various bugfixes (tcp interpreter), output for boolean type

diff --git a/Makefile b/Makefile
index 9cb52f65214b9bca9a284a3b6bee70ae9f66a9eb..0d02917a5a74a6688fa9943375c98ff6a36e922f 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,14 @@
 # Path of libipulog (from iptables)
 LIBIPULOG=../libipulog
+INCIPULOG=-I../libipulog/include
 
 # Names of the plugins to be compiled
 ULOGD_SL:=BASE OPRINT
 
-
 #  Normally You should not need to change anything below
 #
 CC = gcc
-CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall
+CFLAGS = -I. -g -Wall $(INCIPULOG)
 SH_CFLAGS:=$(CFLAGS) -fPIC
 
 SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so)
@@ -21,7 +21,7 @@ $(SHARED_LIBS): %.so: %_sh.o
 %_sh.o: %.c
        gcc $(SH_CFLAGS) -o $@ -c $<
 
-ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h
+ulogd: ulogd.c $(LIBIPULOG) ulogd.h
        $(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd
 
 clean:

diff --git a/README b/README
index 4d0870b29dbb754f3e18a5b95e8f980beed4fbf5..46a36ea06060aaa3fe1229ca6f6a78fb510c3866 100644 (file)
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 ===> CONECEPT
 
 I want to write a flexible, almost universal logging daemon for my netfilter 
-ULOG target. These are my thoughts about how the architecture which is most capable of doing that:
+ULOG target. It is not optimized in any way, the goal is to keep as simple as possible. These are my thoughts about how the architecture which is most capable of doing that:
 
 1. Interpreter lugins
 

diff --git a/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c
index 8506d42e4c351c33e02ea9cb2e5614b30bb126c6..e0b1e1f20939a55e07c4ef52d4967d96ce39564b 100644 (file)
--- a/extensions/ulogd_BASE.c
+++ b/extensions/ulogd_BASE.c
@@ -1,11 +1,11 @@
-/* ulogd_MAC.c, Version $Revision: 1.1 $
+/* ulogd_MAC.c, Version $Revision: 1.2 $
  *
  * ulogd logging interpreter for MAC addresses, TIME, etc.
  *
  * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
  * This software is released under the terms of GNU GPL
  *
- * $Id: ulogd_BASE.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $
+ * $Id: ulogd_BASE.c,v 1.2 2000/08/02 12:15:44 laforge Exp $
  *
  */
 
@@ -16,6 +16,7 @@
 #include <linux/in.h>
 #include <linux/tcp.h>
 #include <linux/icmp.h>
+#include <linux/udp.h>
 
 ulog_iret_t *_interp_mac(ulog_packet_msg_t *pkt)
 {
@@ -108,7 +109,8 @@ ulog_iret_t *_interp_iphdr(ulog_packet_msg_t *pkt)
 ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt)
 {
        struct iphdr *iph = (struct iphdr *) pkt->payload;
-       struct tcphdr *tcph = (struct tcphdr *) (iph + iph->ihl);
+       void *protoh = (u_int32_t *)iph + iph->ihl;
+       struct tcphdr *tcph = (struct tcphdr *) protoh;
        ulog_iret_t *ret, *ret2;
 
        if (iph->protocol != IPPROTO_TCP)
@@ -117,14 +119,67 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt)
        ret = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport");
        ret->value.ui16 = ntohs(tcph->source);
 
-       ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.sport");
-       ret->value.ui16 = ntohs(tcph->dest);
+       ret->next = ret2 = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.dport");
+       ret2->value.ui16 = ntohs(tcph->dest);
 
        ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.seq");
-       ret->value.ui32 = ntohl(tcph->seq);
+       ret2->value.ui32 = ntohl(tcph->seq);
        
        ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT32, "tcp.hdr.ack_seq");
-       ret->value.ui32 = ntohl(tcph->ack_seq);
+       ret2->value.ui32 = ntohl(tcph->ack_seq);
+
+       ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.window");
+       ret2->value.ui16 = ntohs(tcph->window);
+
+       if (tcph->urg) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.urg");
+               ret2->value.b = 1;
+               
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "tcp.hdr.urgp");
+               ret2->value.ui16 = ntohs(tcph->urg_ptr);
+       }
+       if (tcph->ack) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.ack");
+               ret2->value.b = 1;
+       }
+       if (tcph->psh) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.psh");
+               ret2->value.b = 1;
+       }
+       if (tcph->rst) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.rst");
+               ret2->value.b = 1;
+       }
+       if (tcph->syn) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.syn");
+               ret2->value.b = 1;
+       }
+       if (tcph->fin) {
+               ret2 = ret2->next = alloc_ret(ULOGD_RET_BOOL, "tcp.hdr.fin");
+               ret2->value.b = 1;
+       }
+       
+       return ret;
+}
+
+ulog_iret_t *_interp_udp(ulog_packet_msg_t *pkt)
+{
+       struct iphdr *iph = (struct iphdr *) pkt->payload;
+       void *protoh = (u_int32_t *)iph + iph->ihl;
+       struct udphdr *udph = protoh;
+       ulog_iret_t *ret, *ret2;
+
+       if (iph->protocol != IPPROTO_UDP)
+               return NULL;
+
+       ret = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.sport");
+       ret->value.ui16 = ntohs(udph->source);
+
+       ret2 = ret->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.dport");
+       ret2->value.ui16 = ntohs(udph->dest);
+
+       ret2 = ret2->next = alloc_ret(ULOGD_RET_UINT16, "udp.hdr.len");
+       ret2->value.ui16 = ntohs(udph->len);
        
