Remove ipsd (IP Scan Detetor). It is unused and to my knowledge has
never been used on any platform that ipfilter has been on. However it looks like it could be a useful utility, therefore there are plans to make it a port one day. It lacks a man page as well. MFC after: 1 month
This commit is contained in:
parent
560aa8a874
commit
1c9a919954
@ -1,203 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1995 by Darren Reed.
|
||||
*
|
||||
* This code may be freely distributed as long as it retains this notice
|
||||
* and is not changed in any way. The author accepts no responsibility
|
||||
* for the use of this software. I hate legaleese, don't you ?
|
||||
*
|
||||
* @(#)ip_compat.h 1.1 9/14/95
|
||||
*/
|
||||
|
||||
/*
|
||||
* These #ifdef's are here mainly for linux, but who knows, they may
|
||||
* not be in other places or maybe one day linux will grow up and some
|
||||
* of these will turn up there too.
|
||||
*/
|
||||
#ifndef ICMP_UNREACH
|
||||
# define ICMP_UNREACH ICMP_DEST_UNREACH
|
||||
#endif
|
||||
#ifndef ICMP_SOURCEQUENCH
|
||||
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
|
||||
#endif
|
||||
#ifndef ICMP_TIMXCEED
|
||||
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
|
||||
#endif
|
||||
#ifndef ICMP_PARAMPROB
|
||||
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
|
||||
#endif
|
||||
#ifndef IPVERSION
|
||||
# define IPVERSION 4
|
||||
#endif
|
||||
#ifndef IPOPT_MINOFF
|
||||
# define IPOPT_MINOFF 4
|
||||
#endif
|
||||
#ifndef IPOPT_COPIED
|
||||
# define IPOPT_COPIED(x) ((x)&0x80)
|
||||
#endif
|
||||
#ifndef IPOPT_EOL
|
||||
# define IPOPT_EOL 0
|
||||
#endif
|
||||
#ifndef IPOPT_NOP
|
||||
# define IPOPT_NOP 1
|
||||
#endif
|
||||
#ifndef IP_MF
|
||||
# define IP_MF ((u_short)0x2000)
|
||||
#endif
|
||||
#ifndef ETHERTYPE_IP
|
||||
# define ETHERTYPE_IP ((u_short)0x0800)
|
||||
#endif
|
||||
#ifndef TH_FIN
|
||||
# define TH_FIN 0x01
|
||||
#endif
|
||||
#ifndef TH_SYN
|
||||
# define TH_SYN 0x02
|
||||
#endif
|
||||
#ifndef TH_RST
|
||||
# define TH_RST 0x04
|
||||
#endif
|
||||
#ifndef TH_PUSH
|
||||
# define TH_PUSH 0x08
|
||||
#endif
|
||||
#ifndef TH_ACK
|
||||
# define TH_ACK 0x10
|
||||
#endif
|
||||
#ifndef TH_URG
|
||||
# define TH_URG 0x20
|
||||
#endif
|
||||
#ifndef IPOPT_EOL
|
||||
# define IPOPT_EOL 0
|
||||
#endif
|
||||
#ifndef IPOPT_NOP
|
||||
# define IPOPT_NOP 1
|
||||
#endif
|
||||
#ifndef IPOPT_RR
|
||||
# define IPOPT_RR 7
|
||||
#endif
|
||||
#ifndef IPOPT_TS
|
||||
# define IPOPT_TS 68
|
||||
#endif
|
||||
#ifndef IPOPT_SECURITY
|
||||
# define IPOPT_SECURITY 130
|
||||
#endif
|
||||
#ifndef IPOPT_LSRR
|
||||
# define IPOPT_LSRR 131
|
||||
#endif
|
||||
#ifndef IPOPT_SATID
|
||||
# define IPOPT_SATID 136
|
||||
#endif
|
||||
#ifndef IPOPT_SSRR
|
||||
# define IPOPT_SSRR 137
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_UNCLASS
|
||||
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_CONFID
|
||||
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_EFTO
|
||||
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_MMMM
|
||||
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_RESTR
|
||||
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_SECRET
|
||||
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
|
||||
#endif
|
||||
#ifndef IPOPT_SECUR_TOPSECRET
|
||||
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
|
||||
#endif
|
||||
|
||||
#ifdef linux
|
||||
# define icmp icmphdr
|
||||
# define icmp_type type
|
||||
# define icmp_code code
|
||||
|
||||
/*
|
||||
* From /usr/include/netinet/ip_var.h
|
||||
* !%@#!$@# linux...
|
||||
*/
|
||||
struct ipovly {
|
||||
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
|
||||
u_char ih_x1; /* (unused) */
|
||||
u_char ih_pr; /* protocol */
|
||||
short ih_len; /* protocol length */
|
||||
struct in_addr ih_src; /* source internet address */
|
||||
struct in_addr ih_dst; /* destination internet address */
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
__u16 th_sport;
|
||||
__u16 th_dport;
|
||||
__u32 th_seq;
|
||||
__u32 th_ack;
|
||||
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
|
||||
defined(vax)
|
||||
__u8 th_res:4;
|
||||
__u8 th_off:4;
|
||||
#else
|
||||
__u8 th_off:4;
|
||||
__u8 th_res:4;
|
||||
#endif
|
||||
__u8 th_flags;
|
||||
__u16 th_win;
|
||||
__u16 th_sum;
|
||||
__u16 th_urp;
|
||||
} tcphdr_t;
|
||||
|
||||
typedef struct {
|
||||
__u16 uh_sport;
|
||||
__u16 uh_dport;
|
||||
__s16 uh_ulen;
|
||||
__u16 uh_sum;
|
||||
} udphdr_t;
|
||||
|
||||
typedef struct {
|
||||
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
|
||||
defined(vax)
|
||||
__u8 ip_hl:4;
|
||||
__u8 ip_v:4;
|
||||
# else
|
||||
__u8 ip_hl:4;
|
||||
__u8 ip_v:4;
|
||||
# endif
|
||||
__u8 ip_tos;
|
||||
__u16 ip_len;
|
||||
__u16 ip_id;
|
||||
__u16 ip_off;
|
||||
__u8 ip_ttl;
|
||||
__u8 ip_p;
|
||||
__u16 ip_sum;
|
||||
struct in_addr ip_src;
|
||||
struct in_addr ip_dst;
|
||||
} ip_t;
|
||||
|
||||
typedef struct {
|
||||
__u8 ether_dhost[6];
|
||||
__u8 ether_shost[6];
|
||||
__u16 ether_type;
|
||||
} ether_header_t;
|
||||
|
||||
# define bcopy(a,b,c) memmove(b,a,c)
|
||||
# define bcmp(a,b,c) memcmp(a,b,c)
|
||||
|
||||
# define ifnet device
|
||||
|
||||
#else
|
||||
|
||||
typedef struct udphdr udphdr_t;
|
||||
typedef struct tcphdr tcphdr_t;
|
||||
typedef struct ip ip_t;
|
||||
typedef struct ether_header ether_header_t;
