/* * log_udp - Log UDP packet header in file. Function takes packet buffer, * parses it and dumps parsed header information in file. First argument * is dump flag, if first argument is 1, function will hexdump packet * payload in log file, otherwise it wont. Second argument buf is packet * buffer recieved from socket and third argument size is packet size. */ void log_udp(short dump, unsigned char* buf, int size) { /* Used variables */ unsigned short iph_len; struct iphdr *iph = (struct iphdr *)buf; /* Get UDP packet heaer */ iph_len = iph->ihl * 4; struct udphdr* udph = (struct udphdr*)(buf + iph_len); /* Log ip header */ log_ip(buf); /* Log TCP packet header in file */ slog_to_file("[LIVE] Captured UDP Packet"); slog_to_file("[UDP] Source Port : %d", ntohs(udph->source)); slog_to_file("[UDP] Destination Port : %d", ntohs(udph->dest)); slog_to_file("[UDP] Length : %d", ntohs(udph->len)); slog_to_file("[UDP] Checksum : %d\n", ntohs(udph->check)); /* Dump data if flag is enabled */ if (dump) { /* Dump ip header in file */ slog_to_file("[IP] Header"); dump_data(buf, iph_len); /* Dump udp header in file */ slog_to_file("[UDP] Header"); dump_data(buf + iph_len , sizeof(udph)); /* Dump data playload */ slog_to_file("[DATA] Payload"); dump_data(buf + iph_len + sizeof(udph), (size - sizeof(udph) - iph->ihl * 4)); } slog_file("\n"); }
/* * log_ip - Log IP packet header in file. Function takes packet * buffer, parses it and hexdumps parsed header information in * file. Argument is is packet buffer recieved from socket. */ void log_ip(unsigned char* buf) { /* Used variables */ struct sockaddr_in name, dst; struct iphdr *iph = (struct iphdr *)buf; /* Get source and destination */ memset(&name, 0, sizeof(name)); name.sin_addr.s_addr = iph->saddr; memset(&dst, 0, sizeof(dst)); dst.sin_addr.s_addr = iph->daddr; /* Log ip header */ slog_to_file("[LIVE] Captured IP Header"); slog_to_file("[IP] Version : %d", (unsigned int)iph->version); slog_to_file("[IP] Header Length : %d DWORDS or %d Bytes", (unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4); slog_to_file("[IP] Type Of Service : %d", (unsigned int)iph->tos); slog_to_file("[IP] Total Length : %d Bytes(Size of Packet)", ntohs(iph->tot_len)); slog_to_file("[IP] Identification : %d", ntohs(iph->id)); slog_to_file("[IP] TTL : %d", (unsigned int)iph->ttl); slog_to_file("[IP] Protocol : %d", (unsigned int)iph->protocol); slog_to_file("[IP] Checksum : %d", ntohs(iph->check)); slog_to_file("[IP] Source IP : %s", inet_ntoa(name.sin_addr)); slog_to_file("[IP] Destination IP : %s\n", inet_ntoa(dst.sin_addr)); }
/* * log_tcp - Log TCP packet header in file. Function takes packet buffer, * parses it and dumps parsed header information in file. First argument * is dump flag, if first argument is 1, function will dump packet * payload in log file otherwise it wont. Second argument buf is packet * buffer recieved from socket and third argument size is packet size. */ void log_tcp(short dump, unsigned char* buf, int size) { /* Used variables */ unsigned short iph_len; struct iphdr *iph = (struct iphdr *)buf; /* Get TCP packet header */ iph_len = iph->ihl * 4; struct tcphdr* tcph= (struct tcphdr*)(buf + iph_len); /* Log ip header */ log_ip(buf); /* Log TCP packet header in file */ slog_to_file("[LIVE] Captured TCP Packet"); slog_to_file("[TCP] Source Port : %u", ntohs(tcph->source)); slog_to_file("[TCP] Destination Port : %u", ntohs(tcph->dest)); slog_to_file("[TCP] Sequence Number : %u", ntohl(tcph->seq)); slog_to_file("[TCP] Acknowledge Number : %u", ntohl(tcph->ack_seq)); slog_to_file("[TCP] Header Length : %d DWORDS or %d BYTES" , (unsigned