diff options
Diffstat (limited to 'ulogd/pcap/ulogd_PCAP.c')
-rw-r--r-- | ulogd/pcap/ulogd_PCAP.c | 286 |
1 files changed, 0 insertions, 286 deletions
diff --git a/ulogd/pcap/ulogd_PCAP.c b/ulogd/pcap/ulogd_PCAP.c deleted file mode 100644 index 686fe47..0000000 --- a/ulogd/pcap/ulogd_PCAP.c +++ /dev/null @@ -1,286 +0,0 @@ -/* ulogd_PCAP.c, Version $Revision$ - * - * ulogd output target for writing pcap-style files (like tcpdump) - * - * FIXME: descr. - * - * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <unistd.h> -#include <string.h> -#include <time.h> -#include <sys/time.h> -#include <sys/stat.h> -#include <pcap.h> -#include <ulogd/ulogd.h> -#include <ulogd/conffile.h> - -/* - * This is a timeval as stored in disk in a dumpfile. - * It has to use the same types everywhere, independent of the actual - * `struct timeval' - */ - -struct pcap_timeval { - int32_t tv_sec; /* seconds */ - int32_t tv_usec; /* microseconds */ -}; - -/* - * How a `pcap_pkthdr' is actually stored in the dumpfile. - * - * Do not change the format of this structure, in any way (this includes - * changes that only affect the length of fields in this structure), - * and do not make the time stamp anything other than seconds and - * microseconds (e.g., seconds and nanoseconds). Instead: - * - * introduce a new structure for the new format; - * - * send mail to "tcpdump-workers@tcpdump.org", requesting a new - * magic number for your new capture file format, and, when - * you get the new magic number, put it in "savefile.c"; - * - * use that magic number for save files with the changed record - * header; - * - * make the code in "savefile.c" capable of reading files with - * the old record header as well as files with the new record header - * (using the magic number to determine the header format). - * - * Then supply the changes to "patches@tcpdump.org", so that future - * versions of libpcap and programs that use it (such as tcpdump) will - * be able to read your new capture file format. - */ - -struct pcap_sf_pkthdr { - struct pcap_timeval ts; /* time stamp */ - uint32_t caplen; /* length of portion present */ - uint32_t len; /* length this packet (off wire) */ -}; - -#ifndef ULOGD_PCAP_DEFAULT -#define ULOGD_PCAP_DEFAULT "/var/log/ulogd.pcap" -#endif - -#ifndef ULOGD_PCAP_SYNC_DEFAULT -#define ULOGD_PCAP_SYNC_DEFAULT 0 -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -static config_entry_t pcapf_ce = { - .key = "file", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = ULOGD_PCAP_DEFAULT } -}; - -static config_entry_t pcapsync_ce = { - .next = &pcapf_ce, - .key = "sync", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_NONE, - .u = { .value = ULOGD_PCAP_SYNC_DEFAULT } -}; - -static FILE *of = NULL; - -struct intr_id { - char* name; - unsigned int id; -}; - -#define INTR_IDS 5 -static struct intr_id intr_ids[INTR_IDS] = { - { "raw.pkt", 0 }, - { "raw.pktlen", 0 }, - { "ip.totlen", 0 }, - { "oob.time.sec", 0 }, - { "oob.time.usec", 0 }, -}; - -#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags - -static int pcap_output(ulog_iret_t *res) -{ - struct pcap_sf_pkthdr pchdr; - - pchdr.caplen = GET_VALUE(1).ui32; - pchdr.len = GET_VALUE(2).ui32; - - if (GET_FLAGS(3) & ULOGD_RETF_VALID - && GET_FLAGS(4) & ULOGD_RETF_VALID) { - pchdr.ts.tv_sec = GET_VALUE(3).ui32; - pchdr.ts.tv_usec = GET_VALUE(4).ui32; - } else { - /* use current system time */ - struct timeval tv; - gettimeofday(&tv, NULL); - - pchdr.ts.tv_sec = tv.tv_sec; - pchdr.ts.tv_usec = tv.tv_usec; - } - - if (fwrite(&pchdr, sizeof(pchdr), 1, of) != 1) { - ulogd_log(ULOGD_ERROR, "Error during write: %s\n", - strerror(errno)); - return 1; - } - if (fwrite(GET_VALUE(0).ptr, pchdr.caplen, 1, of) != 1) { - ulogd_log(ULOGD_ERROR, "Error during write: %s\n", - strerror(errno)); - return 1; - } - - if (pcapsync_ce.u.value) - fflush(of); - - return 0; -} - -/* stolen from libpcap savefile.c */ -#define LINKTYPE_RAW 101 -#define TCPDUMP_MAGIC 0xa1b2c3d4 - -static int write_pcap_header(void) -{ - struct pcap_file_header pcfh; - int ret; - - pcfh.magic = TCPDUMP_MAGIC; - pcfh.version_major = PCAP_VERSION_MAJOR; - pcfh.version_minor = PCAP_VERSION_MINOR; - pcfh.thiszone = timezone; - pcfh.sigfigs = 0; - pcfh.snaplen = 65535; /* we don't know the length in advance */ - pcfh.linktype = LINKTYPE_RAW; - - ret = fwrite(&pcfh, sizeof(pcfh), 1, of); - fflush(of); - - return ret; -} - -/* get all key id's for the keys we are intrested in */ -static int get_ids(void) -{ - int i; - struct intr_id *cur_id; - - for (i = 0; i < INTR_IDS; i++) { - cur_id = &intr_ids[i]; - cur_id->id = keyh_getid(cur_id->name); - if (!cur_id->id) { - ulogd_log(ULOGD_ERROR, - "Cannot resolve keyhash id for %s\n", - cur_id->name); - return 1; - } - } - return 0; -} - -void append_create_outfile(void) { - struct stat st_dummy; - int exist = 0; - - if (stat(pcapf_ce.u.string, &st_dummy) == 0 && st_dummy.st_size > 0) { - exist = 1; - } - - if (!exist) { - of = fopen(pcapf_ce.u.string, "w"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open pcap file %s: %s\n", - pcapf_ce.u.string, strerror(errno)); - exit(2); - } - if (!write_pcap_header()) { - ulogd_log(ULOGD_FATAL, "can't write pcap header: %s\n", - strerror(errno)); - exit(2); - } - } else { - of = fopen(pcapf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open pcap file: %s\n", - strerror(errno)); - exit(2); - } - } -} - -static void pcap_signal_handler(int signal) -{ - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "pcap: reopening capture file\n"); - fclose(of); - append_create_outfile(); - break; - default: - break; - } -} - -static int pcap_init(void) -{ - /* FIXME: error handling */ - config_parse_file("PCAP", &pcapsync_ce); - -#ifdef DEBUG_PCAP - of = stdout; -#else - append_create_outfile(); -#endif - return 0; -} - -static void pcap_fini(void) -{ - if (of) - fclose(of); -} - -static ulog_output_t pcap_op = { - .name = "pcap", - .init = &pcap_init, - .fini = &pcap_fini, - .output = &pcap_output, - .signal = &pcap_signal_handler, -}; - -void _init(void) -{ - if (get_ids()) { - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - } - - register_output(&pcap_op); -} |