| pflogd.c (156744) | pflogd.c (171172) |
|---|---|
| 1/* $OpenBSD: pflogd.c,v 1.33 2005/02/09 12:09:30 henning Exp $ */ | 1/* $OpenBSD: pflogd.c,v 1.37 2006/10/26 13:34:47 jmc Exp $ */ |
| 2 3/* 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2001 Can Erkin Acar 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 29 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> | 2 3/* 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2001 Can Erkin Acar 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 29 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> |
| 34__FBSDID("$FreeBSD: head/contrib/pf/pflogd/pflogd.c 156744 2006-03-15 16:28:12Z mlaier $"); | 34__FBSDID("$FreeBSD: head/contrib/pf/pflogd/pflogd.c 171172 2007-07-03 12:30:03Z mlaier $"); |
| 35 36#include <sys/types.h> 37#include <sys/ioctl.h> 38#include <sys/file.h> 39#include <sys/stat.h> 40#include <stdio.h> 41#include <stdlib.h> 42#include <string.h> --- 33 unchanged lines hidden (view full) --- 76 77char *copy_argv(char * const *); 78void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 79void dump_packet_nobuf(u_char *, const struct pcap_pkthdr *, const u_char *); 80int flush_buffer(FILE *); 81int init_pcap(void); 82void logmsg(int, const char *, ...); 83void purge_buffer(void); | 35 36#include <sys/types.h> 37#include <sys/ioctl.h> 38#include <sys/file.h> 39#include <sys/stat.h> 40#include <stdio.h> 41#include <stdlib.h> 42#include <string.h> --- 33 unchanged lines hidden (view full) --- 76 77char *copy_argv(char * const *); 78void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 79void dump_packet_nobuf(u_char *, const struct pcap_pkthdr *, const u_char *); 80int flush_buffer(FILE *); 81int init_pcap(void); 82void logmsg(int, const char *, ...); 83void purge_buffer(void); |
| 84int reset_dump(void); | 84int reset_dump(int); |
| 85int scan_dump(FILE *, off_t); 86int set_snaplen(int); 87void set_suspended(int); 88void sig_alrm(int); 89void sig_close(int); 90void sig_hup(int); 91void usage(void); 92 | 85int scan_dump(FILE *, off_t); 86int set_snaplen(int); 87void set_suspended(int); 88void sig_alrm(int); 89void sig_close(int); 90void sig_hup(int); 91void usage(void); 92 |
| 93static int try_reset_dump(int); 94 |
|
| 93/* buffer must always be greater than snaplen */ 94static int bufpkt = 0; /* number of packets in buffer */ 95static int buflen = 0; /* allocated size of buffer */ 96static char *buffer = NULL; /* packet buffer */ 97static char *bufpos = NULL; /* position in buffer */ 98static int bufleft = 0; /* bytes left in buffer */ 99 100/* if error, stop logging but count dropped packets */ 101static int suspended = -1; 102static long packets_dropped = 0; 103 104void 105set_suspended(int s) 106{ 107 if (suspended == s) 108 return; 109 110 suspended = s; | 95/* buffer must always be greater than snaplen */ 96static int bufpkt = 0; /* number of packets in buffer */ 97static int buflen = 0; /* allocated size of buffer */ 98static char *buffer = NULL; /* packet buffer */ 99static char *bufpos = NULL; /* position in buffer */ 100static int bufleft = 0; /* bytes left in buffer */ 101 102/* if error, stop logging but count dropped packets */ 103static int suspended = -1; 104static long packets_dropped = 0; 105 106void 107set_suspended(int s) 108{ 109 if (suspended == s) 110 return; 111 112 suspended = s; |
