diff options
| -rw-r--r-- | share/man/man4/options.4 | 15 | ||||
| -rw-r--r-- | sys/netinet/ip_auth.h | 64 | ||||
| -rw-r--r-- | usr.sbin/ipmon/Makefile | 6 | ||||
| -rw-r--r-- | usr.sbin/ipmon/ipmon.8 | 116 | ||||
| -rw-r--r-- | usr.sbin/ipmon/ipmon.c | 1160 |
5 files changed, 1 insertions, 1360 deletions
diff --git a/share/man/man4/options.4 b/share/man/man4/options.4 index 5ffbb33099e..6fc85d5abde 100644 --- a/share/man/man4/options.4 +++ b/share/man/man4/options.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: options.4,v 1.66 2001/05/30 01:11:22 millert Exp $ +.\" $OpenBSD: options.4,v 1.67 2001/05/30 02:14:03 deraadt Exp $ .\" $NetBSD: options.4,v 1.21 1997/06/25 03:13:00 thorpej Exp $ .\" .\" Copyright (c) 1998 Theo de Raadt @@ -782,19 +782,6 @@ Internet backbone routers to provide per-packet authentication for the TCP packets used to communicate BGP routing information. You will also need a routing daemon that supports this option in order to actually use it. -.It Cd option IPFILTER -This option enables the IP filtering on the packet level using -Darren Reed's ip-filter package. -.It Cd option IPFILTER_LOG -This option, in conjunction with -.Cm option IPFILTER , -enables logging of IP packets using ip-filter. -.It Cd option IPFILTER_DEFAULT_BLOCK -This option sets the default policy of ip-filter to block packets that -exit the rule-set unmatched. -Otherwise they are silently passed. See -.Xr ipf 8 -for details. .It Cd option PPP_FILTER This option turns on .Xr pcap 3 diff --git a/sys/netinet/ip_auth.h b/sys/netinet/ip_auth.h deleted file mode 100644 index 2c2a6f7e5f3..00000000000 --- a/sys/netinet/ip_auth.h +++ /dev/null @@ -1,64 +0,0 @@ -/* $OpenBSD: ip_auth.h,v 1.9 2001/01/17 04:47:12 fgsch Exp $ */ - -/* - * Copyright (C) 1997-2000 by Darren Reed & Guido Van Rooij. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * $IPFilter: ip_auth.h,v 2.3.2.2 2000/10/19 15:38:44 darrenr Exp $ - * - */ -#ifndef __IP_AUTH_H__ -#define __IP_AUTH_H__ - -#define FR_NUMAUTH 32 - -typedef struct frauth { - int fra_age; - int fra_index; - u_32_t fra_pass; - fr_info_t fra_info; -#if SOLARIS - queue_t *fra_q; -#endif -} frauth_t; - -typedef struct frauthent { - struct frentry fae_fr; - struct frauthent *fae_next; - u_long fae_age; -} frauthent_t; - -typedef struct fr_authstat { - U_QUAD_T fas_hits; - U_QUAD_T fas_miss; - u_long fas_nospace; - u_long fas_added; - u_long fas_sendfail; - u_long fas_sendok; - u_long fas_queok; - u_long fas_quefail; - u_long fas_expire; - frauthent_t *fas_faelist; -} fr_authstat_t; - - -extern frentry_t *ipauth; -extern struct fr_authstat fr_authstats; -extern int fr_defaultauthage; -extern int fr_authsize; -extern int fr_authused; -extern int fr_auth_lock; -extern u_32_t fr_checkauth __P((ip_t *, fr_info_t *)); -extern void fr_authexpire __P((void)); -extern void fr_authunload __P((void)); -extern mb_t *fr_authpkts[]; -extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *)); -#if defined(__NetBSD__) || defined(__OpenBSD__) -extern int fr_auth_ioctl __P((caddr_t, u_long, frentry_t *, frentry_t **)); -#else -extern int fr_auth_ioctl __P((caddr_t, int, frentry_t *, frentry_t **)); -#endif -#endif /* __IP_AUTH_H__ */ diff --git a/usr.sbin/ipmon/Makefile b/usr.sbin/ipmon/Makefile deleted file mode 100644 index 2b54945de75..00000000000 --- a/usr.sbin/ipmon/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -# $OpenBSD: Makefile,v 1.4 1998/09/15 10:01:38 pattonme Exp $ - -PROG= ipmon -MAN= ipmon.8 - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipmon/ipmon.8 b/usr.sbin/ipmon/ipmon.8 deleted file mode 100644 index a67771982b0..00000000000 --- a/usr.sbin/ipmon/ipmon.8 +++ /dev/null @@ -1,116 +0,0 @@ -.