static void setup_pid(fko_srv_options_t *opts)
{
pid_t old_pid;
#if AFL_FUZZING
if(opts->afl_fuzzing)
return;
#endif
/* If we are a new process (just being started), proceed with normal
* start-up. Otherwise, we are here as a result of a signal sent to an
* existing process and we want to restart.
*/
if(get_running_pid(opts) != getpid())
{
/* If foreground mode is not set, then fork off and become a daemon.
* Otherwise, attempt to get the pid file lock and go on.
*/
if(opts->foreground == 0)
{
daemonize_process(opts);
}
else
{
old_pid = write_pid_file(opts);
if(old_pid > 0)
{
fprintf(stderr,
"[*] An instance of fwknopd is already running: (PID=%i).\n", old_pid
);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
else if(old_pid < 0)
{
fprintf(stderr, "[*] PID file error. The lock may not be effective.\n");
}
}
log_msg(LOG_INFO, "Starting %s", MY_NAME);
}
else
{
log_msg(LOG_INFO, "Re-starting %s", MY_NAME);
}
return;
}
proxy_common::proxy_common(const proxy_argv& a)
: a_(a),
request_counter_(0),
forward_counter_(0),
start_time_(get_clock_time()) {
common::prepare_signal_handling();
zk_.reset(common::create_lock_service(
"cached_zk", a.z, a.zookeeper_timeout, make_logfile_name(a)));
register_lock_service(zk_);
jubatus::server::common::prepare_jubatus(*zk_, a_.type, "");
if (a.daemon) {
daemonize_process(a.logdir);
}
}
int main(int argc, char *argv[])
{
char log_path[PATH_MAX];
bool daemonize = false, verbose = false;
int port=-1, bus=-1;
setlinebuf(stdout);
printf("\n");
printf("I2CPROXY\n");
printf("========\n");
printf("\n");
read_args(argc, argv, &port, &bus, &daemonize, &verbose, log_path, sizeof(log_path));
if (daemonize) daemonize_process(log_path);
pr_init();
start_poll_thread(port + 1, bus, verbose);
process_command_connections(port, bus, verbose);
printf("Done\n");
return 0;
}
int
main(int argc, char **argv)
{
int res, last_sig, rp_cache_count;
char *locale;
pid_t old_pid;
fko_srv_options_t opts;
while(1)
{
/* Handle command line
*/
config_init(&opts, argc, argv);
/* Process any options that do their thing and exit. */
/* Kill the currently running fwknopd?
*/
if(opts.kill == 1)
{
old_pid = get_running_pid(&opts);
if(old_pid > 0)
{
res = kill(old_pid, SIGTERM);
if(res == 0)
{
fprintf(stderr, "Killed fwknopd (pid=%i)\n", old_pid);
exit(EXIT_SUCCESS);
}
else
{
perror("Unable to kill fwknop: ");
exit(EXIT_FAILURE);
}
}
else
{
fprintf(stderr, "No running fwknopd detected.\n");
exit(EXIT_FAILURE);
}
}
/* Status of the currently running fwknopd?
*/
if(opts.status == 1)
{
old_pid = write_pid_file(&opts);
if(old_pid > 0)
fprintf(stderr, "Detected fwknopd is running (pid=%i).\n", old_pid);
else
fprintf(stderr, "No running fwknopd detected.\n");
exit(EXIT_SUCCESS);
}
/* Restart the currently running fwknopd?
*/
if(opts.restart == 1 || opts.status == 1)
{
old_pid = get_running_pid(&opts);
if(old_pid > 0)
{
res = kill(old_pid, SIGHUP);
if(res == 0)
{
fprintf(stderr, "Sent restart signal to fwknopd (pid=%i)\n", old_pid);
exit(EXIT_SUCCESS);
}
else
{
perror("Unable to send signal to fwknop: ");
exit(EXIT_FAILURE);
}
}
else
{
fprintf(stderr, "No running fwknopd detected.\n");
exit(EXIT_FAILURE);
}
}
/* Initialize logging.
*/
init_logging(&opts);
#if HAVE_LOCALE_H
/* Set the locale if specified.
