/*
* log_udp - Log UDP packet header in file. Function takes packet buffer,
* parses it and dumps parsed header information in file. First argument
* is dump flag, if first argument is 1, function will hexdump packet
* payload in log file, otherwise it wont. Second argument buf is packet
* buffer recieved from socket and third argument size is packet size.
*/
void log_udp(short dump, unsigned char* buf, int size)
{
/* Used variables */
unsigned short iph_len;
struct iphdr *iph = (struct iphdr *)buf;
/* Get UDP packet heaer */
iph_len = iph->ihl * 4;
struct udphdr* udph = (struct udphdr*)(buf + iph_len);
/* Log ip header */
log_ip(buf);
/* Log TCP packet header in file */
slog_to_file("[LIVE] Captured UDP Packet");
slog_to_file("[UDP] Source Port : %d", ntohs(udph->source));
slog_to_file("[UDP] Destination Port : %d", ntohs(udph->dest));
slog_to_file("[UDP] Length : %d", ntohs(udph->len));
slog_to_file("[UDP] Checksum : %d\n", ntohs(udph->check));
/* Dump data if flag is enabled */
if (dump)
{
/* Dump ip header in file */
slog_to_file("[IP] Header");
dump_data(buf, iph_len);
/* Dump udp header in file */
slog_to_file("[UDP] Header");
dump_data(buf + iph_len , sizeof(udph));
/* Dump data playload */
slog_to_file("[DATA] Payload");
dump_data(buf + iph_len + sizeof(udph), (size - sizeof(udph) - iph->ihl * 4));
}
slog_file("\n");
}
/*
* log_ip - Log IP packet header in file. Function takes packet
* buffer, parses it and hexdumps parsed header information in
* file. Argument is is packet buffer recieved from socket.
*/
void log_ip(unsigned char* buf)
{
/* Used variables */
struct sockaddr_in name, dst;
struct iphdr *iph = (struct iphdr *)buf;
/* Get source and destination */
memset(&name, 0, sizeof(name));
name.sin_addr.s_addr = iph->saddr;
memset(&dst, 0, sizeof(dst));
dst.sin_addr.s_addr = iph->daddr;
/* Log ip header */
slog_to_file("[LIVE] Captured IP Header");
slog_to_file("[IP] Version : %d", (unsigned int)iph->version);
slog_to_file("[IP] Header Length : %d DWORDS or %d Bytes",
(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4);
slog_to_file("[IP] Type Of Service : %d", (unsigned int)iph->tos);
slog_to_file("[IP] Total Length : %d Bytes(Size of Packet)", ntohs(iph->tot_len));
slog_to_file("[IP] Identification : %d", ntohs(iph->id));
slog_to_file("[IP] TTL : %d", (unsigned int)iph->ttl);
slog_to_file("[IP] Protocol : %d", (unsigned int)iph->protocol);
slog_to_file("[IP] Checksum : %d", ntohs(iph->check));
slog_to_file("[IP] Source IP : %s", inet_ntoa(name.sin_addr));
slog_to_file("[IP] Destination IP : %s\n", inet_ntoa(dst.sin_addr));
}
/*
* log_tcp - Log TCP packet header in file. Function takes packet buffer,
* parses it and dumps parsed header information in file. First argument
* is dump flag, if first argument is 1, function will dump packet
* payload in log file otherwise it wont. Second argument buf is packet
* buffer recieved from socket and third argument size is packet size.
