From b7e75a6deea1ecd0cfe306815f83985b4f39e38b Mon Sep 17 00:00:00 2001 From: laforge Date: Wed, 2 Aug 2000 08:41:55 +0000 Subject: Initial revision --- ulogd/extensions/ulogd_BASE.c | 216 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 ulogd/extensions/ulogd_BASE.c (limited to 'ulogd/extensions') diff --git a/ulogd/extensions/ulogd_BASE.c b/ulogd/extensions/ulogd_BASE.c new file mode 100644 index 0000000..6c9876e --- /dev/null +++ b/ulogd/extensions/ulogd_BASE.c @@ -0,0 +1,216 @@ +/* ulogd_MAC.c, Version $Revision$ + * + * ulogd logging interpreter for MAC addresses, TIME, etc. + * + * (C) 2000 by Harald Welte + * This software is released under the terms of GNU GPL + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] + + +ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt) +{ + unsigned char *p; + int i; + char *buf; + ulog_iret_t *ret; + + if (pkt->mac_len) + { + buf = (char *) malloc(3 * pkt->mac_len + 1); + *buf = 0; + + p = pkt->mac; + for (i = 0; i < pkt->mac_len; i++, p++) + sprintf(buf, "%s%02x%c", buf, *p, i==pkt->mac_len-1 ? ' ':':'); + ret = alloc_ret(ULOGD_RET_STRING,"raw.mac.addr"); + ret->value = buf; + return ret; + + } + return NULL; +} + +ulog_iret_t *_interp_time(ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret, *ret2; + unsigned long *ptr; + + ret = alloc_ret(ULOGD_RET_UINT64, "oob.time.sec"); + ret2 = alloc_ret(ULOGD_RET_UINT64, "oob.time.usec"); + + ptr = (unsigned long *) malloc(sizeof(unsigned long)); + *ptr = pkt->timestamp_sec; + ret->value = ptr; + ret->next = ret2; + + ptr = (unsigned long *) malloc (sizeof(unsigned long)); + *ptr = pkt->timestamp_usec; + ret2->value = ptr; + + return ret; +} + +ulog_iret_t *_interp_prefix(ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret; + + ret = alloc_ret(ULOGD_RET_STRING, "oob.prefix"); + ret->value = malloc(sizeof(pkt->prefix)); + strcpy(ret->value, pkt->prefix); + + return ret; +} + +ulog_iret_t *_interp_mark(ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret; + u_int32_t *mk; + + ret = alloc_ret(ULOGD_RET_UINT32, "oob.mark"); + mk = (u_int32_t *) malloc(sizeof(u_int32_t)); + *mk = pkt->mark; + ret->value = mk; + + return ret; +} + +ulog_iret_t *_interp_iphdr(ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret, *ret2; + struct iphdr *iph = (struct iphdr *) pkt->payload; + u_int32_t *ip; + u_int8_t *ui8; + u_int16_t *ui16; + + ret = alloc_ret(ULOGD_RET_IPADDR, "ip.hdr.saddr"); + ip = malloc(sizeof(u_int32_t)); + *ip = iph->saddr; + ret->value = ip; + + ret->next = ret2 = alloc_ret(ULOGD_RET_IPADDR, "ip.hdr.daddr"); + ip = malloc(sizeof(u_int32_t)); + *ip = iph->daddr; + ret2->value = ip; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.protocol"); + ui8 = malloc(sizeof(u_int8_t)); + *ui8 = iph->protocol; + ret2->value = ui8; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.tos"); + ui8 = malloc(sizeof(u_int8_t)); + *ui8 = ntohs(iph->tos); + ret2->value = ui8; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.ttl"); + ui8 = malloc(sizeof(u_int8_t)); + *ui8 = iph->ttl; + ret2->value = ui8; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "ip.hdr.tot_len"); + ui16 = malloc(sizeof(u_int16_t)); + *ui16 = ntohs(iph->tot_len); + ret2->value = ui16; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT8, "ip.hdr.ihl"); + ui8 = malloc(sizeof(u_int8_t)); + *ui8 = iph->ihl; + ret2->value = ui8; + + return ret; +} + +ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + struct tcphdr *tcph = (struct tcphdr *) (iph + iph->ihl); + ulog_iret_t *ret, *ret2; + u_int16_t *ui16; + u_int32_t *ui32; + + if (iph->protocol != IPPROTO_TCP) + return NULL; + + ret = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); + ui16 = malloc(sizeof(u_int16_t)); + *ui16 = ntohs(tcph->source); + ret->value = ui16; + + ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); + ui16 = malloc(sizeof(u_int16_t)); + *ui16 = ntohs(tcph->dest); + ret2->value = ui16; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.seq"); + ui32 = malloc(sizeof(u_int32_t)); + *ui32 = ntohl(tcph->seq); + ret2->value = ui32; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.ack_seq"); + ui32 = malloc(sizeof(u_int32_t)); + *ui32 = ntohl(tcph->ack_seq); + ret2->value = ui32; + + + return ret; +} + +ulog_iret_t *_interp_icmp(ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + struct icmphdr *icmph = (struct icmphdr *) (iph + iph->ihl); + ulog_iret_t *ret, *ret2; + u_int8_t *ui8; + + if (iph->protocol != IPPROTO_ICMP) + return NULL; + + ret = alloc_ret(ULOGD_RET_UINT8, "icmp.hdr.type"); + ui8 = malloc(sizeof(u_int8_t)); + *ui8 = icmph->type; + ret->value = ui8; + + return ret; + +} + +static ulog_interpreter_t base_ip[] = { + + { NULL, "raw.mac", &_interp_mac }, + { NULL, "oob.time", &_interp_time }, + { NULL, "oob.prefix", &_interp_prefix }, + { NULL, "oob.mark", &_interp_mark }, + { NULL, "ip.hdr", &_interp_iphdr }, + { NULL, "tcp.hdr", &_interp_tcphdr }, + { NULL, "icmp.hdr", &_interp_icmp }, + { NULL, "", NULL }, +}; + +void _init(void) +{ + ulog_interpreter_t *ip = base_ip; + ulog_interpreter_t *p; + + for (p = ip; p->interp; p++) + { + register_interpreter(p); + } + +} -- cgit v1.2.3