📄 log.c
字号:
frame_ptr += FRAME_SIZE;
}
}
}
/*
* Function: PrintCharData(FILE *, char *,int)
*
* Purpose: Dump the ASCII data from a packet
* the left, decoded ASCII on the right.
*
* Arguments: fp => ptr to stream to print to
* data => pointer to buffer data
* data_len => length of data buffer
*
* Returns: void function
*/
void PrintCharData(FILE * fp, char *data, int data_len)
{
int bytes_processed; /* count of bytes in the data buffer
* processed so far */
int linecount = 0; /* number of lines in this dump */
char *index; /* index pointer into the data buffer */
char *ddb_ptr; /* index pointer into the data_dump_buffer */
/* if there's no data, return */
if(data == NULL)
{
return;
}
/* if we've already setup the buffer, just reprint it */
if(dump_ready)
{
fwrite(data_dump_buffer, dump_size, 1, fp);
fflush(fp);
return;
}
/* setup the pointers and counters */
bytes_processed = data_len;
index = data;
/* allocate a buffer to print the data to */
data_dump_buffer = (char *) calloc(data_len + (data_len >> 6) + 2, sizeof(char));
ddb_ptr = data_dump_buffer;
/* loop thru the bytes in the data buffer */
while(bytes_processed)
{
if(*index > 0x1F && *index < 0x7F)
{
*ddb_ptr = *index;
}
else
{
*ddb_ptr = '.';
}
if(++linecount == 64)
{
ddb_ptr++;
*ddb_ptr = '\n';
linecount = 0;
}
ddb_ptr++;
index++;
bytes_processed--;
}
/* slam a \n on the back */
ddb_ptr++;
*ddb_ptr = '\n';
ddb_ptr++;
/* setup the globals */
dump_ready = 1;
dump_size = (int) (ddb_ptr - data_dump_buffer);
fwrite(data_dump_buffer, dump_size, 1, fp);
}
/*
* Function: PrintIPPkt(FILE *, int, Packet *)
*
* Purpose: Dump the packet to the stream pointer
*
* Arguments: fp => pointer to print data to
* type => packet protocol
* p => pointer to decoded packet struct
*
* Returns: void function
*/
void PrintIPPkt(FILE * fp, int type, Packet * p)
{
char timestamp[23];
#ifdef DEBUG
printf("PrintIPPkt type = %d\n", type);
#endif
bzero((char *) timestamp, 23);
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
fwrite(timestamp, 22, 1, fp);
/* dump the ethernet header if we're doing that sort of thing */
if(pv.show2hdr_flag)
{
Print2ndHeader(fp, p);
}
/* etc */
PrintIPHeader(fp, p);
/* if this isn't a fragment, print the other header info */
if(!p->frag_flag)
{
switch(p->iph->ip_proto)
{
case IPPROTO_TCP:
if(p->tcph != NULL)
{
PrintTCPHeader(fp, p);
}
else
{
PrintNetData(fp, (char *) (p->iph + (p->iph->ip_hlen << 2)), (p->iph->ip_len - (p->iph->ip_hlen << 2)));
}
break;
case IPPROTO_UDP:
if(p->udph != NULL)
{
PrintUDPHeader(fp, p);
}
else
{
PrintNetData(fp, (char *) (p->iph + (p->iph->ip_hlen << 2)), (p->iph->ip_len - (p->iph->ip_hlen << 2)));
}
break;
case IPPROTO_ICMP:
if(p->icmph != NULL)
{
PrintICMPHeader(fp, p);
}
else
{
PrintNetData(fp, (char *) (p->iph + (p->iph->ip_hlen << 2)), (p->iph->ip_len - (p->iph->ip_hlen << 2)));
}
break;
default:
break;
}
}
/* dump the application layer data */
if(pv.data_flag && !pv.verbose_bytedump_flag)
{
if(pv.char_data_flag)
PrintCharData(fp, p->data, p->dsize);
else
PrintNetData(fp, p->data, p->dsize);
}
else if(pv.verbose_bytedump_flag)
{
PrintNetData(fp, p->pkt, p->pkth->caplen);
}
fprintf(fp, "=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+\n\n");
}
/*
* Function: OpenAlertSock
*
* Purpose: Connect to UNIX socket for alert logging..
*
* Arguments: none..
*
* Returns: void function
*/
void OpenAlertSock()
{
char *srv = UNSOCK_FILE;
if(access(srv, W_OK))
{
ErrorMessage("WARNING: %s file doesn't exist or isn't writable!\n", srv);
}
bzero((char *) &alertaddr, sizeof(alertaddr));
bcopy((const void *) srv, (void *) alertaddr.sun_path, strlen(srv)); /* we trust what we
* define */
alertaddr.sun_family = AF_UNIX;
if((alertsd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
{
FatalError("socket() call failed: %s", strerror(errno));
}
}
/****************************************************************************
*
* Function: OpenAlertFile(char *)
*
* Purpose: Set up the file pointer/file for alerting
*
* Arguments: filearg => the filename to open
*
* Returns: file handle
*
***************************************************************************/
FILE *OpenAlertFile(char *filearg)
{
char filename[STD_BUF + 1];
FILE *file;
if(filearg == NULL)
{
if(!pv.daemon_flag)
#ifdef WIN32
snprintf(filename, STD_BUF, "%s%s/alert.ids", chrootdir == NULL ?
