Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

log.c File Reference

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <signal.h>
#include "log.h"
#include "rules.h"
#include "util.h"
#include "debug.h"
#include "signature.h"
#include "snort.h"

Go to the source code of this file.

Functions

void PrintNetData (FILE *fp, u_char *start, const int len)
void PrintCharData (FILE *fp, char *data, int data_len)
void PrintIPPkt (FILE *fp, int type, Packet *p)
FILE * OpenAlertFile (char *filearg)
void ClearDumpBuf ()
void NoAlert (Packet *p, char *msg, void *arg, Event *event)
void NoLog (Packet *p, char *msg, void *arg, Event *event)
void Print2ndHeader (FILE *fp, Packet *p)
void PrintTrHeader (FILE *fp, Packet *p)
void PrintEthHeader (FILE *fp, Packet *p)
void PrintSLLHeader (FILE *fp, Packet *p)
void PrintArpHeader (FILE *fp, Packet *p)
void PrintIPHeader (FILE *fp, Packet *p)
void PrintTCPHeader (FILE *fp, Packet *p)
void PrintEmbeddedTCPHeader (FILE *fp, Packet *p, int size)
void CreateTCPFlagString (Packet *p, char *flagBuffer)
void PrintUDPHeader (FILE *fp, Packet *p)
void PrintICMPHeader (FILE *fp, Packet *p)
void PrintIpOptions (FILE *fp, Packet *p)
void PrintTcpOptions (FILE *fp, Packet *p)
void PrintPriorityData (FILE *fp, int do_newline)
void PrintXrefs (FILE *fp, int do_newline)
void SetEvent (Event *event, u_int32_t generator, u_int32_t id, u_int32_t rev, u_int32_t classification, u_int32_t priority, u_int32_t event_ref)
void PrintEapolPkt (FILE *fp, Packet *p)
void PrintWifiHeader (FILE *fp, Packet *p)
void PrintWifiPkt (FILE *fp, Packet *p)
void PrintEapolHeader (FILE *fp, Packet *p)
void PrintEAPHeader (FILE *fp, Packet *p)
void PrintEapolKey (FILE *fp, Packet *p)

Variables

OptTreeNodeotn_tmp
char * data_dump_buffer
int dump_size
u_int16_t event_id
static unsigned char ezero [6]

Function Documentation

void ClearDumpBuf  ) 
 

Definition at line 477 of file log.c.

References data_dump_buffer, dump_size, and NULL.

Referenced by BuildPacket(), DecodeIEEE80211Pkt(), DecodeIP(), Frag3Rebuild(), PcapProcessPacket(), ProcessPacket(), and RebuildFrag().

void CreateTCPFlagString Packet p,
char *  flagBuffer
 

Definition at line 1019 of file log.c.

References char(), _Packet::tcph, TH_ACK, TH_FIN, _TCPHdr::th_flags, TH_PUSH, TH_RES1, TH_RES2, TH_RST, TH_SYN, and TH_URG.

Referenced by GetSessionFromSplayTree(), NewConnection(), PrintEmbeddedTCPHeader(), PrintTCPHeader(), RealAlertCSV(), ReassembleStream4(), and SLog().

void NoAlert Packet p,
char *  msg,
void *  arg,
Event event
 

Definition at line 501 of file log.c.

Referenced by ProcessAlertCommandLine().

void NoLog Packet p,
char *  msg,
void *  arg,
Event event
 

Definition at line 518 of file log.c.

Referenced by ProcessLogCommandLine().

FILE* OpenAlertFile char *  filearg  ) 
 

Definition at line 423 of file log.c.

References _progvars::daemon_flag, DEBUG_INIT, DEBUG_WRAP, DEFAULT_DAEMON_ALERT_FILE, errno, FatalError(), _progvars::log_dir, NULL, pv, snprintf, and STD_BUF.

Referenced by AlertCSVParseArgs(), ParseAlertFastArgs(), and ParseAlertFullArgs().

void Print2ndHeader FILE *  fp,
Packet p
 

Definition at line 536 of file log.c.

