📄 log.c
字号:
break;
case ICMP_TIMESTAMP:
fwrite("TIMESTAMP REQUEST", 17, 1, fp);
break;
case ICMP_TIMESTAMPREPLY:
fwrite("TIMESTAMP REPLY", 15, 1, fp);
break;
case ICMP_INFO_REQUEST:
fwrite("INFO REQUEST", 12, 1, fp);
break;
case ICMP_INFO_REPLY:
fwrite("INFO REPLY", 10, 1, fp);
break;
case ICMP_ADDRESS:
fwrite("ADDRESS REQUEST", 15, 1, fp);
break;
case ICMP_ADDRESSREPLY:
fwrite("ADDRESS REPLY", 13, 1, fp);
break;
default:
fwrite("UNKNOWN", 7, 1, fp);
break;
}
putc('\n', fp);
}
void PrintIpOptions(FILE * fp, Packet * p)
{
int i;
int j;
u_long init_offset;
u_long print_offset;
init_offset = ftell(fp);
if(!p->ip_option_count)
return;
fprintf(fp, "IP Options (%d) => ", p->ip_option_count);
for(i = 0; i < (int)p->ip_option_count; i++)
{
print_offset = ftell(fp);
if((print_offset - init_offset) > 60)
{
fwrite("\nIP Options => ", 15, 1, fp);
init_offset = ftell(fp);
}
switch(p->ip_options[i].code)
{
case IPOPT_RR:
fwrite("RR ", 3, 1, fp);
break;
case IPOPT_EOL:
fwrite("EOL ", 4, 1, fp);
break;
case IPOPT_NOP:
fwrite("NOP ", 4, 1, fp);
break;
case IPOPT_TS:
fwrite("TS ", 3, 1, fp);
break;
case IPOPT_SECURITY:
fwrite("SEC ", 4, 1, fp);
break;
case IPOPT_LSRR:
case IPOPT_LSRR_E:
fwrite("LSRR ", 5, 1, fp);
break;
case IPOPT_SATID:
fwrite("SID ", 4, 1, fp);
break;
case IPOPT_SSRR:
fwrite("SSRR ", 5, 1, fp);
break;
case IPOPT_RTRALT:
fwrite("RTRALT ", 7, 1, fp);
break;
default:
fprintf(fp, "Opt %d: ", p->ip_options[i].code);
if(p->ip_options[i].len)
{
for(j = 0; j < (int)p->ip_options[i].len - 2; j += 2)
{
fprintf(fp, "%02X%02X ", p->ip_options[i].data[j], p->ip_options[i].data[j + 1]);
}
}
break;
}
}
fwrite("\n", 1, 1, fp);
}
void PrintTcpOptions(FILE * fp, Packet * p)
{
int i;
int j;
u_char tmp[5];
u_long init_offset;
u_long print_offset;
init_offset = ftell(fp);
fprintf(fp, "TCP Options (%d) => ", p->tcp_option_count);
for(i = 0; i < (int)p->tcp_option_count; i++)
{
print_offset = ftell(fp);
if((print_offset - init_offset) > 60)
{
fwrite("\nTCP Options => ", 16, 1, fp);
init_offset = ftell(fp);
}
switch(p->tcp_options[i].code)
{
case TCPOPT_MAXSEG:
bzero((char *) tmp, 5);
fwrite("MSS: ", 5, 1, fp);
strncpy(tmp, p->tcp_options[i].data, 2);
fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
break;
case TCPOPT_EOL:
fwrite("EOL ", 4, 1, fp);
break;
case TCPOPT_NOP:
fwrite("NOP ", 4, 1, fp);
break;
case TCPOPT_WSCALE:
fprintf(fp, "WS: %u ", p->tcp_options[i].data[0]);
break;
case TCPOPT_SACK:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 2);
fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp));
bzero((char *) tmp, 5);
memcpy(tmp, (p->tcp_options[i].data) + 2, 2);
fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
break;
case TCPOPT_SACKOK:
fwrite("SackOK ", 7, 1, fp);
break;
case TCPOPT_ECHO:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_ECHOREPLY:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_TIMESTAMP:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp));
bzero((char *) tmp, 5);
memcpy(tmp, (p->tcp_options[i].data) + 4, 4);
fprintf(fp, "%u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CC:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCNEW:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCECHO:
bzero((char *) tmp, 5);
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp));
break;
default:
if(p->tcp_options[i].len > 2)
{
fprintf(fp, "Opt %d (%d): ", p->tcp_options[i].code,
(int) p->tcp_options[i].len);
for(j = 0; j < (int)p->tcp_options[i].len - 2; j += 2)
{
fprintf(fp, "%02X%02X ", p->tcp_options[i].data[j],
p->tcp_options[i].data[j + 1]);
}
}
else
{
fprintf(fp, "Opt %d ", p->tcp_options[i].code);
}
break;
}
}
fwrite("\n", 1, 1, fp);
}
/****************************************************************************
*
* Function: LogBin()
*
* Purpose: Log packets in binary (tcpdump) format
*
* Arguments: None.
