| pflogd.c (67ecd4f3a477a0ca5b76a1694f89755df27a8679) | pflogd.c (5ee7cd2107c8ffd1fe70115deabd6599dffb313b) |
|---|---|
| 1/* $OpenBSD: pflogd.c,v 1.37 2006/10/26 13:34:47 jmc Exp $ */ 2 3/* 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2001 Can Erkin Acar 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 16 unchanged lines hidden (view full) --- 25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 29 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 | 1/* $OpenBSD: pflogd.c,v 1.37 2006/10/26 13:34:47 jmc Exp $ */ 2 3/* 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2001 Can Erkin Acar 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 16 unchanged lines hidden (view full) --- 25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 29 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 |
| 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD$"); 35 |
|
| 33#include <sys/types.h> 34#include <sys/ioctl.h> 35#include <sys/file.h> 36#include <sys/stat.h> 37#include <stdio.h> 38#include <stdlib.h> 39#include <string.h> 40#include <unistd.h> 41#include <pcap-int.h> 42#include <pcap.h> 43#include <syslog.h> 44#include <signal.h> 45#include <errno.h> 46#include <stdarg.h> 47#include <fcntl.h> | 36#include <sys/types.h> 37#include <sys/ioctl.h> 38#include <sys/file.h> 39#include <sys/stat.h> 40#include <stdio.h> 41#include <stdlib.h> 42#include <string.h> 43#include <unistd.h> 44#include <pcap-int.h> 45#include <pcap.h> 46#include <syslog.h> 47#include <signal.h> 48#include <errno.h> 49#include <stdarg.h> 50#include <fcntl.h> |
| 51#ifdef __FreeBSD__ 52#include "pidfile.h" 53#else |
|
| 48#include <util.h> | 54#include <util.h> |
| 55#endif 56 |
|
| 49#include "pflogd.h" 50 51pcap_t *hpcap; 52static FILE *dpcap; 53 54int Debug = 0; 55static int snaplen = DEF_SNAPLEN; 56static int cur_snaplen = DEF_SNAPLEN; --- 85 unchanged lines hidden (view full) --- 142 if (log_debug) { 143 vfprintf(stderr, message, ap); 144 fprintf(stderr, "\n"); 145 } else 146 vsyslog(pri, message, ap); 147 va_end(ap); 148} 149 | 57#include "pflogd.h" 58 59pcap_t *hpcap; 60static FILE *dpcap; 61 62int Debug = 0; 63static int snaplen = DEF_SNAPLEN; 64static int cur_snaplen = DEF_SNAPLEN; --- 85 unchanged lines hidden (view full) --- 150 if (log_debug) { 151 vfprintf(stderr, message, ap); 152 fprintf(stderr, "\n"); 153 } else 154 vsyslog(pri, message, ap); 155 va_end(ap); 156} 157 |
| 158#ifdef __FreeBSD__ 159__dead2 void 160#else |
|
| 150__dead void | 161__dead void |
| 162#endif |
|
| 151usage(void) 152{ 153 fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename]"); 154 fprintf(stderr, " [-i interface] [-s snaplen]\n"); 155 fprintf(stderr, " [expression]\n"); 156 exit(1); 157} 158 --- 173 unchanged lines hidden (view full) --- 332 333 return (0); 334} 335 336int 337scan_dump(FILE *fp, off_t size) 338{ 339 struct pcap_file_header hdr; | 163usage(void) 164{ 165 fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename]"); 166 fprintf(stderr, " [-i interface] [-s snaplen]\n"); 167 fprintf(stderr, " [expression]\n"); 168 exit(1); 169} 170 --- 173 unchanged lines hidden (view full) --- 344 345 return (0); 346} 347 348int 349scan_dump(FILE *fp, off_t size) 350{ 351 struct pcap_file_header hdr; |
| 352#ifdef __FreeBSD__ 353 struct pcap_sf_pkthdr ph; 354#else |
|
