static void AddOpenPortsClasses(const char *name, const Item *value, Item **classlist)
{
Writer *w = StringWriter();
WriterWriteF(w, "@%s=", name);
PrintItemList(value, w);
if (StringWriterLength(w) <= 1500)
{
AppendItem(classlist, StringWriterClose(w), NULL);
}
else
{
WriterClose(w);
}
}
static void ArmClasses(Averages av, char *timekey)
{
double sigma;
Item *ip,*classlist = NULL;
int i, j, k;
char buff[CF_BUFSIZE], ldt_buff[CF_BUFSIZE], name[CF_MAXVARSIZE];
static int anomaly[CF_OBSERVABLES][LDT_BUFSIZE];
extern Item *ALL_INCOMING;
extern Item *MON_UDP4, *MON_UDP6, *MON_TCP4, *MON_TCP6;
CfDebug("Arm classes for %s\n", timekey);
for (i = 0; i < CF_OBSERVABLES; i++)
{
char desc[CF_BUFSIZE];
GetObservable(i, name, desc);
sigma = SetClasses(name, CF_THIS[i], av.Q[i].expect, av.Q[i].var, LOCALAV.Q[i].expect, LOCALAV.Q[i].var, &classlist, timekey);
SetVariable(name, CF_THIS[i], av.Q[i].expect, sigma, &classlist);
/* LDT */
ldt_buff[0] = '\0';
anomaly[i][LDT_POS] = false;
if (!LDT_FULL)
{
anomaly[i][LDT_POS] = false;
}
if (LDT_FULL && (CHI[i] > CHI_LIMIT[i]))
{
anomaly[i][LDT_POS] = true; /* Remember the last anomaly value */
CfOut(cf_verbose, "", "LDT(%d) in %s chi = %.2f thresh %.2f \n", LDT_POS, name, CHI[i], CHI_LIMIT[i]);
/* Last printed element is now */
for (j = LDT_POS + 1, k = 0; k < LDT_BUFSIZE; j++, k++)
{
if (j == LDT_BUFSIZE) /* Wrap */
{
j = 0;
}
if (anomaly[i][j])
{
snprintf(buff, CF_BUFSIZE, " *%.2f*", LDT_BUF[i][j]);
}
else
{
snprintf(buff, CF_BUFSIZE, " %.2f", LDT_BUF[i][j]);
}
strcat(ldt_buff, buff);
}
if (CF_THIS[i] > av.Q[i].expect)
{
snprintf(buff, CF_BUFSIZE, "%s_high_ldt", name);
}
else
{
snprintf(buff, CF_BUFSIZE, "%s_high_ldt", name);
}
AppendItem(&classlist, buff, "2");
NewPersistentContext(buff, "measurements", CF_PERSISTENCE, cfpreserve);
}
else
{
for (j = LDT_POS + 1, k = 0; k < LDT_BUFSIZE; j++, k++)
{
if (j == LDT_BUFSIZE) /* Wrap */
{
j = 0;
}
if (anomaly[i][j])
{
snprintf(buff, CF_BUFSIZE, " *%.2f*", LDT_BUF[i][j]);
}
else
{
snprintf(buff, CF_BUFSIZE, " %.2f", LDT_BUF[i][j]);
}
strcat(ldt_buff, buff);
}
}
}
SetMeasurementPromises(&classlist);
// Report on the open ports, in various ways
ldt_buff[0] = '\0';
PrintItemList(ldt_buff,CF_BUFSIZE,ALL_INCOMING);
if (strlen(ldt_buff) < 1500)
{
snprintf(buff,CF_BUFSIZE,"@listening_ports=%s",ldt_buff);
AppendItem(&classlist,buff,NULL);
}
ldt_buff[0] = '\0';
PrintItemList(ldt_buff,CF_BUFSIZE,MON_UDP6);
if (strlen(ldt_buff) < 1500)
{
snprintf(buff,CF_BUFSIZE,"@listening_udp6_ports=%s",ldt_buff);
AppendItem(&classlist,buff,NULL);
}
ldt_buff[0] = '\0';
PrintItemList(ldt_buff,CF_BUFSIZE,MON_UDP4);
if (strlen(ldt_buff) < 1500)
{
snprintf(buff,CF_BUFSIZE,"@listening_udp4_ports=%s",ldt_buff);
AppendItem(&classlist,buff,NULL);
}
ldt_buff[0] = '\0';
PrintItemList(ldt_buff,CF_BUFSIZE,MON_TCP6);
if (strlen(ldt_buff) < 1500)
{
snprintf(buff,CF_BUFSIZE,"@listening_tcp6_ports=%s",ldt_buff);
AppendItem(&classlist,buff,NULL);
}
ldt_buff[0] = '\0';
PrintItemList(ldt_buff,CF_BUFSIZE,MON_TCP4);
if (strlen(ldt_buff) < 1500)
{
snprintf(buff,CF_BUFSIZE,"@listening_tcp4_ports=%s",ldt_buff);
AppendItem(&classlist,buff,NULL);
}
// Port addresses
if (ListLen(MON_TCP6) + ListLen(MON_TCP4) > 512)
{
CfOut(cf_inform, "", "Disabling address information of TCP ports in LISTEN state: more than 512 listening ports are detected");
}
else
{
for (ip = MON_TCP6; ip != NULL; ip=ip->next)
{
snprintf(buff,CF_BUFSIZE,"tcp6_port_addr[%s]=%s",ip->name,ip->classes);
AppendItem(&classlist,buff,NULL);
}
for (ip = MON_TCP4; ip != NULL; ip=ip->next)
{
snprintf(buff,CF_BUFSIZE,"tcp4_port_addr[%s]=%s",ip->name,ip->classes);
AppendItem(&classlist,buff,NULL);
}
}
for (ip = MON_UDP6; ip != NULL; ip=ip->next)
{
snprintf(buff,CF_BUFSIZE,"udp6_port_addr[%s]=%s",ip->name,ip->classes);
AppendItem(&classlist,buff,NULL);
}
for (ip = MON_UDP4; ip != NULL; ip=ip->next)
{
snprintf(buff,CF_BUFSIZE,"udp4_port_addr[%s]=%s",ip->name,ip->classes);
AppendItem(&classlist,buff,NULL);
}
PublishEnvironment(classlist);
DeleteItemList(classlist);
}