*/
if(opts.config[CONF_LOCALE] != NULL
&& strncasecmp(opts.config[CONF_LOCALE], "NONE", 4) != 0)
{
locale = setlocale(LC_ALL, opts.config[CONF_LOCALE]);
if(locale == NULL)
{
log_msg(LOG_ERR,
"WARNING: Unable to set locale to '%s'.",
opts.config[CONF_LOCALE]
);
}
else
{
if(opts.verbose)
log_msg(LOG_INFO,
"Locale set to '%s'.", opts.config[CONF_LOCALE]
);
}
}
#endif
/* Make sure we have a valid run dir and path leading to digest file
* in case it configured to be somewhere other than the run dir.
*/
check_dir_path((const char *)opts.config[CONF_FWKNOP_RUN_DIR], "Run", 0);
#if USE_FILE_CACHE
check_dir_path((const char *)opts.config[CONF_DIGEST_FILE], "Run", 1);
#else
check_dir_path((const char *)opts.config[CONF_DIGEST_DB_FILE], "Run", 1);
#endif
/* Process the access.conf file.
*/
parse_access_file(&opts);
/* Show config (including access.conf vars) and exit dump config was
* wanted.
*/
if(opts.dump_config == 1)
{
dump_config(&opts);
dump_access_list(&opts);
exit(EXIT_SUCCESS);
}
/* Initialize the firewall rules handler based on the fwknopd.conf
* file, but (for iptables firewalls) don't flush any rules or create
* any chains yet. This allows us to dump the current firewall rules
* via fw_rules_dump() in --fw-list mode before changing around any rules
* of an existing fwknopd process.
*/
fw_config_init(&opts);
if(opts.fw_list == 1)
{
fw_dump_rules(&opts);
exit(EXIT_SUCCESS);
}
/* If we are a new process (just being started), proceed with normal
* start-up. Otherwise, we are here as a result of a signal sent to an
* existing process and we want to restart.
*/
if(get_running_pid(&opts) != getpid())
{
/* If foreground mode is not set, the fork off and become a daemon.
* Otherwise, attempt to get the pid file lock and go on.
*/
if(opts.foreground == 0)
{
daemonize_process(&opts);
}
else
{
old_pid = write_pid_file(&opts);
if(old_pid > 0)
{
fprintf(stderr,
"* An instance of fwknopd is already running: (PID=%i).\n", old_pid
);
exit(EXIT_FAILURE);
}
else if(old_pid < 0)
{
fprintf(stderr, "* PID file error. The lock may not be effective.\n");
}
}
log_msg(LOG_INFO, "Starting %s", MY_NAME);
}
else
{
log_msg(LOG_INFO, "Re-starting %s", MY_NAME);
}
if(opts.verbose > 1 && opts.foreground)
{
dump_config(&opts);
dump_access_list(&opts);
}
/* Initialize the digest cache for replay attack detection (either
* with dbm support or with the default simple cache file strategy)
* if so configured.
*/
if(strncasecmp(opts.config[CONF_ENABLE_DIGEST_PERSISTENCE], "Y", 1) == 0)
{
rp_cache_count = replay_cache_init(&opts);
if(rp_cache_count < 0)
{
log_msg(LOG_WARNING,
"Error opening digest cache file. Incoming digests will not be remembered."
);
strlcpy(opts.config[CONF_ENABLE_DIGEST_PERSISTENCE], "N", 2);
}
if(opts.verbose)
log_msg(LOG_ERR,
"Using Digest Cache: '%s' (entry count = %i)",
#if USE_FILE_CACHE
opts.config[CONF_DIGEST_FILE], rp_cache_count
#else
opts.config[CONF_DIGEST_DB_FILE], rp_cache_count
#endif
);
}
/* Prepare the firewall - i.e. flush any old rules and (for iptables)
* create fwknop chains.
*/
fw_initialize(&opts);
/* If the TCP server option was set, fire it up here.
*/
if(strncasecmp(opts.config[CONF_ENABLE_TCP_SERVER], "Y", 1) == 0)
{
if(atoi(opts.config[CONF_TCPSERV_PORT]) <= 0
|| atoi(opts.config[CONF_TCPSERV_PORT]) > 65535)
{
log_msg(LOG_WARNING,
"WARNING: ENABLE_TCP_SERVER is set, but TCPSERV_PORT is not valid. TCP server not started!"