| 111 setproctitle("[%s] -s %d -f %s", 112 suspended ? "suspended" : "running", cur_snaplen, filename); | 113 setproctitle("[%s] -s %d -i %s -f %s", 114 suspended ? "suspended" : "running", 115 cur_snaplen, interface, filename); |
| 113} 114 115char * 116copy_argv(char * const *argv) 117{ 118 size_t len = 0, n; 119 char *buf; 120 --- 33 unchanged lines hidden (view full) --- 154 155#ifdef __FreeBSD__ 156__dead2 void 157#else 158__dead void 159#endif 160usage(void) 161{ | 116} 117 118char * 119copy_argv(char * const *argv) 120{ 121 size_t len = 0, n; 122 char *buf; 123 --- 33 unchanged lines hidden (view full) --- 157 158#ifdef __FreeBSD__ 159__dead2 void 160#else 161__dead void 162#endif 163usage(void) 164{ |
| 162 fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename] "); 163 fprintf(stderr, "[-s snaplen] [expression]\n"); | 165 fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename]"); 166 fprintf(stderr, " [-i interface] [-s snaplen]\n"); 167 fprintf(stderr, " [expression]\n"); |
| 164 exit(1); 165} 166 167void 168sig_close(int sig) 169{ 170 gotsig_close = 1; 171} --- 63 unchanged lines hidden (view full) --- 235 purge_buffer(); 236 237 cur_snaplen = snap; 238 239 return (0); 240} 241 242int | 168 exit(1); 169} 170 171void 172sig_close(int sig) 173{ 174 gotsig_close = 1; 175} --- 63 unchanged lines hidden (view full) --- 239 purge_buffer(); 240 241 cur_snaplen = snap; 242 243 return (0); 244} 245 246int |
| 243reset_dump(void) | 247reset_dump(int nomove) |
| 244{ | 248{ |
| 249 int ret; 250 251 for (;;) { 252 ret = try_reset_dump(nomove); 253 if (ret <= 0) 254 break; 255 } 256 257 return (ret); 258} 259 260/* 261 * tries to (re)open log file, nomove flag is used with -x switch 262 * returns 0: success, 1: retry (log moved), -1: error 263 */ 264int 265try_reset_dump(int nomove) 266{ |
|
| 245 struct pcap_file_header hdr; 246 struct stat st; 247 int fd; 248 FILE *fp; 249 250 if (hpcap == NULL) 251 return (-1); 252 --- 4 unchanged lines hidden (view full) --- 257 } 258 259 /* 260 * Basically reimplement pcap_dump_open() because it truncates 261 * files and duplicates headers and such. 262 */ 263 fd = priv_open_log(); 264 if (fd < 0) | 267 struct pcap_file_header hdr; 268 struct stat st; 269 int fd; 270 FILE *fp; 271 272 if (hpcap == NULL) 273 return (-1); 274 --- 4 unchanged lines hidden (view full) --- 279 } 280 281 /* 282 * Basically reimplement pcap_dump_open() because it truncates 283 * files and duplicates headers and such. 284 */ 285 fd = priv_open_log(); 286 if (fd < 0) |
| 265 return (1); | 287 return (-1); |
| 266 267 fp = fdopen(fd, "a+"); 268 269 if (fp == NULL) { | 288 289 fp = fdopen(fd, "a+"); 290 291 if (fp == NULL) { |
| 270 close(fd); | |
| 271 logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); | 292 logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); |
| 272 return (1); | 293 close(fd); 294 return (-1); |
| 273 } 274 if (fstat(fileno(fp), &st) == -1) { | 295 } 296 if (fstat(fileno(fp), &st) == -1) { |
| 275 fclose(fp); | |
| 276 logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); | 297 logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); |
| 277 return (1); | 298 fclose(fp); 299 return (-1); |