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef solaris
|
||||
# define bcopy(a,b,c) memmove(b,a,c)
|
||||
# define bcmp(a,b,c) memcmp(a,b,c)
|
||||
# define bzero(a,b) memset(a,0,b)
|
||||
#endif
|
@ -1,61 +0,0 @@
|
||||
#
|
||||
# Copyright (C) 2012 by Darren Reed.
|
||||
#
|
||||
# See the IPFILTER.LICENCE file for details on licencing.
|
||||
#
|
||||
OBJS=ipsd.o
|
||||
BINDEST=/usr/local/bin
|
||||
SBINDEST=/sbin
|
||||
MANDIR=/usr/share/man
|
||||
BPF=sbpf.o
|
||||
NIT=snit.o
|
||||
SUNOS4=
|
||||
BSD=
|
||||
LINUX=slinux.o
|
||||
SUNOS5=dlcommon.o sdlpi.o
|
||||
|
||||
CC=gcc
|
||||
CFLAGS=-g -I.. -I../ipsend
|
||||
|
||||
all:
|
||||
@echo "Use one of these targets:"
|
||||
@echo " sunos4-nit (standard SunOS 4.1.x)"
|
||||
@echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)"
|
||||
@echo " bsd-bpf (4.4BSD variant with BPF in the kernel)"
|
||||
@echo " linux (Linux kernels)"
|
||||
@echo " sunos5 (Solaris 2.x)"
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) -c $< -o $@
|
||||
|
||||
ipsdr: ipsdr.o
|
||||
$(CC) ipsdr.o -o $@ $(LIBS)
|
||||
|
||||
bpf sunos4-bpf :
|
||||
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \
|
||||
"CFLAGS=$(CFLAGS)"
|
||||
|
||||
nit sunos4 sunos4-nit :
|
||||
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \
|
||||
"CFLAGS=$(CFLAGS)"
|
||||
|
||||
sunos5 :
|
||||
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \
|
||||
CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl"
|
||||
|
||||
bsd-bpf :
|
||||
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \
|
||||
"CFLAGS=$(CFLAGS)"
|
||||
|
||||
linux :
|
||||
make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \
|
||||
CFLAGS="$(CFLAGS) -I /usr/src/linux"
|
||||
|
||||
ipsd: $(OBJS) $(UNIXOBJS)
|
||||
$(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS)
|
||||
|
||||
../ipft_sn.o ../ipft_pc.o:
|
||||
(cd ..; make $(@:../%=%))
|
||||
|
||||
clean:
|
||||
rm -rf *.o core a.out ipsd ipsdr
|
@ -1,32 +0,0 @@
|
||||
|
||||
IP Scan Detetor.
|
||||
----------------
|
||||
|
||||
This program is designed to be a passive listener for TCP packets sent to
|
||||
the host. It does not exercise the promiscous mode of interfaces. For
|
||||
routing Unix boxes (and firewalls which route/proxy) this is sufficient to
|
||||
detect all packets going to/through them.
|
||||
|
||||
Upon compiling, a predefined set of "sensitive" ports are configured into
|
||||
the program. Any TCP packets which are seen sent to these ports are counted
|
||||
and the IP# of the sending host recorded, along with the time of the first
|
||||
packet to that port for that IP#.
|
||||
|
||||
After a given number of "hits", it will write the current table of packets
|
||||
out to disk. This number defaults to 10,000.
|
||||
|
||||
To analyze the information written to disk, a sample program called "ipsdr"
|
||||
is used (should but doesn't implement a tree algorithm for storing data)
|
||||
which reads all log files it recognises and totals up the number of ports
|
||||
each host hit. By default, all ports have the same weighting (1). Another
|
||||
group of passes is then made over this table using a netmask of 0xfffffffe,
|
||||
grouping all results which fall under the same resulting IP#. This netmask
|
||||
is then shrunk back to 0, with a output for each level given. This is aimed
|
||||
at detecting port scans done from different hosts on the same subnet (although
|
||||
I've not seen this done, if one was trying to do it obscurely...)
|
||||
|
||||
Lastly, being passive means that no action is taken to stop port scans being
|
||||
done or discourage them.
|
||||
|
||||
Darren
|
||||
darrenr@pobox.com
|
@ -1,296 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1995-1998 Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
#include <netdb.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#ifndef linux
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#endif
|
||||
#include "ip_compat.h"
|
||||
#ifdef linux
|
||||
#include <linux/sockios.h>
|
||||
#include "tcpip.h"
|
||||
#endif
|
||||
#include "ipsd.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id$";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
|
||||
#ifdef linux
|
||||
char default_device[] = "eth0";
|
||||
#else
|
||||
# ifdef sun
|
||||
char default_device[] = "le0";
|
||||
# else
|
||||
# ifdef ultrix
|
||||
char default_device[] = "ln0";
|
||||
# else
|
||||
char default_device[] = "lan0";
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define NPORTS 21
|
||||
|
||||
u_short defports[NPORTS] = {
|
||||
7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
|
||||
123, 161, 162, 512, 513, 514, 515, 520, 540, 6000, 0
|
||||
};
|
||||
|
||||
ipsd_t *iphits[NPORTS];
|
||||
int writes = 0;
|
||||
|
||||
|
||||
int ipcmp(sh1, sh2)
|
||||
sdhit_t *sh1, *sh2;
|
||||
{
|
||||
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Check to see if we've already received a packet from this host for this
|
||||
* port.
|
||||
*/
|
||||
int findhit(ihp, src, dport)
|
||||
ipsd_t *ihp;
|
||||
struct in_addr src;
|
||||
u_short dport;
|
||||
{
|
||||
int i, j, k;
|
||||
sdhit_t *sh;
|
||||
|
||||
sh = NULL;
|
||||
|
||||
if (ihp->sd_sz == 4) {
|
||||
for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++)
|
||||
if (src.s_addr == sh->sh_ip.s_addr)
|
||||
return 1;
|
||||
} else {
|
||||
for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) {
|
||||
k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr;
|
||||
if (!k)
|
||||
return 1;
|
||||
else if (k < 0)
|
||||
i -= j;
|
||||
else
|
||||
i += j;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Search for port number amongst the sorted array of targets we're
|
||||
* interested in.
