17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed. 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 57c478bd9Sstevel@tonic-gate * 6*ab25eeb5Syz155240 * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ 77c478bd9Sstevel@tonic-gate */ 87c478bd9Sstevel@tonic-gate 97c478bd9Sstevel@tonic-gate /* 107c478bd9Sstevel@tonic-gate tcpdump -n 117c478bd9Sstevel@tonic-gate 127c478bd9Sstevel@tonic-gate 00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap) 137c478bd9Sstevel@tonic-gate 147c478bd9Sstevel@tonic-gate tcpdump -nq 157c478bd9Sstevel@tonic-gate 167c478bd9Sstevel@tonic-gate 00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap) 177c478bd9Sstevel@tonic-gate 187c478bd9Sstevel@tonic-gate tcpdump -nqt 197c478bd9Sstevel@tonic-gate 207c478bd9Sstevel@tonic-gate 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 217c478bd9Sstevel@tonic-gate 227c478bd9Sstevel@tonic-gate tcpdump -nqtt 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate 123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate tcpdump -nqte 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate 8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate */ 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include "ipf.h" 337c478bd9Sstevel@tonic-gate #include "ipt.h" 347c478bd9Sstevel@tonic-gate 35*ab25eeb5Syz155240 #ifndef linux 367c478bd9Sstevel@tonic-gate #include <netinet/ip_var.h> 37*ab25eeb5Syz155240 #endif 387c478bd9Sstevel@tonic-gate #include <netinet/tcpip.h> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #if !defined(lint) 427c478bd9Sstevel@tonic-gate static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; 43*ab25eeb5Syz155240 static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; 447c478bd9Sstevel@tonic-gate #endif 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate static int tcpd_open __P((char *)); 477c478bd9Sstevel@tonic-gate static int tcpd_close __P((void)); 487c478bd9Sstevel@tonic-gate static int tcpd_readip __P((char *, int, char **, int *)); 497c478bd9Sstevel@tonic-gate static int count_dots __P((char *)); 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip, 0 }; 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate static FILE *tfp = NULL; 547c478bd9Sstevel@tonic-gate static int tfd = -1; 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate static int tcpd_open(fname) 587c478bd9Sstevel@tonic-gate char *fname; 597c478bd9Sstevel@tonic-gate { 607c478bd9Sstevel@tonic-gate if (tfd != -1) 617c478bd9Sstevel@tonic-gate return tfd; 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate if (!strcmp(fname, "-")) { 647c478bd9Sstevel@tonic-gate tfd = 0; 657c478bd9Sstevel@tonic-gate tfp = stdin; 667c478bd9Sstevel@tonic-gate } else { 677c478bd9Sstevel@tonic-gate tfd = open(fname, O_RDONLY); 687c478bd9Sstevel@tonic-gate tfp = fdopen(tfd, "r"); 697c478bd9Sstevel@tonic-gate } 707c478bd9Sstevel@tonic-gate return tfd; 717c478bd9Sstevel@tonic-gate } 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate static int tcpd_close() 757c478bd9Sstevel@tonic-gate { 767c478bd9Sstevel@tonic-gate (void) fclose(tfp); 777c478bd9Sstevel@tonic-gate return close(tfd); 787c478bd9Sstevel@tonic-gate } 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate static int count_dots(str) 827c478bd9Sstevel@tonic-gate char *str; 837c478bd9Sstevel@tonic-gate { 847c478bd9Sstevel@tonic-gate int i = 0; 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate while (*str) 877c478bd9Sstevel@tonic-gate if (*str++ == '.') 