void MonProcessesGatherData(double *cf_this)
{
struct Item *userList = NULL;
char vbuff[CF_BUFSIZE];
int numProcUsers = 0;
int numRootProcs = 0;
int numOtherProcs = 0;
if (!GatherProcessUsers(&userList, &numProcUsers, &numRootProcs, &numOtherProcs))
{
return;
}
cf_this[ob_users] += numProcUsers;
cf_this[ob_rootprocs] += numRootProcs;
cf_this[ob_otherprocs] += numOtherProcs;
snprintf(vbuff,CF_MAXVARSIZE,"%s/state/cf_users",CFWORKDIR);
MapName(vbuff);
RawSaveItemList(userList,vbuff);
DeleteItemList(userList);
CfOut(cf_verbose,"","(Users,root,other) = (%d,%d,%d)\n",cf_this[ob_users],cf_this[ob_rootprocs],cf_this[ob_otherprocs]);
}
void MonProcessesGatherData(double *cf_this)
{
Item *userList = NULL;
int numProcUsers = 0;
int numRootProcs = 0;
int numOtherProcs = 0;
if (!GatherProcessUsers(&userList, &numProcUsers, &numRootProcs, &numOtherProcs))
{
return;
}
cf_this[ob_users] += numProcUsers;
cf_this[ob_rootprocs] += numRootProcs;
cf_this[ob_otherprocs] += numOtherProcs;
char vbuff[CF_MAXVARSIZE];
xsnprintf(vbuff, sizeof(vbuff), "%s/cf_users", GetStateDir());
MapName(vbuff);
RawSaveItemList(userList, vbuff, NewLineMode_Unix);
DeleteItemList(userList);
Log(LOG_LEVEL_VERBOSE, "(Users,root,other) = (%d,%d,%d)",
(int) cf_this[ob_users], (int) cf_this[ob_rootprocs],
(int) cf_this[ob_otherprocs]);
}
void CleanupNFS(void)
{
Log(LOG_LEVEL_VERBOSE, "Number of changes observed in '%s' is %d", VFSTAB[VSYSTEMHARDCLASS], FSTAB_EDITS);
if (FSTAB_EDITS && FSTABLIST && !DONTDO)
{
RawSaveItemList(FSTABLIST, VFSTAB[VSYSTEMHARDCLASS], NewLineMode_Unix);
DeleteItemList(FSTABLIST);
FSTABLIST = NULL;
FSTAB_EDITS = 0;
}
}
static void SaveSetuid(void)
{
char filename[CF_BUFSIZE];
snprintf(filename, CF_BUFSIZE, "%s/cfagent.%s.log", GetLogDir(), VSYSNAME.nodename);
MapName(filename);
PurgeItemList(&VSETUIDLIST, "SETUID/SETGID");
Item *current = RawLoadItemList(filename);
if (!ListsCompare(VSETUIDLIST, current))
{
RawSaveItemList(VSETUIDLIST, filename, NewLineMode_Unix);
}
DeleteItemList(VSETUIDLIST);
VSETUIDLIST = NULL;
}
void MonNetworkGatherData(double *cf_this)
{
FILE *pp;
char local[CF_BUFSIZE], remote[CF_BUFSIZE], comm[CF_BUFSIZE];
Item *in[ATTR], *out[ATTR];
char *sp;
int i;
char vbuff[CF_BUFSIZE];
enum cf_netstat_type { cfn_new, cfn_old } type = cfn_new;
enum cf_packet_type { cfn_tcp4, cfn_tcp6 } packet = cfn_tcp4;
CfDebug("GatherSocketData()\n");
for (i = 0; i < ATTR; i++)
{
in[i] = out[i] = NULL;
}
DeleteItemList(ALL_INCOMING);
ALL_INCOMING = NULL;
sscanf(VNETSTAT[VSYSTEMHARDCLASS], "%s", comm);
strcat(comm, " -an");
if ((pp = cf_popen(comm, "r")) == NULL)
{
return;
}
while (!feof(pp))
{
memset(local, 0, CF_BUFSIZE);
memset(remote, 0, CF_BUFSIZE);
CfReadLine(vbuff, CF_BUFSIZE, pp);
if (strstr(vbuff, "UNIX"))
{
break;
}
if (!(strstr(vbuff, ":") || strstr(vbuff, ".")))