References datalink, DLT_EN10MB, DLT_IEEE802, DLT_IEEE802_11, DLT_LINUX_SLL, _Packet::eh, ErrorMessage(), PrintEthHeader(), PrintSLLHeader(), PrintTrHeader(), PrintWifiHeader(), pv, _Packet::sllh, _Packet::trh, _progvars::verbose_flag, and _Packet::wifih.

Referenced by AlertFull(), PrintEapolPkt(), PrintIPPkt(), and PrintWifiPkt().

void PrintArpHeader FILE *  fp,
Packet p
 

Definition at line 692 of file log.c.

References _WifiHdr::addr1, _WifiHdr::addr2, _WifiHdr::addr3, _Packet::ah, _ARPHdr::ar_hln, _ARPHdr::ar_hrd, _ARPHdr::ar_op, _ARPHdr::ar_pln, _ARPHdr::ar_pro, _EtherARP::arp_sha, _EtherARP::arp_spa, _EtherARP::arp_tha, _EtherARP::arp_tpa, ARPOP_REPLY, ARPOP_REQUEST, ARPOP_RREPLY, ARPOP_RREQUEST, bcopy, bzero, _EtherARP::ea_hdr, _Packet::eh, _EtherHdr::ether_dst, _EtherHdr::ether_src, ETHERNET_TYPE_IP, ezero, _WifiHdr::frame_control, memcmp(), NULL, _Packet::pkth, TIMEBUF_SIZE, pcap_pkthdr::ts, ts_print(), _Packet::wifih, WLAN_FLAG_FROMDS, and WLAN_FLAG_TODS.

Referenced by AlertFast(), LogAscii(), and ProcessPacket().

void PrintCharData FILE *  fp,
char *  data,
int  data_len
 

Definition at line 246 of file log.c.

References data_dump_buffer, dump_size, index, int(), and NULL.

Referenced by PrintEapolPkt(), PrintIPPkt(), and PrintWifiPkt().

void PrintEAPHeader FILE *  fp,
Packet p
 

Definition at line 1997 of file log.c.

References _EAPHdr::code, EAP_CODE_FAILURE, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, EAP_CODE_SUCCESS, EAP_TYPE_GTC, EAP_TYPE_IDENTITY, EAP_TYPE_MD5, EAP_TYPE_NAK, EAP_TYPE_NOTIFY, EAP_TYPE_OTP, EAP_TYPE_TLS, _Packet::eaph, _Packet::eaptype, _EAPHdr::id, _EAPHdr::len, and NULL.

Referenced by PrintEapolPkt().

void PrintEapolHeader FILE *  fp,
Packet p
 

Definition at line 1961 of file log.c.

References EAPOL_TYPE_ASF, EAPOL_TYPE_EAP, EAPOL_TYPE_KEY, EAPOL_TYPE_LOGOFF, EAPOL_TYPE_START, _EtherEapol::eaptype, _Packet::eplh, and _EtherEapol::len.

Referenced by PrintEapolPkt().

void PrintEapolKey FILE *  fp,
Packet p
 

Definition at line 2065 of file log.c.

References _Packet::eapolk, _EapolKey::index, _EapolKey::length, memcpy, NULL, and _EapolKey::type.

Referenced by PrintEapolPkt().

void PrintEapolPkt FILE *  fp,
Packet p
 

Definition at line 1745 of file log.c.

References bzero, pcap_pkthdr::caplen, _progvars::char_data_flag, _Packet::data, _progvars::data_flag, _Packet::dsize, EAPOL_TYPE_EAP, EAPOL_TYPE_KEY, _EtherEapol::eaptype, _Packet::eplh, _Packet::pkt, _Packet::pkth, Print2ndHeader(), PrintCharData(), PrintEAPHeader(), PrintEapolHeader(), PrintEapolKey(), PrintNetData(), pv, _progvars::show2hdr_flag, TIMEBUF_SIZE, pcap_pkthdr::ts, ts_print(), and _progvars::verbose_bytedump_flag.

Referenced by ProcessPacket().

void PrintEmbeddedTCPHeader FILE *  fp,
Packet p,
int  size
 

Definition at line 970 of file log.c.