|
||||
*/
|
||||
int detect(ip, tcp)
|
||||
ip_t *ip;
|
||||
tcphdr_t *tcp;
|
||||
{
|
||||
ipsd_t *ihp;
|
||||
sdhit_t *sh;
|
||||
int i, j, k;
|
||||
|
||||
for (i = 10, j = 4; j >= 0; j--) {
|
||||
k = tcp->th_dport - defports[i];
|
||||
if (!k) {
|
||||
ihp = iphits[i];
|
||||
if (findhit(ihp, ip->ip_src, tcp->th_dport))
|
||||
return 0;
|
||||
sh = ihp->sd_hit + ihp->sd_cnt;
|
||||
sh->sh_date = time(NULL);
|
||||
sh->sh_ip.s_addr = ip->ip_src.s_addr;
|
||||
if (++ihp->sd_cnt == ihp->sd_sz)
|
||||
{
|
||||
ihp->sd_sz += 8;
|
||||
sh = reallocarray(sh, ihp->sd_sz, sizeof(*sh));
|
||||
ihp->sd_hit = sh;
|
||||
}
|
||||
qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp);
|
||||
return 0;
|
||||
}
|
||||
if (k < 0)
|
||||
i -= j;
|
||||
else
|
||||
i += j;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Allocate initial storage for hosts
|
||||
*/
|
||||
setuphits()
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NPORTS; i++) {
|
||||
if (iphits[i]) {
|
||||
if (iphits[i]->sd_hit)
|
||||
free(iphits[i]->sd_hit);
|
||||
free(iphits[i]);
|
||||
}
|
||||
iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t));
|
||||
iphits[i]->sd_port = defports[i];
|
||||
iphits[i]->sd_cnt = 0;
|
||||
iphits[i]->sd_sz = 4;
|
||||
iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* cleanup exits
|
||||
*/
|
||||
waiter()
|
||||
{
|
||||
wait(0);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Write statistics out to a file
|
||||
*/
|
||||
writestats(nwrites)
|
||||
int nwrites;
|
||||
{
|
||||
ipsd_t **ipsd, *ips;
|
||||
char fname[32];
|
||||
int i, fd;
|
||||
|
||||
(void) sprintf(fname, "/var/log/ipsd/ipsd-hits.%d", nwrites);
|
||||
fd = open(fname, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0644);
|
||||
for (i = 0, ipsd = iphits; i < NPORTS; i++, ipsd++) {
|
||||
ips = *ipsd;
|
||||
if (ips->sd_cnt) {
|
||||
write(fd, ips, sizeof(ipsd_t));
|
||||
write(fd, ips->sd_hit, sizeof(sdhit_t) * ips->sd_sz);
|
||||
}
|
||||
}
|
||||
(void) close(fd);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
||||
void writenow()
|
||||
{
|
||||
signal(SIGCHLD, waiter);
|
||||
switch (fork())
|
||||
{
|
||||
case 0 :
|
||||
writestats(writes);
|
||||
exit(0);
|
||||
case -1 :
|
||||
perror("vfork");
|
||||
break;
|
||||
default :
|
||||
writes++;
|
||||
setuphits();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void usage(prog)
|
||||
char *prog;
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-d device]\n", prog);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
void detecthits(fd, writecount)
|
||||
int fd, writecount;
|
||||
{
|
||||
struct in_addr ip;
|
||||
int hits = 0;
|
||||
|
||||
while (1) {
|
||||
hits += readloop(fd, ip);
|
||||
if (hits > writecount) {
|
||||
writenow();
|
||||
hits = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
char *name = argv[0], *dev = NULL;
|
||||
int fd, writeafter = 10000, angelic = 0, c;
|
||||
|
||||
while ((c = getopt(argc, argv, "ad:n:")) != -1)
|
||||
switch (c)
|
||||
{
|
||||
case 'a' :
|
||||
angelic = 1;
|
||||
break;
|
||||
case 'd' :
|
||||
dev = optarg;
|
||||
break;
|
||||
case 'n' :
|
||||
writeafter = atoi(optarg);
|
||||
break;
|
||||
default :
|
||||
fprintf(stderr, "Unknown option \"%c\"\n", c);
|
||||
usage(name);
|
||||
}
|
||||
|
||||
bzero(iphits, sizeof(iphits));
|
||||
setuphits();
|
||||
|
||||
if (!dev)
|
||||
dev = default_device;
|
||||
printf("Device: %s\n", dev);
|
||||
fd = initdevice(dev, 60);
|
||||
|
||||
if (!angelic) {
|
||||
switch (fork())
|
||||
{
|
||||
case 0 :
|
||||
(void) close(0);
|
||||
(void) close(1);
|
||||
(void) close(2);
|
||||
(void) setpgrp(0, getpgrp());
|
||||
(void) setsid();
|
||||
break;
|
||||
case -1:
|
||||
perror("fork");
|
||||
exit(-1);
|
||||
default:
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
signal(SIGUSR1, writenow);
|
||||
detecthits(fd, writeafter);
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1995-1998 Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* @(#)ipsd.h 1.3 12/3/95
|
||||
*/
|
||||
|
||||
typedef struct {
|
||||
time_t sh_date;
|
||||
struct in_addr sh_ip;
|
||||
} sdhit_t;
|
||||
|
||||
typedef struct {
|
||||
u_int sd_sz;
|
||||
u_int sd_cnt;
|
||||
u_short sd_port;
|
||||
sdhit_t *sd_hit;
|
||||
} ipsd_t;
|
||||
|
||||
typedef struct {
|
||||
struct in_addr ss_ip;
|
||||
int ss_hits;
|
||||
u_long ss_ports;
|
||||
} ipss_t;
|
||||
|
@ -1,314 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1995-1998 Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <malloc.h>
|
||||
#include <netdb.h>
|
||||
#include <string.h>
|
||||
#include <sys/dir.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#ifndef linux
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#endif
|
||||
#include "ip_compat.h"
|
||||
#ifdef linux
|
||||
#include <linux/sockios.h>
|
||||
#include "tcpip.h"
|
||||
#endif
|
||||
#include "ipsd.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id$";
|
||||
#endif
|
||||
|
||||
extern char *optarg;
|
||||
extern int optind;
|
||||
|
||||
#define NPORTS 21
|
||||
|
||||
u_short defports[NPORTS] = {
|
||||
7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
|
||||
123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0
|
||||
};
|
||||
u_short pweights[NPORTS] = {
|
||||
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1
|
||||
};
|
||||
|
||||
ipsd_t *iphits[NPORTS];
|
||||
int pkts;
|
||||
|
||||
|
||||
int ipcmp(sh1, sh2)
|
||||
sdhit_t *sh1, *sh2;
|
||||
{
|
||||
return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr;
|
||||
}
|
||||
|
||||
|
||||
int ssipcmp(sh1, sh2)
|
||||
ipss_t *sh1, *sh2;
|
||||
{
|
||||
return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr;
|
||||
}
|
||||
|
||||
|
||||
int countpbits(num)
|
||||
u_long num;
|
||||
{
|
||||
int i, j;
|
||||
|
||||
for (i = 1, j = 0; i; i <<= 1)
|
||||
if (num & i)
|
||||
j++;
|
||||
return j;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Check to see if we've already received a packet from this host for this
|
||||
* port.
|
||||
*/
|
||||
int findhit(ihp, src, dport)
|
||||
ipsd_t *ihp;
|
||||
struct in_addr src;
|
||||
u_short dport;
|
||||
{
|
||||
int i, j, k;
|
||||
sdhit_t *sh;
|
||||
|
||||
sh = NULL;
|
||||
|
||||
if (ihp->sd_sz == 4) {
|
||||
for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++)
|
||||
if (src.s_addr == sh->sh_ip.s_addr)
|
||||
return 1;
|
||||
} else {
|
||||
for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) {
|
||||
k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr;
|
||||
if (!k)
|
||||
return 1;
|
||||
else if (k < 0)
|
||||
i -= j;
|
||||
else
|
||||
i += j;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Search for port number amongst the sorted array of targets we're
|
||||
* interested in.
|
||||
*/
|
||||
int detect(srcip, dport, date)
|
||||
struct in_addr srcip;
|
||||
u_short dport;
|
||||
time_t date;
|
||||
{
|
||||
ipsd_t *ihp;
|
||||
sdhit_t *sh;
|
||||
int i, j, k;
|
||||
|
||||
for (i = 10, j = 4; j >= 0; j--) {
|
||||
k = dport - defports[i];
|
||||
if (!k) {
|
||||
ihp = iphits[i];
|
||||
if (findhit(ihp, srcip, dport))
|
||||
return 0;
|
||||
sh = ihp->sd_hit + ihp->sd_cnt;
|
||||
sh->sh_date = date;
|
||||
sh->sh_ip = srcip;
|
||||
if (++ihp->sd_cnt == ihp->sd_sz)
|
||||
{
|
||||
ihp->sd_sz += 8;
|
||||
sh = reallocarray(sh, ihp->sd_sz, sizeof(*sh));
|
||||
ihp->sd_hit = sh;
|
||||
}
|
||||
qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp);
|
||||
return 0;
|
||||
}
|
||||
if (k < 0)
|
||||
i -= j;
|
||||
else
|
||||
i += j;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Allocate initial storage for hosts
|
||||
*/
|
||||
setuphits()
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NPORTS; i++) {
|
||||
if (iphits[i]) {
|
||||
if (iphits[i]->sd_hit)
|
||||
free(iphits[i]->sd_hit);
|
||||
free(iphits[i]);
|
||||
}
|
||||
iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t));
|
||||
iphits[i]->sd_port = defports[i];
|
||||
iphits[i]->sd_cnt = 0;
|
||||
iphits[i]->sd_sz = 4;
|
||||
iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Write statistics out to a file
|
||||
*/
|
||||
addfile(file)
|
||||
char *file;
|
||||
{
|
||||
ipsd_t ipsd, *ips = &ipsd;
|
||||
sdhit_t hit, *hp;
|
||||
char fname[32];
|
||||
int i, fd, sz;
|
||||
|
||||
if ((fd = open(file, O_RDONLY)) == -1) {
|
||||
perror("open");
|
||||
return;
|
||||
}
|
||||
|
||||
printf("opened %s\n", file);
|
||||
do {
|
||||
if (read(fd, ips, sizeof(*ips)) != sizeof(*ips))
|
||||
break;
|
||||
sz = ips->sd_sz * sizeof(*hp);
|
||||
hp = (sdhit_t *)malloc(sz);
|
||||
if (read(fd, hp, sz) != sz)
|
||||
break;
|
||||
for (i = 0; i < ips->sd_cnt; i++)
|
||||
detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date);
|
||||
} while (1);
|
||||
(void) close(fd);
|
||||
}
|
||||
|
||||
|
||||
readfiles(dir)
|
||||
char *dir;
|
||||
{
|
||||
struct direct **d;
|
||||
int i, j;
|
||||
|
||||
d = NULL;
|
||||
i = scandir(dir, &d, NULL, NULL);
|
||||
|
||||
for (j = 0; j < i; j++) {
|
||||
if (strncmp(d[j]->d_name, "ipsd-hits.", 10))
|
||||
continue;
|
||||
addfile(d[j]->d_name);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void printreport(ss, num)
|
||||
ipss_t *ss;
|
||||
int num;
|
||||
{
|
||||
struct in_addr ip;
|
||||
ipss_t *sp;
|
||||
int i, j, mask;
|
||||
u_long ports;
|
||||
|
||||
printf("Hosts detected: %d\n", num);
|
||||
if (!num)
|
||||
return;
|
||||
for (i = 0; i < num; i++)
|
||||
printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits,
|
||||
countpbits(ss[i].ss_ports));
|
||||
|
||||
printf("--------------------------\n");
|
||||
for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) {
|
||||
ip.s_addr = ss[0].ss_ip.s_addr & mask;
|
||||
ports = ss[0].ss_ports;
|
||||
for (i = 1; i < num; i++) {
|
||||
sp = ss + i;
|
||||
if (ip.s_addr != (sp->ss_ip.s_addr & mask)) {
|
||||
printf("Netmask: 0x%08x\n", mask);
|
||||
printf("%s %d\n", inet_ntoa(ip),
|
||||
countpbits(ports));
|
||||
ip.s_addr = sp->ss_ip.s_addr & mask;
|
||||
ports = 0;
|
||||
}
|
||||
ports |= sp->ss_ports;
|
||||
}
|
||||
if (ports) {
|
||||
printf("Netmask: 0x%08x\n", mask);
|
||||
printf("%s %d\n", inet_ntoa(ip), countpbits(ports));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
collectips()
|
||||
{
|
||||
ipsd_t *ips;
|
||||
ipss_t *ss;
|
||||
int i, num, nip, in, j, k;
|
||||
|
||||
for (i = 0; i < NPORTS; i++)
|
||||
nip += iphits[i]->sd_cnt;
|
||||
|
||||
ss = (ipss_t *)malloc(sizeof(ipss_t) * nip);
|
||||
|
||||
for (in = 0, i = 0, num = 0; i < NPORTS; i++) {
|
||||
ips = iphits[i];
|
||||
for (j = 0; j < ips->sd_cnt; j++) {
|
||||
for (k = 0; k < num; k++)
|
||||
if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip,
|
||||
sizeof(struct in_addr))) {
|
||||
ss[k].ss_hits += pweights[i];
|
||||
ss[k].ss_ports |= (1 << i);
|
||||
break;
|
||||
}
|
||||
if (k == num) {
|
||||
ss[num].ss_ip = ips->sd_hit[j].sh_ip;
|
||||
ss[num].ss_hits = pweights[i];
|
||||
ss[k].ss_ports |= (1 << i);
|
||||
num++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
qsort(ss, num, sizeof(*ss), ssipcmp);
|
||||
|
||||
printreport(ss, num);
|
||||
}
|
||||
|
||||
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
{
|
||||
char c, *name = argv[0], *dir = NULL;
|
||||
int fd;
|
||||
|
||||
setuphits();
|
||||
dir = dir ? dir : ".";
|
||||
readfiles(dir);
|
||||
collectips();
|
||||
}
|
@ -1,17 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* @(#)linux.h 1.1 8/19/95
|
||||
*/
|
||||
|
||||
#include <linux/config.h>
|
||||
#ifdef MODULE
|
||||
#include <linux/module.h>
|
||||
#include <linux/version.h>
|
||||
#endif /* MODULE */
|
||||
|
||||
#include "ip_compat.h"
|
@ -1,210 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <netdb.h>
|
||||
#include <ctype.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#ifdef __NetBSD__
|
||||
# include <paths.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/ioctl.h>
|
||||
#if BSD < 199103
|
||||
#include <sys/fcntlcom.h>
|
||||
#endif
|
||||
#include <sys/dir.h>
|
||||
#include <net/bpf.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/udp_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include "ip_compat.h"
|
||||
|
||||
#ifndef lint
|
||||
static char sbpf[] = "@(#)sbpf.c 1.2 12/3/95 (C)1995 Darren Reed";
|
||||
#endif
|
||||
|
||||
/*
|
||||
(000) ldh [12]
|
||||
(001) jeq #0x800 jt 2 jf 5
|
||||
(002) ldb [23]
|
||||
(003) jeq #0x6 jt 4 jf 5
|
||||
(004) ret #68
|
||||
(005) ret #0
|
||||
*/
|
||||
struct bpf_insn filter[] = {
|
||||
/* 0. */ { BPF_LD|BPF_H|BPF_ABS, 0, 0, 12 },
|
||||
/* 1. */ { BPF_JMP|BPF_JEQ, 0, 3, 0x0800 },
|
||||
/* 2. */ { BPF_LD|BPF_B|BPF_ABS, 0, 0, 23 },
|
||||
/* 3. */ { BPF_JMP|BPF_JEQ, 0, 1, 0x06 },
|
||||
/* 4. */ { BPF_RET, 0, 0, 68 },
|
||||
/* 5. */ { BPF_RET, 0, 0, 0 }
|
||||
};
|
||||
/*
|
||||
* the code herein is dervied from libpcap.
|
||||
*/
|
||||
static u_char *buf = NULL;
|
||||
static u_int bufsize = 32768, timeout = 1;
|
||||
|
||||
|
||||
int ack_recv(ep)
|
||||
char *ep;
|
||||
{
|
||||
struct tcpiphdr tip;
|
||||
tcphdr_t *tcp;
|
||||
ip_t *ip;
|
||||
|
||||
ip = (ip_t *)&tip;
|
||||
tcp = (tcphdr_t *)(ip + 1);
|
||||
bcopy(ep + 14, (char *)ip, sizeof(*ip));
|
||||
bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
|
||||
if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP)
|
||||
return -1;
|
||||
if (ip->ip_p & 0x1fff != 0)
|
||||
return 0;
|
||||
if (0 == detect(ip, tcp))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int readloop(fd, port, dst)
|
||||
int fd, port;
|
||||
struct in_addr dst;
|
||||
{
|
||||
register u_char *bp, *cp, *bufend;
|
||||
register struct bpf_hdr *bh;
|
||||
register int cc;
|
||||
time_t in = time(NULL);
|
||||
int done = 0;
|
||||
|
||||
while ((cc = read(fd, buf, bufsize)) >= 0) {
|
||||
if (!cc && (time(NULL) - in) > timeout)
|
||||
return done;
|
||||
bp = buf;
|
||||
bufend = buf + cc;
|
||||
/*
|
||||
* loop through each snapshot in the chunk
|
||||
*/
|
||||
while (bp < bufend) {
|
||||
bh = (struct bpf_hdr *)bp;
|
||||
cp = bp + bh->bh_hdrlen;
|
||||
done += ack_recv(cp);
|
||||
bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen);
|
||||
}
|
||||
return done;
|
||||
}
|
||||
perror("read");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
int initdevice(device, tout)
|
||||
char *device;
|
||||
int tout;
|
||||
{
|
||||
struct bpf_program prog;
|
||||
struct bpf_version bv;
|
||||
struct timeval to;
|
||||
struct ifreq ifr;
|
||||
#ifdef _PATH_BPF
|
||||
char *bpfname = _PATH_BPF;
|
||||
int fd;
|
||||
|
||||
if ((fd = open(bpfname, O_RDWR)) < 0)
|
||||
{
|
||||
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
char bpfname[16];
|
||||
int fd = -1, i;
|
||||
|
||||
for (i = 0; i < 16; i++)
|
||||
{
|
||||
(void) sprintf(bpfname, "/dev/bpf%d", i);
|
||||
if ((fd = open(bpfname, O_RDWR)) >= 0)
|
||||
break;
|
||||
}
|
||||
if (i == 16)
|
||||
{
|
||||
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
|
||||
{
|
||||
perror("BIOCVERSION");
|
||||
return -1;
|
||||
}
|
||||
if (bv.bv_major != BPF_MAJOR_VERSION ||
|
||||
bv.bv_minor < BPF_MINOR_VERSION)
|
||||
{
|
||||
fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n",
|
||||
bv.bv_major, bv.bv_minor);
|
||||
fprintf(stderr, "current version: %d.%d\n",
|
||||
BPF_MAJOR_VERSION, BPF_MINOR_VERSION);
|
||||
return -1;
|
||||
}
|
||||
|
||||
(void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
|
||||
if (ioctl(fd, BIOCSETIF, &ifr) == -1)
|
||||
{
|
||||
fprintf(stderr, "%s(%d):", ifr.ifr_name, fd);
|
||||
perror("BIOCSETIF");
|
||||
exit(1);
|
||||
}
|
||||
/*
|
||||
* set the timeout
|
||||
*/
|
||||
timeout = tout;
|
||||
to.tv_sec = 1;
|
||||
to.tv_usec = 0;
|
||||
if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1)
|
||||
{
|
||||
perror("BIOCSRTIMEOUT");
|
||||
exit(-1);
|
||||
}
|
||||
/*
|
||||
* get kernel buffer size
|
||||
*/
|
||||
if (ioctl(fd, BIOCSBLEN, &bufsize) == -1)
|
||||
perror("BIOCSBLEN");
|
||||
if (ioctl(fd, BIOCGBLEN, &bufsize) == -1)
|
||||
{
|
||||
perror("BIOCGBLEN");
|
||||
exit(-1);
|
||||
}
|
||||
printf("BPF buffer size: %d\n", bufsize);
|
||||
buf = (u_char*)malloc(bufsize);
|
||||
|
||||
prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn);
|
||||
prog.bf_insns = filter;
|
||||
if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1)
|
||||
{
|
||||
perror("BIOCSETF");
|
||||
exit(-1);
|
||||
}
|
||||
(void) ioctl(fd, BIOCFLUSH, 0);
|
||||
return fd;
|
||||
}
|
@ -1,261 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <netdb.h>
|
||||
#include <ctype.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/stropts.h>
|
||||
|
||||
#include <sys/pfmod.h>
|
||||
#include <sys/bufmod.h>
|
||||
#include <sys/dlpi.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/udp_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
|
||||
#include "ip_compat.h"
|
||||
|
||||
#ifndef lint
|
||||
static char snitid[] = "%W% %G% (C)1995 Darren Reed";
|
||||
#endif
|
||||
|
||||
#define BUFSPACE 32768
|
||||
|
||||
static int solfd;
|
||||
|
||||
/*
|
||||
* Be careful to only include those defined in the flags option for the
|
||||
* interface are included in the header size.
|
||||
*/
|
||||
static int timeout;
|
||||
|
||||
|
||||
void nullbell()
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int ack_recv(ep)
|
||||
char *ep;
|
||||
{
|
||||
struct tcpiphdr tip;
|
||||
tcphdr_t *tcp;
|
||||
ip_t *ip;
|
||||
|
||||
ip = (ip_t *)&tip;
|
||||
tcp = (tcphdr_t *)(ip + 1);
|
||||
bcopy(ep, (char *)ip, sizeof(*ip));
|
||||
bcopy(ep + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
|
||||
|
||||
if (ip->ip_off & 0x1fff != 0)
|
||||
return 0;
|
||||
if (0 == detect(ip, tcp))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int readloop(fd, port, dst)
|
||||
int fd, port;
|
||||
struct in_addr dst;
|
||||
{
|
||||
static u_char buf[BUFSPACE];
|
||||
register u_char *bp, *cp, *bufend;
|
||||
register struct sb_hdr *hp;
|
||||
register int cc;
|
||||
struct strbuf dbuf;
|
||||
ether_header_t eh;
|
||||
time_t now = time(NULL);
|
||||
int flags = 0, i, done = 0;
|
||||
|
||||
fd = solfd;
|
||||
dbuf.len = 0;
|
||||
dbuf.buf = buf;
|
||||
dbuf.maxlen = sizeof(buf);
|
||||
/*
|
||||
* no control data buffer...
|
||||
*/
|
||||
while (1) {
|
||||
(void) signal(SIGALRM, nullbell);
|
||||
alarm(1);
|
||||
i = getmsg(fd, NULL, &dbuf, &flags);
|
||||
alarm(0);
|
||||
(void) signal(SIGALRM, nullbell);
|
||||
|
||||
cc = dbuf.len;
|
||||
if ((time(NULL) - now) > timeout)
|
||||
return done;
|
||||
if (i == -1)
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
else
|
||||
break;
|
||||
bp = buf;
|
||||
bufend = buf + cc;
|
||||
/*
|
||||
* loop through each snapshot in the chunk
|
||||
*/
|
||||
while (bp < bufend) {
|
||||
/*
|
||||
* get past bufmod header
|
||||
*/
|
||||
hp = (struct sb_hdr *)bp;
|
||||
cp = (u_char *)((char *)bp + sizeof(*hp));
|
||||
bcopy(cp, (char *)&eh, sizeof(eh));
|
||||
/*
|
||||
* next snapshot
|
||||
*/
|
||||
bp += hp->sbh_totlen;
|
||||
cc -= hp->sbh_totlen;
|
||||
|
||||
if (eh.ether_type != ETHERTYPE_IP)
|
||||
continue;
|
||||
|
||||
cp += sizeof(eh);
|
||||
done += ack_recv(cp);
|
||||
}
|
||||
alarm(1);
|
||||
}
|
||||
perror("getmsg");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
int initdevice(device, tout)
|
||||
char *device;
|
||||
int tout;
|
||||
{
|
||||
struct strioctl si;
|
||||
struct timeval to;
|
||||
struct ifreq ifr;
|
||||
struct packetfilt pfil;
|
||||
u_long if_flags;
|
||||
u_short *fwp = pfil.Pf_Filter;
|
||||
char devname[16], *s, buf[256];
|
||||
int i, offset, fd, snaplen= 58, chunksize = BUFSPACE;
|
||||
|
||||
(void) sprintf(devname, "/dev/%s", device);
|
||||
|
||||
s = devname + 5;
|
||||
while (*s && !ISDIGIT(*s))
|
||||
s++;
|
||||
if (!*s)
|
||||
{
|
||||
fprintf(stderr, "bad device name %s\n", devname);
|
||||
exit(-1);
|
||||
}
|
||||
i = atoi(s);
|
||||
*s = '\0';
|
||||
/*
|
||||
* For reading
|
||||
*/
|
||||
if ((fd = open(devname, O_RDWR)) < 0)
|
||||
{
|
||||
fprintf(stderr, "O_RDWR(0) ");
|
||||
perror(devname);
|
||||
exit(-1);
|
||||
}
|
||||
if (dlattachreq(fd, i) == -1 || dlokack(fd, buf) == -1)
|
||||
{
|
||||
fprintf(stderr, "DLPI error\n");
|
||||
exit(-1);
|
||||
}
|
||||
dlbindreq(fd, ETHERTYPE_IP, 0, DL_CLDLS, 0, 0);
|
||||
dlbindack(fd, buf);
|
||||
/*
|
||||
* read full headers
|
||||
*/
|
||||
if (strioctl(fd, DLIOCRAW, -1, 0, NULL) == -1)
|
||||
{
|
||||
fprintf(stderr, "DLIOCRAW error\n");
|
||||
exit(-1);
|
||||
}
|
||||
/*
|
||||
* Create some filter rules for our TCP watcher. We only want ethernet
|
||||
* pacets which are IP protocol and only the TCP packets from IP.
