2 * (C)opyright 1995-1998 Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * The author of this software makes no garuntee about the
7 * performance of this package or its suitability to fulfill any purpose.
16 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <netinet/in_systm.h>
21 #include <netinet/ip.h>
22 #include <netinet/tcp.h>
23 #include <netinet/udp.h>
24 #include <netinet/ip_icmp.h>
26 #include <netinet/ip_var.h>
27 #include <netinet/tcpip.h>
29 #include "ip_compat.h"
31 #include <linux/sockios.h>
37 static const char sccsid
[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
38 static const char rcsid
[] = "@(#)$Id: ipsd.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
45 char default_device
[] = "eth0";
48 char default_device
[] = "le0";
51 char default_device
[] = "ln0";
53 char default_device
[] = "lan0";
60 u_short defports
[NPORTS
] = {
61 7, 9, 20, 21, 23, 25, 53, 69, 79, 111,
62 123, 161, 162, 512, 513, 514, 515, 520, 540, 6000, 0
65 ipsd_t
*iphits
[NPORTS
];
72 return sh1
->sh_ip
.s_addr
- sh2
->sh_ip
.s_addr
;
77 * Check to see if we've already received a packet from this host for this
80 int findhit(ihp
, src
, dport
)
90 if (ihp
->sd_sz
== 4) {
91 for (i
= 0, sh
= ihp
->sd_hit
; i
< ihp
->sd_cnt
; i
++, sh
++)
92 if (src
.s_addr
== sh
->sh_ip
.s_addr
)
95 for (i
= ihp
->sd_cnt
/ 2, j
= (i
/ 2) - 1; j
>= 0; j
--) {
96 k
= ihp
->sd_hit
[i
].sh_ip
.s_addr
- src
.s_addr
;
110 * Search for port number amongst the sorted array of targets we're
121 for (i
= 10, j
= 4; j
>= 0; j
--) {
122 k
= tcp
->th_dport
- defports
[i
];
125 if (findhit(ihp
, ip
->ip_src
, tcp
->th_dport
))
127 sh
= ihp
->sd_hit
+ ihp
->sd_cnt
;
128 sh
->sh_date
= time(NULL
);
129 sh
->sh_ip
.s_addr
= ip
->ip_src
.s_addr
;
130 if (++ihp
->sd_cnt
== ihp
->sd_sz
)
133 sh
= realloc(sh
, ihp
->sd_sz
* sizeof(*sh
));
136 qsort(sh
, ihp
->sd_cnt
, sizeof(*sh
), ipcmp
);
149 * Allocate initial storage for hosts
155 for (i
= 0; i
< NPORTS
; i
++) {
157 if (iphits
[i
]->sd_hit
)
158 free(iphits
[i
]->sd_hit
);
161 iphits
[i
] = (ipsd_t
*)malloc(sizeof(ipsd_t
));
162 iphits
[i
]->sd_port
= defports
[i
];
163 iphits
[i
]->sd_cnt
= 0;
164 iphits
[i
]->sd_sz
= 4;
165 iphits
[i
]->sd_hit
= (sdhit_t
*)malloc(sizeof(sdhit_t
) * 4);
180 * Write statistics out to a file
189 (void) sprintf(fname
, "/var/log/ipsd/ipsd-hits.%d", nwrites
);
190 fd
= open(fname
, O_RDWR
|O_CREAT
|O_TRUNC
|O_EXCL
, 0644);
191 for (i
= 0, ipsd
= iphits
; i
< NPORTS
; i
++, ipsd
++) {
194 write(fd
, ips
, sizeof(ipsd_t
));
195 write(fd
, ips
->sd_hit
, sizeof(sdhit_t
) * ips
->sd_sz
);
205 signal(SIGCHLD
, waiter
);
225 fprintf(stderr
, "Usage: %s [-d device]\n", prog
);
230 void detecthits(fd
, writecount
)
237 hits
+= readloop(fd
, ip
);
238 if (hits
> writecount
) {
250 char *name
= argv
[0], *dev
= NULL
;
251 int fd
, writeafter
= 10000, angelic
= 0, c
;
253 while ((c
= getopt(argc
, argv
, "ad:n:")) != -1)
263 writeafter
= atoi(optarg
);
266 fprintf(stderr
, "Unknown option \"%c\"\n", c
);
270 bzero(iphits
, sizeof(iphits
));
274 dev
= default_device
;
275 printf("Device: %s\n", dev
);
276 fd
= initdevice(dev
, 60);
285 (void) setpgrp(0, getpgrp());
295 signal(SIGUSR1
, writenow
);
296 detecthits(fd
, writeafter
);