{
continue;
}
/* Different formats here ... ugh.. pick a model */
// If this is old style, we look for chapter headings, e.g. "TCP: IPv4"
if (strncmp(vbuff,"TCP:",4) == 0 && strstr(vbuff+4,"6"))
{
packet = cfn_tcp6;
type = cfn_old;
continue;
}
else if (strncmp(vbuff,"TCP:",4) == 0 && strstr(vbuff+4,"4"))
{
packet = cfn_tcp4;
type = cfn_old;
continue;
}
// Line by line state in modern/linux output
if (strncmp(vbuff,"tcp6",4) == 0)
{
packet = cfn_tcp6;
type = cfn_new;
}
else if (strncmp(vbuff,"tcp",3) == 0)
{
packet = cfn_tcp4;
type = cfn_new;
}
// End extract type
switch (type)
{
case cfn_new: sscanf(vbuff, "%*s %*s %*s %s %s", local, remote); /* linux-like */
break;
case cfn_old:
sscanf(vbuff, "%s %s", local, remote);
break;
}
if (strlen(local) == 0)
{
continue;
}
// Extract the port number from the end of the string
for (sp = local + strlen(local); (*sp != '.') && (*sp != ':') && (sp > local); sp--)
{
}
*sp = '\0'; // Separate address from port number
sp++;
if (strstr(vbuff, "LISTEN"))
{
// General bucket
IdempPrependItem(&ALL_INCOMING, sp, NULL);
// Categories the incoming ports by packet types
switch (packet)
{
case cfn_tcp4:
IdempPrependItem(&MON_TCP4, sp, local);
break;
case cfn_tcp6:
IdempPrependItem(&MON_TCP6, sp, local);
break;
default:
break;
}
}
// Now look at outgoing
for (sp = remote + strlen(remote); (sp >= remote) && !isdigit((int) *sp); sp--)
{
}
sp++;
// Now look for the specific vital signs to count frequencies
for (i = 0; i < ATTR; i++)
{
char *spend;
for (spend = local + strlen(local) - 1; isdigit((int) *spend); spend--)
{
}
spend++;
if (strcmp(spend, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].in]++;
AppendItem(&in[i], vbuff, "");
}
for (spend = remote + strlen(remote) - 1; (sp >= remote) && isdigit((int) *spend); spend--)
{
}
spend++;
if (strcmp(spend, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].out]++;
AppendItem(&out[i], vbuff, "");
}
}
}
cf_pclose(pp);
/* Now save the state for ShowState()
the state is not smaller than the last or at least 40 minutes
older. This mirrors the persistence of the maxima classes */
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
CfDebug("save incoming %s\n", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_incoming.%s", CFWORKDIR, ECGSOCKS[i].name);
if (cfstat(vbuff, &statbuf) != -1)
{
if ((ByteSizeList(in[i]) < statbuf.st_size) && (now < statbuf.st_mtime + 40 * 60))
{
CfOut(cf_verbose, "", "New state %s is smaller, retaining old for 40 mins longer\n", ECGSOCKS[i].name);
DeleteItemList(in[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name, "in", in[i]);
RawSaveItemList(in[i], vbuff);
DeleteItemList(in[i]);
CfDebug("Saved in netstat data in %s\n", vbuff);
}
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
CfDebug("save outgoing %s\n", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_outgoing.%s", CFWORKDIR, ECGSOCKS[i].name);
if (cfstat(vbuff, &statbuf) != -1)
{
if ((ByteSizeList(out[i]) < statbuf.st_size) && (now < statbuf.st_mtime + 40 * 60))
{
CfOut(cf_verbose, "", "New state %s is smaller, retaining old for 40 mins longer\n", ECGSOCKS[i].name);
DeleteItemList(out[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name, "out", out[i]);
RawSaveItemList(out[i], vbuff);
CfDebug("Saved out netstat data in %s\n", vbuff);
DeleteItemList(out[i]);
}
}
int LoadProcessTable(EvalContext *ctx, Item **procdata)
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE], vbuff[CF_BUFSIZE], *sp;