\" $OpenBSD: ipmon.8,v 1.11 1999/06/05 22:17:06 aaron Exp $ -.TH ipmon 8 -.SH NAME -ipmon \- monitors /dev/ipl for logged packets -.SH SYNOPSIS -.B ipmon -[ -.B \-aDFhnstvxX -] [ -.B "\-o [NSI]" -] [ -.B "\-O [NSI]" -] [ -.B "\-N <device>" -] [ -.B "\-S <device>" -] [ -.B "\-f <device>" -] [ -.B <filename> -] -.SH DESCRIPTION -.LP -\fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from -the packet filter. The binary data read from the device is reprinted in -human readable form; however, IP#'s are not mapped back to hostnames, nor are -ports mapped back to service names. The output goes to standard output by -default or a filename, if given on the command line. Should the \fB\-s\fP -option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent -via syslog have the day, month and year removed from the message, but the -time (including microseconds), as recorded in the log, is still included. -.SH OPTIONS -.TP -.B \-a -Open all of the device logfiles for reading log entries from. All entries -are displayed to the same output 'device' (stderr or syslog). -.TP -.B "\-f <device>" -specify an alternative device/file from which to read the log information -for normal IP Filter log records. -.TP -.B \-D -When set ipmon will fork and become a daemon. -.TP -.B \-F -Flush the current packet log buffer. The number of bytes flushed is displayed, -even should the result be zero. -.TP -.B "\-N <device>" -Set the logfile to be opened for reading NAT log records from to <device>. -.TP -.B \-n -IP addresses and port numbers will be mapped, where possible, back into -hostnames and service names. -.TP -.B \-o -Specify which log files to actually read data from. N - NAT logfile, -S - State logfile, I - normal IP Filter logfile. The \fB-a\fP option is -equivalent to using \fB-o NSI\fP. -.TP -.B \-O -Specify which log files you do not wish to read from. This is most sensibly -used with the \fB-a\fP. Letters available as parameters to this are the same -as for \fB-o\fP. -.TP -.B \-s -Packet information read in will be sent through syslogd rather than -saved to a file. The default facility when compiled and installed is -\fBlocal0\fP. The following levels are used: -.IP -.B LOG_INFO -\- packets logged using the "log" keyword as the action rather -than pass or block. -.IP -.B LOG_NOTICE -\- packets logged which are also passed -.IP -.B LOG_WARNING -\- packets logged which are also blocked -.IP -.B LOG_ERR -\- packets which have been logged and which can be considered -"short". -.TP -.B \-S -Treat the logfile as being composed of state log records. -.TP -.B "\-S <device>" -Set the logfile to be opened for reading state log records from to <device>. -.IP -.B \-t -read the input file/device in a manner akin to tail(1). -.TP -.B \-v -show tcp window, ack and sequence fields. -.TP -.B \-x -show the packet data in hex. -.TP -.B \-X -show the log header record data in hex. -.SH DIAGNOSTICS -\fBipmon\fP expects data that it reads to be consistent with how it should be -saved and will abort if it fails an assertion which detects an anomaly in the -recorded data. -.SH FILES -/dev/ipl -.br -/dev/ipnat -.br -/dev/ipstate -.SH SEE ALSO -ipf(8), ipftest(1), ipnat(8), ipf(4), ipl(4), ipnat(4), ipf(5), ipnat(5), ipfstat(8) -.br -http://coombs.anu.edu.au/ipfilter/ -.SH BUGS diff --git a/usr.sbin/ipmon/ipmon.c b/usr.sbin/ipmon/ipmon.c deleted file mode 100644 index 006ab2317d6..00000000000 --- a/usr.sbin/ipmon/ipmon.c +++ /dev/null @@ -1,1160 +0,0 @@ -/* $OpenBSD: ipmon.c,v 1.27 2001/01/30 04:29:53 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipmon.c,v 2.12.2.8 2001/01/10 06:18:08 darrenr Exp $"; -#endif - -#ifndef SOLARIS -#define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun) -#endif - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <sys/ioctl.h> - -#include <stdio.h> -#include <unistd.h> -#include <string.h> -#include <fcntl.h> -#include <errno.h> -#if !defined(__SVR4) && !defined(__svr4__) -# if (__FreeBSD_version >= 300000) -# include <sys/dirent.h> -# else -# include <sys/dir.h> -# endif -#else -# include <sys/filio.h> -# include <sys/byteorder.h> -#endif -#include <strings.h> -#include <signal.h> -#include <stdlib.h> -#include <stddef.