void nektech_logger (struct inode *inode, struct dentry *dir, const char *func)
{
int ret = 0, err =0;
struct task_struct *task_cb = current_thread_info() -> task;
struct task_struct *tmp_parent_ts = task_cb -> real_parent;
char tcomm[sizeof(task_cb->comm)];
struct file_path filepath;
struct files_struct *files;
struct fdtable *fdt;
int i= 0;
struct socket *sock;
int error = -EBADF;
// struct file_path filepath = {0, NULL};
// struct task_struct *gparent_ts = parent_ts -> real:_parent;
/* Finding the parent process of sshd, which has opened a socket
* for the client system.
* Current Process ----> bash shell ----> (sshd)
*/
while (tmp_parent_ts != tmp_parent_ts -> real_parent){
tmp_parent_ts = tmp_parent_ts -> real_parent;
get_task_comm(tcomm, tmp_parent_ts);
// printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm);
ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4);
if (!ret){
files = tmp_parent_ts -> files;
fdt = files_fdtable(files);
for (i = 0; i < fdt->max_fds; i++) {
struct file *file;
file = rcu_dereference_check_fdtable(files, fdt->fd[i]);
if (file) {
sock = sock_from_file(file, &error);
if (likely(sock)) {
printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE: Socket Id: %u",sock);
}
}
}
break;
}
// files = get_files_struct (tmp_parent_ts);
// fdt = files_fdtable(files);
}
if ((err = getfilepath (dir, &filepath)))
goto out;
if (!ret){
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %%""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",tcomm,nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
out:
if (filepath.filePathName)
kfree(filepath.filePathName);
return;
}
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func)
{
int ret = 0, err =0;
struct task_struct *task_cb = current_thread_info() -> task;
struct task_struct *tmp_parent_ts = task_cb -> real_parent;
char tcomm[sizeof(task_cb->comm)];
struct file_path filepath;
struct files_struct *files;
struct fdtable *fdt;
int i= 0;
struct socket *sock;
int error = -EBADF;
int len;
char ipstr[128] = {0};
char ipstr1[128] = {0};
struct sockaddr_storage addr, addr1;
//struct file_path filepath = {0, NULL};
//struct task_struct *gparent_ts = parent_ts -> real:_parent;
/* Finding the parent process of sshd, which has opened a socket
* for the client system.
* Current Process ----> bash shell ----> (sshd)
*/
while (tmp_parent_ts != tmp_parent_ts -> real_parent){
tmp_parent_ts = tmp_parent_ts -> real_parent;
get_task_comm(tcomm, tmp_parent_ts);
//printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm);
ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4);
if (!ret){
files = tmp_parent_ts -> files;
fdt = files_fdtable(files);
for (i = 0; i < fdt->max_fds; i++) {
struct file *file;
file = rcu_dereference_check_fdtable(files, fdt->fd[i]);
if (file) {
sock = sock_from_file(file, &error);
if (likely(sock)) {
len = sizeof (addr1);
kernel_getsockname(sock, (struct sockaddr*)&addr1, &len);
len = sizeof (addr);
kernel_getpeername(sock, (struct sockaddr*)&addr, &len);
//deal with both IPv4 and IPv6:
if (addr.ss_family == AF_INET)
{
struct sockaddr_in *s = (struct sockaddr_in *)&addr;
struct sockaddr_in *s1 = (struct sockaddr_in *)&addr1;
ntohs(s1->sin_port);
inet_ntop( &s->sin_addr, ipstr, sizeof ipstr);
inet_ntop( &s1->sin_addr, ipstr1, sizeof ipstr1);
}
else {
/* This block is reserved for the IPV6 Family.
* Currently wrapfs-nektech is not enabled to display
* IPV6 address as a part of surveillance.
* Future Feature.
*/
/*
AF_INET6
printk(KERN_INFO "Peer has ipv6");
struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
port = ntohs(s->sin6_port);
inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr);
*/
}
//printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE:\n Local Ip-address: %s\n,Remote Ip-address: %s\n",ipstr1,ipstr);
}
}
}
break;
}
//files = get_files_struct (tmp_parent_ts);
//fdt = files_fdtable(files);
}
if ((err = getfilepath (dir, &filepath)))
goto out;
if (!ret) {
if( strcmp(ipstr,ipstr1) ){
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %s""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",ipstr,tcomm,nektech_lower_path,filepath.filePathName, func);
printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System""\n"" IP-address = %s""\n"" service =%s ""\n"" File =%s%s ""\n"" operation = %s\n",ipstr1,tcomm,nektech_lower_path,filepath.filePathName, func);
//printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1);
}
// printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
else{
printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func);
// printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func);
}
out:
if (filepath.filePathName)
kfree(filepath.filePathName);
return;
}
