diff options
Diffstat (limited to 'contrib/ipfilter/ipsd/ipsdr.c')
-rw-r--r-- | contrib/ipfilter/ipsd/ipsdr.c | 312 |
1 files changed, 0 insertions, 312 deletions
diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c deleted file mode 100644 index af007e4..0000000 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ /dev/null @@ -1,312 +0,0 @@ -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#include <stdio.h> -#include <fcntl.h> -#include <signal.h> -#include <malloc.h> -#include <netdb.h> -#include <string.h> -#include <sys/dir.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -#include <netinet/ip_var.h> -#include <netinet/tcpip.h> -#endif -#include "ip_compat.h" -#ifdef linux -#include <linux/sockios.h> -#include "tcpip.h" -#endif -#include "ipsd.h" - -#ifndef lint -static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; -#endif - -extern char *optarg; -extern int optind; - -#define NPORTS 21 - -u_short defports[NPORTS] = { - 7, 9, 20, 21, 23, 25, 53, 69, 79, 111, - 123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0 - }; -u_short pweights[NPORTS] = { - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 - }; - -ipsd_t *iphits[NPORTS]; -int pkts; - - -int ipcmp(sh1, sh2) -sdhit_t *sh1, *sh2; -{ - return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr; -} - - -int ssipcmp(sh1, sh2) -ipss_t *sh1, *sh2; -{ - return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr; -} - - -int countpbits(num) -u_long num; -{ - int i, j; - - for (i = 1, j = 0; i; i <<= 1) - if (num & i) - j++; - return j; -} - - -/* - * Check to see if we've already received a packet from this host for this - * port. - */ -int findhit(ihp, src, dport) -ipsd_t *ihp; -struct in_addr src; -u_short dport; -{ - int i, j, k; - sdhit_t *sh; - - sh = NULL; - - if (ihp->sd_sz == 4) { - for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++) - if (src.s_addr == sh->sh_ip.s_addr) - return 1; - } else { - for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) { - k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr; - if (!k) - return 1; - else if (k < 0) - i -= j; - else - i += j; - } - } - return 0; -} - - -/* - * Search for port number amongst the sorted array of targets we're - * interested in. - */ -int detect(srcip, dport, date) -struct in_addr srcip; -u_short dport; -time_t date; -{ - ipsd_t *ihp; - sdhit_t *sh; - int i, j, k; - - for (i = 10, j = 4; j >= 0; j--) { - k = dport - defports[i]; - if (!k) { - ihp = iphits[i]; - if (findhit(ihp, srcip, dport)) - return 0; - sh = ihp->sd_hit + ihp->sd_cnt; - sh->sh_date = date; - sh->sh_ip = srcip; - if (++ihp->sd_cnt == ihp->sd_sz) - { - ihp->sd_sz += 8; - sh = realloc(sh, ihp->sd_sz * sizeof(*sh)); - ihp->sd_hit = sh; - } - qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp); - return 0; - } - if (k < 0) - i -= j; - else - i += j; - } - return -1; -} - - -/* - * Allocate initial storage for hosts - */ -setuphits() -{ - int i; - - for (i = 0; i < NPORTS; i++) { - if (iphits[i]) { - if (iphits[i]->sd_hit) - free(iphits[i]->sd_hit); - free(iphits[i]); - } - iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t)); - iphits[i]->sd_port = defports[i]; - iphits[i]->sd_cnt = 0; - iphits[i]->sd_sz = 4; - iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4); - } -} - - -/* - * Write statistics out to a file - */ -addfile(file) -char *file; -{ - ipsd_t ipsd, *ips = &ipsd; - sdhit_t hit, *hp; - char fname[32]; - int i, fd, sz; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - return; - } - - printf("opened %s\n", file); - do { - if (read(fd, ips, sizeof(*ips)) != sizeof(*ips)) - break; - sz = ips->sd_sz * sizeof(*hp); - hp = (sdhit_t *)malloc(sz); - if (read(fd, hp, sz) != sz) - break; - for (i = 0; i < ips->sd_cnt; i++) - detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date); - } while (1); - (void) close(fd); -} - - -readfiles(dir) -char *dir; -{ - struct direct **d; - int i, j; - - d = NULL; - i = scandir(dir, &d, NULL, NULL); - - for (j = 0; j < i; j++) { - if (strncmp(d[j]->d_name, "ipsd-hits.", 10)) - continue; - addfile(d[j]->d_name); - } -} - - -void printreport(ss, num) -ipss_t *ss; -int num; -{ - struct in_addr ip; - ipss_t *sp; - int i, j, mask; - u_long ports; - - printf("Hosts detected: %d\n", num); - if (!num) - return; - for (i = 0; i < num; i++) - printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits, - countpbits(ss[i].ss_ports)); - - printf("--------------------------\n"); - for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) { - ip.s_addr = ss[0].ss_ip.s_addr & mask; - ports = ss[0].ss_ports; - for (i = 1; i < num; i++) { - sp = ss + i; - if (ip.s_addr != (sp->ss_ip.s_addr & mask)) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), - countpbits(ports)); - ip.s_addr = sp->ss_ip.s_addr & mask; - ports = 0; - } - ports |= sp->ss_ports; - } - if (ports) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), countpbits(ports)); - } - } -} - - -collectips() -{ - ipsd_t *ips; - ipss_t *ss; - int i, num, nip, in, j, k; - - for (i = 0; i < NPORTS; i++) - nip += iphits[i]->sd_cnt; - - ss = (ipss_t *)malloc(sizeof(ipss_t) * nip); - - for (in = 0, i = 0, num = 0; i < NPORTS; i++) { - ips = iphits[i]; - for (j = 0; j < ips->sd_cnt; j++) { - for (k = 0; k < num; k++) - if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip, - sizeof(struct in_addr))) { - ss[k].ss_hits += pweights[i]; - ss[k].ss_ports |= (1 << i); - break; - } - if (k == num) { - ss[num].ss_ip = ips->sd_hit[j].sh_ip; - ss[num].ss_hits = pweights[i]; - ss[k].ss_ports |= (1 << i); - num++; - } - } - } - - qsort(ss, num, sizeof(*ss), ssipcmp); - - printreport(ss, num); -} - - -main(argc, argv) -int argc; -char *argv[]; -{ - char c, *name = argv[0], *dir = NULL; - int fd; - - setuphits(); - dir = dir ? dir : "."; - readfiles(dir); - collectips(); -} |