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <net/if.h> -#include <netinet/ip.h> -#include <netinet/tcp_fsm.h> -#include <netdb.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> -#include <resolv.h> - -#include <sys/uio.h> -#ifndef linux -# include <sys/protosw.h> -# include <netinet/ip_var.h> -#endif - -#include <netinet/tcp.h> -#include <netinet/ip_icmp.h> - -#include <ctype.h> -#include <syslog.h> - -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include <netinet/ip_fil.h> -#include <netinet/ip_proxy.h> -#include <netinet/ip_nat.h> -#include <netinet/ip_state.h> - - -#if defined(sun) && !defined(SOLARIS2) -#define STRERROR(x) sys_errlist[x] -extern char *sys_errlist[]; -#else -#define STRERROR(x) strerror(x) -#endif - - -struct flags { - int value; - char flag; -}; - -struct flags tcpfl[] = { - { TH_ACK, 'A' }, - { TH_RST, 'R' }, - { TH_SYN, 'S' }, - { TH_FIN, 'F' }, - { TH_URG, 'U' }, - { TH_PUSH,'P' }, - { TH_ECN, 'E' }, - { TH_CWR, 'C' }, - { 0, '\0' } -}; - -#if SOLARIS -static char *pidfile = "/etc/opt/ipf/ipmon.pid"; -#else -# if BSD >= 199306 -static char *pidfile = "/var/run/ipmon.pid"; -# else -static char *pidfile = "/etc/ipmon.pid"; -# endif -#endif - -static char line[2048]; -static int opts = 0; -static FILE *newlog = NULL; -static char *logfile = NULL; -static int donehup = 0; -static void usage __P((char *)); -static void handlehup __P((int)); -static void flushlogs __P((char *, FILE *)); -static void print_log __P((int, FILE *, char *, int)); -static void print_ipflog __P((FILE *, char *, int)); -static void print_natlog __P((FILE *, char *, int)); -static void print_statelog __P((FILE *, char *, int)); -static void dumphex __P((FILE *, u_char *, int)); -static int read_log __P((int, int *, char *, int)); -static void write_pid __P((char *)); - -char *hostname __P((int, int, u_32_t *)); -char *portname __P((int, char *, u_int)); -int main __P((int, char *[])); - -static void logopts __P((int, char *)); -static void init_tabs __P((void)); -static char *getproto __P((u_int)); - -static char **protocols = NULL; -static char **udp_ports = NULL; -static char **tcp_ports = NULL; - - -#define OPT_SYSLOG 0x001 -#define OPT_RESOLVE 0x002 -#define OPT_HEXBODY 0x004 -#define OPT_VERBOSE 0x008 -#define OPT_HEXHDR 0x010 -#define OPT_TAIL 0x020 -#define OPT_NAT 0x080 -#define OPT_STATE 0x100 -#define OPT_FILTER 0x200 -#define OPT_PORTNUM 0x400 -#define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER) -#define OPT_LOGBODY 0x800 - -#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b)) - -#ifndef LOGFAC -#define LOGFAC LOG_LOCAL0 -#endif - - -void handlehup(sig) -int sig; -{ - FILE *fp; - - signal(SIGHUP, handlehup); - if (logfile && (fp = fopen(logfile, "a"))) - newlog = fp; - init_tabs(); - donehup = 1; -} - - -static void init_tabs() -{ - struct protoent *p; - struct servent *s; - char *name, **tab; - int port; - - if (protocols != NULL) { - free(protocols); - protocols = NULL; - } - protocols = (char **)malloc(256 * sizeof(*protocols)); - if (protocols != NULL) { - bzero((char *)protocols, 256 * sizeof(*protocols)); - - setprotoent(1); - while ((p = getprotoent()) != NULL) - if (p->p_proto >= 0 && p->p_proto <= 255 && - p->p_name != NULL) - protocols[p->p_proto] = strdup(p->p_name); - endprotoent(); - } - - if (udp_ports != NULL) { - free(udp_ports); - udp_ports = NULL; - } - udp_ports = (char **)malloc(65536 * sizeof(*udp_ports)); - if (udp_ports != NULL) - bzero((char *)udp_ports, 65536 * sizeof(*udp_ports)); - - if (tcp_ports != NULL) { - free(tcp_ports); - tcp_ports = NULL; - } - tcp_ports = (char **)malloc(65536 * sizeof(*tcp_ports)); - if (tcp_ports != NULL) - bzero((char *)tcp_ports, 65536 * sizeof(*tcp_ports)); - - setservent(1); - while ((s = getservent()) != NULL) { - if (s->s_proto == NULL) - continue; - else if (!strcmp(s->s_proto, "tcp")) { - port = ntohs(s->s_port); - name = s->s_name; - tab = tcp_ports; - } else if (!strcmp(s->s_proto, "udp")) { - port = ntohs(s->s_port); - name = s->s_name; - tab = udp_ports; - } else - continue; - if ((port < 0 || port > 65535) || (name == NULL)) - continue; - tab[port] = strdup(name); - } - endservent(); -} - - -static char *getproto(p) -u_int p; -{ - static char pnum[4]; - char *s; - - p &= 0xff; - s = protocols ? protocols[p] : NULL; - if (s == NULL) { - sprintf(pnum, "%u", p); - s = pnum; - } - return s; -} - - -static int read_log(fd, lenp, buf, bufsize) -int fd, bufsize, *lenp; -char *buf; -{ - int nr; - - nr = read(fd, buf, bufsize); - if (!nr) - return 2; - if ((nr < 0) && (errno != EINTR)) - return -1; - *lenp = nr; - return 0; -} - - -char *hostname(res, v, ip) -int res, v; -u_32_t *ip; -{ -#ifdef USE_INET6 - static char hostbuf[MAXHOSTNAMELEN+1]; -#endif - struct hostent *hp; - struct in_addr ipa; - - if (v == 4) { - ipa.s_addr = *ip; - if (!res) - return inet_ntoa(ipa); - hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET); - if (!hp) - return inet_ntoa(ipa); - return hp->h_name; - - } -#ifdef USE_INET6 - (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); - hostbuf[MAXHOSTNAMELEN] = '\0'; - return hostbuf; -#else - return "IPv6"; -#endif -} - - -char *portname(res, proto, port) -int res; -char *proto; -u_int port; -{ - static char pname[8]; - char *s; - - port = ntohs(port); - port &= 0xffff; - (void) sprintf(pname, "%u", port); - if (!res || (opts & OPT_PORTNUM)) - return pname; - s = NULL; - if (!strcmp(proto, "tcp")) - s = tcp_ports[port]; - else if (!strcmp(proto, "udp")) - s = udp_ports[port]; - if (s == NULL) - s = pname; - return s; -} - - -static void dumphex(log, buf, len) -FILE *log; -u_char *buf; -int len; -{ - char line[80]; - int i, j, k; - u_char *s = buf, *t = (u_char *)line; - - for (i = len, j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) { - *t++ = '\n'; - *t = '\0'; - if (!(opts & OPT_SYSLOG)) - fputs(line, log); - else - syslog(LOG_INFO, "%s", line); - t = (u_char *)line; - *t = '\0'; - } - sprintf((char *)t, "%02x", *s & 0xff); - t += 2; - if (!((j + 1) & 0xf)) { - s -= 15; - sprintf((char *)t, " "); - t += 8; - for (k = 16; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - s--; - } - - if ((j + 1) & 0xf) - *t++ = ' ';; - } - - if (j & 0xf) { - for (k = 16 - (j & 0xf); k; k--) { - *t++ = ' '; - *t++ = ' '; - *t++ = ' '; - } - sprintf((char *)t, " "); - t += 7; - s -= j & 0xf; - for (k = j & 0xf; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - *t++ = '\n'; - *t = '\0'; - } - if (!(opts & OPT_SYSLOG)) { - fputs(line, log); - fflush(log); - } else - syslog(LOG_INFO, "%s", line); -} - -static void print_natlog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - struct natlog *nl; - iplog_t *ipl = (iplog_t *)buf; - char *t = line; - struct tm *tm; - int res, i, len; - char *proto; - - nl = (struct natlog *)((char *)ipl + sizeof(*ipl)); - res = (opts & OPT_RESOLVE) ? 1 : 0; - tm = localtime((time_t *)&ipl->ipl_sec); - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld @%hd ", ipl->ipl_usec, nl->nl_rule + 1); - t += strlen(t); - - if (nl->nl_type == NL_NEWMAP) - strcpy(t, "NAT:MAP "); - else if (nl->nl_type == NL_NEWRDR) - strcpy(t, "NAT:RDR "); - else if (nl->nl_type == NL_EXPIRE) - strcpy(t, "NAT:EXPIRE "); - else if (nl->nl_type == NL_FLUSH) - strcpy(t, "NAT:FLUSH "); - else if (nl->nl_type == NL_NEWBIMAP) - strcpy(t, "NAT:BIMAP "); - else if (nl->nl_type == NL_NEWBLOCK) - strcpy(t, "NAT:MAPBLOCK "); - else - sprintf(t, "Type: %d ", nl->nl_type); - t += strlen(t); - - proto = getproto(nl->nl_p); - - (void) sprintf(t, "%s,%s <- -> ", HOSTNAME_V4(res, nl->nl_inip), - portname(res, proto, (u_int)nl->nl_inport)); - t += strlen(t); - (void) sprintf(t, "%s,%s ", HOSTNAME_V4(res, nl->nl_outip), - portname(res, proto, (u_int)nl->nl_outport)); - t += strlen(t); - (void) sprintf(t, "[%s,%s]", HOSTNAME_V4(res, nl->nl_origip), - portname(res, proto, (u_int)nl->nl_origport)); - t += strlen(t); - if (nl->nl_type == NL_EXPIRE) { -#ifdef USE_QUAD_T - (void) sprintf(t, " Pkts %qd Bytes %qd", - (long long)nl->nl_pkts, - (long long)nl->nl_bytes); -#else - (void) sprintf(t, " Pkts %ld Bytes %ld", - nl->nl_pkts, nl->nl_bytes); -#endif - t += strlen(t); - } - - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%s", line); - else - (void) fprintf(log, "%s", line); -} - - -static void print_statelog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - struct ipslog *sl; - iplog_t *ipl = (iplog_t *)buf; - char *t = line, *proto; - struct tm *tm; - int res, i, len; - - sl = (struct ipslog *)((char *)ipl + sizeof(*ipl)); - res = (opts & OPT_RESOLVE) ? 1 : 0; - tm = localtime((time_t *)&ipl->ipl_sec); - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec); - t += strlen(t); - - if (sl->isl_type == ISL_NEW) - strcpy(t, "STATE:NEW "); - else if (sl->isl_type == ISL_EXPIRE) { - if ((sl->isl_p == IPPROTO_TCP) && - (sl->isl_state[0] > TCPS_ESTABLISHED || - sl->isl_state[1] > TCPS_ESTABLISHED)) - strcpy(t, "STATE:CLOSE "); - else - strcpy(t, "STATE:EXPIRE "); - } else if (sl->isl_type == ISL_FLUSH) - strcpy(t, "STATE:FLUSH "); - else if (sl->isl_type == ISL_REMOVE) - strcpy(t, "STATE:REMOVE "); - else - sprintf(t, "Type: %d ", sl->isl_type); - t += strlen(t); - - proto = getproto(sl->isl_p); - - if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) { - (void) sprintf(t, "%s,%s -> ", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src), - portname(res, proto, (u_int)sl->isl_sport)); - t += strlen(t); - (void) sprintf(t, "%s,%s PR %s", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst), - portname(res, proto, (u_int)sl->isl_dport), proto); - } else if (sl->isl_p == IPPROTO_ICMP) { - (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v, - (u_32_t *)&sl->isl_src)); - t += strlen(t); - (void) sprintf(t, "%s PR icmp %d", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst), - sl->isl_itype); - } - t += strlen(t); - if (sl->isl_type != ISL_NEW) { -#ifdef USE_QUAD_T - (void) sprintf(t, " Pkts %qd Bytes %qd", - (long long)sl->isl_pkts, - (long long)sl->isl_bytes); -#else - (void) sprintf(t, " Pkts %ld Bytes %ld", - sl->isl_pkts, sl->isl_bytes); -#endif - t += strlen(t); - } - - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%s", line); - else - (void) fprintf(log, "%s", line); -} - - -static void print_log(logtype, log, buf, blen) -FILE *log; -char *buf; -int logtype, blen; -{ - iplog_t *ipl; - char *bp = NULL, *bpo = NULL; - int psize; - - while (blen > 0) { - ipl = (iplog_t *)buf; - if ((u_long)ipl & (sizeof(long)-1)) { - if (bp) - bpo = bp; - bp = (char *)malloc(blen); - bcopy((char *)ipl, bp, blen); - if (bpo) { - free(bpo); - bpo = NULL; - } - buf = bp; - continue; - } - if (ipl->ipl_magic != IPL_MAGIC) { - /* invalid data or out of sync */ - break; - } - psize = ipl->ipl_dsize; - switch (logtype) - { - case IPL_LOGIPF : - print_ipflog(log, buf, psize); - break; - case IPL_LOGNAT : - print_natlog(log, buf, psize); - break; - case IPL_LOGSTATE : - print_statelog(log, buf, psize); - break; - } - - blen -= psize; - buf += psize; - } - if (bp) - free(bp); - return; -} - - -static void print_ipflog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - tcphdr_t *tp; - struct icmp *ic; - struct icmp *icmp; - struct tm *tm; - char *t, *proto; - int i, v, lvl, res, len, off, plen, ipoff; - ip_t *ipc, *ip; - u_short hl, p; - ipflog_t *ipf; - iplog_t *ipl; - u_32_t *s, *d; -#ifdef USE_INET6 - ip6_t *ip6; -#endif - - ipl = (iplog_t *)buf; - ipf = (ipflog_t *)((char *)buf + sizeof(*ipl)); - ip = (ip_t *)((char *)ipf + sizeof(*ipf)); - v = ip->ip_v; - res = (opts & OPT_RESOLVE) ? 