Item *rootprocs = NULL;
Item *otherprocs = NULL;
if (PROCESSTABLE)
{
Log(LOG_LEVEL_VERBOSE, "Reusing cached process table");
return true;
}
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VSYSTEMHARDCLASS], psopts);
Log(LOG_LEVEL_VERBOSE, "Observe process table with %s", pscomm);
if ((prp = cf_popen(pscomm, "r", false)) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open the process list with command '%s'. (popen: %s)", pscomm, GetErrorStr());
return false;
}
for (;;)
{
ssize_t res = CfReadLine(vbuff, CF_BUFSIZE, prp);
if (res == 0)
{
break;
}
if (res == -1)
{
Log(LOG_LEVEL_ERR, "Unable to read process list with command '%s'. (fread: %s)", pscomm, GetErrorStr());
cf_pclose(prp);
return false;
}
for (sp = vbuff + strlen(vbuff) - 1; (sp > vbuff) && (isspace((int)*sp)); sp--)
{
*sp = '\0';
}
if (ForeignZone(vbuff))
{
continue;
}
AppendItem(procdata, vbuff, "");
}
cf_pclose(prp);
/* Now save the data */
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_procs", CFWORKDIR);
RawSaveItemList(*procdata, vbuff);
CopyList(&rootprocs, *procdata);
CopyList(&otherprocs, *procdata);
while (DeleteItemNotContaining(ctx, &rootprocs, "root"))
{
}
while (DeleteItemContaining(ctx, &otherprocs, "root"))
{
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_rootprocs", CFWORKDIR);
RawSaveItemList(rootprocs, vbuff);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_otherprocs", CFWORKDIR);
RawSaveItemList(otherprocs, vbuff);
DeleteItemList(otherprocs);
return true;
}
int LoadProcessTable()
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE];
Item *rootprocs = NULL;
Item *otherprocs = NULL;
if (PROCESSTABLE)
{
Log(LOG_LEVEL_VERBOSE, "Reusing cached process table");
return true;
}
LoadPlatformExtraTable();
CheckPsLineLimitations();
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VPSHARDCLASS], psopts);
Log(LOG_LEVEL_VERBOSE, "Observe process table with %s", pscomm);
if ((prp = cf_popen(pscomm, "r", false)) == NULL)
{
Log(LOG_LEVEL_ERR, "Couldn't open the process list with command '%s'. (popen: %s)", pscomm, GetErrorStr());
return false;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
# ifdef HAVE_GETZONEID
char *names[CF_PROCCOLS];
int start[CF_PROCCOLS];
int end[CF_PROCCOLS];
Seq *pidlist = SeqNew(1, NULL);
Seq *rootpidlist = SeqNew(1, NULL);
bool global_zone = IsGlobalZone();
if (global_zone)
{
int res = ZLoadProcesstable(pidlist, rootpidlist);
if (res == false)
{
Log(LOG_LEVEL_ERR, "Unable to load solaris zone process table.");
return false;
}
}
# endif
ARG_UNUSED bool header = true; /* used only if HAVE_GETZONEID */
for (;;)
{
ssize_t res = CfReadLine(&vbuff, &vbuff_size, prp);
if (res == -1)
{
if (!feof(prp))
{
Log(LOG_LEVEL_ERR, "Unable to read process list with command '%s'. (fread: %s)", pscomm, GetErrorStr());
cf_pclose(prp);
free(vbuff);
return false;
}
else
{
break;
}
}
Chop(vbuff, vbuff_size);
# ifdef HAVE_GETZONEID
if (global_zone)
{
if (header)
{ /* this is the banner so get the column header names for later use*/
GetProcessColumnNames(vbuff, &names[0], start, end);
}
else
{
int gpid = ExtractPid(vbuff, names, end);
if (!IsGlobalProcess(gpid, pidlist, rootpidlist))
{
continue;
}
}
}
# endif
AppendItem(&PROCESSTABLE, vbuff, "");
header = false;
}
cf_pclose(prp);
/* Now save the data */
const char* const statedir = GetStateDir();
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_procs", statedir, FILE_SEPARATOR);
