diff options
Diffstat (limited to 'extensions/ulogd_LOGEMU.c')
-rw-r--r-- | extensions/ulogd_LOGEMU.c | 235 |
1 files changed, 10 insertions, 225 deletions
diff --git a/extensions/ulogd_LOGEMU.c b/extensions/ulogd_LOGEMU.c index ad8a3e6..d8a9b5f 100644 --- a/extensions/ulogd_LOGEMU.c +++ b/extensions/ulogd_LOGEMU.c @@ -1,4 +1,4 @@ -/* ulogd_LOGEMU.c, Version $Revision: 1.14 $ +/* ulogd_LOGEMU.c, Version $Revision: 1.15 $ * * ulogd output target for syslog logging emulation * @@ -20,7 +20,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * $Id: ulogd_LOGEMU.c,v 1.14 2003/09/12 09:00:21 laforge Exp $ + * $Id: ulogd_LOGEMU.c,v 1.15 2003/09/28 15:19:26 laforge Exp $ * */ @@ -28,15 +28,9 @@ #include <stdlib.h> #include <unistd.h> #include <string.h> -#include <time.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <arpa/inet.h> -#include <netinet/ip.h> -#include <netinet/ip_icmp.h> #include <ulogd/ulogd.h> #include <ulogd/conffile.h> +#include "printpkt.c" #ifndef ULOGD_LOGEMU_DEFAULT #define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" @@ -63,185 +57,13 @@ static config_entry_t syslsync_ce = { &syslogf_ce, "sync", static FILE *of = NULL; -static char hostname[255]; - -struct intr_id { - char* name; - unsigned int id; -}; - -#define INTR_IDS 35 -static struct intr_id intr_ids[INTR_IDS] = { - { "oob.time.sec", 0 }, - { "oob.prefix", 0 }, - { "oob.in", 0 }, - { "oob.out", 0 }, - { "raw.mac", 0 }, - { "ip.saddr", 0 }, - { "ip.daddr", 0 }, - { "ip.totlen", 0 }, - { "ip.tos", 0 }, - { "ip.ttl", 0 }, - { "ip.id", 0 }, - { "ip.fragoff", 0 }, - { "ip.protocol", 0 }, - { "tcp.sport", 0 }, - { "tcp.dport", 0 }, - { "tcp.seq", 0 }, - { "tcp.ackseq", 0 }, - { "tcp.window", 0 }, - { "tcp.urg", 0 }, - { "tcp.ack", 0 }, - { "tcp.psh", 0 }, - { "tcp.rst", 0 }, - { "tcp.syn", 0 }, - { "tcp.fin", 0 }, - { "tcp.urgp", 0 }, - { "udp.sport", 0 }, - { "udp.dport", 0 }, - { "udp.len", 0 }, - { "icmp.type", 0 }, - { "icmp.code", 0 }, - { "icmp.echoid", 0 }, - { "icmp.echoseq", 0 }, - { "icmp.gateway", 0 }, - { "icmp.fragmtu", 0 }, - { "ahesp.spi", 0 }, -}; - -#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags - int _output_logemu(ulog_iret_t *res) { - char *timestr; - char *tmp; - time_t now; - - now = (time_t) GET_VALUE(0).ui32; - timestr = ctime(&now) + 4; - - /* truncate time */ - if ((tmp = strchr(timestr, '\n'))) - *tmp = '\0'; - - /* truncate hostname */ - if ((tmp = strchr(hostname, '.'))) - *tmp = '\0'; - - /* print time and hostname */ - fprintf(of, "%.15s %s", timestr, hostname); - - - if (*(char *) GET_VALUE(1).ptr) - fprintf(of, " %s", (char *) GET_VALUE(1).ptr); - - fprintf(of," IN=%s OUT=%s ", - (char *) GET_VALUE(2).ptr, - (char *) GET_VALUE(3).ptr); - - /* FIXME: configurable */ - fprintf(of, "MAC=%s ", - (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : ""); - - fprintf(of, "SRC=%s ", inet_ntoa((struct in_addr) - {htonl(GET_VALUE(5).ui32)})); - fprintf(of, "DST=%s ", inet_ntoa((struct in_addr) - {htonl(GET_VALUE(6).ui32)})); - - fprintf(of, "LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", - GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK, - GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8, - GET_VALUE(10).ui16); - - if (GET_VALUE(10).ui16 & IP_RF) - fprintf(of, "CE "); - - if (GET_VALUE(11).ui16 & IP_DF) - fprintf(of, "DF "); - - if (GET_VALUE(11).ui16 & IP_MF) - fprintf(of, "MF "); - - if (GET_VALUE(11).ui16 & IP_OFFMASK) - fprintf(of, "FRAG:%u ", GET_VALUE(11).ui16 & IP_OFFMASK); - - switch (GET_VALUE(12).ui8) { - - case IPPROTO_TCP: - fprintf(of, "PROTO=TCP "); - fprintf(of, "SPT=%u DPT=%u ", GET_VALUE(13).ui16, - GET_VALUE(14).ui16); - /* FIXME: config */ - fprintf(of, "SEQ=%u ACK=%u ", GET_VALUE(15).ui32, - GET_VALUE(16).ui32); - - fprintf(of, "WINDOW=%u ", GET_VALUE(17).ui16); - -// fprintf(of, "RES=0x%02x ", - - if (GET_VALUE(18).b) - fprintf(of, "URG "); - - if (GET_VALUE(19).b) - fprintf(of, "ACK "); + static char buf[4096]; - if (GET_VALUE(20).b) - fprintf(of, "PSH "); + printpkt_print(res, buf, 1); - if (GET_VALUE(21).b) - fprintf(of, "RST "); - - if (GET_VALUE(22).b) - fprintf(of, "SYN "); - - if (GET_VALUE(23).b) - fprintf(of, "FIN "); - - fprintf(of, "URGP=%u ", GET_VALUE(24).ui16); - - break; - case IPPROTO_UDP: - - fprintf(of, "PROTO=UDP "); - - fprintf(of, "SPT=%u DPT=%u LEN=%u ", - GET_VALUE(25).ui16, GET_VALUE(26).ui16, - GET_VALUE(27).ui16); - break; - case IPPROTO_ICMP: - - fprintf(of, "PROTO=ICMP "); - - fprintf(of, "TYPE=%u CODE=%u ", GET_VALUE(28).ui8, - GET_VALUE(29).ui8); - - switch (GET_VALUE(28).ui8) { - case ICMP_ECHO: - case ICMP_ECHOREPLY: - fprintf(of, "ID=%u SEQ=%u ", - GET_VALUE(30).ui16, - GET_VALUE(31).ui16); - break; - case ICMP_PARAMETERPROB: - fprintf(of, "PARAMETER=%u ", - GET_VALUE(32).ui32 >> 24); - break; - case ICMP_REDIRECT: - fprintf(of, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); - break; - case ICMP_DEST_UNREACH: - if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED) - fprintf(of, "MTU=%u ", - GET_VALUE(33).ui16); - break; - } - break; - default: - - fprintf(of, "PROTO=%u ", GET_VALUE(11).ui8); - } - fprintf(of,"\n"); + fprintf(of, "%s", buf); if (syslsync_ce.u.value) fflush(of); @@ -249,25 +71,6 @@ int _output_logemu(ulog_iret_t *res) return 0; } -/* get all key id's for the keys we are intrested in */ -static int get_ids(void) -{ - int i; - struct intr_id *cur_id; - - for (i = 0; i < INTR_IDS; i++) { - cur_id = &intr_ids[i]; - cur_id->id = keyh_getid(cur_id->name); - if (!cur_id->id) { - ulogd_log(ULOGD_ERROR, - "Cannot resolve keyhash id for %s\n", - cur_id->name); - return 1; - } - } - return 0; -} - void sighup_handler_logemu(int signal) { switch (signal) { @@ -287,32 +90,14 @@ void sighup_handler_logemu(int signal) } -static ulog_output_t logemu_op[] = { - { NULL, "syslogemu", &_output_logemu, &sighup_handler_logemu }, - { NULL, "", NULL, NULL }, -}; - -/* register output plugin with ulogd */ -static void _logemu_reg_op(void) -{ - ulog_output_t *op = logemu_op; - ulog_output_t *p; - - for (p = op; p->output; p++) - register_output(p); -} +static ulog_output_t logemu_op = + { NULL, "syslogemu", &_output_logemu, &sighup_handler_logemu }; void _init(void) { /* FIXME: error handling */ config_parse_file("LOGEMU", &syslsync_ce); - if (gethostname(hostname, sizeof(hostname)) < 0) { - ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", - strerror(errno)); - exit(2); - } - #ifdef DEBUG_LOGEMU of = stdout; #else @@ -323,9 +108,9 @@ void _init(void) exit(2); } #endif - if (get_ids()) { + if (printpkt_init()) { ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); } - _logemu_reg_op(); + register_output(&logemu_op); } |