| 278 } 279 280 /* set FILE unbuffered, we do our own buffering */ 281 if (setvbuf(fp, NULL, _IONBF, 0)) { | 300 } 301 302 /* set FILE unbuffered, we do our own buffering */ 303 if (setvbuf(fp, NULL, _IONBF, 0)) { |
| 282 fclose(fp); | |
| 283 logmsg(LOG_ERR, "Failed to set output buffers"); | 304 logmsg(LOG_ERR, "Failed to set output buffers"); |
| 284 return (1); | 305 fclose(fp); 306 return (-1); |
| 285 } 286 287#define TCPDUMP_MAGIC 0xa1b2c3d4 288 289 if (st.st_size == 0) { 290 if (snaplen != cur_snaplen) { 291 logmsg(LOG_NOTICE, "Using snaplen %d", snaplen); | 307 } 308 309#define TCPDUMP_MAGIC 0xa1b2c3d4 310 311 if (st.st_size == 0) { 312 if (snaplen != cur_snaplen) { 313 logmsg(LOG_NOTICE, "Using snaplen %d", snaplen); |
| 292 if (set_snaplen(snaplen)) { 293 fclose(fp); | 314 if (set_snaplen(snaplen)) |
| 294 logmsg(LOG_WARNING, 295 "Failed, using old settings"); | 315 logmsg(LOG_WARNING, 316 "Failed, using old settings"); |
| 296 } | |
| 297 } 298 hdr.magic = TCPDUMP_MAGIC; 299 hdr.version_major = PCAP_VERSION_MAJOR; 300 hdr.version_minor = PCAP_VERSION_MINOR; 301 hdr.thiszone = hpcap->tzoff; 302 hdr.snaplen = hpcap->snapshot; 303 hdr.sigfigs = 0; 304 hdr.linktype = hpcap->linktype; 305 306 if (fwrite((char *)&hdr, sizeof(hdr), 1, fp) != 1) { 307 fclose(fp); | 317 } 318 hdr.magic = TCPDUMP_MAGIC; 319 hdr.version_major = PCAP_VERSION_MAJOR; 320 hdr.version_minor = PCAP_VERSION_MINOR; 321 hdr.thiszone = hpcap->tzoff; 322 hdr.snaplen = hpcap->snapshot; 323 hdr.sigfigs = 0; 324 hdr.linktype = hpcap->linktype; 325 326 if (fwrite((char *)&hdr, sizeof(hdr), 1, fp) != 1) { 327 fclose(fp); |
| 308 return (1); | 328 return (-1); |
| 309 } 310 } else if (scan_dump(fp, st.st_size)) { | 329 } 330 } else if (scan_dump(fp, st.st_size)) { |
| 311 /* XXX move file and continue? */ | |
| 312 fclose(fp); | 331 fclose(fp); |
| 332 if (nomove || priv_move_log()) { 333 logmsg(LOG_ERR, 334 "Invalid/incompatible log file, move it away"); 335 return (-1); 336 } |
|
| 313 return (1); 314 } 315 316 dpcap = fp; 317 318 set_suspended(0); 319 flush_buffer(fp); 320 --- 26 unchanged lines hidden (view full) --- 347 return (1); 348 } 349 350 if (hdr.magic != TCPDUMP_MAGIC || 351 hdr.version_major != PCAP_VERSION_MAJOR || 352 hdr.version_minor != PCAP_VERSION_MINOR || 353 hdr.linktype != hpcap->linktype || 354 hdr.snaplen > PFLOGD_MAXSNAPLEN) { | 337 return (1); 338 } 339 340 dpcap = fp; 341 342 set_suspended(0); 343 flush_buffer(fp); 344 --- 26 unchanged lines hidden (view full) --- 371 return (1); 372 } 373 374 if (hdr.magic != TCPDUMP_MAGIC || 375 hdr.version_major != PCAP_VERSION_MAJOR || 376 hdr.version_minor != PCAP_VERSION_MINOR || 377 hdr.linktype != hpcap->linktype || 378 hdr.snaplen > PFLOGD_MAXSNAPLEN) { |
| 355 logmsg(LOG_ERR, "Invalid/incompatible log file, move it away"); | |
| 356 return (1); 357 } 358 359 pos = sizeof(hdr); 360 361 while (!feof(fp)) { 362 off_t len = fread((char *)&ph, 1, sizeof(ph), fp); 363 if (len == 0) --- 194 unchanged lines hidden (view full) --- 558 const char *errstr = NULL; 559 560#ifdef __FreeBSD__ 561 /* another ?paranoid? safety measure we do not have */ 562#else 563 closefrom(STDERR_FILENO + 1); 564#endif 565 | 379 return (1); 380 } 381 382 pos = sizeof(hdr); 383 384 while (!feof(fp)) { 385 off_t len = fread((char *)&ph, 1, sizeof(ph), fp); 386 if (len == 0) --- 194 unchanged lines hidden (view full) --- 581 const char *errstr = NULL; 582 583#ifdef __FreeBSD__ 584 /* another ?paranoid? safety measure we do not have */ 585#else 586 closefrom(STDERR_FILENO + 1); 587#endif 588 |
