From 7181f929279bea55c8554a86b5cdec9d0c09a7cc Mon Sep 17 00:00:00 2001 From: laforge Date: Mon, 20 Nov 2000 11:43:22 +0000 Subject: huge reorganization for 0.9 - added hashtables everywhere - no more dynamic allocation for each packet - mysql output plugin - more keys in ulogd_BASE - moved libipulog into ulogd directory - introduced autoconf --- extensions/Makefile.in | 32 +++++ extensions/ulogd_BASE.c | 141 ++++++++++++++------- extensions/ulogd_LOGEMU.c | 38 +++--- extensions/ulogd_MYSQL.c | 298 +++++++++++++++++++++++++++++++++++++++++++++ extensions/ulogd_OPRINT.c | 27 ++-- extensions/ulogd_PWSNIFF.c | 20 +-- 6 files changed, 471 insertions(+), 85 deletions(-) create mode 100644 extensions/Makefile.in create mode 100644 extensions/ulogd_MYSQL.c (limited to 'extensions') diff --git a/extensions/Makefile.in b/extensions/Makefile.in new file mode 100644 index 0000000..bb185b1 --- /dev/null +++ b/extensions/Makefile.in @@ -0,0 +1,32 @@ +# + +# Normally You should not need to change anything below +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/conffile +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS+=$(foreach T,$(ULOGD_SL),ulogd_$(T).so) + +all: $(SHARED_LIBS) + +$(SHARED_LIBS): %.so: %_sh.o + ld -shared -o $@ $< + +%_sh.o: %.c + $(CC) $(SH_CFLAGS) -o $@ -c $< + +ulogd_MYSQL.so: ulogd_MYSQL_sh.o + ld -shared $(MYSQL_LDFLAGS) -o $@ $< + +ulogd_MYSQL_sh.o: ulogd_MYSQL.c + $(CC) $(MYSQL_CFLAGS) $(SH_CFLAGS) -o $@ -c $< + +clean: + rm -f $(SHARED_LIBS) *.o + +distclean: + rm -f Makefile + +install: all diff --git a/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c index a13d843..9d7e9b9 100644 --- a/extensions/ulogd_BASE.c +++ b/extensions/ulogd_BASE.c @@ -1,11 +1,20 @@ -/* ulogd_MAC.c, Version $Revision: 1.7 $ +/* ulogd_MAC.c, Version $Revision: 1.8 $ * - * ulogd logging interpreter for MAC addresses, TIME, IP and TCP headers, etc. + * ulogd interpreter plugin for + * o MAC addresses + * o NFMARK field + * o TIME + * o Interface names + * o IP header + * o TCP header + * o UDP header + * o ICMP header + * o AH/ESP header * * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_BASE.c,v 1.7 2000/11/16 17:20:52 laforge Exp $ + * $Id: ulogd_BASE.c,v 1.8 2000/11/16 21:15:30 laforge Exp $ * */ @@ -22,7 +31,8 @@ * Raw header ***********************************************************************/ static ulog_iret_t mac_rets[1] = { - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "raw.mac", NULL }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "raw.mac", + { ptr: NULL } }, }; static ulog_iret_t *_interp_mac(struct ulog_interpreter *ip, @@ -36,7 +46,7 @@ static ulog_iret_t *_interp_mac(struct ulog_interpreter *ip, if (pkt->mac_len) { buf = (char *) malloc(3 * pkt->mac_len + 1); if (!buf) { - ulogd_error("OOM!!!\n"); + ulogd_log(ULOGD_ERROR, "OOM!!!\n"); return NULL; } *buf = '\0'; @@ -58,12 +68,18 @@ static ulog_iret_t *_interp_mac(struct ulog_interpreter *ip, ***********************************************************************/ static ulog_iret_t oob_rets[] = { - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.prefix", NULL }, - { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.sec", NULL }, - { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.usec", NULL }, - { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.mark", NULL }, - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.in", NULL }, - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.out", NULL }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.prefix", + { ptr: NULL } }, + { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.sec", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.time.usec", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "oob.mark", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.in", + { ptr: NULL } }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_NONE, "oob.out", + { ptr: NULL } }, }; static ulog_iret_t *_interp_oob(struct ulog_interpreter *ip, @@ -92,16 +108,26 @@ static ulog_iret_t *_interp_oob(struct