int)tcph->doff,(unsigned int)tcph->doff*4); slog_to_file("[TCP] Urgent Flag : %d", (unsigned int)tcph->urg); slog_to_file("[TCP] Acknowledgement Flag : %d", (unsigned int)tcph->ack); slog_to_file("[TCP] Push Flag : %d", (unsigned int)tcph->psh); slog_to_file("[TCP] Reset Flag : %d", (unsigned int)tcph->rst); slog_to_file("[TCP] Synchronise Flag : %d", (unsigned int)tcph->syn); slog_to_file("[TCP] Finish Flag : %d", (unsigned int)tcph->fin); slog_to_file("[TCP] Window : %d", ntohs(tcph->window)); slog_to_file("[TCP] Checksum : %d", ntohs(tcph->check)); slog_to_file("[TCP] Urgent Pointer : %d\n", tcph->urg_ptr); /* Dump data if flag is enabled */ if (dump) { /* Dump ip header in file */ slog_to_file("[IP] Header"); dump_data(buf, iph_len); /* Dump tcp header in file */ slog_to_file("[TCP] Header"); dump_data(buf + iph_len, tcph->doff * 4); /* Dump data playload */ slog_to_file("[DATA] Payload"); dump_data(buf + iph_len + tcph->doff * 4, (size - tcph->doff * 4 - iph->ihl * 4)); } slog_file("\n"); }
/* * slog - Log exiting process. Function takes arguments and saves * log in file if LOGTOFILE flag is enabled from config. Otherwise * it just prints log without saveing in file. Argument level is * logging level and flag is slog flags defined in slog.h header. */ void slog(int level, int flag, const char *msg, ...) { /* Lock for safe */ if (slg.td_safe) { if (pthread_mutex_lock(&slog_mutex)) { printf("<%s:%d> %s: [ERROR] Can not lock mutex: %d\n", __FILE__, __LINE__, __FUNCTION__, errno); exit(EXIT_FAILURE); } } /* Used variables */ SlogDate mdate; char string[MAXMSG]; char prints[MAXMSG]; char color[32], alarm[32]; char *output; slog_get_date(&mdate); bzero(string, sizeof(string)); bzero(prints, sizeof(prints)); bzero(color, sizeof(color)); bzero(alarm, sizeof(alarm)); /* Read args */ va_list args; va_start(args, msg); vsprintf(string, msg, args); va_end(args); /* Check logging levels */ if(!level || level <= slg.level || level <= slg.file_level) { /* Handle flags */ switch(flag) { case SLOG_LIVE: strncpy(color, CLR_NORMAL, sizeof(color)); strncpy(alarm, "LIVE", sizeof(alarm)); break; case SLOG_INFO: strncpy(color, CLR_GREEN, sizeof(color)); strncpy(alarm, "INFO", sizeof(alarm)); break; case SLOG_WARN: strncpy(color, CLR_YELLOW, sizeof(color)); strncpy(alarm, "WARN", sizeof(alarm)); break; case SLOG_DEBUG: strncpy(color, CLR_BLUE, sizeof(color)); strncpy(alarm, "DEBUG", sizeof(alarm)); break; case SLOG_ERROR: strncpy(color, CLR_RED, sizeof(color)); strncpy(alarm, "ERROR", sizeof(alarm)); break; case SLOG_FATAL: strncpy(color, CLR_RED, sizeof(color)); strncpy(alarm, "FATAL", sizeof(alarm)); break; case SLOG_PANIC: strncpy(color, CLR_WHITE, sizeof(color)); strncpy(alarm, "PANIC", sizeof(alarm)); break; case SLOG_NONE: strncpy(prints, string, sizeof(string)); break; default: strncpy(prints, string, sizeof(string)); flag = SLOG_NONE; break; } /* Print output */ if (level <= slg.level || slg.pretty) { if (flag != SLOG_NONE) sprintf(prints, "[%s] %s", strclr(color, alarm), string); if (level <= slg.level) printf("%s", slog_get(&mdate, "%s\n", prints)); } /* Save log in file */ if (slg.to_file && level <= slg.file_level) { if (slg.pretty) output = slog_get(&mdate, "%s\n", prints); else { if (flag != SLOG_NONE) sprintf(prints, "[%s] %s", alarm, string); output = slog_get(&mdate, "%s\n", prints); } /* Add log line to file */ slog_to_file(output, slg.fname, &mdate); } } /* Done, unlock mutex */ if (slg.td_safe) { if (pthread_mutex_unlock(&slog_mutex)) { printf("<%s:%d> %s: [ERROR] Can not deinitialize mutex: %d\n", __FILE__, __LINE__, __FUNCTION__, errno); exit(EXIT_FAILURE); } } }