_fini, - .output &_output_syslog -}; - - -void _init(void) -{ - if (printpkt_init()) - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - - register_output(&syslog_op); -} |