| 340 struct pcap_pkthdr ph; | 355 struct pcap_pkthdr ph; |
| 356#endif |
|
| 341 off_t pos; 342 343 /* 344 * Must read the file, compare the header against our new 345 * options (in particular, snaplen) and adjust our options so 346 * that we generate a correct file. Furthermore, check the file 347 * for consistency so that we can append safely. 348 * --- 52 unchanged lines hidden (view full) --- 401 return (1); 402} 403 404/* dump a packet directly to the stream, which is unbuffered */ 405void 406dump_packet_nobuf(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 407{ 408 FILE *f = (FILE *)user; | 357 off_t pos; 358 359 /* 360 * Must read the file, compare the header against our new 361 * options (in particular, snaplen) and adjust our options so 362 * that we generate a correct file. Furthermore, check the file 363 * for consistency so that we can append safely. 364 * --- 52 unchanged lines hidden (view full) --- 417 return (1); 418} 419 420/* dump a packet directly to the stream, which is unbuffered */ 421void 422dump_packet_nobuf(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 423{ 424 FILE *f = (FILE *)user; |
| 425#ifdef __FreeBSD__ 426 struct pcap_sf_pkthdr sh; 427#endif |
|
| 409 410 if (suspended) { 411 packets_dropped++; 412 return; 413 } 414 | 428 429 if (suspended) { 430 packets_dropped++; 431 return; 432 } 433 |
| 434#ifdef __FreeBSD__ 435 sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec; 436 sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec; 437 sh.caplen = h->caplen; 438 sh.len = h->len; 439 440 if (fwrite((char *)&sh, sizeof(sh), 1, f) != 1) { 441#else |
|
| 415 if (fwrite((char *)h, sizeof(*h), 1, f) != 1) { | 442 if (fwrite((char *)h, sizeof(*h), 1, f) != 1) { |
| 443#endif |
|
| 416 off_t pos = ftello(f); 417 418 /* try to undo header to prevent corruption */ | 444 off_t pos = ftello(f); 445 446 /* try to undo header to prevent corruption */ |
| 447#ifdef __FreeBSD__ 448 if (pos < sizeof(sh) || 449 ftruncate(fileno(f), pos - sizeof(sh))) { 450#else |
|
| 419 if (pos < sizeof(*h) || 420 ftruncate(fileno(f), pos - sizeof(*h))) { | 451 if (pos < sizeof(*h) || 452 ftruncate(fileno(f), pos - sizeof(*h))) { |
| 453#endif |
|
| 421 logmsg(LOG_ERR, "Write failed, corrupted logfile!"); 422 set_suspended(1); 423 gotsig_close = 1; 424 return; 425 } 426 goto error; 427 } 428 --- 52 unchanged lines hidden (view full) --- 481 bufpkt = 0; 482} 483 484/* append packet to the buffer, flushing if necessary */ 485void 486dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 487{ 488 FILE *f = (FILE *)user; | 454 logmsg(LOG_ERR, "Write failed, corrupted logfile!"); 455 set_suspended(1); 456 gotsig_close = 1; 457 return; 458 } 459 goto error; 460 } 461 --- 52 unchanged lines hidden (view full) --- 514 bufpkt = 0; 515} 516 517/* append packet to the buffer, flushing if necessary */ 518void 519dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 520{ 521 FILE *f = (FILE *)user; |
| 522#ifdef __FreeBSD__ 523 struct pcap_sf_pkthdr sh; 524 size_t len = sizeof(sh) + h->caplen; 525#else |
|
| 489 size_t len = sizeof(*h) + h->caplen; | 526 size_t len = sizeof(*h) + h->caplen; |
| 527#endif |
|
