diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ipftest/ipft_ef.c | 12 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_hx.c | 14 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_pc.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_sn.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_td.c | 12 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_tx.c | 25 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipftest.1 | 68 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipt.c | 12 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipt.h | 2 | ||||
| -rw-r--r-- | usr.sbin/ipftest/misc.c | 3 | ||||
| -rw-r--r-- | usr.sbin/ipftest/pcap.h | 2 | ||||
| -rw-r--r-- | usr.sbin/ipftest/snoop.h | 2 | ||||
| -rw-r--r-- | usr.sbin/ipmon/ipmon.8 | 39 | ||||
| -rw-r--r-- | usr.sbin/ipmon/ipmon.c | 361 |
14 files changed, 400 insertions, 164 deletions
diff --git a/usr.sbin/ipftest/ipft_ef.c b/usr.sbin/ipftest/ipft_ef.c index edc7f578751..408558b1bc7 100644 --- a/usr.sbin/ipftest/ipft_ef.c +++ b/usr.sbin/ipftest/ipft_ef.c @@ -32,6 +32,7 @@ etherfind -n -t #include <sys/ioctl.h> #include <sys/param.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <netinet/in_systm.h> #include <netinet/ip_var.h> #include <netinet/ip.h> @@ -41,14 +42,12 @@ etherfind -n -t #include <netinet/tcpip.h> #include <net/if.h> #include <netdb.h> -#include "ip_fil_compat.h" -#include "ip_fil.h" #include "ipf.h" #include "ipt.h" -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static char rcsid[] = "$Id: ipft_ef.c,v 1.5 1996/10/08 07:33:34 niklas Exp $"; +static char rcsid[] = "$Id: ipft_ef.c,v 1.6 1997/02/11 22:23:48 kstailey Exp $"; #endif static int etherf_open(), etherf_close(), etherf_readip(); @@ -58,11 +57,6 @@ struct ipread etherf = { etherf_open, etherf_close, etherf_readip }; static FILE *efp = NULL; static int efd = -1; -#ifdef NEED_INET_ATON -extern u_long inet_aton(); -#else -#include <arpa/inet.h> -#endif static int etherf_open(fname) char *fname; diff --git a/usr.sbin/ipftest/ipft_hx.c b/usr.sbin/ipftest/ipft_hx.c index 454a8f93fbc..916c554afe7 100644 --- a/usr.sbin/ipftest/ipft_hx.c +++ b/usr.sbin/ipftest/ipft_hx.c @@ -30,16 +30,15 @@ #include <netinet/ip_icmp.h> #include <netinet/tcpip.h> #include <net/if.h> -#include "ip_fil_compat.h" #include <netdb.h> #include <arpa/nameser.h> #include <resolv.h> #include "ipf.h" #include "ipt.h" -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static char rcsid[] = "$Id: ipft_hx.c,v 1.3 1997/01/17 07:14:06 millert Exp $"; +static char rcsid[] = "$Id: ipft_hx.c,v 1.4 1997/02/11 22:23:50 kstailey Exp $"; #endif extern int opts; @@ -91,16 +90,13 @@ int cnt, *dir; char line[513]; ip = (struct ip *)buf; - *ifn = NULL; while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = strchr(line, '\n'))) { + if ((s = index(line, '\n'))) { if (s == line) return (char *)ip - buf; *s = '\0'; } - if ((s = strchr(line, '\r'))) - *s = '\0'; - if ((s = strchr(line, '#'))) + if ((s = index(line, '#'))) *s = '\0'; if (!*line) continue; @@ -108,8 +104,6 @@ int cnt, *dir; printf("input: %s\n", line); fflush(stdout); } - *ifn = NULL; - *dir = 0; ip = (struct ip *)readhex(line, (char *)ip); } return -1; diff --git a/usr.sbin/ipftest/ipft_pc.c b/usr.sbin/ipftest/ipft_pc.c index 5c7056e14c9..84a6b1b4b9b 100644 --- a/usr.sbin/ipftest/ipft_pc.c +++ b/usr.sbin/ipftest/ipft_pc.c @@ -25,14 +25,12 @@ #include <netinet/tcp.h> #include <netinet/tcpip.h> #include <net/if.h> -#include "ip_fil_compat.h" -#include "ip_fil.h" #include "ipf.h" #include "ipt.h" #include "pcap.h" -#ifndef lint -static char rcsid[] = "$Id: ipft_pc.c,v 1.5 1996/10/08 07:33:35 niklas Exp $"; +#if !defined(lint) && defined(LIBC_SCCS) +static char rcsid[] = "$Id: ipft_pc.c,v 1.6 1997/02/11 22:23:51 kstailey Exp $"; #endif struct llc { diff --git a/usr.sbin/ipftest/ipft_sn.c b/usr.sbin/ipftest/ipft_sn.c index dbb0b54fd7a..a8e8baf2ad2 100644 --- a/usr.sbin/ipftest/ipft_sn.c +++ b/usr.sbin/ipftest/ipft_sn.c @@ -28,14 +28,12 @@ #include <netinet/tcp.h> #include <netinet/tcpip.h> #include <net/if.h> -#include "ip_fil_compat.h" -#include "ip_fil.h" #include "ipf.h" #include "ipt.h" #include "snoop.h" -#ifndef lint -static char rcsid[] = "$Id: ipft_sn.c,v 1.4 1996/10/08 07:33:35 niklas Exp $"; +#if !defined(lint) && defined(LIBC_SCCS) +static char rcsid[] = "$Id: ipft_sn.c,v 1.5 1997/02/11 22:23:52 kstailey Exp $"; #endif struct llc { diff --git a/usr.sbin/ipftest/ipft_td.c b/usr.sbin/ipftest/ipft_td.c index be6a84b1130..fb9dcb6baea 100644 --- a/usr.sbin/ipftest/ipft_td.c +++ b/usr.sbin/ipftest/ipft_td.c @@ -41,6 +41,7 @@ tcpdump -nqte #include <sys/socket.h> #include <sys/ioctl.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <netinet/in_systm.h> #include <netinet/ip_var.h> #include <netinet/ip.h> @@ -50,22 +51,15 @@ tcpdump -nqte #include <netinet/tcpip.h> #include <net/if.h> #include <netdb.h> -#include "ip_fil_compat.h" -#include "ip_fil.h" #include "ipf.h" #include "ipt.h" -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static char rcsid[] = "$Id: ipft_td.c,v 1.5 1996/10/08 07:33:36 niklas Exp $"; +static char rcsid[] = "$Id: ipft_td.c,v 1.6 1997/02/11 22:23:54 kstailey Exp $"; #endif static int tcpd_open(), tcpd_close(), tcpd_readip(); -#ifdef NEED_INET_ATON -extern u_long inet_aton(); -#else -#include <arpa/inet.h> -#endif struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip }; diff --git a/usr.sbin/ipftest/ipft_tx.c b/usr.sbin/ipftest/ipft_tx.c index 39c53c43d75..4d1186b1483 100644 --- a/usr.sbin/ipftest/ipft_tx.c +++ b/usr.sbin/ipftest/ipft_tx.c @@ -29,17 +29,18 @@ #include <netinet/tcp.h> #include <netinet/ip_icmp.h> #include <netinet/tcpip.h> +#include <arpa/inet.h> #include <net/if.h> -#include "ip_fil_compat.h" #include <netdb.h> #include <arpa/nameser.h> #include <resolv.h> +#include "ip_fil_compat.h" #include "ipf.h" #include "ipt.h" -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static char rcsid[] = "$Id: ipft_tx.c,v 1.5 1997/01/17 07:14:07 millert Exp $"; +static char rcsid[] = "$Id: ipft_tx.c,v 1.6 1997/02/11 22:23:55 kstailey Exp $"; #endif extern int opts; @@ -65,7 +66,7 @@ static u_short tx_portnum(); * returns an ip address as a long var as a result of either a DNS lookup or * straight inet_addr() call */ -u_long tx_hostnum(host, resolved) +static u_long tx_hostnum(host, resolved) char *host; int *resolved; { @@ -94,7 +95,7 @@ int *resolved; * find the port number given by the name, either from getservbyname() or * straight atoi() */ -u_short tx_portnum(name) +static u_short tx_portnum(name) char *name; { struct servent *sp, *sp2; @@ -177,11 +178,11 @@ int cnt, *dir; ip = (struct ip *)buf; *ifn = NULL; while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = strchr(line, '\n'))) + if ((s = index(line, '\n'))) *s = '\0'; - if ((s = strchr(line, '\r'))) + if ((s = index(line, '\r'))) *s = '\0'; - if ((s = strchr(line, '#'))) + if ((s = index(line, '#'))) *s = '\0'; if (!*line) continue; @@ -264,7 +265,7 @@ int *out; if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { char *last; - last = strchr(*cpp, ','); + last = index(*cpp, ','); if (!last) { fprintf(stderr, "tcp/udp with no source port\n"); return 1; @@ -280,7 +281,7 @@ int *out; if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { char *last; - last = strchr(*cpp, ','); + last = index(*cpp, ','); if (!last) { fprintf(stderr, "tcp/udp with no destination port\n"); return 1; @@ -296,7 +297,7 @@ int *out; char *s, *t; for (s = *cpp; *s; s++) - if ((t = strchr(tcp_flagset, *s))) + if ((t = index(tcp_flagset, *s))) tcp->th_flags |= tcp_flags[t - tcp_flagset]; if (tcp->th_flags) cpp++; @@ -310,7 +311,7 @@ int *out; s++, i++) if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { ic->icmp_type = i; - if ((t = strchr(*cpp, ','))) + if ((t = index(*cpp, ','))) ic->icmp_code = atoi(t+1); cpp++; break; diff --git a/usr.sbin/ipftest/ipftest.1 b/usr.sbin/ipftest/ipftest.1 index 72591402fa2..912b3a3542c 100644 --- a/usr.sbin/ipftest/ipftest.1 +++ b/usr.sbin/ipftest/ipftest.1 @@ -1,14 +1,24 @@ -.LP .TH ipftest 8 .SH NAME -ipftest - test packet filter rules with arbitary input. +ipftest \- test packet filter rules with arbitary input. .SH SYNOPSIS -ipftest [-vbdPSTEHX] [-I interface] -r <filename> [-i <filename>] +.B ipftest +[ +.B \-vbdPSTEHX +] [ +.B \-I +interface +] +.B \-r +<filename> +[ +.B \-i +<filename> +] .SH DESCRIPTION -.LP .PP \fBipftest\fP is provided for the purpose of being able to test a set of -filter rules without having to put them in place, in operation and procede +filter rules without having to put them in place, in operation and proceed to test their effectiveness. The hope is that this minimises disruptions in providing a secure IP environment. .PP @@ -19,7 +29,7 @@ pass, block or nomatch. This is intended to give the operator a better idea of what is happening with packets passing through their filter ruleset. .PP -When used without eiether of \fB-S\fP, \fB-T\fP or \fB-E\fP, +When used without either of \fB\-S\fP, \fB\-T\fP or \fB\-E\fP, \fBipftest\fP uses its own text input format to generate "fake" IP packets. The format used is as follows: .nf @@ -41,30 +51,37 @@ are: out on le0 tcp 10.4.12.1,2245 10.1.1.1,23 S .fi .SH OPTIONS -.IP -v +.TP +.B \-v Verbose mode. This provides more information about which parts of rule matching the input packet passes and fails. -.IP -d +.TP +.B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). -.IP -b +.TP +.B \-b Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. -.IP -I <interface> +.TP +.BR \-I \0<interface> Set the interface name (used in rule matching) to be the name supplied. -This is useful with the \fB-P, -S, -T\fP and \fB-E\fP options, where it is +This is useful with the \fB\-P, \-S, \-T\fP and \fB\-E\fP options, where it is not otherwise possible to associate a packet with an interface. Normal "text packets" can override this setting. -.IP -P -The input file specified by \fB-i\fP is a binary file produced using libpcap -(ie tcpdump version 3). Packets are read from this file as being input -(for rule purposes). An interface maybe specified using \fB-I\fP. -.IP -S +.TP +.B \-P +The input file specified by \fB\-i\fP is a binary file produced using libpcap +(i.e., tcpdump version 3). Packets are read from this file as being input +(for rule purposes). An interface maybe specified using \fB\-I\fP. +.TP +.B \-S The input file is to be in "snoop" format (see RFC 1761). Packets are read from this file and used as input from any interface. This is perhaps the most useful input type, currently. -.IP -T +.TP +.B \-T The input file is to be text output from tcpdump. The text formats which are currently supported are those which result from the following tcpdump option combinations: @@ -77,13 +94,16 @@ option combinations: tcpdump -nqte .fi .LP -.IP -H +.TP +.B \-H The input file is to be hex digits, representing the binary makeup of the packet. No length correction is made, if an incorrect length is put in the IP header. -.IP -X +.TP +.B \-X The input file is composed of text descriptions of IP packets. -.IP -E +.TP +.B \-E The input file is to be text output from etherfind. The text formats which are currently supported are those which result from the following etherfind option combinations: @@ -93,9 +113,11 @@ option combinations: etherfind -n -t .fi .LP -.IP -i <filename> -Specify the filename to take input from. Default is stdin. -.IP -r <filename> +.TP +.BR \-i \0<filename> +Specify the filename from which to take input. Default is stdin. +.TP +.BR \-r \0<filename> Specify the filename from which to read filter rules. .SH FILES .SH SEE ALSO diff --git a/usr.sbin/ipftest/ipt.c b/usr.sbin/ipftest/ipt.c index 4fc23c0f6eb..f5a2fec52f4 100644 --- a/usr.sbin/ipftest/ipt.c +++ b/usr.sbin/ipftest/ipt.c @@ -39,9 +39,9 @@ #include "ipt.h" #include <ctype.h> -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed"; -static char rcsid[] = "$Id: ipt.c,v 1.7 1997/01/17 07:14:08 millert Exp $"; +static char rcsid[] = "$Id: ipt.c,v 1.8 1997/02/11 22:23:58 kstailey Exp $"; #endif extern int fr_check(); @@ -131,14 +131,14 @@ char *argv[]; /* * treat both CR and LF as EOL */ - if ((s = strchr(line, '\n'))) + if ((s = index(line, '\n'))) *s = '\0'; - if ((s = strchr(line, '\r'))) + if ((s = index(line, '\r'))) *s = '\0'; /* * # is comment marker, everything after is a ignored */ - if ((s = strchr(line, '#'))) + if ((s = index(line, '#'))) *s = '\0'; if (!*line) @@ -175,7 +175,7 @@ char *argv[]; while ((i = (*r->r_readip)(buf, sizeof(buf), &iface, &dir)) > 0) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - switch (fr_check(ip, ip->ip_hl << 2, iface, dir)) + switch (fr_check(ip, ip->ip_hl << 2, iface, dir)) /* XXX */ { case -1 : (void)printf("block"); diff --git a/usr.sbin/ipftest/ipt.h b/usr.sbin/ipftest/ipt.h index 4545e1b39c4..77d12de4aff 100644 --- a/usr.sbin/ipftest/ipt.h +++ b/usr.sbin/ipftest/ipt.h @@ -4,7 +4,7 @@ * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. - * $Id: ipt.h,v 1.2 1996/07/18 04:59:25 dm Exp $ + * $Id: ipt.h,v 1.3 1997/02/11 22:24:00 kstailey Exp $ */ #include <fcntl.h> diff --git a/usr.sbin/ipftest/misc.c b/usr.sbin/ipftest/misc.c index 8000582e7a5..44f2bae9557 100644 --- a/usr.sbin/ipftest/misc.c +++ b/usr.sbin/ipftest/misc.c @@ -38,8 +38,9 @@ #include "ipf.h" #include "ipt.h" -#ifndef lint +#if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed"; +static char rcsid[] = "$Id: misc.c,v 1.5 1997/02/11 22:24:01 kstailey Exp $"; #endif void debug(), verbose(); diff --git a/usr.sbin/ipftest/pcap.h b/usr.sbin/ipftest/pcap.h index 5ffb01c7484..daf5efee6a4 100644 --- a/usr.sbin/ipftest/pcap.h +++ b/usr.sbin/ipftest/pcap.h @@ -4,7 +4,7 @@ * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. - * $Id: pcap.h,v 1.3 1996/07/18 04:59:26 dm Exp $ + * $Id: pcap.h,v 1.4 1997/02/11 22:24:03 kstailey Exp $ */ /* * This header file is constructed to match the version described by diff --git a/usr.sbin/ipftest/snoop.h b/usr.sbin/ipftest/snoop.h index e351a1f7c7d..ce92eb9c5df 100644 --- a/usr.sbin/ipftest/snoop.h +++ b/usr.sbin/ipftest/snoop.h @@ -8,7 +8,7 @@ /* * written to comply with the RFC (1761) from Sun. - * $Id: snoop.h,v 1.2 1996/07/18 04:59:26 dm Exp $ + * $Id: snoop.h,v 1.3 1997/02/11 22:24:04 kstailey Exp $ */ struct snoophdr { char s_id[8]; diff --git a/usr.sbin/ipmon/ipmon.8 b/usr.sbin/ipmon/ipmon.8 index b6398c6bd6e..11ac23aa703 100644 --- a/usr.sbin/ipmon/ipmon.8 +++ b/usr.sbin/ipmon/ipmon.8 @@ -1,43 +1,48 @@ -.LP .TH ipmon 8 .SH NAME -ipmon - monitors /dev/ipl for logged packets +ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS -ipmon [-sfN] [<filename>] +.B ipmon +[ +.B \-sfN +] [ +<filename> +] .SH DESCRIPTION .LP \fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from the packet filter. The binary data read from the device is reprinted in human readable for, however, IP#'s are not mapped back to hostnames, nor are ports mapped back to service names. The output goes to standard output by -default or a filename, if given on the command line. Should the \fB-s\fP +default or a filename, if given on the command line. Should the \fB\-s\fP option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent via syslog have the day, month and year removed from the message, but the time (including microseconds), as recorded in the log, is still included. .SH OPTIONS .TP -.B -s +.B \-s Packet information read in will be sent through syslogd rather than saved to a file. The following levels are used: -.TP .IP -.RS -.B LOG_INFO - packets logged using the "log" keyword as the action rather +.B LOG_INFO +\- packets logged using the "log" keyword as the action rather than pass or block. -.TP 3 -.B LOG_NOTICE - packets logged which are also passed -.TP 3 -.B LOG_WARNING - packets logged which are also blocked -.TP 3 -.B LOG_ERR - packets which have been logged and which can be considered +.IP +.B LOG_NOTICE +\- packets logged which are also passed +.IP +.B LOG_WARNING +\- packets logged which are also blocked +.IP +.B LOG_ERR +\- packets which have been logged and which can be considered "short". -.RE .TP -.B -f +.B \-f Flush the current packet log buffer. The number of bytes flushed is displayed, even should the result be zero. .TP -.B -N +.B \-N IP addresses and port numbers will be mapped, where possible, back into hostnames and service names. .SH DIAGNOSTICS diff --git a/usr.sbin/ipmon/ipmon.c b/usr.sbin/ipmon/ipmon.c index ba827cec129..e7a488b4bf9 100644 --- a/usr.sbin/ipmon/ipmon.c +++ b/usr.sbin/ipmon/ipmon.c @@ -11,7 +11,8 @@ #include <unistd.h> #include <fcntl.h> #include <string.h> -#include <sys/syslog.h> +#include <stdlib.h> +#include <syslog.h> #include <sys/errno.h> #include <sys/file.h> #include <sys/ioctl.h> @@ -37,15 +38,16 @@ #include <netinet/ip_icmp.h> #include <netdb.h> #include <arpa/inet.h> +#include <ctype.h> -#ifndef lint -static char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-1996 Darren Reed"; -static char rcsid[] = "$Id: ipmon.c,v 1.6 1996/10/08 07:33:38 niklas Exp $"; +#if !defined(lint) && defined(LIBC_SCCS) +static char rcsid[] = "$Id: ipmon.c,v 1.7 1997/02/11 22:24:10 kstailey Exp $"; #endif #include "ip_fil_compat.h" #include "ip_fil.h" + struct flags { int value; char flag; @@ -61,8 +63,162 @@ struct flags tcpfl[] = { { 0, '\0' } }; + static char line[2048]; -static void printpacket(); +static void printpacket(), dumphex(); +static int opts = 0; + +#define OPT_SYSLOG 0x01 +#define OPT_RESOLVE 0x02 +#define OPT_HEXBODY 0x04 +#define OPT_VERBOSE 0x08 +#define OPT_HEXHDR 0x10 + +#ifndef LOGFAC +#define LOGFAC LOG_LOCAL0 +#endif + +void printiplci(icp) +struct ipl_ci *icp; +{ + printf("sec %ld usec %ld hlen %d plen %d\n", icp->sec, icp->usec, + icp->hlen, icp->plen); +} + + +void resynclog(fd, iplcp, log) +int fd; +struct ipl_ci *iplcp; +FILE *log; +{ + time_t now; + char *s = NULL; + int len, nr = 0; + + do { + if (s) { + s = (char *)&iplcp->sec; + if (opts & OPT_SYSLOG) { + syslog(LOG_INFO, "Sync bytes:"); + syslog(LOG_INFO, " %02x %02x %02x %02x", + *s, *(s+1), *(s+2), *(s+3)); + syslog(LOG_INFO, " %02x %02x %02x %02x\n", + *(s+4), *(s+5), *(s+6), *(s+7)); + } else { + fprintf(log, "Sync bytes:"); + fprintf(log, " %02x %02x %02x %02x", + *s, *(s+1), *(s+2), *(s+3)); + fprintf(log, " %02x %02x %02x %02x\n", + *(s+4), *(s+5), *(s+6), *(s+7)); + } + } + do { + s = (char *)&iplcp->sec; + len = sizeof(iplcp->sec); + while (len) { + switch ((nr = read(fd, s, len))) + { + case -1: + case 0: + return; + default : + s += nr; + len -= nr; + now = time(NULL); + break; + } + } + } while ((now < iplcp->sec) || + ((iplcp->sec - now) > (86400*5))); + + len = sizeof(iplcp->usec); + while (len) { + switch ((nr = read(fd, s, len))) + { + case -1: + case 0: + return; + default : + s += nr; + len -= nr; + break; + } + } + } while (iplcp->usec > 1000000); + + len = sizeof(*iplcp) - sizeof(iplcp->sec) - sizeof(iplcp->usec); + while (len) { + switch ((nr = read(fd, s, len))) + { + case -1: + case 0: + return; + default : + s += nr; + len -= nr; + break; + } + } +} + + +int readlogentry(fd, lenp, buf, bufsize, log) +int fd, bufsize, *lenp; +char *buf; +FILE *log; +{ + struct ipl_ci *icp = (struct ipl_ci *)buf; + time_t now; + char *s; + int len, n = bufsize, tr = sizeof(struct ipl_ci), nr; + + if (bufsize < tr) + return 1; + for (s = buf; (n > 0) && (tr > 0); s += nr, n -= nr) { + nr = read(fd, s, tr); + if (nr > 0) + tr -= nr; + else + return -1; + } + + now = time(NULL); + if ((icp->hlen > 92) || (now < icp->sec) || + ((now - icp->sec) > (86400*5))) { + if (opts & OPT_SYSLOG) + syslog(LOG_INFO, "Out of sync! (1,%x)\n", now); + else + fprintf(log, "Out of sync! (1,%x)\n", now); + dumphex(log, buf, sizeof(struct ipl_ci)); + resynclog(fd, icp, log); + } + + + len = (int)((u_int)icp->plen); + if (len > 128 || len < 0) { + if (opts & OPT_SYSLOG) + syslog(LOG_INFO, "Out of sync! (2,%d)\n", len); + else + fprintf(log, "Out of sync! (2,%d)\n", len); + dumphex(log, buf, sizeof(struct ipl_ci)); + resynclog(fd, icp, log); + } + + + tr = icp->hlen + icp->plen; + if (n < tr) + return 1; + + for (; (n > 0) && (tr > 0); s += nr, n-= nr) { + nr = read(fd, s, tr); + if (nr > 0) + tr -= nr; + else + return -1; + } + *lenp = s - buf; + return 0; +} char *hostname(res, ip) @@ -98,39 +254,61 @@ u_short port; } -static void dumphex(log, ip, lp) +static void dumphex(log, buf, len) FILE *log; -struct ip *ip; -struct ipl_ci *lp; +u_char *buf; +int len; { + char line[80]; int i, j, k; - u_char *s = (u_char *)ip; + u_char *s = buf, *t = (u_char *)line; - for (i = lp->plen + lp->hlen, j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) - putchar('\n'); - printf("%02x", *s); + for (i = len, j = 0; i; i--, j++, s++) { + if (j && !(j & 0xf)) { + *t++ = '\n'; + *t = '\0'; + fputs(line, stdout); + t = (u_char *)line; + *t = '\0'; + } + sprintf(t, "%02x", *s & 0xff); + t += 2; if (!((j + 1) & 0xf)) { - s -= 16; - printf(" "); + s -= 15; + sprintf(t, " "); + t += 8; for (k = 16; k; k--, s++) - putchar(isprint(*s) ? *s : '.'); + *t++ = (isprint(*s) ? *s : '.'); + s--; } if ((j + 1) & 0xf) - putchar(' '); + *t++ = ' ';; } - if ((j - 1) & 0xf) - putchar('\n'); + if (j & 0xf) { + for (k = 16 - (j & 0xf); k; k--) { + *t++ = ' '; + *t++ = ' '; + *t++ = ' '; + } + sprintf(t, " "); + t += 7; + s -= j & 0xf; + for (k = j & 0xf; k; k--, s++) + *t++ = (isprint(*s) ? *s : '.'); + *t++ = '\n'; + *t = '\0'; + } + fputs(line, stdout); + fflush(stdout); } -static void printpacket(log, ip, lp, opts) +static void printpacket(log, buf, blen) FILE *log; -struct ip *ip; -struct ipl_ci *lp; -int opts; +char *buf; +int blen; { struct protoent *pr; struct tcphdr *tp; @@ -139,24 +317,32 @@ int opts; struct tm *tm; char c[3], pname[8], *t, *proto; u_short hl, p; - int i, lvl, res, len; + int i, lvl, res; +#if !SOLARIS && !(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603))\ + && !(defined(OpenBSD) && (OpenBSD <= 1991011) && (OpenBSD >= 199603)) + int len; +#endif + struct ip *ip; + struct ipl_ci *lp; - res = (opts & 2) ? 1 : 0; + lp = (struct ipl_ci *)buf; + ip = (struct ip *)(buf + sizeof(*lp)); + res = (opts & OPT_RESOLVE) ? 1 : 0; t = line; *t = '\0'; hl = (ip->ip_hl << 2); p = (u_short)ip->ip_p; tm = localtime((time_t *)&lp->sec); - if (!(opts & 1)) { + if (!(opts & OPT_SYSLOG)) { (void) sprintf(t, "%2d/%02d/%4d ", tm->tm_mday, tm->tm_mon + 1, tm->tm_year + 1900); t += strlen(t); } -#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ - (defined(OpenBSD) && (OpenBSD >= 199606)) - (void) sprintf(t, "%02d:%02d:%02d.%-.6ld %s @%hd ", +#if SOLARIS || (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) \ + || (defined(OpenBSD) && (OpenBSD <= 1991011) && (OpenBSD >= 199603)) + (void) sprintf(t, "%02d:%02d:%02d.%-.6ld %.*s @%hd ", tm->tm_hour, tm->tm_min, tm->tm_sec, lp->usec, - lp->ifname, lp->rule); + (int)sizeof(lp->ifname), lp->ifname, lp->rule); #else for (len = 0; len < 3; len++) if (!lp->ifname[len]) @@ -220,6 +406,12 @@ int opts; if (tp->th_flags & tcpfl[i].value) *t++ = tcpfl[i].flag; } + if (opts & OPT_VERBOSE) { + (void) sprintf(t, " %lu %lu %hu", + (u_long)tp->th_seq, + (u_long)tp->th_ack, tp->th_win); + t += strlen(t); + } *t = '\0'; } else { (void) sprintf(t, "%s -> ", hostname(res, ip->ip_src)); @@ -287,70 +479,107 @@ int opts; *t++ = '\n'; *t++ = '\0'; - if (opts & 1) + if (opts & OPT_SYSLOG) syslog(lvl, "%s", line); else (void) fprintf(log, "%s", line); + if (opts & OPT_HEXHDR) + dumphex(log, buf, sizeof(struct ipl_ci)); + if (opts & OPT_HEXBODY) + dumphex(log, ip, lp->plen + lp->hlen); fflush(log); - if (opts & 4) - dumphex(log, ip, lp); } int main(argc, argv) int argc; char *argv[]; { - FILE *log; - int fd, flushed = 0, opts = 0; - u_int len; - char buf[512], c; - struct ipl_ci iplci; + FILE *log = NULL; + int fd = -1, flushed = 0, doread, n; + char buf[512], c, *iplfile = IPL_NAME; extern int optind; + extern char *optarg; - if ((fd = open(IPL_NAME, O_RDONLY)) == -1) { - (void) fprintf(stderr, "%s: ", IPL_NAME); - perror("open"); - exit(-1); - } - - while ((c = getopt(argc, argv, "Nfsx")) != -1) + while ((c = getopt(argc, argv, "Nf:FsvxX")) != -1) switch (c) { case 'f' : + iplfile = optarg; + break; + case 'F' : + if ((fd == -1) && + (fd = open(iplfile, O_RDWR)) == -1) { + (void) fprintf(stderr, "%s: ", IPL_NAME); + perror("open"); + exit(-1); + } if (ioctl(fd, SIOCIPFFB, &flushed) == 0) { printf("%d bytes flushed from log buffer\n", flushed); fflush(stdout); - } + } else + perror("SIOCIPFFB"); break; case 'N' : - opts |= 2; - break; - case 'x' : - opts |= 4; + opts |= OPT_RESOLVE; break; case 's' : openlog(argv[0], LOG_NDELAY|LOG_PID, LOGFAC); - opts |= 1; + opts |= OPT_SYSLOG; + break; + case 'v' : + opts |= OPT_VERBOSE; + break; + case 'x' : + opts |= OPT_HEXBODY; + break; + case 'X' : + opts |= OPT_HEXHDR; break; } - log = argv[optind] ? fopen(argv[1], "a") : stdout; - setvbuf(log, NULL, _IONBF, 0); - if (flushed) - fprintf(log, "%d bytes flushed from log\n", flushed); - - while (1) { - assert(read(fd, &iplci, sizeof(struct ipl_ci)) == - sizeof(struct ipl_ci)); - assert(iplci.hlen > 0 && iplci.hlen <= 92); - len = (u_int)iplci.plen; - assert(len <= 128); - assert(read(fd, buf, iplci.hlen + iplci.plen) == - (iplci.hlen + iplci.plen)); - printpacket(log, buf, &iplci, opts); + if ((fd == -1) && (fd = open(iplfile, O_RDONLY)) == -1) { + (void) fprintf(stderr, "%s: ", IPL_NAME); + perror("open"); + exit(-1); + } + + if (!(opts & OPT_SYSLOG)) { + log = argv[optind] ? fopen(argv[optind], "a") : stdout; + setvbuf(log, NULL, _IONBF, 0); } - /* NOTREACHED */ + + if (flushed) { + if (opts & OPT_SYSLOG) + syslog(LOG_INFO, "%d bytes flushed from log\n", + flushed); + else + fprintf(log, "%d bytes flushed from log\n", flushed); + } + + for (doread = 1; doread; ) + switch (readlogentry(fd, &n, buf, sizeof(buf), log)) + { + case -1 : + if (opts & OPT_SYSLOG) + syslog(LOG_ERR, "read: %m\n"); + else + perror("read"); + doread = 0; + break; + case 1 : + if (opts & OPT_SYSLOG) + syslog(LOG_ERR, "aborting logging\n"); + else + fprintf(log, "aborting logging\n"); + doread = 0; + break; + case 2 : + break; + case 0 : + printpacket(log, buf, n, opts); + break; + } exit(0); /* NOTREACHED */ } |