1 : 0; - t = line; - *t = '\0'; - tm = localtime((time_t *)&ipl->ipl_sec); -#ifdef linux - if (v == 4) - ip->ip_len = ntohs(ip->ip_len); -#endif - - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec); - t += strlen(t); - if (ipl->ipl_count > 1) { - (void) sprintf(t, "%dx ", ipl->ipl_count); - t += strlen(t); - } -#if (SOLARIS || \ - (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux) - len = (int)sizeof(ipf->fl_ifname); - (void) sprintf(t, "%*.*s", len, len, ipf->fl_ifname); - t += strlen(t); -# if SOLARIS - if (isalpha(*(t - 1))) - *t++ = '0' + ipf->fl_unit; -# endif -#else - for (len = 0; len < 3; len++) - if (ipf->fl_ifname[len] == '\0') - break; - if (ipf->fl_ifname[len]) - len++; - (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); - t += strlen(t); -#endif - (void) sprintf(t, " @%hu:%hu ", ipf->fl_group, ipf->fl_rule + 1); - t += strlen(t); - - if (ipf->fl_flags & FF_SHORT) { - *t++ = 'S'; - lvl = LOG_ERR; - } else if (ipf->fl_flags & FR_PASS) { - if (ipf->fl_flags & FR_LOGP) - *t++ = 'p'; - else - *t++ = 'P'; - lvl = LOG_NOTICE; - } else if (ipf->fl_flags & FR_BLOCK) { - if (ipf->fl_flags & FR_LOGB) - *t++ = 'b'; - else - *t++ = 'B'; - lvl = LOG_WARNING; - } else if (ipf->fl_flags & FF_LOGNOMATCH) { - *t++ = 'n'; - lvl = LOG_NOTICE; - } else { - *t++ = 'L'; - lvl = LOG_INFO; - } - if (ipf->fl_loglevel != 0xffff) - lvl = ipf->fl_loglevel; - *t++ = ' '; - *t = '\0'; - - if (v == 6) { -#ifdef USE_INET6 - off = 0; - ipoff = 0; - hl = sizeof(ip6_t); - ip6 = (ip6_t *)ip; - p = (u_short)ip6->ip6_nxt; - s = (u_32_t *)&ip6->ip6_src; - d = (u_32_t *)&ip6->ip6_dst; - plen = ntohs(ip6->ip6_plen); -#else - sprintf(t, "ipv6"); - goto printipflog; -#endif - } else if (v == 4) { - hl = (ip->ip_hl << 2); - ipoff = ip->ip_off; - off = ipoff & IP_OFFMASK; - p = (u_short)ip->ip_p; - s = (u_32_t *)&ip->ip_src; - d = (u_32_t *)&ip->ip_dst; - plen = ip->ip_len; - } else { - goto printipflog; - } - proto = getproto(p); - - if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) { - tp = (tcphdr_t *)((char *)ip + hl); - if (!(ipf->fl_flags & (FI_SHORT << 16))) { - (void) sprintf(t, "%s,%s -> ", hostname(res, v, s), - portname(res, proto, (u_int)tp->th_sport)); - t += strlen(t); - (void) sprintf(t, "%s,%s PR %s len %hu %hu ", - hostname(res, v, d), - portname(res, proto, (u_int)tp->th_dport), - proto, hl, plen); - t += strlen(t); - - if (p == IPPROTO_TCP) { - *t++ = '-'; - for (i = 0; tcpfl[i].value; i++) - if (tp->th_flags & tcpfl[i].value) - *t++ = tcpfl[i].flag; - if (opts & OPT_VERBOSE) { - (void) sprintf(t, " %lu %lu %hu", - (u_long)(ntohl(tp->th_seq)), - (u_long)(ntohl(tp->th_ack)), - ntohs(tp->th_win)); - t += strlen(t); - } - } - *t = '\0'; - } else { - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR %s len %hu %hu", - hostname(res, v, d), proto, hl, plen); - } - } else if ((p == IPPROTO_ICMP) && !off && (v == 4)) { - ic = (struct icmp *)((char *)ip + hl); - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR icmp len %hu %hu icmp %d/%d", - hostname(res, v, d), hl, plen, - ic->icmp_type, ic->icmp_code); - if (ic->icmp_type == ICMP_UNREACH || - ic->icmp_type == ICMP_SOURCEQUENCH || - ic->icmp_type == ICMP_PARAMPROB || - ic->icmp_type == ICMP_REDIRECT || - ic->icmp_type == ICMP_TIMXCEED) { - ipc = &ic->icmp_ip; - i = ntohs(ipc->ip_len); - ipoff = ntohs(ipc->ip_off); - proto = getproto(ipc->ip_p); - - if (!