|
||||
*/
|
||||
offset = 6;
|
||||
*fwp++ = ENF_PUSHWORD + offset;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_CAND;
|
||||
*fwp++ = htons(ETHERTYPE_IP);
|
||||
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_AND;
|
||||
*fwp++ = htons(0x00ff);
|
||||
*fwp++ = ENF_PUSHLIT | ENF_COR;
|
||||
*fwp++ = htons(IPPROTO_TCP);
|
||||
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_AND;
|
||||
*fwp++ = htons(0x00ff);
|
||||
*fwp++ = ENF_PUSHLIT | ENF_CAND;
|
||||
*fwp++ = htons(IPPROTO_UDP);
|
||||
pfil.Pf_FilterLen = (fwp - &pfil.Pf_Filter[0]);
|
||||
/*
|
||||
* put filter in place.
|
||||
*/
|
||||
|
||||
if (ioctl(fd, I_PUSH, "pfmod") == -1)
|
||||
{
|
||||
perror("ioctl: I_PUSH pf");
|
||||
exit(1);
|
||||
}
|
||||
if (strioctl(fd, PFIOCSETF, -1, sizeof(pfil), (char *)&pfil) == -1)
|
||||
{
|
||||
perror("ioctl: PFIOCSETF");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* arrange to get messages from the NIT STREAM and use NIT_BUF option
|
||||
*/
|
||||
if (ioctl(fd, I_PUSH, "bufmod") == -1)
|
||||
{
|
||||
perror("ioctl: I_PUSH bufmod");
|
||||
exit(1);
|
||||
}
|
||||
i = 128;
|
||||
strioctl(fd, SBIOCSSNAP, -1, sizeof(i), (char *)&i);
|
||||
/*
|
||||
* set the timeout
|
||||
*/
|
||||
to.tv_sec = 1;
|
||||
to.tv_usec = 0;
|
||||
if (strioctl(fd, SBIOCSTIME, -1, sizeof(to), (char *)&to) == -1)
|
||||
{
|
||||
perror("strioctl(SBIOCSTIME)");
|
||||
exit(-1);
|
||||
}
|
||||
/*
|
||||
* flush read queue
|
||||
*/
|
||||
if (ioctl(fd, I_FLUSH, FLUSHR) == -1)
|
||||
{
|
||||
perror("I_FLUSHR");
|
||||
exit(-1);
|
||||
}
|
||||
timeout = tout;
|
||||
solfd = fd;
|
||||
return fd;
|
||||
}
|
@ -1,118 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <netdb.h>
|
||||
#include <ctype.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/dir.h>
|
||||
#include <linux/netdevice.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include "ip_compat.h"
|
||||
#include "tcpip.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char sccsid[] = "@(#)slinux.c 1.1 12/3/95 (C) 1995 Darren Reed";
|
||||
#endif
|
||||
|
||||
#define BUFSPACE 32768
|
||||
|
||||
/*
|
||||
* Be careful to only include those defined in the flags option for the
|
||||
* interface are included in the header size.
|
||||
*/
|
||||
|
||||
static int timeout;
|
||||
static char *eth_dev = NULL;
|
||||
|
||||
|
||||
int ack_recv(bp)
|
||||
char *bp;
|
||||
{
|
||||
struct tcpip tip;
|
||||
tcphdr_t *tcp;
|
||||
ip_t *ip;
|
||||
|
||||
ip = (struct ip *)&tip;
|
||||
tcp = (tcphdr_t *)(ip + 1);
|
||||
|
||||
bcopy(bp, (char *)&tip, sizeof(tip));
|
||||
bcopy(bp + (ip.ip_hl << 2), (char *)tcp, sizeof(*tcp));
|
||||
if (0 == detect(ip, tcp))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void readloop(fd, port, dst)
|
||||
int fd, port;
|
||||
struct in_addr dst;
|
||||
{
|
||||
static u_char buf[BUFSPACE];
|
||||
struct sockaddr dest;
|
||||
register u_char *bp = buf;
|
||||
register int cc;
|
||||
int dlen, done = 0;
|
||||
time_t now = time(NULL);
|
||||
|
||||
do {
|
||||
fflush(stdout);
|
||||
dlen = sizeof(dest);
|
||||
bzero((char *)&dest, dlen);
|
||||
cc = recvfrom(fd, buf, BUFSPACE, 0, &dest, &dlen);
|
||||
if (!cc)
|
||||
if ((time(NULL) - now) > timeout)
|
||||
return done;
|
||||
else
|
||||
continue;
|
||||
|
||||
if (bp[12] != 0x8 || bp[13] != 0)
|
||||
continue; /* not ip */
|
||||
|
||||
/*
|
||||
* get rid of non-tcp or fragmented packets here.
|
||||
*/
|
||||
if (cc >= sizeof(struct tcpiphdr))
|
||||
{
|
||||
if (((bp[14+9] != IPPROTO_TCP) &&
|
||||
(bp[14+9] != IPPROTO_UDP)) ||
|
||||
(bp[14+6] & 0x1f) || (bp[14+6] & 0xff))
|
||||
continue;
|
||||
done += ack_recv(bp + 14);
|
||||
}
|
||||
} while (cc >= 0);
|
||||
perror("read");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
int initdevice(dev, tout)
|
||||
char *dev;
|
||||
int tout;
|
||||
{
|
||||
int fd;
|
||||
|
||||
eth_dev = strdup(dev);
|
||||
if ((fd = socket(AF_INET, SOCK_PACKET, htons(ETHERTYPE_IP))) == -1)
|
||||
{
|
||||
perror("socket(SOCK_PACKET)");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
return fd;
|
||||
}
|
@ -1,228 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <netdb.h>
|
||||
#include <ctype.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <net/nit.h>
|
||||
#include <sys/fcntlcom.h>
|
||||
#include <sys/dir.h>
|
||||
#include <net/nit_if.h>
|
||||
#include <net/nit_pf.h>
|
||||
#include <net/nit_buf.h>
|
||||
#include <net/packetfilt.h>
|
||||
#include <sys/stropts.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/udp_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
|
||||
#ifndef lint
|
||||
static char snitid[] = "@(#)snit.c 1.2 12/3/95 (C)1995 Darren Reed";
|
||||
#endif
|
||||
|
||||
#define BUFSPACE 32768
|
||||
|
||||
/*
|
||||
* Be careful to only include those defined in the flags option for the
|
||||
* interface are included in the header size.