ulog_interpreter *ip, ***********************************************************************/ static ulog_iret_t iphdr_rets[] = { - { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.saddr", 0 }, - { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.daddr", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.protocol", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.tos", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ttl", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.totlen", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ihl", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.csum", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.id", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.fragoff", 0 }, + { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.saddr", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "ip.daddr", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.protocol", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.tos", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ttl", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.totlen", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ip.ihl", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.csum", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.id", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "ip.fragoff", + { ui16: 0 } }, }; static ulog_iret_t *_interp_iphdr(struct ulog_interpreter *ip, @@ -138,18 +164,30 @@ static ulog_iret_t *_interp_iphdr(struct ulog_interpreter *ip, * TCP HEADER ***********************************************************************/ static ulog_iret_t tcphdr_rets[] = { - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.sport", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.dport", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.seq", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.ackseq", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.window", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.urg", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.urgp", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.ack", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.psh", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.rst", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.syn", 0 }, - { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.fin", 0 }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.sport", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.dport", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.seq", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT32, ULOGD_RETF_NONE, "tcp.ackseq", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.window", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.urg", + { b: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "tcp.urgp", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.ack", + { b: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.psh", + { b: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.rst", + { b: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.syn", + { b: 0 } }, + { NULL, NULL, 0, ULOGD_RET_BOOL, ULOGD_RETF_NONE, "tcp.fin", + { b: 0 } }, }; static ulog_iret_t *_interp_tcphdr(struct ulog_interpreter *ip, @@ -207,9 +245,12 @@ static ulog_iret_t *_interp_tcphdr(struct ulog_interpreter *ip, * UDP HEADER ***********************************************************************/ static ulog_iret_t udphdr_rets[] = { - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.sport", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.dport", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.len", 0 }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.sport", + { ui16 :0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.dport", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "udp.len", + { ui16: 0 } }, }; static ulog_iret_t *_interp_udp(struct ulog_interpreter *ip, @@ -238,12 +279,18 @@ static ulog_iret_t *_interp_udp(struct ulog_interpreter *ip, ***********************************************************************/ static ulog_iret_t icmphdr_rets[] = { - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "icmp.type", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "icmp.code", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.echoid", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.echoseq", 0 }, - { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "icmp.gateway", 0 }, - { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.fragmtu", 0 }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "icmp.type", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "icmp.code", + { ui8: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.echoid", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.echoseq", + { ui16: 0 } }, + { NULL, NULL, 0, ULOGD_RET_IPADDR, ULOGD_RETF_NONE, "icmp.gateway", + { ui32: 0 } }, + { NULL, NULL, 0, ULOGD_RET_UINT16, ULOGD_RETF_NONE, "icmp.fragmtu", + { ui16: 0 } }, }; static ulog_iret_t *_interp_icmp(struct ulog_interpreter *ip, @@ -290,16 +337,18 @@ static ulog_iret_t *_interp_icmp(struct ulog_interpreter *ip, ***********************************************************************/ static ulog_iret_t ahesphdr_rets[] = { - { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ahesp.spi", 0 }, + { NULL, NULL, 0, ULOGD_RET_UINT8, ULOGD_RETF_NONE, "ahesp.spi", + { ui8: 0 } }, }; static ulog_iret_t *_interp_ahesp(struct ulog_interpreter *ip, ulog_packet_msg_t *pkt) { - struct iphdr *iph = (struct iphdr *) pkt->payload; + ulog_iret_t *ret = ip->result; - void *protoh = (u_int32_t *) (iph + iph->ihl); #if 0 + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *) (iph + iph->ihl); struct esphdr *esph = protoh; if (iph->protocol != IPPROTO_ESP) @@ -321,7 +370,7 @@ static ulog_interpreter_t base_ip[] = { { NULL, "icmp", 0, &_interp_icmp, 6, &icmphdr_rets }, { NULL, "udp", 0, &_interp_udp, 3, &udphdr_rets }, { NULL, "ahesp", 0, &_interp_ahesp, 1, &ahesphdr_rets }, - { NULL, "", 0, NULL, 0, { NULL } }, + { NULL, "", 0, NULL, 0, NULL }, }; void _base_reg_ip(void) diff --git a/extensions/ulogd_LOGEMU.c b/extensions/ulogd_LOGEMU.c index 086e35e..a558aba 100644 --- a/extensions/ulogd_LOGEMU.c +++ b/extensions/ulogd_LOGEMU.c @@ -1,13 +1,14 @@ -/* ulogd_LOGEMU.c, Version $Revision: 1.4 $ +/* ulogd_LOGEMU.c, Version $Revision: 1.1 $ * * ulogd output target for syslog logging emulation - * this target produces a file which looks the same like the syslog-entries + * + * This target produces a file which looks the same like the syslog-entries * of the LOG target. * * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_LOGEMU.c,v 1.4 2000/09/22 06:54:33 laforge Exp $ + * $Id: ulogd_LOGEMU.c,v 1.1 2000/11/16 21:15:30 laforge Exp $ * */ @@ -19,6 +20,10 @@ #include "ulogd.h" #include "conffile.h" +#ifndef ULOGD_LOGEMU_DEFAULT +#define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" +#endif + #define NIPQUAD(addr) \ ((unsigned char *)&addr)[0], \ ((unsigned char *)&addr)[1], \ @@ -38,7 +43,7 @@ struct intr_id { unsigned int id; }; -#define INTR_IDS 33 +#define INTR_IDS 34 static struct intr_id intr_ids[INTR_IDS] = { { "oob.prefix", 0 }, { "oob.in", 0 }, @@ -73,11 +78,10 @@ static struct intr_id intr_ids[INTR_IDS] = { { "icmp.echoseq", 0 }, { "icmp.gateway", 0 }, { "icmp.fragmtu", 0 }, - { "ah.spi", 0 }, + { "ahesp.spi", 0 }, }; #define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define IS_VALID(x) (ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags & ULOGD_RETF_VALID) int _output_logemu(ulog_iret_t *res) { @@ -185,6 +189,7 @@ int _output_logemu(ulog_iret_t *res) fprintf(of,"\n"); return 0; } + /* get all key id's for the keys we are intrested in */ static int get_ids(void) { @@ -195,7 +200,9 @@ static int get_ids(void) cur_id = &intr_ids[i]; cur_id->id = keyh_getid(cur_id->name); if (!cur_id->id) { - ulogd_error("Cannot resolve keyhash id for %s\n", cur_id->name); + ulogd_log(ULOGD_ERROR, + "Cannot resolve keyhash id for %s\n", + cur_id->name); return 1; } } @@ -203,7 +210,7 @@ static int get_ids(void) } static ulog_output_t logemu_op[] = { - { NULL, "logemu", &_output_logemu }, + { NULL, "syslogemu", &_output_logemu }, { NULL, "", NULL }, }; @@ -219,24 +226,25 @@ static void _logemu_reg_op(void) static config_entry_t syslogf_ce = { NULL, "syslogfile", CONFIG_TYPE_STRING, CONFIG_OPT_NONE, 0, - { string: "/var/log/ulogd.syslogemu" } }; + { string: ULOGD_LOGEMU_DEFAULT } }; void _init(void) { -#ifdef DEBUG_LOGEMU - of = stdout; -#else + /* FIXME: error handling */ config_register_key(&syslogf_ce); config_parse_file(0); +#ifdef DEBUG_LOGEMU + of = stdout; +#else of = fopen(syslogf_ce.u.string, "a"); if (!of) { - ulogd_error("ulogd_LOGEMU: can't open syslogemu: %s\n", strerror(errno)); + ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", + strerror(errno)); exit(2); } #endif if (get_ids()) { - ulogd_error("ulogd_LOGEMU: can't resolve all keyhash id's\n"); - exit(2); + ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); } _logemu_reg_op(); diff --git a/extensions/ulogd_MYSQL.c b/extensions/ulogd_MYSQL.c new file mode 100644 index 0000000..3777e26 --- /dev/null +++ b/extensions/ulogd_MYSQL.c @@ -0,0 +1,298 @@ +/* ulogd_MYSQL.c, Version $Revision$ + * + * ulogd output plugin for logging to a MySQL database + * + * (C) 2000 by Harald Welte + * This software is distributed under the terms of GNU GPL + * + * $Id$ + * + **/ + +#include +#include +#include +#include +#include "ulogd.h" +#include "conffile.h" + +#ifdef DEBUG_MYSQL +#define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#else +#define DEBUGP(x, args...) +#endif + +struct _field { + char name[ULOGD_MAX_KEYLEN]; + unsigned int id; + struct _field *next; +}; + +/* the database handle we are using */ +static MYSQL *dbh; + +/* a linked list of the fields the table has */ +static struct _field *fields; + +/* buffer for our insert statement */ +static char *stmt; + +/* pointer to the beginning of the "VALUES" part */ +static char *stmt_val; + +/* pointer to current inser position in statement */ +static char *stmt_ins; + +/* our configuration directives */ +static config_entry_t db_ce = { NULL, "mysqldb", CONFIG_TYPE_STRING, + CONFIG_OPT_MANDATORY, 0, + { } }; + +static config_entry_t host_ce = { &db_ce, "mysqlhost", CONFIG_TYPE_STRING, + CONFIG_OPT_MANDATORY, 0, + { } }; + +static config_entry_t user_ce = { &host_ce, "mysqluser", CONFIG_TYPE_STRING, + CONFIG_OPT_MANDATORY, 0, + { } }; + +static config_entry_t pass_ce = { &user_ce, "mysqlpass", CONFIG_TYPE_STRING, + CONFIG_OPT_MANDATORY, 0, + { } }; + +static config_entry_t table_ce = { &pass_ce, "mysqltable", CONFIG_TYPE_STRING, + CONFIG_OPT_MANDATORY, 0, + { } }; + +/* is the given string a field in our table? */ +static int is_field(const char *name) +{ + struct _field *f; + + for (f = fields; f; f = f->next) { + if (!strcmp(f->name, name)) + return 1; + } + return 0; +} + +/* our main output function, called by ulogd */ +static int _mysql_output(ulog_iret_t *result) +{ + struct _field *f; + ulog_iret_t *res; + + stmt_ins = stmt_val; + + for (f = fields; f; f = f->next) { + res = keyh_getres(f->id); + + if (!res) { + ulogd_log(ULOGD_NOTICE, + "no result for %s ?!?\n", f->name); + } + + if (!res || !IS_VALID((*res))) { + /* no result, we have to fake something */ + sprintf(stmt_ins, "NULL,"); + stmt_ins = stmt + strlen(stmt); + continue; + } + + switch (res->type) { + case ULOGD_RET_INT8: + sprintf(stmt_ins, "%d,", res->value.i8); + break; + case ULOGD_RET_INT16: + sprintf(stmt_ins, "%d,", res->value.i16); + break; + case ULOGD_RET_INT32: + sprintf(stmt_ins, "%d,", res->value.i32); + break; + case ULOGD_RET_INT64: + sprintf(stmt_ins, "%ld,", res->value.i64); + break; + case ULOGD_RET_UINT8: + sprintf(stmt_ins, "%u,", res->value.ui8); + break; + case ULOGD_RET_UINT16: + sprintf(stmt_ins, "%u,", res->value.ui16); + break; + case ULOGD_RET_IPADDR: + case ULOGD_RET_UINT32: + sprintf(stmt_ins, "%u,", res->value.ui32); + break; + case ULOGD_RET_UINT64: + sprintf(stmt_ins, "%lu,", res->value.ui64); + break; + case