[ http://www.rootshell.com/ ] From mc6448@mclink.it Sun Mar 15 12:01:23 1998 Date: Sun, 15 Mar 1998 20:52:55 +0100 (MET) From: Paolo Rocchi To: info@rootshell.com Subject: Source Route logger This is something I wrote a few months ago for testing purposes. Incoming source routed connections are not an issue with Linux, as the kernel drops them by default unless you intentionally turn that option off at compile time. Nevertheless, someone may find a use for this (e.g. porting it to other unices). Regards. --srlog.c---------------------------------------------------------------------- /* Source Route logger v.0.13 - by Paolo Rocchi, mc6448@mclink.it 1/4/97 Based on original code from IpLogger Package by Mike Edulla and ipl by loqi. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include extern int errno; #ifndef NOFILE #define NOFILE 1024 #endif int go_background(void); char *hostlookup(unsigned long int); char *servlookup(unsigned short); int go_background(void) { int fd; int fs; if(getppid() != 1) { signal(SIGTTOU, SIG_IGN); signal(SIGTTIN, SIG_IGN); signal(SIGTSTP, SIG_IGN); fs=fork(); if(fs < 0) { perror("fork"); exit(1); } if(fs > 0) exit(0); setpgrp(); fd=open("/dev/tty", O_RDWR); if(fd >= 0) { ioctl(fd, TIOCNOTTY, (char *)NULL); close(fd); } } for(fd=0;fd < NOFILE;fd++) close(fd); errno=0; chdir("/"); umask(0); } print_data(int count, char *buff) { int i,j,c; int printnext=1; if(count) { if(count%16) c=count+(16-count%16); else c=count; } else c=count; for(i=0;i= 0x20 && (buff[j]&0xff)<=0x7e) printf("%c",buff[j]&0xff); else printf("."); } else printf(" "); printf("\n"); printnext=1; } } } struct ippkt { struct iphdr ip; char data[10000]; }pkt; char *hostlookup(unsigned long int in) { static char blah[1024]; struct in_addr i; struct hostent *he; i.s_addr=in; he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET); if(he == NULL) strcpy(blah, inet_ntoa(i)); else strcpy(blah, he->h_name); return blah; } char *servlookup(unsigned short port) { struct servent *se; static char buff[1024]; se=getservbyport(port, "tcp"); if(se == NULL) sprintf(buff, "port %d", ntohs(port)); else sprintf(buff, "%s", se->s_name); return buff; } main() { char *p, *pbuf; int l, optlen, number_hops, hopcounter = 0; int total_header = 0; unsigned int sourceport, destport; int s; int i; char tmpbuff[1024]; setuid(0); if(geteuid() != 0) { printf("This program requires root privledges\n"); exit(0); } go_background(); s=socket(AF_INET, SOCK_RAW, 6); openlog("srlog", 0, LOG_DAEMON); while(1) { l = read(s, (struct ippkt *)&pkt, 9999); if( pkt.ip.ihl > 5 ) { syslog(LOG_NOTICE, "Packet with IP options from %s", hostlookup(pkt.ip.saddr)); p = pbuf = pkt.data; /* syslog(LOG_NOTICE, "Value of pkt.data: %x", pkt.data[0]&0xff); */ if ((*p == 0xffffff83) || (*p == 0xffffff89)) { syslog(LOG_NOTICE, "SOURCE ROUTE from %s", hostlookup(pkt.ip.saddr)); total_header = 14 + (4 * pkt.ip.ihl) + 20; l -= total_header; /* -14 eth -4*ihl (usually 5) IP - 20 */ optlen = (*++p)+1; syslog(LOG_NOTICE, "Optlen: %i", optlen); hopcounter = 0; p += 1; for (number_hops = optlen/4 - 1; number_hops > 0; number_hops -= 1) { hopcounter += 1; p += 4; syslog(LOG_NOTICE, "Hop point %i -> %i.%i.%i.%i",hopcounter,(*p--)&0xff,(*p--)&0xff,(*p--)&0xff,(*p--)&0xff); p+=4; } pbuf += optlen; /* print_data(l, pkt.data); print_data(ntohs(ip->tot_len), pkt.data); */ } } } } -------------------------------------------------------------------------------