RawSaveItemList(PROCESSTABLE, vbuff, NewLineMode_Unix);
# ifdef HAVE_GETZONEID
if (global_zone) /* pidlist and rootpidlist are empty if we're not in the global zone */
{
Item *ip = PROCESSTABLE;
while (ip != NULL)
{
ZCopyProcessList(&rootprocs, ip, rootpidlist, names, end);
ip = ip->next;
}
ReverseItemList(rootprocs);
ip = PROCESSTABLE;
while (ip != NULL)
{
ZCopyProcessList(&otherprocs, ip, pidlist, names, end);
ip = ip->next;
}
ReverseItemList(otherprocs);
}
else
# endif
{
CopyList(&rootprocs, PROCESSTABLE);
CopyList(&otherprocs, PROCESSTABLE);
while (DeleteItemNotContaining(&rootprocs, "root"))
{
}
while (DeleteItemContaining(&otherprocs, "root"))
{
}
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_rootprocs", statedir, FILE_SEPARATOR);
RawSaveItemList(rootprocs, vbuff, NewLineMode_Unix);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s%ccf_otherprocs", statedir, FILE_SEPARATOR);
RawSaveItemList(otherprocs, vbuff, NewLineMode_Unix);
DeleteItemList(otherprocs);
free(vbuff);
return true;
}
int Unix_LoadProcessTable(Item **procdata)
{
FILE *prp;
char pscomm[CF_MAXLINKSIZE], vbuff[CF_BUFSIZE], *sp;
Item *rootprocs = NULL;
Item *otherprocs = NULL;
const char *psopts = GetProcessOptions();
snprintf(pscomm, CF_MAXLINKSIZE, "%s %s", VPSCOMM[VSYSTEMHARDCLASS], psopts);
CfOut(cf_verbose, "", "Observe process table with %s\n", pscomm);
if ((prp = cf_popen(pscomm, "r")) == NULL)
{
CfOut(cf_error, "popen", "Couldn't open the process list with command %s\n", pscomm);
return false;
}
while (!feof(prp))
{
memset(vbuff, 0, CF_BUFSIZE);
CfReadLine(vbuff, CF_BUFSIZE, prp);
for (sp = vbuff + strlen(vbuff) - 1; sp > vbuff && isspace(*sp); sp--)
{
*sp = '\0';
}
if (ForeignZone(vbuff))
{
continue;
}
AppendItem(procdata, vbuff, "");
}
cf_pclose(prp);
/* Now save the data */
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_procs", CFWORKDIR);
RawSaveItemList(*procdata, vbuff);
CopyList(&rootprocs, *procdata);
CopyList(&otherprocs, *procdata);
while (DeleteItemNotContaining(&rootprocs, "root"))
{
}
while (DeleteItemContaining(&otherprocs, "root"))
{
}
if (otherprocs)
{
PrependItem(&rootprocs, otherprocs->name, NULL);
}
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_rootprocs", CFWORKDIR);
RawSaveItemList(rootprocs, vbuff);
DeleteItemList(rootprocs);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_otherprocs", CFWORKDIR);
RawSaveItemList(otherprocs, vbuff);
DeleteItemList(otherprocs);
return true;
}
void MonNetworkGatherData(double *cf_this)
{
FILE *pp;
char local[CF_BUFSIZE], remote[CF_BUFSIZE], comm[CF_BUFSIZE];
Item *in[ATTR], *out[ATTR];
char *sp;
int i;
enum cf_netstat_type { cfn_new, cfn_old } type = cfn_new;
enum cf_packet_type { cfn_udp4, cfn_udp6, cfn_tcp4, cfn_tcp6} packet = cfn_tcp4;
for (i = 0; i < ATTR; i++)
{
in[i] = out[i] = NULL;
}
DeleteItemList(ALL_INCOMING);
ALL_INCOMING = NULL;
sscanf(VNETSTAT[VSYSTEMHARDCLASS], "%s", comm);
strcat(comm, " -an");
if ((pp = cf_popen(comm, "r", true)) == NULL)
{
/* FIXME: no logging */
return;
}
size_t vbuff_size = CF_BUFSIZE;
char *vbuff = xmalloc(vbuff_size);
for (;;)
{
memset(local, 0, CF_BUFSIZE);
memset(remote, 0, CF_BUFSIZE);
size_t res = CfReadLine(&vbuff, &vbuff_size, pp);
if (res == -1)
{
if (!feof(pp))
{
/* FIXME: no logging */
cf_pclose(pp);
free(vbuff);
return;
}
else
{
break;
}
}
if (strstr(vbuff, "UNIX"))
{
break;
}
if (!((strstr(vbuff, ":")) || (strstr(vbuff, "."))))