);
}
else
{
run_tcp_server(&opts);
}
}
/* Intiate pcap capture mode...
*/
pcap_capture(&opts);
if(got_signal) {
last_sig = got_signal;
got_signal = 0;
if(got_sighup)
{
log_msg(LOG_WARNING, "Got SIGHUP. Re-reading configs.");
free_configs(&opts);
kill(opts.tcp_server_pid, SIGTERM);
usleep(1000000);
got_sighup = 0;
}
else if(got_sigint)
{
log_msg(LOG_WARNING, "Got SIGINT. Exiting...");
got_sigint = 0;
break;
}
else if(got_sigterm)
{
log_msg(LOG_WARNING, "Got SIGTERM. Exiting...");
got_sigterm = 0;
break;
}
else
{
log_msg(LOG_WARNING,
"Got signal %i. No defined action but to exit.", last_sig);
break;
}
}
else if (opts.packet_ctr_limit > 0
&& opts.packet_ctr >= opts.packet_ctr_limit)
{
log_msg(LOG_INFO,
"Packet count limit (%d) reached. Exiting...",
opts.packet_ctr_limit);
break;
}
else /* got_signal was not set (should be if we are here) */
{
log_msg(LOG_WARNING,
"Capture ended without signal. Exiting...");
break;
}
}
log_msg(LOG_INFO, "Shutting Down fwknopd.");
/* Kill the TCP server (if we have one running).
*/
if(opts.tcp_server_pid > 0)
{
log_msg(LOG_INFO, "Killing the TCP server (pid=%i)",
opts.tcp_server_pid);
kill(opts.tcp_server_pid, SIGTERM);
/* --DSS XXX: This seems to be necessary if the tcp server
* was restarted by this program. We need to
* investigate and fix this. For now, this works
* (it is kludgy, but does no harm afaik).
*/
kill(opts.tcp_server_pid, SIGKILL);
}
/* Other cleanup.
*/
fw_cleanup();
free_logging();
#if USE_FILE_CACHE
free_replay_list(&opts);
#endif
free_configs(&opts);
return(0);
}
/* main */
int main(int argc, char *argv[]) {
char **ovw_file_ptr;
char *overwrite_files[MAX_OVW_FILES+1];
char overwrite_cmd[MAX_PATH_LEN];
char config_file[MAX_PATH_LEN];
char buf[MAX_LINE_BUF];
int fifo_fd, fwdata_fd; /* file descriptors */
int cmdlopt, numbytes;
#ifdef DEBUG
int matched_ipt_log_msg = 0;
int fwlinectr = 0;
#endif
#ifdef DEBUG
fprintf(stderr, "[+] Entering DEBUG mode\n");
fprintf(stderr, "[+] Firewall messages will be written to both ");
fprintf(stderr, "STDOUT _and_ to fwdata.\n\n");
#endif
overwrite_files[0] = NULL;
strlcpy(config_file, CONFIG_FILE, MAX_PATH_LEN);
dump_cfg = 0;
while((cmdlopt = getopt(argc, argv, "c:O:Dh")) != -1) {
switch(cmdlopt) {
case 'c':
strlcpy(config_file, optarg, MAX_PATH_LEN);
break;
case 'O':
strlcpy(overwrite_cmd, optarg, MAX_PATH_LEN);
list_to_array(overwrite_cmd, ',', overwrite_files, MAX_OVW_FILES);
break;
case 'D':
dump_cfg = 1;
break;
default:
usage();
}
}
/* clean our settings */
clean_settings();
/* Parse both the overwrite and configuration file */
for (ovw_file_ptr=overwrite_files; *ovw_file_ptr!=NULL; ovw_file_ptr++)
parse_config(*ovw_file_ptr);
parse_config(config_file);
/* Check our settings */
check_config();
if (dump_cfg == 1)
dump_config();
/* make sure there isn't another kmsgsd already running */
check_unique_pid(kmsgsd_pid_file, "kmsgsd");
#ifndef DEBUG
/* become a daemon */
daemonize_process(kmsgsd_pid_file);
#endif
/* install signal handler for HUP signals */
signal(SIGHUP, sighup_handler);
/* start doing the real work now that the daemon is running and
* the config file has been processed */
/* open the psadfifo named pipe. Note that we are opening the pipe
* _without_ the O_NONBLOCK flag since we want the read on the file
* descriptor to block until there is something new in the pipe.
