summaryrefslogtreecommitdiffstats
path: root/ulogd/extensions/ulogd_BASE.c
diff options
context:
space:
mode:
Diffstat (limited to 'ulogd/extensions/ulogd_BASE.c')
-rw-r--r--ulogd/extensions/ulogd_BASE.c267
1 files changed, 148 insertions, 119 deletions
diff --git a/ulogd/extensions/ulogd_BASE.c b/ulogd/extensions/ulogd_BASE.c
index 391ac59..5d4ef2f 100644
--- a/ulogd/extensions/ulogd_BASE.c
+++ b/ulogd/extensions/ulogd_BASE.c
@@ -1,11 +1,11 @@
-/* ulogd_MAC.c, Version $Revision: 1.5 $
+/* ulogd_MAC.c, Version $Revision: 1.6 $
*
* ulogd logging interpreter for MAC addresses, TIME, IP and TCP headers, etc.
*
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
* This software is released under the terms of GNU GPL
*
- * $Id: ulogd_BASE.c,v 1.5 2000/09/22 06:54:33 laforge Exp $
+ * $Id: ulogd_BASE.c,v 1.6 2000/09/26 06:25:02 laforge Exp $
*
*/
@@ -18,12 +18,19 @@
#include <linux/icmp.h>
#include <linux/udp.h>
-ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt)
+/***********************************************************************
+ * Raw header
+ ***********************************************************************/
+static ulog_iret_t mac_rets[1] = {
+ { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "raw.mac", NULL },
+};
+
+ulog_iret_t *_interp_mac(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
unsigned char *p;
int i;
char *buf;
- ulog_iret_t *ret;
+ ulog_iret_t *ret = ip->result;
if (pkt->mac_len) {
buf = (char *) malloc(3 * pkt->mac_len + 1);
@@ -32,201 +39,223 @@ ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt)
p = pkt->mac;
for (i = 0; i < pkt->mac_len; i++, p++)
sprintf(buf, "%s%02x%c", buf, *p, i==pkt->mac_len-1 ? ' ':':');
- ret = alloc_ret(ULOGD_RET_STRING,"raw.mac.addr");
- ret->value.ptr = buf;
+ ret[0].value.ptr = buf;
+ ret[0].flags |= ULOGD_RETF_VALID;
return ret;
}
return NULL;
}
-ulog_iret_t *_interp_time(ulog_packet_msg_t *pkt)
-{
- ulog_iret_t *ret, *ret2;
-
- ret = alloc_ret(ULOGD_RET_UINT32, "oob.time.sec");
- ret2 = alloc_ret(ULOGD_RET_UINT32, "oob.time.usec");
-
- ret->value.ui32 = pkt->timestamp_sec;
- ret->next = ret2;
+/***********************************************************************
+ * OUT OF BAND
+ ***********************************************************************/
- ret2->value.ui32 = pkt->timestamp_usec;
-
- return ret;
-}
+static ulog_iret_t oob_rets[] = {
+ { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.prefix", NULL },
+ { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.sec", NULL },
+ { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.usec", NULL },
+ { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.mark", NULL },
+};
-ulog_iret_t *_interp_prefix(ulog_packet_msg_t *pkt)
+ulog_iret_t *_interp_oob(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
- ulog_iret_t *ret;
-
- ret = alloc_ret(ULOGD_RET_STRING, "oob.prefix");
- ret->value.ptr = malloc(sizeof(pkt->prefix));
- strcpy(ret->value.ptr, pkt->prefix);
+ ulog_iret_t *ret = ip->result;
+
+ ret[0].value.ptr = pkt->prefix;
+ ret[0].flags |= ULOGD_RETF_VALID;
+ ret[1].value.ui32 = pkt->timestamp_sec;
+ ret[1].flags |= ULOGD_RETF_VALID;
+ ret[2].value.ui32 = pkt->timestamp_usec;
+ ret[2].flags |= ULOGD_RETF_VALID;
+ ret[3].value.ui32 = pkt->mark;
+ ret[3].flags |= ULOGD_RETF_VALID;
return ret;
}
-ulog_iret_t *_interp_mark(ulog_packet_msg_t *pkt)
-{
- ulog_iret_t *ret;
-
- ret = alloc_ret(ULOGD_RET_UINT32, "oob.mark");
- ret->value.ui32 = pkt->mark;
-
- return ret;
-}
+/***********************************************************************
+ * IP HEADER
+ ***********************************************************************/
+
+static ulog_iret_t iphdr_rets[] = {
+ { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.saddr", 0 },
+ { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.daddr", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.protocol", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.tos", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ttl", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.totlen", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ihl", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.csum", 0 },
