perroudp.c

记录IP/TCP/UDP/ICMP网络包日志

/*
   Perroudp - UDP logging routines
   --------------------------------------------------------------------
   Perro - The Internet Protocols logger

   Copyright (C) 1998, 1999, 2000 Diego Javier Grigna <diego@grigna.com>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#include "common.h"

void usage( void);

int main( int argc, char *argv[])
{
 FILE *fperro;         /* Simple log file pointer            */
 FILE *fpraw;          /* Raw log file poinetr               */
 char buf[     65535]; /* The buffer we use to read a packet */
 struct perro_iphdr  *iph;  /* IP header pointer             */
 struct perro_udphdr *udph; /* UDP header pointer            */
 struct in_addr addrs;
 /* Mask to apply for IP addresses to ignore */
 struct in_addr mask[ PER_IGN_HOST];
 /* Mask to apply for ignored packets        */
 struct in_addr ignoremask[ PER_IGN_HOST];
 struct tm *ltm;       /* Used by localtime(3)               */
 time_t t;             /* Used by time(2)                    */
 char *ti;             /* Used by ctime(3)                   */
 int ch;               /* For command line parsing           */
 int iphlen;           /* IP header length (Used to skip     */
                       /* options)                           */
 int i;

 progname = perro_basename( strdup( argv[ 0]));

 if( argc < 2)
     usage();

 perro_init();

 /* Parse command line */

 while(( ch = getopt( argc, argv, "qlwri:")) != EOF){
         switch( ch) {
                case 'q': flag_quiet = 1;
                          break;
                case 'l': flag_log   = 1;
                          break;
                case 'w': flag_raw   = 1;
                          break;
                case 'r': flag_dont_resolve = 0;
                          break;
                case 'i': if( qty_ignore >= PER_IGN_HOST) {
                              fprintf( stderr, "%s: Quantity of ignored host too long: %d\n", progname, qty_ignore);
                              exit( -1);
                          }
                          process_host_and_mask( optarg, &mask[ qty_ignore], &ignoremask[ qty_ignore]);
                          qty_ignore++;
                          break;
                default : usage();
         }
 }

 if( !flag_log && !flag_raw)
     usage();

 open_socket( IPPROTO_UDP);
 show_version( "perroudp (UDP logger)");
 gobackground();
 init_signals();

 if( flag_log) {
     fperro = fopen( PER_UDP_LOG, "a+");

     t  = time( NULL);
     ti = ctime( &t);

     /* Write log headings */
     fprintf( fperro, "%s\n", perro_hyphen);
     fprintf( fperro, "Perro UDP logger - Begins at %-24.24s\n", ti);
     fprintf( fperro, "%s\n", perro_hyphen);
     if( qty_ignore != 0) {
         fprintf( fperro, "Ignore hostname/mask enabled.\n");
         for( i = 0; i < qty_ignore; i++) {
              fprintf( fperro, "%-5d: Mask            : %s\n", i, inet_ntoa( mask[       i]));
              fprintf( fperro, "%-5d: Ignore host mask: %s\n", i, inet_ntoa( ignoremask[ i]));
         }
         fprintf( fperro, "%s\n", perro_hyphen);
     }
     fprintf( fperro, "-      Date      -   Source IP   -     Domain Name     -dst port- Service name -\n");
     fprintf( fperro, "%s\n", perro_hyphen);

     fclose( fperro);
 }


 while( 1) {
again:
        if( read( socket_fd, buf, sizeof( buf)) <= 0)
            continue;

        /* Cast the IP header */
        iph = ( struct perro_iphdr *) buf;

        /* Do we ignore some IP addresses? */
        if( qty_ignore != 0) {
            /*
             * Take the IP source address
             * 'and' it with the mask
             * and if it is equal to the ignore mask
             * ignore the packet
             */

            addrs.s_addr = iph->saddr;

            for( i = 0; i < qty_ignore; i++)
                 if( (addrs.s_addr & mask[ i].s_addr) == ignoremask[ i].s_addr)
                      goto again;
        }

        /* Skip IP options */
        iphlen  = ( iph->hlv & 0x0F) << 2;
        iphlen -= 20;

        /* Cast the UDP header */
        udph = ( struct perro_udphdr *) &buf[ sizeof( struct perro_iphdr) + iphlen];

        t = time( NULL);

        /* Make a simple human readeable log */
        if( flag_log) {
            fperro = fopen( PER_UDP_LOG, "a+");

            ltm = localtime( &t);

            addrs.s_addr = iph->saddr;
            fprintf( fperro, "%02d:%02d:%02d %02d/%02d/%02d %-15.15s  %-19.19s    %5d   %-12.12s\n"
                             , ltm->tm_hour     , ltm->tm_min , ltm->tm_sec
                             , ltm->tm_mon + 1  , ltm->tm_mday
                             , ltm->tm_year >= 100 ?
                               ltm->tm_year - 100 : ltm->tm_year
                             , inet_ntoa( addrs), resolve_host_name( iph->saddr)
                             , htons( udph->dest), get_serv_name( udph->dest, "udp"));
            fclose( fperro);
        }

        /* Dump time + raw data */

        if( flag_raw) {
            fpraw = fopen( PER_UDP_RAW,"a+");
            fwrite(  &t,           sizeof( t), 1, fpraw);
            fwrite( buf, htons( iph->tot_len), 1, fpraw);
            fclose( fpraw);
        }

 } /* end while( 1) */

 close( socket_fd);

 return 0;
}

void usage( void)
{
 fprintf( stderr, "\nPerro Release %s - perroudp (UDP logger)\n\n"
                  "         by  Diego J. Grigna (diego@grigna.com)\n\n"
                  "Usage:\n%s [-q] [-lwr] [-i hostname[/mask]]\n"
                  "\t-q\t Quiet mode, don't send output to stdout.\n"
                  "\t-l\t Make a simple human readeable log\n"
                  "\t-w\t Log time + raw data\n"
                  "\t-r\t Resolve domain names\n"
                  "\t-i\t Ignore packets from hostname/mask\n\n"
                  , PER_VERSION, progname);

 exit( -1);
}