diff options
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | extensions/ulogd_BASE.c | 73 | ||||
-rw-r--r-- | extensions/ulogd_OPRINT.c | 7 | ||||
-rw-r--r-- | include/ulogd/ulogd.h | 11 | ||||
-rw-r--r-- | ulogd.c | 10 |
6 files changed, 89 insertions, 20 deletions
@@ -1,14 +1,14 @@ # Path of libipulog (from iptables) LIBIPULOG=../libipulog +INCIPULOG=-I../libipulog/include # Names of the plugins to be compiled ULOGD_SL:=BASE OPRINT - # Normally You should not need to change anything below # CC = gcc -CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall +CFLAGS = -I. -g -Wall $(INCIPULOG) SH_CFLAGS:=$(CFLAGS) -fPIC SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so) @@ -21,7 +21,7 @@ $(SHARED_LIBS): %.so: %_sh.o %_sh.o: %.c gcc $(SH_CFLAGS) -o $@ -c $< -ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h +ulogd: ulogd.c $(LIBIPULOG) ulogd.h $(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd clean: @@ -1,7 +1,7 @@ ===> CONECEPT I want to write a flexible, almost universal logging daemon for my netfilter -ULOG target. These are my thoughts about how the architecture which is most capable of doing that: +ULOG target. It is not optimized in any way, the goal is to keep as simple as possible. These are my thoughts about how the architecture which is most capable of doing that: 1. Interpreter lugins diff --git a/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c index 8506d42..e0b1e1f 100644 --- a/extensions/ulogd_BASE.c +++ b/extensions/ulogd_BASE.c @@ -1,11 +1,11 @@ -/* ulogd_MAC.c, Version $Revision: 1.1 $ +/* ulogd_MAC.c, Version $Revision: 1.2 $ * * ulogd logging interpreter for MAC addresses, TIME, etc. * * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> * This software is released under the terms of GNU GPL * - * $Id: ulogd_BASE.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $ + * $Id: ulogd_BASE.c,v 1.2 2000/08/02 12:15:44 laforge Exp $ * */ @@ -16,6 +16,7 @@ #include <linux/in.h> #include <linux/tcp.h> #include <linux/icmp.h> +#include <linux/udp.h> ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt) { @@ -108,7 +109,8 @@ ulog_iret_t *_interp_iphdr(ulog_packet_msg_t *pkt) ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) { struct iphdr *iph = (struct iphdr *) pkt->payload; - struct tcphdr *tcph = (struct tcphdr *) (iph + iph->ihl); + void *protoh = (u_int32_t *)iph + iph->ihl; + struct tcphdr *tcph = (struct tcphdr *) protoh; ulog_iret_t *ret, *ret2; if (iph->protocol != IPPROTO_TCP) @@ -117,14 +119,67 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) ret = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); ret->value.ui16 = ntohs(tcph->source); - ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); - ret->value.ui16 = ntohs(tcph->dest); + ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.dport"); + ret2->value.ui16 = ntohs(tcph->dest); ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.seq"); - ret->value.ui32 = ntohl(tcph->seq); + ret2->value.ui32 = ntohl(tcph->seq); ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.ack_seq"); - ret->value.ui32 = ntohl(tcph->ack_seq); + ret2->value.ui32 = ntohl(tcph->ack_seq); + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.window"); + ret2->value.ui16 = ntohs(tcph->window); + + if (tcph->urg) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.urg"); + ret2->value.b = 1; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.urgp"); + ret2->value.ui16 = ntohs(tcph->urg_ptr); + } + if (tcph->ack) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.ack"); + ret2->value.b = 1; + } + if (tcph->psh) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.psh"); + ret2->value.b = 1; + } + if (tcph->rst) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.rst"); + ret2->value.b = 1; + } + if (tcph->syn) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.syn"); + ret2->value.b = 1; + } + if (tcph->fin) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.fin"); + ret2->value.b = 1; + } + + return