NFLOG: IPv4 network addresses writes to syslog (event emitted with)

root4root · root4root · commit e4ee5cf14aef · 2023-10-12T08:20:34.000+03:00
diff --git a/src/common.h b/src/common.h
@@ -4,6 +4,7 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <sys/ioctl.h>
 #include <net/if.h>
@@ -21,12 +22,12 @@
 #define VERSION "\ntuninetd 1.3.1\n"
 
 //global vars.
-short int debug;
-short int status;
-unsigned long ts;
-unsigned long curts;
+extern short int debug;
+extern short int status;
+extern unsigned long ts;
+extern unsigned long curts;
 
-struct globcfg_t {
+extern struct globcfg_t {
     short int isdaemon;
     pid_t pid;
     char *cmd_path;
diff --git a/src/main.c b/src/main.c
@@ -1,5 +1,14 @@
 #include "main.h"
 
+//Global vars --
+short int debug;
+short int status;
+unsigned long ts;
+unsigned long curts;
+
+struct globcfg_t globcfg;
+// -- Global vars
+
 int main(int argc, char *argv[])
 {
     curts = time(NULL);
diff --git a/src/xnflog.c b/src/xnflog.c
@@ -20,12 +20,33 @@ static void setnlbufsiz(unsigned int size, struct nflog_handle *h)
 
 static int callback(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg, struct nflog_data *ldata, void *data)
 {
-    if (status == OFF) {
-        message(INFO, "NFLOG: executing START command...");
-        switch_guard(ON);
+    ts = curts;
+
+    if (status == ON) {
+        return 0;
     }
 
-    ts = curts;
+    uint8_t *payload;
+
+    int payload_fetch_result = nflog_get_payload(ldata, &payload);
+
+    if (payload_fetch_result < 0) {
+        return 0;
+    }
+
+    message(INFO, "NFLOG: executing START command...");
+
+    if (payload[0] >> 4 == 4) { //4 bit MSB IP version. IPv4 in this case. TODO: implement for IPv6
+        message(INFO, "|- IPv4 SRC: %i.%i.%i.%i DST: %i.%i.%i.%i", payload[12], payload[13], payload[14], payload[15], payload[16], payload[17], payload[18], payload[19]);
+
+        struct nfulnl_msg_packet_hw *hw = nflog_get_packet_hw(ldata);
+
+        if (hw) { //Hardware information only available on inbound or transit packets
+            message(INFO, "|- HWaddr: %02x:%02x:%02x:%02x:%02x:%02x, DevIndex: %u", hw->hw_addr[0], hw->hw_addr[1], hw->hw_addr[2], hw->hw_addr[3], hw->hw_addr[4], hw->hw_addr[5], nflog_get_indev(ldata));
+        }
+    }
+
+    switch_guard(ON);
 
     return 0;
 }