{
continue;
}
/* Different formats here ... ugh.. pick a model */
// If this is old style, we look for chapter headings, e.g. "TCP: IPv4"
if ((strncmp(vbuff,"UDP:",4) == 0) && (strstr(vbuff+4,"6")))
{
packet = cfn_udp6;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"TCP:",4) == 0) && (strstr(vbuff+4,"6")))
{
packet = cfn_tcp6;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"UDP:",4) == 0) && (strstr(vbuff+4,"4")))
{
packet = cfn_udp4;
type = cfn_old;
continue;
}
else if ((strncmp(vbuff,"TCP:",4) == 0) && (strstr(vbuff+4,"4")))
{
packet = cfn_tcp4;
type = cfn_old;
continue;
}
// Line by line state in modern/linux output
if (strncmp(vbuff,"udp6",4) == 0)
{
packet = cfn_udp6;
type = cfn_new;
}
else if (strncmp(vbuff,"tcp6",4) == 0)
{
packet = cfn_tcp6;
type = cfn_new;
}
else if (strncmp(vbuff,"udp",3) == 0)
{
packet = cfn_udp4;
type = cfn_new;
}
else if (strncmp(vbuff,"tcp",3) == 0)
{
packet = cfn_tcp4;
type = cfn_new;
}
// End extract type
switch (type)
{
case cfn_new: sscanf(vbuff, "%*s %*s %*s %s %s", local, remote); /* linux-like */
break;
case cfn_old:
sscanf(vbuff, "%s %s", local, remote);
break;
}
if (strlen(local) == 0)
{
continue;
}
// Extract the port number from the end of the string
for (sp = local + strlen(local); (*sp != '.') && (*sp != ':') && (sp > local); sp--)
{
}
*sp = '\0'; // Separate address from port number
sp++;
char *localport = sp;
if (strstr(vbuff, "LISTEN"))
{
// General bucket
IdempPrependItem(&ALL_INCOMING, sp, NULL);
// Categories the incoming ports by packet types
switch (packet)
{
case cfn_udp4:
IdempPrependItem(&MON_UDP4, sp, local);
break;
case cfn_udp6:
IdempPrependItem(&MON_UDP6, sp, local);
break;
case cfn_tcp4:
IdempPrependItem(&MON_TCP4, localport, local);
break;
case cfn_tcp6:
IdempPrependItem(&MON_TCP6, localport, local);
break;
default:
break;
}
}
// Now look at outgoing
for (sp = remote + strlen(remote) - 1; (sp >= remote) && (isdigit((int) *sp)); sp--)
{
}
sp++;
char *remoteport = sp;
// Now look for the specific vital signs to count frequencies
for (i = 0; i < ATTR; i++)
{
if (strcmp(localport, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].in]++;
AppendItem(&in[i], vbuff, "");
}
if (strcmp(remoteport, ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].out]++;
AppendItem(&out[i], vbuff, "");
}
}
}
cf_pclose(pp);
/* Now save the state for ShowState()
the state is not smaller than the last or at least 40 minutes
older. This mirrors the persistence of the maxima classes */
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Log(LOG_LEVEL_DEBUG, "save incoming '%s'", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_incoming.%s", CFWORKDIR, ECGSOCKS[i].name);
if (stat(vbuff, &statbuf) != -1)
{
if (ItemListSize(in[i]) < statbuf.st_size &&
now < statbuf.st_mtime + 40 * 60)
{
Log(LOG_LEVEL_VERBOSE, "New state '%s' is smaller, retaining old for 40 mins longer", ECGSOCKS[i].name);
DeleteItemList(in[i]);
continue;
}
}
SetNetworkEntropyClasses(CanonifyName(ECGSOCKS[i].name), "in", in[i]);
RawSaveItemList(in[i], vbuff, NewLineMode_Unix);
DeleteItemList(in[i]);
Log(LOG_LEVEL_DEBUG, "Saved in netstat data in '%s'", vbuff);
}
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Log(LOG_LEVEL_DEBUG, "save outgoing '%s'", ECGSOCKS[i].name);
snprintf(vbuff, CF_MAXVARSIZE, "%s/state/cf_outgoing.%s", CFWORKDIR, ECGSOCKS[i].name);
if (stat(vbuff, &statbuf) != -1)
{
if (ItemListSize(out[i]) < statbuf.st_size &&
now < statbuf.st_mtime + 40 * 60)
{
Log(LOG_LEVEL_VERBOSE, "New state '%s' is smaller, retaining old for 40 mins longer", ECGSOCKS[i].name);
DeleteItemList(out[i]);
continue;
}
}
SetNetworkEntropyClasses(CanonifyName(ECGSOCKS[i].name), "out", out[i]);
RawSaveItemList(out[i], vbuff, NewLineMode_Unix);
Log(LOG_LEVEL_DEBUG, "Saved out netstat data in '%s'", vbuff);
DeleteItemList(out[i]);
}
free(vbuff);
}
void MonNetworkGatherData(double *cf_this)
{
FILE *pp;
char local[CF_BUFSIZE],remote[CF_BUFSIZE],comm[CF_BUFSIZE];
struct Item *in[ATTR],*out[ATTR];
char *sp;
int i;
char vbuff[CF_BUFSIZE];
Debug("GatherSocketData()\n");
for (i = 0; i < ATTR; i++)
{
in[i] = out[i] = NULL;
}
if (ALL_INCOMING != NULL)
{
DeleteItemList(ALL_INCOMING);
ALL_INCOMING = NULL;
}
if (ALL_OUTGOING != NULL)
{
DeleteItemList(ALL_OUTGOING);
ALL_OUTGOING = NULL;
}
sscanf(VNETSTAT[VSYSTEMHARDCLASS],"%s",comm);
strcat(comm," -n");
if ((pp = cf_popen(comm,"r")) == NULL)
{
return;
}
while (!feof(pp))
{
memset(local,0,CF_BUFSIZE);
memset(remote,0,CF_BUFSIZE);
CfReadLine(vbuff,CF_BUFSIZE,pp);
if (strstr(vbuff,"UNIX"))
{
break;
}
if (!strstr(vbuff,"."))
