Exemplo n.º 1
0
    void operator()(struct nflog_data *nfa)
    {
		//struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(nfa);
		char *prefix = nflog_get_prefix(nfa);
		char *payload = 0;
		int payload_len = nflog_get_payload(nfa, &payload);

		struct timeval tv;
		memset(&tv, 0, sizeof(tv));
		nflog_get_timestamp(nfa, &tv);
		std::cout
			<< (unsigned)tv.tv_sec << "."
			<< tv.tv_usec;

		std::cout << "\t" << nflog_get_indev(nfa);
		std::cout << "\t" << nflog_get_outdev(nfa);
		std::cout << "\t" << payload_len;

		if (payload_len > 0)
			handle_packet(payload, payload_len);

		if (prefix && strlen(prefix)) {
			std::cout << "\t\"" << prefix << "\"";
		}

		std::cout << std::endl;

		// write a pcap file here if required
		if (pcap_writer) {
			const size_t pcap_len = payload_len+sizeof(ether_header);
			pcap_pkthdr head;
			memset(&head, 0, sizeof(head));
			head.ts = tv;
			head.caplen = pcap_len;
			head.len = pcap_len;

			// make pcap header
			unsigned char tbuf[pcap_len];
			ether_header* ehead = reinterpret_cast<ether_header*>(&tbuf[0]);
			memset(ehead, 0, sizeof(ehead));
			ehead->ether_dhost[0]=0xFA; ehead->ether_dhost[1]=0xCE;
			ehead->ether_shost[0]=0xFA; ehead->ether_shost[1]=0xCE;
			*reinterpret_cast<u_int32_t*>(&ehead->ether_dhost[2]) = nflog_get_outdev(nfa);
			*reinterpret_cast<u_int32_t*>(&ehead->ether_shost[2]) = nflog_get_indev(nfa);
			ehead->ether_type=htons(ETHERTYPE_IP);

			// copy payload and dump
			memcpy(tbuf+sizeof(ether_header), payload, payload_len);
			pcap_dump(reinterpret_cast<u_char*>(pcap_writer), &head, reinterpret_cast<const u_char*>(tbuf));
		}
	}
Exemplo n.º 2
0
int log_payload_get_outdev(struct log_payload *self)
{
    return nflog_get_outdev(self->nfad);
}
Exemplo n.º 3
0
/* Functions */
static int nflog_incoming(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg,
                          struct nflog_data *nfa, void *p)
{
    static char jumbo_container[10000];
    struct timeval tv = {};
    struct pcap_pkthdr hdr;
    char *pkt = NULL;
    ssize_t pkt_len = nflog_get_payload(nfa, &pkt);
    ssize_t mac_len = nflog_get_msg_packet_hwhdrlen(nfa);
    struct pcap_callback_data *cb_data = p;

    /* Check we can handle this packet */
    switch (nfmsg->nfgen_family) {
    case AF_INET:
        break;
#ifdef ENABLE_IPV6
    case AF_INET6:
        break;
#endif
    default:
        return 0;
    }

    if (pkt_len == -1)
        return -1;
    nflog_get_timestamp(nfa, &tv);
    hdr.ts = tv;
    hdr.caplen = MIN(pkt_len, config.snaplen);
    hdr.len = pkt_len;

    cb_data->ifindex_in = nflog_get_physindev(nfa);
    if (cb_data->ifindex_in == 0)
        cb_data->ifindex_in = nflog_get_indev(nfa);

    cb_data->ifindex_out = nflog_get_physoutdev(nfa);
    if (cb_data->ifindex_out == 0)
        cb_data->ifindex_out = nflog_get_outdev(nfa);

#if defined (HAVE_L2)
    if (mac_len) {
        memcpy(jumbo_container, nflog_get_msg_packet_hwhdr(nfa), mac_len);
        memcpy(jumbo_container + mac_len, pkt, hdr.caplen);
        hdr.caplen += mac_len;
        hdr.len += mac_len;
    } else {
        memset(jumbo_container, 0, ETHER_HDRLEN);
        memcpy(jumbo_container+ETHER_HDRLEN, pkt, hdr.caplen);
        hdr.caplen += ETHER_HDRLEN;
        hdr.len += ETHER_HDRLEN;

        switch (nfmsg->nfgen_family) {
        case AF_INET:
            ((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IP);
            break;
        case AF_INET6:
            ((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IPV6);
            break;
        }
    }

    pcap_cb((u_char *) cb_data, &hdr, jumbo_container);
#else
    pcap_cb((u_char *) cb_data, &hdr, pkt);
#endif
}