*/
void log_tcp(short dump, unsigned char* buf, int size)
{
/* Used variables */
unsigned short iph_len;
struct iphdr *iph = (struct iphdr *)buf;
/* Get TCP packet header */
iph_len = iph->ihl * 4;
struct tcphdr* tcph= (struct tcphdr*)(buf + iph_len);
/* Log ip header */
log_ip(buf);
/* Log TCP packet header in file */
slog_to_file("[LIVE] Captured TCP Packet");
slog_to_file("[TCP] Source Port : %u", ntohs(tcph->source));
slog_to_file("[TCP] Destination Port : %u", ntohs(tcph->dest));
slog_to_file("[TCP] Sequence Number : %u", ntohl(tcph->seq));
slog_to_file("[TCP] Acknowledge Number : %u", ntohl(tcph->ack_seq));
slog_to_file("[TCP] Header Length : %d DWORDS or %d BYTES" ,
(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);
slog_to_file("[TCP] Urgent Flag : %d", (unsigned int)tcph->urg);
slog_to_file("[TCP] Acknowledgement Flag : %d", (unsigned int)tcph->ack);
slog_to_file("[TCP] Push Flag : %d", (unsigned int)tcph->psh);
slog_to_file("[TCP] Reset Flag : %d", (unsigned int)tcph->rst);
slog_to_file("[TCP] Synchronise Flag : %d", (unsigned int)tcph->syn);
slog_to_file("[TCP] Finish Flag : %d", (unsigned int)tcph->fin);
slog_to_file("[TCP] Window : %d", ntohs(tcph->window));
slog_to_file("[TCP] Checksum : %d", ntohs(tcph->check));
slog_to_file("[TCP] Urgent Pointer : %d\n", tcph->urg_ptr);
/* Dump data if flag is enabled */
if (dump)
{
/* Dump ip header in file */
slog_to_file("[IP] Header");
dump_data(buf, iph_len);
/* Dump tcp header in file */
slog_to_file("[TCP] Header");
dump_data(buf + iph_len, tcph->doff * 4);
/* Dump data playload */
slog_to_file("[DATA] Payload");
dump_data(buf + iph_len + tcph->doff * 4, (size - tcph->doff * 4 - iph->ihl * 4));
}
slog_file("\n");
}
/*
* slog - Log exiting process. Function takes arguments and saves
* log in file if LOGTOFILE flag is enabled from config. Otherwise
* it just prints log without saveing in file. Argument level is
* logging level and flag is slog flags defined in slog.h header.
*/
void slog(int level, int flag, const char *msg, ...)
{
/* Lock for safe */
if (slg.td_safe)
{
if (pthread_mutex_lock(&slog_mutex))
{
printf("<%s:%d> %s: [ERROR] Can not lock mutex: %d\n",
__FILE__, __LINE__, __FUNCTION__, errno);
exit(EXIT_FAILURE);
}
}
/* Used variables */
SlogDate mdate;
char string[MAXMSG];
char prints[MAXMSG];
char color[32], alarm[32];
char *output;
slog_get_date(&mdate);
bzero(string, sizeof(string));
bzero(prints, sizeof(prints));
bzero(color, sizeof(color));
bzero(alarm, sizeof(alarm));
/* Read args */
va_list args;
va_start(args, msg);
vsprintf(string, msg, args);
va_end(args);
/* Check logging levels */
if(!level || level <= slg.level || level <= slg.file_level)
{
/* Handle flags */
switch(flag)
{
case SLOG_LIVE:
strncpy(color, CLR_NORMAL, sizeof(color));
strncpy(alarm, "LIVE", sizeof(alarm));
break;
case SLOG_INFO:
strncpy(color, CLR_GREEN, sizeof(color));
strncpy(alarm, "INFO", sizeof(alarm));
break;
case SLOG_WARN:
strncpy(color, CLR_YELLOW, sizeof(color));
strncpy(alarm, "WARN", sizeof(alarm));
break;
case SLOG_DEBUG:
strncpy(color, CLR_BLUE, sizeof(color));
strncpy(alarm, "DEBUG", sizeof(alarm));
break;
case SLOG_ERROR:
strncpy(color, CLR_RED, sizeof(color));
strncpy(alarm, "ERROR", sizeof(alarm));
break;
case SLOG_FATAL:
strncpy(color, CLR_RED, sizeof(color));
strncpy(alarm, "FATAL", sizeof(alarm));
break;
case SLOG_PANIC:
strncpy(color, CLR_WHITE, sizeof(color));
strncpy(alarm, "PANIC", sizeof(alarm));
break;
case SLOG_NONE:
strncpy(prints, string, sizeof(string));
break;
default:
strncpy(prints, string, sizeof(string));
flag = SLOG_NONE;
break;
}
/* Print output */
if (level <= slg.level || slg.pretty)
{
if (flag != SLOG_NONE) sprintf(prints, "[%s] %s", strclr(color, alarm), string);
if (level <= slg.level) printf("%s", slog_get(&mdate, "%s\n", prints));
}
/* Save log in file */
if (slg.to_file && level <= slg.file_level)
{
if (slg.pretty) output = slog_get(&mdate, "%s\n", prints);
else
{
if (flag != SLOG_NONE) sprintf(prints, "[%s] %s", alarm, string);
output = slog_get(&mdate, "%s\n", prints);
}
/* Add log line to file */
slog_to_file(output, slg.fname, &mdate);
}
}
/* Done, unlock mutex */
if (slg.td_safe)
{
if (pthread_mutex_unlock(&slog_mutex))
{
printf("<%s:%d> %s: [ERROR] Can not deinitialize mutex: %d\n",
__FILE__, __LINE__, __FUNCTION__, errno);
exit(EXIT_FAILURE);
}
}
}