{
continue;
}
/* Different formats here ... ugh.. */
if (strncmp(vbuff,"tcp",3) == 0)
{
sscanf(vbuff,"%*s %*s %*s %s %s",local,remote); /* linux-like */
}
else
{
sscanf(vbuff,"%s %s",local,remote); /* solaris-like */
}
if (strlen(local) == 0)
{
continue;
}
for (sp = local+strlen(local); (*sp != '.') && (sp > local); sp--)
{
}
sp++;
if ((strlen(sp) < 5) &&!IsItemIn(ALL_INCOMING,sp))
{
PrependItem(&ALL_INCOMING,sp,NULL);
}
for (sp = remote+strlen(remote); (sp >= remote) && !isdigit((int)*sp); sp--)
{
}
sp++;
if ((strlen(sp) < 5) && !IsItemIn(ALL_OUTGOING,sp))
{
PrependItem(&ALL_OUTGOING,sp,NULL);
}
for (i = 0; i < ATTR; i++)
{
char *spend;
for (spend = local+strlen(local)-1; isdigit((int)*spend); spend--)
{
}
spend++;
if (strcmp(spend,ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].in]++;
AppendItem(&in[i],vbuff,"");
}
for (spend = remote+strlen(remote)-1; (sp >= remote) && isdigit((int)*spend); spend--)
{
}
spend++;
if (strcmp(spend,ECGSOCKS[i].portnr) == 0)
{
cf_this[ECGSOCKS[i].out]++;
AppendItem(&out[i],vbuff,"");
}
}
}
cf_pclose(pp);
/* Now save the state for ShowState() cf2 version alert function IFF
the state is not smaller than the last or at least 40 minutes
older. This mirrors the persistence of the maxima classes */
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Debug("save incoming %s\n",ECGSOCKS[i].name);
snprintf(vbuff,CF_MAXVARSIZE,"%s/state/cf_incoming.%s",CFWORKDIR,ECGSOCKS[i].name);
if (cfstat(vbuff,&statbuf) != -1)
{
if ((ByteSizeList(in[i]) < statbuf.st_size) && (now < statbuf.st_mtime+40*60))
{
CfOut(cf_verbose,"","New state %s is smaller, retaining old for 40 mins longer\n",ECGSOCKS[i].name);
DeleteItemList(in[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name,"in",in[i]);
RawSaveItemList(in[i],vbuff);
DeleteItemList(in[i]);
Debug("Saved in netstat data in %s\n",vbuff);
}
for (i = 0; i < ATTR; i++)
{
struct stat statbuf;
time_t now = time(NULL);
Debug("save outgoing %s\n",ECGSOCKS[i].name);
snprintf(vbuff,CF_MAXVARSIZE,"%s/state/cf_outgoing.%s",CFWORKDIR,ECGSOCKS[i].name);
if (cfstat(vbuff,&statbuf) != -1)
{
if ((ByteSizeList(out[i]) < statbuf.st_size) && (now < statbuf.st_mtime+40*60))
{
CfOut(cf_verbose,"","New state %s is smaller, retaining old for 40 mins longer\n",ECGSOCKS[i].name);
DeleteItemList(out[i]);
continue;
}
}
SetNetworkEntropyClasses(ECGSOCKS[i].name,"out",out[i]);
RawSaveItemList(out[i],vbuff);
Debug("Saved out netstat data in %s\n",vbuff);
DeleteItemList(out[i]);
}
}