+};
-ulog_iret_t *_interp_iphdr(ulog_packet_msg_t *pkt)
+ulog_iret_t *_interp_iphdr(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
- ulog_iret_t *ret, *ret2;
+ ulog_iret_t *ret = ip->result;
struct iphdr *iph = (struct iphdr *) pkt->payload;
- ret = alloc_ret(ULOGD_RET_IPADDR, "ip.hdr.saddr");
- ret->value.ui32 = ntohl(iph->saddr);
-
- ret->next = ret2 = alloc_ret(ULOGD_RET_IPADDR, "ip.hdr.daddr");
- ret2->value.ui32 = ntohl(iph->daddr);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.protocol");
- ret2->value.ui8 = iph->protocol;
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.tos");
- ret2->value.ui8 = ntohs(iph->tos);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.ttl");
- ret2->value.ui8 = iph->ttl;
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "ip.hdr.tot_len");
- ret2->value.ui16 = ntohs(iph->tot_len);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.ihl");
- ret2->value.ui8 = iph->ihl;
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "ip.hdr.csum");
- ret2->value.ui16 = ntohs(iph->check);
+ ret[0].value.ui32 = ntohl(iph->saddr);
+ ret[0].flags |= ULOGD_RETF_VALID;
+ ret[1].value.ui32 = ntohl(iph->daddr);
+ ret[1].flags |= ULOGD_RETF_VALID;
+ ret[2].value.ui8 = iph->protocol;
+ ret[2].flags |= ULOGD_RETF_VALID;
+ ret[3].value.ui8 = ntohs(iph->tos);
+ ret[3].flags |= ULOGD_RETF_VALID;
+ ret[4].value.ui8 = iph->ttl;
+ ret[4].flags |= ULOGD_RETF_VALID;
+ ret[5].value.ui16 = ntohs(iph->tot_len);
+ ret[5].flags |= ULOGD_RETF_VALID;
+ ret[6].value.ui8 = iph->ihl;
+ ret[6].flags |= ULOGD_RETF_VALID;
+ ret[7].value.ui16 = ntohs(iph->check);
+ ret[7].flags |= ULOGD_RETF_VALID;
return ret;
}
-ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt)
+/***********************************************************************
+ * TCP HEADER
+ ***********************************************************************/
+static ulog_iret_t tcphdr_rets[] = {
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.sport", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.dport", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.seq", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.ackseq", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.window", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.urg", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.urgp", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.ack", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.psh", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.rst", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.syn", 0 },
+ { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.fin", 0 },
+};
+
+ulog_iret_t *_interp_tcphdr(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
struct iphdr *iph = (struct iphdr *) pkt->payload;
void *protoh = (u_int32_t *)iph + iph->ihl;
struct tcphdr *tcph = (struct tcphdr *) protoh;
- ulog_iret_t *ret, *ret2;
+ ulog_iret_t *ret = ip->result;
if (iph->protocol != IPPROTO_TCP)
return NULL;
- ret = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport");
- ret->value.ui16 = ntohs(tcph->source);
-
- ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.dport");
- ret2->value.ui16 = ntohs(tcph->dest);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.seq");
- ret2->value.ui32 = ntohl(tcph->seq);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.ack_seq");
- ret2->value.ui32 = ntohl(tcph->ack_seq);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.window");
- ret2->value.ui16 = ntohs(tcph->window);
-
+ ret[0].value.ui16 = ntohs(tcph->source);
+ ret[0].flags |= ULOGD_RETF_VALID;
+ ret[1].value.ui16 = ntohs(tcph->dest);
+ ret[1].flags |= ULOGD_RETF_VALID;
+ ret[2].value.ui32 = ntohl(tcph->seq);
+ ret[2].flags |= ULOGD_RETF_VALID;
+ ret[3].value.ui32 = ntohl(tcph->ack_seq);
+ ret[3].flags |= ULOGD_RETF_VALID;
+ ret[4].value.ui16 = ntohs(tcph->window);
+ ret[4].flags |= ULOGD_RETF_VALID;
if (tcph->urg) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.urg");
- ret2->value.b = 1;
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.urgp");
- ret2->value.ui16 = ntohs(tcph->urg_ptr);
