Newsgroups: comp.sources.unix From: argus@SEI.CMU.EDU Subject: v29i034: argus-1.5 - a generic IP network transaction auditing tool, Part04/06 References: <1.813909952.2078@gw.home.vix.com> Sender: unix-sources-moderator@gw.home.vix.com Approved: vixie@gw.home.vix.com Submitted-By: argus@SEI.CMU.EDU Posting-Number: Volume 29, Issue 34 Archive-Name: argus-1.5/part04 #!/bin/sh # This is `part04' (part 4 of a multipart archive). # Do not concatenate these parts, unpack them in order with `/bin/sh'. # File `argus-1.5/common/argus_parse.c' is being continued... # touch -am 1231235999 $$.touch >/dev/null 2>&1 if test ! -f 1231235999 && test -f $$.touch; then shar_touch=touch else shar_touch=: echo echo 'WARNING: not restoring timestamps. Consider getting and' echo "installing GNU \`touch', distributed in GNU File Utilities..." echo fi rm -f 1231235999 $$.touch # if test ! -r _sharseq.tmp; then echo 'Please unpack part 1 first!' exit 1 fi shar_sequence=`cat _sharseq.tmp` if test "$shar_sequence" != 4; then echo "Please unpack part $shar_sequence next!" exit 1 fi if test ! -f _sharnew.tmp; then echo 'x - still skipping argus-1.5/common/argus_parse.c' else echo 'x - continuing file argus-1.5/common/argus_parse.c' sed 's/^X//' << 'SHAR_EOF' >> 'argus-1.5/common/argus_parse.c' && X bcopy ((char *) &sport, &((unsigned short *) &tmp->addr.port)[1], 2); X bcopy ((char *) &dport, &((unsigned short *) &tmp->addr.port)[0], 2); X tmp->status &= ~REVERSE; X } X X bcopy (tmp, buf, sizeof (struct writeStruct)); X sport = ((unsigned short *) &tmp->addr.port)[0]; X dport = ((unsigned short *) &tmp->addr.port)[1]; X X if (tmp->status & IPPROTOMASK) { X tmp->status |= IPPROTO; X if ((dport > sport) && (sport != 0)) { X tmp->status |= REVERSE; X sport = ((unsigned short *) &tmp->addr.port)[1]; X dport = ((unsigned short *) &tmp->addr.port)[0]; X } X X switch (tmp->status & IPPROTOMASK) { X case TCPPROTO: X if (dport == 20) X tmp->status ^= REVERSE; X break; X X case UDPPROTO: X if (((sport == 53) && (dport != 53)) || X ((sport == 2049) && (dport != 2049)) || X ((sport >= 7000) && (sport < 7010)) || X ((sport >= 6000) && (sport < 6010))) X tmp->status ^= REVERSE; X break; X } X } X X if (tmp->status & REVERSE) { X bcopy (&tmp->etherdst, &buf->ethersrc, 6); X bcopy (&tmp->ethersrc, &buf->etherdst, 6); X bcopy (&tmp->addr.dst, &buf->addr.src, 4); X bcopy (&tmp->addr.src, &buf->addr.dst, 4); X sport = ((unsigned short *) &tmp->addr.port)[0]; X dport = ((unsigned short *) &tmp->addr.port)[1]; X bcopy ((char *) &sport, &((unsigned short *) &buf->addr.port)[1], 2); X bcopy ((char *) &dport, &((unsigned short *) &buf->addr.port)[0], 2); X buf->src_count = tmp->dst_count; buf->dst_count = tmp->src_count; X buf->src_bytes = tmp->dst_bytes; buf->dst_bytes = tmp->src_bytes; X buf->status = tmp->status & ~REVERSE; X } X } X} X X X Xread_remote_connection (fd, bpfcode) Xint fd; Xstruct bpf_program *bpfcode; X{ X int retn = 0, cnt = 0; X int read_mode = 0; X char buf[256], *str = buf, c; X X bzero (buf, 256); X if (fd) { X while (read (fd, str, 1)) { X cnt++; X if (*str++ == '\n') break; X } X X if (cnt) { X if (strstr (buf, tag_string)) { X str = &buf[strlen (tag_string)]; X if (sscanf (str, "%d.%d", &major_version, &minor_version)) { X fprintf (stderr, "%s", buf); X read_mode = major_version; X argus_parse_init (fd, read_mode); X init (); X retn = read_remote (fd, read_mode, bpfcode); X } X } else { X fprintf (stderr, "not argus server: disconnecting.\n"); X retn = 1; X } X } else { X fprintf (stderr, "refused.\n"); X retn = 1; X } X X close (fd); X } X return (retn); X} X X Xread_connection (fd, bpfcode) XFILE *fd; Xstruct bpf_program *bpfcode; X{ X int retn = 1; X int read_mode = 0; X char buf[256], *str, c; X X if (fd) { X if (fgets (buf, 256, fd)) { X if (strstr (buf, tag_string)) { X str = &buf[strlen (tag_string)]; X if (sscanf (str, "%d.%d", &major_version, &minor_version)) { X read_mode = major_version; X argus_parse_init (fd, read_mode); X init (); X retn = read_file (fd, read_mode, bpfcode); X } else X fprintf (stderr, "Argus file format error: %s", buf); X X } else X fprintf (stderr, "Not Argus file: %s", buf); X } X fclose (fd); X } X return (retn); X} X X X#define CLIENTTIMEOUT 1 X Xread_remote (fd, read_mode, bpfcode) Xint fd; Xint read_mode; Xstruct bpf_program *bpfcode; X{ X struct writeStruct ptr; X register int cnt, size, retn; X extern void clientTimeout (); X struct timeval wait, now, timeoutValue; X fd_set readmask; X int width = ulimit (4, NULL); X X switch (read_mode) { X default: size = sizeof (struct writeStruct) ; break; X } X X bzero (&ptr, sizeof (struct writeStruct)); X X if (gettimeofday (&now, NULL) == 0) { X timeoutValue = now; X timeoutValue.tv_sec += CLIENTTIMEOUT; X wait.tv_sec = 0; wait.tv_usec = 250000; X X FD_ZERO (&readmask); X FD_SET (fd, &readmask); X X for (;;) { X if ((retn = select (width, &readmask, NULL, NULL, &wait)) >= 0) { X if (FD_ISSET (fd, &readmask)) X if ((cnt = read (fd, &ptr, size)) >= 0) X if (cnt == size) X handle_datum (&ptr, read_mode, bpfcode); X X gettimeofday (&now, NULL); X X if (now.tv_sec > timeoutValue.tv_sec) { X (void) clientTimeout (); X now = timeoutValue; X timeoutValue.tv_sec += CLIENTTIMEOUT; X } X FD_SET (fd, &readmask); X } else X if (errno != EINTR) X break; X } X X if (retn < 0) X perror ("select"); X } X} X X Xread_file (fd, read_mode, bpfcode) XFILE *fd; Xint read_mode; Xstruct bpf_program *bpfcode; X{ X struct writeStruct ptr; X register int cnt, size, retn = 1; X X switch (read_mode) { X default: size = sizeof (struct writeStruct) ; break; X } X X while ((cnt = fread (&ptr, size, 1, fd)) > 0) { X retn = 0; X handle_datum (&ptr, read_mode, bpfcode); X } X X return (retn); X} X X Xstruct tm tm_lasttime; Xstruct tm tm_startime; X Xversion_process (ptr, read_mode) Xstruct writeStruct *ptr; Xint read_mode; X{ X unsigned int status; X struct tm *tm; X X if (tm = localtime (&ptr->startime.tv_sec)) X bcopy ((char *) tm, (char *)&tm_startime, sizeof (struct tm)); X if (tm = localtime (&ptr->lasttime.tv_sec)) X bcopy ((char *) tm, (char *)&tm_lasttime, sizeof (struct tm)); X X if (status = (ptr->status & PROTOMASK)) { X switch (status) { X case IPPROTO: X switch (ptr->status & IPPROTOMASK) { X case TCPPROTO: process_tcp (ptr); break; X case UDPPROTO: process_udp (ptr); break; X case ICMPPROTO: process_icmp (ptr); break; X default: process_ip (ptr); break; X } X break; X } X } X} X X Xin_queue (queue, object) Xstruct QUEUE *queue; Xstruct NET_OBJECT *object; X{ X register int retn = 0; X register struct NET_OBJECT *ptr; X X if (ptr = (struct NET_OBJECT *) queue->start) X for ( ; ptr; ptr = (struct NET_OBJECT *) ptr->queue.nxt) X if (ptr = object) { X retn = 1; break; X } X X return (retn); X} X X X Xadd_to_queue (queue, object) Xstruct QUEUE *queue; Xstruct NET_OBJECT *object; X{ X register int i; X register struct QUEUE_HEADER *head = queue->start; X X object->queue.queue = queue; X queue->count++; X X if (head) { X object->queue.prv = head->prv; X if (object->queue.prv) X (object->queue.prv)->nxt = &object->queue; X X object->queue.nxt = head; X } X X queue->start = &object->queue; X} X X Xremove_from_queue (object) Xstruct NET_OBJECT *object; X{ X register struct QUEUE *queue; X register struct QUEUE_HEADER *prv, *nxt; X X if (object) { X if (queue = object->queue.queue) { X queue->count--; X object->queue.queue = NULL; X X nxt = object->queue.nxt; X X if (prv = object->queue.prv) X prv->nxt = nxt; X X if (nxt) X nxt->prv = prv; X X if (queue->start == &object->queue) X queue->start = nxt; X } X X object->queue.prv = NULL; X object->queue.nxt = NULL; X } X} X X X X X#include X Xget_server_socket (ip) Xstruct IP_ENTRY *ip; X{ X register int retn = 0; X struct sockaddr_in server; X struct servent *sp; X struct hostent *hp; X int s; X X if (!portnum) { X if (sp = getservbyname ("monitor", "tcp")) portnum = sp->s_port; X else portnum = 561; X } X X if (hp = gethostbyaddr ((char *)&ip->addr, sizeof (ip->addr), AF_INET)) { X bzero ((char *) &server, sizeof (server)); X bcopy (hp->h_addr, (char *)&server.sin_addr, hp->h_length); X server.sin_family = hp->h_addrtype; X server.sin_port = portnum; X fprintf (stderr, "%s: Trying %s port %d\n", progname, (hp->h_name) ? X (hp->h_name) : intoa (ip->addr), portnum); X if ((s = socket (AF_INET, SOCK_STREAM, 0)) >= 0) X if ((connect (s, (struct sockaddr *)&server, sizeof(server))) >= 0) X if (retn = s) X fprintf (stderr, "%s: connected ", progname); X } X X return (retn); X} X X Xnew_file_arg (ptr) Xchar *ptr; X{ X register int retn = 0; X register struct FILE_ENTRY *file, *list, *tmp; X X if (ptr) { X if (file = (struct FILE_ENTRY *) calloc (1, sizeof(struct FILE_ENTRY))) { X if (list = input_file_list) { X while (list->nxt) list = list->nxt; X list->nxt = file; X } else X input_file_list = file; X X file->str = strdup (ptr); X retn = 1; X } X } X return (retn); X} X X Xremote_host_arg (ptr) Xchar *ptr; X{ X register int retn = 0; X register struct IP_ENTRY *addr; X u_long alist, **name; X X if ((alist = (u_long) inet_addr (ptr)) == (u_long) -1) { X if (name = (u_long **) pcap_nametoaddr (ptr)) { X while (*name) { X if (addr = (struct IP_ENTRY *) calloc (1, X sizeof (struct IP_ENTRY))) { X addr->nxt = remote_host_list; X remote_host_list = addr; X addr->addr = **name; X *name++; X retn = 1; X } X } X } X } else X if (addr = (struct IP_ENTRY *) calloc (1, sizeof (struct IP_ENTRY))) { X addr->nxt = remote_host_list; X remote_host_list = addr; X addr->addr = alist; X retn = 1; X } X X return (retn); X} X X Xstatic int firstWrite = 1; X XwriteNewLogfile (ptr) Xstruct writeStruct *ptr; X{ X int i, retn; X struct stat buf; X FILE *fd; X X if (wfile) { X if (strcmp (wfile, "-")) { X if (stat (wfile, &buf) < 0) X if (errno == ENOENT) X if (fd = fopen (wfile, "a")) { X fprintf (fd, "Argus Version %d.%d\n", X VERSION_MAJOR, VERSION_MINOR); X fclose (fd); X } else X perror ("fopen"); X X if (fd = fopen (wfile, "a")) { X fwrite (ptr, sizeof (struct writeStruct), 1, fd); X fclose (fd); X } X } else { X if (firstWrite) { X fprintf (stdout, "Argus Version %d.%d\n", X VERSION_MAJOR, VERSION_MINOR); X fflush (stdout); X firstWrite = 0; X } X fwrite (ptr, sizeof (struct writeStruct), 1, stdout); X fflush (stdout); X } X } X} X SHAR_EOF echo 'File argus-1.5/common/argus_parse.c is complete' && $shar_touch -am 0508141395 'argus-1.5/common/argus_parse.c' && chmod 0444 'argus-1.5/common/argus_parse.c' || echo 'restore of argus-1.5/common/argus_parse.c failed' shar_count="`wc -c < 'argus-1.5/common/argus_parse.c'`" test 28559 -eq "$shar_count" || echo "argus-1.5/common/argus_parse.c: original size 28559, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/common/Makefile.in ============== if test -f 'argus-1.5/common/Makefile.in' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/common/Makefile.in (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/common/Makefile.in (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/common/Makefile.in' && X X# Copyright (c) 1993, 1994 Carnegie Mellon University. X# All rights reserved. X# X# Use in source and binary forms, with or without modification, are X# permitted provided that source code modifications retain all X# pertinent copyright notices and this paragraph in its entirety. X# This distribution includes software developed at Carnegie Mellon X# University. X# X# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED X# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF X# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. X X# Copyright (c) 1993, 1994 X# The Regents of the University of California. All rights reserved. X# X# Redistribution and use in source and binary forms, with or without X# modification, are permitted provided that: (1) source code distributions X# retain the above copyright notice and this paragraph in its entirety, (2) X# distributions including binary code include the above copyright notice and X# this paragraph in its entirety in the documentation or other materials X# provided with the distribution, and (3) all advertising materials mentioning X# features or use of this software display the following acknowledgement: X# ``This product includes software developed by the University of California, X# Lawrence Berkeley Laboratory and its contributors.'' Neither the name of X# the University nor the names of its contributors may be used to endorse X# or promote products derived from this software without specific prior X# written permission. X# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED X# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF X# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. X# X# @(#) $Header: /usr/users/poepping/src/argus/argus-1.5/common/RCS/Makefile.in,v 1.1 1995/02/08 21:03:27 poepping Exp $ (LBL) X# X# X# You shouldn't need to edit anything below. X# X XDEFINE_STDC = -D__STDC__ X X#have-solaris#OS_DEFINES = -DSOLARIS X#have-irix#OS_DEFINES = -Dvolatile= $(DEFINE_STDC) X X#have-gcc#DEFINE_STDC = X X#have-pf#PCAP_DEFINES = -DPCAP_PF X X#have-bpf#PCAP = bpf X#have-pf#PCAP = pf X#have-nit#PCAP = nit X#have-snit#PCAP = snit X#have-snoop#PCAP = snoop X#have-dlpi#PCAP = dlpi X XCC = cc X#have-gcc#CC = gcc X#have-acc#CC = acc X XCCOPT = -g X# X# Flex and bison allow you to specify the prefixes of the global symbols X# used by the generated parser. This allows programs to use lex/yacc X# and link against libpcap. If you don't have flex or bison, get them. X# XLEX = lex XYACC = yacc X#have-flex#LEX = flex -Ppcap_ X#have-bison#YACC = bison -y -p pcap_ X XMAKE = make XSHELL = /bin/sh X XRANLIB = echo X#have-ranlib#RANLIB = ranlib X X XROOT_DIR=.. XINCLUDE=$(ROOT_DIR)/include XLIBPCAP=$(ROOT_DIR)/libpcap XTCPWRAP=$(ROOT_DIR)/wrapper XOTHDIRS=$(ROOT_DIR)/common XPROGDIRS=$(ROOT_DIR)/server $(ROOT_DIR)/clients XALLDIRS=$(LIBPCAP) $(OTHDIRS) $(PROGDIRS) X# XINSTALL_LIB=$(ROOT_DIR)/lib XINSTALL_BIN=$(ROOT_DIR)/bin X# X# XINCLUDES = -I. -I$(INCLUDE) -I$(LIBPCAP) XDEFINES = $(PCAP_DEFINES) $(OS_DEFINES) X X# Standard CFLAGS XCFLAGS = $(CCOPT) $(DEFINES) $(INCLUDES) X X# Explicitly define compiliation rule since SunOS 4's make doesn't like gcc. X# Also, gcc does not remove the .o before forking 'as', which can be a X# problem if you don't own the file but can write to the directory. X.c.o: X rm -f $@; $(CC) $(CFLAGS) -c $*.c X X XSRC_MONITOR_PARSE = argus_parse.c util.c gencode.c argus_filter.c \ X addrtoname.c bpf_dump.c X XOBJ_MONITOR_PARSE = argus_parse.o util.o argus_filter.o gencode.o \ X addrtoname.o bpf_dump.o X XLIBS = $(INSTALL_LIB)/argus_parse.a X Xall: $(LIBS) X X$(INSTALL_LIB)/argus_parse.a: $(OBJ_MONITOR_PARSE) X rm -f $@; ar qc $@ $(OBJ_MONITOR_PARSE) X -$(RANLIB) $@ X Xclean: X rm -f *.o *.a X Xforce: /tmp Xinstall: $(LIBS) X Xdepend: force X ../bin/mkdep $(INCLUDES) $(SRC_MONITOR_PARSE) SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/common/Makefile.in' && chmod 0444 'argus-1.5/common/Makefile.in' || echo 'restore of argus-1.5/common/Makefile.in failed' shar_count="`wc -c < 'argus-1.5/common/Makefile.in'`" test 3841 -eq "$shar_count" || echo "argus-1.5/common/Makefile.in: original size 3841, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/common/README ============== if test -f 'argus-1.5/common/README' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/common/README (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/common/README (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/common/README' && X X/* X * Copyright (c) 1993, 1994, 1995 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X XArgus common directory. XThis directory contains source code that is needed by both Xthe Argus server and the various clients. X XManifest: X-r--r--r-- 1 argus software 3841 Feb 8 16:03 Makefile.in X-rw-r--r-- 1 argus software 1682 Apr 25 13:43 README X-r--r--r-- 1 argus software 15570 Apr 24 15:35 addrtoname.c X-r--r--r-- 1 argus software 13053 Feb 8 16:04 argus_filter.c X-r--r--r-- 1 argus software 28559 Apr 24 16:11 argus_parse.c X-r--r--r-- 1 argus software 2131 Feb 8 16:04 bpf_dump.c X-r--r--r-- 1 argus software 28245 Feb 8 16:04 gencode.c X-r--r--r-- 1 argus software 6309 Feb 8 16:05 util.c SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/common/README' && chmod 0444 'argus-1.5/common/README' || echo 'restore of argus-1.5/common/README failed' shar_count="`wc -c < 'argus-1.5/common/README'`" test 1682 -eq "$shar_count" || echo "argus-1.5/common/README: original size 1682, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/argus.c ============== if test ! -d 'argus-1.5/server'; then echo 'x - creating directory argus-1.5/server' mkdir 'argus-1.5/server' fi if test -f 'argus-1.5/server/argus.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/argus.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/argus.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/argus.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * argus - audit tcp, udp and icmp connection traffic on an network. X * relies on libpcap for packet filter function. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X#define ARGUS X X#include X#include X X#include X#include X#include X X#ifndef SOLARIS X#include X#endif X#include X#include X#include X X#include X X#include X#include X X#include X#include X#include X X#include X X Xstatic int bpflag = 0; /* print filter code */ Xstatic int Oflag = 1; /* run filter code optimizer */ Xstatic int pflag = 0; /* don't go promiscuous */ X Xstatic pcap_t *init (); Xstatic u_long localnet, netmask; X Xchar *rfile = NULL; Xchar *servicesfile = NULL; X X#ifndef MAXPATHNAMELEN X#define MAXPATHNAMELEN BUFSIZ X#endif X Xint debug_interval = 0; X Xvoid Xmain (argc, argv) Xint argc; Xchar *argv[]; X{ X int i, len, op, type, portnum = ARGUS_PORT, divisor; X static char *device = NULL, *infile = NULL, *ptr; X static char path[MAXPATHNAMELEN]; X pcap_handler callback; X extern char *optarg; X extern int optind, opterr; X double update_interval = 0.0; X X if (strchr (argv[0], '/')) { X strcpy(path, argv[0]); X argv[0] = strrchr(argv[0], '/') + 1; X } X program_name = argv[0]; X X opterr = 0; X while ((op = getopt (argc, argv, "bhpOd:r:w:D:F:i:l:P:U:S:T:I:")) != EOF) { X switch (op) { X case 'b': bpflag++; break; X case 'p': pflag++; break; X case 'O': Oflag = 0; break; X case 'd': dflag = atoi (optarg); break; X case 'P': portnum = atoi (optarg); break; X case 'U': udptimeout = atoi (optarg); break; X case 'T': tcptimeout = atoi (optarg); break; X case 'I': iptimeout = atoi (optarg); break; X case 'i': device = optarg; break; X case 'F': infile = optarg; break; X case 'r': rfile = optarg; break; X case 'S': servicesfile = optarg; break; X case 'D': debugflag++; debug_interval = atoi (optarg); X break; X case 'w': ++wflag; X if ((wfile = optarg) == NULL) X if (!strcmp (argv[optind], "-")) { X wfile = "-"; X } X break; X X case 'h': X default: X usage (program_name); X } X } X X if (rfile != NULL) portnum = 0; X if (portnum) lfd = establish_listen (portnum); X if (pd = init (device, infile, rfile, argv, optind)) X if (!(callback = lookup_pcap_callback (type = pcap_datalink (pd)))) X aerror ("unknown data link type 0x%x", type); X X argus_loop(pd, callback); X cleanup (); X X exit (0); X} X X Xstatic pcap_t * Xinit (device, infile, rfile, argv, optind) Xchar *device, *infile, *rfile, **argv; Xint optind; X{ X FILE *logfile = NULL; X pcap_t *pd = NULL; X char *cmdbuf = NULL; X char buf[PCAP_ERRBUF_SIZE]; X struct bpf_program bpfcode; X X if (rfile != NULL) { X setuid(getuid()); X if ((pd = pcap_open_offline(rfile, buf)) == NULL) X aerror (buf, 0L); X localnet = 0; netmask = 0; X X } else { X if (!(device)) X if (!(device = pcap_lookupdev (buf))) X aerror (buf, 0L); X X if (pd = pcap_open_live(device, snaplen, !pflag, 1000, buf)) { X if ((pcap_lookupnet (device, &localnet, &netmask, buf)) < 0) X aerror (buf, 0L); X } else X aerror (buf, 0L); X X setuid (getuid ()); X } X X if (wflag) X if (strcmp (wfile, "-")) X if (!(logfile = fopen (wfile, "r"))) X if (errno == ENOENT) { X if (logfile = fopen (wfile, "a")) { X fprintf (logfile, "Argus Version %d.%d\n", VERSION_MAJOR, X VERSION_MINOR); X fclose (logfile); X } else perror ("fopen"); X } else perror ("fopen"); X X if (infile) X cmdbuf = read_infile (infile); X else X cmdbuf = copy_argv (&argv[optind]); X X if (servicesfile) read_udp_services (servicesfile); X X bzero ((char *) &bpfcode, sizeof (bpfcode)); X X if (pcap_compile (pd, &bpfcode, cmdbuf, Oflag, netmask) < 0) X aerror (pcap_geterr (pd), 0L); X X if (bpflag) { X bpf_dump (&bpfcode, bpflag); X exit(0); X } X X if (pcap_setfilter (pd, &bpfcode) < 0) X aerror (pcap_geterr(pd), 0L); X X (void) signal (SIGPIPE, SIG_IGN); X (void) signal (SIGHUP, (void (*)()) cleanup); X (void) signal (SIGINT, (void (*)()) cleanup); X (void) signal (SIGTERM, (void (*)()) cleanup); X (void) signal (SIGUSR1, (void (*)()) usr1sig); X (void) signal (SIGUSR2, (void (*)()) usr2sig); X X FD_ZERO ((char *) &readmask); X FD_ZERO ((char *) &writemask); X FD_ZERO ((char *) &exceptmask); X X cons_init (); X return (pd); X} X SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/argus.c' && chmod 0444 'argus-1.5/server/argus.c' || echo 'restore of argus-1.5/server/argus.c failed' shar_count="`wc -c < 'argus-1.5/server/argus.c'`" test 5891 -eq "$shar_count" || echo "argus-1.5/server/argus.c: original size 5891, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/argus_cons.c ============== if test -f 'argus-1.5/server/argus_cons.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/argus_cons.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/argus_cons.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/argus_cons.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X /* X * cons.c - supports connection tracking X * X * Used to parse received tcp, udp and icmp packets to X * track current connections. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X */ X X X X#include X#include X X#include X#include X#include X X#include X#include X#include X#include X#include X#include X X#include X X X Xvoid Xcons_init () X{ X cons_socket_init (); X cons_ether_init (); X cons_ip_init (); X cons_udp_init (); X cons_tcp_init (); X} X X Xupdatetime (tvp) Xstruct timeval *tvp; X{ X int retn = 0; X double timenow; X extern double update_interval, update_time; X X timenow = (double) tvp->tv_sec + (double) tvp->tv_usec/1000000.0; X X if (update_time == 0.0) update_time = timenow + update_interval; X else if (timenow > update_time) { X retn = 1; update_time = timenow + update_interval; X } X X return (retn); X} X Xvoid Xcheck_timeouts (queue, tvp, timeout) Xstruct QUEUE *queue; Xstruct timeval *tvp; Xint timeout; X{ X struct QUEUE_HEADER *ptr, *prv; X proc timeoutRoutine = NULL, logRoutine = NULL; X X if (queue->start) { X if (timeoutRoutine = queue->timerRoutine) { X ptr = queue->start->prv; X do { X if (tvp->tv_sec > (ptr->last_time.tv_sec + timeout)) { X prv = ptr->prv; X timeoutRoutine (ptr, tvp); X ptr = prv; X } else X break; X } while (queue->start && (ptr != queue->start)); X } X X if (dflag && queue != &tcp_timeout_list) { X if (logRoutine = queue->logRoutine) { X if (queue->start) { X ptr = queue->start; X do { X if (tvp->tv_sec > (ptr->logtime.tv_sec + dflag)) X logRoutine (ptr, tvp, DETAIL); X ptr = ptr->nxt; X } while (queue->start && (ptr != queue->start)); X } X } X } X } X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/argus_cons.c' && chmod 0444 'argus-1.5/server/argus_cons.c' || echo 'restore of argus-1.5/server/argus_cons.c failed' shar_count="`wc -c < 'argus-1.5/server/argus_cons.c'`" test 3055 -eq "$shar_count" || echo "argus-1.5/server/argus_cons.c: original size 3055, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/bpf_dump.c ============== if test -f 'argus-1.5/server/bpf_dump.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/bpf_dump.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/bpf_dump.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/bpf_dump.c' && X/* X * Copyright (c) 1992, 1993, 1994 X * The Regents of the University of California. All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that: (1) source code distributions X * retain the above copyright notice and this paragraph in its entirety, (2) X * distributions including binary code include the above copyright notice and X * this paragraph in its entirety in the documentation or other materials X * provided with the distribution, and (3) all advertising materials mentioning X * features or use of this software display the following acknowledgement: X * ``This product includes software developed by the University of California, X * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of X * the University nor the names of its contributors may be used to endorse X * or promote products derived from this software without specific prior X * written permission. X * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED X * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF X * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. X */ X#ifndef lint Xstatic char rcsid[] = X "@(#) $Header: /usr/users/poepping/src/argus/argus-1.5/server/RCS/bpf_dump.c,v 1.1 1995/02/08 21:10:53 poepping Exp $ (LBL)"; X#endif X X#include X#include X X#include X#include X X#include "interface.h" X Xextern void bpf_dump(struct bpf_program *, int); X Xvoid Xbpf_dump(struct bpf_program *p, int option) X{ X struct bpf_insn *insn; X int i; X int n = p->bf_len; X X insn = p->bf_insns; X if (option > 2) { X printf("%d\n", n); X for (i = 0; i < n; ++insn, ++i) { X printf("%lu %lu %lu %lu\n", (long) insn->code, X (long) insn->jt, (long) insn->jf, insn->k); X } X return ; X } X if (option > 1) { X for (i = 0; i < n; ++insn, ++i) X printf("{ 0x%x, %d, %d, 0x%08x },\n", X insn->code, insn->jt, insn->jf, X (int) insn->k); X return; X } X for (i = 0; i < n; ++insn, ++i) { X#ifdef BDEBUG X extern int bids[]; X printf(bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1); X#endif X puts(bpf_image(insn, i)); X } X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/bpf_dump.c' && chmod 0444 'argus-1.5/server/bpf_dump.c' || echo 'restore of argus-1.5/server/bpf_dump.c failed' shar_count="`wc -c < 'argus-1.5/server/bpf_dump.c'`" test 2189 -eq "$shar_count" || echo "argus-1.5/server/bpf_dump.c: original size 2189, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_ether.c ============== if test -f 'argus-1.5/server/cons_ether.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_ether.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_ether.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_ether.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * cons_ether.c - handle datagrams at link layer - ethernet specific. X * just branch to IP datagram handler if appropriate. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X#include X#include X X#include X#include X X#include X#include X X#include X#include X X X#define TRUE 1 X#define FALSE 0 X X Xvoid Xcons_ether_init () X{ X} X Xstruct timeval globaltvp; Xint totalPktsRcv = 0; X Xvoid Xcons_ether_packet (user, h, p) Xu_char *user; Xstruct pcap_pkthdr *h; Xu_char *p; X{ X struct ether_header *ep = (struct ether_header *) p; X struct timeval *tvp; X u_short ether_type; X int caplen = h->caplen; X int length = h->len; X X if (p && caplen) { X totalPktsRcv++; X bcopy ((char *) &h->ts, (char *)&globaltvp, sizeof (struct timeval)); X tvp = &h->ts; X p += sizeof (struct ether_header); X X if ((ether_type = ntohs (ep->ether_type)) == ETHERTYPE_IP) { X switch (ether_type) { X case ETHERTYPE_IP: X length -= sizeof (struct ether_header); X argus_ip_handler (ep, (struct ip *) p, length, tvp); X break; X X default: X break; X } X } X } X} X SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_ether.c' && chmod 0444 'argus-1.5/server/cons_ether.c' || echo 'restore of argus-1.5/server/cons_ether.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_ether.c'`" test 2321 -eq "$shar_count" || echo "argus-1.5/server/cons_ether.c: original size 2321, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_fddi.c ============== if test -f 'argus-1.5/server/cons_fddi.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_fddi.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_fddi.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_fddi.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * Copyright (c) 1991, 1992, 1993, 1994 X * The Regents of the University of California. All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that: (1) source code distributions X * retain the above copyright notice and this paragraph in its entirety, (2) X * distributions including binary code include the above copyright notice and X * this paragraph in its entirety in the documentation or other materials X * provided with the distribution, and (3) all advertising materials mentioning X * features or use of this software display the following acknowledgement: X * ``This product includes software developed by the University of California, X * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of X * the University nor the names of its contributors may be used to endorse X * or promote products derived from this software without specific prior X * written permission. X * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED X * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF X * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. X */ X X X/* X * cons_fddi.c - handle datagrams at link layer - fddi specific. X * derived directly from the fddi routines in X * libpcap-0.0, with specific modifications to X * support argus. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X#include X#include X X#include X X#include X#include X X#include X#include X#include X#include X#include X X X#if defined(ultrix) || defined(__alpha) Xstatic int fddi_bitswap = 0; X#else Xstatic int fddi_bitswap = 1; X#endif X Xint fddipad = FDDIPAD; X X#define FDDI_HDRLEN (sizeof(struct fddi_header)) X Xstatic u_char fddi_bit_swap[] = { X 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, X 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, X 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, X 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, X 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, X 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, X 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, X 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, X 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, X 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, X 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, X 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, X 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, X 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, X 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, X 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, X 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, X 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, X 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, X 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, X 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, X 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, X 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, X 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, X 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, X 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, X 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, X 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, X 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, X 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, X 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, X 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff, X}; X Xstatic inline void Xextract_fddi_addrs(fp, fsrc, fdst) Xconst struct fddi_header *fp; Xchar *fsrc, *fdst; X{ X int i; X X if (fddi_bitswap) { X for (i = 0; i < 6; ++i) X fdst[i] = fddi_bit_swap[fp->fddi_dhost[i]]; X for (i = 0; i < 6; ++i) X fsrc[i] = fddi_bit_swap[fp->fddi_shost[i]]; X } X else { X bcopy ((char *) fp->fddi_dhost, fdst, 6); X bcopy ((char *) fp->fddi_shost, fsrc, 6); X } X} X X Xvoid Xcons_fddi_packet (user, h, p) Xu_char *user; Xstruct pcap_pkthdr *h; Xu_char *p; X{ X const struct fddi_header *fp = (struct fddi_header *)p; X struct timeval *tvp; X extern struct timeval globaltvp; X extern int totalPktsRcv; X u_short ether_type; X int caplen = h->caplen; X int length = h->len; X struct ether_header ehdr; X struct llc llc; X X if (p && caplen) { X totalPktsRcv++; X bcopy ((char *) &h->ts, (char *)&globaltvp, sizeof (struct timeval)); X tvp = &h->ts; X extract_fddi_addrs (fp, (char*)ESRC(&ehdr), (char*)EDST(&ehdr)); X p += sizeof (struct fddi_header); X X if ((fp->fddi_fc & FDDIFC_CLFF) == FDDIFC_LLC_ASYNC) { X length -= sizeof (struct fddi_header); X bcopy((char *)p, (char *)&llc, min(caplen, sizeof(llc))); X X if (llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP X && llc.llcui == LLC_UI) { X length -= sizeof(llc); X p += sizeof(llc); X X ether_type = EXTRACT_SHORT(&llc.ethertype[0]); X switch (ether_type) { X case ETHERTYPE_IP: X argus_ip_handler (&ehdr, (struct ip *) p, length, tvp); X break; X default: X break; X } X } X } X } X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_fddi.c' && chmod 0444 'argus-1.5/server/cons_fddi.c' || echo 'restore of argus-1.5/server/cons_fddi.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_fddi.c'`" test 6285 -eq "$shar_count" || echo "argus-1.5/server/cons_fddi.c: original size 6285, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_icmp.c ============== if test -f 'argus-1.5/server/cons_icmp.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_icmp.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_icmp.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_icmp.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * cons_icmp.c - supports ICMP tracking X * X * Used to parse received icmp packets. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X */ X X X X#include X#include X X#include X#include X#include X X#include X#include X#include X Xextern int clienttags; Xextern int clients[]; Xextern int ip_options; Xextern int ip_eol; Xextern int ip_nop; Xextern int ip_ts; Xextern int ip_rr; Xextern int ip_sec; Xextern int ip_lsrr; Xextern int ip_ssrr; Xextern int ip_satid; X Xstatic void log_icmp_relation (); X Xvoid cons_icmp (ep, dp, length, ip, tvp) Xstruct ether_header *ep; Xstruct icmp *dp; Xint length; Xstruct ip *ip; Xstruct timeval *tvp; X{ X struct icmpStruct icmp; X struct ip *oip; X struct udphdr *ouh; X int hlen; X X bzero ((char *) &icmp, sizeof (icmp)); X if (dp && length) { X icmp.type = dp->icmp_type; icmp.code = dp->icmp_code; X switch (icmp.type) { X case ICMP_UNREACH: X bcopy ((char *) &dp->icmp_ip.ip_src, (char *) &icmp.srcaddr, sizeof (u_long)); X bcopy ((char *) &dp->icmp_ip.ip_dst, (char *) &icmp.dstaddr, sizeof (u_long)); X switch (icmp.code) { X case ICMP_UNREACH_PROTOCOL: X icmp.data = (unsigned short) dp->icmp_ip.ip_p; X break; X X case ICMP_UNREACH_PORT: X oip = &dp->icmp_ip; X hlen = oip->ip_hl << 2; X ouh = (struct udphdr *) (((u_char *) oip) + hlen); X NTOHS (ouh->uh_dport); X icmp.data = (unsigned short) ouh->uh_dport; X bcopy ((char *) &oip->ip_p, (char *) &icmp.gwaddr, sizeof (oip->ip_p)); X break; X } break; X X case ICMP_MASKREPLY: X bcopy ((char *) &dp->icmp_mask, (char *) &icmp.srcaddr, sizeof (dp->icmp_mask)); X break; X X case ICMP_REDIRECT: X bcopy ((char *) &dp->icmp_ip.ip_src, (char *) &icmp.srcaddr, sizeof (icmp.srcaddr)); X bcopy ((char *) &dp->icmp_ip.ip_dst, (char *) &icmp.dstaddr, sizeof (icmp.dstaddr)); X bcopy ((char *) &dp->icmp_gwaddr, (char *) &icmp.gwaddr, sizeof (icmp.gwaddr)); X break; X X case ICMP_ECHO: X case ICMP_ECHOREPLY: X case ICMP_IREQ: X case ICMP_IREQREPLY: X case ICMP_MASKREQ: X case ICMP_PARAMPROB: X case ICMP_SOURCEQUENCH: X case ICMP_TIMXCEED: X case ICMP_TSTAMP: X case ICMP_TSTAMPREPLY: X break; X } X X log_icmp_relation (ep, &icmp, ip, tvp); X } X} X X X#include X#include X Xextern char *sys_errlist[]; Xextern int sys_nerr; Xextern int errno; X X Xstatic void Xlog_icmp_relation (ep, icmp, ip, tvp) Xstruct ether_header *ep; Xstruct icmpStruct *icmp; Xstruct ip *ip; Xstruct timeval *tvp; X{ X int status = ICMPPROTO; X struct writeStruct output; X struct tha tha; X X if (ip) status |= IPPROTO; X X if (ip_options) { X if (ip_ts) status |= TIMESTAMP; X if (ip_sec) status |= SECURITY; X if (ip_lsrr) status |= LSRCROUTE; X if (ip_ssrr) status |= SSRCROUTE; X if (ip_rr) status |= RECORDROUTE; X if (ip_satid) status |= SATNETID; X } X X if (clienttags || wflag) { X bcopy ((char *)&ep->ether_shost, (char *)&output.ethersrc, 6); X bcopy ((char *)&ep->ether_dhost, (char *)&output.etherdst, 6); X tha.src = ip->ip_src; X tha.dst = ip->ip_dst; X tha.port = 0; X output.startime = *tvp; X output.lasttime = *tvp; X output.status = status; X output.addr = tha; X X bcopy ((char *) icmp, (char *) &output.src_count, sizeof (*icmp)); X X writeOutData (&output); X } X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_icmp.c' && chmod 0444 'argus-1.5/server/cons_icmp.c' || echo 'restore of argus-1.5/server/cons_icmp.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_icmp.c'`" test 4800 -eq "$shar_count" || echo "argus-1.5/server/cons_icmp.c: original size 4800, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_ip.c ============== if test -f 'argus-1.5/server/cons_ip.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_ip.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_ip.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_ip.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * cons_ip.c - routines related to ip event reporting. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X X#include X#include X X X#include X#include X#include X X#include X#include X X#define TRUE 1 X#define FALSE 0 X Xstatic int ip_eol = 0; Xstatic int ip_nop = 0; X Xint ip_options = 0; Xint ip_ts = 0; Xint ip_rr = 0; Xint ip_sec = 0; Xint ip_lsrr = 0; Xint ip_ssrr = 0; Xint ip_satid = 0; X Xstatic void new_ip_hash_entry (); Xstatic void delete_ip (); Xstatic void remove_ip_hash_entry (); Xstatic void cons_ip (); Xstatic int parse_options (); X Xvoid Xcons_ip_init () X{ X struct HASH_TABLE_HEADER **ptr; X X bzero ((char *) &ip_display_list, sizeof (ip_display_list)); X bzero ((char *) &ip_hash_table, sizeof (ip_hash_table)); X X if (ptr = (struct HASH_TABLE_HEADER **) calloc (IPSEQ_HASHSIZE, X sizeof (struct HASH_TABLE_HEADER *))) { X ip_hash_table.hash_array = ptr; X ip_hash_table.size = IPSEQ_HASHSIZE; X } else X perror ("cons_ip_init: calloc"); X X ip_display_list.timerRoutine = check_ip_timeouts; X ip_display_list.logRoutine = log_ip_connection; X iptimeout = iptimeout ? iptimeout : IPTIMEOUT; X} X X Xvoid argus_ip_handler (ep, ip, length, tvp) Xstruct ether_header *ep; Xstruct ip *ip; Xint length; Xstruct timeval *tvp; X{ X int hlen, len, optionlen; X unsigned char *cp; X u_char buf[1024]; X u_char *abuf = buf; X extern int snaplen; X X if (length >= sizeof (struct ip)) { X X#ifdef ALIGN X if ((int) ip & (sizeof (long) - 1)) { X bcopy ((char *) ip, (char *) abuf, min (length, snaplen)); X ip = (struct ip *) abuf; X } X#endif X X hlen = ip->ip_hl << 2; X NTOHS(ip->ip_len); NTOHS(ip->ip_off); X len = ip->ip_len - hlen; X X optionlen = (hlen - sizeof (struct ip)); X if (optionlen) { X ip_options = 1; X if (parse_options ((unsigned char *) (ip + 1), optionlen)) X return; X } else { X ip_options = ip_eol = ip_nop = ip_ts = 0; X ip_rr = ip_sec = ip_lsrr = ip_ssrr = ip_satid = 0; X } X X if ((ip->ip_off & 0x1fff) == 0) { X cp = (unsigned char *)ip + hlen; X switch (ip->ip_p) { X case IPPROTO_UDP: X cons_udp (ep, (struct udphdr *) cp, len, ip, tvp); X break; X X case IPPROTO_ICMP: X cons_icmp (ep, (struct icmp *) cp, len, ip, tvp); X break; X X case IPPROTO_TCP: X cons_tcp (ep, (struct tcphdr *) cp, len, ip, tvp); X break; X X default: X cons_ip (ep, ip, len, tvp); X break; X } X } X } X} X Xstatic int Xparse_options (ptr, len) Xunsigned char *ptr; Xint len; X{ X int retn = 0, offset = 0; X X for (; len > 0; ptr += offset, len -= offset) { X switch (*ptr) { X case IPOPT_EOL: ip_eol++; break; X case IPOPT_NOP: ip_nop++; break; X case IPOPT_TS: ip_ts++; break; X case IPOPT_RR: ip_rr++; break; X case IPOPT_SECURITY: ip_sec++; break; X case IPOPT_LSRR: ip_lsrr++; break; X case IPOPT_SSRR: ip_ssrr++; break; X case IPOPT_SATID: ip_satid++; break; X default: retn++; break; X } X if (!retn) { X if ((*ptr == IPOPT_EOL) || (*ptr == IPOPT_NOP)) X offset = 1; X else { X offset = ptr[1]; X if (!(offset && (offset <= len))) { X retn++; break; X } X } X } X } X X return (retn); X} X X Xstatic void Xcons_ip (ep, ip, length, tvp) Xstruct ether_header *ep; Xstruct ip *ip; Xint length; Xstruct timeval *tvp; X{ X struct IP_OBJECT *ih; X int rev, status; X struct tha tha; X X if (length && ip) { X create_ip_tha (&tha, ip, &rev); X X if (ih = (struct IP_OBJECT *) find_hash_entry (&ip_hash_table, &tha)) X update_ip_record (ih, ep, length, tvp, &rev); X else X new_ip_hash_entry (ip, ep, rev, tvp, &tha, length); X } X} X Xcreate_ip_tha (tha, ip, rev) Xstruct tha *tha; Xstruct ip *ip; Xint *rev; X{ X bzero (tha, sizeof (*tha)); X if (ip->ip_src.s_addr < ip->ip_dst.s_addr) { X tha->src = ip->ip_dst, tha->dst = ip->ip_src; X *rev = 1; X } else { X tha->src = ip->ip_src, tha->dst = ip->ip_dst; X *rev = 0; X } X tha->port = ip->ip_p; X} X X Xupdate_ip_record (ih, ep, length, tvp, rev) Xstruct IP_OBJECT *ih; Xstruct ether_header *ep; Xint length; Xstruct timeval *tvp; Xint rev; X{ X struct ipcb *ipCb; X X ipCb = &ih->ip_cb; X ipCb->lasttime = *tvp; ih->qhdr.last_time = *tvp; X if (ipCb->rev == rev) { X ipCb->src.count++; X ipCb->src.bytes += length; X } else { X ipCb->dst.count++; X ipCb->dst.bytes += length; X } X X if (ipCb->status & MODIFIED) { X if (!(ipCb->status & MULTIADDR)) { X if (rev) { X if (bcmp ((char *)&ep->ether_dhost, X (char *)&ih->link.phys.ethersrc, 6) || X bcmp ((char *)&ep->ether_shost, X (char *)&ih->link.phys.etherdst, 6)) X ipCb->status |= MULTIADDR; X } else X if (bcmp ((char *)&ep->ether_shost, X (char *)&ih->link.phys.ethersrc, 6) || X bcmp ((char *)&ep->ether_dhost, X (char *)&ih->link.phys.etherdst, 6)) X ipCb->status |= MULTIADDR; X } X } else { X if (rev) { X bcopy ((char *)&ep->ether_dhost, (char *)&ih->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_shost, (char *)&ih->link.phys.etherdst, 6); X } else { X bcopy ((char *)&ep->ether_shost, (char *)&ih->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_dhost, (char *)&ih->link.phys.etherdst, 6); X } X } X X if ((ipCb->src.count + ipCb->dst.count) == 2) X ipCb->status |= CON_ESTABLISHED; X update_queue_status ((struct QUEUE_HEADER *) &ih->qhdr); X ipCb->status |= MODIFIED; X X if (ip_options) { X if (ip_rr) ipCb->status |= RECORDROUTE; X if (ip_ts) ipCb->status |= TIMESTAMP; X if (ip_sec) ipCb->status |= SECURITY; X if (ip_lsrr) ipCb->status |= LSRCROUTE; X if (ip_ssrr) ipCb->status |= SSRCROUTE; X if (ip_satid) ipCb->status |= SATNETID; X } X X if (((tvp->tv_sec - ih->ip_cb.startime.tv_sec) > iptimeout) || X (((ipCb->src.count == 1) && (ipCb->dst.count == 1)) && X !(ipCb->status & LOGGED))) X X log_ip_connection (ih, tvp, CON_ESTABLISHED); X} X X Xint ipdeletecount = 0; X X Xstatic void Xdelete_ip (ih) Xstruct IP_OBJECT *ih; X{ X ipdeletecount++; X remove_hash_table_entry (&ip_hash_table, &ih->addr); X free (ih); X} X X Xstatic void Xnew_ip_hash_entry (ip, ep, rev, tvp, tha) Xstruct ip *ip; Xstruct ether_header *ep; Xint rev; Xstruct timeval *tvp; Xstruct tha *tha; X{ X struct IP_OBJECT *ptr = NULL; X struct ipcb *ipCb; X X if (ptr = (struct IP_OBJECT *) calloc (1, sizeof (*ptr))) { X ipCb = &ptr->ip_cb; X ipCb->status = IPPROTO | IP_INIT | MODIFIED; X if (dflag) ipCb->status |= DETAIL; X ipCb->startime = *tvp; X ipCb->lasttime = *tvp; X if (ipCb->rev = rev) { X ipCb->status |= REVERSE; X bcopy ((char *)&ep->ether_dhost, (char *)&ptr->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_shost, (char *)&ptr->link.phys.etherdst, 6); X } else { X bcopy ((char *)&ep->ether_shost, (char *)&ptr->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_dhost, (char *)&ptr->link.phys.etherdst, 6); X } X ptr->qhdr.last_time = *tvp; X bcopy ((char *) tha, (char *) &ptr->addr, sizeof (struct tha)); X X if (ip_options) { X if (ip_rr) ipCb->status |= RECORDROUTE; X if (ip_ts) ipCb->status |= TIMESTAMP; X if (ip_sec) ipCb->status |= SECURITY; X if (ip_lsrr) ipCb->status |= LSRCROUTE; X if (ip_ssrr) ipCb->status |= SSRCROUTE; X if (ip_satid) ipCb->status |= SATNETID; X } X X ipCb->src.count++; X ipCb->src.bytes += ip->ip_len - (ip->ip_hl << 2); X X if (add_to_queue (&ip_display_list,(struct QUEUE_HEADER *)&ptr->qhdr)) { X (void) add_hash_table_entry (&ip_hash_table, tha, ptr); X if (dflag) { X log_ip_connection (ptr, tvp, IP_INIT); X ipCb->status &= ~LOGGED; X } X } else X delete_ip (ptr); X } X} X X X#include X#include X Xextern char *sys_errlist[]; Xextern int sys_nerr; Xextern int errno; X Xextern int clienttags; Xextern int clients[]; X X Xvoid Xlog_ip_connection (ptr, tvp, state) Xstruct IP_OBJECT *ptr; Xstruct timeval *tvp; Xint state; X{ X struct writeStruct output; X X if (clienttags || wflag) { X if ((ptr->ip_cb.src.count || ptr->ip_cb.dst.count) && X (ptr->ip_cb.status &= ~MODIFIED)) { X output.startime = ptr->ip_cb.startime; X output.lasttime = ptr->ip_cb.lasttime; X output.status = ptr->ip_cb.status | state; X ptr->ip_cb.status &= ~MODIFIED; X ptr->ip_cb.status &= ~MULTIADDR; X output.addr = ptr->addr; X bcopy ((char *)&ptr->link.phys.ethersrc, (char *)&output.ethersrc, 6); X bcopy ((char *)&ptr->link.phys.etherdst, (char *)&output.etherdst, 6); X output.src_count = ptr->ip_cb.src.count - ptr->ip_cb.src.lastcount; X output.dst_count = ptr->ip_cb.dst.count - ptr->ip_cb.dst.lastcount; X output.src_bytes = ptr->ip_cb.src.bytes - ptr->ip_cb.src.lastbytes; X output.dst_bytes = ptr->ip_cb.dst.bytes - ptr->ip_cb.dst.lastbytes; X if ((output.src_count || output.src_bytes) || X (output.dst_count || output.dst_bytes)) { X if (ptr->ip_cb.status & state) { X writeOutData (&output); X ptr->ip_cb.status |= LOGGED; X } X X if (!(dflag && (state & UDP_INIT)) && X (ptr->ip_cb.status & LOGGED)) { X ptr->ip_cb.src.lastcount = ptr->ip_cb.src.count; X ptr->ip_cb.src.lastbytes = ptr->ip_cb.src.bytes; X ptr->ip_cb.dst.lastcount = ptr->ip_cb.dst.count; X ptr->ip_cb.dst.lastbytes = ptr->ip_cb.dst.bytes; X ptr->ip_cb.startime = *tvp; ptr->ip_cb.lasttime = *tvp; X } X } X } X } X X ptr->qhdr.logtime = *tvp; X} X X Xvoid Xcheck_ip_timeouts (ptr, tvp) Xstruct IP_OBJECT *ptr; Xstruct timeval *tvp; X{ X int srccounts, dstcounts; X X if ((tvp->tv_sec - ptr->ip_cb.lasttime.tv_sec) > iptimeout) { X if ((ptr->ip_cb.src.count || ptr->ip_cb.dst.count) && X !(ptr->ip_cb.status & LOGGED)) { X ptr->ip_cb.status |= TIMED_OUT; X log_ip_connection (ptr, tvp, TIMED_OUT); X } X remove_from_queue (&ip_display_list, X (struct QUEUE_HEADER *) &ptr->qhdr); X delete_ip (ptr); X X } else { X if ((tvp->tv_sec - ptr->ip_cb.startime.tv_sec) > iptimeout) { X srccounts = (ptr->ip_cb.src.count - ptr->ip_cb.src.lastcount); X dstcounts = (ptr->ip_cb.dst.count - ptr->ip_cb.dst.lastcount); X if ((srccounts || dstcounts) && X (ptr->ip_cb.status & CON_ESTABLISHED)) { X log_ip_connection (ptr, tvp, CON_ESTABLISHED); X ptr->qhdr.last_time = *tvp; X update_queue_status ((struct QUEUE_HEADER *) &ptr->qhdr); X } X } X } X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_ip.c' && chmod 0444 'argus-1.5/server/cons_ip.c' || echo 'restore of argus-1.5/server/cons_ip.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_ip.c'`" test 12399 -eq "$shar_count" || echo "argus-1.5/server/cons_ip.c: original size 12399, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_sockets.c ============== if test -f 'argus-1.5/server/cons_sockets.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_sockets.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_sockets.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_sockets.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * cons_sockets.c - supports connection tracking X * X * Used to handle remote client sockets. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X */ X X#include X#include X X#include X#include X X#include X#include X#include X#include X#include X Xextern char *sys_errlist[]; Xextern int sys_nerr; Xextern int errno; X X#include X#include X#include X#include X X#define STDOUT 1 X#define MONITORPORTNUM 561 X Xstatic void close_socket (); Xextern fd_set readmask, writemask, exceptmask; X Xint clienttags = 0; Xstatic int clientsfd [MAX_LISTEN]; Xstatic struct sockaddr *clientsock[MAX_LISTEN]; X X Xvoid Xcons_socket_init () X{ X int i; X for (i = 0; i < MAX_LISTEN; i++) { X clientsfd[i] = -1; X clientsock[i] = NULL; X } X} X X Xint firstWrite = 1; X Xvoid XwriteOutData (output) Xstruct writeStruct *output; X{ X int i, fd; X struct stat buf; X char buffer[64]; X X if (wfile && wflag) { X if (strcmp (wfile, "-")) { X if ((fd = open (wfile, O_RDWR | O_APPEND | O_CREAT, 0x1a4)) >= 0) { X if (fstat (fd, &buf) == 0) { X if (buf.st_size == 0) { X sprintf (buffer, "Argus Version %d.%d\n", X VERSION_MAJOR, VERSION_MINOR); X if ((write (fd, buffer, strlen(buffer))) < 0) X perror ("write"); X } X } else { X perror ("fstat"); X close (fd); unlink (wfile); X return; X } X if ((write (fd, output, sizeof (*output))) < 0) X perror ("write"); X close (fd); X } else X perror ("open"); X X } else { X if (firstWrite) { X fprintf (stdout, "Argus Version %d.%d\n", X VERSION_MAJOR, VERSION_MINOR); X firstWrite = 0; X } X if (!(fwrite (output, sizeof (struct writeStruct), 1, stdout))) X perror ("fwrite"); X fflush (stdout); X } X } X X if (clienttags) X for (i = 0; i < MAX_LISTEN; i++) X if (clientsfd[i] != -1) X if ((write (clientsfd[i], (char *) output, X sizeof(struct writeStruct))) <= 0) X if ((errno == ENXIO) || (errno == EPIPE)) X close_socket (i); X} X X Xestablish_listen (port) Xint port; X{ X int s = -1; X struct sockaddr_in sin; X struct servent *sp; X X if (port) { X if (sp = getservbyname ("monitor", "tcp")) X sin.sin_port = sp->s_port; X else X sin.sin_port = (u_short) port; X X sin.sin_addr.s_addr = INADDR_ANY; X if (s = socket (AF_INET, SOCK_STREAM, 0)) { X if ((fcntl (s, F_SETFL, O_NDELAY)) >= 0) { X if (!(bind (s, (struct sockaddr *)&sin, sizeof(sin)))) { X listen (s, MAX_LISTEN); X FD_SET (s, &readmask); X FD_SET (s, &writemask); X FD_SET (s, &exceptmask); X } else X perror ("bind"); X } X } else X perror ("bind"); X } X return (s); X} X X#include X Xvoid Xcheck_client_status (lfd) Xint lfd; X{ X struct sockaddr from; X int fd, len = sizeof (from), i; X char buf [1024]; X X if ((fd = accept (lfd, (struct sockaddr *)&from, &len)) > 0) { X if (tcp_wrapper (fd, &from) >= 0) { X sprintf (buf, "Argus Version %d.%d", X VERSION_MAJOR, VERSION_MINOR); X if (dflag) strcat (buf, " detail mode\n"); X else strcat (buf, "\n"); X X if (write (fd, buf, (unsigned int) strlen (buf)) <= 0) { X close (fd); X return; X } else { X for (i = 0; i < MAX_LISTEN; i++) { X if (clientsfd[i] == -1) { X clientsfd[i] = fd; X if (clientsock[i] = (struct sockaddr *) calloc (1, X sizeof (struct sockaddr))) X bcopy ((char *)&from, (char *) clientsock[i], X sizeof (struct sockaddr)); X clienttags |= (1 << i); X break; X } X } X if (i == MAX_LISTEN) X close (fd); X } X X } else X close (fd); X } X} X Xstatic void Xclose_socket (i) Xint i; X{ X close (clientsfd[i]); X clientsfd[i] = -1; X free (clientsock[i]); X clientsock[i] = NULL; X clienttags &= ~(1 << i); X} X X Xvoid Xclose_clients () X{ X extern int lfd; X int i; X X for (i = 0; i < MAX_LISTEN; i++) X if (clientsfd[i] != -1) X close_socket (i); X X clienttags = 0; X close (lfd); X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_sockets.c' && chmod 0444 'argus-1.5/server/cons_sockets.c' || echo 'restore of argus-1.5/server/cons_sockets.