File: icmplog.c

package info (click to toggle)
iplogger 1.00-10
  • links: PTS
  • area: main
  • in suites: hamm
  • size: 144 kB
  • ctags: 24
  • sloc: ansic: 368; sh: 65; makefile: 42
file content (190 lines) | stat: -rw-r--r-- 4,814 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <fcntl.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#ifndef DEBIAN
#include <linux/ip.h>
#include <linux/icmp.h>
#else
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#endif
extern int errno;

#ifdef DEBIAN

#include <string.h>
#include <stdarg.h>
#include <time.h>

#include "filelog.c"

#endif

#ifndef NOFILE
#define NOFILE 1024
#endif

int go_background(void);
char *hostlookup(unsigned long int);

struct ippkt
{
   struct iphdr ip;
   struct icmphdr icmp;
   char buffer[10000];
}pkt;

int go_background(void)
{
   int fd;
   int fs;
   
   if(getppid() != 1)
   {
      signal(SIGTTOU, SIG_IGN);
      signal(SIGTTIN, SIG_IGN);
      signal(SIGTSTP, SIG_IGN);
      fs=fork();
      if(fs < 0)
      {
         perror("fork");
         exit(1);
      }
      if(fs > 0) exit(0);
#ifndef DEBIAN
      setpgrp();
#endif
      fd=open("/dev/tty", O_RDWR);
      if(fd >= 0)
      {
         ioctl(fd, TIOCNOTTY, (char *)NULL);
         close(fd);
      }
   }
   for(fd=0;fd < NOFILE;fd++) close(fd);
   errno=0;
   chdir("/");
   umask(0);
#ifdef DEBIAN
   setsid();
   return 0;
#endif
}

#ifdef DEBIAN
int main(int argc, char **argv)
#else
int main(void)
#endif
{
   int s;
#ifndef DEBIAN
   int i;
#else
   struct logger log;
#endif

   setuid(0);   
   if(geteuid() != 0)
   {
      printf("This program requires root privleges\n");
      exit(0);
   }
#ifdef DEBIAN
   argv++;
   log.file = 0;
   log.f = (void *) syslog;
   while(*argv) {
     if (!strcmp(*argv,"-l")) {
       log.file = 1;
       log.f = (void *) filelog;
     }
      if (!strcmp(*argv,"--help")) {
         printf("icmplogd [-l]: ICMP session logger\n\t-l  logs into a file rather than using syslog\n");
	 return 0;
      }
      argv++;
   }
#endif
   go_background();
   s=socket(AF_INET, SOCK_RAW, 1);
#ifndef DEBIAN
   if (log.file == 0)
#endif
   openlog("icmplogd", 0, LOG_DAEMON);
   
   while(1)
   {
      read(s, (struct ippkt *)&pkt, 9999);
      if(pkt.ip.ihl != 5)
      {
#ifdef DEBIAN
	log.f(LOG_NOTICE, "suspicious ip options from %s", hostlookup(pkt.ip.daddr));
#else
         syslog(LOG_NOTICE, "suspicious ip options from %s", hostlookup(pkt.ip.daddr));
#endif
         continue;
      }         
#ifdef DEBIAN
      if(pkt.icmp.type == ICMP_DEST_UNREACH) log.f(LOG_NOTICE,"destination unreachable from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_SOURCE_QUENCH) log.f(LOG_NOTICE,"source quench from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_REDIRECT) log.f(LOG_NOTICE,"source route from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_ECHO) log.f(LOG_NOTICE,"ping from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_INFO_REQUEST) log.f(LOG_NOTICE,"info request from %s", hostlookup(pkt.ip.saddr));

      if(pkt.icmp.type == 9) log.f(LOG_NOTICE,"router advertisment from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == 10) log.f(LOG_NOTICE,"router solicitation from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == 37) log.f(LOG_NOTICE,"dns request from %s", hostlookup(pkt.ip.saddr));
#else
      if(pkt.icmp.type == ICMP_DEST_UNREACH) syslog(LOG_NOTICE,"destination unreachable from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_SOURCE_QUENCH) syslog(LOG_NOTICE,"source quench from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_REDIRECT) syslog(LOG_NOTICE,"source route from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_ECHO) syslog(LOG_NOTICE,"ping from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == ICMP_INFO_REQUEST) syslog(LOG_NOTICE,"info request from %s", hostlookup(pkt.ip.saddr));

      if(pkt.icmp.type == 9) syslog(LOG_NOTICE,"router advertisment from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == 10) syslog(LOG_NOTICE,"router solicitation from %s", hostlookup(pkt.ip.saddr));
      if(pkt.icmp.type == 37) syslog(LOG_NOTICE,"dns request from %s", hostlookup(pkt.ip.saddr));
#endif

   }
}
   

char *hostlookup(unsigned long int in)
{
   static char blah[1024];
#ifdef DEBIAN
   static char address[24];
#endif
   struct in_addr i;
   struct hostent *he;
         
   i.s_addr=in;
   he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);
#ifndef DEBIAN
   if(he == NULL) strcpy(blah, inet_ntoa(i));
   else strcpy(blah, he->h_name);
#else
   if(he) {
     strncpy(blah, he->h_name, 1000);
     blah[1000] = '\0';
     sprintf(address, " [%.20s]", inet_ntoa(i));
     strcat(blah, address);
   }
   else
     sprintf(blah, "[%.20s]", inet_ntoa(i));
#endif
   return blah;
}