[ http://www.rootshell.com/ ]

From mc6448@mclink.it Sun Mar 15 12:01:23 1998
Date: Sun, 15 Mar 1998 20:52:55 +0100 (MET)
From: Paolo Rocchi <mc6448@mclink.it>
To: info@rootshell.com
Subject: Source Route logger


This is something I wrote a few months ago for testing purposes.
Incoming source routed connections are not an issue with Linux, as the
kernel drops them by default unless you intentionally turn that option
off at compile time. Nevertheless, someone may find a use for this (e.g.
porting it to other unices).

Regards.


--srlog.c----------------------------------------------------------------------
/*
  Source Route logger v.0.13 - by Paolo Rocchi, mc6448@mclink.it 1/4/97

  Based on original code from IpLogger Package by Mike Edulla and ipl by loqi.
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <syslog.h>
#include <linux/socket.h>
#include <linux/ip.h>
#include <linux/if.h>
#include <linux/tcp.h>
#include <linux/if_ether.h>
extern int errno;

#ifndef NOFILE
#define NOFILE 1024
#endif

int go_background(void);
char *hostlookup(unsigned long int);
char *servlookup(unsigned short);

int go_background(void)
{
   int fd;
   int fs;

   if(getppid() != 1)
   {
      signal(SIGTTOU, SIG_IGN);
      signal(SIGTTIN, SIG_IGN);
      signal(SIGTSTP, SIG_IGN);
      fs=fork();
      if(fs < 0)
      {
         perror("fork");
         exit(1);
      }
      if(fs > 0) exit(0);
      setpgrp();
      fd=open("/dev/tty", O_RDWR);
      if(fd >= 0)
      {
         ioctl(fd, TIOCNOTTY, (char *)NULL);
         close(fd);
      }
   }
   for(fd=0;fd < NOFILE;fd++) close(fd);
   errno=0;
   chdir("/");
   umask(0);
}

print_data(int count, char *buff)
{
        int i,j,c;
        int printnext=1;
        if(count)
        {
        if(count%16)
                c=count+(16-count%16);
        else c=count;
        }
                else
                c=count;
        for(i=0;i<c;i++)
        {
                if(printnext) { printnext--; printf("%.4x ",i&0xffff); }
                if(i<count)
                printf("%3.2x",buff[i]&0xff);
                else
                printf("   ");
                if(!((i+1)%8))
                        if((i+1)%16)
                                printf(" -");
                        else
                                {
                                        printf("   ");
                                        for(j=i-15;j<=i;j++)
                                          if(j<count) {
                                                if( (buff[j]&0xff) >= 0x20 &&
                                                    (buff[j]&0xff)<=0x7e)
                                                      printf("%c",buff[j]&0xff)
;
                                                else printf(".");
                                                } else printf(" ");
                                printf("\n"); printnext=1;
                                }
        }
}

struct ippkt
       {
        struct iphdr            ip;
        char                    data[10000];
        }pkt;


char *hostlookup(unsigned long int in)
{
   static char blah[1024];
   struct in_addr i;
   struct hostent *he;

   i.s_addr=in;
   he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);
   if(he == NULL) strcpy(blah, inet_ntoa(i));
   else strcpy(blah, he->h_name);
   return blah;
}


char *servlookup(unsigned short port)
{
   struct servent *se;
   static char buff[1024];

   se=getservbyport(port, "tcp");
   if(se == NULL) sprintf(buff, "port %d", ntohs(port));
   else sprintf(buff, "%s", se->s_name);
   return buff;
}


main()
{
        char *p, *pbuf;
        int l, optlen, number_hops, hopcounter = 0;
        int total_header = 0;
        unsigned int sourceport, destport;

        int s;
        int i;
        char tmpbuff[1024];

   setuid(0);
   if(geteuid() != 0)
   {
      printf("This program requires root privledges\n");
      exit(0);
   }
   go_background();
   s=socket(AF_INET, SOCK_RAW, 6);
   openlog("srlog", 0, LOG_DAEMON);

   while(1)
   {
      l = read(s, (struct ippkt *)&pkt, 9999);

if( pkt.ip.ihl > 5 )

 {
  syslog(LOG_NOTICE, "Packet with IP options from %s", hostlookup(pkt.ip.saddr)
);
  p = pbuf = pkt.data;

/*  syslog(LOG_NOTICE, "Value of pkt.data: %x", pkt.data[0]&0xff); */
  if ((*p == 0xffffff83) || (*p == 0xffffff89)) {
  syslog(LOG_NOTICE, "SOURCE ROUTE from %s", hostlookup(pkt.ip.saddr));


  total_header = 14 + (4 * pkt.ip.ihl) + 20;
  l -= total_header;  /* -14 eth -4*ihl (usually 5) IP - 20 */
  optlen = (*++p)+1;
  syslog(LOG_NOTICE, "Optlen: %i", optlen);
  hopcounter = 0;
  p += 1;
  for (number_hops = optlen/4 - 1; number_hops > 0; number_hops -= 1)
  { hopcounter += 1;
    p += 4;
    syslog(LOG_NOTICE, "Hop point %i -> %i.%i.%i.%i",hopcounter,(*p--)&0xff,(*p
--)&0xff,(*p--)&0xff,(*p--)&0xff); p+=4;
  }

  pbuf += optlen;

/*  print_data(l, pkt.data);
  print_data(ntohs(ip->tot_len), pkt.data);  */
  }
                }
        }
}

-------------------------------------------------------------------------------