ULOGD_RET_STRING: + *stmt_ins++ = '\''; + mysql_real_escape_string(dbh, stmt_ins, + res->value.ptr, strlen(res->value.ptr)); + stmt_ins = stmt + strlen(stmt); + sprintf(stmt_ins, "',"); + /* sprintf(stmt_ins, "'%s',", res->value.ptr); */ + break; + default: + ulogd_log(ULOGD_NOTICE, + "unknown type %d for %s\n", + res->type, res->key); + break; + } + stmt_ins = stmt + strlen(stmt); + } + *(stmt_ins - 1) = ')'; + DEBUGP("stmt=#%s#\n", stmt); + + /* now we have created our statement, insert it */ + + if(mysql_real_query(dbh, stmt, strlen(stmt))) { + ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", + mysql_error(dbh)); + return 1; + } + + return 0; +} + +#define MYSQL_INSERTTEMPL "insert into X (Y) values (Z)" +#define MYSQL_VALSIZE 100 + +/* create the static part of our insert statement */ +static int _mysql_createstmt(void) +{ + struct _field *f; + unsigned int size; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + + if (stmt) { + ulogd_log(ULOGD_NOTICE, "createstmt called, but stmt" + " already existing\n"); + return 1; + } + + /* caclulate the size for the insert statement */ + size = strlen(MYSQL_INSERTTEMPL) + strlen(table_ce.u.string); + + for (f = fields; f; f = f->next) { + /* we need space for the key and a comma, as well as + * enough space for the values */ + size += strlen(f->name) + 1 + MYSQL_VALSIZE; + } + + ulogd_log(ULOGD_DEBUG, "allocating %u bytes for statement\n", size); + + stmt = (char *) malloc(size); + + if (!stmt) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 1; + } + + sprintf(stmt, "insert into %s (", table_ce.u.string); + stmt_val = stmt + strlen(stmt); + + for (f = fields; f; f = f->next) { + strncpy(buf, f->name, ULOGD_MAX_KEYLEN); + while (underscore = strchr(buf, '.')) + *underscore = '_'; + sprintf(stmt_val, "%s,", buf); + stmt_val = stmt + strlen(stmt); + } + *(stmt_val - 1) = ')'; + + sprintf(stmt_val, " values ("); + stmt_val = stmt + strlen(stmt); + + ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); + + return 0; +} + +/* find out which columns the table has */ +static int _mysql_get_columns(const char *table) +{ + MYSQL_RES *result; + MYSQL_FIELD *field; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + struct _field *f; + int id; + + if (!dbh) + return 1; + + result = mysql_list_fields(dbh, table, NULL); + if (!result) + return 1; + + while (field = mysql_fetch_field(result)) { + + /* replace all underscores with dots */ + strncpy(buf, field->name, ULOGD_MAX_KEYLEN); + while (underscore = strchr(buf, '_')) + *underscore = '.'; + + DEBUGP("field '%s' found: ", buf); + + if (!(id = keyh_getid(buf))) { + DEBUGP(" no keyid!\n"); + continue; + } + + DEBUGP("keyid %u\n", id); + + /* prepend it to the linked list */ + f = (struct _field *) malloc(sizeof *f); + if (!f) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 1; + } + strncpy(f->name, buf, ULOGD_MAX_KEYLEN); + f->id = id; + f->next = fields; + fields = f; + } + + mysql_free_result(result); + return 0; +} + +/* make connection and select database */ +static int _mysql_open_db(char *server, char *user, char *pass, char *db) +{ + dbh = mysql_connect(NULL, server, user, pass); + + if (!dbh) + return 1; + + mysql_select_db(dbh, db); + return 0; +} + +static ulog_output_t _mysql_plugin = { NULL, "mysql", &_mysql_output }; + +void _init(void) +{ + /* register our configfile options here */ + config_register_key(&table_ce); + + /* have the opts parsed */ + config_parse_file(0); + + if (_mysql_open_db(host_ce.u.string, user_ce.u.string, + pass_ce.u.string, db_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "can't establish database connection\n"); + return; + } + + /* read the fieldnames to know which values to insert */ + if (_mysql_get_columns(table_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "unable to get mysql columns\n"); + return; + } + _mysql_createstmt(); + register_output(&_mysql_plugin); + +} diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c index 3fa42ed..fc00b46 100644 --- a/extensions/ulogd_OPRINT.c +++ b/extensions/ulogd_OPRINT.c @@ -1,11 +1,11 @@ -/* ulogd_MAC.c, Version $Revision: 1.4 $ +/* ulogd_MAC.c, Version $Revision: 1.5 $ * * ulogd output target for logging to a file * * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_OPRINT.c,v 1.4 2000/09/22 06:54:33 laforge Exp $ + * $Id: ulogd_OPRINT.c,v 1.5 2000/11/16 17:20:52 laforge Exp $ * */ @@ -15,6 +15,10 @@ #include "ulogd.h" #include "conffile.h" +#ifndef ULOGD_OPRINT_DEFAULT +#define ULOGD_OPRINT_DEFAULT "/var/log/ulogd.pktlog" +#endif + #define NIPQUAD(addr) \ ((unsigned char *)&addr)[0], \ ((unsigned char *)&addr)[1], \ @@ -42,22 +46,14 @@ int _output_print(ulog_iret_t *res) break; case ULOGD_RET_BOOL: case ULOGD_RET_INT8: - fprintf(of, "%d\n", ret->value.i8); - break; case ULOGD_RET_INT16: - fprintf(of, "%d\n", ret->value.i16); - break; case ULOGD_RET_INT32: - fprintf(of, "%ld\n", ret->value.i32); + fprintf(of, "%d\n", ret->value.i32); break; case ULOGD_RET_UINT8: - fprintf(of, "%u\n", ret->value.ui8); - break; case ULOGD_RET_UINT16: - fprintf(of, "%u\n", ret->value.ui16); - break; case ULOGD_RET_UINT32: - fprintf(of, "%lu\n", ret->value.ui32); + fprintf(of, "%u\n", ret->value.ui32); break; case ULOGD_RET_IPADDR: fprintf(of, "%u.%u.%u.%u\n", @@ -72,7 +68,7 @@ int _output_print(ulog_iret_t *res) } static ulog_output_t base_op[] = { - { NULL, "print", &_output_print }, + { NULL, "oprint", &_output_print }, { NULL, "", NULL }, }; @@ -88,7 +84,7 @@ static void _base_reg_op(void) static config_entry_t outf_ce = { NULL, "dumpfile", CONFIG_TYPE_STRING, CONFIG_OPT_NONE, 0, - { string: "/var/log/ulogd.pktlog" } }; + { string: ULOGD_OPRINT_DEFAULT } }; void _init(void) { #ifdef DEBUG @@ -99,7 +95,8 @@ void _init(void) of = fopen(outf_ce.u.string, "a"); if (!of) { - ulogd_error("ulogd_OPRINT: can't open PKTLOG: %s\n", strerror(errno)); + ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", + strerror(errno)); exit(2); } #endif diff --git a/extensions/ulogd_PWSNIFF.c b/extensions/ulogd_PWSNIFF.c index cc0f19e..a1e7988 100644 --- a/extensions/ulogd_PWSNIFF.c +++ b/extensions/ulogd_PWSNIFF.c @@ -1,11 +1,11 @@ -/* ulogd_PWSNIFF.c, Version $Revision: 1.2 $ +/* ulogd_PWSNIFF.c, Version $Revision: 1.3 $ * * ulogd logging interpreter for POP3 / FTP like plaintext passwords. * * (C) 2000 by Harald Welte * This software is released under the terms of GNU GPL * - * $Id: ulogd_PWSNIFF.c,v 1.2 2000/09/22 06:54:33 laforge Exp $ + * $Id: ulogd_PWSNIFF.c,v 1.3 2000/11/16 17:20:52 laforge Exp $ * */ @@ -17,8 +17,8 @@ #include #include -#ifdef DEBUG -#define DEBUGP ulogd_error +#ifdef DEBUG_PWSNIFF +#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) #else #define DEBUGP(format, args...) #endif @@ -96,7 +96,7 @@ static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *p ret[0].value.ptr = (char *) malloc(len+1); ret[0].flags |= ULOGD_RETF_VALID; if (!ret[0].value.ptr) { - ulogd_error("_interp_pwsniff: OOM (size=%u)\n", len); + ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", len); return NULL; } strncpy(ret[0].value.ptr, begp, len); @@ -106,7 +106,7 @@ static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *p ret[1].value.ptr = (char *) malloc(pw_len+1); ret[1].flags |= ULOGD_RETF_VALID; if (!ret[1].value.ptr){ - ulogd_error("_interp_pwsniff: OOM (size=%u)\n", pw_len); + ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", pw_len); return NULL; } strncpy(ret[1].value.ptr, pw_begp, pw_len); @@ -117,13 +117,15 @@ static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *p } static ulog_iret_t pwsniff_rets[] = { - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.user", 0 }, - { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.pass", 0 }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.user", + { ptr: NULL } }, + { NULL, NULL, 0, ULOGD_RET_STRING, ULOGD_RETF_FREE, "pwsniff.pass", + { ptr: NULL } }, }; static ulog_interpreter_t base_ip[] = { { NULL, "pwsniff", 0, &_interp_pwsniff, 2, &pwsniff_rets }, - { NULL, "", NULL }, + { NULL, "", 0, NULL, 0, NULL }, }; void _base_reg_ip(void) { -- cgit v1.2.3