/* Sat Mar 8 00:05:40 2003 * * Bertera Pietro * e-mail: p.bertera@valtellinux.it dr.iggy@iol.it * * compile with: * gcc -Wall -DMODULE -D__KERNEL__ -DDEBUG -c NetSniff.c -I/usr/src/linux/include * * run with: * insmod NetSniff.o * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Library General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __KERNEL__ #define __KERNEL__ #endif #ifndef MODULE #define MODULE #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include MODULE_LICENSE("GPL"); unsigned int in_hook(unsigned int hooknum, struct sk_buff **skb_p, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { int retval = NF_ACCEPT; struct sk_buff *skb = (*skb_p); struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct udphdr *udph = NULL; __u32 saddr; __u32 daddr; __u8 protocol_type; __u16 dport = 0; __u16 sport = 0; iph = skb->nh.iph; saddr = iph->saddr; daddr = iph->daddr; protocol_type=iph->protocol; if(protocol_type == IPPROTO_TCP){ if((skb->h.th) != NULL){ tcph = (struct tcphdr*)((__u32 *)iph+iph->ihl); if((tcph->dest)){ dport = tcph->dest; }else{ printk("TCP D port NULL!!\n"); } if((tcph->source)){ sport = tcph->source; }else{ printk("TCP S port NULL!!\n"); } }else{ printk("TCP HEADER NULL!!\n"); } printk("INPUT: TCP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } if(protocol_type == IPPROTO_UDP){ printk("UDP!!\n"); if((skb->h.uh) != NULL){ udph = (struct udphdr*)((__u32 *)iph+iph->ihl); if((udph->dest)){ dport = udph->dest; }else{ printk("UDP D port NULL!!\n"); } if((udph->source)){ sport = udph->source; }else{ printk("UDP S port NULL!!\n"); } }else{ printk("UDP HEADER NULL!!\n"); } printk("INPUT: UDP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } return retval; } unsigned int out_hook(unsigned int hooknum, struct sk_buff **skb_p, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { int retval = NF_ACCEPT; struct sk_buff *skb = (*skb_p); struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct udphdr *udph = NULL; __u32 saddr; __u32 daddr; __u8 protocol_type; __u16 dport = 0; __u16 sport = 0; iph = skb->nh.iph; saddr = iph->saddr; daddr = iph->daddr; protocol_type=iph->protocol; if(protocol_type == IPPROTO_TCP){ if((skb->h.th) != NULL){ tcph = (struct tcphdr*)((__u32 *)iph+iph->ihl); if((tcph->dest)){ dport = tcph->dest; }else{ printk("TCP D port NULL!!\n"); } if((tcph->source)){ sport = tcph->source; }else{ printk("TCP S port NULL!!\n"); } }else{ printk("TCP HEADER NULL!!\n"); } printk("OUTPUT: TCP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } if(protocol_type == IPPROTO_UDP){ printk("UDP!!\n"); if((skb->h.uh) != NULL){ udph = (struct udphdr*)((__u32 *)iph+iph->ihl); if((udph->dest)){ dport = udph->dest; }else{ printk("UDP D port NULL!!\n"); } if((udph->source)){ sport = udph->source; }else{ printk("UDP S port NULL!!\n"); } }else{ printk("UDP HEADER NULL!!\n"); } printk("OUTPUT: UDP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } return retval; } unsigned int fw_hook(unsigned int hooknum, struct sk_buff **skb_p, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { int retval = NF_ACCEPT; struct sk_buff *skb = (*skb_p); struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct udphdr *udph = NULL; __u32 saddr; __u32 daddr; __u8 protocol_type; __u16 dport = 0; __u16 sport = 0; iph = skb->nh.iph; saddr = iph->saddr; daddr = iph->daddr; protocol_type=iph->protocol; if(protocol_type == IPPROTO_TCP){ if((skb->h.th) != NULL){ tcph = (struct tcphdr*)((__u32 *)iph+iph->ihl); if((tcph->dest)){ dport = tcph->dest; }else{ printk("TCP D port NULL!!\n"); } if((tcph->source)){ sport = tcph->source; }else{ printk("TCP S port NULL!!\n"); } }else{ printk("TCP HEADER NULL!!\n"); } printk("FORWARD: TCP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } if(protocol_type == IPPROTO_UDP){ printk("UDP!!\n"); if((skb->h.uh) != NULL){ udph = (struct udphdr*)((__u32 *)iph+iph->ihl); if((udph->dest)){ dport = udph->dest; }else{ printk("UDP D port NULL!!\n"); } if((udph->source)){ sport = udph->source; }else{ printk("UDP S port NULL!!\n"); } }else{ printk("UDP HEADER NULL!!