From 3b1c87cc39c7fd24b71d7d5fe79264398087f756 Mon Sep 17 00:00:00 2001 From: laforge Date: Mon, 14 Aug 2000 08:28:23 +0000 Subject: various bugfixes (tcp interpreter), output for boolean type --- extensions/ulogd_BASE.c | 73 +++++++++++++++++++++++++++++++++++++++++------ extensions/ulogd_OPRINT.c | 7 ++++- 2 files changed, 71 insertions(+), 9 deletions(-) (limited to 'extensions') diff --git a/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c index 8506d42..e0b1e1f 100644 --- a/extensions/ulogd_BASE.c +++ b/extensions/ulogd_BASE.c @@ -1,11 +1,11 @@ -/* ulogd_MAC.c, Version $Revision: 1.1 $ +/* ulogd_MAC.c, Version $Revision: 1.2 $ * * ulogd logging interpreter for MAC addresses, TIME, etc. * * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_BASE.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $ + * $Id: ulogd_BASE.c,v 1.2 2000/08/02 12:15:44 laforge Exp $ * */ @@ -16,6 +16,7 @@ #include #include #include +#include ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt) { @@ -108,7 +109,8 @@ ulog_iret_t *_interp_iphdr(ulog_packet_msg_t *pkt) ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) { struct iphdr *iph = (struct iphdr *) pkt->payload; - struct tcphdr *tcph = (struct tcphdr *) (iph + iph->ihl); + void *protoh = (u_int32_t *)iph + iph->ihl; + struct tcphdr *tcph = (struct tcphdr *) protoh; ulog_iret_t *ret, *ret2; if (iph->protocol != IPPROTO_TCP) @@ -117,14 +119,67 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) ret = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); ret->value.ui16 = ntohs(tcph->source); - ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport"); - ret->value.ui16 = ntohs(tcph->dest); + ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.dport"); + ret2->value.ui16 = ntohs(tcph->dest); ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.seq"); - ret->value.ui32 = ntohl(tcph->seq); + ret2->value.ui32 = ntohl(tcph->seq); ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.ack_seq"); - ret->value.ui32 = ntohl(tcph->ack_seq); + ret2->value.ui32 = ntohl(tcph->ack_seq); + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.window"); + ret2->value.ui16 = ntohs(tcph->window); + + if (tcph->urg) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.urg"); + ret2->value.b = 1; + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.urgp"); + ret2->value.ui16 = ntohs(tcph->urg_ptr); + } + if (tcph->ack) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.ack"); + ret2->value.b = 1; + } + if (tcph->psh) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.psh"); + ret2->value.b = 1; + } + if (tcph->rst) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.rst"); + ret2->value.b = 1; + } + if (tcph->syn) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.syn"); + ret2->value.b = 1; + } + if (tcph->fin) { + ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.fin"); + ret2->value.b = 1; + } + + return ret; +} + +ulog_iret_t *_interp_udp(ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct udphdr *udph = protoh; + ulog_iret_t *ret, *ret2; + + if (iph->protocol != IPPROTO_UDP) + return NULL; + + ret = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.sport"); + ret->value.ui16 = ntohs(udph->source); + + ret2 = ret->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.dport"); + ret2->value.ui16 = ntohs(udph->dest); + + ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.len"); + ret2->value.ui16 = ntohs(udph->len); return ret; } @@ -132,7 +187,8 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt) ulog_iret_t *_interp_icmp(ulog_packet_msg_t *pkt) { struct iphdr *iph = (struct iphdr *) pkt->payload; - struct icmphdr *icmph = (struct icmphdr *) (iph + iph->ihl); + void *protoh = (u_int32_t *) (iph + iph->ihl); + struct icmphdr *icmph = protoh; ulog_iret_t *ret, *ret2; if (iph->protocol != IPPROTO_ICMP) @@ -155,6 +211,7 @@ static ulog_interpreter_t base_ip[] = { { NULL, "ip.hdr", &_interp_iphdr }, { NULL, "tcp.hdr", &_interp_tcphdr }, { NULL, "icmp.hdr", &_interp_icmp }, + { NULL, "udp.hdr", &_interp_udp }, { NULL, "", NULL }, }; void _base_reg_ip(void) diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c index ea6d885..19fbd7b 100644 --- a/extensions/ulogd_OPRINT.c +++ b/extensions/ulogd_OPRINT.c @@ -5,7 +5,7 @@ * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $ + * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 12:16:00 laforge Exp $ * */ @@ -42,6 +42,7 @@ int _output_print(ulog_iret_t *res) case ULOGD_RET_STRING: fprintf(of, "%s\n", (char *) ret->value.ptr); break; + case ULOGD_RET_BOOL: case ULOGD_RET_INT8: fprintf(of, "%d\n", ret->value.i8); break; @@ -89,11 +90,15 @@ void _base_reg_op(void) void _init(void) { +#ifdef DEBUG + of = stdout; +#else of = fopen(ULOGD_OPRINT_FILE, "a"); if (!of) { ulogd_error("ulogd_OPRINT: can't open PKTLOG: %s\n", strerror(errno)); exit(2); } +#endif _base_reg_op(); } -- cgit v1.2.3