887c478bd9Sstevel@tonic-gate i++; 897c478bd9Sstevel@tonic-gate return i; 907c478bd9Sstevel@tonic-gate } 917c478bd9Sstevel@tonic-gate 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate static int tcpd_readip(buf, cnt, ifn, dir) 947c478bd9Sstevel@tonic-gate char *buf, **ifn; 957c478bd9Sstevel@tonic-gate int cnt, *dir; 967c478bd9Sstevel@tonic-gate { 977c478bd9Sstevel@tonic-gate struct tcpiphdr pkt; 987c478bd9Sstevel@tonic-gate ip_t *ip = (ip_t *)&pkt; 997c478bd9Sstevel@tonic-gate char src[32], dst[32], misc[256], time[32], link1[32], link2[32]; 1007c478bd9Sstevel@tonic-gate char lbuf[160], *s; 1017c478bd9Sstevel@tonic-gate int n, slen, extra = 0; 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate if (!fgets(lbuf, sizeof(lbuf) - 1, tfp)) 1047c478bd9Sstevel@tonic-gate return 0; 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate if ((s = strchr(lbuf, '\n'))) 1077c478bd9Sstevel@tonic-gate *s = '\0'; 1087c478bd9Sstevel@tonic-gate lbuf[sizeof(lbuf)-1] = '\0'; 1097c478bd9Sstevel@tonic-gate 1107c478bd9Sstevel@tonic-gate bzero(&pkt, sizeof(pkt)); 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3) 1137c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s", 1147c478bd9Sstevel@tonic-gate time, src, dst, misc)) != 4) 1157c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s", 1167c478bd9Sstevel@tonic-gate link1, link2, src, dst, misc)) != 5) { 1177c478bd9Sstevel@tonic-gate n = sscanf(lbuf, 1187c478bd9Sstevel@tonic-gate "%31s %31s %31s: %31s > %31s: %255s", 1197c478bd9Sstevel@tonic-gate time, link1, link2, src, dst, misc); 1207c478bd9Sstevel@tonic-gate if (n != 6) 1217c478bd9Sstevel@tonic-gate return -1; 1227c478bd9Sstevel@tonic-gate } 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate if (count_dots(dst) == 4) { 1257c478bd9Sstevel@tonic-gate s = strrchr(src, '.'); 1267c478bd9Sstevel@tonic-gate *s++ = '\0'; 1277c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_src); 1287c478bd9Sstevel@tonic-gate pkt.ti_sport = htons(atoi(s)); 1297c478bd9Sstevel@tonic-gate *--s = '.'; 1307c478bd9Sstevel@tonic-gate s = strrchr(dst, '.'); 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate *s++ = '\0'; 1337c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_dst); 1347c478bd9Sstevel@tonic-gate pkt.ti_dport = htons(atoi(s)); 1357c478bd9Sstevel@tonic-gate *--s = '.'; 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate } else { 1387c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_src); 1397c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_dst); 1407c478bd9Sstevel@tonic-gate } 1417c478bd9Sstevel@tonic-gate ip->ip_len = sizeof(ip_t); 1427c478bd9Sstevel@tonic-gate IP_HL_A(ip, sizeof(ip_t)); 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate s = strtok(misc, " :"); 1457c478bd9Sstevel@tonic-gate ip->ip_p = getproto(s); 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate switch (ip->ip_p) 1487c478bd9Sstevel@tonic-gate { 1497c478bd9Sstevel@tonic-gate case IPPROTO_TCP : 1507c478bd9Sstevel@tonic-gate case IPPROTO_UDP : 1517c478bd9Sstevel@tonic-gate s = strtok(NULL, " :"); 1527c478bd9Sstevel@tonic-gate ip->ip_len += atoi(s); 1537c478bd9Sstevel@tonic-gate if (ip->ip_p == IPPROTO_TCP) 1547c478bd9Sstevel@tonic-gate extra = sizeof(struct tcphdr); 1557c478bd9Sstevel@tonic-gate else if (ip->ip_p == IPPROTO_UDP) 1567c478bd9Sstevel@tonic-gate extra = sizeof(struct udphdr); 1577c478bd9Sstevel@tonic-gate break; 1587c478bd9Sstevel@tonic-gate #ifdef IGMP 1597c478bd9Sstevel@tonic-gate case IPPROTO_IGMP : 1607c478bd9Sstevel@tonic-gate extra = sizeof(struct igmp); 1617c478bd9Sstevel@tonic-gate break; 1627c478bd9Sstevel@tonic-gate #endif 1637c478bd9Sstevel@tonic-gate case IPPROTO_ICMP : 1647c478bd9Sstevel@tonic-gate extra = sizeof(struct icmp); 1657c478bd9Sstevel@tonic-gate break; 1667c478bd9Sstevel@tonic-gate default : 1677c478bd9Sstevel@tonic-gate break; 1687c478bd9Sstevel@tonic-gate } 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate slen = IP_HL(ip) + extra + ip->ip_len; 1717c478bd9Sstevel@tonic-gate return slen; 1727c478bd9Sstevel@tonic-gate } 173