References CreateTCPFlagString(), DEBUG_FLOW, DEBUG_WRAP, TCP_OFFSET, _Packet::tcph, _TCPHdr::th_ack, _TCPHdr::th_seq, and _TCPHdr::th_win.

Referenced by PrintICMPHeader().

void PrintEthHeader FILE *  fp,
Packet p
 

Definition at line 625 of file log.c.

References _Packet::eh, _EtherHdr::ether_dst, _EtherHdr::ether_src, _EtherHdr::ether_type, pcap_pkthdr::len, and _Packet::pkth.

Referenced by Print2ndHeader().

void PrintICMPHeader FILE *  fp,
Packet p
 

Definition at line 1071 of file log.c.

References bzero, _ICMPHdr::code, _Packet::dp, _Packet::dsize, ICMP_ADDRESS, ICMP_ADDRESSREPLY, ICMP_DEST_UNREACH, ICMP_ECHO, ICMP_ECHOREPLY, ICMP_FRAG_NEEDED, ICMP_HOST_ISOLATED, ICMP_HOST_UNKNOWN, ICMP_HOST_UNR_TOS, ICMP_HOST_UNREACH, ICMP_INFO_REPLY, ICMP_INFO_REQUEST, ICMP_NET_UNKNOWN, ICMP_NET_UNR_TOS, ICMP_NET_UNREACH, ICMP_PARAM_BAD_LENGTH, ICMP_PARAM_BADIPHDR, ICMP_PARAM_OPTMISSING, ICMP_PARAMETERPROB, ICMP_PKT_FILTERED, ICMP_PKT_FILTERED_HOST, ICMP_PKT_FILTERED_NET, ICMP_PORT_UNREACH, ICMP_PREC_CUTOFF, ICMP_PREC_VIOLATION, ICMP_PROT_UNREACH, ICMP_REDIR_HOST, ICMP_REDIR_NET, ICMP_REDIR_TOS_HOST, ICMP_REDIR_TOS_NET, ICMP_REDIRECT, ICMP_ROUTER_ADVERTISE, ICMP_ROUTER_SOLICIT, ICMP_SOURCE_QUENCH, ICMP_SR_FAILED, ICMP_TIME_EXCEEDED, ICMP_TIMEOUT_REASSY, ICMP_TIMEOUT_TRANSIT, ICMP_TIMESTAMP, ICMP_TIMESTAMPREPLY, _Packet::icmph, IP_HLEN, _IPHdr::ip_proto, _Packet::iph, NULL, _Packet::orig_dp, _Packet::orig_iph, _Packet::orig_sp, _Packet::orig_tcph, _Packet::orig_udph, PrintEmbeddedTCPHeader(), PrintIPHeader(), PrintUDPHeader(), _Packet::sp, _Packet::tcph, _ICMPHdr::type, and _Packet::udph.

Referenced by AlertFull(), and PrintIPPkt().

void PrintIPHeader FILE *  fp,
Packet p
 

Definition at line 836 of file log.c.

References _Packet::dp, _Packet::frag_flag, _Packet::frag_offset, _IPHdr::ip_dst, IP_HLEN, _IPHdr::ip_id, _IPHdr::ip_len, _IPHdr::ip_off, _Packet::ip_option_count, _IPHdr::ip_proto, _IPHdr::ip_src, _IPHdr::ip_tos, _IPHdr::ip_ttl, _Packet::iph, NULL, _progvars::obfuscation_flag, PrintIpOptions(), protocol_names, pv, _progvars::show2hdr_flag, and _Packet::sp.

Referenced by AlertFull(), PrintICMPHeader(), and PrintIPPkt().

void PrintIpOptions FILE *  fp,
Packet p
 

Definition at line 1411 of file log.c.

References _Options::code, _Options::data, int(), _Packet::ip_option_count, _Packet::ip_options, IPOPT_EOL, IPOPT_LSRR, IPOPT_LSRR_E, IPOPT_NOP, IPOPT_RR, IPOPT_RTRALT, IPOPT_SATID, IPOPT_SECURITY, IPOPT_SSRR, IPOPT_TS, and _Options::len.

