diff options
Diffstat (limited to 'contrib/pf/pflogd')
-rw-r--r-- | contrib/pf/pflogd/pflogd.c | 90 | ||||
-rw-r--r-- | contrib/pf/pflogd/pidfile.c | 3 | ||||
-rw-r--r-- | contrib/pf/pflogd/privsep.c | 34 |
3 files changed, 93 insertions, 34 deletions
diff --git a/contrib/pf/pflogd/pflogd.c b/contrib/pf/pflogd/pflogd.c index cc474e3..a8c3863 100644 --- a/contrib/pf/pflogd/pflogd.c +++ b/contrib/pf/pflogd/pflogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pflogd.c,v 1.33 2005/02/09 12:09:30 henning Exp $ */ +/* $OpenBSD: pflogd.c,v 1.27 2004/02/13 19:01:57 otto Exp $ */ /* * Copyright (c) 2001 Theo de Raadt @@ -30,6 +30,9 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + #include <sys/types.h> #include <sys/ioctl.h> #include <sys/file.h> @@ -45,7 +48,12 @@ #include <errno.h> #include <stdarg.h> #include <fcntl.h> +#ifdef __FreeBSD__ +#include "pidfile.h" +#else #include <util.h> +#endif + #include "pflogd.h" pcap_t *hpcap; @@ -144,7 +152,11 @@ logmsg(int pri, const char *message, ...) va_end(ap); } +#ifdef __FreeBSD__ +__dead2 void +#else __dead void +#endif usage(void) { fprintf(stderr, "usage: pflogd [-Dx] [-d delay] [-f filename] "); @@ -204,11 +216,15 @@ init_pcap(void) cur_snaplen = snaplen = pcap_snapshot(hpcap); +#ifdef __FreeBSD__ + /* We can not lock bpf devices ... yet */ +#else /* lock */ if (ioctl(pcap_fileno(hpcap), BIOCLOCK) < 0) { logmsg(LOG_ERR, "BIOCLOCK: %s", strerror(errno)); return (-1); } +#endif return (0); } @@ -255,19 +271,16 @@ reset_dump(void) fp = fdopen(fd, "a+"); if (fp == NULL) { - close(fd); logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); return (1); } if (fstat(fileno(fp), &st) == -1) { - fclose(fp); logmsg(LOG_ERR, "Error: %s: %s", filename, strerror(errno)); return (1); } /* set FILE unbuffered, we do our own buffering */ if (setvbuf(fp, NULL, _IONBF, 0)) { - fclose(fp); logmsg(LOG_ERR, "Failed to set output buffers"); return (1); } @@ -278,7 +291,6 @@ reset_dump(void) if (snaplen != cur_snaplen) { logmsg(LOG_NOTICE, "Using snaplen %d", snaplen); if (set_snaplen(snaplen)) { - fclose(fp); logmsg(LOG_WARNING, "Failed, using old settings"); } @@ -313,7 +325,11 @@ int scan_dump(FILE *fp, off_t size) { struct pcap_file_header hdr; +#ifdef __FreeBSD__ + struct pcap_sf_pkthdr ph; +#else struct pcap_pkthdr ph; +#endif off_t pos; /* @@ -383,18 +399,34 @@ void dump_packet_nobuf(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { FILE *f = (FILE *)user; +#ifdef __FreeBSD__ + struct pcap_sf_pkthdr sh; +#endif if (suspended) { packets_dropped++; return; } - if (fwrite((char *)h, sizeof(*h), 1, f) != 1) { - off_t pos = ftello(f); +#ifdef __FreeBSD__ + sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec; + sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec; + sh.caplen = h->caplen; + sh.len = h->len; + if (fwrite((char *)&sh, sizeof(sh), 1, f) != 1) { +#else + if (fwrite((char *)h, sizeof(*h), 1, f) != 1) { +#endif /* try to undo header to prevent corruption */ + off_t pos = ftello(f); +#ifdef __FreeBSD__ + if (pos < sizeof(sh) || + ftruncate(fileno(f), pos - sizeof(sh))) { +#else if (pos < sizeof(*h) || ftruncate(fileno(f), pos - sizeof(*h))) { +#endif logmsg(LOG_ERR, "Write failed, corrupted logfile!"); set_suspended(1); gotsig_close = 1; @@ -463,7 +495,12 @@ void dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { FILE *f = (FILE *)user; +#ifdef __FreeBSD__ + struct pcap_sf_pkthdr sh; + size_t len = sizeof(sh) + h->caplen; +#else size_t len = sizeof(*h) + h->caplen; +#endif if (len < sizeof(*h) || h->caplen > (size_t)cur_snaplen) { logmsg(LOG_NOTICE, "invalid size %u (%u/%u), packet dropped", @@ -490,9 +527,19 @@ dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) return; } - append: + append: +#ifdef __FreeBSD__ + sh.ts.tv_sec = (bpf_int32)h->ts.tv_sec; + sh.ts.tv_usec = (bpf_int32)h->ts.tv_usec; + sh.caplen = h->caplen; + sh.len = h->len; + + memcpy(bufpos, &sh, sizeof(sh)); + memcpy(bufpos + sizeof(sh), sp, h->caplen); +#else memcpy(bufpos, h, sizeof(*h)); memcpy(bufpos + sizeof(*h), sp, h->caplen); +#endif bufpos += len; bufleft -= len; @@ -507,9 +554,12 @@ main(int argc, char **argv) struct pcap_stat