* Also, note that we are opening with O_RDWR, since this seems to
* fix the problem with kmsgsd not blocking on the read() if the
* system logger dies (and hence closes its file descriptor for the
* psadfifo). */
if ((fifo_fd = open(psadfifo_file, O_RDWR)) < 0) {
fprintf(stderr, "[*] Could not open %s for reading.\n",
psadfifo_file);
exit(EXIT_FAILURE); /* could not open psadfifo named pipe */
}
/* open the fwdata file in append mode so we can write messages from
* the pipe into this file. */
if ((fwdata_fd = open(fwdata_file,
O_CREAT|O_WRONLY|O_APPEND, 0600)) < 0) {
fprintf(stderr, "[*] Could not open %s for writing.\n", fwdata_file);
exit(EXIT_FAILURE); /* could not open fwdata file */
}
/* MAIN LOOP;
* Read data from the pipe indefinitely (we opened it _without_
* O_NONBLOCK) and write it to the fwdata file if it is a firewall message
*/
while ((numbytes = read(fifo_fd, buf, MAX_LINE_BUF-1)) >= 0) {
#ifdef DEBUG
fprintf(stderr,
"read %d bytes from %s fifo.\n", numbytes, psadfifo_file);
#endif
/* make sure the buf contents qualifies as a string */
buf[numbytes] = '\0';
if (received_sighup) {
/* clear the signal flag */
received_sighup = 0;
/* clean our settings */
clean_settings();
/* reparse the config file since we received a HUP signal */
for (ovw_file_ptr=overwrite_files; *ovw_file_ptr!=NULL; ovw_file_ptr++)
parse_config(*ovw_file_ptr);
parse_config(config_file);
check_config();
/* close file descriptors and re-open them after
* re-reading config file */
close(fifo_fd);
close(fwdata_fd);
/* re-open psadfifo and fwdata files */
if ((fifo_fd = open(psadfifo_file, O_RDWR)) < 0) {
fprintf(stderr, "[*] Could not open %s for reading.\n",
psadfifo_file);
exit(EXIT_FAILURE); /* could not open psadfifo named pipe */
}
if ((fwdata_fd = open(fwdata_file, O_CREAT|O_WRONLY|O_APPEND,
0600)) < 0) {
fprintf(stderr, "[*] Could not open %s for writing.\n",
fwdata_file);
exit(EXIT_FAILURE); /* could not open fwdata file */
}
slogr("psad(kmsgsd)", "received HUP signal");
}
/* see if we matched a firewall message and write it to the
* fwdata file */
if ((strstr(buf, "OUT=") != NULL
&& strstr(buf, "IN=") != NULL)) {
if (! fw_search_all_flag) {
/* we are looking for specific log prefixes */
if (match_fw_msg(buf) || strstr(buf, snort_sid_str) != NULL) {
if (write(fwdata_fd, buf, numbytes) < 0) {
exit(EXIT_FAILURE); /* could not write to the fwdata file */
}
#ifdef DEBUG
matched_ipt_log_msg = 1;
#endif
}
} else {
if (write(fwdata_fd, buf, numbytes) < 0)
exit(EXIT_FAILURE); /* could not write to the fwdata file */
#ifdef DEBUG
matched_ipt_log_msg = 1;
#endif
}
#ifdef DEBUG
if (matched_ipt_log_msg) {
puts(buf);
fprintf(stderr, "[+] Line matched search strings.\n");
fwlinectr++;
if (fwlinectr % 50 == 0)
fprintf(stderr,
"[+] Processed %d firewall lines.\n", fwlinectr);
matched_ipt_log_msg = 0;
} else {
puts(buf);
fprintf(stderr, "[-] Line did not match search strings.\n");
}
#endif
}
}
/* these statements don't get executed, but for completeness... */
close(fifo_fd);
close(fwdata_fd);
exit(EXIT_SUCCESS);
}
