ebt_ulog based arpwatch
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

90 lines
3.4KB

  1. /***************************************************************************
  2. * Copyright (C) 07/2007 by Olaf Rempel *
  3. * razzor@kopf-tisch.de *
  4. * *
  5. * This program is free software; you can redistribute it and/or modify *
  6. * it under the terms of the GNU General Public License as published by *
  7. * the Free Software Foundation; version 2 of the License *
  8. * *
  9. * This program is distributed in the hope that it will be useful, *
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  12. * GNU General Public License for more details. *
  13. * *
  14. * You should have received a copy of the GNU General Public License *
  15. * along with this program; if not, write to the *
  16. * Free Software Foundation, Inc., *
  17. * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
  18. ***************************************************************************/
  19. #include <stdlib.h>
  20. #include <stdint.h>
  21. #include <time.h>
  22. #include <net/ethernet.h>
  23. #include <netinet/if_ether.h>
  24. #include <arpa/inet.h>
  25. #include <net/if.h>
  26. #include <linux/netfilter_bridge/ebt_ulog.h>
  27. #include "logging.h"
  28. #if 0
  29. static int is_same_mac(uint8_t *a, uint8_t *b)
  30. {
  31. return ((a[0] ^ b[0]) | (a[1] ^ b[1]) | (a[2] ^ b[2]) |
  32. (a[3] ^ b[3]) | (a[4] ^ b[4]) | (a[5] ^ b[5])) == 0x00;
  33. }
  34. static int is_null_mac(uint8_t *a)
  35. {
  36. return (a[0] | a[1] | a[2] | a[3] | a[4] | a[5]) == 0x00;
  37. }
  38. static int is_broadcast_mac(uint8_t *a)
  39. {
  40. return (a[0] & a[1] & a[2] & a[3] & a[4] & a[5]) == 0xFF;
  41. }
  42. #endif
  43. int parse_ulog_packet(void *data)
  44. {
  45. ebt_ulog_packet_msg_t *pkt = (ebt_ulog_packet_msg_t *)data;
  46. struct ether_header *eh = (struct ether_header *)pkt->data;
  47. struct ether_arp *ah = (struct ether_arp *)(eh +1);
  48. /* only ARP packets with ETHER <-> IPv4 */
  49. if (eh->ether_type != 0x0608 || ah->ea_hdr.ar_hrd != 0x0100 || ah->ea_hdr.ar_pro != 0x0008)
  50. return 0;
  51. char time_str[40];
  52. struct tm *ptm = localtime(&pkt->stamp.tv_sec);
  53. strftime(time_str, sizeof(time_str), "%Y-%m-%d %H:%M:%S", ptm);
  54. char *op = "unknown op ";
  55. if (ah->ea_hdr.ar_op == 0x0100)
  56. op = "ARP Request";
  57. else if (ah->ea_hdr.ar_op == 0x0200)
  58. op = "ARP Reply ";
  59. char sip[16], dip[16];
  60. inet_ntop(AF_INET, ah->arp_spa, sip, sizeof(sip));
  61. inet_ntop(AF_INET, ah->arp_tpa, dip, sizeof(dip));
  62. log_print(LOG_DEBUG, "%s: %s(%s): %02x:%02x:%02x:%02x:%02x:%02x => %02x:%02x:%02x:%02x:%02x:%02x %s %02x:%02x:%02x:%02x:%02x:%02x (%s) => %02x:%02x:%02x:%02x:%02x:%02x (%s)",
  63. time_str, pkt->indev, pkt->physindev,
  64. eh->ether_shost[0], eh->ether_shost[1], eh->ether_shost[2],
  65. eh->ether_shost[3], eh->ether_shost[4], eh->ether_shost[5],
  66. eh->ether_dhost[0], eh->ether_dhost[1], eh->ether_dhost[2],
  67. eh->ether_dhost[3], eh->ether_dhost[4], eh->ether_dhost[5],
  68. op,
  69. ah->arp_sha[0], ah->arp_sha[1], ah->arp_sha[2],
  70. ah->arp_sha[3], ah->arp_sha[4], ah->arp_sha[5], sip,
  71. ah->arp_tha[0], ah->arp_tha[1], ah->arp_tha[2],
  72. ah->arp_tha[3], ah->arp_tha[4], ah->arp_tha[5], dip);
  73. return 0;
  74. }