        return ret;
 }
@@ -132,7 +187,8 @@ ulog_iret_t *_interp_tcphdr(ulog_packet_msg_t *pkt)
 ulog_iret_t *_interp_icmp(ulog_packet_msg_t *pkt)
 {
        struct iphdr *iph = (struct iphdr *) pkt->payload;
-       struct icmphdr *icmph = (struct icmphdr *) (iph + iph->ihl);
+       void *protoh = (u_int32_t *) (iph + iph->ihl);
+       struct icmphdr *icmph = protoh;
        ulog_iret_t *ret, *ret2;
 
        if (iph->protocol != IPPROTO_ICMP)
@@ -155,6 +211,7 @@ static ulog_interpreter_t base_ip[] = {
        { NULL, "ip.hdr", &_interp_iphdr },
        { NULL, "tcp.hdr", &_interp_tcphdr },
        { NULL, "icmp.hdr", &_interp_icmp },
+       { NULL, "udp.hdr", &_interp_udp },
        { NULL, "", NULL }, 
 };
 void _base_reg_ip(void)

diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c
index ea6d88550b7a03f289900b0f1d95e63b4b4f98c7..19fbd7b41a808db1ba91a2192f35bfeeaa29be65 100644 (file)
--- a/extensions/ulogd_OPRINT.c
+++ b/extensions/ulogd_OPRINT.c
@@ -5,7 +5,7 @@
  * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
  * This software is released under the terms of GNU GPL
  *
- * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 08:51:15 laforge Exp laforge $
+ * $Id: ulogd_OPRINT.c,v 1.1 2000/08/02 12:16:00 laforge Exp $
  *
  */
 
@@ -42,6 +42,7 @@ int _output_print(ulog_iret_t *res)
                        case ULOGD_RET_STRING:
                                fprintf(of, "%s\n", (char *) ret->value.ptr);
                                break;
+                       case ULOGD_RET_BOOL:
                        case ULOGD_RET_INT8:
                                fprintf(of, "%d\n", ret->value.i8);
                                break;
@@ -89,11 +90,15 @@ void _base_reg_op(void)
 
 void _init(void)
 {
+#ifdef DEBUG
+       of = stdout;
+#else
        of = fopen(ULOGD_OPRINT_FILE, "a");
        if (!of) {
                ulogd_error("ulogd_OPRINT: can't open PKTLOG: %s\n", strerror(errno));
                exit(2);
        }               
+#endif
                
        _base_reg_op();
 }

diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h
index d1eb1faf5d6a8dd32df6c1826df34a6e264d9242..9ee06912ef9fa431cc889ce5de0e8dc832ab6325 100644 (file)
--- a/include/ulogd/ulogd.h
+++ b/include/ulogd/ulogd.h
@@ -1,6 +1,6 @@
 #ifndef _ULOGD_H
 #define _ULOGD_H
-/* ulogd, Version $Revision: 1.2 $
+/* ulogd, Version $Revision: 1.3 $
  *
  * first try of a logging daemon for my netfilter ULOG target
  * for the linux 2.4 netfilter subsystem.
@@ -9,7 +9,7 @@
  *
  * this code is released under the terms of GNU GPL
  *
- * $Id: ulogd.h,v 1.2 2000/08/02 12:16:42 laforge Exp laforge $
+ * $Id: ulogd.h,v 1.3 2000/08/02 12:20:55 laforge Exp $
  */
 
 #include <libipulog/libipulog.h>
@@ -30,13 +30,17 @@
 #define ULOGD_RET_UINT32       0x0013
 #define ULOGD_RET_UINT64       0x0014
 
-#define ULOGD_RET_STRING       0x8020
+#define ULOGD_RET_BOOL         0x0050
 
 #define ULOGD_RET_IPADDR       0x0100
 
 /* types with lenght field*/
+#define ULOGD_RET_STRING       0x8020
+#define ULODG_RET_RAW          0x8030
+
 #define ULOGD_RET_OTHER                0xffff
 
+
 #define ULOGD_MAX_KEYLEN 32
 
 #define ulogd_error(format, args...) fprintf(logfile, format, ## args)
@@ -48,6 +52,7 @@ typedef struct ulog_iret {
        u_int16_t type;
        char key[ULOGD_MAX_KEYLEN];
        union {
+               u_int8_t        b;
                u_int8_t        ui8;
                u_int16_t       ui16;
                u_int32_t       ui32;

diff --git a/ulogd.c b/ulogd.c
index abee09ab072f7fe12307eed51d76d1e6a95aefbb..d917a3f01876cdfe9301ad2332d21d6495a62a2d 100644 (file)
--- a/ulogd.c
+++ b/ulogd.c
@@ -1,4 +1,4 @@
-/* ulogd, Version $Revision: 1.4 $
+/* ulogd, Version $Revision: 1.5 $
  *
  * first try of a logging daemon for my netfilter ULOG target
  * for the linux 2.4 netfilter subsystem.
@@ -7,7 +7,7 @@
  *
  * this code is released under the terms of GNU GPL
  *
- * $Id: ulogd.c,v 1.4 2000/08/09 16:26:34 root Exp $
+ * $Id: ulogd.c,v 1.5 2000/08/11 09:56:48 laforge Exp $
  */
 
 #include <stdio.h>
@@ -224,13 +224,13 @@ int main(int argc, char* argv[])
                exit(1);
        }
 
+#ifndef DEBUG
        if (!fork())
        { 
 
-               /*
                fclose(stdout);
                fclose(stderr);
-               */
+#endif
 
                /* endless loop receiving packets and handling them over to
                 * handle_packet */
@@ -246,8 +246,10 @@ int main(int argc, char* argv[])
                ipulog_destroy_handle(h);
                free(buf);
                fclose(logfile);
+#ifndef DEBUG
        } else
        {
                exit(0);
        }
+#endif
 }