(ipoff & IP_OFFMASK) && - ((ipc->ip_p == IPPROTO_TCP) || - (ipc->ip_p == IPPROTO_UDP))) { - tp = (tcphdr_t *)((char *)ipc + hl); - t += strlen(t); - (void) sprintf(t, " for %s,%s -", - HOSTNAME_V4(res, ipc->ip_src), - portname(res, proto, - (u_int)tp->th_sport)); - t += strlen(t); - (void) sprintf(t, " %s,%s PR %s len %hu %hu", - HOSTNAME_V4(res, ipc->ip_dst), - portname(res, proto, - (u_int)tp->th_dport), - proto, ipc->ip_hl << 2, i); - } else if (!(ipoff & IP_OFFMASK) && - (ipc->ip_p == IPPROTO_ICMP)) { - icmp = (icmphdr_t *)((char *)ipc + hl); - - t += strlen(t); - (void) sprintf(t, " for %s -", - HOSTNAME_V4(res, ipc->ip_src)); - t += strlen(t); - (void) sprintf(t, - " %s PR icmp len %hu %hu icmp %d/%d", - HOSTNAME_V4(res, ipc->ip_dst), - ipc->ip_hl << 2, i, - icmp->icmp_type, icmp->icmp_code); - - } else { - t += strlen(t); - (void) sprintf(t, " for %s -", - HOSTNAME_V4(res, ipc->ip_src)); - t += strlen(t); - (void) sprintf(t, " %s PR %s len %hu (%hu)", - HOSTNAME_V4(res, ipc->ip_dst), proto, - ipc->ip_hl << 2, i); - t += strlen(t); - if (ipoff & IP_OFFMASK) { - (void) sprintf(t, " frag %s%s%hu@%hu", - ipoff & IP_MF ? "+" : "", - ipoff & IP_DF ? "-" : "", - i - (ipc->ip_hl<<2), - (ipoff & IP_OFFMASK) << 3); - } - } - } - } else { - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR %s len %hu (%hu)", - hostname(res, v, d), proto, hl, plen); - t += strlen(t); - if (off & IP_OFFMASK) - (void) sprintf(t, " frag %s%s%hu@%hu", - ipoff & IP_MF ? "+" : "", - ipoff & IP_DF ? "-" : "", - plen - hl, (off & IP_OFFMASK) << 3); - } - t += strlen(t); - - if (ipf->fl_flags & FR_KEEPSTATE) { - (void) strcpy(t, " K-S"); - t += strlen(t); - } - - if (ipf->fl_flags & FR_KEEPFRAG) { - (void) strcpy(t, " K-F"); - t += strlen(t); - } - - if (ipf->fl_flags & FR_INQUE) - strcpy(t, " IN"); - else if (ipf->fl_flags & FR_OUTQUE) - strcpy(t, " OUT"); - t += strlen(t); -printipflog: - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(lvl, "%s", line); - else - (void) fprintf(log, "%s", line); - if (opts & OPT_HEXHDR) - dumphex(log, (u_char *)buf, sizeof(iplog_t) + sizeof(*ipf)); - if (opts & OPT_HEXBODY) - dumphex(log, (u_char *)ip, ipf->fl_plen + ipf->fl_hlen); - else if ((opts & OPT_LOGBODY) && (ipf->fl_flags & FR_LOGBODY)) - dumphex(log, (u_char *)ip + ipf->fl_hlen, ipf->fl_plen); -} - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "%s: [-NFhstvxX] [-f <logfile>]\n", prog); - exit(1); -} - - -static void write_pid(file) -char *file; -{ - FILE *fp = NULL; - int fd; - - if ((fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0644)) >= 0) - fp = fdopen(fd, "w"); - if (!fp) { - close(fd); - fprintf(stderr, "unable to open/create pid file: %s\n", file); - return; - } - fprintf(fp, "%d", getpid()); - fclose(fp); - close(fd); -} - - -static void flushlogs(file, log) -char *file; -FILE *log; -{ - int fd, flushed = 0; - - if ((fd = open(file, O_RDWR)) == -1) { - (void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno)); - exit(-1); - } - - if (ioctl(fd, SIOCIPFFB, &flushed) == 0) { - printf("%d bytes flushed from log buffer\n", - flushed); - fflush(stdout); - } else - perror("SIOCIPFFB"); - (void) close(fd); - - if (flushed) { - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%d bytes flushed from log\n", - flushed); - else if (log != stdout) - fprintf(log, "%d bytes flushed from log\n", flushed); - } -} - - -static void logopts(turnon, options) -int turnon; -char *options; -{ - int flags = 0; - char *s; - - for (s = options; *s; s++) - { - switch (*s) - { - case 'N' : - flags |= OPT_NAT; - break; - case 'S' : - flags |= OPT_STATE; - break; - case 'I' : - flags |= OPT_FILTER; - break; - default : - fprintf(stderr, "Unknown log option %c\n", *s); - exit(1); - } - } - - if (turnon) - opts |= flags; - else - opts &= ~(flags); -} - - -int main(argc, argv) -int argc; -char *argv[]; -{ - struct stat sb; - FILE *log = stdout; - int fd[3], doread, n, i; - int tr, nr, regular[3], c; - int fdt[3], devices = 0, make_daemon = 0; - char