diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2012-11-29 18:59:48 +0100 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2012-11-29 18:59:48 +0100 |
commit | 6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74 (patch) | |
tree | 3f803fc77abf3ebf18b54312bf3c2ea36d385295 | |
parent | remove TODO, in README.txt now (diff) | |
download | glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.tar.xz glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.zip |
basic process event message handling
-rw-r--r-- | libglouglou/libglouglou.c | 37 | ||||
-rw-r--r-- | libglouglou/libglouglou.h | 42 |
2 files changed, 67 insertions, 12 deletions
diff --git a/libglouglou/libglouglou.c b/libglouglou/libglouglou.c index ca777dc..8d4a300 100644 --- a/libglouglou/libglouglou.c +++ b/libglouglou/libglouglou.c @@ -370,11 +370,34 @@ pkt_decode(char **buf, int *buf_len) if (strnlen((char *)pkt->name_fqdn, len) != pkt->name_len) goto invalid; newpkt->name_addr = ntohl(pkt->name_addr); - newpkt->name_len = pkt->name_len; + newpkt->name_len = ntohs(pkt->name_len); strncpy((char *)newpkt->name_fqdn, (char *)pkt->name_fqdn, pkt->name_len); break; - goto invalid; + case PACKET_PROC_FORK: + packet_len = PACKET_PROC_FORK_SIZE; + if (len < packet_len) + goto invalid; + newpkt->proc_pid = ntohl(pkt->proc_pid); + newpkt->proc_fork_ppid = ntohl(pkt->proc_fork_ppid); + newpkt->proc_fork_cpid = ntohl(pkt->proc_fork_cpid); + newpkt->proc_fork_tgid = ntohl(pkt->proc_fork_tgid); + break; + case PACKET_PROC_EXEC: + packet_len = PACKET_PROC_EXEC_SIZE; + if (len < packet_len) + goto invalid; + if (len < packet_len + pkt->proc_exec_cmdlen) + goto invalid; + if (strnlen((char *)pkt->proc_exec_cmd, len) != pkt->proc_exec_cmdlen) + goto invalid; + newpkt->proc_pid = ntohl(pkt->proc_pid); + newpkt->proc_exec_cmdlen = ntohs(pkt->proc_exec_cmdlen); + strncpy((char *)newpkt->proc_exec_cmd, (char *)pkt->proc_exec_cmd, + pkt->proc_exec_cmdlen); + break; + default: + goto invalid; } *buf = *buf + packet_len; @@ -416,7 +439,15 @@ pkt_getsize(struct gg_packet *pkt) size = PACKET_DATA_SIZE; break; case PACKET_NAME: - size = PACKET_NAME_SIZE + strnlen((char *)pkt->name_fqdn, DNSNAME_MAX); + size = PACKET_NAME_SIZE + + strnlen((char *)pkt->name_fqdn, GG_PKTARG_MAX); + break; + case PACKET_PROC_FORK: + size = PACKET_PROC_FORK_SIZE; + break; + case PACKET_PROC_EXEC: + size = PACKET_PROC_EXEC_SIZE + + strnlen((char *)pkt->proc_exec_cmd, GG_PKTARG_MAX); break; default: size = 0; diff --git a/libglouglou/libglouglou.h b/libglouglou/libglouglou.h index cf73371..04ee779 100644 --- a/libglouglou/libglouglou.h +++ b/libglouglou/libglouglou.h @@ -12,23 +12,27 @@ #define PACKET_VERSION 1 #define PACKET_BUFFER_SIZE 16384 -#define DNSNAME_MAX 20 +#define GG_PKTARG_MAX 30 struct gg_packet { #define PACKET_HEADER_SIZE 2 u_int8_t ver; u_int8_t type; /* XXX nicer way for _SIZE ... ? */ -#define PACKET_TYPE_MIN 0 -#define PACKET_TYPE_MAX 3 -#define PACKET_NEWCONN 0 +#define PACKET_TYPE_MIN 0x00 +#define PACKET_TYPE_MAX 0x11 +#define PACKET_NEWCONN 0x00 #define PACKET_NEWCONN_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.newconn) -#define PACKET_DELCONN 1 +#define PACKET_DELCONN 0x01 #define PACKET_DELCONN_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.delconn) -#define PACKET_DATA 2 +#define PACKET_DATA 0x02 #define PACKET_DATA_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.data) -#define PACKET_NAME 3 -#define PACKET_NAME_SIZE ((PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.name) - DNSNAME_MAX) +#define PACKET_NAME 0x03 +#define PACKET_NAME_SIZE ((PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.name) - GG_PKTARG_MAX) +#define PACKET_PROC_FORK 0x10 +#define PACKET_PROC_FORK_SIZE (PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.proc.ev.fork) +#define PACKET_PROC_EXEC 0x11 +#define PACKET_PROC_EXEC_SIZE ((PACKET_HEADER_SIZE + sizeof((struct gg_packet *)0)->pdat.proc.ev.exec) - GG_PKTARG_MAX) union { struct newconn { @@ -48,8 +52,22 @@ struct gg_packet { struct name { u_int32_t addr; u_int8_t len; - u_char fqdn[DNSNAME_MAX]; + u_char fqdn[GG_PKTARG_MAX]; } name; + struct proc { + u_int32_t pid; + union { + struct fork { + u_int32_t ppid; + u_int32_t cpid; + u_int32_t tgid; + } fork; + struct exec { + u_int8_t cmdlen; + u_char cmd[GG_PKTARG_MAX]; + } exec; + } ev; + } proc; } pdat; #define newconn_id pdat.newconn.id #define newconn_src pdat.newconn.src @@ -62,6 +80,12 @@ struct gg_packet { #define name_addr pdat.name.addr #define name_len pdat.name.len #define name_fqdn pdat.name.fqdn +#define proc_pid pdat.proc.pid +#define proc_fork_ppid pdat.proc.ev.fork.ppid +#define proc_fork_cpid pdat.proc.ev.fork.cpid +#define proc_fork_tgid pdat.proc.ev.fork.tgid +#define proc_exec_cmdlen pdat.proc.ev.exec.cmdlen +#define proc_exec_cmd pdat.proc.ev.exec.cmd }; struct gg_user { |