+ ret[5].value.b = tcph->urg;
+ ret[5].flags |= ULOGD_RETF_VALID;
+ ret[6].value.ui16 = ntohs(tcph->urg_ptr);
+ ret[6].flags |= ULOGD_RETF_VALID;
}
if (tcph->ack) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.ack");
- ret2->value.b = 1;
+ ret[7].value.b = tcph->ack;
+ ret[7].flags |= ULOGD_RETF_VALID;
}
if (tcph->psh) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.psh");
- ret2->value.b = 1;
+ ret[8].value.b = tcph->psh;
+ ret[8].flags |= ULOGD_RETF_VALID;
}
if (tcph->rst) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.rst");
- ret2->value.b = 1;
+ ret[9].value.b = tcph->rst;
+ ret[9].flags |= ULOGD_RETF_VALID;
}
if (tcph->syn) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.syn");
- ret2->value.b = 1;
+ ret[10].value.b = tcph->syn;
+ ret[10].flags |= ULOGD_RETF_VALID;
}
if (tcph->fin) {
- ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.fin");
- ret2->value.b = 1;
+ ret[11].value.b = tcph->fin;
+ ret[11].flags |= ULOGD_RETF_VALID;
}
return ret;
}
-ulog_iret_t *_interp_udp(ulog_packet_msg_t *pkt)
+/***********************************************************************
+ * UDP HEADER
+ ***********************************************************************/
+static ulog_iret_t udphdr_rets[] = {
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.sport", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.dport", 0 },
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "upd.len", 0 },
+};
+ulog_iret_t *_interp_udp(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
struct iphdr *iph = (struct iphdr *) pkt->payload;
void *protoh = (u_int32_t *)iph + iph->ihl;
struct udphdr *udph = protoh;
- ulog_iret_t *ret, *ret2;
+ ulog_iret_t *ret = ip->result;
if (iph->protocol != IPPROTO_UDP)
return NULL;
- ret = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.sport");
- ret->value.ui16 = ntohs(udph->source);
-
- ret2 = ret->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.dport");
- ret2->value.ui16 = ntohs(udph->dest);
-
- ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.len");
- ret2->value.ui16 = ntohs(udph->len);
+ ret[0].value.ui16 = ntohs(udph->source);
+ ret[0].flags |= ULOGD_RETF_VALID;
+ ret[1].value.ui16 = ntohs(udph->dest);
+ ret[1].flags |= ULOGD_RETF_VALID;
+ ret[2].value.ui16 = ntohs(udph->len);
+ ret[2].flags |= ULOGD_RETF_VALID;
return ret;
}
-ulog_iret_t *_interp_icmp(ulog_packet_msg_t *pkt)
+/***********************************************************************
+ * ICMP HEADER
+ ***********************************************************************/
+
+static ulog_iret_t icmphdr_rets[] = {
+ { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.type", 0 },
+};
+
+ulog_iret_t *_interp_icmp(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt)
{
struct iphdr *iph = (struct iphdr *) pkt->payload;
void *protoh = (u_int32_t *) (iph + iph->ihl);
struct icmphdr *icmph = protoh;
- ulog_iret_t *ret;
+ ulog_iret_t *ret = ip->result;
if (iph->protocol != IPPROTO_ICMP)
return NULL;
- ret = alloc_ret(ULOGD_RET_UINT8, "icmp.hdr.type");
- ret->value.ui8 = icmph->type;
+ ret[0].value.ui8 = icmph->type;
+ ret[0].flags |= ULOGD_RETF_VALID;
return ret;
}
-
-static ulog_interpreter_t base_ip[] = {
-
- { NULL, "raw.mac", &_interp_mac },
- { NULL, "oob.time", &_interp_time },
- { NULL, "oob.prefix", &_interp_prefix },
- { NULL, "oob.mark", &_interp_mark },
- { NULL, "ip.hdr", &_interp_iphdr },
- { NULL, "tcp.hdr", &_interp_tcphdr },
- { NULL, "icmp.hdr", &_interp_icmp },
- { NULL, "udp.hdr", &_interp_udp },
- { NULL, "", NULL },
+static ulog_interpreter_t base_ip[] = {
+ { NULL, "raw", 0, &_interp_mac, 1, &mac_rets },
+ { NULL, "oob", 0, &_interp_oob, 4, &oob_rets },
+ { NULL, "ip", 0, &_interp_iphdr, 8, &iphdr_rets },
+ { NULL, "tcp", 0, &_interp_tcphdr, 12, &tcphdr_rets },
+ { NULL, "icmp", 0, &_interp_icmp, 1, &icmphdr_rets },
+ { NULL, "udp", 0, &_interp_udp, 3, &udphdr_rets },
+ { NULL, "", 0, NULL, 0, { NULL } },
};
+
void _base_reg_ip(void)
{
ulog_interpreter_t *ip = base_ip;
ulog_interpreter_t *p;
- for (p = ip; p->interp; p++)
+ for (p = ip; p->interp; p++) {
register_interpreter(p);
+ }
}
-
void _init(void)
{
_base_reg_ip();