buf[512], *iplfile[3], *s; - extern int optind; - extern char *optarg; - - fd[0] = fd[1] = fd[2] = -1; - fdt[0] = fdt[1] = fdt[2] = -1; - iplfile[0] = IPL_NAME; - iplfile[1] = IPNAT_NAME; - iplfile[2] = IPSTATE_NAME; - - while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1) - switch (c) - { - case 'a' : - opts |= OPT_LOGALL; - fdt[0] = IPL_LOGIPF; - fdt[1] = IPL_LOGNAT; - fdt[2] = IPL_LOGSTATE; - break; - case 'b' : - opts |= OPT_LOGBODY; - break; - case 'D' : - make_daemon = 1; - break; - case 'f' : case 'I' : - opts |= OPT_FILTER; - fdt[0] = IPL_LOGIPF; - iplfile[0] = optarg; - break; - case 'F' : - flushlogs(iplfile[0], log); - flushlogs(iplfile[1], log); - flushlogs(iplfile[2], log); - break; - case 'n' : - opts |= OPT_RESOLVE; - break; - case 'N' : - opts |= OPT_NAT; - fdt[1] = IPL_LOGNAT; - iplfile[1] = optarg; - break; - case 'o' : case 'O' : - logopts(c == 'o', optarg); - fdt[0] = fdt[1] = fdt[2] = -1; - if (opts & OPT_FILTER) - fdt[0] = IPL_LOGIPF; - if (opts & OPT_NAT) - fdt[1] = IPL_LOGNAT; - if (opts & OPT_STATE) - fdt[2] = IPL_LOGSTATE; - break; - case 'p' : - opts |= OPT_PORTNUM; - break; - case 'P' : - pidfile = optarg; - break; - case 's' : - s = strrchr(argv[0], '/'); - if (s == NULL) - s = argv[0]; - else - s++; - openlog(s, LOG_NDELAY|LOG_PID, LOGFAC); - s = NULL; - opts |= OPT_SYSLOG; - log = NULL; - break; - case 'S' : - opts |= OPT_STATE; - fdt[2] = IPL_LOGSTATE; - iplfile[2] = optarg; - break; - case 't' : - opts |= OPT_TAIL; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'x' : - opts |= OPT_HEXBODY; - break; - case 'X' : - opts |= OPT_HEXHDR; - break; - default : - case 'h' : - case '?' : - usage(argv[0]); - } - - init_tabs(); - - /* - * Default action is to only open the filter log file. - */ - if ((fdt[0] == -1) && (fdt[1] == -1) && (fdt[2] == -1)) - fdt[0] = IPL_LOGIPF; - - for (i = 0; i < 3; i++) { - if (fdt[i] == -1) - continue; - if (!strcmp(iplfile[i], "-")) - fd[i] = 0; - else { - if ((fd[i] = open(iplfile[i], O_RDONLY)) == -1) { - (void) fprintf(stderr, - "%s: open: %s\n", iplfile[i], - STRERROR(errno)); - exit(-1); - } - - if (fstat(fd[i], &sb) == -1) { - (void) fprintf(stderr, "%d: fstat: %s\n",fd[i], - STRERROR(errno)); - exit(-1); - } - if (!(regular[i] = !S_ISCHR(sb.st_mode))) - devices++; - } - } - - if (!(opts & OPT_SYSLOG)) { - logfile = argv[optind]; - log = logfile ? fopen(logfile, "a") : stdout; - if (log == NULL) { - - (void) fprintf(stderr, "%s: fopen: %s\n", argv[optind], - STRERROR(errno)); - exit(-1); - } - setvbuf(log, NULL, _IONBF, 0); - } else - log = NULL; - - if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) { - if (fork() > 0) - exit(0); - write_pid(pidfile); - close(0); - close(1); - close(2); - setsid(); - } else - write_pid(pidfile); - - signal(SIGHUP, handlehup); - - for (doread = 1; doread; ) { - nr = 0; - - for (i = 0; i < 3; i++) { - tr = 0; - if (fdt[i] == -1) - continue; - if (!regular[i]) { - if (ioctl(fd[i], FIONREAD, &tr) == -1) { - perror("ioctl(FIONREAD)"); - exit(-1); - } - } else { - tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size); - if (!tr && !(opts & OPT_TAIL)) - doread = 0; - } - if (!tr) - continue; - nr += tr; - - tr = read_log(fd[i], &n, buf, sizeof(buf)); - if (donehup) { - donehup = 0; - if (newlog) { - fclose(log); - log = newlog; - newlog = NULL; - } - } - - switch (tr) - { - case -1 : - if (opts & OPT_SYSLOG) - syslog(LOG_ERR, "read: %m\n"); - else - perror("read"); - doread = 0; - break; - case 1 : - if (opts & OPT_SYSLOG) - syslog(LOG_ERR, "aborting logging\n"); - else - fprintf(log, "aborting logging\n"); - doread = 0; - break; - case 2 : - break; - case 0 : - if (n > 0) { - print_log(fdt[i], log, buf, n); - if (!(opts & OPT_SYSLOG)) - fflush(log); - } - break; - } - } - if (!nr && ((opts & OPT_TAIL) || devices)) - sleep(1); - } - exit(0); - /* NOTREACHED */ -} |