pstat; int ch, np, Xflag = 0; pcap_handler phandler = dump_packet; - const char *errstr = NULL; +#ifdef __FreeBSD__ + /* another ?paranoid? safety measure we do not have */ +#else closefrom(STDERR_FILENO + 1); +#endif while ((ch = getopt(argc, argv, "Dxd:s:f:")) != -1) { switch (ch) { @@ -517,19 +567,18 @@ main(int argc, char **argv) Debug = 1; break; case 'd': - delay = strtonum(optarg, 5, 60*60, &errstr); - if (errstr) + delay = atoi(optarg); + if (delay < 5 || delay > 60*60) usage(); break; case 'f': filename = optarg; break; case 's': - snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN, - &errstr); + snaplen = atoi(optarg); if (snaplen <= 0) snaplen = DEF_SNAPLEN; - if (errstr) + if (snaplen > PFLOGD_MAXSNAPLEN) snaplen = PFLOGD_MAXSNAPLEN; break; case 'x': @@ -554,7 +603,6 @@ main(int argc, char **argv) pidfile(NULL); } - tzset(); (void)umask(S_IRWXG | S_IRWXO); /* filter will be used by the privileged process */ @@ -607,9 +655,17 @@ main(int argc, char **argv) while (1) { np = pcap_dispatch(hpcap, PCAP_NUM_PKTS, - phandler, (u_char *)dpcap); - if (np < 0) + dump_packet, (u_char *)dpcap); + if (np < 0) { +#ifdef __FreeBSD__ + if (errno == ENXIO) { + logmsg(LOG_ERR, + "Device not/no longer configured"); + break; + } +#endif logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); + } if (gotsig_close) break; diff --git a/contrib/pf/pflogd/pidfile.c b/contrib/pf/pflogd/pidfile.c index 61eca26..db6007f 100644 --- a/contrib/pf/pflogd/pidfile.c +++ b/contrib/pf/pflogd/pidfile.c @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* $OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $ */ /* $NetBSD: pidfile.c,v 1.4 2001/02/19 22:43:42 cgd Exp $ */ @@ -47,7 +48,7 @@ static const char rcsid[] = "$OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraa #include <stdio.h> #include <stdlib.h> #include <unistd.h> -#if defined(__FreeBSD__) +#ifdef __FreeBSD__ #include "pidfile.h" #else #include <util.h> diff --git a/contrib/pf/pflogd/privsep.c b/contrib/pf/pflogd/privsep.c index 33d6b9c..3dfba32 100644 --- a/contrib/pf/pflogd/privsep.c +++ b/contrib/pf/pflogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.13 2004/12/22 09:21:02 otto Exp $ */ +/* $OpenBSD: privsep.c,v 1.8 2004/03/14 19:17:05 otto Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -16,11 +16,13 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include <sys/ioctl.h> -#include <sys/types.h> + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/param.h> #include <sys/time.h> #include <sys/socket.h> -#include <sys/ioctl.h> #include <net/if.h> #include <net/bpf.h> @@ -28,13 +30,13 @@ #include <err.h> #include <errno.h> #include <fcntl.h> -#include <pcap.h> -#include <pcap-int.h> #include <pwd.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <pcap.h> +#include <pcap-int.h> #include <syslog.h> #include <unistd.h> #include "pflogd.h" @@ -67,10 +69,14 @@ int priv_init(void) { int i, fd, socks[2], cmd; - int snaplen, ret, olderrno; + int snaplen, ret; struct passwd *pw; +#ifdef __FreeBSD__ + for (i = 1; i < NSIG; i++) +#else for (i = 1; i < _NSIG; i++) +#endif signal(i, SIG_DFL); /* Create sockets */ @@ -112,12 +118,10 @@ priv_init(void) } /* Father */ - /* Pass ALRM/TERM/HUP/INT/QUIT through to child, and accept CHLD */ + /* Pass ALRM/TERM/HUP through to child, and accept CHLD */ signal(SIGALRM, sig_pass_to_chld); signal(SIGTERM, sig_pass_to_chld); signal(SIGHUP, sig_pass_to_chld); - signal(SIGINT, sig_pass_to_chld); - signal(SIGQUIT, sig_pass_to_chld); signal(SIGCHLD, sig_chld); setproctitle("[priv]"); @@ -149,14 +153,12 @@ priv_init(void) fd = open(filename, O_RDWR|O_CREAT|O_APPEND|O_NONBLOCK|O_NOFOLLOW, 0600); - olderrno = errno; - send_fd(socks[0], fd); if (fd < 0) logmsg(LOG_NOTICE, "[priv]: failed to open %s: %s", - filename, strerror(olderrno)); - else - close(fd); + filename, strerror(errno)); + send_fd(socks[0], fd); + close(fd); break; default: @@ -215,7 +217,7 @@ priv_open_log(void) int cmd, fd; if (priv_fd < 0) - errx(1, "%s: called from privileged portion", __func__); + errx(1, "%s: called from privileged portion\n", __func__); cmd = PRIV_OPEN_LOG; must_write(priv_fd, &cmd, sizeof(int)); |