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_sockets.c'`" test 5786 -eq "$shar_count" || echo "argus-1.5/server/cons_sockets.c: original size 5786, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_tcp.c ============== if test -f 'argus-1.5/server/cons_tcp.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_tcp.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_tcp.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_tcp.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X/* X * cons_tcp.c - handle tcp specific protocol state machine, X * and routines related to tcp event reporting. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X#define CONS_TCP X X#include X#include X X#include X#include X#include X X#include X#include X#include X#include X Xextern int clienttags; Xextern int clients[]; Xextern int ip_options; Xextern int ip_eol; Xextern int ip_nop; Xextern int ip_ts; Xextern int ip_rr; Xextern int ip_sec; Xextern int ip_lsrr; Xextern int ip_ssrr; Xextern int ip_satid; X X Xstatic void new_tcp_hash_entry (); Xstatic void delete_tcp (); Xstatic int update_seq (); Xstatic int tcp_state (); X Xvoid Xcons_tcp_init () X{ X struct HASH_TABLE_HEADER **ptr; X X bzero ((char *) &tcp_display_list, sizeof (tcp_display_list)); X bzero ((char *) &tcp_timeout_list, sizeof (tcp_timeout_list)); X bzero ((char *) &tcp_hash_table, sizeof (tcp_hash_table)); X if (ptr = (struct HASH_TABLE_HEADER **) calloc (TSEQ_HASHSIZE, X sizeof (struct HASH_TABLE_HEADER *))) { X tcp_hash_table.hash_array = ptr; X tcp_hash_table.size = TSEQ_HASHSIZE; X } else X perror ("cons_tcp_init: calloc"); X X tcp_display_list.timerRoutine = check_tcp_timeouts; X tcp_display_list.logRoutine = log_tcp_connection; X tcp_timeout_list.timerRoutine = check_tcp_timeouts; X tcp_timeout_list.logRoutine = log_tcp_connection; X X tcptimeout = tcptimeout ? tcptimeout : TCPTIMEOUT; X} X X Xvoid Xcons_tcp (ep, tp, length, ip, tvp) Xstruct ether_header *ep; Xstruct tcphdr *tp; Xint length; Xstruct ip *ip; Xstruct timeval *tvp; X{ X struct TCP_OBJECT *th; X int rev = 0; X struct tha tha; X X if ((length >= sizeof(struct tcphdr)) && (tp)) { X create_tcp_tha (&tha, ip, tp, &rev); X X if (th = (struct TCP_OBJECT *) find_hash_entry (&tcp_hash_table, &tha)) X update_tcp_record (th, ep, tp, length, tvp, rev, tp->th_flags); X else X new_tcp_hash_entry (tp, ep, rev, tvp, ip, &tha, X length - (tp->th_off<<2)); X } X} X X Xcreate_tcp_tha (tha, ip, tp, rev) Xstruct tha *tha; Xstruct ip *ip; Xstruct tcphdr *tp; Xint *rev; X{ X X if (tp->th_dport > tp->th_sport || (tp->th_sport == tp->th_dport && X ip->ip_src.s_addr < ip->ip_dst.s_addr)) { X tha->src = ip->ip_dst, tha->dst = ip->ip_src; X tha->port = tp->th_dport << 16 | tp->th_sport; X *rev = 1; X X } else { X tha->src = ip->ip_src, tha->dst = ip->ip_dst; X tha->port = tp->th_sport << 16 | tp->th_dport; X *rev = 0; X } X} X X Xupdate_tcp_record (th, ep, tp, length, tvp, rev, flags) Xstruct TCP_OBJECT *th; Xstruct ether_header *ep; Xstruct tcphdr *tp; Xint length; Xstruct timeval *tvp; Xint rev; Xu_char flags; X{ X struct tcpcb *tcpCb; X X tcpCb = &th->tcp_cb; X tcpCb->lasttime = *tvp; th->qhdr.last_time = *tvp; X if (tcpCb->rev == rev) X tcpCb->src.count++; X else X tcpCb->dst.count++; X X if (tcpCb->status & MODIFIED) { X if (!(tcpCb->status & MULTIADDR)) { X if (rev) { X if (bcmp ((char *)&ep->ether_dhost, X (char *)&th->link.phys.ethersrc, 6) || X bcmp ((char *)&ep->ether_shost, X (char *)&th->link.phys.etherdst, 6)) X tcpCb->status |= MULTIADDR; X } else { X if (bcmp ((char *)&ep->ether_shost, X (char *)&th->link.phys.ethersrc, 6) || X bcmp ((char *)&ep->ether_dhost, X (char *)&th->link.phys.etherdst, 6)) X tcpCb->status |= MULTIADDR; X } X } X } else { X if (rev) { X bcopy ((char *)&ep->ether_dhost, (char *)&th->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_shost, (char *)&th->link.phys.etherdst, 6); X } else { X bcopy ((char *)&ep->ether_shost, (char *)&th->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_dhost, (char *)&th->link.phys.etherdst, 6); X } X } X X if (update_seq (tp, th, rev, length - (tp->th_off << 2))) { X update_queue_status ((struct QUEUE_HEADER *) &th->qhdr); X tcpCb->status |= MODIFIED; X X switch (tcp_state (flags, th, tvp)) { X case TCPS_LISTEN: X if (th->qhdr.queue == &tcp_display_list) X log_tcp_connection (th, tvp, 0L); X remove_from_queue (th->qhdr.queue, X (struct QUEUE_HEADER *) &th->qhdr); X delete_tcp (th); X th = NULL; X break; X X case TCPS_CLOSED: X case TCPS_TIME_WAIT: X if (th->qhdr.queue == &tcp_display_list) { X if (!(th->tcp_cb.status & RESET)) X th->tcp_cb.status |= NORMAL_CLOSE; X X log_tcp_connection (th, tvp, 0L); X remove_from_queue (&tcp_display_list, X (struct QUEUE_HEADER *) &th->qhdr); X if (!(add_to_queue (&tcp_timeout_list, X (struct QUEUE_HEADER *) &th->qhdr))) { X closed++; X delete_tcp (th); X } X } X break; X } X } X} X X Xstatic int Xupdate_seq (tp, th, rev, len) Xstruct tcphdr *tp; Xstruct TCP_OBJECT *th; Xint rev, len; X{ X int retn = 1; X struct TCP_CON_OBJECT *src, *dst; X tcp_seq seq = tp->th_seq + len; X u_char flags = tp->th_flags; X X if (th->tcp_cb.rev == rev) { X src = (struct TCP_CON_OBJECT *) &th->tcp_cb.src; X dst = (struct TCP_CON_OBJECT *) &th->tcp_cb.dst; X } else { X src = (struct TCP_CON_OBJECT *) &th->tcp_cb.dst; X dst = (struct TCP_CON_OBJECT *) &th->tcp_cb.src; X } X X if (!src->seq_base) X src->seq_base = tp->th_seq; X X if ((tp->th_seq < src->seq) && dst->win) { X src->retrans += len; X th->tcp_cb.status |= PKTS_RETRANS; X } else X src->seq = seq; X X if (tp->th_seq < dst->ack) X src->strays++; X X if (!(src->win = tp->th_win) && !(flags & (TH_FIN|TH_RST))) X th->tcp_cb.status |= SRC_WINDOW_SHUT; X X return (retn); X} X X Xstatic int Xtcp_state (flags, th, tvp) Xu_char flags; Xstruct TCP_OBJECT *th; Xstruct timeval *tvp; X{ X int state = th->tcp_cb.t_state; X X if ((flags &= ~TH_PUSH) & TH_RST) { X th->tcp_cb.status |= RESET; X state = TCPS_CLOSED; X } else { X switch (state) { X case TCPS_LISTEN: X case TCPS_SYN_SENT: X if (flags == (TH_SYN|TH_ACK)) { X state = TCPS_SYN_RECEIVED; X th->tcp_cb.status |= SAW_SYN_SENT; X if (dflag) log_tcp_connection (th, tvp, DETAIL); X } else if (flags & TH_ACK) { X state = TCPS_ESTABLISHED; X th->tcp_cb.status |= CON_ESTABLISHED; X if (dflag) log_tcp_connection (th, tvp, DETAIL); X } X X if (flags & TH_FIN) X state = TCPS_CLOSING; X break; X X case TCPS_SYN_RECEIVED: X if (flags == (TH_FIN|TH_ACK)) X state = TCPS_FIN_WAIT_1; X else if (!(flags & TH_SYN) && (flags & TH_ACK)) { X state = TCPS_ESTABLISHED; X th->tcp_cb.status |= CON_ESTABLISHED; X if (dflag) log_tcp_connection (th, tvp, DETAIL); X } X break; X X case TCPS_ESTABLISHED: X if (flags == (TH_FIN|TH_ACK)) X state = TCPS_FIN_WAIT_1; X th->tcp_cb.status |= CLOSE_WAITING; X break; X X case TCPS_CLOSE_WAIT: X case TCPS_FIN_WAIT_1: X if ((flags & (TH_FIN))) X state = TCPS_CLOSING; X else if (flags & TH_SYN) X state = TCPS_LISTEN; X else if (flags & TH_ACK) X state = TCPS_FIN_WAIT_2; X break; X X case TCPS_LAST_ACK: X case TCPS_FIN_WAIT_2: X if (flags == (TH_FIN|TH_ACK)) X state = TCPS_CLOSING; X else X X case TCPS_CLOSING: X case TCPS_TIME_WAIT: X if (flags & TH_SYN) X state = TCPS_LISTEN; X else if (flags & TH_ACK) X state = TCPS_CLOSED; X break; X X case TCPS_CLOSED: X if (flags & TH_SYN) X state = TCPS_LISTEN; X break; X } X } X X if (state != TCPS_LISTEN) X th->tcp_cb.t_state = state; X return (state); X} X X Xint tcpdeletecount = 0; X Xstatic void Xdelete_tcp (th) Xstruct TCP_OBJECT *th; X{ X tcpdeletecount++; X remove_hash_table_entry (&tcp_hash_table, &th->addr); X free (th); X} X X X Xstatic void Xnew_tcp_hash_entry (tp, ep, rev, tvp, ip, tha, len) Xstruct tcphdr *tp; Xstruct ether_header *ep; Xint rev; Xstruct timeval *tvp; Xstruct ip *ip; Xstruct tha *tha; Xint len; X{ X struct TCP_OBJECT *ptr = NULL; X struct tcpcb *tcpCb; X u_char flags = tp->th_flags; X u_char etherbuf[6]; X X if (!(flags & TH_RST)) { X if (ptr = (struct TCP_OBJECT *) calloc (1, sizeof (*ptr))) { X tcpCb = &ptr->tcp_cb; X tcpCb->status = TCPPROTO; X if (ip) tcpCb->status |= IPPROTO; X tcpCb->startime = *tvp; X tcpCb->lasttime = *tvp; X tcpCb->status |= MODIFIED; X if (tcpCb->rev = rev) { X tcpCb->status |= REVERSE; X bcopy ((char *)&ep->ether_dhost, X (char *)&ptr->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_shost, X (char *)&ptr->link.phys.etherdst, 6); X } else { X bcopy ((char *)&ep->ether_shost, X (char *)&ptr->link.phys.ethersrc, 6); X bcopy ((char *)&ep->ether_dhost, X (char *)&ptr->link.phys.etherdst, 6); X } X bcopy ((char *) tha, (char *) &ptr->addr, sizeof (struct tha)); X X ptr->qhdr.last_time = *tvp; X X if (ip_options) { X if (ip_ts) tcpCb->status |= TIMESTAMP; X if (ip_sec) tcpCb->status |= SECURITY; X if (ip_lsrr) tcpCb->status |= LSRCROUTE; X if (ip_ssrr) tcpCb->status |= SSRCROUTE; X if (ip_rr) tcpCb->status |= RECORDROUTE; X if (ip_satid) tcpCb->status |= SATNETID; X } X X switch (flags) { X case (TH_SYN): X tcpCb->t_state = TCPS_SYN_SENT; X tcpCb->status |= SAW_SYN; X tcpCb->src.count = 1; X tcpCb->src.seq_base = tp->th_seq; X if (dflag) log_tcp_connection (ptr, tvp, DETAIL); X break; X X case (TH_SYN|TH_ACK): X tcpCb->t_state = TCPS_SYN_RECEIVED; X tcpCb->status |= SAW_SYN_SENT; X tcpCb->rev = rev ? 