3 * build something looking like a iptables LOG message
5 * (C) 2000-2003 by Harald Welte <laforge@gnumonks.org>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2
9 * as published by the Free Software Foundation
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * $Id: printpkt.c 6432 2006-01-25 11:21:28Z /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org $
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <arpa/inet.h>
33 #include <netinet/ip.h>
34 #include <netinet/ip_icmp.h>
35 #include <ulogd/ulogd.h>
36 #include <ulogd/conffile.h>
39 #warning this libc does not define HOST_NAME_MAX
40 #define HOST_NAME_MAX (255+1)
43 #define NIPQUAD(addr) \
44 ((unsigned char *)&addr)[0], \
45 ((unsigned char *)&addr)[1], \
46 ((unsigned char *)&addr)[2], \
47 ((unsigned char *)&addr)[3]
54 static char hostname[HOST_NAME_MAX+1];
57 static struct intr_id intr_ids[INTR_IDS] = {
58 { "oob.time.sec", 0 },
89 { "icmp.echoseq", 0 },
90 { "icmp.gateway", 0 },
91 { "icmp.fragmtu", 0 },
95 #define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value
96 #define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags
98 int printpkt_print(ulog_iret_t *res, char *buf, int prefix)
107 now = (time_t) GET_VALUE(0).ui32;
108 timestr = ctime(&now) + 4;
111 if ((tmp = strchr(timestr, '\n')))
114 /* truncate hostname */
115 if ((tmp = strchr(hostname, '.')))
118 /* print time and hostname */
119 buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname);
122 if (*(char *) GET_VALUE(1).ptr)
123 buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(1).ptr);
125 buf_cur += sprintf(buf_cur," IN=%s OUT=%s ",
126 (char *) GET_VALUE(2).ptr,
127 (char *) GET_VALUE(3).ptr);
129 /* FIXME: configurable */
130 buf_cur += sprintf(buf_cur, "MAC=%s ",
131 (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : "");
133 buf_cur += sprintf(buf_cur, "SRC=%s ",
134 inet_ntoa((struct in_addr) {htonl(GET_VALUE(5).ui32)}));
135 buf_cur += sprintf(buf_cur, "DST=%s ",
136 inet_ntoa((struct in_addr) {htonl(GET_VALUE(6).ui32)}));
138 buf_cur += sprintf(buf_cur,"LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ",
139 GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK,
140 GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8,
143 if (GET_VALUE(10).ui16 & IP_RF)
144 buf_cur += sprintf(buf_cur, "CE ");
146 if (GET_VALUE(11).ui16 & IP_DF)
147 buf_cur += sprintf(buf_cur, "DF ");
149 if (GET_VALUE(11).ui16 & IP_MF)
150 buf_cur += sprintf(buf_cur, "MF ");
152 if (GET_VALUE(11).ui16 & IP_OFFMASK)
153 buf_cur += sprintf(buf_cur, "FRAG:%u ",
154 GET_VALUE(11).ui16 & IP_OFFMASK);
156 switch (GET_VALUE(12).ui8) {
159 buf_cur += sprintf(buf_cur, "PROTO=TCP ");
160 buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u ",
161 GET_VALUE(13).ui16, GET_VALUE(14).ui16);
163 buf_cur += sprintf(buf_cur, "SEQ=%u ACK=%u ",
164 GET_VALUE(15).ui32, GET_VALUE(16).ui32);
166 buf_cur += sprintf(buf_cur, "WINDOW=%u ", GET_VALUE(17).ui16);
168 // buf_cur += sprintf(buf_cur, "RES=0x%02x ",
171 buf_cur += sprintf(buf_cur, "URG ");
174 buf_cur += sprintf(buf_cur, "ACK ");
177 buf_cur += sprintf(buf_cur, "PSH ");
180 buf_cur += sprintf(buf_cur, "RST ");
183 buf_cur += sprintf(buf_cur, "SYN ");
186 buf_cur += sprintf(buf_cur, "FIN ");
188 buf_cur += sprintf(buf_cur, "URGP=%u ", GET_VALUE(24).ui16);
193 buf_cur += sprintf(buf_cur, "PROTO=UDP ");
195 buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u LEN=%u ",
196 GET_VALUE(25).ui16, GET_VALUE(26).ui16,
201 buf_cur += sprintf(buf_cur, "PROTO=ICMP ");
203 buf_cur += sprintf(buf_cur, "TYPE=%u CODE=%u ",
204 GET_VALUE(28).ui8, GET_VALUE(29).ui8);
206 switch (GET_VALUE(28).ui8) {
209 buf_cur += sprintf(buf_cur, "ID=%u SEQ=%u ",
213 case ICMP_PARAMETERPROB:
214 buf_cur += sprintf(buf_cur, "PARAMETER=%u ",
215 GET_VALUE(32).ui32 >> 24);
218 buf_cur += sprintf(buf_cur, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)}));
220 case ICMP_DEST_UNREACH:
221 if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED)
222 buf_cur += sprintf(buf_cur, "MTU=%u ",
229 buf_cur += sprintf(buf_cur, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH");
230 /* FIXME: "INCOMPLETE [%u bytes]" in case of short pkt */
231 if (intr_ids[34].id > 0) {
232 buf_cur += sprintf(buf_cur, "SPI=0x%x ", GET_VALUE(34).ui32);
237 buf_cur += sprintf(buf_cur, "PROTO=%u ", GET_VALUE(12).ui8);
239 strcat(buf_cur, "\n");
244 /* get all key id's for the keys we are intrested in */
245 static int get_ids(void)
248 struct intr_id *cur_id;
250 for (i = 0; i < INTR_IDS; i++) {
251 cur_id = &intr_ids[i];
252 cur_id->id = keyh_getid(cur_id->name);
254 ulogd_log(ULOGD_ERROR,
255 "Cannot resolve keyhash id for %s\n",
263 int printpkt_init(void)
265 if (gethostname(hostname, sizeof(hostname)) < 0) {
266 ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n",