/* Copyright 1998 by Vadim Kolontsov			
 * All rights reserved
 *
 * Distribute freely, except: don't remove my name from the source or
 * documentation (don't take credit for my work), mark your changes (don't
 * get me blamed for your possible bugs), don't alter or remove this
 * notice.  May be sold if buildable source is provided to buyer.  No
 * warrantee of any kind, express or implied, is included with this
 * software; use at your own risk, responsibility for damages (if any) to
 * anyone resulting from the use of this software rests entirely with the
 * user.
 *
 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
 * I'll try to keep a version up to date.  I can be reached as follows:
 *
 * Vadim Kolontsov <sb@123.org>
 */

#include <stdio.h>
#include <pcap.h>

#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>

#ifdef LINUX
#include <bsd/netinet/ip_icmp.h>
#else
#include <netinet/ip_icmp.h>
#endif

#include <arpa/inet.h>

#include "config.h"

extern struct in_addr broadcast;

void ip_analyze(const struct ip *ip, int length)
{
	char *type, *dst;
	char	tmsg[100];
	struct icmp *icmp;

	if (ip->ip_ttl == 1)
	{
		switch (ip->ip_p)
		{
		case IPPROTO_ICMP:
			icmp = (struct icmp *)((u_char *)ip+ip->ip_hl*4);
			if (icmp->icmp_type != ICMP_ECHO)
				return;
	
			type = "ICMP-based";
			break;
		case IPPROTO_UDP:
			type = "UDP-based";
			break; 
		default:
			return;
		}

		if (ip->ip_dst.s_addr == broadcast.s_addr)
			return;
	
		dst = strdup(inet_ntoa(ip->ip_dst));
		sprintf(tmsg,"%s traceroute attempt to %s from %s\n", 
			type, dst, (char *)inet_ntoa(ip->ip_src));
	
		log(tmsg);
		free(dst);
	}
}