\n"); } printk("FORWARD: UDP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } return retval; } unsigned int pre_hook(unsigned int hooknum, struct sk_buff **skb_p, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { int retval = NF_ACCEPT; struct sk_buff *skb = (*skb_p); struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct udphdr *udph = NULL; __u32 saddr; __u32 daddr; __u8 protocol_type; __u16 dport = 0; __u16 sport = 0; iph = skb->nh.iph; saddr = iph->saddr; daddr = iph->daddr; protocol_type=iph->protocol; if(protocol_type == IPPROTO_TCP){ if((skb->h.th) != NULL){ tcph = (struct tcphdr*)((__u32 *)iph+iph->ihl); if((tcph->dest)){ dport = tcph->dest; }else{ printk("TCP D port NULL!!\n"); } if((tcph->source)){ sport = tcph->source; }else{ printk("TCP S port NULL!!\n"); } }else{ printk("TCP HEADER NULL!!\n"); } printk("PREROUTING: TCP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } if(protocol_type == IPPROTO_UDP){ printk("UDP!!\n"); if((skb->h.uh) != NULL){ udph = (struct udphdr*)((__u32 *)iph+iph->ihl); if((udph->dest)){ dport = udph->dest; }else{ printk("UDP D port NULL!!\n"); } if((udph->source)){ sport = udph->source; }else{ printk("UDP S port NULL!!\n"); } }else{ printk("UDP HEADER NULL!!\n"); } printk("PREROUTING: UDP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } return retval; } unsigned int post_hook(unsigned int hooknum, struct sk_buff **skb_p, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { int retval = NF_ACCEPT; struct sk_buff *skb = (*skb_p); struct iphdr *iph = NULL; struct tcphdr *tcph = NULL; struct udphdr *udph = NULL; __u32 saddr; __u32 daddr; __u8 protocol_type; __u16 dport = 0; __u16 sport = 0; iph = skb->nh.iph; saddr = iph->saddr; daddr = iph->daddr; protocol_type=iph->protocol; if(protocol_type == IPPROTO_TCP){ if((skb->h.th) != NULL){ tcph = (struct tcphdr*)((__u32 *)iph+iph->ihl); if((tcph->dest)){ dport = tcph->dest; }else{ printk("TCP D port NULL!!\n"); } if((tcph->source)){ sport = tcph->source; }else{ printk("TCP S port NULL!!\n"); } }else{ printk("TCP HEADER NULL!!\n"); } printk("POSTROUTING: TCP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } if(protocol_type == IPPROTO_UDP){ printk("UDP!!\n"); if((skb->h.uh) != NULL){ udph = (struct udphdr*)((__u32 *)iph+iph->ihl); if((udph->dest)){ dport = udph->dest; }else{ printk("UDP D port NULL!!\n"); } if((udph->source)){ sport = udph->source; }else{ printk("UDP S port NULL!!\n"); } }else{ printk("UDP HEADER NULL!!\n"); } printk("POSTROUTING: UDP S: %d.%d.%d.%d:%d D: %d.%d.%d.%d:%d\n",NIPQUAD(saddr),sport,NIPQUAD(daddr),dport); } return retval; } struct nf_hook_ops in_hook_ops = { hook : in_hook, pf : PF_INET, hooknum : NF_IP_LOCAL_IN, }; struct nf_hook_ops out_hook_ops = { hook : out_hook, pf : PF_INET, hooknum : NF_IP_LOCAL_OUT, }; struct nf_hook_ops fw_hook_ops = { hook : fw_hook, pf : PF_INET, hooknum : NF_IP_FORWARD, }; struct nf_hook_ops pre_hook_ops = { hook : pre_hook, pf : PF_INET, hooknum : NF_IP_PRE_ROUTING, }; struct nf_hook_ops post_hook_ops = { hook : post_hook, pf : PF_INET, hooknum : NF_IP_POST_ROUTING, }; static int init_status_flag; #define IN_HOOK_REGISTERED 0x02 #define OUT_HOOK_REGISTERED 0x04 #define FW_HOOK_REGISTERED 0x06 #define PRE_HOOK_REGISTERED 0x08 #define POST_HOOK_REGISTERED 0x20 void cleanup_module(void) { if (init_status_flag&IN_HOOK_REGISTERED) nf_unregister_hook(&in_hook_ops); if (init_status_flag&OUT_HOOK_REGISTERED) nf_unregister_hook(&out_hook_ops); if (init_status_flag&FW_HOOK_REGISTERED) nf_unregister_hook(&fw_hook_ops); if (init_status_flag&PRE_HOOK_REGISTERED) nf_unregister_hook(&pre_hook_ops); if (init_status_flag&POST_HOOK_REGISTERED) nf_unregister_hook(&post_hook_ops); } int init_module(void) { int result; result = nf_register_hook(&in_hook_ops); if (result < 0) { printk(KERN_ERR "can't register netfilter hook"); cleanup_module(); return result; } init_status_flag |= IN_HOOK_REGISTERED; result = nf_register_hook(&out_hook_ops); if (result < 0) { printk(KERN_ERR "can't register netfilter hook"); cleanup_module(); return result; } init_status_flag |= OUT_HOOK_REGISTERED; result = nf_register_hook(&fw_hook_ops); if (result < 0) { printk(KERN_ERR "can't register netfilter hook"); cleanup_module(); return result; } init_status_flag |= FW_HOOK_REGISTERED; result = nf_register_hook(&pre_hook_ops); if (result < 0) { printk(KERN_ERR "can't register netfilter hook"); cleanup_module(); return result; } init_status_flag |= PRE_HOOK_REGISTERED; result = nf_register_hook(&post_hook_ops); if (result < 0) { printk(KERN_ERR "can't register netfilter hook"); cleanup_module(); return result; } init_status_flag |= POST_HOOK_REGISTERED; printk("Netfilter Sniff run! stop with: #rmmod NetSnif \n"); return 0; }