tcp_dump.c

* A ncurses user interface. * Network statistics to view the amount of packets and data in many

/*

  This file is part of sniffer, a packet capture utility and
  network moniter
  The author can be contacted at <mistral@stev.org>
  the lastest version is avilable from 
  http://stev.org

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "config.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <pthread.h>
#include <fcntl.h>

#include <netinet/in.h>
#include <sys/stat.h>

#include "log.h"
#include "in_ntoa.h"
#include "hex.h"
#include "tcp.h"
#include "tcp_dump.h"

void tcp_dump_init(struct tcp_data *dat) {
	struct tcp_dump *tmp;

	tmp = malloc(sizeof(struct tcp_dump));
	if (!tmp) {
		log_errno("malloc");
		return;
	}

	tmp->filename = tcp_dump_file(dat);


	tmp->fd = open(tmp->filename, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR);
	if (tmp->fd < 0) {
		log_errno("open");
		return;
	}

	dat->func_src = tcp_dump_hex_src;
	dat->func_dst = tcp_dump_hex_dst;
	dat->func_cleanup = tcp_dump_cleanup;
	dat->func_lookup = tcp_dump_move;

	dat->dat = (void *) tmp;
	return;
}

inline char *tcp_dump_file(struct tcp_data *dat) {
	char *file;


	file = malloc(strlen(dat->src.ip_str) + strlen(dat->dest.ip_str) + 50);
	if (!file) {
		log_errno("malloc");
		return NULL;
	}

	sprintf(file, "output/tcp/%s[%u]--%s[%u]", dat->src.ip_str, ntohs(dat->src.port) ,
						dat->dest.ip_str, ntohs(dat->dest.port) );
	return file;
}

void tcp_dump_cleanup(struct tcp_data *dat) {
	struct tcp_dump *tmp;

	tmp = (struct tcp_dump *) dat->dat;
	if (close(tmp->fd) < 0)
		log_errno("close");	
	

	if (tmp->filename)
		free(tmp->filename);
	free(tmp);

}

void tcp_dump_move(struct tcp_data *dat) {
	struct tcp_dump *tmp;
	char *oldpath;
	tmp = (struct tcp_dump *) dat->dat;

	oldpath = tmp->filename;

	tmp->filename = tcp_dump_file(dat);
	if (!tmp->filename)
		return;

	sprintf(tmp->filename, "output/%s[%u]--%s[%u]", dat->src.ip_str, ntohs(dat->src.port) ,
						dat->dest.ip_str, ntohs(dat->dest.port) );

	if (close(tmp->fd) < 0)
		log_errno("close");

	rename(oldpath, tmp->filename);
	tmp->fd = open(tmp->filename, O_CREAT|O_APPEND|O_WRONLY, S_IRUSR|S_IWUSR);
	if (tmp->fd < 0)
		log_errno("open");

	/* free the old filename off */
	if (oldpath)
		free(oldpath);

}

void tcp_dump_hex_dst(struct sniff_pkt *pkt, struct tcp_data *tcp, char *data, int length) {
	char *buff;
	struct tcp_dump *tmp;
	int buff_len;

	buff = malloc(1024);
	if (!buff) {
		log_errno("malloc");
		return;
	}

	tmp = (struct tcp_dump *) tcp->dat;

	buff_len = sprintf(buff, "< SEQ: %lu ACK: %lu WIN: %u CHECK: %u ",
			(unsigned long ) tcp->dest.head.seq,
			(unsigned long ) tcp->dest.head.ack_seq,
			tcp->dest.head.window,
			tcp->dest.head.check);

	if (tcp->dest.head.syn)
		buff_len += sprintf(buff + buff_len, "SYN ");
	if (tcp->dest.head.fin)
		buff_len += sprintf(buff + buff_len, "FIN ");
	if (tcp->dest.head.urg)
		buff_len += sprintf(buff + buff_len, "URG ");
	if (tcp->dest.head.ack)
		buff_len += sprintf(buff + buff_len, "ACK ");
	if (tcp->dest.head.psh)
		buff_len += sprintf(buff + buff_len, "PSH ");
	if (tcp->dest.head.rst)
		buff_len += sprintf(buff + buff_len, "RST ");

	buff_len += sprintf(buff + buff_len, "\n");

	if (write(tmp->fd, buff, buff_len) < buff_len)
		log_errno("write");
	free(buff);

	buff = hex_conv(data, length);
	if (buff) {
		buff_len = strlen(buff);
		if (write(tmp->fd, buff, buff_len) < buff_len)
			log_errno("write");
		free(buff);
	}
}

void tcp_dump_hex_src(struct sniff_pkt *pkt, struct tcp_data *tcp, char *data, int length) {
	char *buff;
	struct tcp_dump *tmp;
	int buff_len;

	buff = malloc(1024);
	if (!buff) {
		log_errno("malloc");
		return;
	}

	tmp = (struct tcp_dump *) tcp->dat;

	buff_len = sprintf(buff, "> SEQ: %lu ACK: %lu WIN: %u CHECK: %u ",
			(unsigned long) tcp->src.head.seq,
			(unsigned long) tcp->src.head.ack_seq,
			tcp->src.head.window,
			tcp->src.head.check);

	if (tcp->src.head.syn)
		buff_len += sprintf(buff + buff_len, "SYN ");
	if (tcp->src.head.fin)
		buff_len += sprintf(buff + buff_len, "FIN ");
	if (tcp->src.head.urg)
		buff_len += sprintf(buff + buff_len, "URG ");
	if (tcp->src.head.ack)
		buff_len += sprintf(buff + buff_len, "ACK ");
	if (tcp->src.head.psh)
		buff_len += sprintf(buff + buff_len, "PSH ");
	if (tcp->src.head.rst)
		buff_len += sprintf(buff + buff_len, "RST ");

	buff_len += sprintf(buff + buff_len, "\n");

	if (write(tmp->fd, buff, buff_len) < buff_len)
		log_errno("write");
	free(buff);

	/* now for the data part */
	buff = hex_conv(data, length);
	if (buff) {
		buff_len = strlen(buff);
		if (write(tmp->fd, buff, buff_len) < buff_len)
			log_errno("write");
		free(buff);
	}
}