#else
snprintf(filename, STD_BUF, "%s%s/alert", chrootdir == NULL ?
#endif
"" : chrootdir, pv.log_dir);
else
snprintf(filename, STD_BUF, "%s%s/%s", chrootdir == NULL ?
"" : chrootdir, pv.log_dir, DEFAULT_DAEMON_ALERT_FILE);
}
else
{
snprintf(filename, STD_BUF, "%s%s", chrootdir == NULL ?
"" : chrootdir, filearg);
}
#ifdef DEBUG
printf("Opening alert file: %s\n", filename);
#endif
if((file = fopen(filename, "a")) == NULL)
{
FatalError("ERROR in OpenAlertFile() => fopen() alert file %s: %s\n",
filename, strerror(errno));
}
#ifdef WIN32
/* Do not buffer in WIN32 */
setvbuf(file, (char *) NULL, _IONBF, (size_t) 0);
#else
setvbuf(file, (char *) NULL, _IOLBF, (size_t) 0);
#endif
return file;
}
/*
*
* Function: ClearDumpBuf()
*
* Purpose: Clear out the buffer that PrintNetData() generates
*
* Arguments: None.
*
* Returns: void function
*
*/
void ClearDumpBuf()
{
if(data_dump_buffer != NULL && dump_ready)
free(data_dump_buffer);
else
return;
data_dump_buffer = NULL;
dump_ready = 0;
}
/*
* Function: FullAlert(Packet *, char *, void *)
*
* Purpose: Stub function for compatability
*
* Arguments: p => ptr to packet data
* msg => message to send to alert facility
* arg => arguments to the alert facility
*
* Returns: void function
*/
void FullAlert(Packet * p, char *msg, void *arg)
{
AlertFull(p, msg, alert);
return;
}
/*
*
* Function: AlertFull(char *)
*
* Purpose: Write a full and informative alert message
*
* Arguments: p => packet. (could be NULL)
* msg => the message to send
* file => file pointer to print data to
*
* Returns: void function
*
*/
void AlertFull(Packet * p, char *msg, FILE * file)
{
char timestamp[23];
if(msg != NULL)
{
if(pv.alert_interface_flag)
{
fwrite("[**] ", 5, 1, file);
#ifdef WIN32
fprintf(file, " <%s> ", print_interface(pv.interfaces[0]));
#else
fprintf(file, " <%s> ", pv.interfaces[0]);
#endif
fwrite(msg, strlen(msg), 1, file);
fwrite(" [**]\n", 6, 1, file);
}
else
{
fwrite("[**] ", 5, 1, file);
fwrite(msg, strlen(msg), 1, file);
fwrite(" [**]\n", 6, 1, file);
}
}
else
{
fwrite("[**] Snort Alert! [**]\n", 22, 1, file);
}
#ifdef DEBUG
printf("Logging Alert data!\n");
#endif
bzero((char *) timestamp, 23);
ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
fwrite(timestamp, 22, 1, file);
if(p)
{
/* print the packet header to the alert file */
if(pv.show2hdr_flag)
{
Print2ndHeader(file, p);
}
PrintIPHeader(file, p);
/* if this isn't a fragment, print the other header info */
if(!p->frag_flag)
{
switch(p->iph->ip_proto)
{
case IPPROTO_TCP:
PrintTCPHeader(file, p);
break;
case IPPROTO_UDP:
PrintUDPHeader(file, p);
break;
case IPPROTO_ICMP:
PrintICMPHeader(file, p);
break;
default:
break;
}
}
} /* End of if(p) */
fputc('\n', file);
return;
}
void FastAlert(Packet * p, char *msg, void *arg)
{
AlertFast(p, msg, alert);
return;
}
/****************************************************************************
*
* Function: FastAlert(Packet *, char *)
*
* Purpose: Write a minimal alert message to the alert file
*
* Arguments: p => pointer to the packet data struct (could be NULL)
* msg => the message to print in the alert
*
* Returns: void function
*
***************************************************************************/
void AlertFast(Packet * p, char *msg, FILE * file)
{
char timestamp[23];
bzero((char *) timestamp, 23);
ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
fwrite(timestamp, 22, 1, file);
if(msg != NULL)
{
if(pv.alert_interface_flag)
{
fwrite(" [**] ", 6, 1, file);
#ifdef WIN32
fprintf(file, " <%s> ", print_interface(pv.interfaces[0]));
#else
fprintf(file, " <%s> ", pv.interfaces[0]);
#endif
fwrite(msg, strlen(msg), 1, file);
fwrite(" [**] ", 6, 1, file);
}
else
{
fwrite(" [**] ", 6, 1, file);
fwrite(msg, strlen(msg), 1, file);
fwrite(" [**] ", 6, 1, file);
}
}
/* print the packet header to the alert file */
if(p)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -