--- Makefile.in.orig Tue Nov 14 17:37:41 2006 +++ Makefile.in Tue Nov 14 17:37:41 2006 @@ -47,7 +47,7 @@ NETMOND_C = netmond.c netstate.c event.c session.c mib.c snmp.c router.c \ trap.c ping.c tcp.c udp.c dns.c radius.c tacacs.c md5.c util.c \ - variables.c save.c regex.c malloc.c reconfig.c + variables.c save.c regex.c malloc.c reconfig.c pipe.c NETMOND_Y = calc.y parseconf.y NETMOND_L = scanconf.l NETMOND_G = version.c --- dns.c.orig Tue Nov 14 17:37:41 2006 +++ dns.c Tue Nov 14 17:37:41 2006 @@ -149,6 +149,8 @@ { SESSION *sd = method->sd; int reqid; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -161,6 +163,14 @@ return; } + /* bind socket to local source address */ + + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "dns_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } /* turn on non-blocking I/O */ if (set_socket_async(sd->sock, TRUE) < 0) { dns_reply(errno, sd, 0); @@ -288,7 +298,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("dns_init(%s/%s)\n", target->name, method->name)); @@ -303,6 +313,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = dns_send; @@ -332,6 +346,7 @@ IPPROTO_UDP, /* network protocol */ NAMESERVER_PORT, /* server port */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { 0, 0 }, /* no parameters used */ /* Non-initialized data */ --- event.c.orig Tue Nov 14 17:37:41 2006 +++ event.c Tue Nov 14 17:37:41 2006 @@ -288,7 +288,7 @@ #ifdef HAVE_PTHREAD pthread_mutex_lock(&localtime_lock); #endif - tm = localtime(&tvp->tv_sec); + tm = localtime((time_t *)&tvp->tv_sec); defect = tm->tm_sec + 60 * tm->tm_min + 3600 * tm->tm_hour + off; #ifdef HAVE_PTHREAD pthread_mutex_unlock(&localtime_lock); --- netmon.h.orig Tue Nov 14 17:37:41 2006 +++ netmon.h Tue Nov 14 17:37:41 2006 @@ -14,6 +14,9 @@ #include #include #include +#include +#include +#include #ifdef DEBUG_MEMORY #include #endif @@ -77,7 +80,10 @@ #endif #define NETMON "netmon" -#define DEFAULT_CONFIG "/etc/netmon.conf" +#define DEFAULT_CONFIG "/usr/local/etc/netmond.conf" +#define USERNAME "netmon" +#define GROUPNAME "netmon" +#define PIDFILE_PATH "/var/run" #define DEFAULT_WATCHDOG 600 /* 10 min */ #define POLLING_MIN 30 /* 30 sec */ @@ -90,6 +96,8 @@ #define STATE_UP 1 #define STATE_DOWN 2 +#define STATE_DEGRADED 3 +#define STATE_WARNING 4 #define BGP_ESTABLISHED 6 #define ENV_NOTPRESENT 5 @@ -111,6 +119,9 @@ #define TYPE_ENVFAN 9 #define TYPE_ENVPS 10 +#define WHEN_PROTO 10099 +#define PIPE_PROTO 10098 + struct object_ent; struct method_ent; @@ -385,13 +396,14 @@ struct method_ent *method; /* session method */ int sock; /* socket file descriptor */ struct sockaddr peer; /* address of peer */ + struct sockaddr me; /* my source address */ long timeout; /* number of microseconds until first timeout */ int retries; /* number of retries before timeout */ int (*connect) __P((struct session_ent *)); int (*send) __P((struct session_ent *, REQUEST *)); int (*recv) __P((struct session_ent *)); void (*read) __P((int, struct session_ent *, int)); - + pid_t pid; /* returned values */ int data_int; /* data length or chat-script matchs */ char *data_ptr; /* pointer to resulting data if any */ @@ -428,6 +440,8 @@ u_short rport; /* remote port number, 0=unused */ int timeout; /* number of seconds until first timeout */ int retries; /* number of retries before timeout */ + char *when; /* condition string */ + char *when_fmt; /* message when condition is true */ union { struct ping_param { short send; /* ICMP echo request packets to send */ @@ -530,7 +544,9 @@ char *descr; /* object description */ char *datadir; /* directory where store data */ char *address; /* domain name or dotted IP address */ + char *srcaddress; /* domain name or dotted source IP address */ struct in_addr ip_addr; /* ip address of peer */ + struct in_addr ip_srcaddr; /* source ip address */ int polling; /* polling period in seconds */ int saving; /* saving period in seconds */ int sync; /* polling counter to synchronize saving */ @@ -544,6 +560,9 @@ int state; /* current operational status (UP/DOWN/...) */ int prev_state; /* previous operational status */ + int mths_ok; /* count of Ok finished methods */ + int mths_fail; /* count of Failed methods */ + int smths_fail; /* count of Failed services methods */ TIMEVAL last_request; /* last time method requested */ TIMEVAL prev_request; /* previous time method requested */ TIMEVAL last_reply; /* last time method reply */ @@ -574,7 +593,14 @@ typedef struct config_ent { char *rootdir; /* default work directory */ + char *chrootdir; /* chroot directory for EXEC children */ + char *username; /* username for EXEC children */ + uid_t uid; /* UID for EXEC children */ + char *groupname; /* groupname for EXEC children */ + gid_t gid; /* GID for EXEC children */ char *timefmt; /* strftime format of currtime for logging */ + char *srcaddress; /* my default source domain name or dotted IP address */ + struct in_addr ip_srcaddr; /* my default sorce ip address */ int polling; /* default polling interval in seconds */ int saving; /* default saving interval in seconds */ int timeout; /* default timeout in seconds */ @@ -582,9 +608,13 @@ int enable_traps; /* enable SNMP traps */ int source_traps; /* match src-addr and agent-addr of traps */ + char *trap_address; /* Trap bind address */ + struct in_addr trap_ip_addr; /* */ /* netstate server */ int ns_port; /* server port number */ + char *ns_address; /* NetState bind address */ + struct in_addr ns_ip_addr; /* */ int ns_timo; /* client timeout in seconds */ GROUP_REF *ns_acl; /* netstate client access list */ @@ -733,6 +763,19 @@ void tcp_start __P((METHOD *)); void tcp_stop __P((METHOD *)); int match_expect __P((SESSION *, CHATSCRIPT *, char *)); +int tcp_connect __P((SESSION *)); +int tcp_send __P((SESSION *,REQUEST *)); +int tcp_recv __P((SESSION *)); +void tcp_close __P((int, SESSION *, int)); + +/* pipe.c */ +int pipe_init __P((OBJECT *, METHOD *)); +void pipe_start __P((METHOD *)); +void pipe_stop __P((METHOD *)); + +int when_init __P((OBJECT *, METHOD *)); +void when_start __P((METHOD *)); +void when_stop __P((METHOD *)); /* udp.c */ int udp_init __P((OBJECT *, METHOD *)); --- netmond.c.orig Tue Nov 14 17:37:41 2006 +++ netmond.c Tue Nov 14 17:37:41 2006 @@ -79,7 +79,6 @@ static int reconfig_pending; static int watchdog_timeout; static int watchdog_pending; - static struct sighandler_ent { int sig; int flags; @@ -254,8 +253,7 @@ /* * Make pid file. */ - (void)strcpy(buf, program_name); - (void)strcat(buf, ".pid"); + snprintf(buf, sizeof(buf), "%s/%s.pid", PIDFILE_PATH, program_name); if ((fp = fopen(buf, "w")) != NULL) { fprintf(fp, "%d\n", (int)mypid); fclose(fp); @@ -626,6 +624,11 @@ TIMEVAL tv; VARIABLE *var; OBJECT *service; + INTERFACE *interface; + BGP_AS *bgp; + BGP_PEER *bgp_peer; + ENV_MON *env; + ENV_GAUGE *gauge; /* current timestamp */ gettimeofday(&tv, NULL); @@ -638,19 +641,38 @@ /* * Method list aborted or Start Trap received. */ + object->mths_fail++; + } else { + object->mths_ok++; + } + if (method->next) { + /* + * Advance to next object method. + */ + method = method->next; + (*method->start)(method); + return; + } + +// report(LOG_ERR, "method_finished: '%s' ok=%d f=%d sf=%d",object->name,object->mths_ok,object->mths_fail); + /* + * Method list done. + */ + + object->prev_reply = object->last_reply; + object->last_reply = tv; /* last reply timestamp */ - /* update object operational status */ - object->prev_state = object->state; + /* update object operational status */ + object->prev_state = object->state; + if ( object->mths_ok == 0 ) { object->state = STATE_DOWN; if (object->state != object->prev_state) object->last_change = tv; - #ifdef DEBUG if (object->prev_state != STATE_DOWN) dprintf(("object \"%s\" change state to DOWN\n", object->name)); #endif - /* stop anything here */ object_stop(object); @@ -670,29 +692,48 @@ add_event(&tv, start_method_list, object); } return; - } - - if (method->next) { - /* - * Advance to next object method. - */ - - method = method->next; - (*method->start)(method); - return; - } - - /* - * Method list done. - */ - - object->prev_reply = object->last_reply; - object->last_reply = tv; /* last reply timestamp */ - - /* update object operational status */ - object->prev_state = object->state; - object->state = STATE_UP; - + } else { + if ( object->mths_fail ) { + object->state = STATE_DEGRADED; + } else { + object->state = STATE_UP; + for (service = object->service; service; service = service->next) { + if (service->state != STATE_UP) { + object->state = STATE_WARNING; + break; + } + } + for (interface = object->interface; interface; interface = interface->next) { + if (interface->state != STATE_UP) { + object->state = STATE_WARNING; + break; + } + } + for ( bgp = object->bgp; bgp; bgp = bgp->next) { + for ( bgp_peer = bgp->peer; bgp_peer; bgp_peer=bgp_peer->next) { + if ( bgp_peer->state != BGP_ESTABLISHED){ + object->state = STATE_WARNING; + break; + } + } + if (object->state == STATE_WARNING) + break; + } + for (env = object->env; env; env = env->next) { + for( gauge = env->gauge; gauge; gauge=gauge->next) { + if (gauge->state != STATE_UP) { + object->state = STATE_WARNING; + break; + } + } + if (object->state == STATE_WARNING) + break; + } + } + } + object->mths_ok = 0; + object->mths_fail = 0; + object->smths_fail = 0; if (object->state != object->prev_state) object->last_change = tv; @@ -831,6 +872,20 @@ /* make session leader to be able killpg() latter */ setsid(); + if ( cf->chrootdir) { + if ( chroot( cf->chrootdir ) < 0 ) { + report(LOG_ERR, "chroot %s: %s", cf->chrootdir,strerror(*(__error())) ); + _exit(127); + } + } + if ( setgid(cf->gid) < 0 ) { + report(LOG_ERR, "setgid %s[%d]: %s", cf->groupname, cf->gid, strerror(*(__error())) ); + _exit(127); + } + if ( (cf->uid != 0) & (setuid(cf->uid) < 0) ) { + report(LOG_ERR, "setuid %s[%d]: %s", cf->username, cf->uid, strerror(*(__error())) ); + _exit(127); + } execve(file, av, environ); report(LOG_ERR, "execve %s: %m", file); _exit(127); @@ -928,8 +983,7 @@ #endif { char pidfile[100]; - (void)strcpy(pidfile, program_name); - (void)strcat(pidfile, ".pid"); + snprintf(pidfile, sizeof(pidfile), "%s/%s.pid", PIDFILE_PATH, program_name); (void)unlink(pidfile); report(LOG_CRIT, "aborted by signal %d", sig); } else report(LOG_INFO, "interrupted by signal %d", sig); --- netstate.c.orig Tue Nov 14 17:37:41 2006 +++ netstate.c Tue Nov 14 17:37:41 2006 @@ -128,7 +128,7 @@ memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(cf->ns_port); - sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_addr = cf->ns_ip_addr; if (bind(netstate_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) { report(LOG_ERR, "bind port %d: %m", ntohs(sin.sin_port)); close(netstate_sock); @@ -405,6 +405,14 @@ _exit(1); } #endif +int +iskoi8(unsigned char ch) +{ + if ( ch == 163 ) return 1; + if ( ch == 179 ) return 1; + if ( ch >= 192 ) return 1; + return 0; +} void * netstate_serve(arg) @@ -505,9 +513,9 @@ set_timer(0, interrupt); #endif if (!cp) break; - while (isprint(*cp)) cp++; + while ( iskoi8(*cp) || isprint(*cp) ) cp++; *cp = '\0'; - + next = input; if ((cp = my_strsep(&next, " ")) == NULL) { bad_input++; --- parseconf.y.orig Tue Nov 14 17:37:41 2006 +++ parseconf.y Tue Nov 14 17:37:41 2006 @@ -13,6 +13,7 @@ #endif #include +#include #include #include #include @@ -197,11 +198,36 @@ BGP_AS *bgp; ENV_MON *env; char *cp, buf[1024]; + struct passwd *pwentry; + struct group *grentry; if (!config.rootdir) { report(LOG_ERR, "%s: rootdir unspecified", config_file); return NULL; } + if (!config.srcaddress) + bzero(&config.ip_srcaddr, sizeof(struct in_addr)); + if (!config.ns_address) + bzero(&config.ns_ip_addr, sizeof(struct in_addr)); + if (!config.trap_address) + bzero(&config.trap_ip_addr, sizeof(struct in_addr)); + + if(!config.username) { + config.username = strdup(USERNAME); + if ((pwentry = getpwnam(USERNAME)) == (struct passwd *) NULL) { + report(LOG_ERR, "Bad default username: %s.",config.username); + return NULL; + } + config.uid = pwentry->pw_uid; + } + if(!config.groupname) { + config.groupname = strdup(GROUPNAME); + if ((grentry = getgrnam(GROUPNAME)) == (struct group *) NULL) { + report(LOG_ERR, "Bad default groupname: %s.",config.groupname); + return NULL; + } + config.gid = (gid_t)grentry->gr_gid; + } if (config.polling) { if (!config.timeout) config.timeout = TIMEOUT_DEFAULT; @@ -273,6 +299,7 @@ for (service = target->service; service; service = service->next) { service->ip_addr = target->ip_addr; + service->ip_srcaddr = target->ip_srcaddr; service->parent = target; (void)strcpy(cp, "/"); @@ -901,7 +928,9 @@ char *argument; { METHOD *new; - + char arg_list[1024], *av[MAX_ARGS+2]; + int ac = 0; + if ((new = (METHOD *)malloc(sizeof(METHOD))) == NULL) { yyerror("Out of memory"); return NULL; @@ -915,10 +944,24 @@ yyerror("Out of memory"); return 0; } - if (argument) + if (argument) { new->argument = argument; - else if (new->argument) + (void)strncpy(arg_list, argument, sizeof(arg_list)); + arg_list[sizeof(arg_list)-1] = '\0'; + } else if (new->argument) { new->argument = strdup(new->argument); + (void)strncpy(arg_list, new->argument, sizeof(arg_list)); + arg_list[sizeof(arg_list)-1] = '\0'; + } else arg_list[0] = '\0'; + av[ac++] = new->name; + ac += make_argv(arg_list, (char ***)&av[ac], MAX_ARGS); + av[ac] = NULL; + + if (new->when && (new->when = insert_args(new->when, av, ac)) == NULL) + return NULL; + if (new->when_fmt && (new->when_fmt = insert_args(new->when_fmt, av, ac)) == NULL) + return NULL; + if (new->chatscript) { new->chatscript = dup_chatscript(new->name, new->argument, new->chatscript); if (!new->chatscript) return NULL; @@ -1342,6 +1385,9 @@ /* Lexical analyzer return values */ %token TOKEN_ROOTDIR +%token TOKEN_CHROOTDIR +%token TOKEN_USERNAME +%token TOKEN_GROUPNAME %token TOKEN_TIMEFMT %token TOKEN_POLLING %token TOKEN_SAVING @@ -1354,6 +1400,7 @@ %token TOKEN_NETSTATE %token TOKEN_PORT +%token TOKEN_BINDADDRESS %token TOKEN_SAVE %token TOKEN_FILE @@ -1365,6 +1412,7 @@ %token TOKEN_OBJECT %token TOKEN_ADDRESS +%token TOKEN_SRCADDRESS %token TOKEN_DESCRIPTION %token TOKEN_SERVICE %token TOKEN_INTERFACE @@ -1398,6 +1446,7 @@ %token TOKEN_V2 %token TOKEN_TRAP +%token TOKEN_TRAPBINDADDRESS %token TOKEN_SOURCECHECK %token TOKEN_COMMUNITY %token TOKEN_ENTERPRISE @@ -1442,6 +1491,60 @@ YYABORT; } } + | TOKEN_CHROOTDIR quoted_string + { + if (config.chrootdir) { + yyerror("ChRootDir statement duplicated"); + YYABORT; + } + config.chrootdir = $2; + } + | TOKEN_USERNAME quoted_string + { + struct passwd *pwentry; + + if (config.username) { + yyerror("UserName statement duplicated"); + YYABORT; + } + if ((pwentry = getpwnam($2)) == (struct passwd *)NULL) { + yyerror("UserName %s unknown.", $2); + YYABORT; + } + config.uid = pwentry->pw_uid; + config.username = $2; + } + + | TOKEN_GROUPNAME quoted_string + { + struct group *grentry; + + if (config.groupname) { + yyerror("GroupName statement duplicated"); + YYABORT; + } + if ((grentry = getgrnam($2)) == (struct group *)NULL) { + yyerror("GroupName %s unknown.", $2); + YYABORT; + } + config.gid = grentry->gr_gid; + config.groupname = $2; + } + + | TOKEN_SRCADDRESS quoted_string + { + struct in_addr ip_srcaddr; + + if (config.srcaddress) { + yyerror("config source address duplicated"); + YYABORT; + } + if (!gethostaddr(&ip_srcaddr, $2)) { + YYABORT; + } + config.srcaddress = $2; + memcpy(&config.ip_srcaddr, &ip_srcaddr, sizeof(struct in_addr)); + } | TOKEN_TIMEFMT quoted_string { if (config.timefmt) { @@ -1531,6 +1634,17 @@ { config.source_traps = 1; } + | TOKEN_TRAPBINDADDRESS quoted_string + { + if (config.trap_address) { + yyerror("bindaddress duplicated"); + YYABORT; + } + if (!gethostaddr(&config.trap_ip_addr, $2)) { + YYABORT; + } + config.trap_address = $2; + } | TOKEN_TRAP legal_string '{' trap_config '}' { trap.name = $2; @@ -1556,6 +1670,13 @@ yyerror("object address unspecified"); YYABORT; } + if (!object.srcaddress) { + if (!config.srcaddress) { + bzero(&object.ip_srcaddr, sizeof(struct in_addr)); + } else { + memcpy(&object.ip_srcaddr, &config.ip_srcaddr, sizeof(struct in_addr)); + } + } /* if ((object.interface || object.ifgroup || object.bgp || object.env) && !find_method(object.method_list, "ROUTER")) { @@ -1637,6 +1758,17 @@ YYABORT; } } + | TOKEN_BINDADDRESS quoted_string + { + if (config.ns_address) { + yyerror("bindaddress duplicated"); + YYABORT; + } + if (!gethostaddr(&config.ns_ip_addr, $2)) { + YYABORT; + } + config.ns_address = $2; + } | TOKEN_PERMIT quoted_string { /* for backward compatibility */ @@ -1763,6 +1895,19 @@ method.start = echo_start; method.stop = echo_stop; } + | TOKEN_PIPE quoted_string + { + if (method.protocol) { + yyerror("method protocol duplicated"); + YYABORT; + } + method.protocol = PIPE_PROTO; + method.when = $2; + method.init = pipe_init; + method.start = pipe_start; + method.stop = tcp_stop; + method.retries = 1; + } | TOKEN_PORT TOKEN_NUMBER { if (method.protocol && @@ -1808,12 +1953,30 @@ } } } + | TOKEN_WHEN multiline_string TOKEN_NUMBER optional_string + { + method.protocol = WHEN_PROTO; + if (method.when) { + yyerror("Method 'when condition' duplicated"); + YYABORT; + } + method.init = when_init; + method.start = when_start; + method.stop = when_stop; + method.when = $2; + method.timeout = $3; + method.when_fmt = $4; + } | TOKEN_TIMEOUT TOKEN_NUMBER { if (method.timeout) { yyerror("timeout statement duplicated"); YYABORT; } + if (method.protocol == WHEN_PROTO) { + yyerror("timeout was defined in WHEN statement"); + YYABORT; + } if ($2 < 1 || $2 > POLLING_MIN) { yyerror("invalid timeout value (min 1 max %d sec.)", POLLING_MIN); @@ -1827,6 +1990,10 @@ yyerror("retries statement duplicated"); YYABORT; } + if (method.protocol == PIPE_PROTO) { + yyerror("no retries possible in PIPE method"); + YYABORT; + } if ($2 < 1 || $2 > POLLING_MIN) { yyerror("invalid retries number (min 1 max %d)", POLLING_MIN); @@ -1838,7 +2005,8 @@ { if (method.protocol && method.protocol != IPPROTO_TCP && - method.protocol != IPPROTO_UDP) { + method.protocol != IPPROTO_UDP && + method.protocol != PIPE_PROTO) { yyerror("no suitable method protocol"); YYABORT; } @@ -2095,6 +2263,18 @@ } object.address = $2; } + | TOKEN_SRCADDRESS quoted_string + { + if (object.srcaddress) { + yyerror("object source address duplicated"); + YYABORT; + } + if (!gethostaddr(&object.ip_srcaddr, $2)) { + YYABORT; + } + object.srcaddress = $2; + } + | TOKEN_POLLING TOKEN_NUMBER { if (object.polling) { @@ -2241,7 +2421,7 @@ } | TOKEN_INTERFACE TOKEN_NUMBER { - if ($2 < 1 || $2 > 65535) { + if ($2 < 1 || $2 > INT_MAX) { yyerror("interface index out of range"); YYABORT; } @@ -2252,7 +2432,7 @@ } | TOKEN_INTERFACE TOKEN_NUMBER '{' interface_config '}' { - if ($2 < 1 || $2 > 65535) { + if ($2 < 1 || $2 > INT_MAX ) { yyerror("interface index out of range"); YYABORT; } --- ping.c.orig Tue Nov 14 17:37:41 2006 +++ ping.c Tue Nov 14 17:37:41 2006 @@ -368,6 +368,7 @@ u_char buf[MAX_PACKETSZ]; struct ip *ip; struct icmp *icmp; + struct sockaddr_in *from = (struct sockaddr_in *)&sd->me; struct sockaddr_in *to = (struct sockaddr_in *)&sd->peer; int header_len = sizeof(struct ip); int total_len = method->rport ? method->rport : MIN_PACKETSZ; @@ -400,7 +401,7 @@ #endif ip->ip_ttl = IPDEFTTL; ip->ip_p = IPPROTO_ICMP; - /* ip->ip_src <-- filled by kernel (hopefulness) */ + ip->ip_src = from->sin_addr; /* replaced by kernel if=INADDR_ANY (hopefulness) */ ip->ip_dst = to->sin_addr; if (rr_opt) { /* IP Option: Record Route */ @@ -423,6 +424,7 @@ memcpy(icmp->icmp_data, &sd->buf, sizeof(TIMEVAL *)); icmp->icmp_cksum = in_cksum((u_short *)icmp, total_len - header_len); + #ifdef NO_ICMP_ERRORS total_len = send(sd->sock, (char *)buf, total_len, 0); #else @@ -600,6 +602,8 @@ { SESSION *sd = method->sd; int tmpval; + char ipaddr[20]; + struct sockaddr_in *from; /* sanity check */ if (!sd) return; @@ -616,6 +620,13 @@ echo_reply(errno, sd, 0); return; } + /* bind RAW socket to local source address */ + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "echo_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } #ifdef SO_BSDCOMPAT /* The following option is only necessary on Linux machines because * they have the unusual behavior of returning some ICMP errors to @@ -701,7 +712,12 @@ if (sd->pkt_recv > 1) msec /= (double)sd->pkt_recv; sprintf(buf, "%g", msec); diag = buf; - } else diag = "0.000"; + if ( msec >= 10 ) { + sprintf(buf, "%d", (int)msec); + } else { + sprintf(buf, "%g", msec); + } + } else diag = "0.0"; } else { op = -1; diag = icmp_error(sd->data_int); @@ -740,8 +756,9 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; char varname[100]; + char ipaddr[20]; dprintf(("echo_init(%s/%s)\n", target->name, method->name)); @@ -758,6 +775,9 @@ to = (struct sockaddr_in *)&template.peer; to->sin_family = AF_INET; to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = echo_send; @@ -798,6 +818,7 @@ IPPROTO_ICMP, /* network protocol */ 0, /* no packet size for built-in method */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { 1, 1 }, /* send/expect packet counter */ /* Non-initialized data */ --- radius.c.orig Tue Nov 14 17:37:41 2006 +++ radius.c Tue Nov 14 17:37:41 2006 @@ -33,7 +33,7 @@ * RADIUS specification according to RFC2138. */ -#define RADIUSSERVER_PORT 1645 /* 1812 suggested */ +#define RADIUSSERVER_PORT 1812 /* 1812 suggested */ #define HEADER_LEN 20 #define MIN_PACKETSZ HEADER_LEN #define MAX_PACKETSZ 4096 @@ -208,6 +208,8 @@ { SESSION *sd = method->sd; int reqid; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -220,6 +222,13 @@ return; } + /* bind socket to local source address */ + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "radius_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } /* turn on non-blocking I/O */ if (set_socket_async(sd->sock, TRUE) < 0) { radius_reply(errno, sd, 0); @@ -311,7 +320,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("radius_init(%s/%s)\n", target->name, method->name)); @@ -326,6 +335,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = radius_send; @@ -355,6 +368,7 @@ IPPROTO_UDP, /* network protocol */ RADIUSSERVER_PORT, /* server port */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { 0, 0 }, /* no parameters used */ /* Non-initialized data */ --- reconfig.c.orig Tue Nov 14 17:37:41 2006 +++ reconfig.c Tue Nov 14 17:37:41 2006 @@ -395,7 +395,7 @@ OBJECT *parent; OBJECT *old, *new; { - void *ip_addr; + void *ip_addr, *ip_srcaddr; OBJECT *service; object_stop(old); @@ -403,9 +403,13 @@ ptrswap(&old->descr, &new->descr); ptrswap(&old->datadir, &new->datadir); ptrswap(&old->address, &new->address); - if (parent) + if (parent) { ip_addr = &parent->ip_addr; - else ip_addr = &new->ip_addr; + ip_srcaddr = &parent->ip_srcaddr; + } else { + ip_addr = &new->ip_addr; + ip_srcaddr = &new->ip_srcaddr; + } old->parent = parent; if (memcmp(&old->ip_addr, ip_addr, sizeof(old->ip_addr))) { @@ -418,6 +422,8 @@ memset(old->snmpdata, 0, sizeof(SNMP_DATA)); } } + if (memcmp(&old->ip_srcaddr, ip_srcaddr, sizeof(old->ip_srcaddr))) + memcpy(&old->ip_srcaddr, ip_srcaddr, sizeof(old->ip_srcaddr)); old->polling = new->polling; old->saving = new->saving; @@ -450,6 +456,7 @@ service = splice_object_list(old, &old->service, &new->service); for (; service; service = service->next) { service->ip_addr = old->ip_addr; + service->ip_srcaddr = old->ip_srcaddr; service->parent = old; object_init(service); } @@ -516,21 +523,41 @@ } if (cf_new->rootdir) free(cf_new->rootdir); + ptrswap(&cf->chrootdir, &cf_new->chrootdir); + if (cf_new->chrootdir) free(cf_new->chrootdir); + + ptrswap(&cf->username, &cf_new->username); + if (cf_new->username) free(cf_new->username); + cf->uid = cf_new->uid; + + ptrswap(&cf->groupname, &cf_new->groupname); + if (cf_new->groupname) free(cf_new->groupname); + cf->gid = cf_new->gid; + ptrswap(&cf->timefmt, &cf_new->timefmt); if (cf_new->timefmt) free(cf_new->timefmt); + ptrswap(&cf->srcaddress, &cf_new->srcaddress); + if (cf_new->srcaddress) free(cf_new->srcaddress); + memcpy( &cf->ip_srcaddr, &cf_new->ip_srcaddr, sizeof(struct in_addr)); cf->polling = cf_new->polling; cf->saving = cf_new->saving; cf->timeout = cf_new->timeout; cf->retries = cf_new->retries; - if (cf->enable_traps != cf_new->enable_traps) { + if ((cf->enable_traps != cf_new->enable_traps) || memcmp(&cf->trap_ip_addr, &cf_new->trap_ip_addr, sizeof(struct in_addr)) ) { + ptrswap(&cf->trap_address, &cf_new->trap_address); + if (cf_new->trap_address) free(cf_new->trap_address); + memcpy( &cf->trap_ip_addr, &cf_new->trap_ip_addr, sizeof(struct in_addr)); cf->enable_traps = cf_new->enable_traps; trap_init(cf->enable_traps > 0); } cf->source_traps = cf_new->source_traps; - if (cf->ns_port != cf_new->ns_port) { + if ((cf->ns_port != cf_new->ns_port) || memcmp(&cf->ns_ip_addr, &cf_new->ns_ip_addr, sizeof(struct in_addr))) { + ptrswap(&cf->ns_address, &cf_new->ns_address); + if (cf_new->ns_address) free(cf_new->ns_address); + memcpy( &cf->ns_ip_addr, &cf_new->ns_ip_addr, sizeof(struct in_addr)); cf->ns_port = cf_new->ns_port; netstate_init(cf->ns_port); } @@ -576,6 +603,12 @@ free_object_list(cf_cur->target); if (cf_cur->rootdir) free(cf_cur->rootdir); + if (cf_cur->chrootdir) free(cf_cur->chrootdir); + if (cf_cur->username) free(cf_cur->username); + if (cf_cur->groupname) free(cf_cur->groupname); + if (cf_cur->srcaddress) free(cf_cur->srcaddress); + if (cf_cur->ns_address) free(cf_cur->ns_address); + if (cf_cur->trap_address) free(cf_cur->trap_address); if (cf_cur->timefmt) free(cf_cur->timefmt); trap_init(cf_cur->enable_traps > 0); @@ -649,6 +682,7 @@ if (obj->descr) free(obj->descr); if (obj->datadir) free(obj->datadir); if (obj->address) free(obj->address); + if (obj->srcaddress) free(obj->srcaddress); free_trap_list(obj->trap_list); free_var_list(obj->var_list); free_save_list(obj->save_list); --- regex.c.orig Tue Nov 14 17:37:41 2006 +++ regex.c Tue Nov 14 17:37:41 2006 @@ -554,12 +554,12 @@ * the bitset form, since we may wish to extend it * in the future for other character classifications. * - * TRUE for 0-9 A-Z a-z _ + * TRUE for 0-9 A-Z a-z _ Á-Ñ á-ñ */ static char chrtyp[MAXCHR] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, @@ -569,10 +569,23 @@ 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 0, 0, 0, 0, 0 + 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, // 120-129 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 130-139 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 140-149 + 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, // 160-169 163=£ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, // 170-179 179=³ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 180-189 + 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, // 190-199 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 200-209 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 210-219 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 220-229 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 230-239 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 240-249 + 1, 1, 1, 1, 1, 1 // 250-255 }; -#define inascii(x) (0177&(x)) +//#define inascii(x) (0177&(x)) +#define inascii(x) (0255&(x)) #define iswordc(x) chrtyp[inascii(x)] #define isinset(x, y) ((x)[((y)&BLKIND)>>3] & (1<<((y)&BITIND))) @@ -583,7 +596,7 @@ #define ANYSKIP 2 /* CLO ANY END ... */ #define CHRSKIP 3 /* CLO CHR chr END ... */ -#define CCLSKIP 18 /* CLO CCL 16bytes END ... */ +#define CCLSKIP BITBLK+2 /* CLO CCL 32bytes END ... */ static char * pmatch(prog, lp, ap) --- regex.h.orig Tue Nov 14 17:37:41 2006 +++ regex.h Tue Nov 14 17:37:41 2006 @@ -21,12 +21,12 @@ */ #define MAXDFA 1024 #define MAXTAG 10 -#define MAXCHR 128 +#define MAXCHR 256 #define CHRBIT 8 #define BITBLK MAXCHR/CHRBIT #define BLKIND 0170 #define BITIND 07 -#define ASCIIB 0177 +#define ASCIIB 0255 typedef /*unsigned*/ char CHAR; --- router.c.orig Tue Nov 14 17:37:41 2006 +++ router.c Tue Nov 14 17:37:41 2006 @@ -2214,6 +2214,8 @@ METHOD *method; { SESSION *sd = method->sd; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) { @@ -2229,7 +2231,13 @@ router_reply(errno, sd, 0); return; } - + /* bind socket to local source address */ + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "router_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } /* turn on non-blocking I/O */ if (set_socket_async(sd->sock, TRUE) < 0) { router_reply(errno, sd, 0); @@ -2306,7 +2314,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("router_init(%s/%s)\n", target->name, method->name)); @@ -2321,6 +2329,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof (struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = snmp_send; @@ -2359,6 +2371,7 @@ IPPROTO_UDP, /* network protocol */ SNMPSERVER_PORT,/* server port */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { SNMP_VERSION_1, /* version number */ BATCH_DEFAULT },/* batch value */ --- scanconf.l.orig Tue Nov 14 17:37:41 2006 +++ scanconf.l Tue Nov 14 17:37:41 2006 @@ -88,6 +88,9 @@ /* token names */ ROOTDIR [Rr]oot[Dd]ir +CHROOTDIR [Cc]h[Rr]oot[Dd]ir +USERNAME [Uu]ser[Nn]ame +GROUPNAME [Gg]roup[Nn]ame TIMEFMT [Tt]ime[Ff]mt POLLING [Pp]olling SAVING [Ss]aving @@ -111,6 +114,8 @@ OBJECT [Oo]bject ADDRESS [Aa]ddress +SRCADDRESS [Ss]rc[Aa]ddress +BINDADDRESS [Bb]ind[Aa]ddress DESCRIPTION [Dd]escription|[Cc]omment SERVICE [Ss]ervice INTERFACE [Ii]nterface @@ -144,6 +149,7 @@ V2 [Vv]2 TRAP [Tt]rap +TRAPBINDADDRESS [Tt]rap[Bb]ind[Aa]ddress SOURCECHECK [Ss]ource[Cc]heck COMMUNITY [Cc]ommunity ENTERPRISE [Ee]nterprise @@ -186,6 +192,12 @@ {ROOTDIR} { return TOKEN_ROOTDIR; } +{USERNAME} { return TOKEN_USERNAME; } + +{GROUPNAME} { return TOKEN_GROUPNAME; } + +{CHROOTDIR} { return TOKEN_CHROOTDIR; } + {TIMEFMT} { return TOKEN_TIMEFMT; } {POLLING} { return TOKEN_POLLING; } @@ -224,6 +236,10 @@ {ADDRESS} { return TOKEN_ADDRESS; } +{SRCADDRESS} { return TOKEN_SRCADDRESS; } + +{BINDADDRESS} { return TOKEN_BINDADDRESS; } + {DESCRIPTION} { return TOKEN_DESCRIPTION; } {SERVICE} { return TOKEN_SERVICE; } @@ -285,6 +301,8 @@ {V2} { return TOKEN_V2; } {TRAP} { return TOKEN_TRAP; } + +{TRAPBINDADDRESS} { return TOKEN_TRAPBINDADDRESS; } {SOURCECHECK} { return TOKEN_SOURCECHECK; } --- session.c.orig Tue Nov 14 17:37:41 2006 +++ session.c Tue Nov 14 17:37:42 2006 @@ -59,6 +59,7 @@ curr_session->method = template->method; curr_session->sock = template->sock; curr_session->peer = template->peer; + curr_session->me = template->me; curr_session->timeout = template->timeout; curr_session->retries = template->retries; curr_session->connect = template->connect; @@ -302,7 +303,6 @@ int active = 0, pending = 0; timerclear(&earliest); - /* * For each request outstanding, add it's socket to the