| 490 491 if (len < sizeof(*h) || h->caplen > (size_t)cur_snaplen) { 492 logmsg(LOG_NOTICE, "invalid size %u (%u/%u), packet dropped", 493 len, cur_snaplen, snaplen); 494 packets_dropped++; 495 return; 496 } 497 --- 10 unchanged lines hidden (view full) --- 508 return; 509 } 510 511 if (len > bufleft) { 512 dump_packet_nobuf(user, h, sp); 513 return; 514 } 515 | 528 529 if (len < sizeof(*h) || h->caplen > (size_t)cur_snaplen) { 530 logmsg(LOG_NOTICE, "invalid size %u (%u/%u), packet dropped", 531 len, cur_snaplen, snaplen); 532 packets_dropped++; 533 return; 534 } 535 --- 10 unchanged lines hidden (view full) --- 546 return; 547 } 548 549 if (len > bufleft) { 550 dump_packet_nobuf(user, h, sp); 551 return; 552 } 553 |
| 516 append: | 554 append: 555#ifdef __FreeBSD__ 556 sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec; 557 sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec; 558 sh.caplen = h->caplen; 559 sh.len = h->len; 560 561 memcpy(bufpos, &sh, sizeof(sh)); 562 memcpy(bufpos + sizeof(sh), sp, h->caplen); 563#else |
| 517 memcpy(bufpos, h, sizeof(*h)); 518 memcpy(bufpos + sizeof(*h), sp, h->caplen); | 564 memcpy(bufpos, h, sizeof(*h)); 565 memcpy(bufpos + sizeof(*h), sp, h->caplen); |
| 566#endif |
|
| 519 520 bufpos += len; 521 bufleft -= len; 522 bufpkt++; 523 524 return; 525} 526 527int 528main(int argc, char **argv) 529{ 530 struct pcap_stat pstat; 531 int ch, np, Xflag = 0; 532 pcap_handler phandler = dump_packet; 533 const char *errstr = NULL; 534 | 567 568 bufpos += len; 569 bufleft -= len; 570 bufpkt++; 571 572 return; 573} 574 575int 576main(int argc, char **argv) 577{ 578 struct pcap_stat pstat; 579 int ch, np, Xflag = 0; 580 pcap_handler phandler = dump_packet; 581 const char *errstr = NULL; 582 |
| 583#ifdef __FreeBSD__ 584 /* another ?paranoid? safety measure we do not have */ 585#else |
|
| 535 closefrom(STDERR_FILENO + 1); | 586 closefrom(STDERR_FILENO + 1); |
| 587#endif |
|
| 536 537 while ((ch = getopt(argc, argv, "Dxd:f:i:s:")) != -1) { 538 switch (ch) { 539 case 'D': 540 Debug = 1; 541 break; 542 case 'd': 543 delay = strtonum(optarg, 5, 60*60, &errstr); --- 85 unchanged lines hidden (view full) --- 629 logmsg(LOG_ERR, "Logging suspended: open error"); 630 set_suspended(1); 631 } else if (Xflag) 632 return (0); 633 634 while (1) { 635 np = pcap_dispatch(hpcap, PCAP_NUM_PKTS, 636 phandler, (u_char *)dpcap); | 588 589 while ((ch = getopt(argc, argv, "Dxd:f:i:s:")) != -1) { 590 switch (ch) { 591 case 'D': 592 Debug = 1; 593 break; 594 case 'd': 595 delay = strtonum(optarg, 5, 60*60, &errstr); --- 85 unchanged lines hidden (view full) --- 681 logmsg(LOG_ERR, "Logging suspended: open error"); 682 set_suspended(1); 683 } else if (Xflag) 684 return (0); 685 686 while (1) { 687 np = pcap_dispatch(hpcap, PCAP_NUM_PKTS, 688 phandler, (u_char *)dpcap); |
| 637 if (np < 0) | 689 if (np < 0) { 690#ifdef __FreeBSD__ 691 if (errno == ENXIO) { 692 logmsg(LOG_ERR, 693 "Device not/no longer configured"); 694 break; 695 } 696#endif |
| 638 logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); | 697 logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); |
| 698 } |
|
| 639 640 if (gotsig_close) 641 break; 642 if (gotsig_hup) { 643 if (reset_dump(0)) { 644 logmsg(LOG_ERR, 645 "Logging suspended: open error"); 646 set_suspended(1); --- 33 unchanged lines hidden --- | 699 700 if (gotsig_close) 701 break; 702 if (gotsig_hup) { 703 if (reset_dump(0)) { 704 logmsg(LOG_ERR, 705 "Logging suspended: open error"); 706 set_suspended(1); --- 33 unchanged lines hidden --- |