|
||||
*/
|
||||
#define BUFHDR_SIZE (sizeof(struct nit_bufhdr))
|
||||
#define NIT_HDRSIZE (BUFHDR_SIZE)
|
||||
|
||||
static int timeout;
|
||||
|
||||
|
||||
int ack_recv(ep)
|
||||
char *ep;
|
||||
{
|
||||
struct tcpiphdr tip;
|
||||
struct tcphdr *tcp;
|
||||
struct ip *ip;
|
||||
|
||||
ip = (struct ip *)&tip;
|
||||
tcp = (struct tcphdr *)(ip + 1);
|
||||
bcopy(ep + 14, (char *)ip, sizeof(*ip));
|
||||
bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp));
|
||||
if (ip->ip_off & 0x1fff != 0)
|
||||
return 0;
|
||||
if (0 == detect(ip, tcp))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int readloop(fd, dst)
|
||||
int fd;
|
||||
struct in_addr dst;
|
||||
{
|
||||
static u_char buf[BUFSPACE];
|
||||
register u_char *bp, *cp, *bufend;
|
||||
register struct nit_bufhdr *hp;
|
||||
register int cc;
|
||||
time_t now = time(NULL);
|
||||
int done = 0;
|
||||
|
||||
while ((cc = read(fd, buf, BUFSPACE-1)) >= 0) {
|
||||
if (!cc)
|
||||
if ((time(NULL) - now) > timeout)
|
||||
return done;
|
||||
else
|
||||
continue;
|
||||
bp = buf;
|
||||
bufend = buf + cc;
|
||||
/*
|
||||
* loop through each snapshot in the chunk
|
||||
*/
|
||||
while (bp < bufend) {
|
||||
cp = (u_char *)((char *)bp + NIT_HDRSIZE);
|
||||
/*
|
||||
* get past NIT buffer
|
||||
*/
|
||||
hp = (struct nit_bufhdr *)bp;
|
||||
/*
|
||||
* next snapshot
|
||||
*/
|
||||
bp += hp->nhb_totlen;
|
||||
done += ack_recv(cp);
|
||||
}
|
||||
return done;
|
||||
}
|
||||
perror("read");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
int initdevice(device, tout)
|
||||
char *device;
|
||||
int tout;
|
||||
{
|
||||
struct strioctl si;
|
||||
struct timeval to;
|
||||
struct ifreq ifr;
|
||||
struct packetfilt pfil;
|
||||
u_long if_flags;
|
||||
u_short *fwp = pfil.Pf_Filter;
|
||||
int ret, offset, fd, snaplen= 76, chunksize = BUFSPACE;
|
||||
|
||||
if ((fd = open("/dev/nit", O_RDWR)) < 0)
|
||||
{
|
||||
perror("/dev/nit");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create some filter rules for our TCP watcher. We only want ethernet
|
||||
* pacets which are IP protocol and only the TCP packets from IP.
|
||||
*/
|
||||
offset = 6;
|
||||
*fwp++ = ENF_PUSHWORD + offset;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_CAND;
|
||||
*fwp++ = htons(ETHERTYPE_IP);
|
||||
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_AND;
|
||||
*fwp++ = htons(0x00ff);
|
||||
*fwp++ = ENF_PUSHLIT | ENF_COR;
|
||||
*fwp++ = htons(IPPROTO_TCP);
|
||||
*fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4;
|
||||
*fwp++ = ENF_PUSHLIT | ENF_AND;
|
||||
*fwp++ = htons(0x00ff);
|
||||
*fwp++ = ENF_PUSHLIT | ENF_CAND;
|
||||
*fwp++ = htons(IPPROTO_UDP);
|
||||
pfil.Pf_FilterLen = fwp - &pfil.Pf_Filter[0];
|
||||
/*
|
||||
* put filter in place.
|
||||
*/
|
||||
if (ioctl(fd, I_PUSH, "pf") == -1)
|
||||
{
|
||||
perror("ioctl: I_PUSH pf");
|
||||
exit(1);
|
||||
}
|
||||
if (ioctl(fd, NIOCSETF, &pfil) == -1)
|
||||
{
|
||||
perror("ioctl: NIOCSETF");
|
||||
exit(1);
|
||||
}
|
||||
/*
|
||||
* arrange to get messages from the NIT STREAM and use NIT_BUF option
|
||||
*/
|
||||
ioctl(fd, I_SRDOPT, (char*)RMSGD);
|
||||
ioctl(fd, I_PUSH, "nbuf");
|
||||
/*
|
||||
* set the timeout
|
||||
*/
|
||||
timeout = tout;
|
||||
si.ic_timout = 1;
|
||||
to.tv_sec = 1;
|
||||
to.tv_usec = 0;
|
||||
si.ic_cmd = NIOCSTIME;
|
||||
si.ic_len = sizeof(to);
|
||||
si.ic_dp = (char*)&to;
|
||||
if (ioctl(fd, I_STR, (char*)&si) == -1)
|
||||
{
|
||||
perror("ioctl: NIT timeout");
|
||||
exit(-1);
|
||||
}
|
||||
/*
|
||||
* set the chunksize
|
||||
*/
|
||||
si.ic_cmd = NIOCSCHUNK;
|
||||
si.ic_len = sizeof(chunksize);
|
||||
si.ic_dp = (char*)&chunksize;
|
||||
if (ioctl(fd, I_STR, (char*)&si) == -1)
|
||||
perror("ioctl: NIT chunksize");
|
||||
if (ioctl(fd, NIOCGCHUNK, (char*)&chunksize) == -1)
|
||||
{
|
||||
perror("ioctl: NIT chunksize");
|
||||
exit(-1);
|
||||
}
|
||||
printf("NIT buffer size: %d\n", chunksize);
|
||||
|
||||
/*
|
||||
* request the interface
|
||||
*/
|
||||
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
|
||||
ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' ';
|
||||
si.ic_cmd = NIOCBIND;
|
||||
si.ic_len = sizeof(ifr);
|
||||
si.ic_dp = (char*)𝔦
|
||||
if (ioctl(fd, I_STR, (char*)&si) == -1)
|
||||
{
|
||||
perror(ifr.ifr_name);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* set the snapshot length
|
||||
*/
|
||||
si.ic_cmd = NIOCSSNAP;
|
||||
si.ic_len = sizeof(snaplen);
|
||||
si.ic_dp = (char*)&snaplen;
|
||||
if (ioctl(fd, I_STR, (char*)&si) == -1)
|
||||
{
|
||||
perror("ioctl: NIT snaplen");
|
||||
exit(1);
|
||||
}
|
||||
(void) ioctl(fd, I_FLUSH, (char*)FLUSHR);
|
||||
return fd;
|
||||
}
|
Loading…
Reference in New Issue
Block a user