Referenced by PrintIPHeader().

void PrintIPPkt FILE *  fp,
int  type,
Packet p
 

Definition at line 315 of file log.c.

References _Packet::actual_ip_len, bzero, pcap_pkthdr::caplen, _progvars::char_data_flag, _Packet::data, _progvars::data_flag, DEBUG_LOG, DEBUG_WRAP, _Packet::dsize, _Packet::frag_flag, _Packet::icmph, IP_HLEN, _IPHdr::ip_len, _IPHdr::ip_proto, _Packet::iph, NULL, _Packet::pkt, _Packet::pkth, Print2ndHeader(), PrintCharData(), PrintICMPHeader(), PrintIPHeader(), PrintNetData(), PrintTCPHeader(), PrintUDPHeader(), pv, _progvars::show2hdr_flag, _Packet::tcph, TIMEBUF_SIZE, pcap_pkthdr::ts, ts_print(), _Packet::udph, and _progvars::verbose_bytedump_flag.

Referenced by AlertFast(), BuildPacket(), Frag3Rebuild(), LogAscii(), and ProcessPacket().

void PrintNetData FILE *  fp,
u_char *  start,
const int  len
 

Definition at line 71 of file log.c.

References C_OFFSET, char(), data_dump_buffer, dump_size, FatalError(), FRAME_SIZE, int(), memset, NULL, pv, _progvars::verbose_bytedump_flag, and _progvars::verbose_flag.

Referenced by DecodeIEEE80211Pkt(), PrintEapolPkt(), PrintIPPkt(), and PrintWifiPkt().

void PrintPriorityData FILE *  fp,
int  do_newline
 

Definition at line 1648 of file log.c.

References _SigInfo::classType, _ClassType::name, _SigInfo::priority, and _OptTreeNode::sigInfo.

Referenced by AlertFast(), and AlertFull().

void PrintSLLHeader FILE *  fp,
Packet p
 

Definition at line 654 of file log.c.

References pcap_pkthdr::len, LINUX_SLL_BROADCAST, LINUX_SLL_HOST, LINUX_SLL_MULTICAST, LINUX_SLL_OTHERHOST, LINUX_SLL_OUTGOING, _Packet::pkth, _SLLHdr::sll_addr, _SLLHdr::sll_halen, _SLLHdr::sll_hatype, _SLLHdr::sll_pkttype, _SLLHdr::sll_protocol, and _Packet::sllh.

Referenced by Print2ndHeader().

void PrintTCPHeader FILE *  fp,
Packet p
 

Definition at line 934 of file log.c.

References CreateTCPFlagString(), NULL, PrintTcpOptions(), TCP_OFFSET, _Packet::tcp_option_count, _Packet::tcph, _TCPHdr::th_ack, _TCPHdr::th_flags, _TCPHdr::th_seq, TH_URG, _TCPHdr::th_urp, and _TCPHdr::th_win.

Referenced by AlertFull(), and PrintIPPkt().

void PrintTcpOptions FILE *  fp,
Packet p
 

Definition at line 1498 of file log.c.

References bzero, _Options::code, _Options::data, EXTRACT_16BITS, EXTRACT_32BITS, int(), _Options::len, memcpy, _Packet::tcp_option_count, _Packet::tcp_options, TCPOPT_CC, TCPOPT_CCECHO, TCPOPT_CCNEW, TCPOPT_ECHO, TCPOPT_ECHOREPLY, TCPOPT_EOL, TCPOPT_MAXSEG, TCPOPT_NOP, TCPOPT_SACK, TCPOPT_SACKOK, TCPOPT_TIMESTAMP, and TCPOPT_WSCALE.

Referenced by PrintTCPHeader().

void PrintTrHeader FILE *  fp,
Packet p
 

Definition at line 581 of file log.c.