readfds, * and if it is the earliest timeout to expire, mark it as lowest. @@ -352,7 +352,6 @@ int reqid; { REQUEST *sr; - if (reqid == 0) /* for single request per session (like tcp or icmp) */ return sd->request; @@ -443,7 +442,6 @@ int reqid; gettimeofday(&now, NULL); - /* * For each request outstanding, check to see if it has expired. */ --- snmp.c.orig Tue Nov 14 17:37:42 2006 +++ snmp.c Tue Nov 14 17:37:42 2006 @@ -1214,6 +1214,8 @@ { SESSION *sd = method->sd; int reqid; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -1225,7 +1227,13 @@ snmp_reply(errno, sd, 0); return; } - + /* bind datagram socket to local source address */ + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "snmp_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } /* turn on non-blocking I/O */ if (set_socket_async(sd->sock, TRUE) < 0) { snmp_reply(errno, sd, 0); @@ -1290,7 +1298,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("snmp_init(%s/%s)\n", target->name, method->name)); @@ -1305,6 +1313,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in )); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = snmp_send; @@ -1334,6 +1346,7 @@ IPPROTO_UDP, /* network protocol */ SNMPSERVER_PORT,/* server port */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { SNMP_VERSION_1,/* version number */ 0 }, /* no parameter used */ --- tacacs.c.orig Tue Nov 14 17:37:42 2006 +++ tacacs.c Tue Nov 14 17:37:42 2006 @@ -302,6 +302,8 @@ { SESSION *sd = method->sd; int reqid; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -314,6 +316,13 @@ return; } + /* bind socket to local source address */ + from = (struct sockaddr_in *)&sd->me; + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "tacacs_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } /* turn on non-blocking I/O before connecting */ if (set_socket_async(sd->sock, TRUE) < 0) { tacacs_reply(errno, sd, 0); @@ -415,7 +424,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("tacacs_init(%s/%s)\n", target->name, method->name)); @@ -430,6 +439,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.connect = tacacs_connect; @@ -460,6 +473,7 @@ IPPROTO_TCP, /* network protocol */ TACACSSERVER_PORT, /* server port */ 0, 0, /* timeout and retries undefined yet */ + NULL,NULL, /* when variables unused */ { 0, 0 }, /* no parameters used */ /* Non-initialized data */ --- tcp.c.orig Tue Nov 14 17:37:42 2006 +++ tcp.c Tue Nov 14 17:37:42 2006 @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -30,12 +31,10 @@ extern int errno; -static void tcp_close __P((int, SESSION *, int)); - /* * Check to see if an TCP connection established at this session. */ -static int +int tcp_connect(sd) SESSION *sd; { @@ -89,7 +88,7 @@ /* * Send the data through TCP session. */ -static int +int tcp_send(sd, request) SESSION *sd; REQUEST *request; @@ -191,7 +190,7 @@ /* * Receive data through TCP session. */ -static int +int tcp_recv(sd) SESSION *sd; { @@ -319,6 +318,8 @@ { SESSION *sd = method->sd; int tmpval; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -330,17 +331,13 @@ tcp_close(errno, sd, 0); return; } - + from = (struct sockaddr_in *)&sd->me; /* allocate local port if required */ if (method->lport_min) { - struct sockaddr_in sin; - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = htonl(INADDR_ANY); tmpval = method->lport_min; do { - sin.sin_port = htons((u_short)tmpval); - if (!bind(sd->sock, (struct sockaddr *)&sin, sizeof(sin))) { + from->sin_port = htons((u_short)tmpval); + if (!bind(sd->sock, &sd->me, sizeof(struct sockaddr))) { tmpval = 0; break; } @@ -354,6 +351,13 @@ tcp_close(EAGAIN, sd, 0); return; } + } else { + /* bind socket to local source address */ + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "tcp_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } } /* turn on non-blocking I/O before connecting */ @@ -378,7 +382,7 @@ } } -static void +void tcp_close(op, sd, reqid) int op; SESSION *sd; @@ -414,6 +418,7 @@ dump_var_list(target->var_list); tcp_stop(method); + if ((method->sd)->pid > 0) { kill((method->sd)->pid, SIGTERM); (method->sd)->pid=-1; } method_finished(target, method, diag, !op); } @@ -424,7 +429,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("tcp_init(%s/%s)\n", target->name, method->name)); @@ -435,10 +440,15 @@ template.owner = target; template.method = method; template.sock = -1; /* not yet opened */ + template.pid = -1; to = (struct sockaddr_in *)&template.peer; to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.connect = tcp_connect; --- trap.c.orig Tue Nov 14 17:37:42 2006 +++ trap.c Tue Nov 14 17:37:42 2006 @@ -40,9 +40,10 @@ { static struct sockaddr_in sin; + if (trap_sock != -1) /* already enabled */ + close(trap_sock); + if (enable) { - if (trap_sock != -1) /* already enabled */ - return 0; if ((trap_sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { report(LOG_ERR, "socket: %m"); @@ -51,17 +52,15 @@ memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(SNMPTRAP_PORT); - sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_addr = cf->trap_ip_addr; if (bind(trap_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) { report(LOG_ERR, "bind