| 566 while ((ch = getopt(argc, argv, "Dxd:s:f:")) != -1) { | 589 while ((ch = getopt(argc, argv, "Dxd:f:i:s:")) != -1) { |
| 567 switch (ch) { 568 case 'D': 569 Debug = 1; 570 break; 571 case 'd': 572 delay = strtonum(optarg, 5, 60*60, &errstr); 573 if (errstr) 574 usage(); 575 break; 576 case 'f': 577 filename = optarg; 578 break; | 590 switch (ch) { 591 case 'D': 592 Debug = 1; 593 break; 594 case 'd': 595 delay = strtonum(optarg, 5, 60*60, &errstr); 596 if (errstr) 597 usage(); 598 break; 599 case 'f': 600 filename = optarg; 601 break; |
| 602 case 'i': 603 interface = optarg; 604 break; |
|
| 579 case 's': 580 snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN, 581 &errstr); 582 if (snaplen <= 0) 583 snaplen = DEF_SNAPLEN; 584 if (errstr) 585 snaplen = PFLOGD_MAXSNAPLEN; 586 break; --- 56 unchanged lines hidden (view full) --- 643 logmsg(LOG_WARNING, "Failed to allocate output buffer"); 644 phandler = dump_packet_nobuf; 645 } else { 646 bufleft = buflen = PFLOGD_BUFSIZE; 647 bufpos = buffer; 648 bufpkt = 0; 649 } 650 | 605 case 's': 606 snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN, 607 &errstr); 608 if (snaplen <= 0) 609 snaplen = DEF_SNAPLEN; 610 if (errstr) 611 snaplen = PFLOGD_MAXSNAPLEN; 612 break; --- 56 unchanged lines hidden (view full) --- 669 logmsg(LOG_WARNING, "Failed to allocate output buffer"); 670 phandler = dump_packet_nobuf; 671 } else { 672 bufleft = buflen = PFLOGD_BUFSIZE; 673 bufpos = buffer; 674 bufpkt = 0; 675 } 676 |
| 651 if (reset_dump()) { | 677 if (reset_dump(Xflag) < 0) { |
| 652 if (Xflag) 653 return (1); 654 655 logmsg(LOG_ERR, "Logging suspended: open error"); 656 set_suspended(1); 657 } else if (Xflag) 658 return (0); 659 --- 9 unchanged lines hidden (view full) --- 669 } 670#endif 671 logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); 672 } 673 674 if (gotsig_close) 675 break; 676 if (gotsig_hup) { | 678 if (Xflag) 679 return (1); 680 681 logmsg(LOG_ERR, "Logging suspended: open error"); 682 set_suspended(1); 683 } else if (Xflag) 684 return (0); 685 --- 9 unchanged lines hidden (view full) --- 695 } 696#endif 697 logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); 698 } 699 700 if (gotsig_close) 701 break; 702 if (gotsig_hup) { |
| 677 if (reset_dump()) { | 703 if (reset_dump(0)) { |
| 678 logmsg(LOG_ERR, 679 "Logging suspended: open error"); 680 set_suspended(1); 681 } 682 gotsig_hup = 0; 683 } 684 685 if (gotsig_alrm) { 686 if (dpcap) 687 flush_buffer(dpcap); | 704 logmsg(LOG_ERR, 705 "Logging suspended: open error"); 706 set_suspended(1); 707 } 708 gotsig_hup = 0; 709 } 710 711 if (gotsig_alrm) { 712 if (dpcap) 713 flush_buffer(dpcap); |
| 714 else 715 gotsig_hup = 1; |
|
| 688 gotsig_alrm = 0; 689 alarm(delay); 690 } 691 } 692 693 logmsg(LOG_NOTICE, "Exiting"); 694 if (dpcap) { 695 flush_buffer(dpcap); --- 16 unchanged lines hidden --- | 716 gotsig_alrm = 0; 717 alarm(delay); 718 } 719 } 720 721 logmsg(LOG_NOTICE, "Exiting"); 722 if (dpcap) { 723 flush_buffer(dpcap); --- 16 unchanged lines hidden --- |