References _Trh_hdr::ac, _Trh_hdr::daddr, _Trh_llc::dsap, _Trh_llc::ethertype, _Trh_hdr::fc, _Trh_llc::protid, _Trh_mr::rseg, _Trh_hdr::saddr, _Trh_llc::ssap, _Packet::trh, TRH_MR_BCAST, TRH_MR_DIR, TRH_MR_LEN, TRH_MR_LF, TRH_MR_RES, _Packet::trhllc, and _Packet::trhmr.

Referenced by Print2ndHeader(), and RealAlertCSV().

void PrintUDPHeader FILE *  fp,
Packet p
 

Definition at line 1046 of file log.c.

References NULL, UDP_HEADER_LEN, _Packet::udph, and _UDPHdr::uh_len.

Referenced by AlertFull(), PrintICMPHeader(), and PrintIPPkt().

void PrintWifiHeader FILE *  fp,
Packet p
 

Definition at line 1796 of file log.c.

References _WifiHdr::addr1, _WifiHdr::addr2, _WifiHdr::addr3, _WifiHdr::addr4, _WifiHdr::frame_control, NULL, _Packet::wifih, WLAN_FLAG_FRAG, WLAN_FLAG_FROMDS, WLAN_FLAG_MOREDAT, WLAN_FLAG_ORDER, WLAN_FLAG_PWRMGMT, WLAN_FLAG_RETRY, WLAN_FLAG_TODS, WLAN_FLAG_WEP, WLAN_TYPE_CONT_ACK, WLAN_TYPE_CONT_CFACK, WLAN_TYPE_CONT_CFE, WLAN_TYPE_CONT_CTS, WLAN_TYPE_CONT_PS, WLAN_TYPE_CONT_RTS, WLAN_TYPE_MGMT_ASREQ, WLAN_TYPE_MGMT_ASRES, WLAN_TYPE_MGMT_ATIM, WLAN_TYPE_MGMT_AUTH, WLAN_TYPE_MGMT_BEACON, WLAN_TYPE_MGMT_DEAUTH, WLAN_TYPE_MGMT_DIS, WLAN_TYPE_MGMT_PRREQ, WLAN_TYPE_MGMT_PRRES, WLAN_TYPE_MGMT_REREQ, and WLAN_TYPE_MGMT_RERES.

Referenced by Print2ndHeader().

void PrintWifiPkt FILE *  fp,
Packet p
 

Definition at line 1919 of file log.c.

References bzero, pcap_pkthdr::caplen, _progvars::char_data_flag, _Packet::data, _progvars::data_flag, _Packet::dsize, _Packet::pkt, _Packet::pkth, Print2ndHeader(), PrintCharData(), PrintNetData(), pv, TIMEBUF_SIZE, pcap_pkthdr::ts, ts_print(), and _progvars::verbose_bytedump_flag.

Referenced by ProcessPacket().

void PrintXrefs FILE *  fp,
int  do_newline
 

Definition at line 1681 of file log.c.

References FPrintReference(), _ReferenceNode::next, NULL, _SigInfo::refs, and _OptTreeNode::sigInfo.

Referenced by AlertFull().

void SetEvent Event event,
u_int32_t  generator,
u_int32_t  id,
u_int32_t  rev,
u_int32_t  classification,
u_int32_t  priority,
u_int32_t  event_ref
 

Definition at line 1714 of file log.c.

References event_id, _progvars::event_log_id, and pv.

Referenced by AlertIntermediateInfo(), CheckTagList(), GenerateOpenPortEvent(), GenerateSnortEvent(), LogTagData(), PortscanPreprocFunction(), and SAlert().

Variable Documentation

char* data_dump_buffer
 

Definition at line 50 of file log.c.

Referenced by ClearDumpBuf(), PrintCharData(), and PrintNetData().

int dump_size
 

Definition at line 51 of file log.c.

Referenced by ClearDumpBuf(), PrintCharData(), and PrintNetData().

u_int16_t event_id
 

Definition at line 99 of file detect.c.

unsigned char ezero[6] [static]
 

Definition at line 57 of file log.c.

Referenced by PrintArpHeader().

OptTreeNode* otn_tmp
 

Definition at line 80 of file parser.c.

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2