*
* Returns: void function
*
***************************************************************************/
void LogBin(Packet * p, char *msg, void *arg)
{
if(p != NULL)
{
pcap_dump((u_char *) dumpd, p->pkth, p->pkt);
fflush((FILE *) dumpd);
}
}
/****************************************************************************
*
* Function: IcmpFileName(Packet *p)
*
* Purpose: Set the filename of an ICMP output log according to its type
*
* Arguments: p => Packet data struct
*
* Returns: the name of the file to set
*
***************************************************************************/
char *IcmpFileName(Packet * p)
{
switch(p->icmph->type)
{
case ICMP_ECHOREPLY:
return "ECHO_REPLY";
case ICMP_DEST_UNREACH:
switch(p->icmph->code)
{
case ICMP_NET_UNREACH:
return "NET_UNRCH";
case ICMP_HOST_UNREACH:
return "HST_UNRCH";
case ICMP_PROT_UNREACH:
return "PROTO_UNRCH";
case ICMP_PORT_UNREACH:
return "PORT_UNRCH";
case ICMP_FRAG_NEEDED:
return "UNRCH_FRAG_NEEDED";
case ICMP_SR_FAILED:
return "UNRCH_SOURCE_ROUTE_FAILED";
case ICMP_NET_UNKNOWN:
return "UNRCH_NETWORK_UNKNOWN";
case ICMP_HOST_UNKNOWN:
return "UNRCH_HOST_UNKNOWN";
case ICMP_HOST_ISOLATED:
return "UNRCH_HOST_ISOLATED";
case ICMP_NET_ANO:
return "UNRCH_NET_ANO";
case ICMP_HOST_ANO:
return "UNRCH_HOST_ANO";
case ICMP_NET_UNR_TOS:
return "UNRCH_NET_UNR_TOS";
case ICMP_HOST_UNR_TOS:
return "UNRCH_HOST_UNR_TOS";
case ICMP_PKT_FILTERED:
return "UNRCH_PACKET_FILT";
case ICMP_PREC_VIOLATION:
return "UNRCH_PREC_VIOL";
case ICMP_PREC_CUTOFF:
return "UNRCH_PREC_CUTOFF";
default:
return "UNKNOWN";
}
case ICMP_SOURCE_QUENCH:
return "SRC_QUENCH";
case ICMP_REDIRECT:
return "REDIRECT";
case ICMP_ECHO:
return "ECHO";
case ICMP_TIME_EXCEEDED:
return "TTL_EXCEED";
case ICMP_PARAMETERPROB:
return "PARAM_PROB";
case ICMP_TIMESTAMP:
return "TIMESTAMP";
case ICMP_TIMESTAMPREPLY:
return "TIMESTAMP_RPL";
case ICMP_INFO_REQUEST:
return "INFO_REQ";
case ICMP_INFO_REPLY:
return "INFO_RPL";
case ICMP_ADDRESS:
return "ADDR";
case ICMP_ADDRESSREPLY:
return "ADDR_RPL";
default:
return "UNKNOWN";
}
}
/****************************************************************************
*
* Function: InitLogFile(char *logname)
*
* Purpose: Initialize the tcpdump log file header
*
* Arguments: None.
*
* Returns: void function
*
***************************************************************************/
void InitBinLogFile(char *logname)
{
time_t curr_time; /* place to stick the clock data */
struct tm *loc_time; /* place to stick the adjusted clock data */
char timebuf[10];
char logdir[STD_BUF];
bzero((char *) timebuf, 10);
curr_time = time(NULL);
loc_time = localtime(&curr_time);
strftime(timebuf, 91, "%m%d@%H%M", loc_time);
/* bzero((char *) logdir, STD_BUF);
if(strlen(pv.log_dir) + strlen(timebuf) + 12 < STD_BUF)
sprintf(logdir, "%s/snort-%s.log", pv.log_dir, timebuf);*/
if (logname != NULL && strlen(logname) != 0)
{
if (strlen(pv.log_dir) + strlen(logname) +
strlen( chrootdir == NULL ? "" : chrootdir) + 2 < sizeof(logdir))
{
snprintf (logdir, sizeof(logdir) -1, "%s%s/%s",
chrootdir == NULL ? "" : chrootdir, pv.log_dir, logname);
}
else
{
FatalError("ERROR => InitBinLogFile(logname) %s\n", logname);
}
}
else
{
bzero((char *) timebuf, 10);
curr_time = time(NULL);
loc_time = localtime(&curr_time);
strftime(timebuf, 91, "%m%d@%H%M", loc_time);
bzero((char *) logdir, sizeof(logdir));
if(strlen(pv.log_dir) + strlen(timebuf) +
strlen( chrootdir == NULL ? "" : chrootdir) + 12 < sizeof(logdir))
{
snprintf(logdir, sizeof(logdir) -1, "%s%s/snort-%s.log",
chrootdir == NULL ? "" : chrootdir, pv.log_dir, timebuf);
}
}
#ifdef DEBUG
printf("Opening %s\n", logdir);
#endif
if((dumpd = pcap_dump_open(pd, logdir)) == NULL)
{
FatalError("ERROR => InitBinLogFile(%s) pcap_dump_open: %s\n",
logdir, strerror(errno));
}
#ifdef DEBUG
printf("BinLogFile file initialized\n");
#endif
return;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -