Date: Sat, 10 Oct 1998 18:54:37 +0200 (MET DST) From: Christian Wolf <Christian.Wolf@MedIS.DE> To: Hellmuth Michaelis <hm@kts.org>, isdn4bsd Mailing-List <freebsd-isdn@FreeBSD.ORG> Cc: chris@MedIS.DE Subject: Patch for first-packet log Message-ID: <Pine.GSO.3.96.981010183908.4239A-100000@tick.medis.de>
next in thread | raw e-mail | index | archive | help
Hello!
I made a patche to i4b to log the first few packets, when a new
connection is made. This should help finding out, why a dial-out or
dial-in was made.
The patch currently works only for ipr interfaces. Someone have to add
some calls to i4b_l4_packet_ind() to i4b_isppp.c as well.
The first 40 bytes are passed to the isdnd process which parses the
IP and TCP/UDP/ICMP headers and log()s them:
DMN daemon started (pid = 506)
CHD 00016 MEDIS rate 150 sec/unit (aocd, rate)
CHD 00016 MEDIS dialing out from 77110510 to 76696951
PKT MEDIS send 68 TCP 193.141.96.1:1017 -> 193.141.96.36:513 SYN
CHD 00016 MEDIS outgoing call proceeding (ctl 0, ch 0)
PKT MEDIS send 68 TCP 193.141.96.1:1017 -> 193.141.96.36:513 SYN
CHD 00000 <unknown> incoming call from 4076696951 to 77110510
CHD 00016 MEDIS incoming alert
CHD 00016 MEDIS outgoing call disconnected (remote)
CHD 00016 MEDIS cause 16: Normal call clearing (Q.850)
CHD 00018 MEDIS accepting: incoming call from 4076696951 to 77110510
CHD 00018 MEDIS incoming call active (ctl 0, ch 1)
PKT MEDIS send 68 TCP 193.141.96.1:1017 -> 193.141.96.36:513 SYN
PKT MEDIS recv 44 TCP 193.141.96.36:513 -> 193.141.96.1:1017 SYN ACK
PKT MEDIS send 40 TCP 193.141.96.1:1017 -> 193.141.96.36:513 ACK
btw: why is the call first incoming call unknown?
Regards,
Chris
diff -rb i4b-63/driver/i4b_ipr.c i4b/driver/i4b_ipr.c
172a173
> #define I4BIPRLOGFIRST 8 /* log the first 8 packet */
205a207,210
> #if I4BIPRLOGFIRST
> int sc_log_first; /* log first n packets */
> #endif
>
310a316,318
> #if I4BIPRLOGFIRST
> sc->sc_log_first = I4BIPRLOGFIRST;
> #endif
406a415,422
> #if I4BIPRLOGFIRST
> if(sc->sc_log_first > 0)
> {
> --(sc->sc_log_first);
> i4b_l4_packet_ind(BDRV_IPR, unit, 1, m );
> }
> #endif
>
650c666,669
<
---
> #if I4BIPRLOGFIRST
> /* show next I4BIPRLOGFIRST packets again */
> sc->sc_log_first = I4BIPRLOGFIRST;
> #endif
831a851,858
> #endif
>
> #if I4BIPRLOGFIRST
> if(sc->sc_log_first > 0)
> {
> --(sc->sc_log_first);
> i4b_l4_packet_ind(BDRV_IPR, unit, 0, m );
> }
diff -rb i4b-63/isdnd/isdnd.h i4b/isdnd/isdnd.h
172c172,173
< LL_DBG /* debug messages - everything which helps debugging */
---
> LL_DBG, /* debug messages - everything which helps debugging */
> LL_PKT /* packet logging - log the first few packets */
624a626
> void msg_packet_ind( msg_packet_ind_t *mp );
diff -rb i4b-63/isdnd/log.c i4b/isdnd/log.c
79c79,80
< {"DBG", LOG_DEBUG} /* debug messages */
---
> {"DBG", LOG_DEBUG}, /* debug messages */
> {"PKT", LOG_INFO} /* packet logging */
diff -rb i4b-63/isdnd/main.c i4b/isdnd/main.c
590a591,593
> case MSG_PACKET_IND:
> msg_packet_ind((msg_packet_ind_t *)msg_rd_buf);
> break;
diff -rb i4b-63/isdnd/msghdl.c i4b/isdnd/msghdl.c
47a48,58
> #include <sys/socket.h>
> #include <net/if.h>
> #include <net/if_types.h>
> #include <netinet/in.h>
> #include <netinet/in_systm.h>
> #include <netinet/in_var.h>
> #include <netinet/ip.h>
> #include <netinet/tcp.h>
> #include <netinet/udp.h>
> #include <netinet/ip_icmp.h>
>
541a553,647
> }
>
> /*---------------------------------------------------------------------------*
> * handle incoming MSG_PACKET_IND message
> *---------------------------------------------------------------------------*/
> static char*
> strapp( char* buf, const char* txt )
> {
> while( *txt ) *buf++ = *txt++;
> *buf = '\0';
> return buf;
> }
>
> static char*
> ipapp( char* buf, unsigned long a )
> {
> unsigned long ma = ntohl( a );
>
> buf += sprintf( buf, "%lu.%lu.%lu.%lu",
> (ma>>24)&0xFF, (ma>>16)&0xFF, (ma>>8)&0xFF, (ma)&0xFF );
> return buf;
> }
>
> void
> msg_packet_ind( msg_packet_ind_t *mp)
> {
> cfg_entry_t *cep;
> struct ip* ip;
> u_char* proto_hdr;
> char tmp[ 80 ];
> char* cptr = tmp;
> char* name = "???";
> int i;
>
> for(i=0; i < nentries; i++)
> {
> cep = &cfg_entry_tab[i]; /* ptr to config entry */
>
> if( cep->usrdevicename == mp->driver &&
> cep->usrdeviceunit == mp->driver_unit )
> {
> name = cep->name;
> break;
> }
> }
>
> ip = (struct ip*)mp->pktdata;
> proto_hdr = mp->pktdata + ((ip->ip_hl)<<2);
>
> if( ip->ip_p == IPPROTO_TCP )
> {
> struct tcphdr* tcp = (struct tcphdr*)proto_hdr;
>
> cptr = strapp( cptr, "TCP " );
> cptr = ipapp( cptr, ip->ip_src.s_addr );
> cptr += sprintf( cptr, ":%u -> ", ntohs( tcp->th_sport ) );
> cptr = ipapp( cptr, ip->ip_dst.s_addr );
> cptr += sprintf( cptr, ":%u", ntohs( tcp->th_dport ) );
>
> if(tcp->th_flags & TH_FIN) cptr = strapp( cptr, " FIN" );
> if(tcp->th_flags & TH_SYN) cptr = strapp( cptr, " SYN" );
> if(tcp->th_flags & TH_RST) cptr = strapp( cptr, " RST" );
> if(tcp->th_flags & TH_PUSH) cptr = strapp( cptr, " PUSH" );
> if(tcp->th_flags & TH_ACK) cptr = strapp( cptr, " ACK" );
> if(tcp->th_flags & TH_URG) cptr = strapp( cptr, " URG" );
> }
> else if( ip->ip_p == IPPROTO_UDP )
> {
> struct udphdr* udp = (struct udphdr*)proto_hdr;
>
> cptr = strapp( cptr, "UDP " );
> cptr = ipapp( cptr, ip->ip_src.s_addr );
> cptr += sprintf( cptr, ":%u -> ", ntohs( udp->uh_sport ) );
> cptr = ipapp( cptr, ip->ip_dst.s_addr );
> cptr += sprintf( cptr, ":%u", ntohs( udp->uh_dport ) );
> }
> else if( ip->ip_p == IPPROTO_ICMP )
> {
> struct icmp* icmp = (struct icmp*)proto_hdr;
>
> cptr += sprintf( cptr, "ICMP:%u.%u", icmp->icmp_type, icmp->icmp_code);
> cptr = ipapp( cptr, ip->ip_src.s_addr );
> cptr = strapp( cptr, " -> " );
> cptr = ipapp( cptr, ip->ip_dst.s_addr );
> }
> else
> {
> cptr += sprintf( cptr, "PROTO=%u ", ip->ip_p);
> cptr = ipapp( cptr, ip->ip_src.s_addr);
> cptr = strapp( cptr, " -> " );
> cptr = ipapp( cptr, ip->ip_dst.s_addr);
> }
>
> log( LL_PKT, "%s %s %u %s",
> name, mp->direction?"send":"recv", ntohs( ip->ip_len ), tmp );
diff -rb i4b-63/layer4/i4b_l4.c i4b/layer4/i4b_l4.c
380a381,405
> * send MSG_INFO_IND message to userland
> *---------------------------------------------------------------------------*/
> void
> i4b_l4_packet_ind(int driver, int driver_unit, int dir, struct mbuf *pkt)
> {
> struct mbuf *m;
> int len = pkt->m_pkthdr.len;
> unsigned char* ip = pkt->m_data;
>
> if((m = i4b_Dgetmbuf(sizeof(msg_packet_ind_t))) != NULL)
> {
> msg_packet_ind_t *mp = (msg_packet_ind_t *)m->m_data;
>
> mp->header.type = MSG_PACKET_IND;
> mp->header.cdid = -1;
> mp->driver = driver;
> mp->driver_unit = driver_unit;
> mp->direction = dir;
> memcpy( mp->pktdata, ip, len<MAX_PACKET_LOG?len:MAX_PACKET_LOG );
>
> i4bputqueue(m);
> }
> }
>
> /*---------------------------------------------------------------------------*
diff -rb i4b-63/layer4/i4b_l4.h i4b/layer4/i4b_l4.h
61a62
> extern void i4b_l4_packet_ind(int, int, int, struct mbuf *pkt);
diff -rb i4b-63/machine/i4b_ioctl.h i4b/machine/i4b_ioctl.h
237a238
> #define MSG_PACKET_IND 'k'
358a360,373
>
> /*---------------------------------------------------------------------------*
> * connect packet logging
> *---------------------------------------------------------------------------*/
> typedef struct {
> msg_hdr_t header; /* common header */
> int driver; /* driver type */
> int driver_unit; /* driver unit number */
> int direction; /* 0=in 1=out */
> #define DIRECTION_IN 0 /* sending packet to remote */
> #define DIRECTION_OUT 1 /* received packet from remote */
> #define MAX_PACKET_LOG 40 /* space for IP and TCP header */
> u_int8_t pktdata[ MAX_PACKET_LOG ];
> } msg_packet_ind_t;
diff -rb i4b-63/sppp/if_spppsubr.c i4b/sppp/if_spppsubr.c
2674a2675
> #if 0
2686c2687
<
---
> #endif
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.981010183908.4239A-100000>