void operator()(struct nflog_data *nfa)
{
//struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(nfa);
char *prefix = nflog_get_prefix(nfa);
char *payload = 0;
int payload_len = nflog_get_payload(nfa, &payload);
struct timeval tv;
memset(&tv, 0, sizeof(tv));
nflog_get_timestamp(nfa, &tv);
std::cout
<< (unsigned)tv.tv_sec << "."
<< tv.tv_usec;
std::cout << "\t" << nflog_get_indev(nfa);
std::cout << "\t" << nflog_get_outdev(nfa);
std::cout << "\t" << payload_len;
if (payload_len > 0)
handle_packet(payload, payload_len);
if (prefix && strlen(prefix)) {
std::cout << "\t\"" << prefix << "\"";
}
std::cout << std::endl;
// write a pcap file here if required
if (pcap_writer) {
const size_t pcap_len = payload_len+sizeof(ether_header);
pcap_pkthdr head;
memset(&head, 0, sizeof(head));
head.ts = tv;
head.caplen = pcap_len;
head.len = pcap_len;
// make pcap header
unsigned char tbuf[pcap_len];
ether_header* ehead = reinterpret_cast<ether_header*>(&tbuf[0]);
memset(ehead, 0, sizeof(ehead));
ehead->ether_dhost[0]=0xFA; ehead->ether_dhost[1]=0xCE;
ehead->ether_shost[0]=0xFA; ehead->ether_shost[1]=0xCE;
*reinterpret_cast<u_int32_t*>(&ehead->ether_dhost[2]) = nflog_get_outdev(nfa);
*reinterpret_cast<u_int32_t*>(&ehead->ether_shost[2]) = nflog_get_indev(nfa);
ehead->ether_type=htons(ETHERTYPE_IP);
// copy payload and dump
memcpy(tbuf+sizeof(ether_header), payload, payload_len);
pcap_dump(reinterpret_cast<u_char*>(pcap_writer), &head, reinterpret_cast<const u_char*>(tbuf));
}
}
const char * log_payload_get_prefix(struct log_payload *self)
{
return nflog_get_prefix(self->nfad);
}
char macstr[18]; // 17 + nul
void *protoh;
struct tcphdr *tcph;
struct udphdr *udph;
struct icmphdr *icmph;
char *payload;
int payload_len;
struct timeval tv;
struct vrmr_log_record *log_record = data;
char s[256];
union ipv4_adress ip;
memset(log_record, 0, sizeof(struct vrmr_log_record));
/* Check first if this pkt comes from a vuurmuur logrule */
char *prefix = nflog_get_prefix(nfa);
vrmr_log_record_parse_prefix(log_record, prefix);
/* Copy hostname in log_rule struct, seems kind of silly to do this every
* time */
if (gethostname(log_record->hostname, HOST_NAME_MAX) == -1) {
vrmr_debug(NONE, "Error getting hostname");
return -1;
}
/* Alright, get the nflog packet header and determine what hw_protocol we're
* dealing with */
if (!(ph = nflog_get_msg_packet_hdr(nfa))) {
vrmr_error(-1, "Error", "Can't get packet header");
return -1;
}