port %d: %m", ntohs(sin.sin_port)); close(trap_sock); trap_sock = -1; return -1; } - } else if (trap_sock != -1) { - close(trap_sock); + } else trap_sock = -1; - } return 0; } --- udp.c.orig Tue Nov 14 17:37:42 2006 +++ udp.c Tue Nov 14 17:37:42 2006 @@ -197,6 +197,8 @@ { SESSION *sd = method->sd; int tmpval; + struct sockaddr_in *from; + char ipaddr[20]; /* sanity check */ if (!sd) return; @@ -208,17 +210,13 @@ udp_close(errno, sd, 0); return; } - + from = (struct sockaddr_in *)&sd->me; /* allocate local port if required */ if (method->lport_min) { - struct sockaddr_in sin; - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = htonl(INADDR_ANY); tmpval = method->lport_min; do { - sin.sin_port = htons((u_short)tmpval); - if (!bind(sd->sock, (struct sockaddr *)&sin, sizeof(sin))) { + from->sin_port = htons((u_short)tmpval); + if (!bind(sd->sock, &sd->me, sizeof(struct sockaddr))) { tmpval = 0; break; } @@ -232,6 +230,13 @@ udp_close(EAGAIN, sd, 0); return; } + } else { + /* bind socket to local source address */ + if ( from->sin_addr.s_addr != INADDR_ANY ) { + if( bind(sd->sock, &sd->me, sizeof(struct sockaddr) ) == -1 ) + report(LOG_WARNING, "udp_start : bind failed for %s: %s", + intoa(ipaddr,from->sin_addr), strerror(*(__error())) ); + } } /* turn on non-blocking I/O */ @@ -298,7 +303,7 @@ METHOD *method; { SESSION template; - struct sockaddr_in *to; + struct sockaddr_in *to, *from; dprintf(("udp_init(%s/%s)\n", target->name, method->name)); @@ -313,6 +318,10 @@ to->sin_family = AF_INET; to->sin_port = htons(method->rport); to->sin_addr = method->address ? method->ip_addr : target->ip_addr; + from = (struct sockaddr_in *)&template.me; + bzero((char *)from, sizeof(struct sockaddr_in)); + from->sin_family = AF_INET; + from->sin_addr = target->ip_srcaddr; template.timeout = method->timeout * 1000000L; /* make microseconds */ template.retries = method->retries; template.send = udp_send; --- util.c.orig Tue Nov 14 17:37:42 2006 +++ util.c Tue Nov 14 17:37:42 2006 @@ -1236,11 +1236,9 @@ if (method->address) printf("%s\tAddress = \"%s\" [%s]\n", prepend, method->address, intoa(ipaddr, method->ip_addr)); - if ((proto = getprotobynumber(method->protocol)) == NULL) { - printf("%s\tUnknown protocol %d\n", prepend, method->protocol); - continue; + if ((proto = getprotobynumber(method->protocol)) != NULL) { + printf("%s\t%s ", prepend, proto->p_name); } - printf("%s\t%s ", prepend, proto->p_name); switch (method->protocol) { case IPPROTO_ICMP: if (method->rport) @@ -1265,6 +1263,14 @@ printf("..%d", method->lport_max); } break; + case WHEN_PROTO: + printf("%s\tWHEN = \"%s\"",prepend, method->when); + printf(" delay = %d sec.", method->timeout); + printf(" Report Format = \"%s\"", method->when_fmt); + break; + case PIPE_PROTO: + printf("%s\tPIPE programm = \"%s\"",prepend, method->when); + break; default: printf("Unsupported"); } @@ -1415,16 +1421,27 @@ printf("NetState %s\n", cf->ns_port ? "enabled" : "disabled"); if (cf->ns_port) { printf("\tPort = %d\n", cf->ns_port); + if (cf->ns_address) + printf("\tBindAddress = \"%s\" [%s]\n", cf->ns_address, intoa(ipaddr, cf->ns_ip_addr)); #ifndef HAVE_PTHREAD printf("\tTimeout = %d sec.\n", cf->ns_timo); #endif print_group_ref("\t", cf->ns_acl); } + printf("SrcAddress = \"%s\" [%s]\n", (cf->srcaddress!=NULL ) ? cf->srcaddress : "default", + intoa(ipaddr, cf->ip_srcaddr)); + + printf("UserName = \"%s\" [%d]\n", cf->username, cf->uid); + printf("GroupName = \"%s\" [%d]\n", cf->groupname, cf->gid); + if (cf->chrootdir) + printf("ChRootDir = \"%s\"\n", cf->chrootdir ); printf("Traps "); if (cf->enable_traps > 0) { printf("enabled"); if (cf->source_traps > 0) printf(" (sourcecheck)"); + if (cf->trap_address) + printf("\n\tTrapBindAddress = \"%s\" [%s]", cf->trap_address, intoa(ipaddr, cf->trap_ip_addr)); } else printf("disabled"); printf("\n"); @@ -1434,6 +1451,8 @@ printf("\tDescription = \"%s\"\n", target->descr); printf("\tAddress = \"%s\" [%s]\n", target->address, intoa(ipaddr, target->ip_addr)); + printf("\tSrcAddress = \"%s\" [%s]\n", (target->srcaddress!=NULL) ? target->srcaddress : "default", + intoa(ipaddr, target->ip_srcaddr)); if (target->polling > 0) printf("\tPolling = %d sec.\n", target->polling); else printf("\tPolling disabled\n"); --- variables.c.orig Tue Nov 14 17:37:42 2006 +++ variables.c Tue Nov 14 17:37:42 2006 @@ -39,8 +39,8 @@ static char buf[BUFSIZ]; static char *strbuf = NULL; -static char *obj_states[2] = { - "UP", "DOWN" }; +static char *obj_states[4] = { + "UP", "DOWN","DEGRADED","WARNING" }; static char *if_states[5] = { "UP", "DOWN", "TESTING", "UNKNOWN", "DORMANT" }; static char *bgp_states[6] = { @@ -52,7 +52,7 @@ int size; char **name; } states[4] = { - { 2, obj_states }, + { 4, obj_states }, { 5, if_states }, { 6, bgp_states }, { 5, env_states }, @@ -69,7 +69,7 @@ sp = &states[what]; if (!state) - cp = "NONE"; + cp = "UNKNOWN"; else if (state > 0 && state <= sp->size) cp = sp->name[state-1]; else cp = "ERROR"; @@ -1511,6 +1511,7 @@ } memcpy(var, vb, len); var[len] = '\0'; + len = 0; next = var; while ((vb = my_strsep(&next, "!")) != NULL) {