ret; +} + +ulog_iret_t *_interp_udp(ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct udphdr *udph = protoh; + ulog_iret_t *ret, *ret2; + + if (iph->protocol != IPPROTO_UDP) + return NULL; + + ret = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.sport"); + ret->value.ui16 = ntohs(udph->source); + + ret2 = ret->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.dport"); + ret2->value.ui16 = ntohs(udph->dest); + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.len"); + ret2->value.ui16 = ntohs(udph->len); return ret; } @@ -132,7 +187,8 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) ulog_iret_t *_interp_icmp(ulog_packet_msg_t *pkt) { struct iphdr *iph = (struct iphdr *) pkt->payload; - struct icmphdr *icmph = (struct icmphdr *) (iph + iph->ihl); + void *protoh = (u_int32_t *) (iph + iph->ihl); + struct icmphdr *icmph = protoh; ulog_iret_t *ret, *ret2; if (iph->protocol != IPPROTO_ICMP) @@ -155,6 +211,7 @@ static ulog_interpreter_t base_ip[] = { { NULL, "ip.hdr", &_interp_iphdr }, { NULL, "tcp.hdr", &_interp_tcphdr }, { NULL, "icmp.hdr", &_interp_icmp }, + { NULL, "udp.hdr", &_interp_udp }, { NULL, "", NULL }, }; void _base_reg_ip(void) diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c index ea6d885..19fbd7b 100644 --- a/extensions/ulogd_OPRINT.c +++ b/extensions/ulogd_OPRINT.c @@ -5,7 +5,7 @@ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> * This software is released under the terms of GNU GPL * - * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $ + * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 12:16:00 laforge Exp $ * */ @@ -42,6 +42,7 @@ int _output_print(ulog_iret_t *res) case ULOGD_RET_STRING: fprintf(of, "%s\n", (char *) ret->value.ptr); break; + case ULOGD_RET_BOOL: case ULOGD_RET_INT8: fprintf(of, "%d\n", ret->value.i8); break; @@ -89,11 +90,15 @@ void _base_reg_op(void) void _init(void) { +#ifdef DEBUG + of = stdout; +#else of = fopen(ULOGD_OPRINT_FILE, "a"); if (!of) { ulogd_error("ulogd_OPRINT: can't open PKTLOG: %s\n", strerror(errno)); exit(2); } +#endif _base_reg_op(); } diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h index d1eb1fa..9ee0691 100644 --- a/include/ulogd/ulogd.h +++ b/include/ulogd/ulogd.h @@ -1,6 +1,6 @@ #ifndef _ULOGD_H #define _ULOGD_H -/* ulogd, Version $Revision: 1.2 $ +/* ulogd, Version $Revision: 1.3 $ * * first try of a logging daemon for my netfilter ULOG target * for the linux 2.4 netfilter subsystem. @@ -9,7 +9,7 @@ * * this code is released under the terms of GNU GPL * - * $Id: ulogd.h,v 1.2 2000/08/02 12:16:42 laforge Exp laforge $ + * $Id: ulogd.h,v 1.3 2000/08/02 12:20:55 laforge Exp $ */ #include <libipulog/libipulog.h> @@ -30,13 +30,17 @@ #define ULOGD_RET_UINT32 0x0013 #define ULOGD_RET_UINT64 0x0014 -#define ULOGD_RET_STRING 0x8020 +#define ULOGD_RET_BOOL 0x0050 #define ULOGD_RET_IPADDR 0x0100 /* types with lenght field*/ +#define ULOGD_RET_STRING 0x8020 +#define ULODG_RET_RAW 0x8030 + #define ULOGD_RET_OTHER 0xffff + #define ULOGD_MAX_KEYLEN 32 #define ulogd_error(format, args...) fprintf(logfile, format, ## args) @@ -48,6 +52,7 @@ typedef struct ulog_iret { u_int16_t type; char key[ULOGD_MAX_KEYLEN]; union { + u_int8_t b; u_int8_t ui8; u_int16_t ui16; u_int32_t ui32; @@ -1,4 +1,4 @@ -/* ulogd, Version $Revision: 1.4 $ +/* ulogd, Version $Revision: 1.5 $ * * first try of a logging daemon for my netfilter ULOG target * for the linux 2.4 netfilter subsystem. @@ -7,7 +7,7 @@ * * this code is released under the terms of GNU GPL * - * $Id: ulogd.c,v 1.4 2000/08/09 16:26:34 root Exp $ + * $Id: ulogd.c,v 1.5 2000/08/11 09:56:48 laforge Exp $ */ #include <stdio.h> @@ -224,13 +224,13 @@ int main(int argc, char* argv[]) exit(1); } +#ifndef DEBUG if (!fork()) { - /* fclose(stdout); fclose(stderr); - */ +#endif /* endless loop receiving packets and handling them over to * handle_packet */ @@ -246,8 +246,10 @@ int main(int argc, char* argv[]) ipulog_destroy_handle(h); free(buf); fclose(logfile); +#ifndef DEBUG } else { exit(0); } +#endif } |