0 : 1; X tcpCb->status ^= REVERSE; X bcopy ((char *)&ptr->link.phys.ethersrc, (char *) ðerbuf, 6); X bcopy ((char *)&ptr->link.phys.etherdst, X (char *)&ptr->link.phys.ethersrc, 6); X bcopy ((char *) ðerbuf, (char *)&ptr->link.phys.ethersrc, 6); X X tcpCb->dst.count = 1; X tcpCb->dst.seq_base = tp->th_seq; X tcpCb->src.seq_base = tp->th_ack - 1; X X tcpCb->status |= SAW_SYN; X if (dflag) log_tcp_connection (ptr, tvp, DETAIL); X break; X X case (TH_ACK): X case (TH_PUSH): X case (TH_PUSH|TH_ACK): X case (TH_URG|TH_ACK): X case (TH_PUSH|TH_URG|TH_ACK): X tcpCb->src.count = 1; X tcpCb->src.seq_base = tp->th_seq - len; X tcpCb->src.seq = tp->th_seq; X tcpCb->t_state = TCPS_ESTABLISHED; X tcpCb->status |= CON_ESTABLISHED; X if (dflag) log_tcp_connection (ptr, tvp, DETAIL); X break; X X default: X tcpCb->t_state = TCPS_CLOSING; X break; X } X X if (tcpCb->t_state == TCPS_CLOSING) { X if (add_to_queue (&tcp_timeout_list, X (struct QUEUE_HEADER *) &ptr->qhdr)) X (void) add_hash_table_entry (&tcp_hash_table, tha, ptr); X X else X closed++; X } else X if (add_to_queue (&tcp_display_list, X (struct QUEUE_HEADER *) &ptr->qhdr)) X (void) add_hash_table_entry (&tcp_hash_table, tha, ptr); X X else X delete_tcp (ptr); X } X } X} X X X#include X#include X Xextern char *sys_errlist[]; Xextern int errno; X Xvoid Xlog_tcp_connection (ptr, tvp, state) Xstruct TCP_OBJECT *ptr; Xstruct timeval *tvp; Xint state; X{ X unsigned int status = 0; X int src_count, dst_count, src_bytes, dst_bytes; X struct TCP_CON_OBJECT *src, *dst; X struct writeStruct output; X X if (clienttags || wflag) { X bzero ((char *) &output, sizeof (struct writeStruct)); X ptr->tcp_cb.status |= state; X status = ptr->tcp_cb.status; X ptr->tcp_cb.status &= ~MODIFIED; X ptr->tcp_cb.status &= ~MULTIADDR; X src = (struct TCP_CON_OBJECT *) &ptr->tcp_cb.src; X dst = (struct TCP_CON_OBJECT *) &ptr->tcp_cb.dst; X X if (dflag & (!(status & (NORMAL_CLOSE|RESET|TIMED_OUT)))) X output.startime = ptr->qhdr.logtime; X else X output.startime = ptr->tcp_cb.startime; X X output.lasttime = ptr->tcp_cb.lasttime; X output.status = status; X bcopy ((char *)&ptr->link.phys.ethersrc, (char *)&output.ethersrc, 6); X bcopy ((char *)&ptr->link.phys.etherdst, (char *)&output.etherdst, 6); X output.addr = ptr->addr; X output.src_count = src->count; X output.dst_count = dst->count; X X if (src->seq && src->seq_base) X if (output.src_count > 0) X output.src_bytes = (src->seq - src->seq_base) - 1; X X if (dst->seq && dst->seq_base) X if (output.dst_count > 0) X output.dst_bytes = (dst->seq - dst->seq_base) - 1; X X if (dflag && (status & TCPS_ESTABLISHED) && X (!(status & (NORMAL_CLOSE|RESET|TIMED_OUT)))) { X src_count = output.src_count; X dst_count = output.dst_count; X src_bytes = output.src_bytes; X dst_bytes = output.dst_bytes; X output.src_count = src_count - src->lastcount; X output.dst_count = dst_count - dst->lastcount; X output.src_bytes = src_bytes - src->lastbytes; X output.dst_bytes = dst_bytes - dst->lastbytes; X src->lastcount = src_count; X src->lastbytes = src_bytes; X dst->lastcount = dst_count; X dst->lastbytes = dst_bytes; X } X X if ((output.src_count || output.dst_count) || X (output.src_bytes || output.dst_bytes)) X writeOutData (&output); X X ptr->tcp_cb.status |= LOGGED; X ptr->tcp_cb.status ^= state; X } X ptr->qhdr.logtime = *tvp; X} X X Xvoid Xcheck_tcp_timeouts (ptr, tvp) Xstruct TCP_OBJECT *ptr; Xstruct timeval *tvp; X{ X switch (ptr->tcp_cb.t_state) { X case TCPS_SYN_SENT: X case TCPS_SYN_RECEIVED: X case TCPS_ESTABLISHED: X case TCPS_CLOSE_WAIT: X case TCPS_FIN_WAIT_1: X case TCPS_LAST_ACK: X case TCPS_FIN_WAIT_2: X case TCPS_CLOSING: X case TCPS_TIME_WAIT: X ptr->tcp_cb.status |= TIMED_OUT; X if (ptr->qhdr.queue == &tcp_display_list) X log_tcp_connection (ptr, tvp, 0L); X break; X } X X remove_from_queue (ptr->qhdr.queue, (struct QUEUE_HEADER *)&ptr->qhdr); X closed++; X delete_tcp (ptr); X} SHAR_EOF $shar_touch -am 0508141395 'argus-1.5/server/cons_tcp.c' && chmod 0444 'argus-1.5/server/cons_tcp.c' || echo 'restore of argus-1.5/server/cons_tcp.c failed' shar_count="`wc -c < 'argus-1.5/server/cons_tcp.c'`" test 16416 -eq "$shar_count" || echo "argus-1.5/server/cons_tcp.c: original size 16416, current size $shar_count" rm -f _sharnew.tmp fi # ============= argus-1.5/server/cons_udp.c ============== if test -f 'argus-1.5/server/cons_udp.c' && test X"$1" != X"-c"; then echo 'x - skipping argus-1.5/server/cons_udp.c (file already exists)' rm -f _sharnew.tmp else > _sharnew.tmp echo 'x - extracting argus-1.5/server/cons_udp.c (text)' sed 's/^X//' << 'SHAR_EOF' > 'argus-1.5/server/cons_udp.c' && X X/* X * Copyright (c) 1993, 1994 Carnegie Mellon University. X * All rights reserved. X * X * Permission to use, copy, modify, and distribute this software and X * its documentation for any purpose and without fee is hereby granted, X * provided that the above copyright notice appear in all copies and X * that both that copyright notice and this permission notice appear X * in supporting documentation, and that the name of CMU not be X * used in advertising or publicity pertaining to distribution of the X * software without specific, written prior permission. X * X * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING X * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL X * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR X * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, X * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, X * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS X * SOFTWARE. X * X */ X X X/* X * cons_udp.c - handle udp specific protocol state machine, X * and routines related to udp event reporting. X * X * written by Carter Bullard X * Software Engineering Institute X * Carnegie Mellon Univeristy X * X */ X X X#include X#include X X#include X#include X#include X X#include X#include X Xextern int clienttags; Xextern int clients[]; Xextern int ip_options; Xextern int ip_eol; Xextern int ip_nop; Xextern int ip_ts; Xextern int ip_rr; Xextern int ip_sec; Xextern int ip_lsrr; Xextern int ip_ssrr; Xextern int ip_satid; X Xstatic void new_udp_hash_entry (); Xstatic void delete_udp (); Xstatic void remove_udp_hash_entry (); X X X Xvoid Xcons_udp_init () X{ X struct HASH_TABLE_HEADER **ptr; X X bzero ((char *) &udp_display_list, sizeof (udp_display_list)); X bzero ((char *) &udp_hash_table, sizeof (udp_hash_table)); X X if (ptr = (struct HASH_TABLE_HEADER **) calloc (USEQ_HASHSIZE, X sizeof (struct HASH_TABLE_HEADER *))) { X udp_hash_table.hash_array = ptr; X udp_hash_table.size = USEQ_HASHSIZE; X } else X perror ("cons_udp_init: calloc"); X X udptimeout = udptimeout ? udptimeout : UDPTIMEOUT; X udp_display_list.timerRoutine = check_udp_timeouts; X udp_display_list.logRoutine = log_udp_connection; X} X Xvoid Xcons_udp (ep, up, length, ip, tvp) Xstruct ether_header *ep; Xstruct udphdr *up; Xint length; Xstruct ip *ip; Xstruct timeval *tvp; X{ X struct UDP_OBJECT *uh; X int rev; X struct tha tha; X X if ((length >= sizeof(struct udphdr)) && (up)) { X create_udp_tha (&tha, ip, up, &rev); X X if (uh = (struct UDP_OBJECT *) find_hash_entry (&udp_hash_table, &tha)) X update_udp_record (uh, ep, up, (int)up->uh_ulen, tvp, rev); X else X new_udp_hash_entry (up, ep, rev, tvp, ip, &tha, (int)up->uh_ulen); X } X} X X Xcreate_udp_tha (tha, ip, up, rev) Xstruct tha *tha; Xstruct ip *ip; Xstruct udphdr *up; Xint *rev; X{ X adjust_group_port (&up->uh_sport, &up->uh_dport); X X if ((up->uh_dport > up->uh_sport) || ((up->uh_dport == up->uh_sport) && X (ip->ip_src.s_addr < ip->ip_dst.s_addr))) { X tha->src = ip->ip_dst, tha->dst = ip->ip_src; X tha->port = up->uh_dport << 16 | up->uh_sport; X *rev = 1; X X } else { X tha->src = ip->ip_src, tha->dst = ip->ip_dst; X tha->port = up->uh_sport << 16 | up->uh_dport; SHAR_EOF : || echo 'restore of argus-1.5/server/cons_udp.c failed' fi echo 'End of archive part 4' echo 'File argus-1.5/server/cons_udp.c is continued in part 5' echo 5 > _sharseq.tmp exit 0